YunoHost/moulinette
1
0
Fork 0
mirror of https://github.com/YunoHost/moulinette.git synced 2024-09-03 20:06:31 +02:00
Code Issues Projects Releases Packages Wiki Activity

Indentation

Browse source
This commit is contained in:
Titoko 2012-12-12 17:15:12 +01:00
parent e9299eb0f3
commit add6a388f4
1 changed files with 83 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

124
yunohost_firewall.py
View file

@ -10,21 +10,22 @@ except ImportError:
sys.exit(1) sys.exit(1)
def firewall_allow(protocol=None,port=None,ip=None): def firewall_allow(protocol=None,port=None,ip=None):
if ip == true: if ip == true:
ip = 'ipv6' ip = 'ipv6'
iptables="ip6tables" iptables="ip6tables"
else else:
ip = 'ipv4' ip = 'ipv4'
iptables="iptables" iptables="iptables"
if protocol == "Both": if protocol == "Both":
TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT"
UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT" UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT"
append_remove_port(port,'tcp','a',ip) append_remove_port(port,'tcp','a',ip)
append_remove_port(port,'udp','a',ip) append_remove_port(port,'udp','a',ip)
os.system(TCP_rule) os.system(TCP_rule)
os.system(UDP_rule) os.system(UDP_rule)
else: else:
rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j ACCEPT" rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j ACCEPT"
@ -32,12 +33,13 @@ def firewall_allow(protocol=None,port=None,ip=None):
os.system(rule) os.system(rule)
def firewall_disallow(protocol=None,port=None,ip=None): def firewall_disallow(protocol=None,port=None,ip=None):
if ip == true: if ip == true:
ip = 'ipv6' ip = 'ipv6'
else else:
ip = 'ipv4' ip = 'ipv4'
if protocol == "Both": if protocol == "Both":
TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT" TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT"
@ -52,52 +54,61 @@ def firewall_disallow(protocol=None,port=None,ip=None):
os.system(rule) os.system(rule)
def firewall_list(): def firewall_list():
''' '''
Parse and display firwall.yml Parse and display firwall.yml
''' '''
with open ('firewall.yml') as f: with open ('firewall.yml') as f:
firewall = yaml.load(f) firewall = yaml.load(f)
TCP_port_list_ipv4 = firewall['ipv4']['TCP'] TCP_port_list_ipv4 = firewall['ipv4']['TCP']
UDP_port_list_ipv4 = firewall['ipv4']['UDP'] UDP_port_list_ipv4 = firewall['ipv4']['UDP']
TCP_port_list_ipv6 = firewall['ipv6']['TCP'] TCP_port_list_ipv6 = firewall['ipv6']['TCP']
UDP_port_list_ipv6 = firewall['ipv6']['UDP'] UDP_port_list_ipv6 = firewall['ipv6']['UDP']
print("Port TCP Open for ipv4:") print("Port TCP Open for ipv4:")
for i,port in enumerate (TCP_port_list_ipv4): for i,port in enumerate (TCP_port_list_ipv4):
print("-"+str(port)) print("-"+str(port))
print("Port UDP Open for ipv4 :") print("Port UDP Open for ipv4 :")
for i,port in enumerate (UDP_port_list_ipv4): for i,port in enumerate (UDP_port_list_ipv4):
print("-"+str(port)) print("-"+str(port))
print("Port TCP Open for ipv6:")
print("Port TCP Open for ipv6:")
for i,port in enumerate (TCP_port_list_ipv6): for i,port in enumerate (TCP_port_list_ipv6):
print("-"+str(port)) print("-"+str(port))
print("Port UDP Open for ipv6 :") print("Port UDP Open for ipv6 :")
for i,port in enumerate (UDP_port_list_ipv6): for i,port in enumerate (UDP_port_list_ipv6):
print("-"+str(port)) print("-"+str(port))
f.close() f.close()
def firewall_reload(): def firewall_reload():
''' '''
Clear filter IPTABLE's table Clear filter IPTABLE's table
Allow SSH Allow SSH
Parse firewall.yml extract the list of port allowed Parse firewall.yml extract the list of port allowed
Allow all port in the list Allow all port in the list
Prohibit the rest Prohibit the rest
''' '''
with open('firewall.yml','r') as f: with open('firewall.yml','r') as f:
firewall = yaml.load(f) firewall = yaml.load(f)
TCP_port_list_ipv4 = firewall['ipv4']['TCP']
UDP_port_list_ipv4 = firewall['ipv4']['UDP'] TCP_port_list_ipv4 = firewall['ipv4']['TCP']
TCP_port_list_ipv6 = firewall['ipv6']['TCP'] UDP_port_list_ipv4 = firewall['ipv4']['UDP']
UDP_port_list_ipv6 = firewall['ipv6']['UDP']
f.close() TCP_port_list_ipv6 = firewall['ipv6']['TCP']
UDP_port_list_ipv6 = firewall['ipv6']['UDP']
f.close()
os.system ("iptables -P INPUT ACCEPT") os.system ("iptables -P INPUT ACCEPT")
os.system ("iptables -F") os.system ("iptables -F")
os.system ("iptables -X") os.system ("iptables -X")
os.system ("iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") os.system ("iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT")
os.system ("ip6tables -P INPUT ACCEPT")
os.system ("ip6tables -P INPUT ACCEPT")
os.system ("ip6tables -F") os.system ("ip6tables -F")
os.system ("ip6tables -X") os.system ("ip6tables -X")
os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT")
@ -108,28 +119,31 @@ def firewall_reload():
for i,port in enumerate (UDP_port_list_ipv4): for i,port in enumerate (UDP_port_list_ipv4):
os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT")
for i,port in enumerate (TCP_port_list_ipv6): for i,port in enumerate (TCP_port_list_ipv6):
os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT")
for i,port in enumerate (UDP_port_list_ipv6): for i,port in enumerate (UDP_port_list_ipv6):
os.system ("ip6tables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") os.system ("ip6tables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT")
os.system ("iptables -P INPUT DROP") os.system ("iptables -P INPUT DROP")
os.system ("ip6tables -P INPUT DROP") os.system ("ip6tables -P INPUT DROP")
def append_remove_port(port=None,protocol=None,mode=None,ip=None): def append_remove_port(port=None,protocol=None,mode=None,ip=None):
''' '''
Append port in firewall.yml Append port in firewall.yml
''' '''
with open('firewall.yml','r') as f: with open('firewall.yml','r') as f:
firewall = yaml.load(f) firewall = yaml.load(f)
if port not in firewall[ip][protocol]: if port not in firewall[ip][protocol]:
if mode == 'a': if mode == 'a':
firewall[ip][protocol].append(int(port)) firewall[ip][protocol].append(int(port))
else: else:
firewall[ip][protocol].remove(int(port)) firewall[ip][protocol].remove(int(port))
firewall[ip][protocol].sort() firewall[ip][protocol].sort()
f.close f.close
os.system("mv firewall.yml firewall.yml.old") os.system("mv firewall.yml firewall.yml.old")
with open('firewall.yml','w') as f: with open('firewall.yml','w') as f:
yaml.dump(firewall,f) yaml.dump(firewall,f)