From 5046fa4c55dbb91c933b1999ab2e8b5565c9856e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xe=CC=81fir=20Destiny?= Date: Wed, 24 Feb 2016 17:56:49 +0100 Subject: [PATCH] Add a protection to avoid autoban themself if we change the default ajenti port --- ajenti/plugins/iptables/main.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/ajenti/plugins/iptables/main.py b/ajenti/plugins/iptables/main.py index b37bb4c5da..2433a1972c 100755 --- a/ajenti/plugins/iptables/main.py +++ b/ajenti/plugins/iptables/main.py @@ -3,6 +3,7 @@ import itertools import subprocess +import ajenti from ajenti.api import * from ajenti.plugins.main.api import SectionPlugin from ajenti.ui import on @@ -121,7 +122,7 @@ def post_rule_update(o, c, i, u): def on_page_load(self): if not os.path.exists(self.fw_mgr.config_path_ajenti): if not os.path.exists(self.fw_mgr.config_path): - open(self.fw_mgr.config_path, 'w').write(""" + TEMPLATE_IPTABLES_CONTENT = """ *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] @@ -142,9 +143,12 @@ def on_page_load(self): -A INPUT -i lo -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT --A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT +-A INPUT -p tcp -m tcp --dport %(ajenti_port)s -j ACCEPT COMMIT - """) +""" + open(self.fw_mgr.config_path, 'w').write(TEMPLATE_IPTABLES_CONTENT % { + 'ajenti_port': ajenti.config.tree.http_binding.port + }) open(self.fw_mgr.config_path_ajenti, 'w').write(open(self.fw_mgr.config_path).read()) self.config.load() self.refresh() @@ -265,7 +269,6 @@ def get_template(self, item, ui): return root - if subprocess.call(['which', 'ip6tables']) == 0: @interface class IPv6FirewallManager (object):