[Security] Change port HESTIA chain when changing port via UI / CLI (#…

…2465) * HESTIA chain config on port change * Update upgrade script * Use v-update-firewall instead of restart Co-authored-by: Raphael <rs@scit.ch>
hestiacp · Mar 13, 2022 · 91081b0 · 91081b0
1 parent 055f44b
commit 91081b0
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 2 deletions.
diff --git a/bin/v-change-sys-port b/bin/v-change-sys-port
@@ -73,6 +73,11 @@ else
     fi
     sed -i "/COMMENT='HESTIA'/c\RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='$PORT' IP='0.0.0.0/0' COMMENT='HESTIA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'" $HESTIA/data/firewall/rules.conf
 
+    # Update F2B chains config
+    if [ -f "$HESTIA/data/firewall/chains.conf" ]; then
+        sed -i "s/PORT='$ORIGINAL_PORT'/PORT='$PORT'/g" $HESTIA/data/firewall/chains.conf
+    fi
+
     # Restart services
     if [ -n "$FIREWALL_SYSTEM" ] && [ "$FIREWALL_SYSTEM" != no ]; then
         $HESTIA/bin/v-restart-service iptables

diff --git a/install/upgrade/versions/1.5.10.sh b/install/upgrade/versions/1.5.10.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Hestia Control Panel upgrade script for target version 1.5.9
+# Hestia Control Panel upgrade script for target version 1.5.10
 
 #######################################################################################
 #######                      Place additional commands below.                   #######

diff --git a/install/upgrade/versions/1.5.11.sh b/install/upgrade/versions/1.5.11.sh
@@ -15,8 +15,30 @@
 ####### You can use \n within the string to create new lines.                   #######
 #######################################################################################
 
-# Fix Roundcube logdir permission
+upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
+upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
+upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
+upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
+upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
+
+PORT=$(cat $HESTIA/nginx/conf/nginx.conf | grep "listen" | sed 's/[^0-9]*//g')
 
+if [ "$PORT" != "8083" ]; then 
+    # Update F2B chains config
+    if [ -f "$HESTIA/data/firewall/chains.conf" ]; then
+        # Update value in chains.conf
+        sed -i "s/PORT='8083'/PORT='$PORT'/g" $HESTIA/data/firewall/chains.conf
+    fi
+
+    # Restart services
+    if [ -n "$FIREWALL_SYSTEM" ] && [ "$FIREWALL_SYSTEM" != no ]; then
+        $HESTIA/bin/v-stop-firewall
+        $HESTIA/bin/v-update-firewall
+
+    fi
+fi
+
+# Fix Roundcube logdir permission
 if [ -d "/var/log/roundcube" ]; then
     chown www-data:www-data /var/log/roundcube
 fi