Button and script to delete a zone

2025-08-19 01:15:14 +00:00 · 2015-06-14 19:11:14 -07:00
parent d055e86901
commit 9924f44c05
5 changed files with 131 additions and 0 deletions
--- a/firewalld/create_zone.cgi
+++ b/firewalld/create_zone.cgi
@ -0,0 +1,53 @@
+#!/usr/local/bin/perl
+# Create a new zone, and add some allowed ports to it
+
+use strict;
+use warnings;
+require 'firewalld-lib.pl';
+our (%text, %in);
+&ReadParse();
+&error_setup($text{'zone_err'});
+
+# Validate inputs
+$in{'name'} =~ /^[a-z0-9\.\_\-]+$/i || &error($text{'zone_ename'});
+my @zones = &list_firewalld_zones();
+my ($clash) = grep { $_->{'name'} eq $in{'name'} } @zones;
+$clash && &error($text{'zone_eclash'});
+
+# Add the zone
+my $err = &create_firewalld_zone($in{'name'});
+&error($err) if ($err);
+
+# Find the Webmin port
+my @webminports;
+if (&foreign_installed("webmin")) {
+	&foreign_require("webmin");
+	my @socks = &webmin::get_miniserv_sockets();
+	@webminports = &unique(map { $_->[1] } @webminports);
+	}
+else {
+	@webminports = ( $ENV{'SERVER_PORT'} || 10000 );
+	}
+
+# Work out which ports to allow
+my (@addports, @addservs);
+if ($in{'mode'} == 1) {
+	# Copy from another zone
+	my ($source) = grep { $_->{'name'} eq $in{'source'} } @zones;
+	@addports = @{$source->{'ports'}};
+	@addservs = @{$source->{'services'}};
+	}
+elsif ($in{'mode'} >= 2) {
+	# Common allowed ports
+	push(@addports, "ssh/tcp", "auth/tcp");
+	foreach my $webminport (@webminports) {
+		push(@addports, $webminport."-".($webminport+10)."/tcp");
+		}
+	}
+
+# Add them
+# XXX
+
+&webmin_log("create", "zone", $in{'name'});
+&redirect("index.cgi?zone=".&urlize($in{'name'}));
+
--- a/firewalld/delete_zone.cgi
+++ b/firewalld/delete_zone.cgi
@ -0,0 +1,39 @@
+#!/usr/local/bin/perl
+# Delete a zone, after asking for confirmation
+
+use strict;
+use warnings;
+require 'firewalld-lib.pl';
+our (%text, %in);
+&ReadParse();
+&error_setup($text{'delzone_err'});
+
+# Get the zone
+my @zones = &list_firewalld_zones();
+my ($zone) = grep { $_->{'name'} eq $in{'zone'} } @zones;
+$zone || &error($text{'port_ezone'});
+$zone->{'default'} && &error($text{'delzone_edefault'});
+
+if ($in{'confirm'}) {
+	# Just do it
+	my $err = &delete_firewalld_zone($zone);
+	&error($err) if ($err);
+	&webmin_log("delete", "zone", $zone->{'name'});
+	&redirect("index.cgi");
+	}
+else {
+	# Ask first
+	&ui_print_header(undef, $text{'delzone_title'}, "");
+
+	print &ui_confirmation_form("delete_zone.cgi",
+		&text('delzone_rusure', "<tt>$zone->{'name'}</tt>",
+		      scalar(@{$zone->{'ports'}}),
+		      scalar(@{$zone->{'services'}})),
+		[ [ 'zone', $zone->{'name'} ] ],
+		[ [ 'confirm', $text{'delete'} ] ],
+		);
+
+	&ui_print_footer("index.cgi?zone=".&urlize($in{'zone'}),
+			 $text{'index_return'});
+	}
+
--- a/firewalld/firewalld-lib.pl
+++ b/firewalld/firewalld-lib.pl
@ -5,6 +5,7 @@
 # XXX interfaces for the zone
 # XXX add a new zone!
 # XXX make a zone the default?
+# XXX delete zone

 BEGIN { push(@INC, ".."); };
 use strict;
@ -190,5 +191,26 @@ foreach my $i (&list_system_interfaces()) {
 return undef;
 }

+# create_firewalld_zone(name)
+# Add a new zone with the given name
+sub create_firewalld_zone
+{
+my ($name) = @_;
+my $cmd = "$config{'firewall_cmd'} --permanent --new-zone ".quotemeta($name);
+my $out = &backquote_logged($cmd." 2>&1 </dev/null");
+return $? ? $out : undef;
+}
+
+# delete_firewalld_zone(&zone)
+# Removes the specified zone
+sub delete_firewalld_zone
+{
+my ($zone) = @_;
+my $cmd = "$config{'firewall_cmd'} --permanent --delete-zone ".
+	  quotemeta($zone->{'name'});
+my $out = &backquote_logged($cmd." 2>&1 </dev/null");
+return $? ? $out : undef;
+}
+
 1;

--- a/firewalld/index.cgi
+++ b/firewalld/index.cgi
@ -11,6 +11,11 @@ if ($in{'addzone'}) {
 	&redirect("zone_form.cgi?zone=".&urlize($in{'zone'}));
 	return;
 	}
+if ($in{'delzone'}) {
+	# Redirect to zone creation form
+	&redirect("delete_zone.cgi?zone=".&urlize($in{'zone'}));
+	return;
+	}
 &ui_print_header(undef, $text{'index_title'}, "", undef, 1, 1);

 # Is firewalld working?
@ -42,6 +47,7 @@ print "<b>$text{'index_zone'}</b> ",
 		 "onChange='form.submit()'")," ",
      &ui_submit($text{'index_zoneok'})," ",
      &ui_submit($text{'index_zoneadd'}, "addzone")," ",
+      &ui_submit($text{'index_zonedel'}, "delzone")," ",
      "<p>\n";
 print &ui_form_end();

--- a/firewalld/lang/en
+++ b/firewalld/lang/en
@ -14,6 +14,7 @@ index_cerr=The FirewallD module cannot be used : $1
 index_zone=Show rules in zone:
 index_zoneok=Change
 index_zoneadd=Add Zone..
+index_zonedel=Delete Zone
 index_type=Rule type
 index_port=Port or service
 index_proto=Protocol
@ -63,6 +64,14 @@ zone_mode1=Copy from zone
 zone_mode2=SSH, IDENT and Webmin only
 zone_mode3=SSH, IDENT, Webmin and high ports
 zone_mode4=Ports used for virtual hosting
+zone_err=Failed to create zone
+zone_ename=Missing or invalid zone name
+zone_eclash=A zone with the same name already exists
+
+delzone_title=Delete Zone
+delzone_err=Failed to delete zone
+delzone_edefault=The default zone cannot be removed
+delzone_rusure=Are you sure you want to delete the zone $1, which contains $2 ports and $3 services?

 restart_err=Failed to apply configuration
 stop_err=Failed to stop FirewallD
@ -81,3 +90,5 @@ log_delete_serv=Removed allowed service $1
 log_update_serv=Updated allowed service $1
 log_delete_rules=Removed $1 allowed ports
 log_ifaces_zone=Updated interfaces for zone $1
+log_create_zone=Created zone $1
+log_delete_zone=Deleted zone $1