Merge pull request #1055 from pi-hole/fix/firewall_check

Restructure firewall detection and application.
This commit is contained in:
Mcat12 2016-12-30 11:23:30 -05:00 committed by GitHub
commit ced0d3c2c0
2 changed files with 8 additions and 9 deletions

View File

@ -866,16 +866,17 @@ create_pihole_user() {
configureFirewall() {
# Allow HTTP and DNS traffic
if command -v firewall-cmd &> /dev/null; then
firewall-cmd --state &> /dev/null && ( echo "::: Configuring firewalld for httpd and dnsmasq.." && firewall-cmd --permanent --add-port=80/tcp && firewall-cmd --permanent --add-port=53/tcp \
&& firewall-cmd --permanent --add-port=53/udp && firewall-cmd --reload) || echo "::: FirewallD not enabled"
elif command -v iptables &> /dev/null; then
if firewall-cmd --state &> /dev/null; then
echo "::: Configuring FirewallD for httpd and dnsmasq.."
firewall-cmd --permanent --add-port=80/tcp --add-port=53/tcp --add-port=53/udp
firewall-cmd --reload
elif modinfo ip_tables &> /dev/null && iptables -S INPUT | head -n1 | grep -v "ACCEPT" &> /dev/null ; then
echo "::: Configuring iptables for httpd and dnsmasq.."
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
else
echo "::: No firewall detected.. skipping firewall configuration."
echo "::: No active firewall detected.. skipping firewall configuration."
fi
}

View File

@ -71,13 +71,11 @@ def test_configureFirewall_firewalld_no_errors(Pihole):
source /opt/pihole/basic-install.sh
configureFirewall
''')
expected_stdout = '::: Configuring firewalld for httpd and dnsmasq.'
expected_stdout = '::: Configuring FirewallD for httpd and dnsmasq.'
assert expected_stdout in configureFirewall.stdout
firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout
assert 'firewall-cmd --state' in firewall_calls
assert 'firewall-cmd --permanent --add-port=80/tcp' in firewall_calls
assert 'firewall-cmd --permanent --add-port=53/tcp' in firewall_calls
assert 'firewall-cmd --permanent --add-port=53/udp' in firewall_calls
assert 'firewall-cmd --permanent --add-port=80/tcp --add-port=53/tcp --add-port=53/udp' in firewall_calls
assert 'firewall-cmd --reload' in firewall_calls