77 lines
2.1 KiB
Bash
Executable File
77 lines
2.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
SELF_DIR="$(dirname $(readlink -e ${0}))"
|
|
BASE_DIR="$(dirname $(dirname ${SELF_DIR}))"
|
|
SCRIPTCOMMON="${BASE_DIR}/scripts_common.sh"
|
|
|
|
. ${SCRIPTCOMMON}
|
|
|
|
IPTABLES="sudo iptables"
|
|
XPATH="${BASE_DIR}/datastore/xpath.rb --stdin --base64"
|
|
|
|
RULES_FILE="/run/one/one_graphics_rules"
|
|
|
|
function one_get_port()
|
|
{
|
|
${XPATH} ${1} '/VM/TEMPLATE/GRAPHICS/PORT'
|
|
}
|
|
|
|
function open_port()
|
|
{
|
|
declare -a authorized_ip
|
|
declare -a authorized_netmask
|
|
|
|
vm_port=$(one_get_port ${1})
|
|
[[ -z "${vm_port}" ]] && return 2
|
|
authorized_ip=( $(CreoleGet ip_ssh_eth0) )
|
|
[[ -z "${authorized_ip}" ]] && return 2
|
|
authorized_netmask=( $(CreoleGet netmask_ssh_eth0) )
|
|
[[ -z "${authorized_netmask}" ]] && return 2
|
|
|
|
for ((i = 0; i < ${#authorized_ip[*]}; i +=1))
|
|
do
|
|
${IPTABLES} -I eth0-root -s ${authorized_ip[$i]}/${authorized_netmask[$i]} -p tcp -m tcp --dport ${vm_port} --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
|
|
if [[ $? -eq 0 ]]
|
|
then
|
|
echo "/sbin/iptables -A eth0-root -s ${authorized_ip[$i]}/${authorized_netmask[$i]} -p tcp -m tcp --dport ${vm_port} --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT" >> "${RULES_FILE}"
|
|
fi
|
|
${IPTABLES} -I eth0-root -s $(CreoleGet one_master_ip) -p tcp -m tcp --dport ${vm_port} --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
|
|
[[ ${?} -eq 0 ]] && echo "/sbin/iptables -A eth0-root -s $(CreoleGet one_master_ip) -p tcp -m tcp --dport ${vm_port} --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT" >> "${RULES_FILE}"
|
|
done
|
|
}
|
|
|
|
|
|
function close_port()
|
|
{
|
|
vm_port=$(one_get_port ${1})
|
|
[[ -n "${vm_port}" ]] || return 2
|
|
rule_ids=$(${IPTABLES} -n --line-numbers -L eth0-root | awk "/dpt:${vm_port}/ {print \$1}")
|
|
for rule_id in ${rule_ids}
|
|
do
|
|
${IPTABLES} -D eth0-root ${rule_id}
|
|
if [[ $? -eq 0 ]]
|
|
then
|
|
sed -i "/--dport ${vm_port}/d" "${RULES_FILE}"
|
|
fi
|
|
done
|
|
}
|
|
|
|
|
|
action=${1}
|
|
template=${2}
|
|
|
|
case $action in
|
|
open)
|
|
open_port ${template}
|
|
exit $?
|
|
;;
|
|
close)
|
|
close_port ${template}
|
|
exit $?
|
|
;;
|
|
*)
|
|
echo "Unknown action '$action'" >&2
|
|
exit 127
|
|
;;
|
|
esac
|