I think it would need a new file in src/misc-progs - there doesn’t seem to be an existing file that does the firewall restart, but it’s easy enough to add a new one.
Hi Jon,
I just got your mail. So if I understand you correctly, you need a “Restart Firewall” button (which executes system('/etc/rc.d/init.d/firewall restart >/dev/null');) added to optionsfw.cgi?
Regards, Leo
Hi Matthias,
I had a quick look around the sources and I think I have an idea.
There is a file called “unboundctrl.c” which apparently is able to call init scripts. So I tried to figure out what they did differently.
This unboundctrl is used in three CGIs and I’m pretty sure it works as intended.
Now I think the missing piece of the puzzle is hidden in the Makefile. There is a list called “SUID_PROGS”:
I think your “optionsfwctrl.c” must be included in this list…? And then it should work. At least, I hope you haven’t tried that yet
I am not at all familiar with the IPFire 2 build system, so I could be wrong. Might be worth investigating though.
Many thanks for this tip - but sorry, I did this. But since I didn’t know it better, I used firewallctrl.c as “source” file.
Result (optionsfwctrl.c):
/* This file is part of the IPFire Firewall.
*
* This program is distributed under the terms of the GNU General Public
* Licence. See the file COPYING for details.
*
*/
#include <stdlib.h>
#include "setuid.h"
int main(void)
{
if (!(initsetuid()))
exit(1);
safe_system("/etc/rc.d/init.d/firewall restart >/dev/null 2>&1");
return 0;
}
The compiled file doesn’t work from GUI - but as root from a root console.
Did I miss something? In the ‘include’-lines? Or syntax?
I wrote a quick optionsfwctrl based on unboundctrl on my development system. Compiled and started from web interface via “system();”, I got this output:
Setting up firewall [ OK ]
Exit code was “0”
Is there a log entry or something so I can verify that this really worked?
Edit: Here is what I did after compile & copy to /usr/local/bin:
How did you do this? Starting from GUI never showed me an exit code!?
Based on your hint I modified unboundctrl.c - now testing.
Changing my existing optionsfwctrl.c to ‘root:nobody / 4750’ had no effect.
(Time passes…)
Ok - Done.
I took unboundctrl.c and rewrote it to execute safe_system("/etc/rc.d/init.d/firewall restart"); or safe_system("/etc/rc.d/init.d/firewall reload");
Used the same owner / rights as you.
Saving settings works but firewall does NOT restart. sigh
I still think that the main goal is the fact that the command /etc/rc.d/init.d/firewall restart needs to start a whole lot of ‘iptables’-commands with root privileges. And I just can’t get this to work from within GUI.
The adding - or deleting - of these rules has to be done with the command /etc/rc.d/init.d/firewall restart - and I like to trigger this through an added Save and Restart button at the end of optionsfw.cgi:
So when hitting Save not only the page settings are saved - as before - but additionally the firewall settings should be restarted “for changes to take effect”…
And because its the same procedure as before - plus a “few” tuning measures - the usual message appears after choosing Save And Restart: