From 3059dd1fb8eafe03cea389c411c8ae835b2163d4 Mon Sep 17 00:00:00 2001 From: Christian Zeitnitz Date: Mon, 19 Jul 2021 17:28:49 +0200 Subject: [PATCH] Define firewall constants --- config/config.php | 4 +++- includes/firewall.php | 21 +++++++++------------ 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/config/config.php b/config/config.php index 15c809c7..997a3990 100755 --- a/config/config.php +++ b/config/config.php @@ -23,7 +23,8 @@ define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf'); define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf'); define('RASPI_WIREGUARD_PATH', '/etc/wireguard/'); define('RASPI_WIREGUARD_CONFIG', RASPI_WIREGUARD_PATH.'wg0.conf'); -define('RASPI_FIREWALL_ENABLED', true); +define('RASPAP_FIREWALL_CONF',"/etc/raspap/networking/firewall/firewall.conf"); +define('RASPAP_IPTABLES_CONF',"/etc/raspap/networking/firewall/iptables_rules.json"); define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc'); define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf'); define('RASPI_ACCESS_CHECK_IP', '1.1.1.1'); @@ -44,6 +45,7 @@ define('RASPI_DHCP_ENABLED', true); define('RASPI_ADBLOCK_ENABLED', false); define('RASPI_OPENVPN_ENABLED', false); define('RASPI_WIREGUARD_ENABLED', false); +define('RASPI_FIREWALL_ENABLED', true); define('RASPI_TORPROXY_ENABLED', false); define('RASPI_CONFAUTH_ENABLED', true); define('RASPI_CHANGETHEME_ENABLED', true); diff --git a/includes/firewall.php b/includes/firewall.php index 980af899..46444fda 100644 --- a/includes/firewall.php +++ b/includes/firewall.php @@ -3,8 +3,6 @@ require_once 'includes/status_messages.php'; require_once 'includes/functions.php'; -define(RASPAP_FIREWALL_CONF,"/tmp/iptables.conf"); -define(RASPAP_IPTABLES_CONF,"/etc/raspap/networking/firewall/iptables_rules.json"); define(RASPAP_IPTABLES_SCRIPT,"/tmp/iptables_raspap.sh"); function getDependson(&$rule, &$conf) { @@ -52,7 +50,6 @@ function createRuleStr(&$sect, &$conf) { break; } if ( !empty($repl) && !empty($val) ) { -//echo "replace $repl $val \n"; //print_r( $val); echo "\n"; if ( is_array($val) ) { foreach ( $val as $v ) $rr = array_merge($rr,str_replace($repl, $v, $r)); } @@ -76,9 +73,6 @@ function configureFirewall() { $json = file_get_contents(RASPAP_IPTABLES_CONF); $ipt = json_decode($json, true); $conf = ReadFirewallConf(); - -//echo "
";
-// print_r($ipt);
     $txt = "#!/bin/bash\n";
     $txt .= "iptables -F\n";
     $txt .= "iptables -X\n";
@@ -88,10 +82,8 @@ function configureFirewall() {
     $count=0;
     foreach ( $ipt["order"] as $idx ) {
        if ( isset($ipt[$idx]) ) {
-//          echo "Handle $idx \n";
           foreach ( $ipt[$idx] as $i => $sect ) {
              if ( isRuleEnabled($sect, $conf) ) {
-//               echo "   rule $i name ".$sect["name"]."\n";
                $str_rules= createRuleStr($sect, $conf);
                if ( !empty($str_rules) ) {
                   file_put_contents(RASPAP_IPTABLES_SCRIPT, $str_rules, FILE_APPEND);
@@ -101,8 +93,6 @@ function configureFirewall() {
           }
        }
     }
-//    echo "Firewall ON";
-//echo "
"; if ( $count > 0 ) { exec("chmod +x ".RASPAP_IPTABLES_SCRIPT); exec("sudo ".RASPAP_IPTABLES_SCRIPT); @@ -113,7 +103,14 @@ function configureFirewall() { } function WriteFirewallConf($conf) { - if ( is_array($conf) ) write_php_ini($conf,RASPAP_FIREWALL_CONF); + $ret = false; + if ( is_array($conf) ) { + write_php_ini($conf,"/tmp/fwdata"); + exec('sudo /bin/cp /tmp/fwdata '. RASPAP_FIREWALL_CONF,$out); + $ret = empty($out); + unlink("/tmp/fwdata"); + } + return $ret } @@ -147,7 +144,7 @@ function ReadFirewallConf() { $conf["openvpn-enable"] = true; } } - } + } # get wireguard server IP (if existing) if ( RASPI_WIREGUARD_ENABLED && file_exists(RASPI_WIREGUARD_CONFIG) ) { # search for endpoint