soleprint init commit

station/tools/hub/firewalld.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+# Manage Core Nest ports using firewalld
+# Usage: sudo ./firewalld.sh [open|close]
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+PORTS_FILE="$SCRIPT_DIR/ports"
+
+if [ "$EUID" -ne 0 ]; then
+    echo "Error: This script must be run as root (use sudo)"
+    exit 1
+fi
+
+if ! command -v firewall-cmd &> /dev/null; then
+    echo "Error: firewalld is not installed"
+    exit 1
+fi
+
+if [ ! -f "$PORTS_FILE" ]; then
+    echo "Error: ports file not found at $PORTS_FILE"
+    exit 1
+fi
+
+ACTION="${1:-}"
+if [ "$ACTION" != "open" ] && [ "$ACTION" != "close" ]; then
+    echo "Usage: sudo $0 [open|close]"
+    exit 1
+fi
+
+if [ "$ACTION" = "open" ]; then
+    echo "=== Opening Core Nest Ports (firewalld) ==="
+else
+    echo "=== Closing Core Nest Ports (firewalld) ==="
+fi
+echo ""
+
+# Read ports and apply action
+while IFS= read -r line || [ -n "$line" ]; do
+    # Skip comments and empty lines
+    [[ "$line" =~ ^#.*$ ]] && continue
+    [[ -z "$line" ]] && continue
+
+    port=$(echo "$line" | tr -d ' ')
+
+    if [ "$ACTION" = "open" ]; then
+        echo "  Port $port: Opening..."
+        firewall-cmd --permanent --add-port="${port}/tcp"
+        echo "  Port $port: ✓ Opened"
+    else
+        echo "  Port $port: Closing..."
+        firewall-cmd --permanent --remove-port="${port}/tcp" 2>/dev/null || echo "  Port $port: Not found (already closed)"
+        echo "  Port $port: ✓ Closed"
+    fi
+done < "$PORTS_FILE"
+
+# Reload firewall to apply changes
+echo ""
+echo "Reloading firewall..."
+firewall-cmd --reload
+
+echo ""
+echo "=== Done ==="