Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-10 15:26:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

IP4 and IP6 firewall rules rather than port rules

Browse Source
This commit is contained in:
rperper
2018-11-14 15:15:20 -05:00
parent cdb2f637c5
commit 654a4b4f00
2 changed files with 115 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
plogical/firewallUtilities.py
View File

@@ -12,59 +12,81 @@ import socket
class FirewallUtilities:
@staticmethod
def addRule(proto,port,ipAddress):
def doCommand(command):
import install as inst
try:
ruleFamily = 'rule family="ipv4"'
sourceAddress = 'source address="' + ipAddress + '"'
ruleProtocol = 'port protocol="' + proto + '"'
rulePort = 'port="' + port + '"'
command = "sudo firewall-cmd --permanent --zone=public --add-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
cmd = shlex.split(command)
res = subprocess.call(cmd)
command = 'sudo firewall-cmd --reload'
cmd = shlex.split(command)
res = subprocess.call(cmd)
if inst.preFlightsChecks.resFailed(inst.get_distro(), res):
inst.preFlightsChecks.stdOut("Failed to apply rule: " + command + " Error #" + str(res), 1)
return 0
except OSError, msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [addRule]")
inst.preFlightsChecks.stdOut("Failed to apply rule: " + command + " Error: " + str(msg), 1)
return 0
except ValueError, msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [addRule]")
inst.preFlightsChecks.stdOut("Failed to apply rule: " + command + " Error: " + str(msg), 1)
return 0
return 1
@staticmethod
def addRule(proto,port,ipAddress):
ruleFamily = 'rule family="ipv4"'
sourceAddress = 'source address="' + ipAddress + '"'
ruleProtocol = 'port protocol="' + proto + '"'
rulePort = 'port="' + port + '"'
command = "sudo firewall-cmd --permanent --zone=public --add-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
if not FirewallUtilities.doComamnd(command):
return 0
ruleFamily = 'rule family="ipv6"'
sourceAddress = ''
command = "sudo firewall-cmd --permanent --zone=public --add-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
if not FirewallUtilities.doComamnd(command):
return 0
command = 'sudo firewall-cmd --reload'
if not FirewallUtilities.doComamnd(command):
return 0
return 1
@staticmethod
def deleteRule(proto, port, ipAddress):
try:
ruleFamily = 'rule family="ipv4"'
sourceAddress = 'source address="' + ipAddress + '"'
ruleProtocol = 'port protocol="' + proto + '"'
rulePort = 'port="' + port + '"'
ruleFamily = 'rule family="ipv4"'
sourceAddress = 'source address="' + ipAddress + '"'
ruleProtocol = 'port protocol="' + proto + '"'
rulePort = 'port="' + port + '"'
command = "sudo firewall-cmd --permanent --zone=public --remove-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
command = "sudo firewall-cmd --permanent --zone=public --remove-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
cmd = shlex.split(command)
res = subprocess.call(cmd)
command = 'sudo firewall-cmd --reload'
cmd = shlex.split(command)
res = subprocess.call(cmd)
except OSError, msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [deleteRule]")
if not FirewallUtilities.doComamnd(command):
return 0
except ValueError, msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [deleteRule]")
ruleFamily = 'rule family="ipv6"'
sourceAddress = ''
command = "sudo firewall-cmd --permanent --zone=public --remove-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
if not FirewallUtilities.doComamnd(command):
return 0
command = 'sudo firewall-cmd --reload'
ruleFamily = 'rule family="ipv6"'
sourceAddress = ''
command = "sudo firewall-cmd --permanent --zone=public --add-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
if not FirewallUtilities.doComamnd(command):
return 0
return 1