mptcp/openmptcprouter-vps-admin
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps-admin.git synced 2025-03-09 15:40:05 +00:00
Code Issues Releases Wiki Activity

Fix IPv6 firewall

Browse source
This commit is contained in:
Ycarus (Yannick Chabanois) 2022-10-02 19:44:12 +02:00
parent 4f8dc4f997
commit 7185adad0e
2 changed files with 14 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

6
debian/changelog vendored
View file

@ -1,3 +1,9 @@
omr-vps-admin (0.3+20221001) unstable; urgency=medium
* Fix IPv6 firewall
-- OpenMPTCProuter <contact@openmptcprouter.com> Sat, 01 Oct 2022 07:26:42 +0200
omr-vps-admin (0.3+20220827) unstable; urgency=medium omr-vps-admin (0.3+20220827) unstable; urgency=medium
* Fix SIP ALG * Fix SIP ALG

14
omr-admin.py
View file

@ -695,7 +695,7 @@ def shorewall6_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip='',
fd, tmpfile = mkstemp() fd, tmpfile = mkstemp()
with open('/etc/shorewall6/rules', 'r') as f, open(tmpfile, 'a+') as n: with open('/etc/shorewall6/rules', 'r') as f, open(tmpfile, 'a+') as n:
for line in f: for line in f:
if source_dip == '': if source_dip == '' and dest_ip == '':
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto + gencomment in line and not port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + gencomment in line: if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto + gencomment in line and not port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + gencomment in line:
n.write(line) n.write(line)
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto + gencomment in line and not port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + gencomment in line: elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto + gencomment in line and not port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + gencomment in line:
@ -706,11 +706,11 @@ def shorewall6_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip='',
comment = ' to ' + source_dip comment = ' to ' + source_dip
if dest_ip != '': if dest_ip != '':
comment = comment + ' from ' + dest_ip comment = comment + ' from ' + dest_ip
if fwtype == 'ACCEPT' and not port + '# OMR ' + user.username + ' open ' + name + ' port ' + proto + comment + gencomment in line: if fwtype == 'ACCEPT' and not '# OMR ' + user.username + ' open ' + name + ' port ' + proto + comment + gencomment in line:
n.write(line) n.write(line)
elif fwtype == 'DNAT' and not port + '# OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment in line: elif fwtype == 'DNAT' and not '# OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment in line:
n.write(line) n.write(line)
if source_dip == '': if source_dip == '' and dest_ip == '':
if fwtype == 'ACCEPT': if fwtype == 'ACCEPT':
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + gencomment + "\n") n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + gencomment + "\n")
elif fwtype == 'DNAT' and userid == 0: elif fwtype == 'DNAT' and userid == 0:
@ -720,13 +720,15 @@ def shorewall6_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip='',
else: else:
net = 'net' net = 'net'
comment = '' comment = ''
if source_dip == '': if source_dip != '':
comment = ' to ' + source_dip comment = ' to ' + source_dip
if dest_ip == '': if dest_ip != '':
comment = comment + ' from ' + dest_ip comment = comment + ' from ' + dest_ip
net = 'net:' + dest_ip net = 'net:' + dest_ip
if fwtype == 'ACCEPT': if fwtype == 'ACCEPT':
n.write('ACCEPT ' + net + ' $FW ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + comment + gencomment + "\n") n.write('ACCEPT ' + net + ' $FW ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + comment + gencomment + "\n")
elif fwtype == 'DNAT' and vpn != 'default':
n.write('DNAT ' + net + ' vpn:' + vpn + ' ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment + "\n")
elif fwtype == 'DNAT' and userid == 0: elif fwtype == 'DNAT' and userid == 0:
n.write('DNAT ' + net + ' vpn:$OMR_ADDR ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment + "\n") n.write('DNAT ' + net + ' vpn:$OMR_ADDR ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment + "\n")
elif fwtype == 'DNAT' and userid != 0: elif fwtype == 'DNAT' and userid != 0: