Testing DNS Redirect code snippet

Networking
18

Hi Jon,

···

On 19.12.2020 23:28, Jon via IPFire Community wrote:

Wild suggestion… Instead of doing this:

system("/etc/rc.d/init.d/firewall restart >/dev/null 2>&1 ");

Maybe do this:

system("/usr/local/bin/firewallctrl");

found here:
https://github.com/ipfire/ipfire-2.x/blob/master/config/cfgroot/general-functions.pl#L1147-L1149
 

 

BTDT. :wink:

I created ‘optionsfwctrl.c’ - it looks like this:

/* This file is part of the IPFire Firewall.
 *
 * This program is distributed under the terms of the GNU General Public
 * Licence.  See the file COPYING for details.
 *
 */

#include <stdlib.h>
#include "setuid.h"

int main(void)
{
	if (!(initsetuid()))
		exit(1);

	safe_system("/etc/rc.d/init.d/firewall restart");

	return 0;
}

Same behavior. The ‘save’ command is OK, but ‘optionsfwctrl.c’ doesn’t
run from GUI. From a root console: OK.

Second suggestion…

I’ve look at the code a few time but I am having a terrible time following it all (the existing firewall code. not your updated code).

I’m with you. It’s not easy…

The only “cheap and dirty” solution I can suggest is to copy the code segments from either this:

https://github.com/ipfire/ipfire-2.x/blob/master/html/cgi-bin/location-block.cgi#L76-L91

-or this-

https://github.com/ipfire/ipfire-2.x/blob/master/html/cgi-bin/p2p-block.cgi#L67-L79

and have the user click Apply changes on the firewall.cgi page. It may not be the best way but it is the current and it is familiar…

The way I see it, this is not sufficient.

The problem is I can’t start a program from GUI which needs root
rights. In this case I need a complete restart of the firewall init
script, including ‘iptables’.

What I’m trying to achieve:

  1. Open GUI, Pick your choices (Force DNS ON/OFF, whatever).

  2. Write this settings to the settings file.
    No problem until here.

  3. Then I must run '/etc/rc.d/init.d/firewall restart, including all
    kinds of ‘iptables’-commands.
    And this is were the trouble begins. I’m not allowed to do this from
    GUI. I must be root to do this.

Workaround could be:
The CGI writes the settings file and a signal-file while another
process looks for the existence of this file and restarts the firewall.
Could perhaps be done with a minutely (or ‘cyclic’ = every five
minutes) cron job.

Something like:
if exist FORCE_DNS_SIGNAL-file then;
restart firewall and delete FORCE_DNS_SIGNAL-file. :wink:
fi

I hadn’t much time in the last weeks, but I’m still at it…I have a few
ideas…

Best,
Matthias