Merge pull request ajenti#884 from Xefir/fix-iptables-port-aj

Add a protection to avoid autoban themself when using iptables plugin
thebureaugroup · Feb 26, 2016 · 8640255 · 8640255
2 parents b40b1fd + 5046fa4
commit 8640255
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/ajenti/plugins/iptables/main.py b/ajenti/plugins/iptables/main.py
@@ -3,6 +3,7 @@
 import itertools
 import subprocess
 
+import ajenti
 from ajenti.api import *
 from ajenti.plugins.main.api import SectionPlugin
 from ajenti.ui import on
@@ -121,7 +122,7 @@ def post_rule_update(o, c, i, u):
     def on_page_load(self):
         if not os.path.exists(self.fw_mgr.config_path_ajenti):
             if not os.path.exists(self.fw_mgr.config_path):
-                open(self.fw_mgr.config_path, 'w').write("""
+                TEMPLATE_IPTABLES_CONTENT = """
 *mangle
 :PREROUTING ACCEPT [0:0]
 :INPUT ACCEPT [0:0]
@@ -142,9 +143,12 @@ def on_page_load(self):
 -A INPUT -i lo -j ACCEPT
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport %(ajenti_port)s -j ACCEPT
 COMMIT
-                """)
+"""
+                open(self.fw_mgr.config_path, 'w').write(TEMPLATE_IPTABLES_CONTENT % {
+                    'ajenti_port': ajenti.config.tree.http_binding.port
+                })
             open(self.fw_mgr.config_path_ajenti, 'w').write(open(self.fw_mgr.config_path).read())
         self.config.load()
         self.refresh()
@@ -265,7 +269,6 @@ def get_template(self, item, ui):
         return root
 
 
-
 if subprocess.call(['which', 'ip6tables']) == 0:
     @interface
     class IPv6FirewallManager (object):