Merge pull request hestiacp#332 from StudioMaX/patch-1

serghey-rodin · serghey-rodin · commit f78a07878f28 · 2015-02-24T02:33:46.000+02:00
Update v-update-firewall
diff --git a/bin/v-update-firewall b/bin/v-update-firewall
@@ -12,6 +12,7 @@
 # Defining absolute path for iptables and modprobe
 iptables="/sbin/iptables"
 modprobe="/sbin/modprobe"
+sysctl="/sbin/sysctl"
 
 # Includes
 source /etc/profile.d/vesta.sh
@@ -38,11 +39,16 @@ if [ ! -e "$rules" ]; then
     exit
 fi
 
+$sysctl net.netfilter.nf_conntrack_max >/dev/null 2>&1
+if [ $? -ne 0 ]; then
+    conntrack='no'
+fi
+
 # Checking conntrack module avaiabilty
 $modprobe nf_conntrack >/dev/null 2>&1
 $modprobe nf_conntrack_ftp >/dev/null 2>&1
 if [ $? -ne 0 ]; then
-    stateful='no'
+    conntrack_ftp='no'
 fi
 
 # Creating temporary file
@@ -75,7 +81,7 @@ for line in $(sort -r -n -k 2 -t \' $rules); do
 
         # Checking FTP for contrack module
         if [ "$TYPE" = "FTP" ] || [ "$PORT" = '21' ]; then
-            if [ "$stateful" != 'no' ]; then
+            if [ "$conntrack_ftp" != 'no' ]; then
                 state="-m conntrack --ctstate NEW"
             else
                 port="-m multiport --dports 20,21,12000:12100"
@@ -101,7 +107,7 @@ for p_rule in $(cat $ports); do
 done
 
 # Enabling stateful support
-if [ "$stateful" != 'no' ]; then
+if [ "$conntrack" != 'no' ]; then
     str="$iptables -A INPUT -p tcp -m state"
     str="$str --state ESTABLISHED,RELATED -j ACCEPT"
     echo "$str" >> $tmp
