#!/bin/bash

# Open firewall to let certbot renew certificates

me=$(basename "$0")

logger -t "$me" "Opening port 80 for certbot"

iptables -I INPUT -p tcp --dport 80 -j NFLOG --nflog-prefix  "nfl:ok-certbot "
iptables -I INPUT -p tcp --dport 80 -j ACCEPT -m comment --comment "Allow HTTP for certbot"