From d128f590b0f7bf0fad330f1a8b760b936b0ef8b6 Mon Sep 17 00:00:00 2001 From: titoko Date: Wed, 12 Dec 2012 11:17:07 +0100 Subject: [PATCH 01/39] Update yunohost_firewall.py List ok Allow ok Disallow ok Todo : -Reload -better display for List -display more informations! --- yunohost_firewall.py | 97 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 94 insertions(+), 3 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 7e04a45a..d66f6aa8 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -2,7 +2,98 @@ import os import sys -import yaml +try: + import yaml +except ImportError: + sys.stderr.write('Error: Yunohost CLI Require yaml lib\n') + sys.stderr.write('apt-get install python-yaml\n') + sys.exit(1) -def firewall_allow(args): - pass +def firewall_allow(protocol=None,port=None,name=None): + if protocol == "Both": + chaineTCP="iptables -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" + chaineUDP="iptables -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT" + append_port(port,'tcp') + append_port(port,'udp') + os.system(chaineTCP) + os.system(chaineUDP) + + else: + chaine="iptables -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j ACCEPT" + append_port(port,protocol) + os.system(chaine) + +def firewall_disallow(protocol=None,port=None,name=None): + if protocol == "Both": + chaineTCP="iptables -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT" + chaineUDP="iptables -A INPUT -p udp -i eth0 --dport "+ port +" -j REJECT" + remove_port(port,'tcp') + remove_port(port,'udp') + os.system(chaineTCP) + os.system(chaineUDP) + else: + chaine="iptables -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j REJECT" + os.system(chaine) + remove_port(port,protocol) + os.system(chaine) + +def firewall_list(): + ''' + Parse and display firwall.yml + ''' + with open ('firewall.yml') as f: + firewall = yaml.load(f) + print(firewall) + +def firewall_reload(): + ''' + Clear filter IPTABLE's table + Allow SSH + Parse firewall.yml extract the list of port allowed + Allow all port in the list + Prohibit the rest + ''' + os.system("iptables -P INPUT ACCEPT") + os.system ("iptables -F") + os.system ("iptables -X") + os.system ("iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") + with open('firewall.yml','r') as f: + firewall = yaml.load(f) + listPortTCP=firewall['ipv4']["TCP"] + listPortUDP=firewall['ipv4']["UDP"] + for port in enumerate (listPortTCP): + os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT") + for port in enumerate (listPortUDP): + os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT") + os.system ("iptables -P INPUT DROP") + +def append_port(port=None,protocol=None): + ''' + Append port in firewall.yml + ''' + with open('firewall.yml','r') as f: + firewall = yaml.load(f) + if port not in firewall['ipv4'][protocol]: + firewall['ipv4'][protocol].append(int(port)) + firewall['ipv4'][protocol].sort() + f.close + os.system("mv firewall.yml firewall.yml.old") + with open('firewall.yml','w') as f: + yaml.dump(firewall,f) + f.close + + +def remove_port(port=None,protocol=None): + ''' + Remove port from firewall.yml + ''' + with open('firewall.yml','r') as f: + firewall = yaml.load(f) + if port in firewall['ipv4'][protocol]: + firewall['ipv4'][protocol].remove(int(port)) + firewall['ipv4'][protocol].sort() + f.close + os.system("mv firewall.yml firewall.yml.old") + with open('firewall.yml','w') as f: + yaml.dump(firewall,f) + f.close From bb2d57c8893dbf67a04523fb91077830a76b2fbf Mon Sep 17 00:00:00 2001 From: titoko Date: Wed, 12 Dec 2012 11:18:14 +0100 Subject: [PATCH 02/39] Update firewall.yml lower case for TCP and UDP --- firewall.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/firewall.yml b/firewall.yml index 909be1a7..9f45a519 100644 --- a/firewall.yml +++ b/firewall.yml @@ -2,7 +2,7 @@ # ipv4: - tcp: [22, 25, 53, 80, 443, 5222, 5269, 5280] - udp: [53] + TCP: [22, 25, 53, 80, 443, 5222, 5269, 5280] + UDP: [53] ipv6: From 5100abbdccc0816af2cd2de130d6cba8294a3593 Mon Sep 17 00:00:00 2001 From: titoko Date: Wed, 12 Dec 2012 11:50:07 +0100 Subject: [PATCH 03/39] Update yunohost_firewall.py Reload ok --- yunohost_firewall.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index d66f6aa8..9c1969b0 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -61,10 +61,10 @@ def firewall_reload(): firewall = yaml.load(f) listPortTCP=firewall['ipv4']["TCP"] listPortUDP=firewall['ipv4']["UDP"] - for port in enumerate (listPortTCP): - os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT") - for port in enumerate (listPortUDP): - os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT") + for i,port in enumerate (listPortTCP): + os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") + for i,port in enumerate (listPortUDP): + os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") os.system ("iptables -P INPUT DROP") def append_port(port=None,protocol=None): From df035adfb05adae30dea36089c727946d690d1fe Mon Sep 17 00:00:00 2001 From: titoko Date: Wed, 12 Dec 2012 13:59:20 +0100 Subject: [PATCH 04/39] Update yunohost_firewall.py Better display for firewall_list() --- yunohost_firewall.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 9c1969b0..138a901c 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -42,8 +42,16 @@ def firewall_list(): Parse and display firwall.yml ''' with open ('firewall.yml') as f: - firewall = yaml.load(f) - print(firewall) + firewall = yaml.load(f) + listPortTCP=firewall['ipv4']['TCP'] + listPortUDP=firewall['ipv4']['UDP'] + print("Port TCP OPEN :") + for i,port in enumerate (listPortTCP): + print("-"+str(port)) + print("Port UDP OPEN :") + for i,port in enumerate (listPortUDP): + print("-"+str(port)) + f.close() def firewall_reload(): ''' From c21db5055d9c9dca3922010edd3de3103d23032d Mon Sep 17 00:00:00 2001 From: titoko Date: Wed, 12 Dec 2012 14:16:11 +0100 Subject: [PATCH 05/39] Update yunohost_firewall.py Remove name argument --- yunohost_firewall.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 138a901c..61e2ee06 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -9,7 +9,7 @@ except ImportError: sys.stderr.write('apt-get install python-yaml\n') sys.exit(1) -def firewall_allow(protocol=None,port=None,name=None): +def firewall_allow(protocol=None,port=None): if protocol == "Both": chaineTCP="iptables -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" chaineUDP="iptables -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT" @@ -23,7 +23,7 @@ def firewall_allow(protocol=None,port=None,name=None): append_port(port,protocol) os.system(chaine) -def firewall_disallow(protocol=None,port=None,name=None): +def firewall_disallow(protocol=None,port=None): if protocol == "Both": chaineTCP="iptables -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT" chaineUDP="iptables -A INPUT -p udp -i eth0 --dport "+ port +" -j REJECT" From 8d8899b2766b75be1a91bfbc3be42f12f317830e Mon Sep 17 00:00:00 2001 From: titoko Date: Wed, 12 Dec 2012 14:17:33 +0100 Subject: [PATCH 06/39] Update action_map.yml Update firewall arguments --- action_map.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/action_map.yml b/action_map.yml index d092dad7..686ff799 100644 --- a/action_map.yml +++ b/action_map.yml @@ -420,15 +420,21 @@ firewall: - UDP - TCP - Both - name: - help: Reference name of the rule + ### firewall_disallow() disallow: action_help: Disallow connection arguments: - name: - help: Reference name of the rule to delete + port: + help: Port to open + protocol: + help: Protocol associated with port + choices: + - UDP + - TCP + - Both + ############################# From a7a3db1eaac900acbdb961a5ccc07b6f98203d9f Mon Sep 17 00:00:00 2001 From: titoko Date: Wed, 12 Dec 2012 16:27:12 +0100 Subject: [PATCH 07/39] Update yunohost_firewall.py add ipv6 support --- yunohost_firewall.py | 148 ++++++++++++++++++++++++++----------------- 1 file changed, 90 insertions(+), 58 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 61e2ee06..132bf003 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -9,50 +9,74 @@ except ImportError: sys.stderr.write('apt-get install python-yaml\n') sys.exit(1) -def firewall_allow(protocol=None,port=None): + +def firewall_allow(protocol=None,port=None,ip=None): + if ip == true: + ip = 'ipv6' + iptables="ip6tables" + else + ip = 'ipv4' + iptables="iptables" + if protocol == "Both": - chaineTCP="iptables -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" - chaineUDP="iptables -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT" - append_port(port,'tcp') - append_port(port,'udp') - os.system(chaineTCP) - os.system(chaineUDP) + TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" + UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT" + append_remove_port(port,'tcp','a',ip) + append_remove_port(port,'udp','a',ip) + os.system(TCP_rule) + os.system(UDP_rule) else: - chaine="iptables -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j ACCEPT" - append_port(port,protocol) - os.system(chaine) + rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j ACCEPT" + append_remove_port(port,protocol,'a',ip) + os.system(rule) -def firewall_disallow(protocol=None,port=None): + +def firewall_disallow(protocol=None,port=None,ip=None): + + if ip == true: + ip = 'ipv6' + else + ip = 'ipv4' + if protocol == "Both": - chaineTCP="iptables -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT" - chaineUDP="iptables -A INPUT -p udp -i eth0 --dport "+ port +" -j REJECT" - remove_port(port,'tcp') - remove_port(port,'udp') - os.system(chaineTCP) - os.system(chaineUDP) + TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT" + UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j REJECT" + append_remove_port(port,'tcp','r',ip) + append_remove_port(port,'udp','r',ip) + os.system(TCP_rule) + os.system(UDP_rule) else: - chaine="iptables -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j REJECT" - os.system(chaine) - remove_port(port,protocol) - os.system(chaine) + rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j REJECT" + append_remove_port(port,protocol,'r',ip) + os.system(rule) + def firewall_list(): ''' Parse and display firwall.yml ''' with open ('firewall.yml') as f: firewall = yaml.load(f) - listPortTCP=firewall['ipv4']['TCP'] - listPortUDP=firewall['ipv4']['UDP'] - print("Port TCP OPEN :") - for i,port in enumerate (listPortTCP): - print("-"+str(port)) - print("Port UDP OPEN :") - for i,port in enumerate (listPortUDP): - print("-"+str(port)) - f.close() - + TCP_port_list_ipv4 = firewall['ipv4']['TCP'] + UDP_port_list_ipv4 = firewall['ipv4']['UDP'] + TCP_port_list_ipv6 = firewall['ipv6']['TCP'] + UDP_port_list_ipv6 = firewall['ipv6']['UDP'] + print("Port TCP Open for ipv4:") + for i,port in enumerate (TCP_port_list_ipv4): + print("-"+str(port)) + print("Port UDP Open for ipv4 :") + for i,port in enumerate (UDP_port_list_ipv4): + print("-"+str(port)) + print("Port TCP Open for ipv6:") + for i,port in enumerate (TCP_port_list_ipv6): + print("-"+str(port)) + print("Port UDP Open for ipv6 :") + for i,port in enumerate (UDP_port_list_ipv6): + print("-"+str(port)) + f.close() + + def firewall_reload(): ''' Clear filter IPTABLE's table @@ -61,29 +85,50 @@ def firewall_reload(): Allow all port in the list Prohibit the rest ''' - os.system("iptables -P INPUT ACCEPT") + with open('firewall.yml','r') as f: + firewall = yaml.load(f) + TCP_port_list_ipv4 = firewall['ipv4']['TCP'] + UDP_port_list_ipv4 = firewall['ipv4']['UDP'] + TCP_port_list_ipv6 = firewall['ipv6']['TCP'] + UDP_port_list_ipv6 = firewall['ipv6']['UDP'] + f.close() + + os.system ("iptables -P INPUT ACCEPT") os.system ("iptables -F") os.system ("iptables -X") os.system ("iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") - with open('firewall.yml','r') as f: - firewall = yaml.load(f) - listPortTCP=firewall['ipv4']["TCP"] - listPortUDP=firewall['ipv4']["UDP"] - for i,port in enumerate (listPortTCP): + os.system ("ip6tables -P INPUT ACCEPT") + os.system ("ip6tables -F") + os.system ("ip6tables -X") + os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") + + for i,port in enumerate (TCP_port_list_ipv4): os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") - for i,port in enumerate (listPortUDP): + + for i,port in enumerate (UDP_port_list_ipv4): os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") - os.system ("iptables -P INPUT DROP") - -def append_port(port=None,protocol=None): + + for i,port in enumerate (TCP_port_list_ipv6): + os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") + + for i,port in enumerate (UDP_port_list_ipv6): + os.system ("ip6tables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") + + os.system ("iptables -P INPUT DROP") + os.system ("ip6tables -P INPUT DROP") + +def append_remove_port(port=None,protocol=None,mode=None,ip=None): ''' Append port in firewall.yml ''' with open('firewall.yml','r') as f: firewall = yaml.load(f) - if port not in firewall['ipv4'][protocol]: - firewall['ipv4'][protocol].append(int(port)) - firewall['ipv4'][protocol].sort() + if port not in firewall[ip][protocol]: + if mode == 'a': + firewall[ip][protocol].append(int(port)) + else: + firewall[ip][protocol].remove(int(port)) + firewall[ip][protocol].sort() f.close os.system("mv firewall.yml firewall.yml.old") with open('firewall.yml','w') as f: @@ -91,17 +136,4 @@ def append_port(port=None,protocol=None): f.close -def remove_port(port=None,protocol=None): - ''' - Remove port from firewall.yml - ''' - with open('firewall.yml','r') as f: - firewall = yaml.load(f) - if port in firewall['ipv4'][protocol]: - firewall['ipv4'][protocol].remove(int(port)) - firewall['ipv4'][protocol].sort() - f.close - os.system("mv firewall.yml firewall.yml.old") - with open('firewall.yml','w') as f: - yaml.dump(firewall,f) - f.close + From 11cdbe324534bdda05d06881a93e852caaaaeb87 Mon Sep 17 00:00:00 2001 From: Titoko Date: Wed, 12 Dec 2012 17:15:12 +0100 Subject: [PATCH 08/39] Indentation --- yunohost_firewall.py | 152 +++++++++++++++++++++++-------------------- 1 file changed, 83 insertions(+), 69 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 132bf003..38cedca6 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -9,36 +9,38 @@ except ImportError: sys.stderr.write('apt-get install python-yaml\n') sys.exit(1) - + + def firewall_allow(protocol=None,port=None,ip=None): - if ip == true: - ip = 'ipv6' - iptables="ip6tables" - else - ip = 'ipv4' - iptables="iptables" - + if ip == true: + ip = 'ipv6' + iptables="ip6tables" + else: + ip = 'ipv4' + iptables="iptables" + if protocol == "Both": - TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" - UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT" - append_remove_port(port,'tcp','a',ip) - append_remove_port(port,'udp','a',ip) - os.system(TCP_rule) - os.system(UDP_rule) + TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" + UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT" + append_remove_port(port,'tcp','a',ip) + append_remove_port(port,'udp','a',ip) + os.system(TCP_rule) + os.system(UDP_rule) else: rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j ACCEPT" append_remove_port(port,protocol,'a',ip) os.system(rule) - + + def firewall_disallow(protocol=None,port=None,ip=None): - if ip == true: - ip = 'ipv6' - else - ip = 'ipv4' - + if ip == true: + ip = 'ipv6' + else: + ip = 'ipv4' + if protocol == "Both": TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT" UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j REJECT" @@ -51,85 +53,97 @@ def firewall_disallow(protocol=None,port=None,ip=None): append_remove_port(port,protocol,'r',ip) os.system(rule) - + + def firewall_list(): ''' - Parse and display firwall.yml - ''' + Parse and display firwall.yml + ''' with open ('firewall.yml') as f: - firewall = yaml.load(f) - TCP_port_list_ipv4 = firewall['ipv4']['TCP'] - UDP_port_list_ipv4 = firewall['ipv4']['UDP'] - TCP_port_list_ipv6 = firewall['ipv6']['TCP'] - UDP_port_list_ipv6 = firewall['ipv6']['UDP'] - print("Port TCP Open for ipv4:") + firewall = yaml.load(f) + TCP_port_list_ipv4 = firewall['ipv4']['TCP'] + UDP_port_list_ipv4 = firewall['ipv4']['UDP'] + TCP_port_list_ipv6 = firewall['ipv6']['TCP'] + UDP_port_list_ipv6 = firewall['ipv6']['UDP'] + print("Port TCP Open for ipv4:") + for i,port in enumerate (TCP_port_list_ipv4): - print("-"+str(port)) + print("-"+str(port)) + print("Port UDP Open for ipv4 :") for i,port in enumerate (UDP_port_list_ipv4): - print("-"+str(port)) - print("Port TCP Open for ipv6:") + print("-"+str(port)) + + print("Port TCP Open for ipv6:") for i,port in enumerate (TCP_port_list_ipv6): - print("-"+str(port)) + print("-"+str(port)) + print("Port UDP Open for ipv6 :") for i,port in enumerate (UDP_port_list_ipv6): - print("-"+str(port)) - f.close() - - + print("-"+str(port)) + f.close() + + + def firewall_reload(): ''' - Clear filter IPTABLE's table - Allow SSH - Parse firewall.yml extract the list of port allowed - Allow all port in the list - Prohibit the rest - ''' - with open('firewall.yml','r') as f: + Clear filter IPTABLE's table + Allow SSH + Parse firewall.yml extract the list of port allowed + Allow all port in the list + Prohibit the rest + ''' + with open('firewall.yml','r') as f: firewall = yaml.load(f) - TCP_port_list_ipv4 = firewall['ipv4']['TCP'] - UDP_port_list_ipv4 = firewall['ipv4']['UDP'] - TCP_port_list_ipv6 = firewall['ipv6']['TCP'] - UDP_port_list_ipv6 = firewall['ipv6']['UDP'] - f.close() - + + TCP_port_list_ipv4 = firewall['ipv4']['TCP'] + UDP_port_list_ipv4 = firewall['ipv4']['UDP'] + + TCP_port_list_ipv6 = firewall['ipv6']['TCP'] + UDP_port_list_ipv6 = firewall['ipv6']['UDP'] + f.close() + os.system ("iptables -P INPUT ACCEPT") os.system ("iptables -F") os.system ("iptables -X") os.system ("iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") - os.system ("ip6tables -P INPUT ACCEPT") + + os.system ("ip6tables -P INPUT ACCEPT") os.system ("ip6tables -F") os.system ("ip6tables -X") os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") - + for i,port in enumerate (TCP_port_list_ipv4): os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") - + for i,port in enumerate (UDP_port_list_ipv4): os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") - - for i,port in enumerate (TCP_port_list_ipv6): + + for i,port in enumerate (TCP_port_list_ipv6): os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") - + for i,port in enumerate (UDP_port_list_ipv6): os.system ("ip6tables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") - - os.system ("iptables -P INPUT DROP") - os.system ("ip6tables -P INPUT DROP") - + + os.system ("iptables -P INPUT DROP") + os.system ("ip6tables -P INPUT DROP") + + + def append_remove_port(port=None,protocol=None,mode=None,ip=None): ''' - Append port in firewall.yml - ''' + Append port in firewall.yml + ''' with open('firewall.yml','r') as f: firewall = yaml.load(f) - if port not in firewall[ip][protocol]: - if mode == 'a': - firewall[ip][protocol].append(int(port)) - else: - firewall[ip][protocol].remove(int(port)) - firewall[ip][protocol].sort() - f.close + if port not in firewall[ip][protocol]: + if mode == 'a': + firewall[ip][protocol].append(int(port)) + else: + firewall[ip][protocol].remove(int(port)) + firewall[ip][protocol].sort() + f.close + os.system("mv firewall.yml firewall.yml.old") with open('firewall.yml','w') as f: yaml.dump(firewall,f) From c3a79a8e04743b3bba66ac7a44a04c8927c7928b Mon Sep 17 00:00:00 2001 From: Titoko Date: Wed, 12 Dec 2012 17:27:26 +0100 Subject: [PATCH 09/39] Remove port from firewall.yml --- yunohost_firewall.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 38cedca6..e74e8440 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -136,12 +136,15 @@ def append_remove_port(port=None,protocol=None,mode=None,ip=None): ''' with open('firewall.yml','r') as f: firewall = yaml.load(f) - if port not in firewall[ip][protocol]: - if mode == 'a': + + if mode == 'a': + if port not in firewall[ip][protocol]: firewall[ip][protocol].append(int(port)) - else: + else: + if port not in firewall[ip][protocol]: firewall[ip][protocol].remove(int(port)) - firewall[ip][protocol].sort() + + firewall[ip][protocol].sort() f.close os.system("mv firewall.yml firewall.yml.old") From 12b6657d95a45252d3dbdada78dec2189d93b15b Mon Sep 17 00:00:00 2001 From: Titoko Date: Wed, 12 Dec 2012 17:40:02 +0100 Subject: [PATCH 10/39] Add IPV6 support --- action_map.yml | 11 +++++++++-- firewall.yml | 2 ++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/action_map.yml b/action_map.yml index 686ff799..f92505f5 100644 --- a/action_map.yml +++ b/action_map.yml @@ -420,7 +420,11 @@ firewall: - UDP - TCP - Both - + -i: + full: --ipv6 + help: ipv6 + action: store_true + ### firewall_disallow() disallow: @@ -434,7 +438,10 @@ firewall: - UDP - TCP - Both - + -i: + full: --ipv6 + help: ipv6 + action: store_true ############################# diff --git a/firewall.yml b/firewall.yml index 9f45a519..b726d24a 100644 --- a/firewall.yml +++ b/firewall.yml @@ -6,3 +6,5 @@ ipv4: UDP: [53] ipv6: + TCP: [] + UDP: [] From a94a1a143f9fef6167cd394d74c9c8814ffa268c Mon Sep 17 00:00:00 2001 From: Titoko Date: Wed, 12 Dec 2012 17:53:08 +0100 Subject: [PATCH 11/39] Bug Fix --- yunohost_firewall.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index e74e8440..d5a31e5b 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -12,7 +12,7 @@ except ImportError: def firewall_allow(protocol=None,port=None,ip=None): - if ip == true: + if ip == True: ip = 'ipv6' iptables="ip6tables" else: @@ -36,10 +36,12 @@ def firewall_allow(protocol=None,port=None,ip=None): def firewall_disallow(protocol=None,port=None,ip=None): - if ip == true: + if ip == True: ip = 'ipv6' + iptables="ip6tables" else: ip = 'ipv4' + iptables="ip6tables" if protocol == "Both": TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT" @@ -107,11 +109,14 @@ def firewall_reload(): os.system ("iptables -F") os.system ("iptables -X") os.system ("iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") + append_remove_port('22','TCP','a',False) + os.system ("ip6tables -P INPUT ACCEPT") os.system ("ip6tables -F") os.system ("ip6tables -X") os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") + append_remove_port('22','TCP','a',True) for i,port in enumerate (TCP_port_list_ipv4): os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") From 5cf6e5bf1672e0713908a65ba2b068d587eb14f1 Mon Sep 17 00:00:00 2001 From: Titoko Date: Wed, 12 Dec 2012 19:20:09 +0100 Subject: [PATCH 12/39] Bug Fix --- action_map.yml | 20 ++++++++++++-------- firewall.yml | 12 ++++-------- yunohost_firewall.py | 22 ++++++++++++++++++---- 3 files changed, 34 insertions(+), 20 deletions(-) diff --git a/action_map.yml b/action_map.yml index f92505f5..ed932990 100644 --- a/action_map.yml +++ b/action_map.yml @@ -407,6 +407,10 @@ firewall: ### firewall_list() list: action_help: List all firewall rules + + ### firewall_reload() + reload: + action_help: Reload all firewall rules ### firewall_allow() allow: @@ -420,10 +424,10 @@ firewall: - UDP - TCP - Both - -i: - full: --ipv6 - help: ipv6 - action: store_true + #-i: + # full: --ipv6 + # help: ipv6 + # action: store_true ### firewall_disallow() @@ -438,10 +442,10 @@ firewall: - UDP - TCP - Both - -i: - full: --ipv6 - help: ipv6 - action: store_true + #-i: + # full: --ipv6 + # help: ipv6 + # action: store_true ############################# diff --git a/firewall.yml b/firewall.yml index b726d24a..ff6ebc99 100644 --- a/firewall.yml +++ b/firewall.yml @@ -1,10 +1,6 @@ -# Ports to open -# - ipv4: - TCP: [22, 25, 53, 80, 443, 5222, 5269, 5280] - UDP: [53] - + TCP: [22, 25, 53, 80, 443, 5222, 5269, 5280] + UDP: [] ipv6: - TCP: [] - UDP: [] + TCP: [22] + UDP: [] diff --git a/yunohost_firewall.py b/yunohost_firewall.py index d5a31e5b..317e45e8 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -21,6 +21,7 @@ def firewall_allow(protocol=None,port=None,ip=None): if protocol == "Both": TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" + UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT" append_remove_port(port,'tcp','a',ip) append_remove_port(port,'udp','a',ip) @@ -120,15 +121,19 @@ def firewall_reload(): for i,port in enumerate (TCP_port_list_ipv4): os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") + print("Port "+str(port)+" on protocol TCP with ipv4 Open") for i,port in enumerate (UDP_port_list_ipv4): os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") + print("Port "+str(port)+" on protocol UDP with ipv4 Open") for i,port in enumerate (TCP_port_list_ipv6): os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") + print("Port "+str(port)+" on protocol TCP with ipv6 Open") for i,port in enumerate (UDP_port_list_ipv6): os.system ("ip6tables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") + print("Port "+str(port)+" on protocol UDP with ipv6 Open") os.system ("iptables -P INPUT DROP") os.system ("ip6tables -P INPUT DROP") @@ -139,16 +144,25 @@ def append_remove_port(port=None,protocol=None,mode=None,ip=None): ''' Append port in firewall.yml ''' + if ip == True: + ip = 'ipv6' + else: + ip = 'ipv4' + with open('firewall.yml','r') as f: firewall = yaml.load(f) - if mode == 'a': - if port not in firewall[ip][protocol]: + if int(port) not in firewall[ip][protocol]: firewall[ip][protocol].append(int(port)) + print("Port "+port+" on protocol "+protocol+" with "+ip+" Open") + else: + print("Port already open") else: - if port not in firewall[ip][protocol]: + if int(port) in firewall[ip][protocol]: firewall[ip][protocol].remove(int(port)) - + print("Port "+port+" on protocol "+protocol+" with "+ip+" Close") + else: + print("Port already close") firewall[ip][protocol].sort() f.close From 448b14705e3d4a7b5a8207012dfaca28af501050 Mon Sep 17 00:00:00 2001 From: titoko Date: Thu, 13 Dec 2012 10:29:53 +0100 Subject: [PATCH 13/39] Update yunohost_firewall.py Refactoring --- yunohost_firewall.py | 102 ++++++++++++++++--------------------------- 1 file changed, 37 insertions(+), 65 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 317e45e8..125f1074 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -11,8 +11,8 @@ except ImportError: -def firewall_allow(protocol=None,port=None,ip=None): - if ip == True: +def firewall_allow(protocol=None,port=None,ipv6=None): + if ipv6 == True: ip = 'ipv6' iptables="ip6tables" else: @@ -20,24 +20,25 @@ def firewall_allow(protocol=None,port=None,ip=None): iptables="iptables" if protocol == "Both": - TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" - + TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT" - append_remove_port(port,'tcp','a',ip) - append_remove_port(port,'udp','a',ip) + + update_yml(port,'tcp','a',ip) + update_yml(port,'udp','a',ip) + os.system(TCP_rule) os.system(UDP_rule) else: rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j ACCEPT" - append_remove_port(port,protocol,'a',ip) + update_yml(port,protocol,'a',ip) os.system(rule) -def firewall_disallow(protocol=None,port=None,ip=None): +def firewall_disallow(protocol=None,port=None,ipv6=None): - if ip == True: + if ipv6 == True: ip = 'ipv6' iptables="ip6tables" else: @@ -47,13 +48,16 @@ def firewall_disallow(protocol=None,port=None,ip=None): if protocol == "Both": TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT" UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j REJECT" - append_remove_port(port,'tcp','r',ip) - append_remove_port(port,'udp','r',ip) + + update_yml(port,'tcp','r',ip) + update_yml(port,'udp','r',ip) + os.system(TCP_rule) os.system(UDP_rule) + else: rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j REJECT" - append_remove_port(port,protocol,'r',ip) + update_yml(port,protocol,'r',ip) os.system(rule) @@ -64,27 +68,7 @@ def firewall_list(): ''' with open ('firewall.yml') as f: firewall = yaml.load(f) - TCP_port_list_ipv4 = firewall['ipv4']['TCP'] - UDP_port_list_ipv4 = firewall['ipv4']['UDP'] - TCP_port_list_ipv6 = firewall['ipv6']['TCP'] - UDP_port_list_ipv6 = firewall['ipv6']['UDP'] - print("Port TCP Open for ipv4:") - - for i,port in enumerate (TCP_port_list_ipv4): - print("-"+str(port)) - - print("Port UDP Open for ipv4 :") - for i,port in enumerate (UDP_port_list_ipv4): - print("-"+str(port)) - - print("Port TCP Open for ipv6:") - for i,port in enumerate (TCP_port_list_ipv6): - print("-"+str(port)) - - print("Port UDP Open for ipv6 :") - for i,port in enumerate (UDP_port_list_ipv6): - print("-"+str(port)) - f.close() + return firewall @@ -99,39 +83,32 @@ def firewall_reload(): with open('firewall.yml','r') as f: firewall = yaml.load(f) - TCP_port_list_ipv4 = firewall['ipv4']['TCP'] - UDP_port_list_ipv4 = firewall['ipv4']['UDP'] - - TCP_port_list_ipv6 = firewall['ipv6']['TCP'] - UDP_port_list_ipv6 = firewall['ipv6']['UDP'] - f.close() - os.system ("iptables -P INPUT ACCEPT") os.system ("iptables -F") os.system ("iptables -X") os.system ("iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") - append_remove_port('22','TCP','a',False) + update_yml('22','TCP','a',False) os.system ("ip6tables -P INPUT ACCEPT") os.system ("ip6tables -F") os.system ("ip6tables -X") os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") - append_remove_port('22','TCP','a',True) + update_yml('22','TCP','a',True) - for i,port in enumerate (TCP_port_list_ipv4): + for i,port in enumerate (firewall['ipv4']['TCP']): os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") print("Port "+str(port)+" on protocol TCP with ipv4 Open") - for i,port in enumerate (UDP_port_list_ipv4): + for i,port in enumerate (firewall['ipv4']['UDP']): os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") print("Port "+str(port)+" on protocol UDP with ipv4 Open") - for i,port in enumerate (TCP_port_list_ipv6): + for i,port in enumerate (firewall['ipv6']['TCP']): os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") print("Port "+str(port)+" on protocol TCP with ipv6 Open") - for i,port in enumerate (UDP_port_list_ipv6): + for i,port in enumerate (firewall['ipv6']['UDP']): os.system ("ip6tables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") print("Port "+str(port)+" on protocol UDP with ipv6 Open") @@ -140,36 +117,31 @@ def firewall_reload(): -def append_remove_port(port=None,protocol=None,mode=None,ip=None): +def update_yml(port=None,protocol=None,mode=None,ip=None): ''' Append port in firewall.yml ''' - if ip == True: - ip = 'ipv6' - else: - ip = 'ipv4' - + with open('firewall.yml','r') as f: firewall = yaml.load(f) - if mode == 'a': - if int(port) not in firewall[ip][protocol]: - firewall[ip][protocol].append(int(port)) - print("Port "+port+" on protocol "+protocol+" with "+ip+" Open") - else: - print("Port already open") + if mode == 'a': + if int(port) not in firewall[ip][protocol]: + firewall[ip][protocol].append(int(port)) + print("Port "+port+" on protocol "+protocol+" with "+ip+" Open") else: - if int(port) in firewall[ip][protocol]: - firewall[ip][protocol].remove(int(port)) - print("Port "+port+" on protocol "+protocol+" with "+ip+" Close") - else: - print("Port already close") + print("Port already open") + else: + if int(port) in firewall[ip][protocol]: + firewall[ip][protocol].remove(int(port)) + print("Port "+port+" on protocol "+protocol+" with "+ip+" Close") + else: + print("Port already close") firewall[ip][protocol].sort() - f.close os.system("mv firewall.yml firewall.yml.old") with open('firewall.yml','w') as f: yaml.dump(firewall,f) - f.close + From 3b3b2120f8780af38a567d3b73bb26857615224a Mon Sep 17 00:00:00 2001 From: titoko Date: Thu, 13 Dec 2012 10:38:37 +0100 Subject: [PATCH 14/39] Update yunohost_firewall.py Update comments --- yunohost_firewall.py | 49 ++++++++++++++++++++++++++++++++++---------- 1 file changed, 38 insertions(+), 11 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 125f1074..3dca6fe4 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -12,6 +12,15 @@ except ImportError: def firewall_allow(protocol=None,port=None,ipv6=None): + """ + Allow port in iptables + + Keyword arguments: + protocol + port + ipv6 + + """ if ipv6 == True: ip = 'ipv6' iptables="ip6tables" @@ -37,6 +46,15 @@ def firewall_allow(protocol=None,port=None,ipv6=None): def firewall_disallow(protocol=None,port=None,ipv6=None): + """ + Disallow port in iptables + + Keyword arguments: + protocol + port + ipv6 + + """ if ipv6 == True: ip = 'ipv6' @@ -63,9 +81,12 @@ def firewall_disallow(protocol=None,port=None,ipv6=None): def firewall_list(): - ''' - Parse and display firwall.yml - ''' + """ + Display list of allow port + + Keyword arguments: + None + """ with open ('firewall.yml') as f: firewall = yaml.load(f) return firewall @@ -74,11 +95,10 @@ def firewall_list(): def firewall_reload(): ''' - Clear filter IPTABLE's table - Allow SSH - Parse firewall.yml extract the list of port allowed - Allow all port in the list - Prohibit the rest + Reload iptables configuration + + Keyword arguments: + None ''' with open('firewall.yml','r') as f: firewall = yaml.load(f) @@ -118,9 +138,16 @@ def firewall_reload(): def update_yml(port=None,protocol=None,mode=None,ip=None): - ''' - Append port in firewall.yml - ''' + """ + Update firewall.yml + + Keyword arguments: + protocol + port + mode + ipv6 + + """ with open('firewall.yml','r') as f: firewall = yaml.load(f) From 5132b3908ff1a7ece760d781922f41e5149ffa43 Mon Sep 17 00:00:00 2001 From: titoko Date: Thu, 13 Dec 2012 10:52:25 +0100 Subject: [PATCH 15/39] Update firewall.yml update indentation --- firewall.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/firewall.yml b/firewall.yml index ff6ebc99..688c1da7 100644 --- a/firewall.yml +++ b/firewall.yml @@ -1,6 +1,6 @@ ipv4: - TCP: [22, 25, 53, 80, 443, 5222, 5269, 5280] - UDP: [] + TCP: [22, 25, 53, 80, 443, 5222, 5269, 5280] + UDP: [] ipv6: - TCP: [22] - UDP: [] + TCP: [22] + UDP: [] From 6c5c4dea37e3ecb9d9e53ebde2f86dc21388b928 Mon Sep 17 00:00:00 2001 From: titoko Date: Thu, 13 Dec 2012 10:55:10 +0100 Subject: [PATCH 16/39] Update action_map.yml update indentation --- action_map.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/action_map.yml b/action_map.yml index ed932990..d173c198 100644 --- a/action_map.yml +++ b/action_map.yml @@ -442,10 +442,10 @@ firewall: - UDP - TCP - Both - #-i: - # full: --ipv6 - # help: ipv6 - # action: store_true + -i: + full: --ipv6 + help: ipv6 + action: store_true ############################# From d1e562de77d3875151e9516f4f025a21b58572c8 Mon Sep 17 00:00:00 2001 From: titoko Date: Thu, 13 Dec 2012 10:58:49 +0100 Subject: [PATCH 17/39] Update yunohost_firewall.py Bug fix(call reload from web) --- yunohost_firewall.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 3dca6fe4..7369413e 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -118,22 +118,23 @@ def firewall_reload(): for i,port in enumerate (firewall['ipv4']['TCP']): os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") - print("Port "+str(port)+" on protocol TCP with ipv4 Open") + for i,port in enumerate (firewall['ipv4']['UDP']): os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") - print("Port "+str(port)+" on protocol UDP with ipv4 Open") + for i,port in enumerate (firewall['ipv6']['TCP']): os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") - print("Port "+str(port)+" on protocol TCP with ipv6 Open") + for i,port in enumerate (firewall['ipv6']['UDP']): os.system ("ip6tables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") - print("Port "+str(port)+" on protocol UDP with ipv6 Open") + os.system ("iptables -P INPUT DROP") os.system ("ip6tables -P INPUT DROP") + firewall_list() From 3249428894dda4b7acb97b591478f4f1261187d1 Mon Sep 17 00:00:00 2001 From: titoko Date: Thu, 13 Dec 2012 11:23:10 +0100 Subject: [PATCH 18/39] Update yunohost_firewall.py Update comment & return --- yunohost_firewall.py | 49 +++++++++++++++++++++++++++++++------------- 1 file changed, 35 insertions(+), 14 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 7369413e..6ca7bc37 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -16,9 +16,12 @@ def firewall_allow(protocol=None,port=None,ipv6=None): Allow port in iptables Keyword arguments: - protocol - port - ipv6 + protocol -- Protocol used + port -- Port to open + ipv6 -- Boolean ipv6 + + Return + Dict """ if ipv6 == True: @@ -42,6 +45,8 @@ def firewall_allow(protocol=None,port=None,ipv6=None): rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j ACCEPT" update_yml(port,protocol,'a',ip) os.system(rule) + + return firewall_list() @@ -50,9 +55,12 @@ def firewall_disallow(protocol=None,port=None,ipv6=None): Disallow port in iptables Keyword arguments: - protocol - port - ipv6 + protocol -- Protocol used + port -- Port to open + ipv6 -- Boolean ipv6 + + Return + Dict """ @@ -77,15 +85,21 @@ def firewall_disallow(protocol=None,port=None,ipv6=None): rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j REJECT" update_yml(port,protocol,'r',ip) os.system(rule) + + return firewall_list def firewall_list(): """ - Display list of allow port + Allow port in iptables Keyword arguments: - None + None + + Return + Dict + """ with open ('firewall.yml') as f: firewall = yaml.load(f) @@ -98,7 +112,10 @@ def firewall_reload(): Reload iptables configuration Keyword arguments: - None + None + + Return + Dict ''' with open('firewall.yml','r') as f: firewall = yaml.load(f) @@ -134,7 +151,8 @@ def firewall_reload(): os.system ("iptables -P INPUT DROP") os.system ("ip6tables -P INPUT DROP") - firewall_list() + + return firewall_list() @@ -143,10 +161,13 @@ def update_yml(port=None,protocol=None,mode=None,ip=None): Update firewall.yml Keyword arguments: - protocol - port - mode - ipv6 + protocol -- Protocol used + port -- Port to open + mode -- a=append r=remove + ipv6 -- Boolean ipv6 + + Return + None """ From 5cb92bfb5f9f504db0f3c3d2fc3c9a32233dd33b Mon Sep 17 00:00:00 2001 From: titoko Date: Thu, 13 Dec 2012 11:25:47 +0100 Subject: [PATCH 19/39] Update yunohost_firewall.py --- yunohost_firewall.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 6ca7bc37..ba6daf33 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -45,7 +45,8 @@ def firewall_allow(protocol=None,port=None,ipv6=None): rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j ACCEPT" update_yml(port,protocol,'a',ip) os.system(rule) - + + win_msg(_("Port successfully openned")) return firewall_list() @@ -85,7 +86,7 @@ def firewall_disallow(protocol=None,port=None,ipv6=None): rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j REJECT" update_yml(port,protocol,'r',ip) os.system(rule) - + win_msg(_("Port successfully closed")) return firewall_list @@ -152,6 +153,7 @@ def firewall_reload(): os.system ("iptables -P INPUT DROP") os.system ("ip6tables -P INPUT DROP") + win_msg(_("Firewall successfully reloaded")) return firewall_list() From f77488664e777c80c970076b8a70f5d3bc495176 Mon Sep 17 00:00:00 2001 From: titoko Date: Thu, 13 Dec 2012 11:36:09 +0100 Subject: [PATCH 20/39] Update action_map.yml ipv6 --- action_map.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/action_map.yml b/action_map.yml index d173c198..444881d2 100644 --- a/action_map.yml +++ b/action_map.yml @@ -424,10 +424,10 @@ firewall: - UDP - TCP - Both - #-i: - # full: --ipv6 - # help: ipv6 - # action: store_true + -i: + full: --ipv6 + help: ipv6 + action: store_true ### firewall_disallow() From 987804008d7cbbfcb76cfde45da9a89a41d3f4a9 Mon Sep 17 00:00:00 2001 From: titoko Date: Wed, 12 Dec 2012 11:17:07 +0100 Subject: [PATCH 21/39] Update yunohost_firewall.py List ok Allow ok Disallow ok Todo : -Reload -better display for List -display more informations! --- yunohost_firewall.py | 97 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 94 insertions(+), 3 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 7e04a45a..d66f6aa8 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -2,7 +2,98 @@ import os import sys -import yaml +try: + import yaml +except ImportError: + sys.stderr.write('Error: Yunohost CLI Require yaml lib\n') + sys.stderr.write('apt-get install python-yaml\n') + sys.exit(1) -def firewall_allow(args): - pass +def firewall_allow(protocol=None,port=None,name=None): + if protocol == "Both": + chaineTCP="iptables -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" + chaineUDP="iptables -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT" + append_port(port,'tcp') + append_port(port,'udp') + os.system(chaineTCP) + os.system(chaineUDP) + + else: + chaine="iptables -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j ACCEPT" + append_port(port,protocol) + os.system(chaine) + +def firewall_disallow(protocol=None,port=None,name=None): + if protocol == "Both": + chaineTCP="iptables -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT" + chaineUDP="iptables -A INPUT -p udp -i eth0 --dport "+ port +" -j REJECT" + remove_port(port,'tcp') + remove_port(port,'udp') + os.system(chaineTCP) + os.system(chaineUDP) + else: + chaine="iptables -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j REJECT" + os.system(chaine) + remove_port(port,protocol) + os.system(chaine) + +def firewall_list(): + ''' + Parse and display firwall.yml + ''' + with open ('firewall.yml') as f: + firewall = yaml.load(f) + print(firewall) + +def firewall_reload(): + ''' + Clear filter IPTABLE's table + Allow SSH + Parse firewall.yml extract the list of port allowed + Allow all port in the list + Prohibit the rest + ''' + os.system("iptables -P INPUT ACCEPT") + os.system ("iptables -F") + os.system ("iptables -X") + os.system ("iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") + with open('firewall.yml','r') as f: + firewall = yaml.load(f) + listPortTCP=firewall['ipv4']["TCP"] + listPortUDP=firewall['ipv4']["UDP"] + for port in enumerate (listPortTCP): + os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT") + for port in enumerate (listPortUDP): + os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT") + os.system ("iptables -P INPUT DROP") + +def append_port(port=None,protocol=None): + ''' + Append port in firewall.yml + ''' + with open('firewall.yml','r') as f: + firewall = yaml.load(f) + if port not in firewall['ipv4'][protocol]: + firewall['ipv4'][protocol].append(int(port)) + firewall['ipv4'][protocol].sort() + f.close + os.system("mv firewall.yml firewall.yml.old") + with open('firewall.yml','w') as f: + yaml.dump(firewall,f) + f.close + + +def remove_port(port=None,protocol=None): + ''' + Remove port from firewall.yml + ''' + with open('firewall.yml','r') as f: + firewall = yaml.load(f) + if port in firewall['ipv4'][protocol]: + firewall['ipv4'][protocol].remove(int(port)) + firewall['ipv4'][protocol].sort() + f.close + os.system("mv firewall.yml firewall.yml.old") + with open('firewall.yml','w') as f: + yaml.dump(firewall,f) + f.close From 9f1e6adf26907bad7323f908e838843af1b9334a Mon Sep 17 00:00:00 2001 From: titoko Date: Wed, 12 Dec 2012 11:50:07 +0100 Subject: [PATCH 22/39] Update yunohost_firewall.py Reload ok --- yunohost_firewall.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index d66f6aa8..9c1969b0 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -61,10 +61,10 @@ def firewall_reload(): firewall = yaml.load(f) listPortTCP=firewall['ipv4']["TCP"] listPortUDP=firewall['ipv4']["UDP"] - for port in enumerate (listPortTCP): - os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT") - for port in enumerate (listPortUDP): - os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT") + for i,port in enumerate (listPortTCP): + os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") + for i,port in enumerate (listPortUDP): + os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") os.system ("iptables -P INPUT DROP") def append_port(port=None,protocol=None): From 1522a7f75931dceecd06a6fc5095692f218d4ec5 Mon Sep 17 00:00:00 2001 From: titoko Date: Wed, 12 Dec 2012 13:59:20 +0100 Subject: [PATCH 23/39] Update yunohost_firewall.py Better display for firewall_list() --- yunohost_firewall.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 9c1969b0..138a901c 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -42,8 +42,16 @@ def firewall_list(): Parse and display firwall.yml ''' with open ('firewall.yml') as f: - firewall = yaml.load(f) - print(firewall) + firewall = yaml.load(f) + listPortTCP=firewall['ipv4']['TCP'] + listPortUDP=firewall['ipv4']['UDP'] + print("Port TCP OPEN :") + for i,port in enumerate (listPortTCP): + print("-"+str(port)) + print("Port UDP OPEN :") + for i,port in enumerate (listPortUDP): + print("-"+str(port)) + f.close() def firewall_reload(): ''' From dc29da83162c859b1f0aa8d8e0582ba043854ca8 Mon Sep 17 00:00:00 2001 From: titoko Date: Wed, 12 Dec 2012 14:16:11 +0100 Subject: [PATCH 24/39] Update yunohost_firewall.py Remove name argument --- yunohost_firewall.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 138a901c..61e2ee06 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -9,7 +9,7 @@ except ImportError: sys.stderr.write('apt-get install python-yaml\n') sys.exit(1) -def firewall_allow(protocol=None,port=None,name=None): +def firewall_allow(protocol=None,port=None): if protocol == "Both": chaineTCP="iptables -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" chaineUDP="iptables -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT" @@ -23,7 +23,7 @@ def firewall_allow(protocol=None,port=None,name=None): append_port(port,protocol) os.system(chaine) -def firewall_disallow(protocol=None,port=None,name=None): +def firewall_disallow(protocol=None,port=None): if protocol == "Both": chaineTCP="iptables -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT" chaineUDP="iptables -A INPUT -p udp -i eth0 --dport "+ port +" -j REJECT" From 52ed3ba9e38075a1f75f7ab3a5027e162d8ced4b Mon Sep 17 00:00:00 2001 From: titoko Date: Wed, 12 Dec 2012 14:17:33 +0100 Subject: [PATCH 25/39] Update action_map.yml Update firewall arguments --- action_map.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/action_map.yml b/action_map.yml index d092dad7..686ff799 100644 --- a/action_map.yml +++ b/action_map.yml @@ -420,15 +420,21 @@ firewall: - UDP - TCP - Both - name: - help: Reference name of the rule + ### firewall_disallow() disallow: action_help: Disallow connection arguments: - name: - help: Reference name of the rule to delete + port: + help: Port to open + protocol: + help: Protocol associated with port + choices: + - UDP + - TCP + - Both + ############################# From e9299eb0f334f04a32af5db95207d529097d8a29 Mon Sep 17 00:00:00 2001 From: titoko Date: Wed, 12 Dec 2012 16:27:12 +0100 Subject: [PATCH 26/39] Update yunohost_firewall.py add ipv6 support --- yunohost_firewall.py | 148 ++++++++++++++++++++++++++----------------- 1 file changed, 90 insertions(+), 58 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 61e2ee06..132bf003 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -9,50 +9,74 @@ except ImportError: sys.stderr.write('apt-get install python-yaml\n') sys.exit(1) -def firewall_allow(protocol=None,port=None): + +def firewall_allow(protocol=None,port=None,ip=None): + if ip == true: + ip = 'ipv6' + iptables="ip6tables" + else + ip = 'ipv4' + iptables="iptables" + if protocol == "Both": - chaineTCP="iptables -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" - chaineUDP="iptables -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT" - append_port(port,'tcp') - append_port(port,'udp') - os.system(chaineTCP) - os.system(chaineUDP) + TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" + UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT" + append_remove_port(port,'tcp','a',ip) + append_remove_port(port,'udp','a',ip) + os.system(TCP_rule) + os.system(UDP_rule) else: - chaine="iptables -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j ACCEPT" - append_port(port,protocol) - os.system(chaine) + rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j ACCEPT" + append_remove_port(port,protocol,'a',ip) + os.system(rule) -def firewall_disallow(protocol=None,port=None): + +def firewall_disallow(protocol=None,port=None,ip=None): + + if ip == true: + ip = 'ipv6' + else + ip = 'ipv4' + if protocol == "Both": - chaineTCP="iptables -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT" - chaineUDP="iptables -A INPUT -p udp -i eth0 --dport "+ port +" -j REJECT" - remove_port(port,'tcp') - remove_port(port,'udp') - os.system(chaineTCP) - os.system(chaineUDP) + TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT" + UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j REJECT" + append_remove_port(port,'tcp','r',ip) + append_remove_port(port,'udp','r',ip) + os.system(TCP_rule) + os.system(UDP_rule) else: - chaine="iptables -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j REJECT" - os.system(chaine) - remove_port(port,protocol) - os.system(chaine) + rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j REJECT" + append_remove_port(port,protocol,'r',ip) + os.system(rule) + def firewall_list(): ''' Parse and display firwall.yml ''' with open ('firewall.yml') as f: firewall = yaml.load(f) - listPortTCP=firewall['ipv4']['TCP'] - listPortUDP=firewall['ipv4']['UDP'] - print("Port TCP OPEN :") - for i,port in enumerate (listPortTCP): - print("-"+str(port)) - print("Port UDP OPEN :") - for i,port in enumerate (listPortUDP): - print("-"+str(port)) - f.close() - + TCP_port_list_ipv4 = firewall['ipv4']['TCP'] + UDP_port_list_ipv4 = firewall['ipv4']['UDP'] + TCP_port_list_ipv6 = firewall['ipv6']['TCP'] + UDP_port_list_ipv6 = firewall['ipv6']['UDP'] + print("Port TCP Open for ipv4:") + for i,port in enumerate (TCP_port_list_ipv4): + print("-"+str(port)) + print("Port UDP Open for ipv4 :") + for i,port in enumerate (UDP_port_list_ipv4): + print("-"+str(port)) + print("Port TCP Open for ipv6:") + for i,port in enumerate (TCP_port_list_ipv6): + print("-"+str(port)) + print("Port UDP Open for ipv6 :") + for i,port in enumerate (UDP_port_list_ipv6): + print("-"+str(port)) + f.close() + + def firewall_reload(): ''' Clear filter IPTABLE's table @@ -61,29 +85,50 @@ def firewall_reload(): Allow all port in the list Prohibit the rest ''' - os.system("iptables -P INPUT ACCEPT") + with open('firewall.yml','r') as f: + firewall = yaml.load(f) + TCP_port_list_ipv4 = firewall['ipv4']['TCP'] + UDP_port_list_ipv4 = firewall['ipv4']['UDP'] + TCP_port_list_ipv6 = firewall['ipv6']['TCP'] + UDP_port_list_ipv6 = firewall['ipv6']['UDP'] + f.close() + + os.system ("iptables -P INPUT ACCEPT") os.system ("iptables -F") os.system ("iptables -X") os.system ("iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") - with open('firewall.yml','r') as f: - firewall = yaml.load(f) - listPortTCP=firewall['ipv4']["TCP"] - listPortUDP=firewall['ipv4']["UDP"] - for i,port in enumerate (listPortTCP): + os.system ("ip6tables -P INPUT ACCEPT") + os.system ("ip6tables -F") + os.system ("ip6tables -X") + os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") + + for i,port in enumerate (TCP_port_list_ipv4): os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") - for i,port in enumerate (listPortUDP): + + for i,port in enumerate (UDP_port_list_ipv4): os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") - os.system ("iptables -P INPUT DROP") - -def append_port(port=None,protocol=None): + + for i,port in enumerate (TCP_port_list_ipv6): + os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") + + for i,port in enumerate (UDP_port_list_ipv6): + os.system ("ip6tables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") + + os.system ("iptables -P INPUT DROP") + os.system ("ip6tables -P INPUT DROP") + +def append_remove_port(port=None,protocol=None,mode=None,ip=None): ''' Append port in firewall.yml ''' with open('firewall.yml','r') as f: firewall = yaml.load(f) - if port not in firewall['ipv4'][protocol]: - firewall['ipv4'][protocol].append(int(port)) - firewall['ipv4'][protocol].sort() + if port not in firewall[ip][protocol]: + if mode == 'a': + firewall[ip][protocol].append(int(port)) + else: + firewall[ip][protocol].remove(int(port)) + firewall[ip][protocol].sort() f.close os.system("mv firewall.yml firewall.yml.old") with open('firewall.yml','w') as f: @@ -91,17 +136,4 @@ def append_port(port=None,protocol=None): f.close -def remove_port(port=None,protocol=None): - ''' - Remove port from firewall.yml - ''' - with open('firewall.yml','r') as f: - firewall = yaml.load(f) - if port in firewall['ipv4'][protocol]: - firewall['ipv4'][protocol].remove(int(port)) - firewall['ipv4'][protocol].sort() - f.close - os.system("mv firewall.yml firewall.yml.old") - with open('firewall.yml','w') as f: - yaml.dump(firewall,f) - f.close + From add6a388f429da880f76b3dd4669f40ceaf18056 Mon Sep 17 00:00:00 2001 From: Titoko Date: Wed, 12 Dec 2012 17:15:12 +0100 Subject: [PATCH 27/39] Indentation --- yunohost_firewall.py | 152 +++++++++++++++++++++++-------------------- 1 file changed, 83 insertions(+), 69 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 132bf003..38cedca6 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -9,36 +9,38 @@ except ImportError: sys.stderr.write('apt-get install python-yaml\n') sys.exit(1) - + + def firewall_allow(protocol=None,port=None,ip=None): - if ip == true: - ip = 'ipv6' - iptables="ip6tables" - else - ip = 'ipv4' - iptables="iptables" - + if ip == true: + ip = 'ipv6' + iptables="ip6tables" + else: + ip = 'ipv4' + iptables="iptables" + if protocol == "Both": - TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" - UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT" - append_remove_port(port,'tcp','a',ip) - append_remove_port(port,'udp','a',ip) - os.system(TCP_rule) - os.system(UDP_rule) + TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" + UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT" + append_remove_port(port,'tcp','a',ip) + append_remove_port(port,'udp','a',ip) + os.system(TCP_rule) + os.system(UDP_rule) else: rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j ACCEPT" append_remove_port(port,protocol,'a',ip) os.system(rule) - + + def firewall_disallow(protocol=None,port=None,ip=None): - if ip == true: - ip = 'ipv6' - else - ip = 'ipv4' - + if ip == true: + ip = 'ipv6' + else: + ip = 'ipv4' + if protocol == "Both": TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT" UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j REJECT" @@ -51,85 +53,97 @@ def firewall_disallow(protocol=None,port=None,ip=None): append_remove_port(port,protocol,'r',ip) os.system(rule) - + + def firewall_list(): ''' - Parse and display firwall.yml - ''' + Parse and display firwall.yml + ''' with open ('firewall.yml') as f: - firewall = yaml.load(f) - TCP_port_list_ipv4 = firewall['ipv4']['TCP'] - UDP_port_list_ipv4 = firewall['ipv4']['UDP'] - TCP_port_list_ipv6 = firewall['ipv6']['TCP'] - UDP_port_list_ipv6 = firewall['ipv6']['UDP'] - print("Port TCP Open for ipv4:") + firewall = yaml.load(f) + TCP_port_list_ipv4 = firewall['ipv4']['TCP'] + UDP_port_list_ipv4 = firewall['ipv4']['UDP'] + TCP_port_list_ipv6 = firewall['ipv6']['TCP'] + UDP_port_list_ipv6 = firewall['ipv6']['UDP'] + print("Port TCP Open for ipv4:") + for i,port in enumerate (TCP_port_list_ipv4): - print("-"+str(port)) + print("-"+str(port)) + print("Port UDP Open for ipv4 :") for i,port in enumerate (UDP_port_list_ipv4): - print("-"+str(port)) - print("Port TCP Open for ipv6:") + print("-"+str(port)) + + print("Port TCP Open for ipv6:") for i,port in enumerate (TCP_port_list_ipv6): - print("-"+str(port)) + print("-"+str(port)) + print("Port UDP Open for ipv6 :") for i,port in enumerate (UDP_port_list_ipv6): - print("-"+str(port)) - f.close() - - + print("-"+str(port)) + f.close() + + + def firewall_reload(): ''' - Clear filter IPTABLE's table - Allow SSH - Parse firewall.yml extract the list of port allowed - Allow all port in the list - Prohibit the rest - ''' - with open('firewall.yml','r') as f: + Clear filter IPTABLE's table + Allow SSH + Parse firewall.yml extract the list of port allowed + Allow all port in the list + Prohibit the rest + ''' + with open('firewall.yml','r') as f: firewall = yaml.load(f) - TCP_port_list_ipv4 = firewall['ipv4']['TCP'] - UDP_port_list_ipv4 = firewall['ipv4']['UDP'] - TCP_port_list_ipv6 = firewall['ipv6']['TCP'] - UDP_port_list_ipv6 = firewall['ipv6']['UDP'] - f.close() - + + TCP_port_list_ipv4 = firewall['ipv4']['TCP'] + UDP_port_list_ipv4 = firewall['ipv4']['UDP'] + + TCP_port_list_ipv6 = firewall['ipv6']['TCP'] + UDP_port_list_ipv6 = firewall['ipv6']['UDP'] + f.close() + os.system ("iptables -P INPUT ACCEPT") os.system ("iptables -F") os.system ("iptables -X") os.system ("iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") - os.system ("ip6tables -P INPUT ACCEPT") + + os.system ("ip6tables -P INPUT ACCEPT") os.system ("ip6tables -F") os.system ("ip6tables -X") os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") - + for i,port in enumerate (TCP_port_list_ipv4): os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") - + for i,port in enumerate (UDP_port_list_ipv4): os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") - - for i,port in enumerate (TCP_port_list_ipv6): + + for i,port in enumerate (TCP_port_list_ipv6): os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") - + for i,port in enumerate (UDP_port_list_ipv6): os.system ("ip6tables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") - - os.system ("iptables -P INPUT DROP") - os.system ("ip6tables -P INPUT DROP") - + + os.system ("iptables -P INPUT DROP") + os.system ("ip6tables -P INPUT DROP") + + + def append_remove_port(port=None,protocol=None,mode=None,ip=None): ''' - Append port in firewall.yml - ''' + Append port in firewall.yml + ''' with open('firewall.yml','r') as f: firewall = yaml.load(f) - if port not in firewall[ip][protocol]: - if mode == 'a': - firewall[ip][protocol].append(int(port)) - else: - firewall[ip][protocol].remove(int(port)) - firewall[ip][protocol].sort() - f.close + if port not in firewall[ip][protocol]: + if mode == 'a': + firewall[ip][protocol].append(int(port)) + else: + firewall[ip][protocol].remove(int(port)) + firewall[ip][protocol].sort() + f.close + os.system("mv firewall.yml firewall.yml.old") with open('firewall.yml','w') as f: yaml.dump(firewall,f) From daaddf238fbe8c73efd95c79bc00032f12ba64d8 Mon Sep 17 00:00:00 2001 From: Titoko Date: Wed, 12 Dec 2012 17:27:26 +0100 Subject: [PATCH 28/39] Remove port from firewall.yml --- yunohost_firewall.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 38cedca6..e74e8440 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -136,12 +136,15 @@ def append_remove_port(port=None,protocol=None,mode=None,ip=None): ''' with open('firewall.yml','r') as f: firewall = yaml.load(f) - if port not in firewall[ip][protocol]: - if mode == 'a': + + if mode == 'a': + if port not in firewall[ip][protocol]: firewall[ip][protocol].append(int(port)) - else: + else: + if port not in firewall[ip][protocol]: firewall[ip][protocol].remove(int(port)) - firewall[ip][protocol].sort() + + firewall[ip][protocol].sort() f.close os.system("mv firewall.yml firewall.yml.old") From a425302d6592f4d20eaad29608111d6550ef549c Mon Sep 17 00:00:00 2001 From: Titoko Date: Wed, 12 Dec 2012 17:40:02 +0100 Subject: [PATCH 29/39] Add IPV6 support --- action_map.yml | 11 +++++++++-- firewall.yml | 2 ++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/action_map.yml b/action_map.yml index 686ff799..f92505f5 100644 --- a/action_map.yml +++ b/action_map.yml @@ -420,7 +420,11 @@ firewall: - UDP - TCP - Both - + -i: + full: --ipv6 + help: ipv6 + action: store_true + ### firewall_disallow() disallow: @@ -434,7 +438,10 @@ firewall: - UDP - TCP - Both - + -i: + full: --ipv6 + help: ipv6 + action: store_true ############################# diff --git a/firewall.yml b/firewall.yml index 9f45a519..b726d24a 100644 --- a/firewall.yml +++ b/firewall.yml @@ -6,3 +6,5 @@ ipv4: UDP: [53] ipv6: + TCP: [] + UDP: [] From 3126a2007904931e417bb25c9efa2cfb92d6a7ac Mon Sep 17 00:00:00 2001 From: Titoko Date: Wed, 12 Dec 2012 17:53:08 +0100 Subject: [PATCH 30/39] Bug Fix --- yunohost_firewall.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index e74e8440..d5a31e5b 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -12,7 +12,7 @@ except ImportError: def firewall_allow(protocol=None,port=None,ip=None): - if ip == true: + if ip == True: ip = 'ipv6' iptables="ip6tables" else: @@ -36,10 +36,12 @@ def firewall_allow(protocol=None,port=None,ip=None): def firewall_disallow(protocol=None,port=None,ip=None): - if ip == true: + if ip == True: ip = 'ipv6' + iptables="ip6tables" else: ip = 'ipv4' + iptables="ip6tables" if protocol == "Both": TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT" @@ -107,11 +109,14 @@ def firewall_reload(): os.system ("iptables -F") os.system ("iptables -X") os.system ("iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") + append_remove_port('22','TCP','a',False) + os.system ("ip6tables -P INPUT ACCEPT") os.system ("ip6tables -F") os.system ("ip6tables -X") os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") + append_remove_port('22','TCP','a',True) for i,port in enumerate (TCP_port_list_ipv4): os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") From ace2253eae179b36912524a90159e95b67fb016e Mon Sep 17 00:00:00 2001 From: Titoko Date: Wed, 12 Dec 2012 19:20:09 +0100 Subject: [PATCH 31/39] Bug Fix --- action_map.yml | 20 ++++++++++++-------- firewall.yml | 12 ++++-------- yunohost_firewall.py | 22 ++++++++++++++++++---- 3 files changed, 34 insertions(+), 20 deletions(-) diff --git a/action_map.yml b/action_map.yml index f92505f5..ed932990 100644 --- a/action_map.yml +++ b/action_map.yml @@ -407,6 +407,10 @@ firewall: ### firewall_list() list: action_help: List all firewall rules + + ### firewall_reload() + reload: + action_help: Reload all firewall rules ### firewall_allow() allow: @@ -420,10 +424,10 @@ firewall: - UDP - TCP - Both - -i: - full: --ipv6 - help: ipv6 - action: store_true + #-i: + # full: --ipv6 + # help: ipv6 + # action: store_true ### firewall_disallow() @@ -438,10 +442,10 @@ firewall: - UDP - TCP - Both - -i: - full: --ipv6 - help: ipv6 - action: store_true + #-i: + # full: --ipv6 + # help: ipv6 + # action: store_true ############################# diff --git a/firewall.yml b/firewall.yml index b726d24a..ff6ebc99 100644 --- a/firewall.yml +++ b/firewall.yml @@ -1,10 +1,6 @@ -# Ports to open -# - ipv4: - TCP: [22, 25, 53, 80, 443, 5222, 5269, 5280] - UDP: [53] - + TCP: [22, 25, 53, 80, 443, 5222, 5269, 5280] + UDP: [] ipv6: - TCP: [] - UDP: [] + TCP: [22] + UDP: [] diff --git a/yunohost_firewall.py b/yunohost_firewall.py index d5a31e5b..317e45e8 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -21,6 +21,7 @@ def firewall_allow(protocol=None,port=None,ip=None): if protocol == "Both": TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" + UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT" append_remove_port(port,'tcp','a',ip) append_remove_port(port,'udp','a',ip) @@ -120,15 +121,19 @@ def firewall_reload(): for i,port in enumerate (TCP_port_list_ipv4): os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") + print("Port "+str(port)+" on protocol TCP with ipv4 Open") for i,port in enumerate (UDP_port_list_ipv4): os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") + print("Port "+str(port)+" on protocol UDP with ipv4 Open") for i,port in enumerate (TCP_port_list_ipv6): os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") + print("Port "+str(port)+" on protocol TCP with ipv6 Open") for i,port in enumerate (UDP_port_list_ipv6): os.system ("ip6tables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") + print("Port "+str(port)+" on protocol UDP with ipv6 Open") os.system ("iptables -P INPUT DROP") os.system ("ip6tables -P INPUT DROP") @@ -139,16 +144,25 @@ def append_remove_port(port=None,protocol=None,mode=None,ip=None): ''' Append port in firewall.yml ''' + if ip == True: + ip = 'ipv6' + else: + ip = 'ipv4' + with open('firewall.yml','r') as f: firewall = yaml.load(f) - if mode == 'a': - if port not in firewall[ip][protocol]: + if int(port) not in firewall[ip][protocol]: firewall[ip][protocol].append(int(port)) + print("Port "+port+" on protocol "+protocol+" with "+ip+" Open") + else: + print("Port already open") else: - if port not in firewall[ip][protocol]: + if int(port) in firewall[ip][protocol]: firewall[ip][protocol].remove(int(port)) - + print("Port "+port+" on protocol "+protocol+" with "+ip+" Close") + else: + print("Port already close") firewall[ip][protocol].sort() f.close From 3fb7702a866d6642b91d7a93b7d5a868fe0cf95f Mon Sep 17 00:00:00 2001 From: titoko Date: Thu, 13 Dec 2012 10:29:53 +0100 Subject: [PATCH 32/39] Update yunohost_firewall.py Refactoring --- yunohost_firewall.py | 102 ++++++++++++++++--------------------------- 1 file changed, 37 insertions(+), 65 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 317e45e8..125f1074 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -11,8 +11,8 @@ except ImportError: -def firewall_allow(protocol=None,port=None,ip=None): - if ip == True: +def firewall_allow(protocol=None,port=None,ipv6=None): + if ipv6 == True: ip = 'ipv6' iptables="ip6tables" else: @@ -20,24 +20,25 @@ def firewall_allow(protocol=None,port=None,ip=None): iptables="iptables" if protocol == "Both": - TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" - + TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT" - append_remove_port(port,'tcp','a',ip) - append_remove_port(port,'udp','a',ip) + + update_yml(port,'tcp','a',ip) + update_yml(port,'udp','a',ip) + os.system(TCP_rule) os.system(UDP_rule) else: rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j ACCEPT" - append_remove_port(port,protocol,'a',ip) + update_yml(port,protocol,'a',ip) os.system(rule) -def firewall_disallow(protocol=None,port=None,ip=None): +def firewall_disallow(protocol=None,port=None,ipv6=None): - if ip == True: + if ipv6 == True: ip = 'ipv6' iptables="ip6tables" else: @@ -47,13 +48,16 @@ def firewall_disallow(protocol=None,port=None,ip=None): if protocol == "Both": TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT" UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j REJECT" - append_remove_port(port,'tcp','r',ip) - append_remove_port(port,'udp','r',ip) + + update_yml(port,'tcp','r',ip) + update_yml(port,'udp','r',ip) + os.system(TCP_rule) os.system(UDP_rule) + else: rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j REJECT" - append_remove_port(port,protocol,'r',ip) + update_yml(port,protocol,'r',ip) os.system(rule) @@ -64,27 +68,7 @@ def firewall_list(): ''' with open ('firewall.yml') as f: firewall = yaml.load(f) - TCP_port_list_ipv4 = firewall['ipv4']['TCP'] - UDP_port_list_ipv4 = firewall['ipv4']['UDP'] - TCP_port_list_ipv6 = firewall['ipv6']['TCP'] - UDP_port_list_ipv6 = firewall['ipv6']['UDP'] - print("Port TCP Open for ipv4:") - - for i,port in enumerate (TCP_port_list_ipv4): - print("-"+str(port)) - - print("Port UDP Open for ipv4 :") - for i,port in enumerate (UDP_port_list_ipv4): - print("-"+str(port)) - - print("Port TCP Open for ipv6:") - for i,port in enumerate (TCP_port_list_ipv6): - print("-"+str(port)) - - print("Port UDP Open for ipv6 :") - for i,port in enumerate (UDP_port_list_ipv6): - print("-"+str(port)) - f.close() + return firewall @@ -99,39 +83,32 @@ def firewall_reload(): with open('firewall.yml','r') as f: firewall = yaml.load(f) - TCP_port_list_ipv4 = firewall['ipv4']['TCP'] - UDP_port_list_ipv4 = firewall['ipv4']['UDP'] - - TCP_port_list_ipv6 = firewall['ipv6']['TCP'] - UDP_port_list_ipv6 = firewall['ipv6']['UDP'] - f.close() - os.system ("iptables -P INPUT ACCEPT") os.system ("iptables -F") os.system ("iptables -X") os.system ("iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") - append_remove_port('22','TCP','a',False) + update_yml('22','TCP','a',False) os.system ("ip6tables -P INPUT ACCEPT") os.system ("ip6tables -F") os.system ("ip6tables -X") os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") - append_remove_port('22','TCP','a',True) + update_yml('22','TCP','a',True) - for i,port in enumerate (TCP_port_list_ipv4): + for i,port in enumerate (firewall['ipv4']['TCP']): os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") print("Port "+str(port)+" on protocol TCP with ipv4 Open") - for i,port in enumerate (UDP_port_list_ipv4): + for i,port in enumerate (firewall['ipv4']['UDP']): os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") print("Port "+str(port)+" on protocol UDP with ipv4 Open") - for i,port in enumerate (TCP_port_list_ipv6): + for i,port in enumerate (firewall['ipv6']['TCP']): os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") print("Port "+str(port)+" on protocol TCP with ipv6 Open") - for i,port in enumerate (UDP_port_list_ipv6): + for i,port in enumerate (firewall['ipv6']['UDP']): os.system ("ip6tables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") print("Port "+str(port)+" on protocol UDP with ipv6 Open") @@ -140,36 +117,31 @@ def firewall_reload(): -def append_remove_port(port=None,protocol=None,mode=None,ip=None): +def update_yml(port=None,protocol=None,mode=None,ip=None): ''' Append port in firewall.yml ''' - if ip == True: - ip = 'ipv6' - else: - ip = 'ipv4' - + with open('firewall.yml','r') as f: firewall = yaml.load(f) - if mode == 'a': - if int(port) not in firewall[ip][protocol]: - firewall[ip][protocol].append(int(port)) - print("Port "+port+" on protocol "+protocol+" with "+ip+" Open") - else: - print("Port already open") + if mode == 'a': + if int(port) not in firewall[ip][protocol]: + firewall[ip][protocol].append(int(port)) + print("Port "+port+" on protocol "+protocol+" with "+ip+" Open") else: - if int(port) in firewall[ip][protocol]: - firewall[ip][protocol].remove(int(port)) - print("Port "+port+" on protocol "+protocol+" with "+ip+" Close") - else: - print("Port already close") + print("Port already open") + else: + if int(port) in firewall[ip][protocol]: + firewall[ip][protocol].remove(int(port)) + print("Port "+port+" on protocol "+protocol+" with "+ip+" Close") + else: + print("Port already close") firewall[ip][protocol].sort() - f.close os.system("mv firewall.yml firewall.yml.old") with open('firewall.yml','w') as f: yaml.dump(firewall,f) - f.close + From ebffda2ca364ef8aab0403f1a36287a9730818b0 Mon Sep 17 00:00:00 2001 From: titoko Date: Thu, 13 Dec 2012 10:38:37 +0100 Subject: [PATCH 33/39] Update yunohost_firewall.py Update comments --- yunohost_firewall.py | 49 ++++++++++++++++++++++++++++++++++---------- 1 file changed, 38 insertions(+), 11 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 125f1074..3dca6fe4 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -12,6 +12,15 @@ except ImportError: def firewall_allow(protocol=None,port=None,ipv6=None): + """ + Allow port in iptables + + Keyword arguments: + protocol + port + ipv6 + + """ if ipv6 == True: ip = 'ipv6' iptables="ip6tables" @@ -37,6 +46,15 @@ def firewall_allow(protocol=None,port=None,ipv6=None): def firewall_disallow(protocol=None,port=None,ipv6=None): + """ + Disallow port in iptables + + Keyword arguments: + protocol + port + ipv6 + + """ if ipv6 == True: ip = 'ipv6' @@ -63,9 +81,12 @@ def firewall_disallow(protocol=None,port=None,ipv6=None): def firewall_list(): - ''' - Parse and display firwall.yml - ''' + """ + Display list of allow port + + Keyword arguments: + None + """ with open ('firewall.yml') as f: firewall = yaml.load(f) return firewall @@ -74,11 +95,10 @@ def firewall_list(): def firewall_reload(): ''' - Clear filter IPTABLE's table - Allow SSH - Parse firewall.yml extract the list of port allowed - Allow all port in the list - Prohibit the rest + Reload iptables configuration + + Keyword arguments: + None ''' with open('firewall.yml','r') as f: firewall = yaml.load(f) @@ -118,9 +138,16 @@ def firewall_reload(): def update_yml(port=None,protocol=None,mode=None,ip=None): - ''' - Append port in firewall.yml - ''' + """ + Update firewall.yml + + Keyword arguments: + protocol + port + mode + ipv6 + + """ with open('firewall.yml','r') as f: firewall = yaml.load(f) From e415a269bd32302d3be7d16ac6df4449094cd3d1 Mon Sep 17 00:00:00 2001 From: titoko Date: Thu, 13 Dec 2012 10:52:25 +0100 Subject: [PATCH 34/39] Update firewall.yml update indentation --- firewall.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/firewall.yml b/firewall.yml index ff6ebc99..688c1da7 100644 --- a/firewall.yml +++ b/firewall.yml @@ -1,6 +1,6 @@ ipv4: - TCP: [22, 25, 53, 80, 443, 5222, 5269, 5280] - UDP: [] + TCP: [22, 25, 53, 80, 443, 5222, 5269, 5280] + UDP: [] ipv6: - TCP: [22] - UDP: [] + TCP: [22] + UDP: [] From 47232137e0424f05c4faff9cf548ca84a045597f Mon Sep 17 00:00:00 2001 From: titoko Date: Thu, 13 Dec 2012 10:55:10 +0100 Subject: [PATCH 35/39] Update action_map.yml update indentation --- action_map.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/action_map.yml b/action_map.yml index ed932990..d173c198 100644 --- a/action_map.yml +++ b/action_map.yml @@ -442,10 +442,10 @@ firewall: - UDP - TCP - Both - #-i: - # full: --ipv6 - # help: ipv6 - # action: store_true + -i: + full: --ipv6 + help: ipv6 + action: store_true ############################# From 89373e9c5bf4e49c527409a3a7afa8348fbdb096 Mon Sep 17 00:00:00 2001 From: titoko Date: Thu, 13 Dec 2012 10:58:49 +0100 Subject: [PATCH 36/39] Update yunohost_firewall.py Bug fix(call reload from web) --- yunohost_firewall.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 3dca6fe4..7369413e 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -118,22 +118,23 @@ def firewall_reload(): for i,port in enumerate (firewall['ipv4']['TCP']): os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") - print("Port "+str(port)+" on protocol TCP with ipv4 Open") + for i,port in enumerate (firewall['ipv4']['UDP']): os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") - print("Port "+str(port)+" on protocol UDP with ipv4 Open") + for i,port in enumerate (firewall['ipv6']['TCP']): os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") - print("Port "+str(port)+" on protocol TCP with ipv6 Open") + for i,port in enumerate (firewall['ipv6']['UDP']): os.system ("ip6tables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") - print("Port "+str(port)+" on protocol UDP with ipv6 Open") + os.system ("iptables -P INPUT DROP") os.system ("ip6tables -P INPUT DROP") + firewall_list() From d49edb2e4dc7d6bb1ff340e665e21d65238ed379 Mon Sep 17 00:00:00 2001 From: titoko Date: Thu, 13 Dec 2012 11:23:10 +0100 Subject: [PATCH 37/39] Update yunohost_firewall.py Update comment & return --- yunohost_firewall.py | 49 +++++++++++++++++++++++++++++++------------- 1 file changed, 35 insertions(+), 14 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 7369413e..6ca7bc37 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -16,9 +16,12 @@ def firewall_allow(protocol=None,port=None,ipv6=None): Allow port in iptables Keyword arguments: - protocol - port - ipv6 + protocol -- Protocol used + port -- Port to open + ipv6 -- Boolean ipv6 + + Return + Dict """ if ipv6 == True: @@ -42,6 +45,8 @@ def firewall_allow(protocol=None,port=None,ipv6=None): rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j ACCEPT" update_yml(port,protocol,'a',ip) os.system(rule) + + return firewall_list() @@ -50,9 +55,12 @@ def firewall_disallow(protocol=None,port=None,ipv6=None): Disallow port in iptables Keyword arguments: - protocol - port - ipv6 + protocol -- Protocol used + port -- Port to open + ipv6 -- Boolean ipv6 + + Return + Dict """ @@ -77,15 +85,21 @@ def firewall_disallow(protocol=None,port=None,ipv6=None): rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j REJECT" update_yml(port,protocol,'r',ip) os.system(rule) + + return firewall_list def firewall_list(): """ - Display list of allow port + Allow port in iptables Keyword arguments: - None + None + + Return + Dict + """ with open ('firewall.yml') as f: firewall = yaml.load(f) @@ -98,7 +112,10 @@ def firewall_reload(): Reload iptables configuration Keyword arguments: - None + None + + Return + Dict ''' with open('firewall.yml','r') as f: firewall = yaml.load(f) @@ -134,7 +151,8 @@ def firewall_reload(): os.system ("iptables -P INPUT DROP") os.system ("ip6tables -P INPUT DROP") - firewall_list() + + return firewall_list() @@ -143,10 +161,13 @@ def update_yml(port=None,protocol=None,mode=None,ip=None): Update firewall.yml Keyword arguments: - protocol - port - mode - ipv6 + protocol -- Protocol used + port -- Port to open + mode -- a=append r=remove + ipv6 -- Boolean ipv6 + + Return + None """ From 01e6c2d6d6321240fe549b6795fcf2601c7cf3ee Mon Sep 17 00:00:00 2001 From: titoko Date: Thu, 13 Dec 2012 11:25:47 +0100 Subject: [PATCH 38/39] Update yunohost_firewall.py --- yunohost_firewall.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/yunohost_firewall.py b/yunohost_firewall.py index 6ca7bc37..ba6daf33 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -45,7 +45,8 @@ def firewall_allow(protocol=None,port=None,ipv6=None): rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j ACCEPT" update_yml(port,protocol,'a',ip) os.system(rule) - + + win_msg(_("Port successfully openned")) return firewall_list() @@ -85,7 +86,7 @@ def firewall_disallow(protocol=None,port=None,ipv6=None): rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j REJECT" update_yml(port,protocol,'r',ip) os.system(rule) - + win_msg(_("Port successfully closed")) return firewall_list @@ -152,6 +153,7 @@ def firewall_reload(): os.system ("iptables -P INPUT DROP") os.system ("ip6tables -P INPUT DROP") + win_msg(_("Firewall successfully reloaded")) return firewall_list() From bca9f8217589b2e98a21dc2879a40da065226d0d Mon Sep 17 00:00:00 2001 From: titoko Date: Thu, 13 Dec 2012 11:36:09 +0100 Subject: [PATCH 39/39] Update action_map.yml ipv6 --- action_map.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/action_map.yml b/action_map.yml index d173c198..444881d2 100644 --- a/action_map.yml +++ b/action_map.yml @@ -424,10 +424,10 @@ firewall: - UDP - TCP - Both - #-i: - # full: --ipv6 - # help: ipv6 - # action: store_true + -i: + full: --ipv6 + help: ipv6 + action: store_true ### firewall_disallow()