From b0f73e8a30ee95a8f7a312ec1f5cbe1b0b43c74c Mon Sep 17 00:00:00 2001
From: Mr Chen <midoks@163.com>
Date: Thu, 21 Feb 2019 14:57:57 +0800
Subject: [PATCH] u

---
 class/core/firewall_api.py   | 37 +++++++++++++++++++++++++++++++++++-
 data/sql/default.sql         |  7 +++----
 route/static/app/firewall.js |  2 +-
 3 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/class/core/firewall_api.py b/class/core/firewall_api.py
index cb536892c..f32a91007 100755
--- a/class/core/firewall_api.py
+++ b/class/core/firewall_api.py
@@ -76,7 +76,6 @@ class firewall_api:
             public.execShell('ufw allow ' + port + '/tcp')
         else:
             if self.__isFirewalld:
-                # self.__Obj.AddAcceptPort(port)
                 port = port.replace(':', '-')
                 public.execShell(
                     'firewall-cmd --permanent --zone=public --add-port=' + port + '/tcp')
@@ -192,6 +191,42 @@ class firewall_api:
             data['firewall_status'] = self.getFwStatus()
         return public.getJson(data)
 
+    def setSshPortApi(self):
+        port = request.form.get('port', '1').strip()
+        if int(port) < 22 or int(port) > 65535:
+            return public.returnJson(False, '端口范围必需在22-65535之间!')
+
+        ports = ['21', '25', '80', '443', '8080', '888', '8888']
+        if port in ports:
+            return public.returnJson(False, '')
+
+        file = '/etc/ssh/sshd_config'
+        conf = public.readFile(file)
+
+        rep = "#*Port\s+([0-9]+)\s*\n"
+        conf = re.sub(rep, "Port " + port + "\n", conf)
+        public.writeFile(file, conf)
+
+        if self.__isFirewalld:
+            public.execShell('setenforce 0')
+            public.execShell(
+                'sed -i "s#SELINUX=enforcing#SELINUX=disabled#" /etc/selinux/config')
+            public.execShell("systemctl restart sshd.service")
+        elif self.__isUfw:
+            public.execShell('ufw allow ' + port + '/tcp')
+            public.execShell("service ssh restart")
+        else:
+            public.execShell(
+                'iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport ' + port + ' -j ACCEPT')
+            public.execShell("/etc/init.d/sshd restart")
+
+        self.firewallReload()
+        public.M('firewall').where(
+            "ps=?", ('SSH远程管理服务',)).setField('port', port)
+        msg = public.getInfo('改SSH端口为[{1}]成功!', port)
+        public.writeLog("防火墙管理", msg)
+        return public.returnMsg(True, '修改成功!')
+
     def setPingApi(self):
 
         if public.isAppleSystem():
diff --git a/data/sql/default.sql b/data/sql/default.sql
index aecc32ee5..284befc6c 100755
--- a/data/sql/default.sql
+++ b/data/sql/default.sql
@@ -45,10 +45,9 @@ CREATE TABLE IF NOT EXISTS `firewall` (
 );
 
 INSERT INTO `firewall` (`id`, `port`, `ps`, `addtime`) VALUES
-(2, '80', '网站默认端口', '0000-00-00 00:00:00'),
-(3, '8888', 'WEB面板', '0000-00-00 00:00:00'),
-(4, '21', 'FTP服务', '0000-00-00 00:00:00'),
-(5, '22', 'SSH远程管理服务', '0000-00-00 00:00:00');
+(1, '80', '网站默认端口', '0000-00-00 00:00:00'),
+(2, '7200', 'WEB面板', '0000-00-00 00:00:00'),
+(3, '22', 'SSH远程管理服务', '0000-00-00 00:00:00');
 
 
 
diff --git a/route/static/app/firewall.js b/route/static/app/firewall.js
index 12c230381..1d97af957 100755
--- a/route/static/app/firewall.js
+++ b/route/static/app/firewall.js
@@ -102,7 +102,7 @@ function mstsc(port) {
 			layer.msg(ret.msg,{icon:ret.status?1:2})
 			layer.close(loadT);
 			getSshInfo();
-		});
+		},'json');
 	});
 }