YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge 4d5baa19a1 into a5049a8a13

Browse source
This commit is contained in:
OniriCorpe 2024-08-31 22:25:23 +02:00 committed by GitHub
commit e9a96bbc84
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 24 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
src/firewall.py
View file

@ -38,7 +38,6 @@ def firewall_allow(
ipv6_only=False, ipv6_only=False,
no_upnp=False, no_upnp=False,
no_reload=False, no_reload=False,
reload_only_if_change=False,
): ):
""" """
Allow connections on a port Allow connections on a port
@ -76,20 +75,14 @@ def firewall_allow(
"ipv6", "ipv6",
] ]
changed = False
for p in protocols: for p in protocols:
# Iterate over IP versions to add port # Iterate over IP versions to add port
for i in ipvs: for i in ipvs:
if port not in firewall[i][p]: if port not in firewall[i][p]:
firewall[i][p].append(port) firewall[i][p].append(port)
changed = True
else: else:
ipv = "IPv%s" % i[3] ipv = "IPv%s" % i[3]
if not reload_only_if_change: logger.warning(m18n.n("port_already_opened", port=port, ip_version=ipv))
logger.warning(
m18n.n("port_already_opened", port=port, ip_version=ipv)
)
# Add port forwarding with UPnP # Add port forwarding with UPnP
if not no_upnp and port not in firewall["uPnP"][p]: if not no_upnp and port not in firewall["uPnP"][p]:
firewall["uPnP"][p].append(port) firewall["uPnP"][p].append(port)
@ -101,9 +94,7 @@ def firewall_allow(
# Update and reload firewall # Update and reload firewall
_update_firewall_file(firewall) _update_firewall_file(firewall)
if (not reload_only_if_change and not no_reload) or ( if not no_reload:
reload_only_if_change and changed
):
return firewall_reload() return firewall_reload()
@ -114,7 +105,6 @@ def firewall_disallow(
ipv6_only=False, ipv6_only=False,
upnp_only=False, upnp_only=False,
no_reload=False, no_reload=False,
reload_only_if_change=False,
): ):
""" """
Disallow connections on a port Disallow connections on a port
@ -159,20 +149,14 @@ def firewall_disallow(
elif upnp_only: elif upnp_only:
ipvs = [] ipvs = []
changed = False
for p in protocols: for p in protocols:
# Iterate over IP versions to remove port # Iterate over IP versions to remove port
for i in ipvs: for i in ipvs:
if port in firewall[i][p]: if port in firewall[i][p]:
firewall[i][p].remove(port) firewall[i][p].remove(port)
changed = True
else: else:
ipv = "IPv%s" % i[3] ipv = "IPv%s" % i[3]
if not reload_only_if_change: logger.warning(m18n.n("port_already_closed", port=port, ip_version=ipv))
logger.warning(
m18n.n("port_already_closed", port=port, ip_version=ipv)
)
# Remove port forwarding with UPnP # Remove port forwarding with UPnP
if upnp and port in firewall["uPnP"][p]: if upnp and port in firewall["uPnP"][p]:
firewall["uPnP"][p].remove(port) firewall["uPnP"][p].remove(port)
@ -182,9 +166,7 @@ def firewall_disallow(
# Update and reload firewall # Update and reload firewall
_update_firewall_file(firewall) _update_firewall_file(firewall)
if (not reload_only_if_change and not no_reload) or ( if not no_reload:
reload_only_if_change and changed
):
return firewall_reload() return firewall_reload()

29
src/utils/resources.py
View file

@ -1343,7 +1343,14 @@ class PortsResource(AppResource):
return used_by_process or used_by_app or used_by_self_provisioning return used_by_process or used_by_app or used_by_self_provisioning
def provision_or_update(self, context: Dict = {}): def provision_or_update(self, context: Dict = {}):
from yunohost.firewall import firewall_allow, firewall_disallow from yunohost.firewall import (
firewall_allow,
firewall_disallow,
firewall_list,
firewall_reload,
)
previous_ports = firewall_list(raw=True)
for name, infos in self.ports.items(): for name, infos in self.ports.items():
setting_name = f"port_{name}" if name != "main" else "port" setting_name = f"port_{name}" if name != "main" else "port"
@ -1374,23 +1381,27 @@ class PortsResource(AppResource):
self.set_setting(setting_name, port_value) self.set_setting(setting_name, port_value)
if infos["exposed"]: if infos["exposed"]:
firewall_allow(infos["exposed"], port_value, reload_only_if_change=True) firewall_allow(infos["exposed"], port_value, no_reload=True)
else: else:
firewall_disallow( firewall_disallow(infos["exposed"], port_value, no_reload=True)
infos["exposed"], port_value, reload_only_if_change=True
) if firewall_list(raw=True) != previous_ports:
firewall_reload()
def deprovision(self, context: Dict = {}): def deprovision(self, context: Dict = {}):
from yunohost.firewall import firewall_disallow from yunohost.firewall import firewall_disallow, firewall_list, firewall_reload
previous_ports = firewall_list(raw=True)
for name, infos in self.ports.items(): for name, infos in self.ports.items():
setting_name = f"port_{name}" if name != "main" else "port" setting_name = f"port_{name}" if name != "main" else "port"
value = self.get_setting(setting_name) value = self.get_setting(setting_name)
self.delete_setting(setting_name) self.delete_setting(setting_name)
if value and str(value).strip(): if value and str(value).strip():
firewall_disallow( firewall_disallow(infos["exposed"], int(value), no_reload=True)
infos["exposed"], int(value), reload_only_if_change=True
) if firewall_list(raw=True) != previous_ports:
firewall_reload()
class DatabaseAppResource(AppResource): class DatabaseAppResource(AppResource):