mptcp/openmptcprouter-vps-admin
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps-admin.git synced 2025-03-09 15:40:05 +00:00
Code Issues Releases Wiki Activity

Use username in shorewall rules, get lan IPs

Browse source
This commit is contained in:
Ycarus 2020-01-09 22:20:05 +01:00
parent def7b1f4b2
commit 196557de16
1 changed files with 34 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

59
omr-admin.py
View file

@ -135,33 +135,33 @@ def file_as_bytes(file):
with file: with file:
return file.read() return file.read()
def shorewall_add_port(port,proto,name,fwtype='ACCEPT'): def shorewall_add_port(username,port,proto,name,fwtype='ACCEPT'):
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest() initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
fd, tmpfile = mkstemp() fd, tmpfile = mkstemp()
with open('/etc/shorewall/rules','r') as f, open(tmpfile,'a+') as n: with open('/etc/shorewall/rules','r') as f, open(tmpfile,'a+') as n:
for line in f: for line in f:
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line: if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' open ' + name + ' port ' + proto in line:
n.write(line) n.write(line)
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line: elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto in line:
n.write(line) n.write(line)
if fwtype == 'ACCEPT': if fwtype == 'ACCEPT':
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR open ' + name + ' port ' + proto + "\n") n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR ' + username + ' open ' + name + ' port ' + proto + "\n")
elif fwtype == 'DNAT': elif fwtype == 'DNAT':
n.write('DNAT net vpn:$OMR_ADDR ' + proto + ' ' + port + ' # OMR redirect ' + name + ' port ' + proto + "\n") n.write('DNAT net vpn:$OMR_ADDR ' + proto + ' ' + port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto + "\n")
os.close(fd) os.close(fd)
move(tmpfile,'/etc/shorewall/rules') move(tmpfile,'/etc/shorewall/rules')
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest() final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
if not initial_md5 == final_md5: if not initial_md5 == final_md5:
os.system("systemctl -q reload shorewall") os.system("systemctl -q reload shorewall")
def shorewall_del_port(port,proto,name,fwtype='ACCEPT'): def shorewall_del_port(username,port,proto,name,fwtype='ACCEPT'):
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest() initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
fd, tmpfile = mkstemp() fd, tmpfile = mkstemp()
with open('/etc/shorewall/rules','r') as f, open(tmpfile,'a+') as n: with open('/etc/shorewall/rules','r') as f, open(tmpfile,'a+') as n:
for line in f: for line in f:
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line: if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' open ' + name + ' port ' + proto in line:
n.write(line) n.write(line)
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line: elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto in line:
n.write(line) n.write(line)
os.close(fd) os.close(fd)
move(tmpfile,'/etc/shorewall/rules') move(tmpfile,'/etc/shorewall/rules')
@ -169,33 +169,33 @@ def shorewall_del_port(port,proto,name,fwtype='ACCEPT'):
if not initial_md5 == final_md5: if not initial_md5 == final_md5:
os.system("systemctl -q reload shorewall") os.system("systemctl -q reload shorewall")
def shorewall6_add_port(port,proto,name,fwtype='ACCEPT'): def shorewall6_add_port(username,port,proto,name,fwtype='ACCEPT'):
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest() initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
fd, tmpfile = mkstemp() fd, tmpfile = mkstemp()
with open('/etc/shorewall6/rules','r') as f, open(tmpfile,'a+') as n: with open('/etc/shorewall6/rules','r') as f, open(tmpfile,'a+') as n:
for line in f: for line in f:
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line: if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' open ' + name + ' port ' + proto in line:
n.write(line) n.write(line)
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line: elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto in line:
n.write(line) n.write(line)
if fwtype == 'ACCEPT': if fwtype == 'ACCEPT':
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR open ' + name + ' port ' + proto + "\n") n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR ' + username + ' open ' + name + ' port ' + proto + "\n")
elif fwtype == 'DNAT': elif fwtype == 'DNAT':
n.write('DNAT net vpn:$OMR_ADDR ' + proto + ' ' + port + ' # OMR redirect ' + name + ' port ' + proto + "\n") n.write('DNAT net vpn:$OMR_ADDR ' + proto + ' ' + port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto + "\n")
os.close(fd) os.close(fd)
move(tmpfile,'/etc/shorewall6/rules') move(tmpfile,'/etc/shorewall6/rules')
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest() final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
if not initial_md5 == final_md5: if not initial_md5 == final_md5:
os.system("systemctl -q reload shorewall6") os.system("systemctl -q reload shorewall6")
def shorewall6_del_port(port,proto,name,fwtype='ACCEPT'): def shorewall6_del_port(username,port,proto,name,fwtype='ACCEPT'):
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest() initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
fd, tmpfile = mkstemp() fd, tmpfile = mkstemp()
with open('/etc/shorewall6/rules','r') as f, open(tmpfile,'a+') as n: with open('/etc/shorewall6/rules','r') as f, open(tmpfile,'a+') as n:
for line in f: for line in f:
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line: if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' open ' + name + ' port ' + proto in line:
n.write(line) n.write(line)
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line: elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto in line:
n.write(line) n.write(line)
os.close(fd) os.close(fd)
move(tmpfile,'/etc/shorewall6/rules') move(tmpfile,'/etc/shorewall6/rules')
@ -774,9 +774,9 @@ def shorewall_open(*,params: Shorewallparams, current_user: User = Depends(get_c
if name is None: if name is None:
return {'result': 'error','reason': 'Invalid parameters','route': 'shorewallopen'} return {'result': 'error','reason': 'Invalid parameters','route': 'shorewallopen'}
if params.ipproto == 'ipv4': if params.ipproto == 'ipv4':
shorewall_add_port(str(port),proto,name,fwtype) shorewall_add_port(current_user.username,str(port),proto,name,fwtype)
else: else:
shorewall6_add_port(str(port),proto,name,fwtype) shorewall6_add_port(current_user.username,str(port),proto,name,fwtype)
return {'result': 'done','reason': 'changes applied'} return {'result': 'done','reason': 'changes applied'}
@app.post('/shorewallclose') @app.post('/shorewallclose')
@ -790,9 +790,9 @@ def shorewall_close(*,params: Shorewallparams,current_user: User = Depends(get_c
if name is None: if name is None:
return {'result': 'error','reason': 'Invalid parameters','route': 'shorewallclose'} return {'result': 'error','reason': 'Invalid parameters','route': 'shorewallclose'}
if params.ipproto == 'ipv4': if params.ipproto == 'ipv4':
shorewall_del_port(str(port),proto,name,fwtype) shorewall_del_port(current_user.username,str(port),proto,name,fwtype)
else: else:
shorewall6_del_port(str(port),proto,name,fwtype) shorewall6_del_port(current_user.username,str(port),proto,name,fwtype)
return {'result': 'done','reason': 'changes applied','route': 'shorewallclose'} return {'result': 'done','reason': 'changes applied','route': 'shorewallclose'}
# Set MPTCP config # Set MPTCP config
@ -959,13 +959,22 @@ def wan(*, wanips: Wanips,current_user: User = Depends(get_current_user)):
outfile.write('[white_list]\n') outfile.write('[white_list]\n')
outfile.write(ips) outfile.write(ips)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shadowsocks-libev/local.acl', 'rb'))).hexdigest() final_md5 = hashlib.md5(file_as_bytes(open('/etc/shadowsocks-libev/local.acl', 'rb'))).hexdigest()
#if not initial_md5 == final_md5: #modif_config_user(current_user,{'wanips': wanip})
#os.system("systemctl restart shadowsocks-libev-server@config.service")
#for x in range (1,os.cpu_count()):
#os.system("systemctl restart shadowsocks-libev-server@config" + str(x) + ".service")
return {'result': 'done'} return {'result': 'done'}
class Lanips(BaseModel):
lanips: List[str] = []
# Set user lan config
@app.post('/lan')
def router(*,lanconfig: Lanips,current_user: User = Depends(get_current_user)):
lanips = lanconfig.lanips
if not lanips:
return {'result': 'error','reason': 'Invalid parameters','route': 'lan'}
modif_config_user(current_user,{'lanips': lanips})
return {'result': 'done','reason': 'changes applied'}
# Update VPS # Update VPS
@app.get('/update') @app.get('/update')
def update(current_user: User = Depends(get_current_user)): def update(current_user: User = Depends(get_current_user)):