frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2025-03-01 10:31:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #49 from RaspAP/feature-firewall

Browse Source 
Feature: firewall settings
This commit is contained in:
Bill Zimmerman
2021-11-26 22:48:14 +01:00
committed by GitHub
parent 4d00bd9e94 d12fc09cae
commit d0564ec946
11 changed files with 823 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
installers/install_feature_firewall.sh Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/bash
#
# RaspAP feature installation: Firewall
# to be sources by the RaspAP installer script
# Author: @zbchristian <christian@zeitnitz.eu>
# Author URI: https://github.com/zbchristian/
# License: GNU General Public License v3.0
# License URI: https://github.com/raspap/raspap-webgui/blob/master/LICENSE
function _install_feature_firewall() {
name="feature firewall"
_install_log "Install $name"
# create config dir
sudo mkdir "$raspap_network/firewall" || _install_status 1 "Unable to create firewall config directory"
# copy firewall configuration
sudo cp "$webroot_dir/config/iptables_rules.json" "$raspap_network/firewall/" || _install_status 1 "Unable to copy iptables templates"
sudo chown $raspap_user:$raspap_user -R "$raspap_network/firewall" || _install_status 1 "Unable to change ownership of firewall directory and files "
_install_status 0
}

6
installers/raspap.sudoers
View File

@@ -62,3 +62,9 @@ www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/*.conf
www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-*.key
www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/*.conf
www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/wg-*.key
www-data ALL=(ALL) NOPASSWD:/tmp/iptables_raspap.sh
www-data ALL=(ALL) NOPASSWD:/tmp/ip6tables_raspap.sh
www-data ALL=(ALL) NOPASSWD:/usr/sbin/iptables-save
www-data ALL=(ALL) NOPASSWD:/usr/sbin/ip6tables-save
www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /etc/iptables/rules.v4
www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /etc/iptables/rules.v6

29
installers/update_firewall.sh Normal file
View File

@@ -0,0 +1,29 @@
#!/bin/bash
# include the raspap helper functions
source /usr/local/sbin/raspap_helpers.sh
_getWebRoot
echo -n "Update firewall ... "
cat << EOF > /tmp/updateFirewall.php
<?php
//set_include_path('/var/www/html/');
\$_SESSION['locale']="en_GB.UTF-8";
require_once 'includes/config.php';
require_once 'includes/defaults.php';
require_once RASPI_CONFIG.'/raspap.php';
require_once 'includes/locale.php';
require_once 'includes/wifi_functions.php';
require_once 'includes/get_clients.php';
require_once 'includes/firewall.php';
updateFirewall();
?>
EOF
sudo php -d include_path=$raspap_webroot /tmp/updateFirewall.php
rm /tmp/updateFirewall.php
echo "done."