From a4a987964396d13dc345890efe55d34f1b4d3769 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Thu, 29 Dec 2016 15:57:29 -0800 Subject: [PATCH 1/2] Restructure firewall detection and application. Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 9701560f..906d1dc9 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -866,16 +866,17 @@ create_pihole_user() { configureFirewall() { # Allow HTTP and DNS traffic - if command -v firewall-cmd &> /dev/null; then - firewall-cmd --state &> /dev/null && ( echo "::: Configuring firewalld for httpd and dnsmasq.." && firewall-cmd --permanent --add-port=80/tcp && firewall-cmd --permanent --add-port=53/tcp \ - && firewall-cmd --permanent --add-port=53/udp && firewall-cmd --reload) || echo "::: FirewallD not enabled" - elif command -v iptables &> /dev/null; then + if firewall-cmd --state &> /dev/null; then + echo "::: Configuring FirewallD for httpd and dnsmasq.." + firewall-cmd --permanent --add-port=80/tcp --add-port=53/tcp --add-port=53/udp + firewall-cmd --reload + elif modinfo ip_tables &> /dev/null && iptables -S INPUT | head -n1 | grep -v "ACCEPT" &> /dev/null ; then echo "::: Configuring iptables for httpd and dnsmasq.." iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT else - echo "::: No firewall detected.. skipping firewall configuration." + echo "::: No active firewall detected.. skipping firewall configuration." fi } From a48518d2345d3a9c96f467a32812089139e44e69 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Thu, 29 Dec 2016 16:11:13 -0800 Subject: [PATCH 2/2] Update test rig for new firewalld Signed-off-by: Dan Schaper --- test/test_automated_install.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/test/test_automated_install.py b/test/test_automated_install.py index ee3beeee..58aefe91 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -71,13 +71,11 @@ def test_configureFirewall_firewalld_no_errors(Pihole): source /opt/pihole/basic-install.sh configureFirewall ''') - expected_stdout = '::: Configuring firewalld for httpd and dnsmasq.' + expected_stdout = '::: Configuring FirewallD for httpd and dnsmasq.' assert expected_stdout in configureFirewall.stdout firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout assert 'firewall-cmd --state' in firewall_calls - assert 'firewall-cmd --permanent --add-port=80/tcp' in firewall_calls - assert 'firewall-cmd --permanent --add-port=53/tcp' in firewall_calls - assert 'firewall-cmd --permanent --add-port=53/udp' in firewall_calls + assert 'firewall-cmd --permanent --add-port=80/tcp --add-port=53/tcp --add-port=53/udp' in firewall_calls assert 'firewall-cmd --reload' in firewall_calls