check firewall major version before setup changes anything.

linuxmuster · Feb 19, 2024 · ca48d4f · ca48d4f
1 parent 3702efa
commit ca48d4f
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 8 deletions.
diff --git a/lib/constants.py b/lib/constants.py
@@ -1,12 +1,13 @@
 #!/usr/bin/python3
 #
-# constants.py
-#
+# constants.py: linuxmuster environment
+# don't change this
 # thomas@linuxmuster.net
 # 20240219
 #
 
-# don't change this file
+# firewall major version to match
+FWMAJORVER = 24
 
 # global variables
 ROOTMNTOPTS = 'user_xattr,acl,usrquota,usrjquota=aquota.user,grpquota,grpjquota=aquota.group,jqfmt=vfsv0,errors=remount-ro,barrier=1'

diff --git a/lib/functions.py b/lib/functions.py
@@ -660,6 +660,27 @@ def putFwConfig(firewallip, fwconf=constants.FWCONFREMOTE, secret=''):
     return rc
 
 
+# check firewall's major version
+def checkFwMajorVer():
+    try:
+        firewallip = getSetupValue('firewallip')
+        ssh = paramiko.SSHClient()
+        ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+        ssh.connect(firewallip, port=22, username='root', password=constants.ROOTPW)
+        stdin, stdout, stderr = ssh.exec_command('opnsense-version')
+        output = stdout.readlines()[0]
+        fver = output.split()[1]
+        mver = int(fver.split('.')[0])
+        if mver == constants.FWMAJORVER:
+            return True
+        else:
+            print('Firewall version ' + fver + ' does not match ' + str(constants.FWMAJORVER) + '.*!')
+            return False
+    except Exception as error:
+        print(error)
+        return False
+
+
 # execute ssh command
 # note: paramiko key based connection is obviously broken in 18.04, so we use
 #   ssh shell command

diff --git a/sbin/linuxmuster-setup b/sbin/linuxmuster-setup
@@ -2,18 +2,15 @@
 #
 # linuxmuster-setup
 # thomas@linuxmuster.net
-# 20220105
+# 20240219
 #
 
 import constants
 import getopt
 import importlib
 import os
 import sys
-from functions import modIni
-from functions import printScript
-from functions import subProc
-from functions import tee
+from functions import checkFwMajorVer, modIni, printScript, subProc, tee
 
 
 def usage():
@@ -135,6 +132,7 @@ else:
         rc = modIni(constants.CUSTOMINI, 'setup', 'state', state)
     rc = modIni(constants.CUSTOMINI, 'setup', 'skipfw', str(skipfw))
 
+
 # work off setup modules
 setup_modules = os.listdir(constants.SETUPDIR)
 setup_modules.remove('__pycache__')
@@ -143,6 +141,10 @@ for module_file in setup_modules:
     # skip dialog in unattended mode
     if (unattended and 'dialog.py' in module_file):
         continue
+    # check firewall major version
+    if (not skipfw and 'templates.py' in module_file):
+        if not checkFwMajorVer():
+            sys.exit(1)
     # print module name
     module_name = os.path.basename(os.path.splitext(module_file)[0]).split('_')[1]
     printScript('', 'begin')