Use actual ports when setting up firewall

2026-03-20 16:50:24 +00:00 · 2009-01-04 08:40:52 +00:00
parent aaed801ce6
commit b4d9a3a2ed
2 changed files with 26 additions and 6 deletions
--- a/firewall/CHANGELOG
+++ b/firewall/CHANGELOG
@@ -22,3 +22,4 @@ Show SNAT and masquerade inputs in custom NAT chains.
 ---- Changes since 1.440 ----
 DNS queries are now allowed when the firewall is setup for web hosting.
 Rule coments using --comment containing spaces or - are now properly parsed.
+When initializing the firewall, the actual ports for Webmin, Usermin and SSHd are used instead of the standard ports.
--- a/firewall/setup.cgi
+++ b/firewall/setup.cgi
@@ -28,6 +28,25 @@ else {
 	&backquote_logged("iptables-save >$iptables_save_file 2>&1");
 	}

+# Get important variable ports
+&get_miniserv_config(\%miniserv);
+$webmin_port = $miniserv{'port'} || 10000;
+$webmin_port2 = $webmin_port + 10;
+$usermin_port = undef;
+if (&foreign_installed("usermin")) {
+	&foreign_require("usermin", "usermin-lib.pl");
+	&usermin::get_usermin_miniserv_config(\%uminiserv);
+	$usermin_port = $uminiserv{'port'};
+	}
+$usermin_port ||= 20000;
+$ssh_port = undef;
+if (&foreign_installed("sshd")) {
+	&foreign_require("sshd", "sshd-lib.pl");
+	$conf = &sshd::get_sshd_config();
+	$ssh_port = &sshd::find_value("Port", $conf);
+	}
+$ssh_port ||= 2;
+
 if ($in{'auto'}) {
 	@tables = &get_iptables_save();
 	if ($in{'auto'} == 1) {
@@ -115,7 +134,7 @@ if ($in{'auto'}) {
 			     { 'chain' => 'INPUT',
 			       'm' => [ [ "", "tcp" ] ],
 			       'p' => [ "", "tcp" ],
-			       'dport' => [ "", "ssh" ],
+			       'dport' => [ "", $ssh_port ],
 			       'j' => [ "", 'ACCEPT' ],
 			       'cmt' => 'Allow connections to our SSH server' },
 			     { 'chain' => 'INPUT',
@@ -195,7 +214,7 @@ if ($in{'auto'}) {
 			     { 'chain' => 'INPUT',
 			       'm' => [ [ "", "tcp" ] ],
 			       'p' => [ "", "tcp" ],
-			       'dport' => [ "", "25" ],
+			       'dport' => [ "", "25,587" ],
 			       'j' => [ "", 'ACCEPT' ],
 			       'cmt' => 'Allow connections to mail server' },
 			     { 'chain' => 'INPUT',
@@ -207,25 +226,25 @@ if ($in{'auto'}) {
 			     { 'chain' => 'INPUT',
 			       'm' => [ [ "", "tcp" ] ],
 			       'p' => [ "", "tcp" ],
-			       'dport' => [ "", "110" ],
+			       'dport' => [ "", "110,995" ],
 			       'j' => [ "", 'ACCEPT' ],
 			       'cmt' => 'Allow connections to POP3 server' },
 			     { 'chain' => 'INPUT',
 			       'm' => [ [ "", "tcp" ] ],
 			       'p' => [ "", "tcp" ],
-			       'dport' => [ "", "143" ],
+			       'dport' => [ "", "143,220,993" ],
 			       'j' => [ "", 'ACCEPT' ],
 			       'cmt' => 'Allow connections to IMAP server' },
 			     { 'chain' => 'INPUT',
 			       'm' => [ [ "", "tcp" ] ],
 			       'p' => [ "", "tcp" ],
-			       'dport' => [ "", "10000:10010" ],
+			       'dport' => [ "",$webmin_port.":".$webmin_port2 ],
 			       'j' => [ "", 'ACCEPT' ],
 			       'cmt' => 'Allow connections to Webmin' },
 			     { 'chain' => 'INPUT',
 			       'm' => [ [ "", "tcp" ] ],
 			       'p' => [ "", "tcp" ],
-			       'dport' => [ "", "20000" ],
+			       'dport' => [ "", $usermin_port ],
 			       'j' => [ "", 'ACCEPT' ],
 			       'cmt' => 'Allow connections to Usermin' },
 				);