added firewall config

build.sdcard/raspbianStretchDesktop.sh

@@ -91,22 +91,30 @@ echo "*** HARDENING ***"
 
 # firewall - just install (not configure)
 sudo apt-get install -y ufw
+echo "deny incoming connection on other ports"
+sudo ufw default deny incoming
+echo "allow outgoing connections"
+sudo ufw default allow outgoing
 echo "allow: ssh"
-ufw allow ssh
+sudo ufw allow ssh
 echo "allow: bitcoin testnet"
-ufw allow 18333
+sudo ufw allow 18333 comment 'bitcoin testnet'
 echo "allow: bitcoin mainnet"
-ufw allow 8333
+sudo ufw allow 8333 comment 'bitcoin mainnet'
+echo "allow: litecoin mainnet"
+sudo ufw allow 9333 comment 'litecoin mainnet'
 echo 'allow: lightning testnet'
-ufw allow 19735
+sudo ufw allow 19735 comment 'lightning testnet'
 echo "allow: lightning mainnet"
-ufw allow 9735
-echo "deny incoming connection on other ports"
-ufw default deny incoming
-echo "allow outgoing connections"
-ufw default allow outgoing
+sudo ufw allow 9735 comment 'lightning mainnet'
+echo "allow: lightning gRPC"
+sudo ufw allow 10009 comment 'lightning gRPC'
+echo "allow: trasmission"
+sudo ufw allow 51413 comment 'transmission'
+echo "allow: local web admin"
+sudo ufw allow from 192.168.0.0/24 to any port 80 comment 'allow local LAN web'
 echo "enable lazy firewall"
-ufw enable
+sudo ufw enable
 
 # fail2ban (no config required)
 sudo apt-get install -y fail2ban

home.admin/97-addShango.sh → home.admin/97addMobileWallet.sh

@@ -3,13 +3,8 @@
 # location of lnd.conf
 lnd_config=/home/bitcoin/.lnd/lnd.conf
 
-# we assume usage in LAN -> shango in safe mode
-
-# append config
-echo "rpclisten=0.0.0.0:10009" | sudo tee -a ${lnd_config}
-
 # allow in firewall
-sudo ufw allow from 192.168.0.0/24 to any port 10009 comment 'allow LND grpc from local LAN'
+sudo ufw allow from 0.0.0.0/24 to any port 10009 comment 'allow LND grpc'
 
 # delete certificates as they need to be recreated with correct settings
 sudo rm /home/bitcoin/.lnd/tls.*