From 6c88be17f2cef9e3f74ec0d29b0154f417ee1e37 Mon Sep 17 00:00:00 2001
From: "Alex A. Naanou" <alex.nanou@gmail.com>
Date: Mon, 15 Jan 2024 16:46:32 +0300
Subject: [PATCH] added firewall settings...

Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>
---
 syncthing/fw/ID.fw | 10 ++++++++++
 syncthing/make.sh  |  3 +++
 2 files changed, 13 insertions(+)
 create mode 100644 syncthing/fw/ID.fw

diff --git a/syncthing/fw/ID.fw b/syncthing/fw/ID.fw
new file mode 100644
index 0000000..600fa3a
--- /dev/null
+++ b/syncthing/fw/ID.fw
@@ -0,0 +1,10 @@
+[OPTIONS]
+
+enable: 1
+
+[RULES]
+
+IN ACCEPT -i net1 -log nolog
+IN HTTPS(DROP) -i net0 -log nolog
+IN HTTP(DROP) -i net0 -log nolog
+
diff --git a/syncthing/make.sh b/syncthing/make.sh
index 2fe8b54..bced7d1 100755
--- a/syncthing/make.sh
+++ b/syncthing/make.sh
@@ -77,6 +77,9 @@ sleep ${TIMEOUT:=5}
 		-e 's/127\.0\.0\.1:8384/0.0.0.0:8384/g' \
 		-i /var/lib/syncthing/.config/syncthing/config.xml
 
+echo "# Setup: firewall..."
+@ cp fw/ID.fw /etc/firewall/$ID.fw
+
 echo "# Post config..."
 pctSet $ID "${OPTS_STAGE_2}" $REBOOT