mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00

Files

Jamil 91db00f3d7 fix(gateway): Apply more specific firewall rules on start (#8483 )

On some Linux distributions (Amazon Linux 2023), the default `iptables`
install includes a blanket deny rule in the `FORWARD` chain that
prevents packets from the tunnel interface from ever leaving the host.
To fix this, we ensure our `FORWARD` chain rules are inserted with
priority 1 which takes precedence over the blanket-deny rule.

We also update our MASQUERADE in the NAT table to apply only to the CIDR
range possible for Gateway tunnel IPs, as opposed to the default
`0.0.0.0/0`.

Fixes #8481

2025-03-19 05:32:50 +00:00

build

ci: Don't specify Xcode version (#8293 )

2025-02-28 07:41:56 +00:00

nix

build(nix): manage Rust installation via rustup (#8235 )

2025-02-24 01:33:13 +00:00

tests

ci: Use search_domain for one resource in CI test (#8393 )

2025-03-15 13:27:22 +00:00

upload

ci: Add fixes for upload script (#7588 )

2024-12-29 19:08:08 +00:00

bump-versions.sh

chore: Cut all clients to ship search domains (#8442 )

2025-03-17 17:25:11 +00:00

firezone-client-gui-install.sh

docs: Update 'user guides' -> 'client apps' (#5940 )

2024-07-23 14:04:07 +00:00

gateway-docker-upgrade.sh

fix(gateway): Prefer setting FIREZONE_ID over /var/lib/firezone (#8475 )

2025-03-18 04:08:21 +00:00

gateway-systemd-install.sh

fix(gateway): Apply more specific firewall rules on start (#8483 )

2025-03-19 05:32:50 +00:00

README.md

chore(gui-client/linux): add install script and change group to firezone-client (#4879 )

2024-05-02 17:51:28 +00:00

README.md

Firezone shell scripts

This directory contains various shell scripts used for development, testing, and deployment of the Firezone product.

Developer Setup

We lint shell scripts in CI. To get your PR to pass, you'll want to ensure your local development environment is set up to lint shell scripts:

Install shfmt:
- brew install shfmt on macOS
- Install shfmt from https://github.com/mvdan/sh/releases for other platforms
Install shellcheck:
- brew install shellcheck on macOS
- sudo apt-get install shellcheck on Ubuntu

Then just lint and format your shell scripts before you commit:

shfmt -i 4 **/*.sh
shellcheck --severity=warning **/*.sh

You can achieve this more easily by using pre-commit. See CONTRIBUTING.

Editor setup

Vim (here's an example using ALE)
VSCode

Scripting tips

Use #!/usr/bin/env bash along with set -euox pipefail in general for dev and test scripts.
In Docker images and other minimal envs, stick to #!/bin/sh and simply set -eu.