| #!/usr/bin/env bash |
| # Copyright 2019 The Fuchsia Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| #### CATEGORY=Other |
| ### setup Linux firewall rules to allow Fuchsia device and emulator traffic. |
| ## Setup Linux uncomplicated firewall (ufw) to allow Fuchsia device and emulator traffic. |
| ## |
| ## This command detects whether an active Linux firewall service is setup, |
| ## and if so, will add special rules to allow Fuchsia-specific traffic to |
| ## go through the link-local IPv6 network interfaces used by Fuchsia devices |
| ## and emulators. |
| ## |
| ## NOTE: This script uses sudo and will thus ask for your password! |
| ## |
| ## -n|--dry-run Just print all steps, don't do any configuration |
| |
| source "$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"/lib/vars.sh || exit $? |
| |
| if [[ "$(uname -s)" != "Linux" ]]; then |
| fx-error "This script can only be used on Linux at the moment!" |
| exit 1 |
| fi |
| |
| dryrun=false |
| while [[ $# > 0 ]]; do |
| case "$1" in |
| -n|--dry-run) |
| dryrun=true |
| ;; |
| -h|--help|*) |
| fx-command-help |
| exit 1 |
| ;; |
| esac |
| shift |
| done |
| |
| dryer() { |
| if ! "$dryrun"; then |
| "${@}" |
| return $? |
| fi |
| echo >&2 "+ $@" |
| return 0 |
| } |
| |
| if ! $(which ufw >/dev/null 2>&1); then |
| fx-error "UFW is not available on this system. This script cannot continue!" |
| exit 1 |
| fi |
| |
| # NOTE: Configuration will work whether the firewall is running or not. |
| dryer sudo ufw allow proto udp from fe80::/10 to any port 33331:33340 comment 'Fuchsia Netboot Protocol' |
| dryer sudo ufw allow proto tcp from fe80::/10 to any port 8083 comment 'Fuchsia Package Server' |
| dryer sudo ufw allow proto udp from fe80::/10 port 33340 comment 'Fuchsia Netboot TFTP Source Port' |
| dryer sudo ufw allow proto udp from fe80::/10 port 5353 comment 'Fuchsia MDNS' |
| dryer sudo ufw allow proto udp from fc00::/7 to any port 33331:33340 comment 'Fuchsia Netboot Protocol' |
| dryer sudo ufw allow proto tcp from fc00::/7 to any port 8083 comment 'Fuchsia Package Server' |
| dryer sudo ufw allow proto udp from fc00::/7 port 33340 comment 'Fuchsia Netboot TFTP Source Port' |
| dryer sudo ufw allow proto udp from fc00::/7 port 5353 comment 'Fuchsia MDNS' |
| echo "Done!" |