bayrepo
/
hestiacp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added nftables fix

Browse Source
devel
Alexey Berezhok 10 months ago
parent 719c7d9d67
commit 7444ae626d
4 changed files with 37 additions and 14 deletions
Show Stats Download Patch File Download Diff File

7
bin/v-list-sys-services
Unescape View File

@ -328,9 +328,16 @@ fi
# Checking FIREWALL system # Checking FIREWALL system
if [ -n "$FIREWALL_SYSTEM" ] && [ "$FIREWALL_SYSTEM" != 'remote' ]; then if [ -n "$FIREWALL_SYSTEM" ] && [ "$FIREWALL_SYSTEM" != 'remote' ]; then
state="stopped" state="stopped"
if [ -f /etc/redhat-release ]; then
RES=$(systemctl is-active nftables | grep -E "^active")
if [ -n "$RES" ]; then
state="running"
fi
else
if $(iptables -S INPUT | grep -qx '\-P INPUT DROP'); then if $(iptables -S INPUT | grep -qx '\-P INPUT DROP'); then
state="running" state="running"
fi fi
fi
data="$data\nNAME='$FIREWALL_SYSTEM' SYSTEM='firewall'" data="$data\nNAME='$FIREWALL_SYSTEM' SYSTEM='firewall'"
data="$data STATE='$state' CPU='0' MEM='0' RTIME='0'" data="$data STATE='$state' CPU='0' MEM='0' RTIME='0'"
fi fi

10
bin/v-start-service
Unescape View File

@ -42,6 +42,16 @@ fi
for service in $service_list; do for service in $service_list; do
if [ "$service" = "iptables" ]; then if [ "$service" = "iptables" ]; then
if [ -f /etc/redhat-release ]; then
RES=$(systemctl is-enabled nftables | grep enabled)
if [ -z "$RES" ]; then
systemctl enable nftables --now
fi
systemctl status nftables
if [ $? -ne 0 ]; then
systemctl start nftables
fi
fi
$BIN/v-update-firewall $BIN/v-update-firewall
else else
systemctl start "$service" systemctl start "$service"

8
bin/v-update-firewall
Unescape View File

@ -46,6 +46,9 @@ if [ ! -e "$rules" ]; then
exit exit
fi fi
if [ -f /etc/redhat-release ]; then
conntrack='yes'
else
# Checking conntrack module avaiabilty # Checking conntrack module avaiabilty
$modprobe nf_conntrack > /dev/null 2>&1 $modprobe nf_conntrack > /dev/null 2>&1
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
@ -54,11 +57,16 @@ if [ $? -ne 0 ]; then
conntrack='no' conntrack='no'
fi fi
fi fi
fi
if [ -f /etc/redhat-release ]; then
conntrack_ftp='yes'
else
$modprobe nf_conntrack_ftp > /dev/null 2>&1 $modprobe nf_conntrack_ftp > /dev/null 2>&1
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
conntrack_ftp='no' conntrack_ftp='no'
fi fi
fi
# Checking custom OpenSSH port # Checking custom OpenSSH port
sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2) sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)

6
install/hst-install-rhel.sh
Unescape View File

@ -901,12 +901,10 @@ fi
if [ "$iptables" = 'yes' ]; then if [ "$iptables" = 'yes' ]; then
if [ -f /etc/redhat-release ]; then if [ -f /etc/redhat-release ]; then
# Revert from nftables to iptables only first time dnf install iptables-nft -y
systemctl stop firewalld systemctl stop firewalld
systemctl disable firewalld systemctl disable firewalld
dnf erase nftables -y systemctl enable nftables --now
dnf install iptables-legacy iptables-legacy-libs iptables-services iptables-utils ipset -y
systemctl enable iptables --now
fi fi
fi fi

Write Preview
Loading…
Cancel
Save