@ -47,7 +47,7 @@ if (not $anvil->data->{sys}{manage}{firewall})
# Do nothing. # Do nothing.
$anvil->nice_exit({exit_code => 0}); $anvil->nice_exit({exit_code => 0});
} }
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 1 , secure => 0, key => "log_0115", variables => { program => $THIS_FILE }}); $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 3 , secure => 0, key => "log_0115", variables => { program => $THIS_FILE }});
# Read switches # Read switches
$anvil->data->{switches}{'y'} = ""; $anvil->data->{switches}{'y'} = "";
@ -76,20 +76,24 @@ sub check_initial_setup
$anvil->data->{firewall}{reload} = 0; $anvil->data->{firewall}{reload} = 0;
# Get a list of networks. # Get a list of networks.
$anvil->System->get_ips(); $anvil->System->get_ips({debug => 3});
# Get the list of existing zones from iptables/firewalld.
$anvil->System->check_firewall({debug => 3});
my $internet_zone = ""; my $internet_zone = "";
foreach my $interface (sort {$a cmp $b} keys %{$anvil->data->{sys}{network}{interface}}) foreach my $interface (sort {$a cmp $b} keys %{$anvil->data->{sys}{network}{interface}})
{ {
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { interface => $interface }});
if ($interface =~ /^((bcn|ifn|sn)\d+)_/) if ($interface =~ /^((bcn|ifn|sn)\d+)_/)
{ {
# We'll use the start as the zone, though it should always be overridden by the # We'll use the start of the string (network type) as the zone, though it should
# ZONE="" variable in each interface's config. # always be overridden by the ZONE="" variable in each interface's config.
my $zone = $1; my $zone = $1;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3 , list => { zone => $zone }}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2 , list => { zone => $zone }});
if ((exists $anvil->data->{sys}{network}{interface}{$interface}{variable}{ZONE}) && ($anvil->data->{sys}{network}{interface}{$interface}{variable}{ZONE})) if ((exists $anvil->data->{sys}{network}{interface}{$interface}{variable}{ZONE}) && ($anvil->data->{sys}{network}{interface}{$interface}{variable}{ZONE}))
{ {
$zone = $anvil->data->{sys}{network}{interface}{$interface}{variable}{ZONE}; $zone = $anvil->data->{sys}{network}{interface}{$interface}{variable}{ZONE};
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3 , list => { zone => $zone }}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2 , list => { zone => $zone }});
} }
push @{$needed_zones}, $zone; push @{$needed_zones}, $zone;
@ -111,59 +115,60 @@ sub check_initial_setup
} }
} }
# Get the list of existing zones from iptables/firewalld. # Process the list of existing zones from iptables/firewalld.
$anvil->System->check_firewall({debug => 3});
foreach my $zone (sort {$a cmp $b} keys %{$anvil->data->{firewall}{zone}}) foreach my $zone (sort {$a cmp $b} keys %{$anvil->data->{firewall}{zone}})
{ {
my $file = exists $anvil->data->{firewall}{zone}{$zone}{file} ? $anvil->data->{firewall}{zone}{$zone}{file} : $anvil->data->{path}{directories}{firewalld_zones}."/".$zone.".xml"; my $file = exists $anvil->data->{firewall}{zone}{$zone}{file} ? $anvil->data->{firewall}{zone}{$zone}{file} : $anvil->data->{path}{directories}{firewalld_zones}."/".$zone.".xml";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3 , list => { $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2 , list => {
"s1:zone" => $zone, "s1:zone" => $zone,
"s2:file" => $file, "s2:file" => $file,
}}); }});
# Is this a zone I want/need? ### NOTE: This is probably overkill.
my $wanted = 0; # # Is this a zone I want/need?
foreach my $needed_zone (sort {$a cmp $b} @{$needed_zones}) # my $wanted = 0;
{ # foreach my $needed_zone (sort {$a cmp $b} @{$needed_zones})
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { # {
"s1:zone" => $zone, # $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
"s2:needed_zone" => $needed_zone, # "s1:zone" => $zone,
}}); # "s2:needed_zone" => $needed_zone,
if ($needed_zone eq $zone) # }});
{ # if ($needed_zone eq $zone)
$wanted = 1; # {
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { wanted => $wanted }}); # $wanted = 1;
last; # $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { wanted => $wanted }});
} # last;
} # }
# }
# Remove the file if needed, and then skip this zone if we don't care about it. #
if (not $wanted) # # Remove the file if needed, and then skip this zone if we don't care about it.
{ # $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { wanted => $wanted }});
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 3, key => "message_0135", variables => { zone => $zone }}); # if (not $wanted)
if (-e $file) # {
{ # $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "message_0135", variables => { zone => $zone }});
# Archive and delete it. # if (-e $file)
my $backup_file = $anvil->Storage->backup({file => $file }); # {
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, secure => 0, key => "log_0242", variables => { # # Archive and delete it.
zone => $zone, # my $backup_file = $anvil->Storage->backup({file => $file });
file => $file, # $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, secure => 0, key => "log_0242", variables => {
backup => $backup_file, # zone => $zone,
}}); # file => $file,
unlink $file; # backup => $backup_file,
# }});
if (-e $file) # unlink $file;
{ #
# Failed to unlink the unneeed zone file. # if (-e $file)
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0243", variables => { file => $file }}); # {
$anvil->nice_exit({exit_code => 1}); # # Failed to unlink the unneeed zone file.
} # $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0243", variables => { file => $file }});
} # $anvil->nice_exit({exit_code => 1});
delete $anvil->data->{firewall}{zone}{$zone}; # }
# }
reload_firewall($anvil); # delete $anvil->data->{firewall}{zone}{$zone};
next; #
} # reload_firewall($anvil);
# next;
# }
# Create or update the zone file, if needed. # Create or update the zone file, if needed.
my $template = ""; my $template = "";
@ -186,7 +191,7 @@ sub check_initial_setup
$template = "ifn_zone"; $template = "ifn_zone";
$description = $anvil->Words->string({key => "message_0133", variables => { number => $number }}); $description = $anvil->Words->string({key => "message_0133", variables => { number => $number }});
} }
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3 , list => { $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2 , list => {
"s1:template" => $template, "s1:template" => $template,
"s2:description" => $description, "s2:description" => $description,
}}); }});
@ -205,13 +210,13 @@ sub check_initial_setup
{ {
# Has it changed? # Has it changed?
my $diff = diff \$old_zone_body, \$new_zone_body, { STYLE => 'Unified' }; my $diff = diff \$old_zone_body, \$new_zone_body, { STYLE => 'Unified' };
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3 , list => { diff => $diff }}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2 , list => { diff => $diff }});
if ($diff) if ($diff)
{ {
# Update it # Update it
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 1, key => "message_0136", variables => { zone => $zone, file => $file }}); $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 1, key => "message_0136", variables => { zone => $zone, file => $file }});
$update_file = 1; $update_file = 1;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3 , list => { update_file => $update_file }}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2 , list => { update_file => $update_file }});
} }
} }
else else
@ -219,9 +224,10 @@ sub check_initial_setup
# Create it # Create it
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 1, key => "message_0137", variables => { zone => $zone, file => $file }}); $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 1, key => "message_0137", variables => { zone => $zone, file => $file }});
$update_file = 1; $update_file = 1;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3 , list => { update_file => $update_file }}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2 , list => { update_file => $update_file }});
} }
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { update_file => $update_file }});
if ($update_file) if ($update_file)
{ {
my $error = $anvil->Storage->write_file({ my $error = $anvil->Storage->write_file({
@ -232,7 +238,7 @@ sub check_initial_setup
mode => "0644", mode => "0644",
overwrite => 1, overwrite => 1,
}); });
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3 , list => { error => $error }}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2 , list => { error => $error }});
if ($error) if ($error)
{ {
@ -247,12 +253,13 @@ sub check_initial_setup
foreach my $interface (sort {$a cmp $b} keys %{$anvil->data->{firewall}{zone}{$zone}{interface}}) foreach my $interface (sort {$a cmp $b} keys %{$anvil->data->{firewall}{zone}{$zone}{interface}})
{ {
my $in_zone = exists $anvil->data->{firewall}{interface}{$interface}{zone} ? $anvil->data->{firewall}{interface}{$interface}{zone} : ""; my $in_zone = exists $anvil->data->{firewall}{interface}{$interface}{zone} ? $anvil->data->{firewall}{interface}{$interface}{zone} : "";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3 , list => { $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2 , list => {
"s1:interface" => $interface, "s1:interface" => $interface,
"s2:in_zone" => $in_zone, "s2:in_zone" => $in_zone,
"s3:zone" => $zone, "s3:zone" => $zone,
}}); }});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { in_zone => $in_zone, zone => $zone }});
if ((not $in_zone) or ($zone ne $in_zone)) if ((not $in_zone) or ($zone ne $in_zone))
{ {
# Add it # Add it
@ -261,8 +268,8 @@ sub check_initial_setup
zone => $zone, zone => $zone,
}}); }});
my $output = $anvil->System->call({shell_call => $anvil->data->{path}{exe}{'firewall-cmd'}." --zone=".$zone." --change-interface=".$interface}); my $output = $anvil->System->call({debug => 2, shell_call => $anvil->data->{path}{exe}{'firewall-cmd'}." --zone=".$zone." --change-interface=".$interface});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3 , list => { output => $output }}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2 , list => { output => $output }});
reload_firewall($anvil); reload_firewall($anvil);
} }
@ -281,7 +288,7 @@ sub check_initial_setup
{ {
# Yup # Yup
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 3, key => "message_0141", variables => { zone => $internet_zone }}); $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 3, key => "message_0141", variables => { zone => $internet_zone }});
my $output = $anvil->System->call({shell_call => $anvil->data->{path}{exe}{'firewall-cmd'}." --set-default-zone=".$internet_zone}); my $output = $anvil->System->call({debug => 2, shell_call => $anvil->data->{path}{exe}{'firewall-cmd'}." --set-default-zone=".$internet_zone});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { output => $output }}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { output => $output }});
} }
@ -305,7 +312,7 @@ sub reload_firewall
my ($anvil) = @_; my ($anvil) = @_;
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 1, key => "message_0139"}); $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 1, key => "message_0139"});
my $output = $anvil->System->call({shell_call => $anvil->data->{path}{exe}{'firewall-cmd'}." --reload"}); my $output = $anvil->System->call({debug => 2, shell_call => $anvil->data->{path}{exe}{'firewall-cmd'}." --complete -reload"});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { output => $output }}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { output => $output }});
$anvil->data->{firewall}{reload} = 1; $anvil->data->{firewall}{reload} = 1;
Digimer
6 years ago