Open new Webmin port on firewall

https://www.virtualmin.com/node/19171

diff --git a/firewall/lang/en b/firewall/lang/en
index 594f29e..08d06a4 100644 (file)
--- a/firewall/lang/en
+++ b/firewall/lang/en
@@ -286,6 +286,7 @@ log_add_host=Added cluster server $1
 log_add_group=Added cluster servers from group $1
 log_delete_host=Removed cluster server $1
 log_delete_group=Removed $1 cluster servers
+log_openports=Opened firewall ports $1
 
 setup_eiface=No external network interface entered
 setup_ecannot=You are not allowed to setup the firewall

diff --git a/webmin/change_bind.cgi b/webmin/change_bind.cgi
index 86ebf23..3f9f75f 100755 (executable)
--- a/webmin/change_bind.cgi
+++ b/webmin/change_bind.cgi
@@ -29,6 +29,7 @@ for($i=0; defined($in{"ip_def_$i"}); $i++) {
                $port = "*";
                }
        push(@sockets, [ $ip, $port ]);
+       push(@ports, $port) if ($port && $port ne "*");
        }
 @sockets || &error($text{'bind_enone'});
 $in{'listen_def'} || $in{'listen'} =~ /^\d+$/ || &error($text{'bind_elisten'});
@@ -84,8 +85,25 @@ if ($rv) {
        &system_logged("$config_directory/start >/dev/null 2>&1 </dev/null");
        &error(&text('bind_erestart', $out));
        }
+
+# If possible, open the new ports
+if (&foreign_check("firewall") && $in{'firewall'}) {
+       @oldports = split(/\s+/, $in{'oldports'});
+       @newports = &unique(grep { &indexof($_, @oldports) < 0 } @ports);
+       if (@newports) {
+               &clean_environment();
+               $ENV{'WEBMIN_CONFIG'} = $config_directory;
+               &system_logged(&module_root_directory("firewall").
+                              "/open-ports.pl ".
+                              join(" ", map { $_.":".($_+10) } @newports).
+                              " >/dev/null 2>&1");
+               &reset_environment();
+               }
+       }
+
 &webmin_log("bind", undef, undef, \%in);
 
+# Work out redirect URL
 if ($miniserv{'musthost'}) { $miniserv{'musthost'}; }
 elsif ($miniserv{'bind'}) { $url = $miniserv{'bind'}; }
 else { $url = $ENV{'SERVER_NAME'}; }

diff --git a/webmin/edit_bind.cgi b/webmin/edit_bind.cgi
index 7db4a20..15e2ee1 100755 (executable)
--- a/webmin/edit_bind.cgi
+++ b/webmin/edit_bind.cgi
@@ -16,8 +16,9 @@ print &ui_table_start($text{'bind_header'}, undef, 2, [ "width=30%" ]);
 
 # Show table of all bound IPs and ports
 $stable = &ui_columns_start([ $text{'bind_sip'}, $text{'bind_sport'} ]);
-$i = 0;
-foreach $s (@sockets, [ undef, "*" ]) {
+my $i = 0;
+my @ports;
+foreach my $s (@sockets, [ undef, "*" ]) {
        # IP address
        my @cols;
        push(@cols, &ui_select("ip_def_$i", $s->[0] eq "" ? 0 :
@@ -33,9 +34,14 @@ foreach $s (@sockets, [ undef, "*" ]) {
                                 [ 1, $text{'bind_sport1'} ] ])." ".
                    &ui_textbox("port_$i", $s->[1] eq "*" ? undef : $s->[1],5));
        $stable .= &ui_columns_row(\@cols, [ "nowrap", "nowrap" ]);
+       push(@ports, $s->[1]) if ($s->[1] && $s->[1] ne "*");
        $i++;
        }
 $stable .= &ui_columns_end();
+if (&foreign_check("firewall")) {
+       print &ui_hidden("oldports", join(" ", @ports));
+       $stable .= &ui_checkbox("firewall", 1, $text{'bind_firewall'}, 1);
+       }
 print &ui_table_row($text{'bind_sockets'}, $stable);
 
 # IPv6 enabled?

diff --git a/webmin/lang/en b/webmin/lang/en
index b6ece77..75247c1 100644 (file)
--- a/webmin/lang/en
+++ b/webmin/lang/en
@@ -38,6 +38,7 @@ bind_title=Ports and Addresses
 bind_desc2=This form can be used to change the port number that Webmin listens on, or have it listen on only a single IP address on your system. You can also configure it to accept connections on multiple ports, or to listen on several IP addresses. Note - your web browser may prompt you to log in again after changing the port or binding address.
 bind_header=IP addresses and ports
 bind_sockets=Listen on IPs and ports
+bind_firewall=Open new ports on firewall?
 bind_sip=Bind to IP address
 bind_sport=Listen on port
 bind_sip1=Any address