From 3c68a52056194c29242cde67885ee36a8a6666a1 Mon Sep 17 00:00:00 2001 From: Joseph Nuthalapati Date: Mon, 26 Nov 2018 15:34:14 +0530 Subject: [PATCH] firewalld: Use nftables instead of iptables restart service after setting the firewall backend Fixes #1400 Fixes #1430 Signed-off-by: Joseph Nuthalapati Reviewed-by: James Valleroy --- actions/firewall | 24 ++++++++++++++++++++++++ plinth/modules/firewall/__init__.py | 4 ++-- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/actions/firewall b/actions/firewall index e6f172a96..18eec15fe 100755 --- a/actions/firewall +++ b/actions/firewall @@ -22,6 +22,10 @@ Configuration helper for FreedomBox firewall interface. import argparse import subprocess +import augeas + +from plinth import action_utils + def parse_arguments(): """Return parsed command line arguments as dictionary""" @@ -68,9 +72,29 @@ def parse_arguments(): return parser.parse_args() +def set_firewall_backend(backend): + """Set FirewallBackend attribute to the specified string.""" + conf_file = '/etc/firewalld/firewalld.conf' + aug = augeas.Augeas(flags=augeas.Augeas.NO_LOAD + + augeas.Augeas.NO_MODL_AUTOLOAD) + + # lens for shell-script config file + aug.set('/augeas/load/Shellvars/lens', 'Shellvars.lns') + aug.set('/augeas/load/Shellvars/incl[last() + 1]', conf_file) + aug.load() + + aug.set('/files/{}/FirewallBackend'.format(conf_file), + '{}'.format(backend)) + aug.save() + + action_utils.service_enable('firewalld') + action_utils.service_restart('firewalld') + + def subcommand_setup(_): """Perform basic firewalld setup.""" subprocess.call(['firewall-cmd', '--set-default-zone=external']) + set_firewall_backend('nftables') add_service('external', 'http') add_service('internal', 'http') diff --git a/plinth/modules/firewall/__init__.py b/plinth/modules/firewall/__init__.py index 3878d3825..80d213cbc 100644 --- a/plinth/modules/firewall/__init__.py +++ b/plinth/modules/firewall/__init__.py @@ -30,11 +30,11 @@ from plinth.utils import format_lazy from .manifest import backup -version = 1 +version = 2 is_essential = True -managed_packages = ['firewalld'] +managed_packages = ['firewalld', 'nftables'] name = _('Firewall')