changed firewall script and config.yaml, modified README

2023-10-23 21:09:38 -03:00 · 2023-10-23 21:09:38 -03:00 · b7bf7b8eb3
parent 0df368d337
commit b7bf7b8eb3
4 changed files with 21 additions and 12 deletions
--- a/README.md
+++ b/README.md
@ -1,8 +1,10 @@
 My customization recipe for SystemRescue:
 ===================================================
 ## Dependencies
-squashfs-tools, xorriso (provided by dev-libs/libisoburn package in gentoo GNU/Linux - WARNING: requires zstd USE flag enabled) and
-[sysrescue-customize.sh](https://gitlab.com/systemrescue/systemrescue-sources/-/raw/main/airootfs/usr/share/sysrescue/bin/sysrescue-customize?inline=false)
+squashfs-tools, xorriso (provided by dev-libs/libisoburn package in gentoo GNU/
+Linux - WARNING: requires zstd USE flag enabled) and
+[sysrescue-customize.sh](https://gitlab.com/systemrescue/systemrescue-sources/-
+/raw/main/airootfs/usr/share/sysrescue/bin/sysrescue-customize?inline=false)
 are required to apply these customizations

 ## Description
@ -16,8 +18,8 @@ This recipe adds the following to the custom ISO:
 - It adds a settings yaml file which overrides the default settings so the
  custom SystemRescue starts with my own preferences, such as a spanish
  keyboard, it copies the system into RAM (so the boot device can be removed), 
-  it adds a persistent storage volume (see: [persistent-storage](persistent-storage.md)
-  for further instructions) and it automatically starts the graphical environment.
+  and it adds a persistent storage volume (see: [persistent-storage](persistent
+  -storage.md) for further instructions).

 Please note the ".squashfs-pseudo" file is important to enforce correct
 permissions and ownership on the /root directory and its contents. You should
--- a/iso_add/autorun/open-ssh-port.sh
+++ b/iso_add/autorun/open-ssh-port.sh
@ -1,4 +0,0 @@
-#!/bin/bash
-# Allow incoming and outgoing ssh
-iptables -A INPUT -p tcp --dport 22 -j ACCEPT
-iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
--- a/iso_add/autorun/set-firewall-rules.sh
+++ b/iso_add/autorun/set-firewall-rules.sh
@ -0,0 +1,12 @@
+#!/bin/bash
+# Allow incoming and outgoing ssh, dns and dhcp
+iptables -I INPUT -p tcp --dport 22 -j ACCEPT
+iptables -I OUTPUT -p tcp --dport 22 -j ACCEPT
+iptables -I INPUT -p tcp --dport 22 -j ACCEPT
+iptables -I INPUT -p udp --dport 53 -j ACCEPT
+iptables -I INPUT -p tcp --dport 53 -j ACCEPT
+iptables -I INPUT -p udp --dport 68 -j ACCEPT
+iptables -I OUTPUT -p tcp --dport 22 -j ACCEPT
+iptables -I OUTPUT -p udp --dport 53 -j ACCEPT
+iptables -I OUTPUT -p tcp --dport 53 -j ACCEPT
+iptables -I OUTPUT -p udp --dport 67 -j ACCEPT
--- a/iso_add/sysrescue.d/500-settings.yaml
+++ b/iso_add/sysrescue.d/500-settings.yaml
@ -2,7 +2,7 @@ global:
    copytoram: true
    checksum: false
    loadsrm: true
-    dostartx: true
+    dostartx: false
    nofirewall: false
    setkmap: es
    cow_label: "PERSISTENCE"
@ -10,10 +10,9 @@ global:
 autorun:
    ar_nowait: true
    exec:
-        open-ssh-port.sh:
-            path: "/run/archiso/bootmnt/autorun/open-ssh-port.sh"
+        set-firewall-rules:
+            path: "/run/archiso/bootmnt/autorun/set-firewall-rules.sh"

 sysconfig:
    bash_history:
        100: ""
-    timezone: "America/Argentina/Buenos_Aires"