mirror of
https://github.com/Ysurac/openmptcprouter-vps-admin.git
synced 2025-03-09 15:40:05 +00:00
Add source destination IP support
This commit is contained in:
parent
710ead09aa
commit
ff368e4910
1 changed files with 79 additions and 36 deletions
115
omr-admin.py
115
omr-admin.py
|
@ -232,7 +232,7 @@ def file_as_bytes(file):
|
||||||
with file:
|
with file:
|
||||||
return file.read()
|
return file.read()
|
||||||
|
|
||||||
def shorewall_add_port(user, port, proto, name, fwtype='ACCEPT'):
|
def shorewall_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip = ''):
|
||||||
userid = user.userid
|
userid = user.userid
|
||||||
if userid is None:
|
if userid is None:
|
||||||
userid = 0
|
userid = 0
|
||||||
|
@ -241,38 +241,58 @@ def shorewall_add_port(user, port, proto, name, fwtype='ACCEPT'):
|
||||||
with open('/etc/shorewall/rules', 'r') as f, \
|
with open('/etc/shorewall/rules', 'r') as f, \
|
||||||
open(tmpfile, 'a+') as n:
|
open(tmpfile, 'a+') as n:
|
||||||
for line in f:
|
for line in f:
|
||||||
if (fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto in line):
|
if source_dip == '':
|
||||||
n.write(line)
|
if (fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto in line):
|
||||||
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto in line:
|
n.write(line)
|
||||||
n.write(line)
|
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto in line:
|
||||||
if fwtype == 'ACCEPT':
|
n.write(line)
|
||||||
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + "\n")
|
else:
|
||||||
elif fwtype == 'DNAT' and userid == 0:
|
if (fwtype == 'ACCEPT' and not '# OMR ' + user.username + ' open ' + name + ' port ' + proto + ' from ' + source_dip in line):
|
||||||
n.write('DNAT net vpn:$OMR_ADDR ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + "\n")
|
n.write(line)
|
||||||
elif fwtype == 'DNAT' and userid != 0:
|
elif fwtype == 'DNAT' and not '# OMR ' + user.username + ' redirect ' + name + ' port ' + proto + ' from ' + source_dip in line:
|
||||||
n.write('DNAT net vpn:$OMR_ADDR_USER' + str(userid) + ' ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + "\n")
|
n.write(line)
|
||||||
|
if source_dip == '':
|
||||||
|
if fwtype == 'ACCEPT':
|
||||||
|
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + "\n")
|
||||||
|
elif fwtype == 'DNAT' and userid == 0:
|
||||||
|
n.write('DNAT net vpn:$OMR_ADDR ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + "\n")
|
||||||
|
elif fwtype == 'DNAT' and userid != 0:
|
||||||
|
n.write('DNAT net vpn:$OMR_ADDR_USER' + str(userid) + ' ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + "\n")
|
||||||
|
else:
|
||||||
|
if fwtype == 'ACCEPT':
|
||||||
|
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + ' from ' + source_dip + "\n")
|
||||||
|
elif fwtype == 'DNAT' and userid == 0:
|
||||||
|
n.write('DNAT net vpn:$OMR_ADDR ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + ' from ' + source_dip + "\n")
|
||||||
|
elif fwtype == 'DNAT' and userid != 0:
|
||||||
|
n.write('DNAT net vpn:$OMR_ADDR_USER' + str(userid) + ' ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + ' from ' + source_dip + "\n")
|
||||||
os.close(fd)
|
os.close(fd)
|
||||||
move(tmpfile, '/etc/shorewall/rules')
|
move(tmpfile, '/etc/shorewall/rules')
|
||||||
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
||||||
if initial_md5 != final_md5:
|
if initial_md5 != final_md5:
|
||||||
os.system("systemctl -q reload shorewall")
|
os.system("systemctl -q reload shorewall")
|
||||||
|
|
||||||
def shorewall_del_port(username, port, proto, name, fwtype='ACCEPT'):
|
def shorewall_del_port(username, port, proto, name, fwtype='ACCEPT', source_dip=''):
|
||||||
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
||||||
fd, tmpfile = mkstemp()
|
fd, tmpfile = mkstemp()
|
||||||
with open('/etc/shorewall/rules', 'r') as f, open(tmpfile, 'a+') as n:
|
with open('/etc/shorewall/rules', 'r') as f, open(tmpfile, 'a+') as n:
|
||||||
for line in f:
|
for line in f:
|
||||||
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' open ' + name + ' port ' + proto in line:
|
if source_dip == '':
|
||||||
n.write(line)
|
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' open ' + name + ' port ' + proto in line:
|
||||||
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto in line:
|
n.write(line)
|
||||||
n.write(line)
|
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto in line:
|
||||||
|
n.write(line)
|
||||||
|
else:
|
||||||
|
if fwtype == 'ACCEPT' and not port + '# OMR ' + username + ' open ' + name + ' port ' + proto + ' from ' + source_dip in line:
|
||||||
|
n.write(line)
|
||||||
|
elif fwtype == 'DNAT' and not port + '# OMR ' + username + ' redirect ' + name + ' port ' + proto + ' from ' + source_dip in line:
|
||||||
|
n.write(line)
|
||||||
os.close(fd)
|
os.close(fd)
|
||||||
move(tmpfile, '/etc/shorewall/rules')
|
move(tmpfile, '/etc/shorewall/rules')
|
||||||
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
||||||
if initial_md5 != final_md5:
|
if initial_md5 != final_md5:
|
||||||
os.system("systemctl -q reload shorewall")
|
os.system("systemctl -q reload shorewall")
|
||||||
|
|
||||||
def shorewall6_add_port(user, port, proto, name, fwtype='ACCEPT'):
|
def shorewall6_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip=''):
|
||||||
userid = user.userid
|
userid = user.userid
|
||||||
if userid is None:
|
if userid is None:
|
||||||
userid = 0
|
userid = 0
|
||||||
|
@ -280,31 +300,51 @@ def shorewall6_add_port(user, port, proto, name, fwtype='ACCEPT'):
|
||||||
fd, tmpfile = mkstemp()
|
fd, tmpfile = mkstemp()
|
||||||
with open('/etc/shorewall6/rules', 'r') as f, open(tmpfile, 'a+') as n:
|
with open('/etc/shorewall6/rules', 'r') as f, open(tmpfile, 'a+') as n:
|
||||||
for line in f:
|
for line in f:
|
||||||
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto in line:
|
if source_dip == '':
|
||||||
n.write(line)
|
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto in line:
|
||||||
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto in line:
|
n.write(line)
|
||||||
n.write(line)
|
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto in line:
|
||||||
if fwtype == 'ACCEPT':
|
n.write(line)
|
||||||
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + "\n")
|
else:
|
||||||
elif fwtype == 'DNAT' and userid == 0:
|
if fwtype == 'ACCEPT' and not port + '# OMR ' + user.username + ' open ' + name + ' port ' + proto + ' from ' + source_dip in line:
|
||||||
n.write('DNAT net vpn:$OMR_ADDR ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + "\n")
|
n.write(line)
|
||||||
elif fwtype == 'DNAT' and userid != 0:
|
elif fwtype == 'DNAT' and not port + '# OMR ' + user.username + ' redirect ' + name + ' port ' + proto + ' from ' + source_dip in line:
|
||||||
n.write('DNAT net vpn:$OMR_ADDR_USER' + str(userid) + ' ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + "\n")
|
n.write(line)
|
||||||
|
if source_dip == '':
|
||||||
|
if fwtype == 'ACCEPT':
|
||||||
|
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + "\n")
|
||||||
|
elif fwtype == 'DNAT' and userid == 0:
|
||||||
|
n.write('DNAT net vpn:$OMR_ADDR ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + "\n")
|
||||||
|
elif fwtype == 'DNAT' and userid != 0:
|
||||||
|
n.write('DNAT net vpn:$OMR_ADDR_USER' + str(userid) + ' ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + "\n")
|
||||||
|
else:
|
||||||
|
if fwtype == 'ACCEPT':
|
||||||
|
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + ' from ' + source_dip + "\n")
|
||||||
|
elif fwtype == 'DNAT' and userid == 0:
|
||||||
|
n.write('DNAT net vpn:$OMR_ADDR ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + ' from ' + source_dip + "\n")
|
||||||
|
elif fwtype == 'DNAT' and userid != 0:
|
||||||
|
n.write('DNAT net vpn:$OMR_ADDR_USER' + str(userid) + ' ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + ' from ' + source_dip + "\n")
|
||||||
os.close(fd)
|
os.close(fd)
|
||||||
move(tmpfile, '/etc/shorewall6/rules')
|
move(tmpfile, '/etc/shorewall6/rules')
|
||||||
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
|
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
|
||||||
if initial_md5 != final_md5:
|
if initial_md5 != final_md5:
|
||||||
os.system("systemctl -q reload shorewall6")
|
os.system("systemctl -q reload shorewall6")
|
||||||
|
|
||||||
def shorewall6_del_port(username, port, proto, name, fwtype='ACCEPT'):
|
def shorewall6_del_port(username, port, proto, name, fwtype='ACCEPT', source_dip=''):
|
||||||
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
|
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
|
||||||
fd, tmpfile = mkstemp()
|
fd, tmpfile = mkstemp()
|
||||||
with open('/etc/shorewall6/rules', 'r') as f, open(tmpfile, 'a+') as n:
|
with open('/etc/shorewall6/rules', 'r') as f, open(tmpfile, 'a+') as n:
|
||||||
for line in f:
|
for line in f:
|
||||||
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' open ' + name + ' port ' + proto in line:
|
if source_dip == '':
|
||||||
n.write(line)
|
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' open ' + name + ' port ' + proto in line:
|
||||||
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto in line:
|
n.write(line)
|
||||||
n.write(line)
|
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto in line:
|
||||||
|
n.write(line)
|
||||||
|
else:
|
||||||
|
if fwtype == 'ACCEPT' and not '# OMR ' + username + ' open ' + name + ' port ' + proto + ' from ' + source_dip in line:
|
||||||
|
n.write(line)
|
||||||
|
elif fwtype == 'DNAT' and not '# OMR ' + username + ' redirect ' + name + ' port ' + proto + ' from ' + source_dip in line:
|
||||||
|
n.write(line)
|
||||||
os.close(fd)
|
os.close(fd)
|
||||||
move(tmpfile, '/etc/shorewall6/rules')
|
move(tmpfile, '/etc/shorewall6/rules')
|
||||||
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
|
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
|
||||||
|
@ -1137,6 +1177,7 @@ class Shorewallparams(BaseModel):
|
||||||
proto: str
|
proto: str
|
||||||
fwtype: str
|
fwtype: str
|
||||||
ipproto: str = "ipv4"
|
ipproto: str = "ipv4"
|
||||||
|
source_dip: str = ""
|
||||||
|
|
||||||
@app.post('/shorewallopen')
|
@app.post('/shorewallopen')
|
||||||
def shorewall_open(*, params: Shorewallparams, current_user: User = Depends(get_current_user)):
|
def shorewall_open(*, params: Shorewallparams, current_user: User = Depends(get_current_user)):
|
||||||
|
@ -1146,12 +1187,13 @@ def shorewall_open(*, params: Shorewallparams, current_user: User = Depends(get_
|
||||||
port = params.port
|
port = params.port
|
||||||
proto = params.proto
|
proto = params.proto
|
||||||
fwtype = params.fwtype
|
fwtype = params.fwtype
|
||||||
|
source_dip = params.source_dip
|
||||||
if name is None:
|
if name is None:
|
||||||
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'shorewallopen'}
|
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'shorewallopen'}
|
||||||
if params.ipproto == 'ipv4':
|
if params.ipproto == 'ipv4':
|
||||||
shorewall_add_port(current_user, str(port), proto, name, fwtype)
|
shorewall_add_port(current_user, str(port), proto, name, fwtype, source_dip)
|
||||||
else:
|
else:
|
||||||
shorewall6_add_port(current_user, str(port), proto, name, fwtype)
|
shorewall6_add_port(current_user, str(port), proto, name, fwtype, source_dip)
|
||||||
return {'result': 'done', 'reason': 'changes applied'}
|
return {'result': 'done', 'reason': 'changes applied'}
|
||||||
|
|
||||||
@app.post('/shorewallclose')
|
@app.post('/shorewallclose')
|
||||||
|
@ -1162,12 +1204,13 @@ def shorewall_close(*, params: Shorewallparams, current_user: User = Depends(get
|
||||||
port = params.port
|
port = params.port
|
||||||
proto = params.proto
|
proto = params.proto
|
||||||
fwtype = params.fwtype
|
fwtype = params.fwtype
|
||||||
|
source_dip = params.source_dip
|
||||||
if name is None:
|
if name is None:
|
||||||
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'shorewallclose'}
|
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'shorewallclose'}
|
||||||
if params.ipproto == 'ipv4':
|
if params.ipproto == 'ipv4':
|
||||||
shorewall_del_port(current_user.username, str(port), proto, name, fwtype)
|
shorewall_del_port(current_user.username, str(port), proto, name, fwtype, source_dip)
|
||||||
else:
|
else:
|
||||||
shorewall6_del_port(current_user.username, str(port), proto, name, fwtype)
|
shorewall6_del_port(current_user.username, str(port), proto, name, fwtype, source_dip)
|
||||||
return {'result': 'done', 'reason': 'changes applied', 'route': 'shorewallclose'}
|
return {'result': 'done', 'reason': 'changes applied', 'route': 'shorewallclose'}
|
||||||
|
|
||||||
# Set MPTCP config
|
# Set MPTCP config
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue