wildduck: add pf rules

msimerson · Mar 22, 2024 · 3101b7a · 3101b7a
1 parent 19ccde0
commit 3101b7a
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 2 deletions.
diff --git a/mail-toaster.sh b/mail-toaster.sh
@@ -169,7 +169,7 @@ export FBSD_MIRROR=${FBSD_MIRROR:="ftp://ftp.freebsd.org"}
 
 export TOASTER_BASE_MTA=${TOASTER_BASE_MTA:=""}
 export TOASTER_BASE_PKGS=${TOASTER_BASE_PKGS:="pkg ca_root_nss"}
-export TOASTER_EDITOR=${TOASTER_EDITOR:="vi"}
+export TOASTER_EDITOR=${TOASTER_EDITOR:="vim-tiny"}
 # See https://github.com/msimerson/Mail-Toaster-6/wiki/MySQL
 export TOASTER_MYSQL=${TOASTER_MYSQL:="1"}
 export TOASTER_MARIADB=${TOASTER_MARIADB:="0"}
@@ -826,7 +826,7 @@ stage_clear_caches()
 	for _c in "$STAGE_MNT/var/cache/pkg" "$STAGE_MNT/var/db/freebsd-update"
 	do
 		echo "clearing cache ($_c)"
-		rm -rf ${_c}/*
+		rm -rf "${_c:?}"/*
 	done
 }
 

diff --git a/provision/wildduck.sh b/provision/wildduck.sh
@@ -50,6 +50,22 @@ install_wildduck()
 	install_webmail
 }
 
+configure_pf()
+{
+	_pf_etc="$ZFS_DATA_MNT/wildduck/etc/pf.conf.d"
+
+	store_config "$_pf_etc/rdr.conf" <<EO_PF_RDR
+rdr proto tcp from any to <ext_ip4> port 993 -> $(get_jail_ip  wildduck) port 9993
+rdr proto tcp from any to <ext_ip4> port 995 -> $(get_jail_ip  wildduck) port 9995
+EO_PF_RDR
+
+	store_config "$_pf_etc/allow.conf" <<EO_PF_ALLOW
+mua_ports = "{ 993 995 9993 9995 }"
+table <mua_servers> persist { $(get_jail_ip wildduck), $(get_jail_ip6 wildduck) }
+pass in quick proto tcp from any to <mua_servers> port \$mua_ports
+EO_PF_ALLOW
+}
+
 configure_wildduck()
 {
 	_db_cfg="$STAGE_MNT/data/wildduck/config/dbs.toml"
@@ -64,6 +80,8 @@ configure_wildduck()
 
 	stage_exec npm install -g pm2
 	stage_exec pm2 startup
+
+	configure_pf
 }
 
 start_wildduck()