From e9ca613da889135e668f419e7b8f3b0aaa265dfb Mon Sep 17 00:00:00 2001
From: Stefan Huber <shuber@sthu.org>
Date: Mon, 7 Nov 2022 12:15:32 +0100
Subject: [PATCH] letsencrypt: Comment out iptables lines

---
 letsencrypt/renewal.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/letsencrypt/renewal.sh b/letsencrypt/renewal.sh
index b21d4c8..763789d 100644
--- a/letsencrypt/renewal.sh
+++ b/letsencrypt/renewal.sh
@@ -13,8 +13,8 @@ PORT80=$(lsof -ti :80 | wc -l)
 if [ $PORT80 = 0 ]; then
   cd /var/www/challenges
   nohup python3 -m http.server 80 > /dev/null 2>&1 &
-  /usr/sbin/iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
-  /usr/sbin/ip6tables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
+  #/usr/sbin/iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
+  #/usr/sbin/ip6tables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
 fi
 
 
@@ -64,7 +64,7 @@ fi
 
 # Stop temp web server and close port 80 if needed.
 if [ $PORT80 = 0 ]; then
-  /usr/sbin/iptables -D INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
-  /usr/sbin/ip6tables -D INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
+  #/usr/sbin/iptables -D INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
+  #/usr/sbin/ip6tables -D INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
   pkill -f http.server
 fi
-- 
2.30.2