diff --git a/class/core/firewall_api.py b/class/core/firewall_api.py index 9ada1f191..97228ff32 100755 --- a/class/core/firewall_api.py +++ b/class/core/firewall_api.py @@ -342,6 +342,28 @@ class firewall_api: status = request.form.get('status', '1') return mw.getJson(self.setFw(status)) + def setFwIptables(self, status): + # iptables特殊处理 + if status == '1': + mw.execShell('service iptables save') + mw.execShell('service iptables stop') + else: + # 重新导入数据 + + _list = mw.M('firewall').field('id,port,ps,addtime').limit( + '0,1000').order('id desc').select() + + for x in _list: + port = x['port'] + if mw.isIpAddr(port): + cmd = 'iptables -I INPUT -s ' + port + ' -j DROP' + mw.execShell(cmd) + else: + self.addAcceptPort(port) + + mw.execShell('service iptables save') + mw.execShell('service iptables start') + def setFw(self, status): if status == '1': if self.__isUfw: @@ -352,8 +374,7 @@ class firewall_api: elif self.__isMac: pass else: - mw.execShell('service iptables save') - mw.execShell('service iptables stop') + self.setFwIptables(status) else: if self.__isUfw: mw.execShell("echo 'y'| ufw enable") @@ -363,8 +384,7 @@ class firewall_api: elif self.__isMac: pass else: - mw.execShell('service iptables save') - mw.execShell('service iptables restart') + self.setFwIptables(status) return mw.returnData(True, '设置成功!') diff --git a/class/core/mw.py b/class/core/mw.py index 83fe7c584..8c09bf4f1 100755 --- a/class/core/mw.py +++ b/class/core/mw.py @@ -219,6 +219,15 @@ def isInstalledWeb(): return False +def isIpAddr(ip): + check_ip = re.compile( + '^(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|[1-9])\.(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)\.(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)\.(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)$') + if check_ip.match(ipAddr): + return True + else: + return False + + def restartWeb(): return opWeb("reload")