diff --git a/yunohost_firewall.py b/yunohost_firewall.py index f8a792d3..209d3fe0 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -14,7 +14,7 @@ from yunohost import YunoHostError, win_msg -def firewall_allow(protocol=None,port=None,ipv6=None): +def firewall_allow(protocol=None,port=None,ipv6=None,upnp=None): """ Allow port in iptables @@ -22,7 +22,8 @@ def firewall_allow(protocol=None,port=None,ipv6=None): protocol -- Protocol used port -- Port to open ipv6 -- Boolean ipv6 - + upnp --Boolean upnp + Return Dict @@ -41,11 +42,11 @@ def firewall_allow(protocol=None,port=None,ipv6=None): else: raise YunoHostError(22,_("Port not between 1 and 65535 : ")+str(port)) - return firewall_reload() + return firewall_reload(upnp) -def firewall_disallow(protocol=None,port=None,ipv6=None): +def firewall_disallow(protocol=None,port=None,ipv6=None,upnp=None): """ Disallow port in iptables @@ -53,6 +54,7 @@ def firewall_disallow(protocol=None,port=None,ipv6=None): protocol -- Protocol used port -- Port to open ipv6 -- Boolean ipv6 + upnp --Boolan upnp Return Dict @@ -67,7 +69,7 @@ def firewall_disallow(protocol=None,port=None,ipv6=None): update_yml(port,protocol,'r',ipv6) win_msg(_("Port successfully closed")) - return firewall_reload() + return firewall_reload(upnp) @@ -88,12 +90,12 @@ def firewall_list(): -def firewall_reload(): +def firewall_reload(upnp=None): ''' Reload iptables configuration Keyword arguments: - None + upnp --Boolean upnp Return Dict @@ -111,56 +113,57 @@ def firewall_reload(): os.system ("ip6tables -P INPUT ACCEPT") os.system ("ip6tables -F") os.system ("ip6tables -X") - - u=miniupnpc.UPnP() - u.discoverdelay=200 - - if u.discover()==0: - igd=False - win_msg(_("No igd devices found, you'll need to manually open port on your router")) - else: - u.selectigd() + if upnp: + upnp=miniupnpc.UPnP() + upnp.discoverdelay=200 + nbigd= upnp.discover() + if nbigd: + try: + upnp.selectigd() + except: + raise YunoHostError(167,_("No upnp devices found")) + else: + raise YunoHostError(22,_("Can't connect to the igd device")) igd=True # list the redirections : i = 0 - while True: - p = u.getgenericportmapping(i) + for i in (0,100): + p = upnp.getgenericportmapping(i) if p==None: break - (port, proto, (ihost,iport), desc, c, d, e) = p - u.deleteportmapping(port,proto); - #print port, desc - i = i + 1 - + port=p[0] + proto=p[1] + upnp.deleteportmapping(port,proto); + i += 1 + print("plop") if 22 not in firewall['ipv6']['TCP']: update_yml(22,'TCP','a',True) for i,port in enumerate (firewall['ipv4']['TCP']): os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") - if igd: - u.addportmapping(port,'TCP',u.lanaddr,port,'UPnP IGD Tester port %u' % port, '') + if upnp: + add_portmapping(port,'TCP',upnp) for i,port in enumerate (firewall['ipv4']['UDP']): os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") - if igd: - u.addportmapping(port,'UDP',u.lanaddr,port,'UPnP IGD Tester port %u' % port, '') + if upnp: + add_portmapping(port,'UDP',upnp) for i,port in enumerate (firewall['ipv6']['TCP']): os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") - if igd: - u.addportmapping(port,'TCP',u.lanaddr,port,'UPnP IGD Tester port %u' % port, '') + if upnp: + add_portmapping(port,'TCP',upnp) for i,port in enumerate (firewall['ipv6']['UDP']): os.system ("ip6tables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") - if igd: - u.addportmapping(port,'UDP',u.lanaddr,port,'UPnP IGD Tester port %u' % port, '') - + if upnp: + add_portmapping(port,'UDP',upnp) os.system ("iptables -P INPUT DROP") @@ -212,3 +215,16 @@ def update_yml(port=None,protocol=None,mode=None,ipv6=None): with open('firewall.yml','w') as f: yaml.dump(firewall,f) + +def add_portmapping(port=None,protocol=None,upnp=None): + """ + Send a port mapping rules to igd device + Keyword arguments: + protocol -- Protocol used + port -- Port to open + + Return + None + """ + upnp.addportmapping(port,protocol,upnp.lanaddr,port,'UPnP IGD Tester port %u' % port, '') +