YunoHost/moulinette
1
0
Fork 0
mirror of https://github.com/YunoHost/moulinette.git synced 2024-09-03 20:06:31 +02:00
Code Issues Projects Releases Packages Wiki Activity

[fix] multiple fixes

Browse source
This commit is contained in:
kload 2014-04-27 12:25:18 +00:00
parent 22df4dc4af
commit 980e3d5f11
4 changed files with 96 additions and 104 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

64
data/actionsmap/yunohost.yml
View file

@ -774,16 +774,17 @@ firewall:
list: list:
action_help: List all firewall rules action_help: List all firewall rules
api: GET /firewall/list api: GET /firewall/list
arguments:
-r:
full: --raw
help: Return the complete YAML dict
action: store_true
### firewall_reload() ### firewall_reload()
reload: reload:
action_help: Reload all firewall rules action_help: Reload all firewall rules
api: PUT /firewall/list api: PUT /firewall/list
arguments:
-u:
full: --upnp
help: upnp
action: store_true
### firewall_allow() ### firewall_allow()
allow: allow:
action_help: Allow connection port/protocol action_help: Allow connection port/protocol
@ -801,12 +802,12 @@ firewall:
- UDP - UDP
- TCP - TCP
- Both - Both
-i: - []
full: --ipv6 nargs: "*"
help: ipv6 default: TCP
--ipv6:
action: store_true action: store_true
--no-upnp: --no-upnp:
help: upnp
action: store_true action: store_true
@ -816,34 +817,36 @@ firewall:
api: DELETE /firewall/port api: DELETE /firewall/port
arguments: arguments:
port: port:
help: Port to open help: Port to close
extra:
pattern:
- '^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$'
- "Must be a valid port number (i.e. 0-65535)"
protocol: protocol:
help: Protocol associated with port help: Protocol associated with port
choices: choices:
- UDP - UDP
- TCP - TCP
- Both - Both
-i: - []
full: --ipv6 nargs: "*"
help: ipv6 default: TCP
action: store_true --ipv6:
-u:
full: --upnp
help: upnp
action: store_true action: store_true
### firewall_installupnp() ### firewall_upnp()
installupnp: upnp:
action_help: Add upnp cron action_help: Add uPnP cron and enable uPnP in firewall.yml, or the opposite.
api: POST /firewall/upnp api: GET /firewall/upnp
arguments:
action:
### firewall_removeupnp() help: enable/disable
removeupnp: choices:
action_help: Remove upnp cron - enable
api: DELETE /firewall/upnp - disable
- []
nargs: "*"
### firewall_stop() ### firewall_stop()
stop: stop:
@ -851,11 +854,6 @@ firewall:
api: DELETE /firewall api: DELETE /firewall
### firewall_checkupnp()
checkupnp:
action_help: check if UPNP is install or not (0 yes 1 no)
api: GET /firewall/upnp
############################# #############################
# DynDNS # # DynDNS #

2
lib/yunohost/app.py
View file

@ -253,7 +253,7 @@ def app_map(app=None, raw=False, user=None):
return result return result
def app_upgrade(app, url=None, file=None): def app_upgrade(auth, app, url=None, file=None):
""" """
Upgrade app Upgrade app

4
lib/yunohost/data/firewall.yml
View file

@ -1,5 +1,5 @@
UPNP: uPnP:
enabled: true enabled: false
TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5290] TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5290]
UDP: [53] UDP: [53]
ipv4: ipv4:

118
lib/yunohost/firewall.py
View file

@ -97,8 +97,8 @@ def firewall_disallow(port=None, protocol='TCP', ipv6=False):
protocols = ['UDP', 'TCP'] protocols = ['UDP', 'TCP']
for protocol in protocols: for protocol in protocols:
if port in firewall['uPnP']['ports'][protocol]: if port in firewall['uPnP'][protocol]:
firewall['uPnP']['ports'][protocol].remove(port) firewall['uPnP'][protocol].remove(port)
if port in firewall[ipv][protocol]: if port in firewall[ipv][protocol]:
firewall[ipv][protocol].remove(port) firewall[ipv][protocol].remove(port)
else: else:
@ -124,7 +124,7 @@ def firewall_list(raw=False):
if raw: if raw:
return firewall return firewall
else: else:
return firewall['ipv4'] return { "openned_ports": firewall['ipv4']['TCP'] }
def firewall_reload(): def firewall_reload():
@ -139,17 +139,19 @@ def firewall_reload():
upnp = firewall['uPnP']['enabled'] upnp = firewall['uPnP']['enabled']
# IPv4 # IPv4
os.system("iptables -P INPUT ACCEPT") if os.system("iptables -P INPUT ACCEPT") != 0:
raise MoulinetteError(1, _("You cannot play with iptables here. You are either in a container or your kernel does not support it."))
if upnp: if upnp:
try: try:
upnpc = miniupnpc.UPnP() upnpc = miniupnpc.UPnP()
upnpc.discoverdelay = 200 upnpc.discoverdelay = 200
if upnpc.discover() == 1: if upnpc.discover() == 1:
upnpc.selectigd() upnpc.selectigd()
for port in firewall['uPnP']['TCP']: for protocol in ['TCP', 'UDP']:
upnpc.addportmapping(port, 'TCP', upnpc.lanaddr, port, 'yunohost firewall : port %d' % port, '') if upnpc.getspecificportmapping(port, protocol):
for port in firewall['uPnP']['UDP']: try: upnpc.deleteportmapping(port, protocol)
upnpc.addportmapping(port, 'UDP', upnpc.lanaddr, port, 'yunohost firewall : port %d' % port, '') except: pass
upnpc.addportmapping(port, protocol, upnpc.lanaddr, port, 'yunohost firewall : port %d' % port, '')
else: else:
raise MoulinetteError(1, _("No uPnP device found")) raise MoulinetteError(1, _("No uPnP device found"))
except: except:
@ -163,12 +165,11 @@ def firewall_reload():
firewall_allow(22) firewall_allow(22)
# Loop # Loop
for port in firewall['ipv4']['TCP']: for protocol in ['TCP', 'UDP']:
os.system("iptables -A INPUT -p TCP --dport %d -j ACCEPT" % port) for port in firewall['ipv4'][protocol]:
for port in firewall['ipv4']['UDP']: os.system("iptables -A INPUT -p %s --dport %d -j ACCEPT" % (protocol, port))
os.system("iptables -A INPUT -p UDP --dport %d -j ACCEPT" % port)
hook_callback('post_iptable_rules', [upnp, ipv6]) hook_callback('post_iptable_rules', [upnp, os.path.exists("/proc/net/if_inet6")])
os.system("iptables -A INPUT -i lo -j ACCEPT") os.system("iptables -A INPUT -i lo -j ACCEPT")
os.system("iptables -A INPUT -p icmp -j ACCEPT") os.system("iptables -A INPUT -p icmp -j ACCEPT")
@ -185,10 +186,9 @@ def firewall_reload():
firewall_allow(22, ipv6=True) firewall_allow(22, ipv6=True)
# Loop v6 # Loop v6
for port in firewall['ipv6']['TCP']: for protocol in ['TCP', 'UDP']:
os.system("ip6tables -A INPUT -p TCP --dport %d -j ACCEPT" % port) for port in firewall['ipv6'][protocol]:
for port in firewall['ipv6']['UDP']: os.system("ip6tables -A INPUT -p %s --dport %d -j ACCEPT" % (protocol, port))
os.system("ip6tables -A INPUT -p UDP --dport %d -j ACCEPT" % port)
os.system("ip6tables -A INPUT -i lo -j ACCEPT") os.system("ip6tables -A INPUT -i lo -j ACCEPT")
os.system("ip6tables -A INPUT -p icmpv6 -j ACCEPT") os.system("ip6tables -A INPUT -p icmpv6 -j ACCEPT")
@ -200,65 +200,55 @@ def firewall_reload():
return firewall_list() return firewall_list()
def firewall_upnp(action='enable'): def firewall_upnp(action=None):
""" """
Add upnp cron and enable Add uPnP cron and enable uPnP in firewall.yml, or the opposite.
Keyword argument:
action -- enable/disable
""" """
with open('/etc/yunohost/firewall.yml', 'r') as f: firewall = firewall_list(raw=True)
firewall = yaml.load(f)
firewall['UPNP']['cron'] = True if action:
action = action[0]
os.system("touch /etc/cron.d/yunohost-firewall") if action == 'enable':
os.system("echo '*/50 * * * * root yunohost firewall reload -u --no-ldap >>/dev/null'>/etc/cron.d/yunohost-firewall") firewall['uPnP']['enabled'] = True
msignals.display(_("UPNP cron installed"), 'success')
os.system("mv /etc/yunohost/firewall.yml /etc/yunohost/firewall.yml.old") with open('/etc/cron.d/yunohost-firewall', 'w+') as f:
f.write('*/50 * * * * root PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin yunohost firewall reload >>/dev/null')
with open('/etc/yunohost/firewall.yml', 'w') as f: msignals.display(_("uPnP successfully enabled"), 'success')
yaml.dump(firewall, f)
if action == 'disable':
def firewall_removeupnp(): firewall['uPnP']['enabled'] = False
"""
Remove upnp cron
"""
with open('/etc/yunohost/firewall.yml', 'r') as f:
firewall = yaml.load(f)
firewall['UPNP']['cron'] = False
try: try:
os.remove("/etc/cron.d/yunohost-firewall") upnpc = miniupnpc.UPnP()
except: upnpc.discoverdelay = 200
raise MoulinetteError(167, _("UPNP cron was not installed!")) if upnpc.discover() == 1:
upnpc.selectigd()
for protocol in ['TCP', 'UDP']:
for port in firewall['uPnP'][protocol]:
if upnpc.getspecificportmapping(port, protocol):
try: upnpc.deleteportmapping(port, protocol)
except: pass
except: pass
msignals.display(_("UPNP cron removed"), 'success')
os.system("mv /etc/yunohost/firewall.yml /etc/yunohost/firewall.yml.old") try: os.remove('/etc/cron.d/yunohost-firewall')
except: pass
msignals.display(_("uPnP successfully disabled"), 'success')
if action:
os.system("cp /etc/yunohost/firewall.yml /etc/yunohost/firewall.yml.old")
with open('/etc/yunohost/firewall.yml', 'w') as f: with open('/etc/yunohost/firewall.yml', 'w') as f:
yaml.dump(firewall, f) yaml.safe_dump(firewall, f, default_flow_style=False)
return { "enabled": firewall['uPnP']['enabled'] }
def firewall_checkupnp():
"""
check if UPNP is install or not (0 yes 1 no)
"""
with open('/etc/yunohost/firewall.yml', 'r') as f:
firewall = yaml.load(f)
if firewall['UPNP']['cron']:
msignals.display(_("UPNP is activated"), 'success')
else:
raise MoulinetteError(167, _("UPNP not activated!"))
def firewall_stop(): def firewall_stop():
@ -268,12 +258,16 @@ def firewall_stop():
""" """
os.system("iptables -P INPUT ACCEPT") if os.system("iptables -P INPUT ACCEPT") != 0:
raise MoulinetteError(1, _("You cannot play with iptables here. You are either in a container or your kernel does not support it."))
os.system("iptables -F") os.system("iptables -F")
os.system("iptables -X") os.system("iptables -X")
if os.path.exists("/proc/net/if_inet6"):
os.system("ip6tables -P INPUT ACCEPT") os.system("ip6tables -P INPUT ACCEPT")
os.system("ip6tables -F") os.system("ip6tables -F")
os.system("ip6tables -X") os.system("ip6tables -X")
if(os.path.exists("/etc/cron.d/yunohost-firewall")):
firewall_removeupnp() if os.path.exists("/etc/cron.d/yunohost-firewall"):
firewall_upnp('disable')