diff options
| author | Craig Jennings <craigmartinjennings@gmail.com> | 2023-10-24 12:24:18 -0500 |
|---|---|---|
| committer | Craig Jennings <craigmartinjennings@gmail.com> | 2023-10-24 12:24:18 -0500 |
| commit | 4f3f411f7ab89978800f6b53f88baf547b2d1d57 (patch) | |
| tree | 4ea1833cb12b9ccebf4f1426cca6eacbb76b0ea6 /archsetup | |
| parent | 4573a9197db85f5b8288b627eaced229adb06843 (diff) | |
making firewall rules and their reasoning more clear
Diffstat (limited to 'archsetup')
| -rwxr-xr-x | archsetup | 20 |
1 files changed, 13 insertions, 7 deletions
@@ -382,9 +382,15 @@ essential_services() { action="configuring ufw to deny by default" && display "task" "$action" ufw default deny incoming >> "$logfile" 2>&1 || error "error" "$action" - for protocol in \ - "80/tcp" "443/tcp" "9040,9050,9051,9053,9119/tcp" "IMAP" "IMAPS" "55353/udp" \ - "ssh" "22000/tcp" "22000/udp" "21027/udp" "transmission" "8080/tcp"; do + for protocol in \ + "80,443,8080/tcp" \ # http and https traffic + "9040,9050,9051,9053,9119/tcp" \ # tor network + "IMAP" "IMAPS" \ # IMAP email + "55353/udp" \ # DNS + "ssh" \ # secure shell protocol + "22000/tcp" "22000/udp" "21027/udp" \ # syncthing + "transmission" \ # bit-torrent protocol + ; do action="adding ufw rule to allow $protocol" && display "task" "$action" (ufw allow $protocol >> "$logfile" 2>&1) || error "error" "$action" "$?" done @@ -577,7 +583,7 @@ desktop_environment() { done; for software in vimix-icon-theme vimix-cursors vimix-gtk-themes \ - qt5ct adwaita-color-schemes; do + qt5ct adwaita-color-schemes; do aur_install $software done; @@ -795,15 +801,15 @@ silent_boot() { action="instructing systemd to check filesystems" && display "task" "$action" servicefile=/usr/lib/systemd/system/systemd-fsck-root.service [ -f $servicefile ] && echo "StandardOutput=null" >>$servicefile && \ - echo "StandardError=journal+console" >>$servicefile + echo "StandardError=journal+console" >>$servicefile servicefile=/usr/lib/systemd/system/systemd-fsck@.service [ -f $servicefile ] && echo "StandardOutput=null" >>$servicefile && \ - echo "StandardError=journal+console" >>$servicefile + echo "StandardError=journal+console" >>$servicefile action="removing hostname from login prompt" && display "task" "$action" sed -i "s/--noclear/--nohostname --noclear/g" /usr/lib/systemd/system/getty@.service \ - || error "error" "$action" "$?" + || error "error" "$action" "$?" action="silencing the unneeded and chatty watchdog module" && display "task" "$action" echo "blacklist iTCO_wdt" >/etc/modprobe.d/nowatchdog.conf || error "error" "$action" "$?" |