From 5b40fc2724534b32b69269688a851b2759756ad8 Mon Sep 17 00:00:00 2001
From: ver4a <ver4a@uncontrol.me>
Date: Fri, 15 Nov 2024 23:11:31 +0100
Subject: [PATCH] Apply hardened firewall configuration

---
 Dockerfile.gnome | 4 ++++
 Dockerfile.kde   | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/Dockerfile.gnome b/Dockerfile.gnome
index e852893..e733aa7 100644
--- a/Dockerfile.gnome
+++ b/Dockerfile.gnome
@@ -26,5 +26,9 @@ RUN dnf5 -y remove bash-color-prompt
 # Apply configuration
 COPY etc /etc
 
+# Apply hardened firewall configuration
+RUN firewall-offline-cmd --set-default-zone public
+RUN firewall-offline-cmd --remove-service ssh
+
 # https://github.com/ostreedev/ostree-rs-ext/issues/159
 RUN ostree container commit
diff --git a/Dockerfile.kde b/Dockerfile.kde
index 472e3fe..ce846db 100644
--- a/Dockerfile.kde
+++ b/Dockerfile.kde
@@ -26,5 +26,9 @@ RUN dnf5 -y remove bash-color-prompt
 # Apply configuration
 COPY etc /etc
 
+# Apply hardened firewall configuration
+RUN firewall-offline-cmd --set-default-zone public
+RUN firewall-offline-cmd --remove-service ssh
+
 # https://github.com/ostreedev/ostree-rs-ext/issues/159
 RUN ostree container commit