YunoHost/moulinette
1
0
Fork 0
mirror of https://github.com/YunoHost/moulinette.git synced 2024-09-03 20:06:31 +02:00
Code Issues Projects Releases Packages Wiki Activity

Bug Fix

Browse source
This commit is contained in:
Titoko 2012-12-12 17:53:08 +01:00
parent 12b6657d95
commit a94a1a143f
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
yunohost_firewall.py
View file

@ -12,7 +12,7 @@ except ImportError:
def firewall_allow(protocol=None,port=None,ip=None): def firewall_allow(protocol=None,port=None,ip=None):
if ip == true: if ip == True:
ip = 'ipv6' ip = 'ipv6'
iptables="ip6tables" iptables="ip6tables"
else: else:
@ -36,10 +36,12 @@ def firewall_allow(protocol=None,port=None,ip=None):
def firewall_disallow(protocol=None,port=None,ip=None): def firewall_disallow(protocol=None,port=None,ip=None):
if ip == true: if ip == True:
ip = 'ipv6' ip = 'ipv6'
iptables="ip6tables"
else: else:
ip = 'ipv4' ip = 'ipv4'
iptables="ip6tables"
if protocol == "Both": if protocol == "Both":
TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT" TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT"
@ -107,11 +109,14 @@ def firewall_reload():
os.system ("iptables -F") os.system ("iptables -F")
os.system ("iptables -X") os.system ("iptables -X")
os.system ("iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") os.system ("iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT")
append_remove_port('22','TCP','a',False)
os.system ("ip6tables -P INPUT ACCEPT") os.system ("ip6tables -P INPUT ACCEPT")
os.system ("ip6tables -F") os.system ("ip6tables -F")
os.system ("ip6tables -X") os.system ("ip6tables -X")
os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT")
append_remove_port('22','TCP','a',True)
for i,port in enumerate (TCP_port_list_ipv4): for i,port in enumerate (TCP_port_list_ipv4):
os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT")