bug fix: add custom ssh port to csf

Author: usmannasir

firewall/firewallManager.py

@@ -378,21 +378,29 @@ def saveSSHConfigs(self, userID = None, data = None):
 
             if output.find("1,None") > -1:
 
-                try:
-                    updateFW = FirewallRules.objects.get(name="SSHCustom")
-                    FirewallUtilities.deleteRule("tcp", updateFW.port, "0.0.0.0/0")
-                    updateFW.port = sshPort
-                    updateFW.save()
-                    FirewallUtilities.addRule('tcp', sshPort, "0.0.0.0/0")
-                except:
+                csfPath = '/etc/csf'
+
+                if os.path.exists(csfPath):
+                    dataIn = {'protocol': 'TCP_IN', 'ports': sshPort}
+                    self.modifyPorts(dataIn)
+                    dataIn = {'protocol': 'TCP_OUT', 'ports': sshPort}
+                    self.modifyPorts(dataIn)
+                else:
                     try:
-                        newFireWallRule = FirewallRules(name="SSHCustom", port=sshPort, proto="tcp")
-                        newFireWallRule.save()
+                        updateFW = FirewallRules.objects.get(name="SSHCustom")
+                        FirewallUtilities.deleteRule("tcp", updateFW.port, "0.0.0.0/0")
+                        updateFW.port = sshPort
+                        updateFW.save()
                         FirewallUtilities.addRule('tcp', sshPort, "0.0.0.0/0")
-                        command = 'firewall-cmd --permanent --remove-service=ssh'
-                        ProcessUtilities.executioner(command)
-                    except BaseException, msg:
-                        logging.CyberCPLogFileWriter.writeToFile(str(msg))
+                    except:
+                        try:
+                            newFireWallRule = FirewallRules(name="SSHCustom", port=sshPort, proto="tcp")
+                            newFireWallRule.save()
+                            FirewallUtilities.addRule('tcp', sshPort, "0.0.0.0/0")
+                            command = 'firewall-cmd --permanent --remove-service=ssh'
+                            ProcessUtilities.executioner(command)
+                        except BaseException, msg:
+                            logging.CyberCPLogFileWriter.writeToFile(str(msg))
 
                 final_dic = {'status': 1, 'saveStatus': 1}
                 final_json = json.dumps(final_dic)
@@ -1463,7 +1471,7 @@ def changeStatus(self):
             final_json = json.dumps(final_dic)
             return HttpResponse(final_json)
 
-    def modifyPorts(self):
+    def modifyPorts(self, data = None):
         try:
 
             userID = self.request.session['userID']
@@ -1474,8 +1482,6 @@ def modifyPorts(self):
             else:
                 return ACLManager.loadErrorJson()
 
-            data = json.loads(self.request.body)
-
             protocol = data['protocol']
             ports = data['ports']
 

firewall/views.py

@@ -190,7 +190,7 @@ def saveSSHConfigs(request):
         if result != 200:
             return result
 
-        fm = FirewallManager()
+        fm = FirewallManager(request)
         coreResult = fm.saveSSHConfigs(userID, json.loads(request.body))
 
         result = pluginManager.postSaveSSHConfigs(request, coreResult)
@@ -520,7 +520,7 @@ def modifyPorts(request):
             return result
 
         fm = FirewallManager(request)
-        coreResult = fm.modifyPorts()
+        coreResult = fm.modifyPorts(json.loads(request.body))
 
         result = pluginManager.postModifyPorts(request, coreResult)
         if result != 200:

plogical/csf.py

@@ -486,14 +486,22 @@ def modifyPorts(protocol, portsPath):
             if protocol == 'TCP_IN':
                 for items in data:
                     if items.find('TCP_IN') > -1 and items.find('=') > -1 and (items[0] != '#'):
-                        writeToFile.writelines('TCP_IN = "' + ports + '"\n')
+                        if ports.find(',') > -1:
+                            writeToFile.writelines('TCP_IN = "' + ports + '"\n')
+                        else:
+                            content = '%s,%s\n' % (items, ports)
+                            writeToFile.writelines(content)
                     else:
                         writeToFile.writelines(items)
                 writeToFile.close()
             elif protocol == 'TCP_OUT':
                 for items in data:
                     if items.find('TCP_OUT') > -1 and items.find('=') > -1 and (items[0] != '#'):
-                        writeToFile.writelines('TCP_OUT = "' + ports + '"\n')
+                        if ports.find(',') > -1:
+                            writeToFile.writelines('TCP_OUT = "' + ports + '"\n')
+                        else:
+                            content = '%s,%s\n' % (items, ports)
+                            writeToFile.writelines(content)
                     else:
                         writeToFile.writelines(items)
                 writeToFile.close()