mirror of
https://github.com/Ysurac/openmptcprouter-vps-admin.git
synced 2025-03-09 15:40:05 +00:00
Add backup and only needed firewall redirect support
This commit is contained in:
parent
bc84d257ef
commit
933ed4a158
1 changed files with 88 additions and 7 deletions
95
omr-admin.py
95
omr-admin.py
|
@ -64,14 +64,34 @@ def file_as_bytes(file):
|
||||||
with file:
|
with file:
|
||||||
return file.read()
|
return file.read()
|
||||||
|
|
||||||
def shorewall_port(port,proto,name):
|
def shorewall_add_port(port,proto,name,fwtype='ACCEPT'):
|
||||||
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
||||||
fd, tmpfile = mkstemp()
|
fd, tmpfile = mkstemp()
|
||||||
with open('/etc/shorewall/rules','r') as f, open(tmpfile,'a+') as n:
|
with open('/etc/shorewall/rules','r') as f, open(tmpfile,'a+') as n:
|
||||||
for line in f:
|
for line in f:
|
||||||
if not '# OMR open ' + name + ' port ' + proto in line:
|
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line:
|
||||||
|
n.write(line)
|
||||||
|
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line:
|
||||||
|
n.write(line)
|
||||||
|
if fwtype == 'ACCEPT':
|
||||||
|
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR open ' + name + ' port ' + proto + "\n")
|
||||||
|
elif fwtype == 'DNAT':
|
||||||
|
n.write('DNAT net vpn:$OMR_ADDR ' + proto + ' ' + port + ' # OMR redirect ' + name + ' port ' + proto + "\n")
|
||||||
|
os.close(fd)
|
||||||
|
move(tmpfile,'/etc/shorewall/rules')
|
||||||
|
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
||||||
|
if not initial_md5 == final_md5:
|
||||||
|
os.system("systemctl -q reload shorewall")
|
||||||
|
|
||||||
|
def shorewall_del_port(port,proto,name,fwtype='ACCEPT'):
|
||||||
|
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
||||||
|
fd, tmpfile = mkstemp()
|
||||||
|
with open('/etc/shorewall/rules','r') as f, open(tmpfile,'a+') as n:
|
||||||
|
for line in f:
|
||||||
|
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line:
|
||||||
|
n.write(line)
|
||||||
|
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line:
|
||||||
n.write(line)
|
n.write(line)
|
||||||
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR open ' + name + ' port ' + proto + "\n")
|
|
||||||
os.close(fd)
|
os.close(fd)
|
||||||
move(tmpfile,'/etc/shorewall/rules')
|
move(tmpfile,'/etc/shorewall/rules')
|
||||||
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
||||||
|
@ -378,8 +398,8 @@ def shadowsocks():
|
||||||
os.system("systemctl restart shadowsocks-libev-server@config.service")
|
os.system("systemctl restart shadowsocks-libev-server@config.service")
|
||||||
for x in range (1,os.cpu_count()):
|
for x in range (1,os.cpu_count()):
|
||||||
os.system("systemctl restart shadowsocks-libev-server@config" + str(x) + ".service")
|
os.system("systemctl restart shadowsocks-libev-server@config" + str(x) + ".service")
|
||||||
shorewall_port(str(port),'tcp','shadowsocks')
|
shorewall_add_port(str(port),'tcp','shadowsocks')
|
||||||
shorewall_port(str(port),'udp','shadowsocks')
|
shorewall_add_port(str(port),'udp','shadowsocks')
|
||||||
set_lastchange()
|
set_lastchange()
|
||||||
return jsonify({'result': 'done','reason': 'changes applied','route': 'shadowsocks'})
|
return jsonify({'result': 'done','reason': 'changes applied','route': 'shadowsocks'})
|
||||||
else:
|
else:
|
||||||
|
@ -415,6 +435,46 @@ def shorewall():
|
||||||
# Need to do the same for IPv6...
|
# Need to do the same for IPv6...
|
||||||
return jsonify({'result': 'done','reason': 'changes applied'})
|
return jsonify({'result': 'done','reason': 'changes applied'})
|
||||||
|
|
||||||
|
@app.route('/shorewalllist', methods=['POST'])
|
||||||
|
@jwt_required
|
||||||
|
def shorewall_list():
|
||||||
|
params = request.get_json()
|
||||||
|
name = params.get('name', None)
|
||||||
|
if name is None:
|
||||||
|
return jsonify({'result': 'error','reason': 'Invalid parameters','route': 'shorewalllist'})
|
||||||
|
fwlist = []
|
||||||
|
with open('/etc/shorewall/rules','r') as f:
|
||||||
|
for line in f:
|
||||||
|
if '# OMR ' + name in line:
|
||||||
|
fwlist.append(line)
|
||||||
|
return jsonify({'list': fwlist})
|
||||||
|
|
||||||
|
@app.route('/shorewallopen', methods=['POST'])
|
||||||
|
@jwt_required
|
||||||
|
def shorewall_open():
|
||||||
|
params = request.get_json()
|
||||||
|
name = params.get('name', None)
|
||||||
|
port = params.get('port', None)
|
||||||
|
proto = params.get('proto', None)
|
||||||
|
fwtype = params.get('fwtype', None)
|
||||||
|
if name is None:
|
||||||
|
return jsonify({'result': 'error','reason': 'Invalid parameters','route': 'shorewalllist'})
|
||||||
|
shorewall_add_port(str(port),proto,name,fwtype)
|
||||||
|
return jsonify({'result': 'done','reason': 'changes applied'})
|
||||||
|
|
||||||
|
@app.route('/shorewallclose', methods=['POST'])
|
||||||
|
@jwt_required
|
||||||
|
def shorewall_close():
|
||||||
|
params = request.get_json()
|
||||||
|
name = params.get('name', None)
|
||||||
|
port = params.get('port', None)
|
||||||
|
proto = params.get('proto', None)
|
||||||
|
fwtype = params.get('fwtype', None)
|
||||||
|
if name is None:
|
||||||
|
return jsonify({'result': 'error','reason': 'Invalid parameters','route': 'shorewalllist'})
|
||||||
|
shorewall_del_port(str(port),proto,name,fwtype)
|
||||||
|
return jsonify({'result': 'done','reason': 'changes applied'})
|
||||||
|
|
||||||
# Set MPTCP config
|
# Set MPTCP config
|
||||||
@app.route('/mptcp', methods=['POST'])
|
@app.route('/mptcp', methods=['POST'])
|
||||||
@jwt_required
|
@jwt_required
|
||||||
|
@ -498,7 +558,7 @@ def glorytun():
|
||||||
final_md5 = hashlib.md5(file_as_bytes(open('/etc/glorytun-udp/tun0', 'rb'))).hexdigest()
|
final_md5 = hashlib.md5(file_as_bytes(open('/etc/glorytun-udp/tun0', 'rb'))).hexdigest()
|
||||||
if not initial_md5 == final_md5:
|
if not initial_md5 == final_md5:
|
||||||
os.system("systemctl -q restart glorytun-udp@tun0")
|
os.system("systemctl -q restart glorytun-udp@tun0")
|
||||||
shorewall_port(str(port),'tcp','glorytun')
|
shorewall_add_port(str(port),'tcp','glorytun')
|
||||||
set_lastchange()
|
set_lastchange()
|
||||||
return jsonify({'result': 'done'})
|
return jsonify({'result': 'done'})
|
||||||
|
|
||||||
|
@ -517,7 +577,7 @@ def dsvpn():
|
||||||
final_md5 = hashlib.md5(file_as_bytes(open('/etc/dsvpn/dsvpn.key', 'rb'))).hexdigest()
|
final_md5 = hashlib.md5(file_as_bytes(open('/etc/dsvpn/dsvpn.key', 'rb'))).hexdigest()
|
||||||
if not initial_md5 == final_md5:
|
if not initial_md5 == final_md5:
|
||||||
os.system("systemctl -q restart dsvpn-server")
|
os.system("systemctl -q restart dsvpn-server")
|
||||||
shorewall_port(str(port),'tcp','dsvpn')
|
shorewall_add_port(str(port),'tcp','dsvpn')
|
||||||
set_lastchange()
|
set_lastchange()
|
||||||
return jsonify({'result': 'done'})
|
return jsonify({'result': 'done'})
|
||||||
|
|
||||||
|
@ -566,6 +626,27 @@ def update():
|
||||||
# Need to reboot if kernel change
|
# Need to reboot if kernel change
|
||||||
return jsonify({'result': 'done'})
|
return jsonify({'result': 'done'})
|
||||||
|
|
||||||
|
# Backup
|
||||||
|
@app.route('/backuppost', methods=['POST'])
|
||||||
|
@jwt_required
|
||||||
|
def backuppost():
|
||||||
|
params = request.get_json()
|
||||||
|
backup_file = params.get('data', None)
|
||||||
|
if not backup_file:
|
||||||
|
return jsonify({'result': 'error','reason': 'Invalid parameters','route': 'backuppost'})
|
||||||
|
with open('/var/opt/openmptcprouter/backup.tar.gz','wb') as f:
|
||||||
|
f.write(base64.b64decode(backup_file))
|
||||||
|
return jsonify({'result': 'done'})
|
||||||
|
|
||||||
|
@app.route('/backup', methods=['GET'])
|
||||||
|
@jwt_required
|
||||||
|
def send_backup():
|
||||||
|
with open('/var/opt/openmptcprouter/backup.tar.gz',"rb") as backup_file:
|
||||||
|
file_base64 = base64.b64encode(backup_file.read())
|
||||||
|
file_base64utf = file_base64.decode('utf-8')
|
||||||
|
return jsonify({'data': file_base64utf})
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
|
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
|
||||||
omr_config_data = json.load(f)
|
omr_config_data = json.load(f)
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue