diff options
| author | Simon Rettberg | 2021-02-11 17:37:14 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2021-02-11 17:37:14 +0100 |
| commit | 808d09a3e3885c878a09189eda182c8d778c49df (patch) | |
| tree | 2faf8cc082cccaa4e9a2cf77d56d87455bc225d9 /core/modules/remote-access | |
| parent | [kiosk-common/kiosk-chromium] Add system certs to cert store (diff) | |
| download | mltk-808d09a3e3885c878a09189eda182c8d778c49df.tar.gz mltk-808d09a3e3885c878a09189eda182c8d778c49df.tar.xz mltk-808d09a3e3885c878a09189eda182c8d778c49df.zip | |
[remote-access] Higher prio for firewall rules
Previously, lecture specific firewall rules could override those for
remote access, blocking the VNC port and rendering the machine
unusable.
Diffstat (limited to 'core/modules/remote-access')
| -rwxr-xr-x | core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver b/core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver index 0fd80cab..4e58cc3b 100755 --- a/core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver +++ b/core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver @@ -11,8 +11,12 @@ if ! [ -e "$rule" ]; then ( echo "#!/bin/sh" - echo "iptables -A INPUT \! -s "'"'"$srchost"'"'" -p tcp --dport 5900 -j DROP" - echo "iptables -A INPUT \! -s "'"'"$srchost"'"'" -p tcp --dport 5901 -j DROP" + echo "iptables -A INPUT -s "'"'"$srchost"'"'" -p tcp --dport 5900 -j ACCEPT" + echo "iptables -A INPUT -s "'"'"$srchost"'"'" -p tcp --dport 5901 -j ACCEPT" + echo "iptables -A INPUT -s "'"'"$srchost"'"'" -p tcp --dport 7551 -j ACCEPT" + echo "iptables -A INPUT -p tcp --dport 5900 -j DROP" + echo "iptables -A INPUT -p tcp --dport 5901 -j DROP" + echo "iptables -A INPUT -p tcp --dport 7551 -j DROP" ) > "$rule" chmod +x "$rule" fi |