YunoHost/moulinette
1
0
Fork 0
mirror of https://github.com/YunoHost/moulinette.git synced 2024-09-03 20:06:31 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #10 from titoko/dev

Browse source 
Iptables
This commit is contained in:
Alexis Gavoty 2012-12-19 09:33:47 -08:00
commit bb4a1065fe
2 changed files with 67 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
yunohost.py
View file

@ -45,10 +45,10 @@ def pretty_print_dict(d, depth=0):
elif isinstance(v, list):
print((" ") * depth + ("%s: " % k))
for value in v:
print((" ") * (depth+1) + "- " + value)
print((" ") * (depth+1) + "- " +str(value))
else:
print((" ") * depth + "%s: %s" % (k, v))
print((" ") * depth + "%s: %s" % (k, str(v)))
def win_msg(astr):
"""
Display a success message if isatty

147
yunohost_firewall.py
View file

@ -8,99 +8,77 @@ except ImportError:
sys.stderr.write('Error: Yunohost CLI Require yaml lib\n')
sys.stderr.write('apt-get install python-yaml\n')
sys.exit(1)
from yunohost import YunoHostError, win_msg
def firewall_allow(protocol=None,port=None,ipv6=None):
"""
Allow port in iptables
Keyword arguments:
protocol -- Protocol used
port -- Port to open
ipv6 -- Boolean ipv6
Return
Dict
"""
if ipv6 == True:
ip = 'ipv6'
iptables="ip6tables"
else:
ip = 'ipv4'
iptables="iptables"
port=int(port)
if port<65536 and port>0:
if protocol == "Both":
update_yml(port,'TCP','a',ipv6)
update_yml(port,'UDP','a',ipv6)
if protocol == "Both":
TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT"
UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT"
update_yml(port,'tcp','a',ip)
update_yml(port,'udp','a',ip)
os.system(TCP_rule)
os.system(UDP_rule)
else:
update_yml(port,protocol,'a',ipv6)
win_msg(_("Port successfully openned"))
else:
rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j ACCEPT"
update_yml(port,protocol,'a',ip)
os.system(rule)
win_msg(_("Port successfully openned"))
return firewall_list()
raise YunoHostError(22,_("Port not between 1 and 65535 : ")+str(port))
return firewall_reload()
def firewall_disallow(protocol=None,port=None,ipv6=None):
"""
Disallow port in iptables
Keyword arguments:
protocol -- Protocol used
port -- Port to open
ipv6 -- Boolean ipv6
Return
Dict
"""
if ipv6 == True:
ip = 'ipv6'
iptables="ip6tables"
port=int(port)
if protocol == "Both":
update_yml(port,'TCP','r',ipv6)
update_yml(port,'UDP','r',ipv6)
else:
ip = 'ipv4'
iptables="ip6tables"
if protocol == "Both":
TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT"
UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j REJECT"
update_yml(port,'tcp','r',ip)
update_yml(port,'udp','r',ip)
os.system(TCP_rule)
os.system(UDP_rule)
else:
rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j REJECT"
update_yml(port,protocol,'r',ip)
os.system(rule)
update_yml(port,protocol,'r',ipv6)
win_msg(_("Port successfully closed"))
return firewall_list
return firewall_reload()
def firewall_list():
"""
Allow port in iptables
Keyword arguments:
None
Return
Dict
"""
with open ('firewall.yml') as f:
firewall = yaml.load(f)
@ -111,10 +89,10 @@ def firewall_list():
def firewall_reload():
'''
Reload iptables configuration
Keyword arguments:
None
None
Return
Dict
'''
@ -124,75 +102,78 @@ def firewall_reload():
os.system ("iptables -P INPUT ACCEPT")
os.system ("iptables -F")
os.system ("iptables -X")
os.system ("iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT")
update_yml('22','TCP','a',False)
if 22 not in firewall['ipv4']['TCP']:
update_yml(22,'TCP','a',False)
os.system ("ip6tables -P INPUT ACCEPT")
os.system ("ip6tables -F")
os.system ("ip6tables -X")
os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT")
update_yml('22','TCP','a',True)
if 22 not in firewall['ipv6']['TCP']:
update_yml(22,'TCP','a',True)
for i,port in enumerate (firewall['ipv4']['TCP']):
os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT")
for i,port in enumerate (firewall['ipv4']['UDP']):
os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT")
for i,port in enumerate (firewall['ipv6']['TCP']):
os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT")
for i,port in enumerate (firewall['ipv6']['UDP']):
os.system ("ip6tables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT")
os.system ("iptables -P INPUT DROP")
os.system ("ip6tables -P INPUT DROP")
win_msg(_("Firewall successfully reloaded"))
return firewall_list()
def update_yml(port=None,protocol=None,mode=None,ip=None):
"""
def update_yml(port=None,protocol=None,mode=None,ipv6=None):
"""
Update firewall.yml
Keyword arguments:
protocol -- Protocol used
port -- Port to open
port -- Port to open
mode -- a=append r=remove
ipv6 -- Boolean ipv6
ipv6 -- Boolean ipv6
Return
None
"""
if ipv6:
ip = 'ipv6'
else:
ip = 'ipv4'
with open('firewall.yml','r') as f:
firewall = yaml.load(f)
if mode == 'a':
if int(port) not in firewall[ip][protocol]:
firewall[ip][protocol].append(int(port))
print("Port "+port+" on protocol "+protocol+" with "+ip+" Open")
if port not in firewall[ip][protocol]:
firewall[ip][protocol].append(port)
else:
print("Port already open")
raise YunoHostError(22,_("Port already openned :")+str(port))
else:
if int(port) in firewall[ip][protocol]:
firewall[ip][protocol].remove(int(port))
print("Port "+port+" on protocol "+protocol+" with "+ip+" Close")
if port in firewall[ip][protocol]:
firewall[ip][protocol].remove(port)
else:
print("Port already close")
raise YunoHostError(22,_("Port already closed :")+str(port))
firewall[ip][protocol].sort()
os.system("mv firewall.yml firewall.yml.old")
with open('firewall.yml','w') as f:
yaml.dump(firewall,f)