Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-10 15:26:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

IP4 and IP6 firewall rules rather than port rules

Browse Source
This commit is contained in:
rperper
2018-11-14 15:15:20 -05:00
parent cdb2f637c5
commit 654a4b4f00
2 changed files with 115 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
install/firewallUtilities.py
View File

@@ -10,83 +10,83 @@ import socket
class FirewallUtilities: class FirewallUtilities:
@staticmethod @staticmethod
def addRule(proto,port): def doCommand(command):
import install as inst
try: try:
command = 'sudo firewall-cmd --permanent --zone=public --add-port=' + port + '/' + proto
#if port == "21":
# command = "sudo firewall-cmd --add-service=ftp --permanent"
# cmd = shlex.split(command)
# res = subprocess.call(cmd)
#ipAddress = "0.0.0.0/0"
#ruleFamily = 'rule family="ipv4"'
#sourceAddress = 'source address="' + ipAddress + '"'
#ruleProtocol = 'port protocol="' + proto + '"'
#rulePort = 'port="' + port + '"'
#command = "sudo firewall-cmd --permanent --zone=public --add-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
cmd = shlex.split(command) cmd = shlex.split(command)
res = subprocess.call(cmd) res = subprocess.call(cmd)
command = 'sudo firewall-cmd --reload'
cmd = shlex.split(command)
res = subprocess.call(cmd)
import install as inst
if inst.preFlightsChecks.resFailed(inst.get_distro(), res): if inst.preFlightsChecks.resFailed(inst.get_distro(), res):
inst.preFlightsChecks.stdOut("Failed to install rule: " + command + " Error #" + str(res), 1) inst.preFlightsChecks.stdOut("Failed to apply rule: " + command + " Error #" + str(res), 1)
return 0 return 0
except OSError, msg: except OSError, msg:
logging.InstallLog.writeToFile(str(msg) + " [addRule]") inst.preFlightsChecks.stdOut("Failed to apply rule: " + command + " Error: " + str(msg), 1)
return 0 return 0
except ValueError, msg: except ValueError, msg:
logging.InstallLog.writeToFile(str(msg) + " [addRule]") inst.preFlightsChecks.stdOut("Failed to apply rule: " + command + " Error: " + str(msg), 1)
return 0
return 1
@staticmethod
def addRule(proto,port):
if port == "21":
command = "sudo firewall-cmd --add-service=ftp --permanent"
else:
ipAddress = "0.0.0.0/0"
ruleFamily = 'rule family="ipv4"'
sourceAddress = 'source address="' + ipAddress + '"'
ruleProtocol = 'port protocol="' + proto + '"'
rulePort = 'port="' + port + '"'
command = "sudo firewall-cmd --permanent --zone=public --add-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
if not FirewallUtilities.doCommand(command):
return 0
ruleFamily = 'rule family="ipv6"'
sourceAddress = ''
command = "sudo firewall-cmd --permanent --zone=public --add-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
if not FirewallUtilities.doCommand(command):
return 0
command = 'sudo firewall-cmd --reload'
if not FirewallUtilities.doCommand(command):
return 0 return 0
return 1 return 1
@staticmethod @staticmethod
def deleteRule(proto, port): def deleteRule(proto, port):
try: if port=="21":
command = 'sudo firewall-cmd --permanent --zone-public --remove-port=' + port + '/' + proto command = "sudo firewall-cmd --remove-service=ftp --permanent"
else:
ipAddress = "0.0.0.0/0"
ruleFamily = 'rule family="ipv4"'
sourceAddress = 'source address="' + ipAddress + '"'
ruleProtocol = 'port protocol="' + proto + '"'
rulePort = 'port="' + port + '"'
#if port=="21": command = "sudo firewall-cmd --permanent --zone=public --remove-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
# command = "sudo firewall-cmd --remove-service=ftp --permanent"
# cmd = shlex.split(command)
# res = subprocess.call(cmd)
#ipAddress = "0.0.0.0/0" if not FirewallUtilities.doCommand(command):
return 0
#ruleFamily = 'rule family="ipv4"' ruleFamily = 'rule family="ipv6"'
#sourceAddress = 'source address="' + ipAddress + '"' sourceAddress = ''
#ruleProtocol = 'port protocol="' + proto + '"'
#rulePort = 'port="' + port + '"'
#command = "sudo firewall-cmd --permanent --zone=public --remove-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'" command = "sudo firewall-cmd --permanent --zone=public --remove-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
cmd = shlex.split(command) if not FirewallUtilities.doCommand(command):
res = subprocess.call(cmd)
command = 'sudo firewall-cmd --reload'
cmd = shlex.split(command)
res = subprocess.call(cmd)
except OSError, msg:
logging.InstallLog.writeToFile(str(msg) + " [deleteRule]")
return 0 return 0
except ValueError, msg:
logging.InstallLog.writeToFile(str(msg) + " [deleteRule]") command = 'sudo firewall-cmd --reload'
if not FirewallUtilities.doCommand(command):
return 0 return 0
return 1 return 1

96
plogical/firewallUtilities.py
View File

@@ -12,59 +12,81 @@ import socket
class FirewallUtilities: class FirewallUtilities:
@staticmethod @staticmethod
def addRule(proto,port,ipAddress): def doCommand(command):
import install as inst
try: try:
ruleFamily = 'rule family="ipv4"'
sourceAddress = 'source address="' + ipAddress + '"'
ruleProtocol = 'port protocol="' + proto + '"'
rulePort = 'port="' + port + '"'
command = "sudo firewall-cmd --permanent --zone=public --add-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
cmd = shlex.split(command) cmd = shlex.split(command)
res = subprocess.call(cmd)
command = 'sudo firewall-cmd --reload'
cmd = shlex.split(command)
res = subprocess.call(cmd) res = subprocess.call(cmd)
if inst.preFlightsChecks.resFailed(inst.get_distro(), res):
inst.preFlightsChecks.stdOut("Failed to apply rule: " + command + " Error #" + str(res), 1)
return 0
except OSError, msg: except OSError, msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [addRule]") inst.preFlightsChecks.stdOut("Failed to apply rule: " + command + " Error: " + str(msg), 1)
return 0 return 0
except ValueError, msg: except ValueError, msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [addRule]") inst.preFlightsChecks.stdOut("Failed to apply rule: " + command + " Error: " + str(msg), 1)
return 0
return 1
@staticmethod
def addRule(proto,port,ipAddress):
ruleFamily = 'rule family="ipv4"'
sourceAddress = 'source address="' + ipAddress + '"'
ruleProtocol = 'port protocol="' + proto + '"'
rulePort = 'port="' + port + '"'
command = "sudo firewall-cmd --permanent --zone=public --add-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
if not FirewallUtilities.doComamnd(command):
return 0
ruleFamily = 'rule family="ipv6"'
sourceAddress = ''
command = "sudo firewall-cmd --permanent --zone=public --add-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
if not FirewallUtilities.doComamnd(command):
return 0
command = 'sudo firewall-cmd --reload'
if not FirewallUtilities.doComamnd(command):
return 0 return 0
return 1 return 1
@staticmethod @staticmethod
def deleteRule(proto, port, ipAddress): def deleteRule(proto, port, ipAddress):
try: ruleFamily = 'rule family="ipv4"'
ruleFamily = 'rule family="ipv4"' sourceAddress = 'source address="' + ipAddress + '"'
sourceAddress = 'source address="' + ipAddress + '"' ruleProtocol = 'port protocol="' + proto + '"'
ruleProtocol = 'port protocol="' + proto + '"' rulePort = 'port="' + port + '"'
rulePort = 'port="' + port + '"'
command = "sudo firewall-cmd --permanent --zone=public --remove-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'" command = "sudo firewall-cmd --permanent --zone=public --remove-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
cmd = shlex.split(command) if not FirewallUtilities.doComamnd(command):
res = subprocess.call(cmd)
command = 'sudo firewall-cmd --reload'
cmd = shlex.split(command)
res = subprocess.call(cmd)
except OSError, msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [deleteRule]")
return 0 return 0
except ValueError, msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [deleteRule]") ruleFamily = 'rule family="ipv6"'
sourceAddress = ''
command = "sudo firewall-cmd --permanent --zone=public --remove-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
if not FirewallUtilities.doComamnd(command):
return 0
command = 'sudo firewall-cmd --reload'
ruleFamily = 'rule family="ipv6"'
sourceAddress = ''
command = "sudo firewall-cmd --permanent --zone=public --add-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"
if not FirewallUtilities.doComamnd(command):
return 0 return 0
return 1 return 1