mirror of
https://github.com/myvesta/vesta
synced 2025-08-21 13:54:28 -07:00
v-update-firewall-rules: improve nginx configuration handling for deleting rules, as well as for suspended and unsuspended rules
This commit is contained in:
Peca
parent
30581ea672
commit
4e8bac8dda
3 changed files with 23 additions and 1 deletions
|
|
@ -45,7 +45,7 @@ $BIN/v-update-firewall
|
||||||
if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
|
if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
|
||||||
parse_object_kv_list_non_eval "$oldvalues"
|
parse_object_kv_list_non_eval "$oldvalues"
|
||||||
if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then
|
if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then
|
||||||
sed -i "/$IP/d" /etc/nginx/conf.d/block-firewall.conf
|
sed -i "\#$IP#d" /etc/nginx/conf.d/block-firewall.conf
|
||||||
systemctl restart nginx
|
systemctl restart nginx
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
|
||||||
|
|
@ -32,12 +32,21 @@ is_object_unsuspended '../../data/firewall/rules' 'RULE' "$rule"
|
||||||
# Action #
|
# Action #
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
|
oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
|
||||||
|
|
||||||
# Suspending rule
|
# Suspending rule
|
||||||
update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' yes
|
update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' yes
|
||||||
|
|
||||||
# Updating system firewall
|
# Updating system firewall
|
||||||
$BIN/v-update-firewall
|
$BIN/v-update-firewall
|
||||||
|
|
||||||
|
if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
|
||||||
|
parse_object_kv_list_non_eval "$oldvalues"
|
||||||
|
if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then
|
||||||
|
sed -i "\#$IP#d" /etc/nginx/conf.d/block-firewall.conf
|
||||||
|
systemctl restart nginx
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
# Vesta #
|
# Vesta #
|
||||||
|
|
|
||||||
|
|
@ -32,12 +32,25 @@ is_object_suspended '../../data/firewall/rules' 'RULE' "$rule"
|
||||||
# Action #
|
# Action #
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
|
oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
|
||||||
|
|
||||||
# Suspending rule
|
# Suspending rule
|
||||||
update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' no
|
update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' no
|
||||||
|
|
||||||
# Updating system firewall
|
# Updating system firewall
|
||||||
$BIN/v-update-firewall
|
$BIN/v-update-firewall
|
||||||
|
|
||||||
|
if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
|
||||||
|
parse_object_kv_list_non_eval "$oldvalues"
|
||||||
|
if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then
|
||||||
|
touch /etc/nginx/conf.d/block-firewall.conf
|
||||||
|
if ! grep -q "deny $IP;" /etc/nginx/conf.d/block-firewall.conf; then
|
||||||
|
echo "deny $IP;" >> /etc/nginx/conf.d/block-firewall.conf
|
||||||
|
systemctl restart nginx
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
# Vesta #
|
# Vesta #
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue