From dd91553689b4a02d090800ef6bdbb658181f641f Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Sat, 20 Sep 2014 08:25:54 -0400
Subject: [PATCH] open the firewall to an alternative SSH port if set

https://discourse.mailinabox.email/t/opening-up-a-custom-port-for-ssh-after-install/55/2
---
 setup/system.sh | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/setup/system.sh b/setup/system.sh
index 09405a1e..dd25ab42 100755
--- a/setup/system.sh
+++ b/setup/system.sh
@@ -35,8 +35,22 @@ if [ -z "$DISABLE_FIREWALL" ]; then
 	# Various virtualized environments like Docker and some VPSs don't provide
 	# a kernel that supports iptables. To avoid error-like output in these cases,
 	# let us disable the firewall.
+
 	apt_install ufw
+
 	ufw_allow ssh;
+
+	# ssh might be running on an alternate port. Use sshd -T to dump sshd's
+	# settings, find the port it is supposedly running on, and open that port
+	# too.
+	SSH_PORT=$(sshd -T 2>/dev/null | grep "^port " | sed "s/port //")
+	if [ ! -z "$SSH_PORT" ]; then
+		if [ "$SSH_PORT" != "22" ]; then
+			echo Opening alternate SSH port $SSH_PORT.
+			ufw_allow $SSH_PORT;
+		fi
+	fi
+
 	ufw --force enable;
 fi