bayrepo
/
hestiacp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4905975d79'
${ noResults }
hestiacp/bin/v-stop-firewall

105 lines
3.3 KiB
Raw Normal View History Unescape

Initial
2 years ago
#!/bin/bash
# info: stop system firewall
# options: NONE
#
# example: v-stop-firewall
#
# This function stops iptables
#----------------------------------------------------------#
# Variables & Functions #
#----------------------------------------------------------#
# Defining absolute path for iptables
iptables="/sbin/iptables"
# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# shellcheck source=/usr/local/hestia/func/firewall.sh
source $HESTIA/func/firewall.sh
# load config file
source_conf "$HESTIA/conf/hestia.conf"
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
# Perform verification if read-only mode is enabled
check_hestia_demo_mode
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Self heal iptables links
heal_iptables_links
# Creating temporary file
tmp="$(mktemp)"
# Flushing INPUT chain
echo "$iptables -P INPUT ACCEPT" >> $tmp
echo "$iptables -F INPUT" >> $tmp
# Deleting hestia chain
echo "$iptables -X hestia" >> $tmp
# Deleting custom chains
IFS=$'\n'
for chain in $(cat $HESTIA/data/firewall/chains.conf 2> /dev/null); do
parse_object_kv_list "$chain"
echo "$iptables -F fail2ban-$CHAIN" >> $tmp
echo "$iptables -X fail2ban-$CHAIN" >> $tmp
done
# Applying rules
bash $tmp 2> /dev/null
# Deleting temporary file
rm -f $tmp
# Clean up and saving rules to the master iptables file
if [ -d "/etc/sysconfig" ]; then
/sbin/iptables-save | sed -e 's/[[0-9]\+:[0-9]\+]/[0:0]/g' -e '/^-A fail2ban-[A-Z]\+ -s .\+$/d' > /etc/sysconfig/iptables
else
/sbin/iptables-save | sed -e 's/[[0-9]\+:[0-9]\+]/[0:0]/g' -e '/^-A fail2ban-[A-Z]\+ -s .\+$/d' > /etc/iptables.rules
iptablesversion="$(iptables --version | head -1 | awk '{print $2}' | cut -f -2 -d .)"
sd_unit="/lib/systemd/system/hestia-iptables.service"
if [ ! -e "$sd_unit" ]; then
echo "[Unit]" >> $sd_unit
echo "Description=Loading Hestia firewall rules" >> $sd_unit
echo "DefaultDependencies=no" >> $sd_unit
echo "Wants=network-pre.target local-fs.target" >> $sd_unit
echo "Before=network-pre.target" >> $sd_unit
echo "After=local-fs.target" >> $sd_unit
echo "" >> $sd_unit
echo "[Service]" >> $sd_unit
echo "Type=oneshot" >> $sd_unit
echo "RemainAfterExit=yes" >> $sd_unit
echo "ExecStartPre=-${HESTIA}/bin/v-update-firewall-ipset load" >> $sd_unit
if [ "$iptablesversion" = "v1.6" ]; then
echo "ExecStart=/sbin/iptables-restore /etc/iptables.rules" >> $sd_unit
else
echo "ExecStart=/sbin/iptables-restore --wait=10 /etc/iptables.rules" >> $sd_unit
fi
echo "" >> $sd_unit
echo "[Install]" >> $sd_unit
echo "WantedBy=multi-user.target" >> $sd_unit
systemctl -q daemon-reload
fi
systemctl -q is-enabled hestia-iptables 2> /dev/null && systemctl -q disable hestia-iptables
if [ -z "$FIREWALL_SYSTEM" ]; then
rm -f $sd_unit
systemctl -q daemon-reload
fi
fi
#----------------------------------------------------------#
# Hestia #
#----------------------------------------------------------#
exit