Define firewall constants

2021-07-19 17:28:49 +02:00 · 2021-07-19 17:28:49 +02:00 · 3059dd1fb8
parent b770b89d73
commit 3059dd1fb8
2 changed files with 12 additions and 13 deletions
--- a/config/config.php
+++ b/config/config.php
@ -23,7 +23,8 @@ define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
 define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
 define('RASPI_WIREGUARD_PATH', '/etc/wireguard/');
 define('RASPI_WIREGUARD_CONFIG', RASPI_WIREGUARD_PATH.'wg0.conf');
-define('RASPI_FIREWALL_ENABLED', true);
+define('RASPAP_FIREWALL_CONF',"/etc/raspap/networking/firewall/firewall.conf");
+define('RASPAP_IPTABLES_CONF',"/etc/raspap/networking/firewall/iptables_rules.json");
 define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
 define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
 define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
@ -44,6 +45,7 @@ define('RASPI_DHCP_ENABLED', true);
 define('RASPI_ADBLOCK_ENABLED', false);
 define('RASPI_OPENVPN_ENABLED', false);
 define('RASPI_WIREGUARD_ENABLED', false);
+define('RASPI_FIREWALL_ENABLED', true);
 define('RASPI_TORPROXY_ENABLED', false);
 define('RASPI_CONFAUTH_ENABLED', true);
 define('RASPI_CHANGETHEME_ENABLED', true);
--- a/includes/firewall.php
+++ b/includes/firewall.php
@ -3,8 +3,6 @@
 require_once 'includes/status_messages.php';
 require_once 'includes/functions.php';

-define(RASPAP_FIREWALL_CONF,"/tmp/iptables.conf");
-define(RASPAP_IPTABLES_CONF,"/etc/raspap/networking/firewall/iptables_rules.json");
 define(RASPAP_IPTABLES_SCRIPT,"/tmp/iptables_raspap.sh");

 function getDependson(&$rule, &$conf) {
@ -52,7 +50,6 @@ function createRuleStr(&$sect, &$conf) {
                   break;
            }
            if ( !empty($repl) && !empty($val) ) {
-//echo "replace $repl $val \n"; //print_r( $val); echo "\n";
               if ( is_array($val) ) {
                  foreach ( $val as $v ) $rr = array_merge($rr,str_replace($repl, $v, $r));
               }
@ -76,9 +73,6 @@ function configureFirewall() {
    $json = file_get_contents(RASPAP_IPTABLES_CONF);
    $ipt  = json_decode($json, true);
    $conf = ReadFirewallConf();
-
-//echo "<pre>";
-// print_r($ipt);
    $txt = "#!/bin/bash\n";
    $txt .= "iptables -F\n";
    $txt .= "iptables -X\n";
@ -88,10 +82,8 @@ function configureFirewall() {
    $count=0;
    foreach ( $ipt["order"] as $idx ) {
       if ( isset($ipt[$idx]) ) {
-//          echo "Handle $idx \n";
          foreach ( $ipt[$idx] as $i => $sect ) {
             if ( isRuleEnabled($sect, $conf) ) {
-//               echo "   rule $i name ".$sect["name"]."\n";
               $str_rules= createRuleStr($sect, $conf);
               if ( !empty($str_rules) ) {
                  file_put_contents(RASPAP_IPTABLES_SCRIPT, $str_rules, FILE_APPEND);
@ -101,8 +93,6 @@ function configureFirewall() {
          }
       }
    }
-//    echo "Firewall ON";
-//echo "</pre>";
    if ( $count > 0 ) {
       exec("chmod +x ".RASPAP_IPTABLES_SCRIPT);
       exec("sudo ".RASPAP_IPTABLES_SCRIPT);
@ -113,7 +103,14 @@ function configureFirewall() {
 }

 function WriteFirewallConf($conf) {
-     if ( is_array($conf) ) write_php_ini($conf,RASPAP_FIREWALL_CONF);
+	$ret = false;
+    if ( is_array($conf) ) {
+		write_php_ini($conf,"/tmp/fwdata");
+		exec('sudo /bin/cp /tmp/fwdata '. RASPAP_FIREWALL_CONF,$out);
+		$ret = empty($out);
+		unlink("/tmp/fwdata");
+	}
+	return $ret
 }


@ -147,7 +144,7 @@ function ReadFirewallConf() {
              $conf["openvpn-enable"] = true;
          }
      }
-    }    
+    }
 # get wireguard server IP (if existing)
    if ( RASPI_WIREGUARD_ENABLED && file_exists(RASPI_WIREGUARD_CONFIG) ) {
 # search for endpoint