From c7ae61f63cfa8955a56db09429ee6d1bbd1ec418 Mon Sep 17 00:00:00 2001
From: paigeman <53284808+paigeman@users.noreply.github.com>
Date: Wed, 22 Jan 2025 17:10:10 +0800
Subject: [PATCH 1/4] Create deploy-firewall.yml

---
 .github/workflows/deploy-firewall.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 .github/workflows/deploy-firewall.yml

diff --git a/.github/workflows/deploy-firewall.yml b/.github/workflows/deploy-firewall.yml
new file mode 100644
index 0000000..05a95ac
--- /dev/null
+++ b/.github/workflows/deploy-firewall.yml
@@ -0,0 +1,21 @@
+name: deploy firewall
+on: [push]
+jobs:
+  deploy-firewall:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: appleboy/ssh-action@v0.1.9
+        with:
+          host: ${{ secrets.HOST }}
+          username: ${{ secrets.USERNAME }}
+          password: ${{ secrets.PASSWORD }}
+          port: ${{ secrets.PORT }}
+          script_stop: true
+          script: |
+            cd ~/repo
+            if [ -d "scripts"]; then git pull; else git clone https://github.com/paigeman/scripts.git; fi
+            cd scripts
+            cp server.nft /etc/nft-conf/
+            nft -f /etc/nftables.conf
+            service docker restart
+      

From de6142b9516b8a0da632b3124df1919b8b0deb59 Mon Sep 17 00:00:00 2001
From: paigeman <53284808+paigeman@users.noreply.github.com>
Date: Wed, 22 Jan 2025 17:24:16 +0800
Subject: [PATCH 2/4] Update server.nft

---
 server.nft | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server.nft b/server.nft
index 90074c5..5940fd0 100644
--- a/server.nft
+++ b/server.nft
@@ -20,6 +20,8 @@ table inet filter {
     icmp type { destination-unreachable, router-advertisement, router-solicitation, time-exceeded, parameter-problem } accept comment "Accept ICMP"
     ip protocol igmp accept comment "Accept IGMP"
     meta l4proto vmap @input_vmap
+    tcp dport {21115-21119} accept
+    udp dport 21116 accept
   }
 
   chain forward {
@@ -41,6 +43,8 @@ table inet filter {
     tcp sport 2049 accept
     udp sport 2049 accept
     tcp sport @web counter packets 0 bytes 0 accept comment "Accept web server"
+    tcp sport {21115-21119} accept
+    udp sport 21116 accept
   }
 
   chain TCP {

From d9b5c4e4eb9f805722115bec95649df7a9c95fdb Mon Sep 17 00:00:00 2001
From: paigeman <53284808+paigeman@users.noreply.github.com>
Date: Wed, 22 Jan 2025 17:51:43 +0800
Subject: [PATCH 3/4] Update deploy-firewall.yml

---
 .github/workflows/deploy-firewall.yml | 33 ++++++++++++++-------------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/deploy-firewall.yml b/.github/workflows/deploy-firewall.yml
index 05a95ac..3aa510c 100644
--- a/.github/workflows/deploy-firewall.yml
+++ b/.github/workflows/deploy-firewall.yml
@@ -1,21 +1,22 @@
 name: deploy firewall
-on: [push]
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
 jobs:
   deploy-firewall:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
-      - uses: appleboy/ssh-action@v0.1.9
-        with:
-          host: ${{ secrets.HOST }}
-          username: ${{ secrets.USERNAME }}
-          password: ${{ secrets.PASSWORD }}
-          port: ${{ secrets.PORT }}
-          script_stop: true
-          script: |
-            cd ~/repo
-            if [ -d "scripts"]; then git pull; else git clone https://github.com/paigeman/scripts.git; fi
-            cd scripts
-            cp server.nft /etc/nft-conf/
-            nft -f /etc/nftables.conf
-            service docker restart
+    - name: Check out the pull request or main branch
+      uses: actions/checkout@v4
+      with:
+        # For pull requests, use the source branch; otherwise, use the current branch
+        ref: ${{ github.event.pull_request.head.ref || github.ref_name }}
+        fetch-depth: 0 # Fetch all history to ensure complete build context
+    - run: |
+        cp server.nft /etc/nft-conf/
+        sudo nft -f /etc/nftables.conf
+        sudo service docker restart
+      
       

From 43cf2c0051d4250ab19efa28e74d180923cf3614 Mon Sep 17 00:00:00 2001
From: paigeman <53284808+paigeman@users.noreply.github.com>
Date: Wed, 22 Jan 2025 17:53:35 +0800
Subject: [PATCH 4/4] Update deploy-firewall.yml

---
 .github/workflows/deploy-firewall.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy-firewall.yml b/.github/workflows/deploy-firewall.yml
index 3aa510c..9925d31 100644
--- a/.github/workflows/deploy-firewall.yml
+++ b/.github/workflows/deploy-firewall.yml
@@ -15,7 +15,7 @@ jobs:
         ref: ${{ github.event.pull_request.head.ref || github.ref_name }}
         fetch-depth: 0 # Fetch all history to ensure complete build context
     - run: |
-        cp server.nft /etc/nft-conf/
+        sudo cp server.nft /etc/nft-conf/
         sudo nft -f /etc/nftables.conf
         sudo service docker restart