nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-28 08:03:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

firewall: Add diagnostic for default zone

Browse Source 
Tests:
- Change the firewalld default zone to public, and restart firewalld.
  The diagnostic is failed.

- Change the default zone back to external, and restart firewalld. The
  diagnostic is passed.

Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This commit is contained in:
James Valleroy 2023-06-21 21:51:58 -04:00 committed by Sunil Mohan Adapa
parent 7f57775396
commit 0a565bdd17
No known key found for this signature in database
GPG Key ID: 43EA1CFF0AA7C5F2
2 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
plinth/modules/firewall/__init__.py
View File

@ -4,6 +4,7 @@
import contextlib
import logging
from django.utils.translation import gettext
from django.utils.translation import gettext_lazy as _
from plinth import app as app_module
@ -94,6 +95,12 @@ class FirewallApp(app_module.App):
_run_setup()
return True
def diagnose(self):
"""Run diagnostics and return the results."""
results = super().diagnose()
results.append(_diagnose_default_zone())
return results
def _run_setup():
"""Run firewalld setup."""
@ -252,3 +259,11 @@ def remove_passthrough(ipv, *args):
config_direct = _get_dbus_proxy(_CONFIG_OBJECT, _CONFIG_DIRECT_INTERFACE)
if config_direct.queryPassthrough('(sas)', ipv, args):
config_direct.removePassthrough('(sas)', ipv, args)
def _diagnose_default_zone():
"""Diagnose whether the default zone is external."""
default_zone = privileged.get_default_zone()
testname = gettext('Default zone is external')
result = 'passed' if default_zone == 'external' else 'failed'
return [testname, result]

7
plinth/modules/firewall/privileged.py
View File

@ -129,3 +129,10 @@ def setup():
set_firewall_backend('nftables')
_setup_local_service_protection()
@privileged
def get_default_zone():
"""Return the firewalld default zone."""
output = subprocess.check_output(['firewall-cmd', '--get-default-zone'])
return output.decode().strip()