GithubFollow/One-KVM
1
0
Fork 0
mirror of https://github.com/mofeng-git/One-KVM.git synced 2025-12-12 01:00:29 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

allow icmp

Browse Source
This commit is contained in:
Devaev Maxim 2020-10-16 23:40:14 +03:00
parent dd279e3a13
commit bfe437e405
3 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
kvmd/apps/__init__.py
View File

@ -447,6 +447,7 @@ def _get_config_scheme() -> Dict:
}, },
"firewall": { "firewall": {
"allow_icmp": Option(True, type=valid_bool),
"allow_tcp": Option([], type=valid_ports_list), "allow_tcp": Option([], type=valid_ports_list),
"allow_udp": Option([67], type=valid_ports_list), "allow_udp": Option([67], type=valid_ports_list),
"iptables_cmd": Option(["/usr/bin/iptables"], type=valid_command), "iptables_cmd": Option(["/usr/bin/iptables"], type=valid_command),

3
kvmd/apps/otgnet/__init__.py
View File

@ -43,6 +43,7 @@ from .netctl import BaseCtl
from .netctl import IfaceUpCtl from .netctl import IfaceUpCtl
from .netctl import IfaceAddIpCtl from .netctl import IfaceAddIpCtl
from .netctl import IptablesDropAllCtl from .netctl import IptablesDropAllCtl
from .netctl import IptablesAllowIcmpCtl
from .netctl import IptablesAllowPortCtl from .netctl import IptablesAllowPortCtl
from .netctl import CustomCtl from .netctl import CustomCtl
@ -64,6 +65,7 @@ class _Service: # pylint: disable=too-many-instance-attributes
self.__iface_net: str = config.otgnet.iface.net self.__iface_net: str = config.otgnet.iface.net
self.__ip_cmd: List[str] = config.otgnet.iface.ip_cmd self.__ip_cmd: List[str] = config.otgnet.iface.ip_cmd
self.__allow_icmp: bool = config.otgnet.firewall.allow_icmp
self.__allow_tcp: List[int] = sorted(set(config.otgnet.firewall.allow_tcp)) self.__allow_tcp: List[int] = sorted(set(config.otgnet.firewall.allow_tcp))
self.__allow_udp: List[int] = sorted(set(config.otgnet.firewall.allow_udp)) self.__allow_udp: List[int] = sorted(set(config.otgnet.firewall.allow_udp))
self.__iptables_cmd: List[str] = config.otgnet.firewall.iptables_cmd self.__iptables_cmd: List[str] = config.otgnet.firewall.iptables_cmd
@ -91,6 +93,7 @@ class _Service: # pylint: disable=too-many-instance-attributes
ctls: List[BaseCtl] = [ ctls: List[BaseCtl] = [
CustomCtl(self.__pre_start_cmd, self.__post_stop_cmd, placeholders), CustomCtl(self.__pre_start_cmd, self.__post_stop_cmd, placeholders),
IfaceUpCtl(self.__ip_cmd, netcfg.iface), IfaceUpCtl(self.__ip_cmd, netcfg.iface),
*([IptablesAllowIcmpCtl(self.__iptables_cmd, netcfg.iface)] if self.__allow_icmp else []),
*[ *[
IptablesAllowPortCtl(self.__iptables_cmd, netcfg.iface, port, tcp) IptablesAllowPortCtl(self.__iptables_cmd, netcfg.iface, port, tcp)
for (port, tcp) in [ for (port, tcp) in [

12
kvmd/apps/otgnet/netctl.py
View File

@ -58,6 +58,18 @@ class IptablesDropAllCtl(BaseCtl):
return [*self.__base_cmd, ("-A" if direct else "-D"), "INPUT", "-i", self.__iface, "-j", "DROP"] return [*self.__base_cmd, ("-A" if direct else "-D"), "INPUT", "-i", self.__iface, "-j", "DROP"]
class IptablesAllowIcmpCtl(BaseCtl):
def __init__(self, base_cmd: List[str], iface: str) -> None:
self.__base_cmd = base_cmd
self.__iface = iface
def get_command(self, direct: bool) -> List[str]:
return [
*self.__base_cmd,
("-A" if direct else "-D"), "INPUT", "-i", self.__iface, "-p", "icmp", "-j", "ACCEPT",
]
class IptablesAllowPortCtl(BaseCtl): class IptablesAllowPortCtl(BaseCtl):
def __init__(self, base_cmd: List[str], iface: str, port: int, tcp: bool) -> None: def __init__(self, base_cmd: List[str], iface: str, port: int, tcp: bool) -> None:
self.__base_cmd = base_cmd self.__base_cmd = base_cmd