From d27cb57d0c5fd70e80e88520c96df266523c2d2e Mon Sep 17 00:00:00 2001 From: ChiefGyk Date: Tue, 28 Jun 2016 16:19:59 -0400 Subject: [PATCH] moved blocklist installation to its own script, and moved it to the end of the installation, even after the first user so it can setup all the iptables after everything has been setup --- setup/blocklist.sh | 12 ++++++++++++ setup/start.sh | 3 +++ setup/system.sh | 12 ------------ 3 files changed, 15 insertions(+), 12 deletions(-) create mode 100644 setup/blocklist.sh diff --git a/setup/blocklist.sh b/setup/blocklist.sh new file mode 100644 index 00000000..8923e23f --- /dev/null +++ b/setup/blocklist.sh @@ -0,0 +1,12 @@ +#!/bin/bash +# Add Blocklist.de malicious IP Addresses to Daily Crontab +# Also IPtables-persistent to save IP addresses upon reboot +# Added by Alon "ChiefGyk" Ganon +cp conf/blocklist/sync-fail2ban /etc/cron.daily/sync-fail2ban +chmod a+x /etc/cron.daily/sync-fail2ban +time /etc/cron.daily/sync-fail2ban +echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections +echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections +apt_install iptables-persistent +iptables-save > /etc/iptables/rules.v4 +ip6tables-save > /etc/iptables/rules.v6 \ No newline at end of file diff --git a/setup/start.sh b/setup/start.sh index 9d19a411..f4af0d07 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -127,6 +127,9 @@ management/ssl_certificates.py -q # If there aren't any mail users yet, create one. source setup/firstuser.sh +#Setup Blocklist +source setup/blocklist.sh + # Done. echo echo "-----------------------------------------------" diff --git a/setup/system.sh b/setup/system.sh index a9968b92..cc152524 100755 --- a/setup/system.sh +++ b/setup/system.sh @@ -298,15 +298,3 @@ cat conf/fail2ban/jail.local \ cp conf/fail2ban/dovecotimap.conf /etc/fail2ban/filter.d/dovecotimap.conf restart_service fail2ban - -# Add Blocklist.de malicious IP Addresses to Daily Crontab -# Also IPtables-persistent to save IP addresses upon reboot -# Added by Alon "ChiefGyk" Ganon -cp conf/blocklist/sync-fail2ban /etc/cron.daily/sync-fail2ban -chmod a+x /etc/cron.daily/sync-fail2ban -time /etc/cron.daily/sync-fail2ban -echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections -echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections -apt_install iptables-persistent -iptables-save > /etc/iptables/rules.v4 -ip6tables-save > /etc/iptables/rules.v6