Initial

2024-03-19 22:05:27 +03:00
commit 346a50856b
1572 changed files with 182163 additions and 0 deletions
--- a/bin/v-stop-firewall
+++ b/bin/v-stop-firewall
@@ -0,0 +1,104 @@
+#!/bin/bash
+# info: stop system firewall
+# options: NONE
+#
+# example: v-stop-firewall
+#
+# This function stops iptables
+
+#----------------------------------------------------------#
+#                Variables & Functions                     #
+#----------------------------------------------------------#
+
+# Defining absolute path for iptables
+iptables="/sbin/iptables"
+
+# Includes
+# shellcheck source=/etc/hestiacp/hestia.conf
+source /etc/hestiacp/hestia.conf
+# shellcheck source=/usr/local/hestia/func/main.sh
+source $HESTIA/func/main.sh
+# shellcheck source=/usr/local/hestia/func/firewall.sh
+source $HESTIA/func/firewall.sh
+# load config file
+source_conf "$HESTIA/conf/hestia.conf"
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Self heal iptables links
+heal_iptables_links
+
+# Creating temporary file
+tmp="$(mktemp)"
+
+# Flushing INPUT chain
+echo "$iptables -P INPUT ACCEPT" >> $tmp
+echo "$iptables -F INPUT" >> $tmp
+
+# Deleting hestia chain
+echo "$iptables -X hestia" >> $tmp
+
+# Deleting custom chains
+IFS=$'\n'
+for chain in $(cat $HESTIA/data/firewall/chains.conf 2> /dev/null); do
+	parse_object_kv_list "$chain"
+	echo "$iptables -F fail2ban-$CHAIN" >> $tmp
+	echo "$iptables -X fail2ban-$CHAIN" >> $tmp
+done
+
+# Applying rules
+bash $tmp 2> /dev/null
+
+# Deleting temporary file
+rm -f $tmp
+
+# Clean up and saving rules to the master iptables file
+if [ -d "/etc/sysconfig" ]; then
+	/sbin/iptables-save | sed -e 's/[[0-9]\+:[0-9]\+]/[0:0]/g' -e '/^-A fail2ban-[A-Z]\+ -s .\+$/d' > /etc/sysconfig/iptables
+else
+	/sbin/iptables-save | sed -e 's/[[0-9]\+:[0-9]\+]/[0:0]/g' -e '/^-A fail2ban-[A-Z]\+ -s .\+$/d' > /etc/iptables.rules
+	iptablesversion="$(iptables --version | head -1 | awk '{print $2}' | cut -f -2 -d .)"
+	sd_unit="/lib/systemd/system/hestia-iptables.service"
+	if [ ! -e "$sd_unit" ]; then
+		echo "[Unit]" >> $sd_unit
+		echo "Description=Loading Hestia firewall rules" >> $sd_unit
+		echo "DefaultDependencies=no" >> $sd_unit
+		echo "Wants=network-pre.target local-fs.target" >> $sd_unit
+		echo "Before=network-pre.target" >> $sd_unit
+		echo "After=local-fs.target" >> $sd_unit
+		echo "" >> $sd_unit
+		echo "[Service]" >> $sd_unit
+		echo "Type=oneshot" >> $sd_unit
+		echo "RemainAfterExit=yes" >> $sd_unit
+		echo "ExecStartPre=-${HESTIA}/bin/v-update-firewall-ipset load" >> $sd_unit
+		if [ "$iptablesversion" = "v1.6" ]; then
+			echo "ExecStart=/sbin/iptables-restore /etc/iptables.rules" >> $sd_unit
+		else
+			echo "ExecStart=/sbin/iptables-restore --wait=10 /etc/iptables.rules" >> $sd_unit
+		fi
+		echo "" >> $sd_unit
+		echo "[Install]" >> $sd_unit
+		echo "WantedBy=multi-user.target" >> $sd_unit
+		systemctl -q daemon-reload
+	fi
+	systemctl -q is-enabled hestia-iptables 2> /dev/null && systemctl -q disable hestia-iptables
+	if [ -z "$FIREWALL_SYSTEM" ]; then
+		rm -f $sd_unit
+		systemctl -q daemon-reload
+	fi
+fi
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+exit