linse/boxtools
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

boxtools on raspberry pi

Browse Source 
- rename to_system to apu_system / cm3_system /cm4_system
- fixes in router
- firewall may be switched off
- firewall is a parameter of router, also used when no routing is configured.
This commit is contained in:
l_samenv
2024-05-13 17:55:54 +02:00
parent 793606db2b
commit 1318666db0
7 changed files with 148 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
router.py
View File

@ -9,9 +9,7 @@ from glob import glob
from select import select
from serial import serial_for_url
from subprocess import Popen, PIPE, check_output, call, DEVNULL
from utils import BoxInfo
FIREWALL_CONF = '/etc/nftables.conf'
from utils import BoxInfo, change_firewall
class Log:
DEBUG = 0
@ -169,7 +167,7 @@ class Router(IoHandler):
return
except Exception as e:
msg = f'error in request: {e!r}'
service.failures[service.port] = msg
self.service.failures[service.port] = msg
log.error(msg)
self.close()
@ -401,36 +399,12 @@ class Service:
self.failures.pop(self.port, None)
self.handlers[handler.fno] = handler
@classmethod
def change_firewall(cls):
pattern = re.compile('(tcp dport ({.*}) ct state new accept)', re.MULTILINE | re.DOTALL)
with open(FIREWALL_CONF) as f:
content = f.read()
try:
((prevline, prevports),) = pattern.findall(content)
except (TypeError, ValueError):
print(f'{FIREWALL_CONF} does not contain expected pattern for open ports - firewall off?')
return
# parse previous port set
prevportset = {int(p) for p in prevports[1:-1].split(',')}
# keep port numbers below 1024
ports = {p for p in prevportset if p < 1024} | set(cls.firewall_ports)
line = prevline.replace(prevports, '{ %s }' % ', '.join((str(p) for p in sorted(ports))))
if prevportset != ports:
if os.geteuid() == 0:
with open('f{FIREWALL_CONF}.tmp', 'w') as f:
f.write(content.replace(prevline, line))
os.rename('f{FIREWALL_CONF}.tmp', FIREWALL_CONF)
unix_cmd('systemctl restart nftables')
unix_cmd('systemctl enable nftables')
else:
print('need sudo rights to modify firewall')
@classmethod
def run(cls, routes):
firewall = routes.pop('firewall', None)
firewall_on = firewall is not None
if firewall_on:
cls.firewall_ports = set(int(r) for r in firewall.split(',') if r.strip())
Service(1110, None, InfoHandler, 5, handler_args=(log.DEBUG,))
Service(1111, None, InfoHandler, 5, handler_args=(log.INFO,))
Service(1112, None, InfoHandler, 5, handler_args=(log.WARN,))
@ -445,7 +419,7 @@ class Service:
else:
remoteport = port
Service(port, (host, remoteport), TcpHandler)
cls.change_firewall()
change_firewall(firewall_on, cls.firewall_ports)
while True:
try:
# log.debug('select %r', list(cls.readers))