mirror of
https://codeberg.org/prof_x_pvt_ltd/captive.whump.shanti-portal
synced 2024-08-14 22:46:42 +00:00
Reworked iptables plugin.
Now trying to use just one command instead, with two possible arguments. If arguments are missing ensure that empty strings are passed in with quotes.
This commit is contained in:
parent
0ff80fb629
commit
c91a969b27
2 changed files with 11 additions and 53 deletions
|
@ -13,13 +13,11 @@ mandatory = True
|
||||||
enabled = False
|
enabled = False
|
||||||
debug = True
|
debug = True
|
||||||
|
|
||||||
# If you know you won't be able to get the clients HW address then use this.
|
|
||||||
use_mac = False
|
|
||||||
|
|
||||||
# Command templates for arping and iptables.
|
# Command templates for arping and iptables.
|
||||||
# Arping might block so make sure you use a timeout and limit the number of
|
# Arping might block so make sure you use a timeout and limit the number of
|
||||||
# packets it sends.
|
# packets it sends.
|
||||||
arping = -f -c 1 -w 30 -I eth0 {ip_address}
|
arping = -f -c 1 -w 30 -I eth0 {ip_address}
|
||||||
|
|
||||||
iptables_mac = -t mangle -I internet 1 -m mac --mac-source {mac_address} -j RETURN
|
# This is a command to run to create iptables rules. Two arguments are
|
||||||
iptables_ip = -t mangle -I internet 1 -m tcp -p tcp --source {ip_address} -j RETURN
|
# passed and replace these two placeholders.
|
||||||
|
iptables_cmd = /usr/local/sbin/cp_iptables.sh "{ip_address}" "{mac_address}"
|
||||||
|
|
|
@ -77,58 +77,17 @@ def run(arg):
|
||||||
error_msg = str(e)
|
error_msg = str(e)
|
||||||
pass
|
pass
|
||||||
|
|
||||||
# If HW address was found, use it now.
|
if client_ip:
|
||||||
if client_mac and config.getboolean('iptables', 'use_mac'):
|
iptables_cmd = config.get('iptables', 'iptables_cmd').format(
|
||||||
l.debug('Found client HW address: {hw}'.format(
|
ip_address=client_ip,
|
||||||
hw=client_mac
|
|
||||||
))
|
|
||||||
|
|
||||||
# Create tuple out of iptables command
|
|
||||||
iptables_mac = config.get('iptables', 'iptables_mac').format(
|
|
||||||
mac_address=client_mac
|
mac_address=client_mac
|
||||||
)
|
)
|
||||||
iptables_mac = tuple(iptables_mac.split(' '))
|
|
||||||
|
|
||||||
output = BytesIO()
|
output = BytesIO()
|
||||||
error = BytesIO()
|
error = BytesIO()
|
||||||
try:
|
try:
|
||||||
rc = sudo(iptables_mac, _out=output, _err=error)
|
# The two arguments must not contain spaces of course.
|
||||||
|
rc = sudo(tuple(iptables_cmd.split(' ')), _out=output, _err=error)
|
||||||
if rc.exit_code == 0:
|
|
||||||
l.debug('Created iptables MAC rule successfully')
|
|
||||||
except ErrorReturnCode:
|
|
||||||
error.seek(0)
|
|
||||||
error_msg = error.read()
|
|
||||||
l.warn('{cmd}: exited badly: {error}'.format(
|
|
||||||
cmd=('iptables', iptables_mac),
|
|
||||||
error=error_msg
|
|
||||||
))
|
|
||||||
iptables_failed = True
|
|
||||||
pass
|
|
||||||
except Exception as e:
|
|
||||||
l.warn('{cmd}: failed: {error}'.format(
|
|
||||||
cmd=('iptables', iptables_mac),
|
|
||||||
error=str(e)
|
|
||||||
))
|
|
||||||
error_msg = str(e)
|
|
||||||
iptables_failed = True
|
|
||||||
pass
|
|
||||||
|
|
||||||
# Fallback on IP if HW address fails
|
|
||||||
if client_ip:
|
|
||||||
l.debug('Using client IP: {ip}'.format(
|
|
||||||
ip=client_ip
|
|
||||||
))
|
|
||||||
|
|
||||||
iptables_ip = config.get('iptables', 'iptables_ip').format(
|
|
||||||
ip_address=client_ip
|
|
||||||
)
|
|
||||||
iptables_ip = tuple(iptables_ip.split(' '))
|
|
||||||
|
|
||||||
output = BytesIO()
|
|
||||||
error = BytesIO()
|
|
||||||
try:
|
|
||||||
rc = sudo(iptables_ip, _out=output, _err=error)
|
|
||||||
|
|
||||||
if rc.exit_code == 0:
|
if rc.exit_code == 0:
|
||||||
l.debug('Created iptables IP rule successfully')
|
l.debug('Created iptables IP rule successfully')
|
||||||
|
@ -136,14 +95,14 @@ def run(arg):
|
||||||
error.seek(0)
|
error.seek(0)
|
||||||
error_msg = error.read()
|
error_msg = error.read()
|
||||||
l.warn('{cmd}: exited badly: {error}'.format(
|
l.warn('{cmd}: exited badly: {error}'.format(
|
||||||
cmd=('iptables', iptables_ip),
|
cmd=('iptables', iptables_cmd),
|
||||||
error=error_msg
|
error=error_msg
|
||||||
))
|
))
|
||||||
iptables_failed = True
|
iptables_failed = True
|
||||||
pass
|
pass
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
l.warn('{cmd}: failed: {error}'.format(
|
l.warn('{cmd}: failed: {error}'.format(
|
||||||
cmd=('iptables', iptables_ip),
|
cmd=('iptables', iptables_cmd),
|
||||||
error=str(e)
|
error=str(e)
|
||||||
))
|
))
|
||||||
error_msg = str(e)
|
error_msg = str(e)
|
||||||
|
@ -182,3 +141,4 @@ def mac_from_ip(l, arping_args, ip):
|
||||||
if line.startswith(line_start):
|
if line.startswith(line_start):
|
||||||
m = re.search('(([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2}))', line)
|
m = re.search('(([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2}))', line)
|
||||||
if m: return m.group(0)
|
if m: return m.group(0)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue