diff --git a/yunohost.py b/yunohost.py index faa6a634..27eea0b8 100644 --- a/yunohost.py +++ b/yunohost.py @@ -45,10 +45,10 @@ def pretty_print_dict(d, depth=0): elif isinstance(v, list): print((" ") * depth + ("%s: " % k)) for value in v: - print((" ") * (depth+1) + "- " + value) + print((" ") * (depth+1) + "- " +str(value)) else: - print((" ") * depth + "%s: %s" % (k, v)) - + print((" ") * depth + "%s: %s" % (k, str(v))) + def win_msg(astr): """ Display a success message if isatty diff --git a/yunohost_firewall.py b/yunohost_firewall.py index ba6daf33..c5d792ea 100644 --- a/yunohost_firewall.py +++ b/yunohost_firewall.py @@ -8,99 +8,77 @@ except ImportError: sys.stderr.write('Error: Yunohost CLI Require yaml lib\n') sys.stderr.write('apt-get install python-yaml\n') sys.exit(1) +from yunohost import YunoHostError, win_msg def firewall_allow(protocol=None,port=None,ipv6=None): """ Allow port in iptables - + Keyword arguments: protocol -- Protocol used port -- Port to open ipv6 -- Boolean ipv6 - + Return Dict - + """ - if ipv6 == True: - ip = 'ipv6' - iptables="ip6tables" - else: - ip = 'ipv4' - iptables="iptables" + port=int(port) + if port<65536 and port>0: + if protocol == "Both": + update_yml(port,'TCP','a',ipv6) + update_yml(port,'UDP','a',ipv6) - if protocol == "Both": - TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT" - UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT" - - update_yml(port,'tcp','a',ip) - update_yml(port,'udp','a',ip) - - os.system(TCP_rule) - os.system(UDP_rule) + else: + update_yml(port,protocol,'a',ipv6) + + win_msg(_("Port successfully openned")) else: - rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j ACCEPT" - update_yml(port,protocol,'a',ip) - os.system(rule) - - win_msg(_("Port successfully openned")) - return firewall_list() + raise YunoHostError(22,_("Port not between 1 and 65535 : ")+str(port)) + + return firewall_reload() def firewall_disallow(protocol=None,port=None,ipv6=None): """ Disallow port in iptables - + Keyword arguments: protocol -- Protocol used port -- Port to open ipv6 -- Boolean ipv6 - + Return Dict - + """ - if ipv6 == True: - ip = 'ipv6' - iptables="ip6tables" + port=int(port) + if protocol == "Both": + update_yml(port,'TCP','r',ipv6) + update_yml(port,'UDP','r',ipv6) else: - ip = 'ipv4' - iptables="ip6tables" - - if protocol == "Both": - TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT" - UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j REJECT" - - update_yml(port,'tcp','r',ip) - update_yml(port,'udp','r',ip) - - os.system(TCP_rule) - os.system(UDP_rule) - - else: - rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j REJECT" - update_yml(port,protocol,'r',ip) - os.system(rule) + update_yml(port,protocol,'r',ipv6) win_msg(_("Port successfully closed")) - return firewall_list + + return firewall_reload() def firewall_list(): """ Allow port in iptables - + Keyword arguments: None - + Return Dict - + """ with open ('firewall.yml') as f: firewall = yaml.load(f) @@ -111,10 +89,10 @@ def firewall_list(): def firewall_reload(): ''' Reload iptables configuration - + Keyword arguments: - None - + None + Return Dict ''' @@ -124,75 +102,78 @@ def firewall_reload(): os.system ("iptables -P INPUT ACCEPT") os.system ("iptables -F") os.system ("iptables -X") - os.system ("iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") - update_yml('22','TCP','a',False) + if 22 not in firewall['ipv4']['TCP']: + update_yml(22,'TCP','a',False) os.system ("ip6tables -P INPUT ACCEPT") os.system ("ip6tables -F") os.system ("ip6tables -X") - os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT") - update_yml('22','TCP','a',True) + if 22 not in firewall['ipv6']['TCP']: + update_yml(22,'TCP','a',True) for i,port in enumerate (firewall['ipv4']['TCP']): os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") - + for i,port in enumerate (firewall['ipv4']['UDP']): os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") - + for i,port in enumerate (firewall['ipv6']['TCP']): os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT") - + for i,port in enumerate (firewall['ipv6']['UDP']): os.system ("ip6tables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT") - + os.system ("iptables -P INPUT DROP") os.system ("ip6tables -P INPUT DROP") - + win_msg(_("Firewall successfully reloaded")) + return firewall_list() -def update_yml(port=None,protocol=None,mode=None,ip=None): - """ +def update_yml(port=None,protocol=None,mode=None,ipv6=None): + """ Update firewall.yml - Keyword arguments: protocol -- Protocol used - port -- Port to open + port -- Port to open mode -- a=append r=remove - ipv6 -- Boolean ipv6 - + ipv6 -- Boolean ipv6 + Return None - """ - + if ipv6: + ip = 'ipv6' + else: + ip = 'ipv4' + with open('firewall.yml','r') as f: firewall = yaml.load(f) + if mode == 'a': - if int(port) not in firewall[ip][protocol]: - firewall[ip][protocol].append(int(port)) - print("Port "+port+" on protocol "+protocol+" with "+ip+" Open") + if port not in firewall[ip][protocol]: + firewall[ip][protocol].append(port) + else: - print("Port already open") + raise YunoHostError(22,_("Port already openned :")+str(port)) + else: - if int(port) in firewall[ip][protocol]: - firewall[ip][protocol].remove(int(port)) - print("Port "+port+" on protocol "+protocol+" with "+ip+" Close") + if port in firewall[ip][protocol]: + firewall[ip][protocol].remove(port) + else: - print("Port already close") + raise YunoHostError(22,_("Port already closed :")+str(port)) + firewall[ip][protocol].sort() os.system("mv firewall.yml firewall.yml.old") + with open('firewall.yml','w') as f: yaml.dump(firewall,f) - - - -