From ad223a6373e8ca4cdb51df81a81100503380daf0 Mon Sep 17 00:00:00 2001
From: titoko <titoko@myko-serveur.fr>
Date: Tue, 18 Dec 2012 00:28:03 +0100
Subject: [PATCH 1/7] error handling
---
yunohost_firewall.py | 106 +++++++++++++++++++------------------------
1 file changed, 46 insertions(+), 60 deletions(-)
diff --git a/yunohost_firewall.py b/yunohost_firewall.py
index ba6daf33..378d0334 100644
--- a/yunohost_firewall.py
+++ b/yunohost_firewall.py
@@ -8,6 +8,7 @@ except ImportError:
sys.stderr.write('Error: Yunohost CLI Require yaml lib\n')
sys.stderr.write('apt-get install python-yaml\n')
sys.exit(1)
+from yunohost import YunoHostError, win_msg
@@ -24,30 +25,22 @@ def firewall_allow(protocol=None,port=None,ipv6=None):
Dict
"""
- if ipv6 == True:
- ip = 'ipv6'
- iptables="ip6tables"
- else:
- ip = 'ipv4'
- iptables="iptables"
+ if int(port)<65536 and int(port)>0:
+ if protocol == "Both":
- if protocol == "Both":
- TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j ACCEPT"
- UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j ACCEPT"
-
- update_yml(port,'tcp','a',ip)
- update_yml(port,'udp','a',ip)
-
- os.system(TCP_rule)
- os.system(UDP_rule)
+ update_yml(port,'tcp','a',ipv6)
+ update_yml(port,'udp','a',ipv6)
- else:
- rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j ACCEPT"
- update_yml(port,protocol,'a',ip)
- os.system(rule)
-
- win_msg(_("Port successfully openned"))
- return firewall_list()
+ else:
+
+ update_yml(port,protocol,'a',ipv6)
+
+ win_msg(_("Port successfully openned"))
+ else:
+ raise YunoHostError(22,_("Port not between 1 and 65535 : ")+port)
+
+ firewall_reload()
+ return firewall_list()
@@ -65,28 +58,14 @@ def firewall_disallow(protocol=None,port=None,ipv6=None):
"""
- if ipv6 == True:
- ip = 'ipv6'
- iptables="ip6tables"
+ if protocol == "Both":
+ update_yml(port,'tcp','r',ipv6)
+ update_yml(port,'udp','r',ipv6)
else:
- ip = 'ipv4'
- iptables="ip6tables"
-
- if protocol == "Both":
- TCP_rule = iptables+" -A INPUT -p tcp -i eth0 --dport "+ port +" -j REJECT"
- UDP_rule = iptables+" -A INPUT -p udp -i eth0 --dport "+ port +" -j REJECT"
-
- update_yml(port,'tcp','r',ip)
- update_yml(port,'udp','r',ip)
-
- os.system(TCP_rule)
- os.system(UDP_rule)
-
- else:
- rule = iptables+" -A INPUT -p "+ protocol +" -i eth0 --dport "+ port +" -j REJECT"
- update_yml(port,protocol,'r',ip)
- os.system(rule)
+ update_yml(port,protocol,'r',ipv6)
win_msg(_("Port successfully closed"))
+
+ firewall_reload()
return firewall_list
@@ -111,10 +90,10 @@ def firewall_list():
def firewall_reload():
'''
Reload iptables configuration
-
+
Keyword arguments:
- None
-
+ None
+
Return
Dict
'''
@@ -124,15 +103,15 @@ def firewall_reload():
os.system ("iptables -P INPUT ACCEPT")
os.system ("iptables -F")
os.system ("iptables -X")
- os.system ("iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT")
- update_yml('22','TCP','a',False)
+ if '22' not in firewall['ipv4']['TCP']:
+ update_yml('22','TCP','a',False)
os.system ("ip6tables -P INPUT ACCEPT")
os.system ("ip6tables -F")
os.system ("ip6tables -X")
- os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT")
- update_yml('22','TCP','a',True)
+ if '22' not in firewall['ipv6']['TCP']:
+ update_yml('22','TCP','a',True)
for i,port in enumerate (firewall['ipv4']['TCP']):
os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT")
@@ -158,7 +137,7 @@ def firewall_reload():
-def update_yml(port=None,protocol=None,mode=None,ip=None):
+def update_yml(port=None,protocol=None,mode=None,ipv6=None):
"""
Update firewall.yml
@@ -172,22 +151,29 @@ def update_yml(port=None,protocol=None,mode=None,ip=None):
None
"""
-
+ if ipv6:
+ ip = 'ipv6'
+ else:
+ ip = 'ipv4'
+
with open('firewall.yml','r') as f:
firewall = yaml.load(f)
+
if mode == 'a':
- if int(port) not in firewall[ip][protocol]:
- firewall[ip][protocol].append(int(port))
- print("Port "+port+" on protocol "+protocol+" with "+ip+" Open")
+ if port not in firewall[ip][protocol]:
+ firewall[ip][protocol].append(port)
+
else:
- print("Port already open")
+ raise YunoHostError(22,_("Port already openned")+port)
+
else:
- if int(port) in firewall[ip][protocol]:
- firewall[ip][protocol].remove(int(port))
- print("Port "+port+" on protocol "+protocol+" with "+ip+" Close")
+ if port in firewall[ip][protocol]:
+ firewall[ip][protocol].remove(port)
+
else:
- print("Port already close")
- firewall[ip][protocol].sort()
+ raise YunoHostError(22,_("Port already closed")+port)
+
+ firewall[ip][protocol].sort(key=int)
os.system("mv firewall.yml firewall.yml.old")
with open('firewall.yml','w') as f:
From 993815181dc7e93a89008d577ab704662d846b5f Mon Sep 17 00:00:00 2001
From: titoko <titoko@myko-serveur.fr>
Date: Tue, 18 Dec 2012 00:40:13 +0100
Subject: [PATCH 2/7] Fix indentation
---
yunohost_firewall.py | 83 +++++++++++++++++++++-----------------------
1 file changed, 39 insertions(+), 44 deletions(-)
diff --git a/yunohost_firewall.py b/yunohost_firewall.py
index 378d0334..467b19a1 100644
--- a/yunohost_firewall.py
+++ b/yunohost_firewall.py
@@ -15,57 +15,57 @@ from yunohost import YunoHostError, win_msg
def firewall_allow(protocol=None,port=None,ipv6=None):
"""
Allow port in iptables
-
+
Keyword arguments:
protocol -- Protocol used
port -- Port to open
ipv6 -- Boolean ipv6
-
+
Return
Dict
-
+
"""
- if int(port)<65536 and int(port)>0:
- if protocol == "Both":
- update_yml(port,'tcp','a',ipv6)
- update_yml(port,'udp','a',ipv6)
+ if int(port)<65536 and int(port)>0:
+ if protocol == "Both":
+ update_yml(port,'tcp','a',ipv6)
+ update_yml(port,'udp','a',ipv6)
- else:
-
- update_yml(port,protocol,'a',ipv6)
+ else:
+ update_yml(port,protocol,'a',ipv6)
- win_msg(_("Port successfully openned"))
- else:
- raise YunoHostError(22,_("Port not between 1 and 65535 : ")+port)
-
- firewall_reload()
- return firewall_list()
+ win_msg(_("Port successfully openned"))
+
+ else:
+ raise YunoHostError(22,_("Port not between 1 and 65535 : ")+port)
+
+ firewall_reload()
+ return firewall_list()
def firewall_disallow(protocol=None,port=None,ipv6=None):
"""
Disallow port in iptables
-
+
Keyword arguments:
protocol -- Protocol used
port -- Port to open
ipv6 -- Boolean ipv6
-
+
Return
Dict
-
+
"""
if protocol == "Both":
update_yml(port,'tcp','r',ipv6)
- update_yml(port,'udp','r',ipv6)
+ update_yml(port,'udp','r',ipv6)
else:
update_yml(port,protocol,'r',ipv6)
win_msg(_("Port successfully closed"))
-
- firewall_reload()
+
+ firewall_reload()
return firewall_list
@@ -73,13 +73,13 @@ def firewall_disallow(protocol=None,port=None,ipv6=None):
def firewall_list():
"""
Allow port in iptables
-
+
Keyword arguments:
None
-
+
Return
Dict
-
+
"""
with open ('firewall.yml') as f:
firewall = yaml.load(f)
@@ -92,7 +92,7 @@ def firewall_reload():
Reload iptables configuration
Keyword arguments:
- None
+ None
Return
Dict
@@ -103,53 +103,51 @@ def firewall_reload():
os.system ("iptables -P INPUT ACCEPT")
os.system ("iptables -F")
os.system ("iptables -X")
- if '22' not in firewall['ipv4']['TCP']:
- update_yml('22','TCP','a',False)
+ if '22' not in firewall['ipv4']['TCP']:
+ update_yml('22','TCP','a',False)
os.system ("ip6tables -P INPUT ACCEPT")
os.system ("ip6tables -F")
os.system ("ip6tables -X")
- if '22' not in firewall['ipv6']['TCP']:
- update_yml('22','TCP','a',True)
+ if '22' not in firewall['ipv6']['TCP']:
+ update_yml('22','TCP','a',True)
for i,port in enumerate (firewall['ipv4']['TCP']):
os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT")
-
+
for i,port in enumerate (firewall['ipv4']['UDP']):
os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT")
-
+
for i,port in enumerate (firewall['ipv6']['TCP']):
os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT")
-
+
for i,port in enumerate (firewall['ipv6']['UDP']):
os.system ("ip6tables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT")
-
+
os.system ("iptables -P INPUT DROP")
os.system ("ip6tables -P INPUT DROP")
-
+
win_msg(_("Firewall successfully reloaded"))
return firewall_list()
def update_yml(port=None,protocol=None,mode=None,ipv6=None):
- """
+ """
Update firewall.yml
-
Keyword arguments:
protocol -- Protocol used
- port -- Port to open
+ port -- Port to open
mode -- a=append r=remove
- ipv6 -- Boolean ipv6
-
+ ipv6 -- Boolean ipv6
+
Return
None
-
"""
if ipv6:
ip = 'ipv6'
@@ -178,7 +176,4 @@ def update_yml(port=None,protocol=None,mode=None,ipv6=None):
os.system("mv firewall.yml firewall.yml.old")
with open('firewall.yml','w') as f:
yaml.dump(firewall,f)
-
-
-
From 78bfd52cb8dda9f080dbff723c4b4a969041e026 Mon Sep 17 00:00:00 2001
From: titoko <titoko@myko-serveur.fr>
Date: Tue, 18 Dec 2012 22:23:17 +0100
Subject: [PATCH 3/7] End of exception handling
---
firewall.yml | 4 ++--
yunohost_firewall.py | 13 ++++++-------
2 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/firewall.yml b/firewall.yml
index 688c1da7..b0220024 100644
--- a/firewall.yml
+++ b/firewall.yml
@@ -1,6 +1,6 @@
ipv4:
- TCP: [22, 25, 53, 80, 443, 5222, 5269, 5280]
+ TCP: ['22', '25', '53', '80', '443', '5222', '5269', '5280']
UDP: []
ipv6:
- TCP: [22]
+ TCP: ['22']
UDP: []
diff --git a/yunohost_firewall.py b/yunohost_firewall.py
index 467b19a1..d0291b47 100644
--- a/yunohost_firewall.py
+++ b/yunohost_firewall.py
@@ -39,8 +39,7 @@ def firewall_allow(protocol=None,port=None,ipv6=None):
else:
raise YunoHostError(22,_("Port not between 1 and 65535 : ")+port)
- firewall_reload()
- return firewall_list()
+ return firewall_reload()
@@ -65,8 +64,7 @@ def firewall_disallow(protocol=None,port=None,ipv6=None):
update_yml(port,protocol,'r',ipv6)
win_msg(_("Port successfully closed"))
- firewall_reload()
- return firewall_list
+ return firewall_reload()
@@ -133,6 +131,7 @@ def firewall_reload():
os.system ("ip6tables -P INPUT DROP")
win_msg(_("Firewall successfully reloaded"))
+
return firewall_list()
@@ -162,18 +161,18 @@ def update_yml(port=None,protocol=None,mode=None,ipv6=None):
firewall[ip][protocol].append(port)
else:
- raise YunoHostError(22,_("Port already openned")+port)
+ raise YunoHostError(22,_("Port already openned ")+port)
else:
if port in firewall[ip][protocol]:
firewall[ip][protocol].remove(port)
else:
- raise YunoHostError(22,_("Port already closed")+port)
+ raise YunoHostError(22,_("Port already closed ")+port)
firewall[ip][protocol].sort(key=int)
os.system("mv firewall.yml firewall.yml.old")
+
with open('firewall.yml','w') as f:
yaml.dump(firewall,f)
-
From ef70c0529011e33c1eada4fbc4747540df85baae Mon Sep 17 00:00:00 2001
From: titoko <thomas.nonglaton@gmail.com>
Date: Wed, 19 Dec 2012 09:19:24 +0100
Subject: [PATCH 4/7] Update yunohost_firewall.py
---
yunohost_firewall.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/yunohost_firewall.py b/yunohost_firewall.py
index d0291b47..407746aa 100644
--- a/yunohost_firewall.py
+++ b/yunohost_firewall.py
@@ -161,14 +161,14 @@ def update_yml(port=None,protocol=None,mode=None,ipv6=None):
firewall[ip][protocol].append(port)
else:
- raise YunoHostError(22,_("Port already openned ")+port)
+ raise YunoHostError(22,_("Port already openned :")+port)
else:
if port in firewall[ip][protocol]:
firewall[ip][protocol].remove(port)
else:
- raise YunoHostError(22,_("Port already closed ")+port)
+ raise YunoHostError(22,_("Port already closed :")+port)
firewall[ip][protocol].sort(key=int)
From 36dab1cd02df1ae5625837fb1c209468bf495713 Mon Sep 17 00:00:00 2001
From: titoko <titoko@myko-serveur.fr>
Date: Wed, 19 Dec 2012 17:49:04 +0100
Subject: [PATCH 5/7] Change port from str to int and update yunohost.py
---
firewall.yml | 4 ++--
yunohost.py | 11 ++++++++---
yunohost_firewall.py | 15 ++++++++-------
3 files changed, 18 insertions(+), 12 deletions(-)
diff --git a/firewall.yml b/firewall.yml
index b0220024..688c1da7 100644
--- a/firewall.yml
+++ b/firewall.yml
@@ -1,6 +1,6 @@
ipv4:
- TCP: ['22', '25', '53', '80', '443', '5222', '5269', '5280']
+ TCP: [22, 25, 53, 80, 443, 5222, 5269, 5280]
UDP: []
ipv6:
- TCP: ['22']
+ TCP: [22]
UDP: []
diff --git a/yunohost.py b/yunohost.py
index faa6a634..4ebc6ade 100644
--- a/yunohost.py
+++ b/yunohost.py
@@ -45,10 +45,15 @@ def pretty_print_dict(d, depth=0):
elif isinstance(v, list):
print((" ") * depth + ("%s: " % k))
for value in v:
- print((" ") * (depth+1) + "- " + value)
+ if isinstance(value,str):
+ print((" ") * (depth+1) + "- " + value)
+ else:
+ print((" ") * (depth+1) + "- " +str(value))
else:
- print((" ") * depth + "%s: %s" % (k, v))
-
+ if isinstance(v,str):
+ print((" ") * depth + "%s: %s" % (k, v))
+ else:
+ print((" ") * depth + "%s: %s" % (k, str(v)))
def win_msg(astr):
"""
Display a success message if isatty
diff --git a/yunohost_firewall.py b/yunohost_firewall.py
index 407746aa..7ecb33c9 100644
--- a/yunohost_firewall.py
+++ b/yunohost_firewall.py
@@ -25,8 +25,8 @@ def firewall_allow(protocol=None,port=None,ipv6=None):
Dict
"""
-
- if int(port)<65536 and int(port)>0:
+ port=int(port)
+ if port<65536 and port>0:
if protocol == "Both":
update_yml(port,'tcp','a',ipv6)
update_yml(port,'udp','a',ipv6)
@@ -57,6 +57,7 @@ def firewall_disallow(protocol=None,port=None,ipv6=None):
"""
+ port=int(port)
if protocol == "Both":
update_yml(port,'tcp','r',ipv6)
update_yml(port,'udp','r',ipv6)
@@ -101,15 +102,15 @@ def firewall_reload():
os.system ("iptables -P INPUT ACCEPT")
os.system ("iptables -F")
os.system ("iptables -X")
- if '22' not in firewall['ipv4']['TCP']:
- update_yml('22','TCP','a',False)
+ if 22 not in firewall['ipv4']['TCP']:
+ update_yml(22,'TCP','a',False)
os.system ("ip6tables -P INPUT ACCEPT")
os.system ("ip6tables -F")
os.system ("ip6tables -X")
- if '22' not in firewall['ipv6']['TCP']:
- update_yml('22','TCP','a',True)
+ if 22 not in firewall['ipv6']['TCP']:
+ update_yml(22,'TCP','a',True)
for i,port in enumerate (firewall['ipv4']['TCP']):
os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT")
@@ -170,7 +171,7 @@ def update_yml(port=None,protocol=None,mode=None,ipv6=None):
else:
raise YunoHostError(22,_("Port already closed :")+port)
- firewall[ip][protocol].sort(key=int)
+ firewall[ip][protocol].sort()
os.system("mv firewall.yml firewall.yml.old")
From a4dafa81753b248ba63b5e7a69e96838ed7ff360 Mon Sep 17 00:00:00 2001
From: titoko <titoko@myko-serveur.fr>
Date: Wed, 19 Dec 2012 18:04:35 +0100
Subject: [PATCH 6/7] No need to type of the variable. str(value) anyways
---
yunohost.py | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/yunohost.py b/yunohost.py
index 4ebc6ade..27eea0b8 100644
--- a/yunohost.py
+++ b/yunohost.py
@@ -45,15 +45,10 @@ def pretty_print_dict(d, depth=0):
elif isinstance(v, list):
print((" ") * depth + ("%s: " % k))
for value in v:
- if isinstance(value,str):
- print((" ") * (depth+1) + "- " + value)
- else:
- print((" ") * (depth+1) + "- " +str(value))
+ print((" ") * (depth+1) + "- " +str(value))
else:
- if isinstance(v,str):
- print((" ") * depth + "%s: %s" % (k, v))
- else:
- print((" ") * depth + "%s: %s" % (k, str(v)))
+ print((" ") * depth + "%s: %s" % (k, str(v)))
+
def win_msg(astr):
"""
Display a success message if isatty
From f94b04ec970d0e1e7b0727347f9dc028f9413d1b Mon Sep 17 00:00:00 2001
From: titoko <titoko@myko-serveur.fr>
Date: Wed, 19 Dec 2012 18:17:37 +0100
Subject: [PATCH 7/7] Last bugFix
---
yunohost_firewall.py | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/yunohost_firewall.py b/yunohost_firewall.py
index 7ecb33c9..c5d792ea 100644
--- a/yunohost_firewall.py
+++ b/yunohost_firewall.py
@@ -28,8 +28,8 @@ def firewall_allow(protocol=None,port=None,ipv6=None):
port=int(port)
if port<65536 and port>0:
if protocol == "Both":
- update_yml(port,'tcp','a',ipv6)
- update_yml(port,'udp','a',ipv6)
+ update_yml(port,'TCP','a',ipv6)
+ update_yml(port,'UDP','a',ipv6)
else:
update_yml(port,protocol,'a',ipv6)
@@ -37,7 +37,7 @@ def firewall_allow(protocol=None,port=None,ipv6=None):
win_msg(_("Port successfully openned"))
else:
- raise YunoHostError(22,_("Port not between 1 and 65535 : ")+port)
+ raise YunoHostError(22,_("Port not between 1 and 65535 : ")+str(port))
return firewall_reload()
@@ -59,8 +59,8 @@ def firewall_disallow(protocol=None,port=None,ipv6=None):
port=int(port)
if protocol == "Both":
- update_yml(port,'tcp','r',ipv6)
- update_yml(port,'udp','r',ipv6)
+ update_yml(port,'TCP','r',ipv6)
+ update_yml(port,'UDP','r',ipv6)
else:
update_yml(port,protocol,'r',ipv6)
win_msg(_("Port successfully closed"))
@@ -162,14 +162,14 @@ def update_yml(port=None,protocol=None,mode=None,ipv6=None):
firewall[ip][protocol].append(port)
else:
- raise YunoHostError(22,_("Port already openned :")+port)
+ raise YunoHostError(22,_("Port already openned :")+str(port))
else:
if port in firewall[ip][protocol]:
firewall[ip][protocol].remove(port)
else:
- raise YunoHostError(22,_("Port already closed :")+port)
+ raise YunoHostError(22,_("Port already closed :")+str(port))
firewall[ip][protocol].sort()