From 0c6e247773cdc85ce1385ed6ec274aa3fb505d18 Mon Sep 17 00:00:00 2001
From: anmol <github@datamol.org>
Date: Mon, 19 Nov 2018 15:19:49 +0530
Subject: [PATCH] Security:Do not open port for the app

---
 scripts/install |  3 ---
 scripts/restore |  3 ---
 scripts/upgrade | 11 +++++++++--
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/scripts/install b/scripts/install
index ae188e3..dac27a5 100644
--- a/scripts/install
+++ b/scripts/install
@@ -69,9 +69,6 @@ ynh_app_setting_set "$app" is_public   "$is_public"
 
 # Find a free port
 port=$(ynh_find_port 9000)
-
-# Open this port
-yunohost firewall allow Both "$port" 2>&1
 ynh_app_setting_set "$app" port "$port"
 
 #=================================================
diff --git a/scripts/restore b/scripts/restore
index a3ea65c..8c0141b 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -62,9 +62,6 @@ ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
 
 ynh_restore_file "$final_path"
 
-# Open this port
-yunohost firewall allow Both "$port" 2>&1
-
 #=================================================
 # RECREATE THE DEDICATED USER
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 1ff822b..6f1e313 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -77,8 +77,15 @@ datadir="/home/yunohost.app/${app}/storage"
 # Create app folders
 mkdir -p "$datadir"
 
-# Open this port
-yunohost firewall allow Both "$port" 2>&1
+#=================================================
+# CLOSE A PORT
+#=================================================
+
+if yunohost firewall list | grep -q "\- $port$"
+then
+	echo "Close port $port"
+	yunohost firewall disallow Both "$port" 2>&1
+fi
 
 #=================================================
 # CREATE DEDICATED USER