From 9ce92eb69e8b634fbfce551a48f659082257f81a Mon Sep 17 00:00:00 2001
From: Mr Chen <midoks@163.com>
Date: Tue, 5 Nov 2024 02:56:12 +0800
Subject: [PATCH] update

---
 panel_task.py                  |  1 -
 web/admin/firewall/__init__.py | 10 ++++++
 web/core/mw.py                 | 28 +++++++++-------
 web/utils/firewall.py          | 59 ++++++++++++++++++++++++++++++++++
 4 files changed, 86 insertions(+), 12 deletions(-)

diff --git a/panel_task.py b/panel_task.py
index 6b410dc84..d60b4bc97 100755
--- a/panel_task.py
+++ b/panel_task.py
@@ -107,7 +107,6 @@ def runPanelTask():
                 downloadFile(argv[0], argv[1])
             elif run_task['type'] == 'execshell':
                 execShell(run_task['cmd'])
-            # print(run_task)
             end = int(time.time())
             thisdb.setTaskData(run_task['id'], end=end)
             thisdb.setTaskStatus(run_task['id'], 1)
diff --git a/web/admin/firewall/__init__.py b/web/admin/firewall/__init__.py
index 5002551a4..435e706ae 100644
--- a/web/admin/firewall/__init__.py
+++ b/web/admin/firewall/__init__.py
@@ -66,6 +66,16 @@ def add_accept_port():
 
     return MwFirewall.instance().addAcceptPort(port, ps, stype, protocol=protocol)
 
+# 添加放行端口
+@blueprint.route('/del_accept_port', endpoint='del_accept_port', methods=['POST'])
+@panel_login_required
+def del_accept_port():
+    port = request.form.get('port', '').strip()
+    firewall_id = request.form.get('id', '').strip()
+    protocol = request.form.get('protocol', '').strip()
+    return MwFirewall.instance().delAcceptPort(firewall_id, port, protocol=protocol)
+
+
 
 
 
diff --git a/web/core/mw.py b/web/core/mw.py
index 5dffe2e97..87574b7b0 100644
--- a/web/core/mw.py
+++ b/web/core/mw.py
@@ -87,28 +87,34 @@ def getMWLogs():
 def getPanelTmp():
     return getPanelDir() + '/tmp'
 
-def getPanelTaskLog():
-    return getMWLogs() + '/panel_task.log'
-
-
 def getServerDir():
     return getFatherDir() + '/server'
 
 def getLogsDir():
     return getFatherDir() + '/wwwlogs'
 
+def getRecycleBinDir():
+    rb_dir = getFatherDir() + '/recycle_bin'
+    if not os.path.exists(rb_dir):
+        os.system('mkdir -p ' + rb_dir)
+    return rb_dir
+
+def getPanelTaskLog():
+    return getMWLogs() + '/panel_task.log'
+
 def getWwwDir():
     file = getPanelDir() + '/data/site.pl'
     if os.path.exists(file):
         return readFile(file).strip()
     return getFatherDir() + '/wwwroot'
 
-    
-def getRecycleBinDir():
-    rb_dir = getFatherDir() + '/recycle_bin'
-    if not os.path.exists(rb_dir):
-        os.system('mkdir -p ' + rb_dir)
-    return rb_dir
+
+def getPanelPort():
+    port_file = mw.getPanelDir()+'/data/port.pl'
+    port = mw.readFile(port_file).strip()
+    if not port:
+        return 7200
+    return int(port)
 
 def getRandomString(length):
     # 取随机字符串
@@ -417,7 +423,7 @@ def setOwn(filename, user, group=None):
         group = user_info.pw_gid
     os.chown(filename, user, group)
     return True
-    
+
 def setMode(filename, mode):
     # 设置文件权限
     if not os.path.exists(filename):
diff --git a/web/utils/firewall.py b/web/utils/firewall.py
index fcb48cca3..0d32abdeb 100644
--- a/web/utils/firewall.py
+++ b/web/utils/firewall.py
@@ -246,5 +246,64 @@ class Firewall(object):
         mw.writeLog("防火墙管理", msg)
         return mw.returnData(True, msg)
 
+    def delAcceptPort(self, firewall_id, port,
+        protocol: str  | None ='tcp'
+    ):
+        panel_port = mw.getPanelPort()
+
+        if(port == panel_port):
+            return mw.returnData(False, '失败，不能删除当前面板端口!')
+        try:
+            self.delAcceptPortCmd(port, protocol)
+            mw.M('firewall').where("id=?", (firewall_id,)).delete()
+            return mw.returnData(True, '删除成功!')
+        except Exception as e:
+            return mw.returnData(False, '删除失败!:' + str(e))
+
+    def delAcceptPortCmd(self, port,
+        protocol: str  | None ='tcp'
+    ):
+        if self.__isUfw:
+            if protocol == 'tcp':
+                mw.execShell('ufw delete allow ' + port + '/tcp')
+            if protocol == 'udp':
+                mw.execShell('ufw delete allow ' + port + '/udp')
+            if protocol == 'tcp/udp':
+                mw.execShell('ufw delete allow ' + port + '/tcp')
+                mw.execShell('ufw delete allow ' + port + '/udp')
+        elif self.__isFirewalld:
+            port = port.replace(':', '-')
+            if protocol == 'tcp':
+                mw.execShell(
+                    'firewall-cmd --permanent --zone=public --remove-port=' + port + '/tcp')
+            if protocol == 'udp':
+                mw.execShell(
+                    'firewall-cmd --permanent --zone=public --remove-port=' + port + '/udp')
+            if protocol == 'tcp/udp':
+                mw.execShell(
+                    'firewall-cmd --permanent --zone=public --remove-port=' + port + '/tcp')
+                mw.execShell(
+                    'firewall-cmd --permanent --zone=public --remove-port=' + port + '/udp')
+        elif self.__isIptables:
+            if protocol == 'tcp':
+                mw.execShell(
+                    'iptables -D INPUT -p tcp -m state --state NEW -m tcp --dport ' + port + ' -j ACCEPT')
+            if protocol == 'udp':
+                mw.execShell(
+                    'iptables -D INPUT -p udp -m state --state NEW -m udp --dport ' + port + ' -j ACCEPT')
+            if protocol == 'tcp/udp':
+                mw.execShell(
+                    'iptables -D INPUT -p tcp -m state --state NEW -m tcp --dport ' + port + ' -j ACCEPT')
+                mw.execShell(
+                    'iptables -D INPUT -p udp -m state --state NEW -m udp --dport ' + port + ' -j ACCEPT')
+        else:
+            pass
+
+        mw.M('firewall').where("port=?", (port,)).delete()
+        msg = mw.getInfo('删除防火墙放行端口[{1}][{2}]成功!', (port, protocol,))
+        mw.writeLog("防火墙管理", msg)
+        self.reload()
+        return True
+