Merge pull request #1055 from pi-hole/fix/firewall_check

Restructure firewall detection and application.
This commit is contained in:
Mcat12 2016-12-30 11:23:30 -05:00 committed by GitHub
commit ced0d3c2c0
2 changed files with 8 additions and 9 deletions

View File

@ -866,16 +866,17 @@ create_pihole_user() {
configureFirewall() { configureFirewall() {
# Allow HTTP and DNS traffic # Allow HTTP and DNS traffic
if command -v firewall-cmd &> /dev/null; then if firewall-cmd --state &> /dev/null; then
firewall-cmd --state &> /dev/null && ( echo "::: Configuring firewalld for httpd and dnsmasq.." && firewall-cmd --permanent --add-port=80/tcp && firewall-cmd --permanent --add-port=53/tcp \ echo "::: Configuring FirewallD for httpd and dnsmasq.."
&& firewall-cmd --permanent --add-port=53/udp && firewall-cmd --reload) || echo "::: FirewallD not enabled" firewall-cmd --permanent --add-port=80/tcp --add-port=53/tcp --add-port=53/udp
elif command -v iptables &> /dev/null; then firewall-cmd --reload
elif modinfo ip_tables &> /dev/null && iptables -S INPUT | head -n1 | grep -v "ACCEPT" &> /dev/null ; then
echo "::: Configuring iptables for httpd and dnsmasq.." echo "::: Configuring iptables for httpd and dnsmasq.."
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
else else
echo "::: No firewall detected.. skipping firewall configuration." echo "::: No active firewall detected.. skipping firewall configuration."
fi fi
} }

View File

@ -71,13 +71,11 @@ def test_configureFirewall_firewalld_no_errors(Pihole):
source /opt/pihole/basic-install.sh source /opt/pihole/basic-install.sh
configureFirewall configureFirewall
''') ''')
expected_stdout = '::: Configuring firewalld for httpd and dnsmasq.' expected_stdout = '::: Configuring FirewallD for httpd and dnsmasq.'
assert expected_stdout in configureFirewall.stdout assert expected_stdout in configureFirewall.stdout
firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout
assert 'firewall-cmd --state' in firewall_calls assert 'firewall-cmd --state' in firewall_calls
assert 'firewall-cmd --permanent --add-port=80/tcp' in firewall_calls assert 'firewall-cmd --permanent --add-port=80/tcp --add-port=53/tcp --add-port=53/udp' in firewall_calls
assert 'firewall-cmd --permanent --add-port=53/tcp' in firewall_calls
assert 'firewall-cmd --permanent --add-port=53/udp' in firewall_calls
assert 'firewall-cmd --reload' in firewall_calls assert 'firewall-cmd --reload' in firewall_calls