unifi1

d57880d6 · root · 5012b96c · d57880d6
Commit d57880d6 authored Jun 01, 2022 by root
Hide whitespace changes
Inline Side-by-side

Showing with 40 additions and 3 deletions

unifi.sh unifi.sh +40 -3

No files found.
--- a/unifi.sh
+++ b/unifi.sh
@@ -24,6 +24,7 @@ function generate_files
 {
 cat > /tmp/inst1.txt <<EOF
 epel-release
+iptables-services
 mongodb-org
 java-1.8.0-openjdk
 unzip
@@ -43,10 +44,12 @@ function settings
  then 
    export NCURSES_NO_UTF8_ACS=1
  fi
-  BACKTITLE="Issabel 4 netinstall"
+  BACKTITLE="Uniao Sul Brasileira - Unifi Install"
  setenforce 0
  sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config
  adduser -r -s /bin/nologin ubnt
+  systemctl stop firewalld
+  systemctl disable firewalld

 }
 function add_repos
@@ -110,10 +113,11 @@ function install_unifi
 {
  dialog --stdout --sleep 2 --backtitle "$BACKTITLE" --infobox \
 "Baixando pacotes Unifi.." \ 5 35
-        wget https://dl.ui.com/unifi/7.1.65/UniFi.unix.zip -P /opt -q
+        mkdir -p /tmp/unifi
+	wget https://dl.ui.com/unifi/7.1.65/UniFi.unix.zip -P /tmp/unifi -q
 dialog --stdout --sleep 2 --backtitle "$BACKTITLE" --infobox \
 "instalando Unifi.." \ 5 35
-        unzip -qq /opt/UniFi.unix.zip -d /opt
+        unzip -qq /tmp/unifi/UniFi.unix.zip -d /opt
        chown -R ubnt:ubnt /opt/UniFi
        rm -rf /opt/UniFi.unix.zip
 }
@@ -144,6 +148,37 @@ WantedBy=multi-user.target
 EOF
 systemctl daemon-reload
 }
+function pos_install
+{
+rm -rf /tmp/unifi
+rm -rf /tmp/inst1.txt	
+}
+function configure_iptables
+{
+dialog --stdout --sleep 2 --backtitle "$BACKTITLE" --infobox \
+"Configurando iptables.." \ 5 35
+        systemctl enable iptables.service --quiet
+        systemctl start iptables.service --quiet
+	### Liberacoes UNIFI UDP
+	iptables -A INPUT -p udp -m state -m udp -s 10.0.0.0/8 --dport 3478 --state NEW -j ACCEPT
+	iptables -A INPUT -p udp -m state -m udp -s 10.0.0.0/8 --dport 5656:5699 --state NEW -j ACCEPT
+	iptables -A INPUT -p udp -m state -m udp -s 10.0.0.0/8 --dport 10001 --state NEW -j ACCEPT
+	iptables -A INPUT -p udp -m state -m udp -s 10.0.0.0/8 --dport 1900 --state NEW -j ACCEPT
+	#### Liberacoes UNIFI TCP
+	iptables -A INPUT -p tcp -m state -m tcp -s 10.0.0.0/8 --dport 4505 --state NEW -j ACCEPT
+	iptables -A INPUT -p tcp -m state -m tcp -s 10.0.0.0/8 --dport 4506 --state NEW -j ACCEPT
+	iptables -A INPUT -p tcp -m state -m tcp -s 10.0.0.0/8 --dport 9090 --state NEW -j ACCEPT
+	iptables -A INPUT -p tcp -m state -m tcp -s 10.0.0.0/8 --dport 6789 --state NEW -j ACCEPT
+	iptables -A INPUT -p tcp -m state -m tcp -s 10.0.0.0/8 --dport 8080 --state NEW -j ACCEPT
+	iptables -A INPUT -p tcp -m state -m tcp -s 10.0.0.0/8 --dport 8081 --state NEW -j ACCEPT
+	iptables -A INPUT -p tcp -m state -m tcp -s 10.0.0.0/8 --dport 8443 --state NEW -j ACCEPT
+	iptables -A INPUT -p tcp -m state -m tcp -s 10.0.0.0/8 --dport 8880 --state NEW -j ACCEPT
+	iptables -A INPUT -p tcp -m state -m tcp -s 10.0.0.0/8 --dport 8843 --state NEW -j ACCEPT
+	iptables -A INPUT -p tcp -m state -m tcp -s 10.0.0.0/8 --dport 9443 --state NEW -j ACCEPT
+	iptables -A INPUT -p tcp -m state -m tcp -s 10.0.0.0/8 --dport 9080 --state NEW -j ACCEPT
+	iptables -A INPUT -p tcp -m state -m tcp -s 10.0.0.0/8 --dport 27117 --state NEW -j ACCEPT
+	iptables-save > /etc/sysconfig/iptables
+}
 function starting_service_unifi
 {
 dialog --stdout --sleep 2 --backtitle "$BACKTITLE" --infobox \
@@ -163,7 +198,9 @@ settings
 generate_files
 add_repos
 install_packages
+configure_iptables
 install_unifi
 creating_service_unifi
 starting_service_unifi
+pos_install
 bye