diff options
Diffstat (limited to 'core')
| -rw-r--r-- | core/scripts/backup-system.sh | 16 | ||||
| -rw-r--r-- | core/scripts/iptables.sh | 13 |
2 files changed, 17 insertions, 12 deletions
diff --git a/core/scripts/backup-system.sh b/core/scripts/backup-system.sh index ba6a961..9e1ed2f 100644 --- a/core/scripts/backup-system.sh +++ b/core/scripts/backup-system.sh @@ -27,16 +27,20 @@ ConfirmOrExit () } mkbk_coll_pkg() { + # backup binary packages per collection col=$1 - # make copy of packages + # make backup collection directory mkdir ${PORT_PKG}/${col} + # for each package listed in col_name.pkg while read line; do + # if binary package don't exist try to build if [ ! -f /usr/ports/packages/${line} ]; then echo "Building package: ${line};\n" name=$(echo ${line} | cut -d "#" -f 1) - #$sudo prt-get update -fr ${name} + $sudo prt-get update -fr ${name} fi + # if binary package exist copy to destination if [ -f /usr/ports/packages/${line} ]; then echo "Backing up package: ${line}" echo ${line} >> ${DEST_DIR}/backup.pkg @@ -49,18 +53,14 @@ mkbk_coll_pkg() { } mkbk_coll_ports() { + # backup collection ports col=$1 - # tar --xattrs -zcpf $PORT_PRT/${col}-`date '+%Y-%j-%H-%M-%S'`.tar.gz \ - # --directory=$ROOT_DIR/usr/ports/${col} \ - # . tar --xattrs -zcpf $PORT_PRT/${col}.tar.gz \ --directory=$ROOT_DIR/usr/ports/${col} \ --exclude=.git/ \ - . } - mkbk_metadata() { # archive pkgutils data @@ -252,7 +252,7 @@ done while true do - echo -n "Backup server data ? Please confirm (y or n) :" + echo -n "Backup web services data (/srv) ? Please confirm (y or n) :" read CONFIRM case $CONFIRM in n|N|no|NO|No) break ;; diff --git a/core/scripts/iptables.sh b/core/scripts/iptables.sh index db1078d..0516d94 100644 --- a/core/scripts/iptables.sh +++ b/core/scripts/iptables.sh @@ -271,9 +271,11 @@ case $TYPE in $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap3 --physdev-out tap2 -s ${BR_NET} -d ${BR_NET} -j ACCEPT $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out tap3 -s ${BR_NET} -d ${BR_NET} -j ACCEPT - # Tap1 can access external http + # Tap1 and Tap3 can access external http $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap1 -j cli_http_in $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap1 --physdev-out ${PUB_IF} -j cli_http_out + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap3 -j cli_http_in + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap3 --physdev-out ${PUB_IF} -j cli_http_out ####### Forward TAP2 ssh, http and https ###### $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_ssh_in @@ -290,12 +292,15 @@ case $TYPE in # $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j srv_dhcp # $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_dhcp - # Tap1 and Tap2 can access external https + # Tap1, Tap2 and Tap3 can access external https + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap1 --physdev-out ${PUB_IF} -j cli_https_out + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap1 -j cli_https_in + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j cli_https_out $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j cli_https_in - $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap1 --physdev-out ${PUB_IF} -j cli_https_out - $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap1 -j cli_https_in + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap3 --physdev-out ${PUB_IF} -j cli_https_out + $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap3 -j cli_https_in #Less noise $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -p udp --dport 519 --sport 520 -j DROP |