diff --git a/src/firewall.py b/src/firewall.py index 3ed33da61a..7dcd1a1904 100644 --- a/src/firewall.py +++ b/src/firewall.py @@ -38,7 +38,6 @@ def firewall_allow( ipv6_only=False, no_upnp=False, no_reload=False, - reload_only_if_change=False, ): """ Allow connections on a port @@ -76,20 +75,14 @@ def firewall_allow( "ipv6", ] - changed = False - for p in protocols: # Iterate over IP versions to add port for i in ipvs: if port not in firewall[i][p]: firewall[i][p].append(port) - changed = True else: ipv = "IPv%s" % i[3] - if not reload_only_if_change: - logger.warning( - m18n.n("port_already_opened", port=port, ip_version=ipv) - ) + logger.warning(m18n.n("port_already_opened", port=port, ip_version=ipv)) # Add port forwarding with UPnP if not no_upnp and port not in firewall["uPnP"][p]: firewall["uPnP"][p].append(port) @@ -101,9 +94,7 @@ def firewall_allow( # Update and reload firewall _update_firewall_file(firewall) - if (not reload_only_if_change and not no_reload) or ( - reload_only_if_change and changed - ): + if not no_reload: return firewall_reload() @@ -114,7 +105,6 @@ def firewall_disallow( ipv6_only=False, upnp_only=False, no_reload=False, - reload_only_if_change=False, ): """ Disallow connections on a port @@ -159,20 +149,14 @@ def firewall_disallow( elif upnp_only: ipvs = [] - changed = False - for p in protocols: # Iterate over IP versions to remove port for i in ipvs: if port in firewall[i][p]: firewall[i][p].remove(port) - changed = True else: ipv = "IPv%s" % i[3] - if not reload_only_if_change: - logger.warning( - m18n.n("port_already_closed", port=port, ip_version=ipv) - ) + logger.warning(m18n.n("port_already_closed", port=port, ip_version=ipv)) # Remove port forwarding with UPnP if upnp and port in firewall["uPnP"][p]: firewall["uPnP"][p].remove(port) @@ -182,9 +166,7 @@ def firewall_disallow( # Update and reload firewall _update_firewall_file(firewall) - if (not reload_only_if_change and not no_reload) or ( - reload_only_if_change and changed - ): + if not no_reload: return firewall_reload() diff --git a/src/utils/resources.py b/src/utils/resources.py index e2400e91d8..2abb4d603b 100644 --- a/src/utils/resources.py +++ b/src/utils/resources.py @@ -1291,7 +1291,14 @@ def _port_is_used(self, port): return used_by_process or used_by_app or used_by_self_provisioning def provision_or_update(self, context: Dict = {}): - from yunohost.firewall import firewall_allow, firewall_disallow + from yunohost.firewall import ( + firewall_allow, + firewall_disallow, + firewall_list, + firewall_reload, + ) + + previous_ports = firewall_list(raw=True) for name, infos in self.ports.items(): setting_name = f"port_{name}" if name != "main" else "port" @@ -1322,23 +1329,27 @@ def provision_or_update(self, context: Dict = {}): self.set_setting(setting_name, port_value) if infos["exposed"]: - firewall_allow(infos["exposed"], port_value, reload_only_if_change=True) + firewall_allow(infos["exposed"], port_value, no_reload=True) else: - firewall_disallow( - infos["exposed"], port_value, reload_only_if_change=True - ) + firewall_disallow(infos["exposed"], port_value, no_reload=True) + + if firewall_list(raw=True) != previous_ports: + firewall_reload() def deprovision(self, context: Dict = {}): - from yunohost.firewall import firewall_disallow + from yunohost.firewall import firewall_disallow, firewall_list, firewall_reload + + previous_ports = firewall_list(raw=True) for name, infos in self.ports.items(): setting_name = f"port_{name}" if name != "main" else "port" value = self.get_setting(setting_name) self.delete_setting(setting_name) if value and str(value).strip(): - firewall_disallow( - infos["exposed"], int(value), reload_only_if_change=True - ) + firewall_disallow(infos["exposed"], int(value), no_reload=True) + + if firewall_list(raw=True) != previous_ports: + firewall_reload() class DatabaseAppResource(AppResource):