1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps-admin.git synced 2025-03-09 15:40:05 +00:00

Add source ip support and fix remove shorewall rule

This commit is contained in:
Ycarus 2020-07-25 16:16:55 +02:00
parent af3b0d55ae
commit c64b8e3324

View file

@ -260,6 +260,14 @@ def add_gre_tunnels():
n.write('SNAT(' + str(addr) + ') ' + str(network) + ' ' + str(intf.split(':')[0]) + ' # OMR GRE for public IP ' + str(addr) + ' for user ' + str(user) + "\n") n.write('SNAT(' + str(addr) + ') ' + str(network) + ' ' + str(intf.split(':')[0]) + ' # OMR GRE for public IP ' + str(addr) + ' for user ' + str(user) + "\n")
os.close(fd) os.close(fd)
move(tmpfile, '/etc/shorewall/snat') move(tmpfile, '/etc/shorewall/snat')
#fd, tmpfile = mkstemp()
#with open('/etc/shorewall/interfaces', 'r') as h, open(tmpfile, 'a+') as n:
# for line in h:
# if not 'gre-user' + str(userid) + '-ip' + str(nbip) in line:
# n.write(line)
# n.write('vpn gre-user' + str(userid) + '-ip' + str(nbip) + ' nosmurfs,tcpflags' + "\n")
#os.close(fd)
#move(tmpfile, '/etc/shorewall/interfaces')
user_gre_tunnels = {} user_gre_tunnels = {}
if 'gre_tunnels' in content['users'][0][user]: if 'gre_tunnels' in content['users'][0][user]:
user_gre_tunnels = content['users'][0][user]['gre_tunnels'] user_gre_tunnels = content['users'][0][user]['gre_tunnels']
@ -450,15 +458,19 @@ def shorewall_del_port(username, port, proto, name, fwtype='ACCEPT', source_dip=
fd, tmpfile = mkstemp() fd, tmpfile = mkstemp()
with open('/etc/shorewall/rules', 'r') as f, open(tmpfile, 'a+') as n: with open('/etc/shorewall/rules', 'r') as f, open(tmpfile, 'a+') as n:
for line in f: for line in f:
if source_dip == '': if source_dip == '' and dest_ip == '':
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' open ' + name + ' port ' + proto in line: if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' open ' + name + ' port ' + proto in line:
n.write(line) n.write(line)
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto in line: elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto in line:
n.write(line) n.write(line)
else: else:
if fwtype == 'ACCEPT' and not port + '# OMR ' + username + ' open ' + name + ' port ' + proto + ' to ' + source_dip in line: if source_dip != '':
comment = ' to ' + source_dip
if dest_ip != '':
comment = comment + ' from ' + dest_ip
if fwtype == 'ACCEPT' and not '# OMR ' + username + ' open ' + name + ' port ' + proto + comment in line:
n.write(line) n.write(line)
elif fwtype == 'DNAT' and not port + '# OMR ' + username + ' redirect ' + name + ' port ' + proto + ' to ' + source_dip in line: elif fwtype == 'DNAT' and not '# OMR ' + username + ' redirect ' + name + ' port ' + proto + comment in line:
n.write(line) n.write(line)
os.close(fd) os.close(fd)
move(tmpfile, '/etc/shorewall/rules') move(tmpfile, '/etc/shorewall/rules')
@ -1457,6 +1469,7 @@ class Shorewallparams(BaseModel):
fwtype: str fwtype: str
ipproto: IPPROTO = Query("ipv4", title="Protocol IP for changes") ipproto: IPPROTO = Query("ipv4", title="Protocol IP for changes")
source_dip: str = "" source_dip: str = ""
source_ip: str = ""
@app.post('/shorewallopen', summary="Redirect a port from Server to Router") @app.post('/shorewallopen', summary="Redirect a port from Server to Router")
def shorewall_open(*, params: Shorewallparams, current_user: User = Depends(get_current_user)): def shorewall_open(*, params: Shorewallparams, current_user: User = Depends(get_current_user)):
@ -1467,12 +1480,13 @@ def shorewall_open(*, params: Shorewallparams, current_user: User = Depends(get_
proto = params.proto proto = params.proto
fwtype = params.fwtype fwtype = params.fwtype
source_dip = params.source_dip source_dip = params.source_dip
source_ip = params.source_ip
if name is None: if name is None:
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'shorewallopen'} return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'shorewallopen'}
if params.ipproto == 'ipv4': if params.ipproto == 'ipv4':
shorewall_add_port(current_user, str(port), proto, name, fwtype, source_dip) shorewall_add_port(current_user, str(port), proto, name, fwtype, source_dip, source_ip)
else: else:
shorewall6_add_port(current_user, str(port), proto, name, fwtype, source_dip) shorewall6_add_port(current_user, str(port), proto, name, fwtype, source_dip, source_ip)
return {'result': 'done', 'reason': 'changes applied'} return {'result': 'done', 'reason': 'changes applied'}
@app.post('/shorewallclose', summary="Remove a redirected port") @app.post('/shorewallclose', summary="Remove a redirected port")
@ -1484,12 +1498,13 @@ def shorewall_close(*, params: Shorewallparams, current_user: User = Depends(get
proto = params.proto proto = params.proto
fwtype = params.fwtype fwtype = params.fwtype
source_dip = params.source_dip source_dip = params.source_dip
source_ip = params.source_ip
if name is None: if name is None:
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'shorewallclose'} return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'shorewallclose'}
if params.ipproto == 'ipv4': if params.ipproto == 'ipv4':
shorewall_del_port(current_user.username, str(port), proto, name, fwtype, source_dip) shorewall_del_port(current_user.username, str(port), proto, name, fwtype, source_dip, source_ip)
else: else:
shorewall6_del_port(current_user.username, str(port), proto, name, fwtype, source_dip) shorewall6_del_port(current_user.username, str(port), proto, name, fwtype, source_dip, source_ip)
return {'result': 'done', 'reason': 'changes applied', 'route': 'shorewallclose'} return {'result': 'done', 'reason': 'changes applied', 'route': 'shorewallclose'}
# Set MPTCP config # Set MPTCP config