nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-05-13 10:30:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

firewall: Add diagnostic check for backend

Browse Source 
Tests:
- Change the backend to iptables, and restart firewalld. The diagnostic
  is failed.
- Change the backend back to nftables, and restart firewalld. The
  diagnostic is passed.

Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Use augeas transform operation]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This commit is contained in:
James Valleroy 2023-06-22 16:53:30 -04:00 committed by Sunil Mohan Adapa
parent 0a565bdd17
commit be91d8e4e4
No known key found for this signature in database
GPG Key ID: 43EA1CFF0AA7C5F2
2 changed files with 28 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
plinth/modules/firewall/__init__.py
View File

@ -98,7 +98,9 @@ class FirewallApp(app_module.App):
def diagnose(self): def diagnose(self):
"""Run diagnostics and return the results.""" """Run diagnostics and return the results."""
results = super().diagnose() results = super().diagnose()
results.append(_diagnose_default_zone()) config = privileged.get_config()
results.append(_diagnose_default_zone(config))
results.append(_diagnose_firewall_backend(config))
return results return results
@ -261,9 +263,15 @@ def remove_passthrough(ipv, *args):
config_direct.removePassthrough('(sas)', ipv, args) config_direct.removePassthrough('(sas)', ipv, args)
def _diagnose_default_zone(): def _diagnose_default_zone(config):
"""Diagnose whether the default zone is external.""" """Diagnose whether the default zone is external."""
default_zone = privileged.get_default_zone()
testname = gettext('Default zone is external') testname = gettext('Default zone is external')
result = 'passed' if default_zone == 'external' else 'failed' result = 'passed' if config['default_zone'] == 'external' else 'failed'
return [testname, result]
def _diagnose_firewall_backend(config):
"""Diagnose whether the firewall backend is nftables."""
testname = gettext('Firewall backend is nftables')
result = 'passed' if config['backend'] == 'nftables' else 'failed'
return [testname, result] return [testname, result]

19
plinth/modules/firewall/privileged.py
View File

@ -132,7 +132,20 @@ def setup():
@privileged @privileged
def get_default_zone(): def get_config():
"""Return the firewalld default zone.""" """Return firewalld configuration for diagnostics."""
config = {}
output = subprocess.check_output(['firewall-cmd', '--get-default-zone']) output = subprocess.check_output(['firewall-cmd', '--get-default-zone'])
return output.decode().strip() config['default_zone'] = output.decode().strip()
conf_file = '/etc/firewalld/firewalld.conf'
aug = augeas.Augeas(flags=augeas.Augeas.NO_LOAD +
augeas.Augeas.NO_MODL_AUTOLOAD)
aug.transform('Shellvars', conf_file)
aug.set('/augeas/context', '/files' + conf_file)
aug.load()
config['backend'] = aug.get('FirewallBackend')
return config