mirror of
https://github.com/Ysurac/openmptcprouter-vps-admin.git
synced 2025-03-09 15:40:05 +00:00
Add changes needed for V2Ray firewall rules modifications
This commit is contained in:
parent
0f5ba7f272
commit
3b91c0735f
2 changed files with 63 additions and 47 deletions
6
debian/changelog
vendored
6
debian/changelog
vendored
|
@ -1,3 +1,9 @@
|
||||||
|
omr-vps-admin (0.3+20220711) unstable; urgency=medium
|
||||||
|
|
||||||
|
* Add support to modify v2ray rules
|
||||||
|
|
||||||
|
-- OpenMPTCProuter <contact@openmptcprouter.com> Mon, 11 Jui 2022 20:03:12 +0200
|
||||||
|
|
||||||
omr-vps-admin (0.3+20220708) unstable; urgency=medium
|
omr-vps-admin (0.3+20220708) unstable; urgency=medium
|
||||||
|
|
||||||
* Fix v2ray remove rules
|
* Fix v2ray remove rules
|
||||||
|
|
104
omr-admin.py
104
omr-admin.py
|
@ -1,6 +1,6 @@
|
||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
#
|
#
|
||||||
# Copyright (C) 2018-2020 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
|
# Copyright (C) 2018-2022 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
|
||||||
#
|
#
|
||||||
# This is free software, licensed under the GNU General Public License v3.0.
|
# This is free software, licensed under the GNU General Public License v3.0.
|
||||||
# See /LICENSE for more information.
|
# See /LICENSE for more information.
|
||||||
|
@ -563,7 +563,7 @@ def v2ray_add_port(user, port, proto, name, destip, destport):
|
||||||
userid = user.userid
|
userid = user.userid
|
||||||
if userid is None:
|
if userid is None:
|
||||||
userid = 0
|
userid = 0
|
||||||
tag = user.username + '_redir_' + proto + '_' + str(port)
|
tag = user.username + '_redir_' + proto + '_' + str(port) + '_to_' + destip + ':' + str(destport)
|
||||||
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
|
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
|
||||||
with open('/etc/v2ray/v2ray-server.json') as f:
|
with open('/etc/v2ray/v2ray-server.json') as f:
|
||||||
data = json.load(f)
|
data = json.load(f)
|
||||||
|
@ -573,10 +573,10 @@ def v2ray_add_port(user, port, proto, name, destip, destport):
|
||||||
if inbounds['tag'] == tag:
|
if inbounds['tag'] == tag:
|
||||||
exist = 1
|
exist = 1
|
||||||
if exist == 0:
|
if exist == 0:
|
||||||
inbounds = {'tag': user.username + '_redir_' + proto + '_' + str(port), 'port': int(port), 'protocol': 'dokodemo-door', 'settings': {'network': proto, 'port': int(destport), 'address': destip}}
|
inbounds = {'tag': tag, 'port': int(port), 'protocol': 'dokodemo-door', 'settings': {'network': proto, 'port': int(destport), 'address': destip}}
|
||||||
#inbounds = {'tag': user.username + '_redir_' + proto + '_' + str(port), 'port': str(port), 'protocol': 'dokodemo-door', 'settings': {'network': proto, 'port': str(destport), 'address': destip}}
|
#inbounds = {'tag': user.username + '_redir_' + proto + '_' + str(port), 'port': str(port), 'protocol': 'dokodemo-door', 'settings': {'network': proto, 'port': str(destport), 'address': destip}}
|
||||||
data['inbounds'].append(inbounds)
|
data['inbounds'].append(inbounds)
|
||||||
routing = {'type': 'field','inboundTag': [user.username + '_redir_' + proto + '_' + str(port)], 'outboundTag': 'OMRLan'}
|
routing = {'type': 'field','inboundTag': [tag], 'outboundTag': 'OMRLan'}
|
||||||
data['routing']['rules'].append(routing)
|
data['routing']['rules'].append(routing)
|
||||||
with open('/etc/v2ray/v2ray-server.json', 'w') as f:
|
with open('/etc/v2ray/v2ray-server.json', 'w') as f:
|
||||||
json.dump(data, f, indent=4)
|
json.dump(data, f, indent=4)
|
||||||
|
@ -585,15 +585,16 @@ def v2ray_add_port(user, port, proto, name, destip, destport):
|
||||||
os.system("systemctl -q restart v2ray")
|
os.system("systemctl -q restart v2ray")
|
||||||
|
|
||||||
|
|
||||||
def v2ray_del_port(user, port, proto, name):
|
def v2ray_del_port(user, port, proto, name, destip, destport):
|
||||||
userid = user.userid
|
userid = user.userid
|
||||||
if userid is None:
|
if userid is None:
|
||||||
userid = 0
|
userid = 0
|
||||||
tag = user.username + '_redir_' + proto + '_' + str(port)
|
tag = user.username + '_redir_' + proto + '_' + str(port)
|
||||||
|
if destip != '':
|
||||||
|
tag = tag + '_to_' + destip + ':' + str(destport)
|
||||||
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
|
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
|
||||||
with open('/etc/v2ray/v2ray-server.json') as f:
|
with open('/etc/v2ray/v2ray-server.json') as f:
|
||||||
data = json.load(f)
|
data = json.load(f)
|
||||||
exist = 0
|
|
||||||
for inbounds in data['inbounds']:
|
for inbounds in data['inbounds']:
|
||||||
if inbounds['tag'] == tag:
|
if inbounds['tag'] == tag:
|
||||||
data['inbounds'].remove(inbounds)
|
data['inbounds'].remove(inbounds)
|
||||||
|
@ -606,7 +607,7 @@ def v2ray_del_port(user, port, proto, name):
|
||||||
if initial_md5 != final_md5:
|
if initial_md5 != final_md5:
|
||||||
os.system("systemctl -q restart v2ray")
|
os.system("systemctl -q restart v2ray")
|
||||||
|
|
||||||
def shorewall_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip='', dest_ip='', vpn='default'):
|
def shorewall_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip='', dest_ip='', vpn='default', gencomment=''):
|
||||||
userid = user.userid
|
userid = user.userid
|
||||||
if userid is None:
|
if userid is None:
|
||||||
userid = 0
|
userid = 0
|
||||||
|
@ -616,9 +617,9 @@ def shorewall_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip='',
|
||||||
open(tmpfile, 'a+') as n:
|
open(tmpfile, 'a+') as n:
|
||||||
for line in f:
|
for line in f:
|
||||||
if source_dip == '' and dest_ip == '':
|
if source_dip == '' and dest_ip == '':
|
||||||
if (fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto in line):
|
if (fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto + gencomment in line and not port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + gencomment in line):
|
||||||
n.write(line)
|
n.write(line)
|
||||||
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto in line:
|
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto + gencomment in line and not port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + gencomment in line:
|
||||||
n.write(line)
|
n.write(line)
|
||||||
else:
|
else:
|
||||||
comment = ''
|
comment = ''
|
||||||
|
@ -626,17 +627,17 @@ def shorewall_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip='',
|
||||||
comment = ' to ' + source_dip
|
comment = ' to ' + source_dip
|
||||||
if dest_ip != '':
|
if dest_ip != '':
|
||||||
comment = comment + ' from ' + dest_ip
|
comment = comment + ' from ' + dest_ip
|
||||||
if (fwtype == 'ACCEPT' and not '# OMR ' + user.username + ' open ' + name + ' port ' + proto + comment in line):
|
if (fwtype == 'ACCEPT' and not '# OMR ' + user.username + ' open ' + name + ' port ' + proto + comment + gencomment in line):
|
||||||
n.write(line)
|
n.write(line)
|
||||||
elif fwtype == 'DNAT' and not '# OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment in line:
|
elif fwtype == 'DNAT' and not '# OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment in line:
|
||||||
n.write(line)
|
n.write(line)
|
||||||
if source_dip == '' and dest_ip == '':
|
if source_dip == '' and dest_ip == '':
|
||||||
if fwtype == 'ACCEPT':
|
if fwtype == 'ACCEPT':
|
||||||
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + "\n")
|
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + gencomment + "\n")
|
||||||
elif fwtype == 'DNAT' and userid == 0:
|
elif fwtype == 'DNAT' and userid == 0:
|
||||||
n.write('DNAT net vpn:$OMR_ADDR ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + "\n")
|
n.write('DNAT net vpn:$OMR_ADDR ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + gencomment + "\n")
|
||||||
elif fwtype == 'DNAT' and userid != 0:
|
elif fwtype == 'DNAT' and userid != 0:
|
||||||
n.write('DNAT net vpn:$OMR_ADDR_USER' + str(userid) + ' ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + "\n")
|
n.write('DNAT net vpn:$OMR_ADDR_USER' + str(userid) + ' ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + gencomment + "\n")
|
||||||
else:
|
else:
|
||||||
net = 'net'
|
net = 'net'
|
||||||
comment = ''
|
comment = ''
|
||||||
|
@ -646,29 +647,29 @@ def shorewall_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip='',
|
||||||
comment = comment + ' from ' + dest_ip
|
comment = comment + ' from ' + dest_ip
|
||||||
net = 'net:' + dest_ip
|
net = 'net:' + dest_ip
|
||||||
if fwtype == 'ACCEPT':
|
if fwtype == 'ACCEPT':
|
||||||
n.write('ACCEPT ' + net + ' $FW ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + comment + "\n")
|
n.write('ACCEPT ' + net + ' $FW ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + comment + gencomment + "\n")
|
||||||
elif fwtype == 'DNAT' and vpn != 'default':
|
elif fwtype == 'DNAT' and vpn != 'default':
|
||||||
n.write('DNAT ' + net + ' vpn:' + vpn + ' ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + "\n")
|
n.write('DNAT ' + net + ' vpn:' + vpn + ' ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment + "\n")
|
||||||
#n.write('DNAT ' + net + ' vpn:$OMR_ADDR' + ' ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + "\n")
|
#n.write('DNAT ' + net + ' vpn:$OMR_ADDR' + ' ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + "\n")
|
||||||
elif fwtype == 'DNAT' and userid == 0:
|
elif fwtype == 'DNAT' and userid == 0:
|
||||||
n.write('DNAT ' + net + ' vpn:$OMR_ADDR ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + "\n")
|
n.write('DNAT ' + net + ' vpn:$OMR_ADDR ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment + "\n")
|
||||||
elif fwtype == 'DNAT' and userid != 0:
|
elif fwtype == 'DNAT' and userid != 0:
|
||||||
n.write('DNAT ' + net + ' vpn:$OMR_ADDR_USER' + str(userid) + ' ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + "\n")
|
n.write('DNAT ' + net + ' vpn:$OMR_ADDR_USER' + str(userid) + ' ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment + "\n")
|
||||||
os.close(fd)
|
os.close(fd)
|
||||||
move(tmpfile, '/etc/shorewall/rules')
|
move(tmpfile, '/etc/shorewall/rules')
|
||||||
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
||||||
if initial_md5 != final_md5:
|
if initial_md5 != final_md5:
|
||||||
os.system("systemctl -q reload shorewall")
|
os.system("systemctl -q reload shorewall")
|
||||||
|
|
||||||
def shorewall_del_port(username, port, proto, name, fwtype='ACCEPT', source_dip='', dest_ip=''):
|
def shorewall_del_port(username, port, proto, name, fwtype='ACCEPT', source_dip='', dest_ip='', gencomment=''):
|
||||||
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
||||||
fd, tmpfile = mkstemp()
|
fd, tmpfile = mkstemp()
|
||||||
with open('/etc/shorewall/rules', 'r') as f, open(tmpfile, 'a+') as n:
|
with open('/etc/shorewall/rules', 'r') as f, open(tmpfile, 'a+') as n:
|
||||||
for line in f:
|
for line in f:
|
||||||
if source_dip == '' and dest_ip == '':
|
if source_dip == '' and dest_ip == '':
|
||||||
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' open ' + name + ' port ' + proto in line:
|
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto + gencomment in line and not port + ' # OMR ' + username + ' open ' + name + ' port ' + proto + gencomment in line:
|
||||||
n.write(line)
|
n.write(line)
|
||||||
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto in line:
|
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto + gencomment in line and not port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto + gencomment in line:
|
||||||
n.write(line)
|
n.write(line)
|
||||||
else:
|
else:
|
||||||
comment = ''
|
comment = ''
|
||||||
|
@ -676,9 +677,9 @@ def shorewall_del_port(username, port, proto, name, fwtype='ACCEPT', source_dip=
|
||||||
comment = ' to ' + source_dip
|
comment = ' to ' + source_dip
|
||||||
if dest_ip != '':
|
if dest_ip != '':
|
||||||
comment = comment + ' from ' + dest_ip
|
comment = comment + ' from ' + dest_ip
|
||||||
if fwtype == 'ACCEPT' and not '# OMR ' + username + ' open ' + name + ' port ' + proto + comment in line:
|
if fwtype == 'ACCEPT' and not '# OMR ' + username + ' open ' + name + ' port ' + proto + comment + gencomment in line:
|
||||||
n.write(line)
|
n.write(line)
|
||||||
elif fwtype == 'DNAT' and not '# OMR ' + username + ' redirect ' + name + ' port ' + proto + comment in line:
|
elif fwtype == 'DNAT' and not '# OMR ' + username + ' redirect ' + name + ' port ' + proto + comment + gencomment in line:
|
||||||
n.write(line)
|
n.write(line)
|
||||||
os.close(fd)
|
os.close(fd)
|
||||||
move(tmpfile, '/etc/shorewall/rules')
|
move(tmpfile, '/etc/shorewall/rules')
|
||||||
|
@ -686,7 +687,7 @@ def shorewall_del_port(username, port, proto, name, fwtype='ACCEPT', source_dip=
|
||||||
if initial_md5 != final_md5:
|
if initial_md5 != final_md5:
|
||||||
os.system("systemctl -q reload shorewall")
|
os.system("systemctl -q reload shorewall")
|
||||||
|
|
||||||
def shorewall6_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip='', dest_ip=''):
|
def shorewall6_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip='', dest_ip='', gencomment=''):
|
||||||
userid = user.userid
|
userid = user.userid
|
||||||
if userid is None:
|
if userid is None:
|
||||||
userid = 0
|
userid = 0
|
||||||
|
@ -695,9 +696,9 @@ def shorewall6_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip='',
|
||||||
with open('/etc/shorewall6/rules', 'r') as f, open(tmpfile, 'a+') as n:
|
with open('/etc/shorewall6/rules', 'r') as f, open(tmpfile, 'a+') as n:
|
||||||
for line in f:
|
for line in f:
|
||||||
if source_dip == '':
|
if source_dip == '':
|
||||||
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto in line:
|
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto + gencomment in line and not port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + gencomment in line:
|
||||||
n.write(line)
|
n.write(line)
|
||||||
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto in line:
|
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto + gencomment in line and not port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + gencomment in line:
|
||||||
n.write(line)
|
n.write(line)
|
||||||
else:
|
else:
|
||||||
comment = ''
|
comment = ''
|
||||||
|
@ -705,17 +706,17 @@ def shorewall6_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip='',
|
||||||
comment = ' to ' + source_dip
|
comment = ' to ' + source_dip
|
||||||
if dest_ip != '':
|
if dest_ip != '':
|
||||||
comment = comment + ' from ' + dest_ip
|
comment = comment + ' from ' + dest_ip
|
||||||
if fwtype == 'ACCEPT' and not port + '# OMR ' + user.username + ' open ' + name + ' port ' + proto + comment in line:
|
if fwtype == 'ACCEPT' and not port + '# OMR ' + user.username + ' open ' + name + ' port ' + proto + comment + gencomment in line:
|
||||||
n.write(line)
|
n.write(line)
|
||||||
elif fwtype == 'DNAT' and not port + '# OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment in line:
|
elif fwtype == 'DNAT' and not port + '# OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment in line:
|
||||||
n.write(line)
|
n.write(line)
|
||||||
if source_dip == '':
|
if source_dip == '':
|
||||||
if fwtype == 'ACCEPT':
|
if fwtype == 'ACCEPT':
|
||||||
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + "\n")
|
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + gencomment + "\n")
|
||||||
elif fwtype == 'DNAT' and userid == 0:
|
elif fwtype == 'DNAT' and userid == 0:
|
||||||
n.write('DNAT net vpn:$OMR_ADDR ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + "\n")
|
n.write('DNAT net vpn:$OMR_ADDR ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + gencomment + "\n")
|
||||||
elif fwtype == 'DNAT' and userid != 0:
|
elif fwtype == 'DNAT' and userid != 0:
|
||||||
n.write('DNAT net vpn:$OMR_ADDR_USER' + str(userid) + ' ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + "\n")
|
n.write('DNAT net vpn:$OMR_ADDR_USER' + str(userid) + ' ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + gencomment + "\n")
|
||||||
else:
|
else:
|
||||||
net = 'net'
|
net = 'net'
|
||||||
comment = ''
|
comment = ''
|
||||||
|
@ -725,11 +726,11 @@ def shorewall6_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip='',
|
||||||
comment = comment + ' from ' + dest_ip
|
comment = comment + ' from ' + dest_ip
|
||||||
net = 'net:' + dest_ip
|
net = 'net:' + dest_ip
|
||||||
if fwtype == 'ACCEPT':
|
if fwtype == 'ACCEPT':
|
||||||
n.write('ACCEPT ' + net + ' $FW ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + comment+ "\n")
|
n.write('ACCEPT ' + net + ' $FW ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + comment + gencomment + "\n")
|
||||||
elif fwtype == 'DNAT' and userid == 0:
|
elif fwtype == 'DNAT' and userid == 0:
|
||||||
n.write('DNAT ' + net + ' vpn:$OMR_ADDR ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + "\n")
|
n.write('DNAT ' + net + ' vpn:$OMR_ADDR ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment + "\n")
|
||||||
elif fwtype == 'DNAT' and userid != 0:
|
elif fwtype == 'DNAT' and userid != 0:
|
||||||
n.write('DNAT ' + net + ' vpn:$OMR_ADDR_USER' + str(userid) + ' ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + "\n")
|
n.write('DNAT ' + net + ' vpn:$OMR_ADDR_USER' + str(userid) + ' ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment + "\n")
|
||||||
os.close(fd)
|
os.close(fd)
|
||||||
move(tmpfile, '/etc/shorewall6/rules')
|
move(tmpfile, '/etc/shorewall6/rules')
|
||||||
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
|
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
|
||||||
|
@ -742,14 +743,14 @@ def shorewall6_del_port(username, port, proto, name, fwtype='ACCEPT', source_dip
|
||||||
with open('/etc/shorewall6/rules', 'r') as f, open(tmpfile, 'a+') as n:
|
with open('/etc/shorewall6/rules', 'r') as f, open(tmpfile, 'a+') as n:
|
||||||
for line in f:
|
for line in f:
|
||||||
if source_dip == '':
|
if source_dip == '':
|
||||||
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' open ' + name + ' port ' + proto in line:
|
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' open ' + name + ' port ' + proto + gencomment in line:
|
||||||
n.write(line)
|
n.write(line)
|
||||||
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto in line:
|
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto + gencomment in line:
|
||||||
n.write(line)
|
n.write(line)
|
||||||
else:
|
else:
|
||||||
if fwtype == 'ACCEPT' and not '# OMR ' + username + ' open ' + name + ' port ' + proto + ' to ' + source_dip in line:
|
if fwtype == 'ACCEPT' and not '# OMR ' + username + ' open ' + name + ' port ' + proto + ' to ' + source_dip + gencomment in line:
|
||||||
n.write(line)
|
n.write(line)
|
||||||
elif fwtype == 'DNAT' and not '# OMR ' + username + ' redirect ' + name + ' port ' + proto + ' to ' + source_dip in line:
|
elif fwtype == 'DNAT' and not '# OMR ' + username + ' redirect ' + name + ' port ' + proto + ' to ' + source_dip + gencomment in line:
|
||||||
n.write(line)
|
n.write(line)
|
||||||
os.close(fd)
|
os.close(fd)
|
||||||
move(tmpfile, '/etc/shorewall6/rules')
|
move(tmpfile, '/etc/shorewall6/rules')
|
||||||
|
@ -1788,6 +1789,7 @@ class Shorewallparams(BaseModel):
|
||||||
ipproto: IPPROTO = Query("ipv4", title="Protocol IP for changes")
|
ipproto: IPPROTO = Query("ipv4", title="Protocol IP for changes")
|
||||||
source_dip: str = ""
|
source_dip: str = ""
|
||||||
source_ip: str = ""
|
source_ip: str = ""
|
||||||
|
comment: str = ""
|
||||||
|
|
||||||
@app.post('/shorewallopen', summary="Redirect a port from Server to Router")
|
@app.post('/shorewallopen', summary="Redirect a port from Server to Router")
|
||||||
def shorewall_open(*, params: Shorewallparams, current_user: User = Depends(get_current_user)):
|
def shorewall_open(*, params: Shorewallparams, current_user: User = Depends(get_current_user)):
|
||||||
|
@ -1804,6 +1806,9 @@ def shorewall_open(*, params: Shorewallparams, current_user: User = Depends(get_
|
||||||
fwtype = params.fwtype
|
fwtype = params.fwtype
|
||||||
source_dip = params.source_dip
|
source_dip = params.source_dip
|
||||||
source_ip = params.source_ip
|
source_ip = params.source_ip
|
||||||
|
comment = params.comment
|
||||||
|
if comment != '':
|
||||||
|
comment = ' --- ' + comment
|
||||||
vpn = "default"
|
vpn = "default"
|
||||||
username = current_user.username
|
username = current_user.username
|
||||||
if name is None:
|
if name is None:
|
||||||
|
@ -1819,9 +1824,9 @@ def shorewall_open(*, params: Shorewallparams, current_user: User = Depends(get_
|
||||||
for tunnel in omr_config_data['users'][0][current_user.username]['gre_tunnels']:
|
for tunnel in omr_config_data['users'][0][current_user.username]['gre_tunnels']:
|
||||||
if omr_config_data['users'][0][current_user.username]['gre_tunnels'][tunnel]['public_ip'] == source_dip:
|
if omr_config_data['users'][0][current_user.username]['gre_tunnels'][tunnel]['public_ip'] == source_dip:
|
||||||
vpn = omr_config_data['users'][0][current_user.username]['gre_tunnels'][tunnel]['remote_ip']
|
vpn = omr_config_data['users'][0][current_user.username]['gre_tunnels'][tunnel]['remote_ip']
|
||||||
shorewall_add_port(current_user, str(port), proto, name, fwtype, source_dip, source_ip, vpn)
|
shorewall_add_port(current_user, str(port), proto, name, fwtype, source_dip, source_ip, vpn, comment)
|
||||||
else:
|
else:
|
||||||
shorewall6_add_port(current_user, str(port), proto, name, fwtype, source_dip, source_ip)
|
shorewall6_add_port(current_user, str(port), proto, name, fwtype, source_dip, source_ip, comment)
|
||||||
return {'result': 'done', 'reason': 'changes applied'}
|
return {'result': 'done', 'reason': 'changes applied'}
|
||||||
|
|
||||||
@app.post('/shorewallclose', summary="Remove a redirected port")
|
@app.post('/shorewallclose', summary="Remove a redirected port")
|
||||||
|
@ -1834,15 +1839,18 @@ def shorewall_close(*, params: Shorewallparams, current_user: User = Depends(get
|
||||||
fwtype = params.fwtype
|
fwtype = params.fwtype
|
||||||
source_dip = params.source_dip
|
source_dip = params.source_dip
|
||||||
source_ip = params.source_ip
|
source_ip = params.source_ip
|
||||||
|
comment = params.comment
|
||||||
|
if comment != '':
|
||||||
|
comment = ' --- ' + comment
|
||||||
if name is None:
|
if name is None:
|
||||||
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'shorewallclose'}
|
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'shorewallclose'}
|
||||||
#v2ray_del_port(current_user.username, str(port), proto, name)
|
#v2ray_del_port(current_user.username, str(port), proto, name)
|
||||||
if params.ipproto == 'ipv4':
|
if params.ipproto == 'ipv4':
|
||||||
shorewall_del_port(current_user.username, str(port), proto, name, 'DNAT', source_dip, source_ip)
|
shorewall_del_port(current_user.username, str(port), proto, name, 'DNAT', source_dip, source_ip, comment)
|
||||||
shorewall_del_port(current_user.username, str(port), proto, name, 'ACCEPT', source_dip, source_ip)
|
shorewall_del_port(current_user.username, str(port), proto, name, 'ACCEPT', source_dip, source_ip, comment)
|
||||||
else:
|
else:
|
||||||
shorewall6_del_port(current_user.username, str(port), proto, name, 'DNAT', source_dip, source_ip)
|
shorewall6_del_port(current_user.username, str(port), proto, name, 'DNAT', source_dip, source_ip, comment)
|
||||||
shorewall6_del_port(current_user.username, str(port), proto, name, 'ACCEPT', source_dip, source_ip)
|
shorewall6_del_port(current_user.username, str(port), proto, name, 'ACCEPT', source_dip, source_ip, comment)
|
||||||
return {'result': 'done', 'reason': 'changes applied', 'route': 'shorewallclose'}
|
return {'result': 'done', 'reason': 'changes applied', 'route': 'shorewallclose'}
|
||||||
|
|
||||||
class SipALGparams(BaseModel):
|
class SipALGparams(BaseModel):
|
||||||
|
@ -1909,8 +1917,8 @@ class V2rayparams(BaseModel):
|
||||||
name: str
|
name: str
|
||||||
port: str
|
port: str
|
||||||
proto: str
|
proto: str
|
||||||
destip: str
|
destip: str = ""
|
||||||
destport: str
|
destport: str = ""
|
||||||
|
|
||||||
@app.post('/v2rayredirect', summary="Redirect a port from Server to Router with V2Ray")
|
@app.post('/v2rayredirect', summary="Redirect a port from Server to Router with V2Ray")
|
||||||
def v2ray_redirect(*, params: V2rayparams, current_user: User = Depends(get_current_user)):
|
def v2ray_redirect(*, params: V2rayparams, current_user: User = Depends(get_current_user)):
|
||||||
|
@ -1944,10 +1952,12 @@ def v2ray_unredirect(*, params: V2rayparams, current_user: User = Depends(get_cu
|
||||||
name = params.name
|
name = params.name
|
||||||
port = params.port
|
port = params.port
|
||||||
proto = params.proto
|
proto = params.proto
|
||||||
|
destip = params.destip
|
||||||
|
destport = params.destport
|
||||||
username = current_user.username
|
username = current_user.username
|
||||||
if name is None:
|
if name is None:
|
||||||
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'v2rayunredirect'}
|
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'v2rayunredirect'}
|
||||||
v2ray_del_port(current_user, port, proto, name)
|
v2ray_del_port(current_user, port, proto, name, destip, destport)
|
||||||
return {'result': 'done', 'reason': 'changes applied'}
|
return {'result': 'done', 'reason': 'changes applied'}
|
||||||
|
|
||||||
# Set MPTCP config
|
# Set MPTCP config
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue