diff --git a/scripts/dns.sh b/scripts/dns.sh index 4ac7790..bad1708 100644 --- a/scripts/dns.sh +++ b/scripts/dns.sh @@ -43,5 +43,5 @@ chown -R $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/dns # Permit DNS queries on TCP/UDP in the firewall. -ufw allow domain +ufw_allow domain diff --git a/scripts/functions.sh b/scripts/functions.sh index 2cf8e15..f1bcaf2 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -19,3 +19,8 @@ function apt_install { DEBIAN_FRONTEND=noninteractive apt-get -qq -y install $PACKAGES > /dev/null; } +function ufw_allow { + # ufw has completely unhelpful output + ufw allow $1 > /dev/null; +} + diff --git a/scripts/mail.sh b/scripts/mail.sh index e43fc9d..7dd48d0 100755 --- a/scripts/mail.sh +++ b/scripts/mail.sh @@ -234,7 +234,7 @@ service postfix restart service dovecot restart # Allow mail-related ports in the firewall. -ufw allow smtp -ufw allow submission -ufw allow imaps +ufw_allow smtp +ufw_allow submission +ufw_allow imaps diff --git a/scripts/system.sh b/scripts/system.sh index 293549b..a31be43 100755 --- a/scripts/system.sh +++ b/scripts/system.sh @@ -35,6 +35,6 @@ apt_install ntp fail2ban # Turn on the firewall. First allow incoming SSH, then turn on the firewall. # Other ports will be opened at the point where we set up those services. apt_install ufw -ufw allow ssh; +ufw_allow ssh; ufw --force enable; diff --git a/scripts/web.sh b/scripts/web.sh index 9277e9f..cc0c1b4 100755 --- a/scripts/web.sh +++ b/scripts/web.sh @@ -39,6 +39,6 @@ service nginx restart service php-fastcgi restart # Open ports. -ufw allow http -ufw allow https +ufw_allow http +ufw_allow https