Merge pull request #1055 from pi-hole/fix/firewall_check
Restructure firewall detection and application.
This commit is contained in:
commit
ced0d3c2c0
|
@ -866,16 +866,17 @@ create_pihole_user() {
|
||||||
|
|
||||||
configureFirewall() {
|
configureFirewall() {
|
||||||
# Allow HTTP and DNS traffic
|
# Allow HTTP and DNS traffic
|
||||||
if command -v firewall-cmd &> /dev/null; then
|
if firewall-cmd --state &> /dev/null; then
|
||||||
firewall-cmd --state &> /dev/null && ( echo "::: Configuring firewalld for httpd and dnsmasq.." && firewall-cmd --permanent --add-port=80/tcp && firewall-cmd --permanent --add-port=53/tcp \
|
echo "::: Configuring FirewallD for httpd and dnsmasq.."
|
||||||
&& firewall-cmd --permanent --add-port=53/udp && firewall-cmd --reload) || echo "::: FirewallD not enabled"
|
firewall-cmd --permanent --add-port=80/tcp --add-port=53/tcp --add-port=53/udp
|
||||||
elif command -v iptables &> /dev/null; then
|
firewall-cmd --reload
|
||||||
|
elif modinfo ip_tables &> /dev/null && iptables -S INPUT | head -n1 | grep -v "ACCEPT" &> /dev/null ; then
|
||||||
echo "::: Configuring iptables for httpd and dnsmasq.."
|
echo "::: Configuring iptables for httpd and dnsmasq.."
|
||||||
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
|
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
|
||||||
iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
|
iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
|
||||||
iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
|
iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
|
||||||
else
|
else
|
||||||
echo "::: No firewall detected.. skipping firewall configuration."
|
echo "::: No active firewall detected.. skipping firewall configuration."
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -71,13 +71,11 @@ def test_configureFirewall_firewalld_no_errors(Pihole):
|
||||||
source /opt/pihole/basic-install.sh
|
source /opt/pihole/basic-install.sh
|
||||||
configureFirewall
|
configureFirewall
|
||||||
''')
|
''')
|
||||||
expected_stdout = '::: Configuring firewalld for httpd and dnsmasq.'
|
expected_stdout = '::: Configuring FirewallD for httpd and dnsmasq.'
|
||||||
assert expected_stdout in configureFirewall.stdout
|
assert expected_stdout in configureFirewall.stdout
|
||||||
firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout
|
firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout
|
||||||
assert 'firewall-cmd --state' in firewall_calls
|
assert 'firewall-cmd --state' in firewall_calls
|
||||||
assert 'firewall-cmd --permanent --add-port=80/tcp' in firewall_calls
|
assert 'firewall-cmd --permanent --add-port=80/tcp --add-port=53/tcp --add-port=53/udp' in firewall_calls
|
||||||
assert 'firewall-cmd --permanent --add-port=53/tcp' in firewall_calls
|
|
||||||
assert 'firewall-cmd --permanent --add-port=53/udp' in firewall_calls
|
|
||||||
assert 'firewall-cmd --reload' in firewall_calls
|
assert 'firewall-cmd --reload' in firewall_calls
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue