From d5ea6b4e964e5140566a054dfc62170a7f139ca5 Mon Sep 17 00:00:00 2001 From: Taylor Helsper Date: Thu, 13 Feb 2020 18:47:51 -0600 Subject: [PATCH] Add firewall info settings page --- rootfs/standard/etc/ufw/ufw.conf | 10 ++++ rootfs/standard/usr/bin/mynode_firewall.sh | 1 - rootfs/standard/var/www/mynode/device_info.py | 16 ++++- rootfs/standard/var/www/mynode/settings.py | 15 +++++ .../var/www/mynode/static/css/mynode.css | 4 +- .../var/www/mynode/templates/settings.html | 58 +++++++++++++++---- 6 files changed, 90 insertions(+), 14 deletions(-) create mode 100644 rootfs/standard/etc/ufw/ufw.conf diff --git a/rootfs/standard/etc/ufw/ufw.conf b/rootfs/standard/etc/ufw/ufw.conf new file mode 100644 index 00000000..d3b6001b --- /dev/null +++ b/rootfs/standard/etc/ufw/ufw.conf @@ -0,0 +1,10 @@ +# /etc/ufw/ufw.conf +# + +# Set to yes to start on boot. If setting this remotely, be sure to add a rule +# to allow your remote connection before starting ufw. Eg: 'ufw allow 22/tcp' +ENABLED=yes + +# Please use the 'ufw' command to set the loglevel. Eg: 'ufw logging medium'. +# See 'man ufw' for details. +LOGLEVEL=low \ No newline at end of file diff --git a/rootfs/standard/usr/bin/mynode_firewall.sh b/rootfs/standard/usr/bin/mynode_firewall.sh index c894a725..f4b93587 100755 --- a/rootfs/standard/usr/bin/mynode_firewall.sh +++ b/rootfs/standard/usr/bin/mynode_firewall.sh @@ -50,7 +50,6 @@ ufw status # Reload firewall after some time to reset (fixes VPN) sleep 120s ufw reload -ufw logging off # Success exit 0 diff --git a/rootfs/standard/var/www/mynode/device_info.py b/rootfs/standard/var/www/mynode/device_info.py index ac28c8f4..bcaa813e 100644 --- a/rootfs/standard/var/www/mynode/device_info.py +++ b/rootfs/standard/var/www/mynode/device_info.py @@ -431,4 +431,18 @@ def enable_btc_lnd_tor(): def disable_btc_lnd_tor(): os.system("rm -f mnt/hdd/mynode/settings/.btc_lnd_tor_enabled") - os.system("sync") \ No newline at end of file + os.system("sync") + + +#================================== +# Firewall Functions +#================================== +def reload_firewall(): + os.system("ufw reload") + +def get_firewall_rules(): + try: + rules = subprocess.check_output("ufw status", shell=True).decode("utf8") + except: + rules = "ERROR" + return rules diff --git a/rootfs/standard/var/www/mynode/settings.py b/rootfs/standard/var/www/mynode/settings.py index 862698e4..85c1b030 100644 --- a/rootfs/standard/var/www/mynode/settings.py +++ b/rootfs/standard/var/www/mynode/settings.py @@ -131,6 +131,9 @@ def page_settings(): upload_rate = 100 download_rate = 100 + # Get Firewall Status + firewall_status_log = get_journalctl_log("ufw") + templateData = { "title": "myNode Settings", @@ -175,6 +178,10 @@ def page_settings(): "mempoolspace_status_log": get_journalctl_log("mempoolspace"), "mempoolspace_status": get_service_status_basic_text("mempoolspace"), "mempoolspace_status_color": get_service_status_color("mempoolspace"), + "firewall_status_log": get_journalctl_log("ufw"), + "firewall_status": get_service_status_basic_text("ufw"), + "firewall_status_color": get_service_status_color("ufw"), + "firewall_rules": get_firewall_rules(), "is_quicksync_disabled": not quicksync_enabled, "is_netdata_enabled": is_netdata_enabled(), "is_uploader_device": is_uploader(), @@ -319,6 +326,14 @@ def reset_electrs_page(): } return render_template('reboot.html', **templateData) +@mynode_settings.route("/settings/reset-firewall") +def reset_firewall_page(): + check_logged_in() + t = Timer(3.0, reload_firewall) + t.start() + flash("Firewall Reset", category="message") + return redirect("/settings") + @mynode_settings.route("/settings/factory-reset", methods=['POST']) def factory_reset_page(): check_logged_in() diff --git a/rootfs/standard/var/www/mynode/static/css/mynode.css b/rootfs/standard/var/www/mynode/static/css/mynode.css index 0ae6c611..4086b183 100644 --- a/rootfs/standard/var/www/mynode/static/css/mynode.css +++ b/rootfs/standard/var/www/mynode/static/css/mynode.css @@ -326,8 +326,8 @@ a:active { } .divider { width: 100%; - margin-top: 15px; - margin-bottom: 15px; + margin-top: 12px; + margin-bottom: 12px; border-bottom: 3px dashed orange; margin-left: auto; margin-right: auto; diff --git a/rootfs/standard/var/www/mynode/templates/settings.html b/rootfs/standard/var/www/mynode/templates/settings.html index ed8e5e1c..f237e463 100644 --- a/rootfs/standard/var/www/mynode/templates/settings.html +++ b/rootfs/standard/var/www/mynode/templates/settings.html @@ -229,6 +229,16 @@ $("#upgrade_status").show(); }); + $("#show_firewall_status").on("click", function() { + $("#show_firewall_status").hide(0); + $("#firewall_status").show(); + }); + + $("#show_firewall_rules").on("click", function() { + $("#show_firewall_rules").hide(0); + $("#firewall_rules").show(); + }); + $("#show_mynode_changelog").on("click", function() { if (showChangelog) { @@ -529,7 +539,7 @@
{{ startup_status }} - +
@@ -538,7 +548,7 @@
{{ quicksync_status }} - +
@@ -547,7 +557,7 @@
{{ bitcoin_status }} - +
@@ -556,7 +566,7 @@
{{ lnd_status }} - +
@@ -565,7 +575,7 @@
{{ tor_status }} - +
@@ -574,7 +584,7 @@
{{ electrs_status }} - +
@@ -583,7 +593,7 @@
{{ rtl_status }} - +
@@ -592,7 +602,7 @@
{{ docker_image_build_status }} - +
@@ -601,7 +611,7 @@
{{ btcpayserver_status }} - +
@@ -610,8 +620,17 @@
{{ mempoolspace_status }} - + +
+ +
Firewall Status
+
+
+ {{ firewall_status }} +
+ + @@ -659,6 +678,25 @@ +
+
Firewall
+ +
Rules
+ Show the current firewall configuration. +
+ + + +
+ +
Reset
+ Resetting the firewall will disable and re-enable the firewall and then reboot the device. +
+ Reset Firewall + +
+ +
QuickSync