1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps-admin.git synced 2025-03-09 15:40:05 +00:00

client2client support in shorewall

This commit is contained in:
Ycarus 2020-01-29 21:20:43 +01:00
parent ee1579c5e3
commit 7300e03598

View file

@ -664,7 +664,7 @@ def config(current_user: User = Depends(get_current_user)):
if 'client2client' in omr_config_data and omr_config_data['client2client'] == True: if 'client2client' in omr_config_data and omr_config_data['client2client'] == True:
client2client = True client2client = True
for users in omr_config_data['users'][0]: for users in omr_config_data['users'][0]:
if 'lanips' in omr_config_data['users'][0][users]: if 'lanips' in omr_config_data['users'][0][users] and users != current_user.username:
alllanips.append(omr_config_data['users'][0][users]['lanips']) alllanips.append(omr_config_data['users'][0][users]['lanips'])
shorewall_redirect = "enable" shorewall_redirect = "enable"
@ -1333,6 +1333,21 @@ def client2client(*, params: ClienttoClient,current_user: User = Depends(get_cur
final_md5 = hashlib.md5(file_as_bytes(open('/etc/openvpn/tun0.conf', 'rb'))).hexdigest() final_md5 = hashlib.md5(file_as_bytes(open('/etc/openvpn/tun0.conf', 'rb'))).hexdigest()
if not initial_md5 == final_md5: if not initial_md5 == final_md5:
os.system("systemctl -q restart openvpn@tun0") os.system("systemctl -q restart openvpn@tun0")
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/policy', 'rb'))).hexdigest()
fd, tmpfile = mkstemp()
with open('/etc/shorewall/policy','r') as f, open(tmpfile,'a+') as n:
for line in f:
if not line == 'vpn vpn DROP\n' and not line == '# THE FOLLOWING POLICY MUST BE LAST\n' and not line == 'all all REJECT info\n':
n.write(line)
if params.enable == True:
n.write('vpn vpn DROP\n')
n.write('# THE FOLLOWING POLICY MUST BE LAST\n')
n.write('all all REJECT info\n')
os.close(fd)
move(tmpfile,'/etc/shorewall/policy')
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/policy', 'rb'))).hexdigest()
if not initial_md5 == final_md5:
os.system("systemctl -q reload shorewall")
return {'result': 'done'} return {'result': 'done'}
@app.get('/list_users') @app.get('/list_users')