projects / webmin.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: aaed801)
Use actual ports when setting up firewall
authorJamie Cameron <jcameron@webmin.com>
Sun, 4 Jan 2009 08:40:52 +0000 (08:40 +0000)
committerJamie Cameron <jcameron@webmin.com>
Sun, 4 Jan 2009 08:40:52 +0000 (08:40 +0000)
firewall/CHANGELOG patch | blob | history
firewall/setup.cgi patch | blob | history

diff --git a/firewall/CHANGELOG b/firewall/CHANGELOG
index 76fe876..9653e69 100644 (file)
--- a/firewall/CHANGELOG
+++ b/firewall/CHANGELOG
@@ -22,3 +22,4 @@ Show SNAT and masquerade inputs in custom NAT chains.
 ---- Changes since 1.440 ----
 DNS queries are now allowed when the firewall is setup for web hosting.
 Rule coments using --comment containing spaces or - are now properly parsed.
+When initializing the firewall, the actual ports for Webmin, Usermin and SSHd are used instead of the standard ports.
diff --git a/firewall/setup.cgi b/firewall/setup.cgi
index a001474..ee80564 100755 (executable)
--- a/firewall/setup.cgi
+++ b/firewall/setup.cgi
@@ -28,6 +28,25 @@ else {
        &backquote_logged("iptables-save >$iptables_save_file 2>&1");
        }
 
+# Get important variable ports
+&get_miniserv_config(\%miniserv);
+$webmin_port = $miniserv{'port'} || 10000;
+$webmin_port2 = $webmin_port + 10;
+$usermin_port = undef;
+if (&foreign_installed("usermin")) {
+       &foreign_require("usermin", "usermin-lib.pl");
+       &usermin::get_usermin_miniserv_config(\%uminiserv);
+       $usermin_port = $uminiserv{'port'};
+       }
+$usermin_port ||= 20000;
+$ssh_port = undef;
+if (&foreign_installed("sshd")) {
+       &foreign_require("sshd", "sshd-lib.pl");
+       $conf = &sshd::get_sshd_config();
+       $ssh_port = &sshd::find_value("Port", $conf);
+       }
+$ssh_port ||= 2;
+
 if ($in{'auto'}) {
        @tables = &get_iptables_save();
        if ($in{'auto'} == 1) {
@@ -115,7 +134,7 @@ if ($in{'auto'}) {
                             { 'chain' => 'INPUT',
                               'm' => [ [ "", "tcp" ] ],
                               'p' => [ "", "tcp" ],
-                              'dport' => [ "", "ssh" ],
+                              'dport' => [ "", $ssh_port ],
                               'j' => [ "", 'ACCEPT' ],
                               'cmt' => 'Allow connections to our SSH server' },
                             { 'chain' => 'INPUT',
@@ -195,7 +214,7 @@ if ($in{'auto'}) {
                             { 'chain' => 'INPUT',
                               'm' => [ [ "", "tcp" ] ],
                               'p' => [ "", "tcp" ],
-                              'dport' => [ "", "25" ],
+                              'dport' => [ "", "25,587" ],
                               'j' => [ "", 'ACCEPT' ],
                               'cmt' => 'Allow connections to mail server' },
                             { 'chain' => 'INPUT',
@@ -207,25 +226,25 @@ if ($in{'auto'}) {
                             { 'chain' => 'INPUT',
                               'm' => [ [ "", "tcp" ] ],
                               'p' => [ "", "tcp" ],
-                              'dport' => [ "", "110" ],
+                              'dport' => [ "", "110,995" ],
                               'j' => [ "", 'ACCEPT' ],
                               'cmt' => 'Allow connections to POP3 server' },
                             { 'chain' => 'INPUT',
                               'm' => [ [ "", "tcp" ] ],
                               'p' => [ "", "tcp" ],
-                              'dport' => [ "", "143" ],
+                              'dport' => [ "", "143,220,993" ],
                               'j' => [ "", 'ACCEPT' ],
                               'cmt' => 'Allow connections to IMAP server' },
                             { 'chain' => 'INPUT',
                               'm' => [ [ "", "tcp" ] ],
                               'p' => [ "", "tcp" ],
-                              'dport' => [ "", "10000:10010" ],
+                              'dport' => [ "",$webmin_port.":".$webmin_port2 ],
                               'j' => [ "", 'ACCEPT' ],
                               'cmt' => 'Allow connections to Webmin' },
                             { 'chain' => 'INPUT',
                               'm' => [ [ "", "tcp" ] ],
                               'p' => [ "", "tcp" ],
-                              'dport' => [ "", "20000" ],
+                              'dport' => [ "", $usermin_port ],
                               'j' => [ "", 'ACCEPT' ],
                               'cmt' => 'Allow connections to Usermin' },
                                );
Webmin PERL server management