tools/devshell/setup-ufw - fuchsia - Git at Google

 #!/usr/bin/env bash
 # Copyright 2019 The Fuchsia Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 #### CATEGORY=Other
 ### setup Linux firewall rules to allow Fuchsia device and emulator traffic.
 ## Setup Linux uncomplicated firewall (ufw) to allow Fuchsia device and emulator traffic.
 ##
 ## This command detects whether an active Linux firewall service is setup,
 ## and if so, will add special rules to allow Fuchsia-specific traffic to
 ## go through the link-local IPv6 network interfaces used by Fuchsia devices
 ## and emulators.
 ##
 ## NOTE: This script uses sudo and will thus ask for your password!
 ##
 ##   -n|--dry-run         Just print all steps, don't do any configuration

 source "$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"/lib/vars.sh || exit $?

 if [[ "$(uname -s)" != "Linux" ]]; then
   fx-error "This script can only be used on Linux at the moment!"
   exit 1
 fi

 dryrun=false
 while [[ $# > 0 ]]; do
   case "$1" in
   -n|--dry-run)
     dryrun=true
     ;;
   -h|--help|*)
     fx-command-help
     exit 1
     ;;
   esac
   shift
 done

 dryer() {
   if ! "$dryrun"; then
     "${@}"
     return $?
   fi
   echo >&2 "+ $@"
   return 0
 }

 if ! $(which ufw >/dev/null 2>&1); then
   fx-error "UFW is not available on this system. This script cannot continue!"
   exit 1
 fi

 # NOTE: Configuration will work whether the firewall is running or not.
 dryer sudo ufw allow proto udp from fe80::/10 to any port 33331:33340 comment 'Fuchsia Netboot Protocol'
 dryer sudo ufw allow proto tcp from fe80::/10 to any port 8083 comment 'Fuchsia Package Server'
 dryer sudo ufw allow proto udp from fe80::/10 port 33340 comment 'Fuchsia Netboot TFTP Source Port'
 dryer sudo ufw allow proto udp from fe80::/10 port 5353 comment 'Fuchsia MDNS'
 dryer sudo ufw allow proto udp from fc00::/7 to any port 33331:33340 comment 'Fuchsia Netboot Protocol'
 dryer sudo ufw allow proto tcp from fc00::/7 to any port 8083 comment 'Fuchsia Package Server'
 dryer sudo ufw allow proto udp from fc00::/7 port 33340 comment 'Fuchsia Netboot TFTP Source Port'
 dryer sudo ufw allow proto udp from fc00::/7 port 5353 comment 'Fuchsia MDNS'
 echo "Done!"
	#!/usr/bin/env bash
	# Copyright 2019 The Fuchsia Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	#### CATEGORY=Other
	### setup Linux firewall rules to allow Fuchsia device and emulator traffic.
	## Setup Linux uncomplicated firewall (ufw) to allow Fuchsia device and emulator traffic.
	##
	## This command detects whether an active Linux firewall service is setup,
	## and if so, will add special rules to allow Fuchsia-specific traffic to
	## go through the link-local IPv6 network interfaces used by Fuchsia devices
	## and emulators.
	##
	## NOTE: This script uses sudo and will thus ask for your password!
	##
	## -n\|--dry-run Just print all steps, don't do any configuration

	source "$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"/lib/vars.sh \|\| exit $?

	if [[ "$(uname -s)" != "Linux" ]]; then
	fx-error "This script can only be used on Linux at the moment!"
	exit 1
	fi

	dryrun=false
	while [[ $# > 0 ]]; do
	case "$1" in
	-n\|--dry-run)
	dryrun=true
	;;
	-h\|--help\|*)
	fx-command-help
	exit 1
	;;
	esac
	shift
	done

	dryer() {
	if ! "$dryrun"; then
	"${@}"
	return $?
	fi
	echo >&2 "+ $@"
	return 0
	}

	if ! $(which ufw >/dev/null 2>&1); then
	fx-error "UFW is not available on this system. This script cannot continue!"
	exit 1
	fi

	# NOTE: Configuration will work whether the firewall is running or not.
	dryer sudo ufw allow proto udp from fe80::/10 to any port 33331:33340 comment 'Fuchsia Netboot Protocol'
	dryer sudo ufw allow proto tcp from fe80::/10 to any port 8083 comment 'Fuchsia Package Server'
	dryer sudo ufw allow proto udp from fe80::/10 port 33340 comment 'Fuchsia Netboot TFTP Source Port'
	dryer sudo ufw allow proto udp from fe80::/10 port 5353 comment 'Fuchsia MDNS'
	dryer sudo ufw allow proto udp from fc00::/7 to any port 33331:33340 comment 'Fuchsia Netboot Protocol'
	dryer sudo ufw allow proto tcp from fc00::/7 to any port 8083 comment 'Fuchsia Package Server'
	dryer sudo ufw allow proto udp from fc00::/7 port 33340 comment 'Fuchsia Netboot TFTP Source Port'
	dryer sudo ufw allow proto udp from fc00::/7 port 5353 comment 'Fuchsia MDNS'
	echo "Done!"