mirror of
https://github.com/RaspAP/raspap-webgui.git
synced 2024-11-25 09:00:25 +00:00
Define firewall constants
This commit is contained in:
parent
b770b89d73
commit
3059dd1fb8
2 changed files with 12 additions and 13 deletions
|
@ -23,7 +23,8 @@ define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
|
||||||
define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
|
define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
|
||||||
define('RASPI_WIREGUARD_PATH', '/etc/wireguard/');
|
define('RASPI_WIREGUARD_PATH', '/etc/wireguard/');
|
||||||
define('RASPI_WIREGUARD_CONFIG', RASPI_WIREGUARD_PATH.'wg0.conf');
|
define('RASPI_WIREGUARD_CONFIG', RASPI_WIREGUARD_PATH.'wg0.conf');
|
||||||
define('RASPI_FIREWALL_ENABLED', true);
|
define('RASPAP_FIREWALL_CONF',"/etc/raspap/networking/firewall/firewall.conf");
|
||||||
|
define('RASPAP_IPTABLES_CONF',"/etc/raspap/networking/firewall/iptables_rules.json");
|
||||||
define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
|
define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
|
||||||
define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
|
define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
|
||||||
define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
|
define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
|
||||||
|
@ -44,6 +45,7 @@ define('RASPI_DHCP_ENABLED', true);
|
||||||
define('RASPI_ADBLOCK_ENABLED', false);
|
define('RASPI_ADBLOCK_ENABLED', false);
|
||||||
define('RASPI_OPENVPN_ENABLED', false);
|
define('RASPI_OPENVPN_ENABLED', false);
|
||||||
define('RASPI_WIREGUARD_ENABLED', false);
|
define('RASPI_WIREGUARD_ENABLED', false);
|
||||||
|
define('RASPI_FIREWALL_ENABLED', true);
|
||||||
define('RASPI_TORPROXY_ENABLED', false);
|
define('RASPI_TORPROXY_ENABLED', false);
|
||||||
define('RASPI_CONFAUTH_ENABLED', true);
|
define('RASPI_CONFAUTH_ENABLED', true);
|
||||||
define('RASPI_CHANGETHEME_ENABLED', true);
|
define('RASPI_CHANGETHEME_ENABLED', true);
|
||||||
|
|
|
@ -3,8 +3,6 @@
|
||||||
require_once 'includes/status_messages.php';
|
require_once 'includes/status_messages.php';
|
||||||
require_once 'includes/functions.php';
|
require_once 'includes/functions.php';
|
||||||
|
|
||||||
define(RASPAP_FIREWALL_CONF,"/tmp/iptables.conf");
|
|
||||||
define(RASPAP_IPTABLES_CONF,"/etc/raspap/networking/firewall/iptables_rules.json");
|
|
||||||
define(RASPAP_IPTABLES_SCRIPT,"/tmp/iptables_raspap.sh");
|
define(RASPAP_IPTABLES_SCRIPT,"/tmp/iptables_raspap.sh");
|
||||||
|
|
||||||
function getDependson(&$rule, &$conf) {
|
function getDependson(&$rule, &$conf) {
|
||||||
|
@ -52,7 +50,6 @@ function createRuleStr(&$sect, &$conf) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if ( !empty($repl) && !empty($val) ) {
|
if ( !empty($repl) && !empty($val) ) {
|
||||||
//echo "replace $repl $val \n"; //print_r( $val); echo "\n";
|
|
||||||
if ( is_array($val) ) {
|
if ( is_array($val) ) {
|
||||||
foreach ( $val as $v ) $rr = array_merge($rr,str_replace($repl, $v, $r));
|
foreach ( $val as $v ) $rr = array_merge($rr,str_replace($repl, $v, $r));
|
||||||
}
|
}
|
||||||
|
@ -76,9 +73,6 @@ function configureFirewall() {
|
||||||
$json = file_get_contents(RASPAP_IPTABLES_CONF);
|
$json = file_get_contents(RASPAP_IPTABLES_CONF);
|
||||||
$ipt = json_decode($json, true);
|
$ipt = json_decode($json, true);
|
||||||
$conf = ReadFirewallConf();
|
$conf = ReadFirewallConf();
|
||||||
|
|
||||||
//echo "<pre>";
|
|
||||||
// print_r($ipt);
|
|
||||||
$txt = "#!/bin/bash\n";
|
$txt = "#!/bin/bash\n";
|
||||||
$txt .= "iptables -F\n";
|
$txt .= "iptables -F\n";
|
||||||
$txt .= "iptables -X\n";
|
$txt .= "iptables -X\n";
|
||||||
|
@ -88,10 +82,8 @@ function configureFirewall() {
|
||||||
$count=0;
|
$count=0;
|
||||||
foreach ( $ipt["order"] as $idx ) {
|
foreach ( $ipt["order"] as $idx ) {
|
||||||
if ( isset($ipt[$idx]) ) {
|
if ( isset($ipt[$idx]) ) {
|
||||||
// echo "Handle $idx \n";
|
|
||||||
foreach ( $ipt[$idx] as $i => $sect ) {
|
foreach ( $ipt[$idx] as $i => $sect ) {
|
||||||
if ( isRuleEnabled($sect, $conf) ) {
|
if ( isRuleEnabled($sect, $conf) ) {
|
||||||
// echo " rule $i name ".$sect["name"]."\n";
|
|
||||||
$str_rules= createRuleStr($sect, $conf);
|
$str_rules= createRuleStr($sect, $conf);
|
||||||
if ( !empty($str_rules) ) {
|
if ( !empty($str_rules) ) {
|
||||||
file_put_contents(RASPAP_IPTABLES_SCRIPT, $str_rules, FILE_APPEND);
|
file_put_contents(RASPAP_IPTABLES_SCRIPT, $str_rules, FILE_APPEND);
|
||||||
|
@ -101,8 +93,6 @@ function configureFirewall() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// echo "Firewall ON";
|
|
||||||
//echo "</pre>";
|
|
||||||
if ( $count > 0 ) {
|
if ( $count > 0 ) {
|
||||||
exec("chmod +x ".RASPAP_IPTABLES_SCRIPT);
|
exec("chmod +x ".RASPAP_IPTABLES_SCRIPT);
|
||||||
exec("sudo ".RASPAP_IPTABLES_SCRIPT);
|
exec("sudo ".RASPAP_IPTABLES_SCRIPT);
|
||||||
|
@ -113,7 +103,14 @@ function configureFirewall() {
|
||||||
}
|
}
|
||||||
|
|
||||||
function WriteFirewallConf($conf) {
|
function WriteFirewallConf($conf) {
|
||||||
if ( is_array($conf) ) write_php_ini($conf,RASPAP_FIREWALL_CONF);
|
$ret = false;
|
||||||
|
if ( is_array($conf) ) {
|
||||||
|
write_php_ini($conf,"/tmp/fwdata");
|
||||||
|
exec('sudo /bin/cp /tmp/fwdata '. RASPAP_FIREWALL_CONF,$out);
|
||||||
|
$ret = empty($out);
|
||||||
|
unlink("/tmp/fwdata");
|
||||||
|
}
|
||||||
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -147,7 +144,7 @@ function ReadFirewallConf() {
|
||||||
$conf["openvpn-enable"] = true;
|
$conf["openvpn-enable"] = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# get wireguard server IP (if existing)
|
# get wireguard server IP (if existing)
|
||||||
if ( RASPI_WIREGUARD_ENABLED && file_exists(RASPI_WIREGUARD_CONFIG) ) {
|
if ( RASPI_WIREGUARD_ENABLED && file_exists(RASPI_WIREGUARD_CONFIG) ) {
|
||||||
# search for endpoint
|
# search for endpoint
|
||||||
|
|
Loading…
Reference in a new issue