YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'origin/unstable' into unstable

Browse source
This commit is contained in:
Weblate 2015-10-31 21:06:36 +01:00
commit 3e06d5f5a9
2 changed files with 21 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
data/actionsmap/yunohost.yml
View file

@ -1020,6 +1020,10 @@ firewall:
configuration: configuration:
authenticate: false authenticate: false
lock: false lock: false
arguments:
--skip-upnp:
help: Do not refresh port forwarding using UPnP
action: store_true
### firewall_allow() ### firewall_allow()
allow: allow:

20
src/yunohost/firewall.py
View file

@ -112,7 +112,7 @@ def firewall_disallow(protocol, port, ipv4_only=False, ipv6_only=False,
firewall = firewall_list(raw=True) firewall = firewall_list(raw=True)
# Validate port # Validate port
if ':' not in port: if not isinstance(port, int) and ':' not in port:
port = int(port) port = int(port)
# Validate protocols # Validate protocols
@ -188,10 +188,12 @@ def firewall_list(raw=False, by_ip_version=False, list_forwarded=False):
return ret return ret
def firewall_reload(): def firewall_reload(skip_upnp=False):
""" """
Reload all firewall rules Reload all firewall rules
Keyword arguments:
skip_upnp -- Do not refresh port forwarding using UPnP
""" """
from yunohost.hook import hook_callback from yunohost.hook import hook_callback
@ -210,7 +212,7 @@ def firewall_reload():
# Retrieve firewall rules and UPnP status # Retrieve firewall rules and UPnP status
firewall = firewall_list(raw=True) firewall = firewall_list(raw=True)
upnp = firewall_upnp()['enabled'] upnp = firewall_upnp()['enabled'] if not skip_upnp else False
# IPv4 # IPv4
try: try:
@ -324,6 +326,11 @@ def firewall_upnp(action='status', no_refresh=False):
with open(upnp_cron_job, 'w+') as f: with open(upnp_cron_job, 'w+') as f:
f.write('*/50 * * * * root ' f.write('*/50 * * * * root '
'/usr/bin/yunohost firewall upnp status >>/dev/null\n') '/usr/bin/yunohost firewall upnp status >>/dev/null\n')
# Open port 1900 to receive discovery message
if 1900 not in firewall['ipv4']['UDP']:
firewall_allow('UDP', 1900, no_upnp=True, no_reload=True)
if not enabled:
firewall_reload(skip_upnp=True)
enabled = True enabled = True
elif action == 'disable' or (not enabled and action == 'status'): elif action == 'disable' or (not enabled and action == 'status'):
try: try:
@ -376,6 +383,7 @@ def firewall_upnp(action='status', no_refresh=False):
enabled = False enabled = False
if enabled != firewall['uPnP']['enabled']: if enabled != firewall['uPnP']['enabled']:
firewall = firewall_list(raw=True)
firewall['uPnP']['enabled'] = enabled firewall['uPnP']['enabled'] = enabled
# Make a backup and update firewall file # Make a backup and update firewall file
@ -393,6 +401,12 @@ def firewall_upnp(action='status', no_refresh=False):
elif action != 'disable' and not enabled: elif action != 'disable' and not enabled:
firewall_upnp('disable', no_refresh=True) firewall_upnp('disable', no_refresh=True)
if not enabled and (action == 'enable' or 1900 in firewall['ipv4']['UDP']):
# Close unused port 1900
firewall_disallow('UDP', 1900, no_reload=True)
if not no_refresh:
firewall_reload(skip_upnp=True)
if action == 'enable' and not enabled: if action == 'enable' and not enabled:
raise MoulinetteError(errno.ENXIO, m18n.n('upnp_port_open_failed')) raise MoulinetteError(errno.ENXIO, m18n.n('upnp_port_open_failed'))
return { 'enabled': enabled } return { 'enabled': enabled }