[feat] add fw_reload to bitmaskctl

Some systems remove firewall rules, is usefull to be able to script the reload of those rules in hooks or other custom systems. - Resolves: #9289

[feat] add fw_reload to bitmaskctl
513a1c15 · meskio · 22c9d163 · 513a1c15 · 513a1c15 · 513a1c15
Verified Commit 513a1c15 authored 7 years ago by meskio
--- a/src/leap/bitmask/cli/vpn.py
+++ b/src/leap/bitmask/cli/vpn.py
@@ -43,10 +43,11 @@ SUBCOMMANDS:
   get_cert   Get VPN Certificate from provider
   install    Install helpers (needs root)
   uninstall  Uninstall helpers (needs root)
+   fw_reload  Reload firewall rules

 '''.format(name=command.appname)

-    commands = ['stop', 'install', 'uninstall',
+    commands = ['stop', 'install', 'uninstall', 'fw_reload',
                'enable', 'disable', 'locations', 'countries']

    def start(self, raw_args):

--- a/src/leap/bitmask/core/dispatcher.py
+++ b/src/leap/bitmask/core/dispatcher.py
@@ -206,6 +206,11 @@ class VPNCmd(SubCommand):
        autostart_app('off')
        return d

+    @register_method('dict')
+    def do_FW_RELOAD(self, vpn, *parts):
+        d = vpn.fw_reload()
+        return d
+
    @register_method('dict')
    def do_CHECK(self, vpn, *parts):
        try:

--- a/src/leap/bitmask/vpn/service.py
+++ b/src/leap/bitmask/vpn/service.py
@@ -182,6 +182,21 @@ class VPNService(HookableService):
            self.watchdog.stop()
        return {'result': 'vpn stopped'}

+    def fw_reload(self):
+        if not self._tunnel:
+            return {'result': 'VPN was not running'}
+
+        if self._firewall.is_up():
+            fw_ok = self._firewall.stop()
+            if not fw_ok:
+                self.log.error('Firewall: error stopping')
+
+        fw_ok = self._firewall.start()
+        if not fw_ok:
+            raise Exception('Could not start firewall')
+
+        return {'result': 'fw reloaded'}
+
    def push_status(self):
        try:
            statusdict = self.do_status()