soleprint init commit

station/tools/hub/iptables.sh

@@ -0,0 +1,71 @@
+#!/bin/bash
+# Manage Core Nest ports using iptables
+# Usage: sudo ./iptables.sh [open|close]
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+PORTS_FILE="$SCRIPT_DIR/ports"
+
+if [ "$EUID" -ne 0 ]; then
+    echo "Error: This script must be run as root (use sudo)"
+    exit 1
+fi
+
+if [ ! -f "$PORTS_FILE" ]; then
+    echo "Error: ports file not found at $PORTS_FILE"
+    exit 1
+fi
+
+ACTION="${1:-}"
+if [ "$ACTION" != "open" ] && [ "$ACTION" != "close" ]; then
+    echo "Usage: sudo $0 [open|close]"
+    exit 1
+fi
+
+if [ "$ACTION" = "open" ]; then
+    echo "=== Opening Core Nest Ports (iptables) ==="
+else
+    echo "=== Closing Core Nest Ports (iptables) ==="
+fi
+echo ""
+
+# Read ports and apply action
+while IFS= read -r line || [ -n "$line" ]; do
+    # Skip comments and empty lines
+    [[ "$line" =~ ^#.*$ ]] && continue
+    [[ -z "$line" ]] && continue
+
+    port=$(echo "$line" | tr -d ' ')
+
+    if [ "$ACTION" = "open" ]; then
+        # Open port
+        if iptables -C INPUT -p tcp --dport "$port" -j ACCEPT 2>/dev/null; then
+            echo "  Port $port: Already open"
+        else
+            echo "  Port $port: Opening..."
+            iptables -I INPUT -p tcp --dport "$port" -j ACCEPT
+            echo "  Port $port: ✓ Opened"
+        fi
+    else
+        # Close port
+        if iptables -C INPUT -p tcp --dport "$port" -j ACCEPT 2>/dev/null; then
+            echo "  Port $port: Closing..."
+            iptables -D INPUT -p tcp --dport "$port" -j ACCEPT
+            echo "  Port $port: ✓ Closed"
+        else
+            echo "  Port $port: Already closed"
+        fi
+    fi
+done < "$PORTS_FILE"
+
+echo ""
+echo "=== Done ==="
+
+if [ "$ACTION" = "open" ]; then
+    echo ""
+    echo "Note: iptables rules are not persistent across reboots."
+    echo "To make persistent, install iptables-persistent:"
+    echo "  apt-get install iptables-persistent"
+    echo "  netfilter-persistent save"
+fi