function updateFirewallRules($firstrun = false)
{
// Signature validation and firewall driver
global $v, $driver, $services, $thissvc;
// Flush cache, read what the system thinks the firewall rules are.
$driver->refreshCache();
// Delete our safemode flag if it exists.
if (file_exists("/var/run/firewalld.safemode")) {
unlink("/var/run/firewalld.safemode");
}
// Make sure the rules haven't been disturbed, and aren't corrupt
if (!$firstrun && !$driver->validateRunning()) {
// This is bad.
wall("Firewall Rules corrupted! Restarting in 5 seconds");
Lock::unLock($thissvc);
// Wait 4 seconds to give incron a chance to catch up
sleep(4);
// Restart me.
fclose(fopen("/var/spool/asterisk/incron/firewall.firewall", "a"));
exit;
}
$getservices = getServices();
// Make sure we actually received stuff..
if (!isset($getservices['smartports'])) {
return false;
}
// Root-only updates:
// SSH is only readable by root
$ssh = $services->getService("ssh");
if ($ssh['guess'] == true) {
throw new \Exception("Root user unable to retrieve sshd port! This is a bug!");
}
$getservices['services']['ssh']['fw'] = $ssh['fw'];
$zones = array("reject" => "reject", "external" => "external", "other" => "other", "internal" => "internal", "trusted" => "trusted");
// This is the list of services we should have.
$validservices = array();
foreach ($getservices['services'] as $s => $settings) {
// Keep this service for later
$validservices[$s] = $s;
// Make sure the service is configured correctly
if (isset($settings['fw'])) {
$driver->updateService($s, $settings['fw']);
} else {
$driver->updateService($s, false);
}
// Assign the service to the required zones
$myzones = array("addto" => array(), "removefrom" => $zones);
if (!empty($settings['zones']) && is_array($settings['zones'])) {
foreach ($settings['zones'] as $z) {
unset($myzones['removefrom'][$z]);
$myzones['addto'][$z] = $z;
}
}
$driver->updateServiceZones($s, $myzones);
}
// Update RTP rules
$rtp = $getservices['smartports']['rtp'];
// UDPTL is T38.
$udptl = $getservices['smartports']['udptl'];
$driver->setRtpPorts($rtp, $udptl);
// Update our knownhosts targets
$driver->updateTargets($getservices);
// And permit our registrations through
$driver->updateRegistrations($getservices['smartports']['registrations']);
// Update blacklist
$driver->updateBlacklist($getservices['blacklist']);
// Update our custom ports
$custrules = $getservices['custom'];
foreach ($custrules as $id => $rule) {
// Keep this service for later
$validservices[$id] = $id;
$c = $rule['custfw'];
// If it has a comma, it's multiple ports.
$requestedports = explode(",", $c['port']);
$realports = array();
// Have we been given a range? (eg, "1234:5678")
foreach ($requestedports as $port) {
if (strpos($port, ":") !== false) {
// Sanity check that the numbers are in the correct order, and are, in fact,
// numbers.
$range = explode(":", $c['port']);
if (!isset($range[1])) {
// This is invalid, we need two digits
continue;
}
$start = (int) $range[0];
$end = (int) $range[1];
if ($start > $end) {
$lowest = $end;
$highest = $start;
} else {
$lowest = $start;
$highest = $end;
}
if ($lowest < 1 || $highest > 65534) {
// Invalid
continue;
}
$realports[] = "{$lowest}:{$highest}";
} else {
// It should just be a number.
$realnum = (int) $port;
if ($realnum > 65534 || $realnum < 1) {
continue;
}
$realports[] = $realnum;
}
}
// Create our '$ports' array for the driver.
$ports = array();
if ($c['protocol'] == "both" || $c['protocol'] == "tcp") {
foreach ($realports as $p) {
$ports[] = array("protocol" => "tcp", "port" => $p);
}
}
if ($rule['custfw']['protocol'] == "both" || $rule['custfw']['protocol'] == "udp") {
foreach ($realports as $p) {
$ports[] = array("protocol" => "udp", "port" => $p);
}
}
$driver->updateService($id, $ports);
// Assign the service to the required zones
$myzones = array("addto" => array(), "removefrom" => $zones);
foreach ($rule['zones'] as $z) {
unset($myzones['removefrom'][$z]);
$myzones['addto'][$z] = $z;
}
$driver->updateServiceZones($id, $myzones);
}
// Update the Host DDNS entries.
$driver->updateHostZones($getservices['hostmaps']);
// Now, purge any services that no longer exist
$active = $driver->getActiveServices();
foreach ($active as $as) {
if (!isset($validservices[$as])) {
// This should be removed
$driver->removeService($as);
}
}
// Set the firewall to drop or reject mode.
if ($getservices['dropinvalid']) {
$driver->setRejectMode(true, false);
} else {
$driver->setRejectMode(false, false);
}
}
}
} else {
$pagination = have_wall(array('firstchar' => isset($_GET['firstchar']) ? $_GET['firstchar'] : ''));
echo '<div class="title">My Wall <span style="float: right;">' . ($pagination['results'] ? $pagination['results'] . ' ' . (is_first($pagination['results']) ? 'coupon' : 'coupons') : 'Nothing found yet') . '</span></div>';
echo '<div style="margin-bottom: 20px;">
<ul class="category">
<li class="active">Coupons</li>';
if (theme_has_products()) {
echo '<li><a href="' . get_update(array('type' => 'products', 'page' => 1)) . '">Products</a></li>';
}
echo '</ul>
</div>';
if ($pagination['results']) {
foreach (wall(array('firstchar' => isset($_GET['firstchar']) ? $_GET['firstchar'] : '')) as $item) {
echo '<article class="array_item">
<div class="table">
<div class="left">
<img src="' . store_avatar($item->store_img) . '" alt="">
<span class="rating"><span style="width:' . $item->stars * 16 . 'px;"></span></span>
<a href="' . $item->store_reviews_link . '">' . $item->reviews . ' reviews</a>';
echo !empty($item->cashback) ? '<span class="cashback-points" data-ttip="Great! Use it and you\'ll receive ' . $item->cashback . ' points.">' . $item->cashback . '</span> ' : '';
echo '</div>
<div class="right">
<a href="' . $item->link . '" class="title">' . $item->title . '</a>
More coupons for <a href="' . $item->store_link . '">' . $item->store_name . '</a>
<div class="description">' . (!empty($item->description) ? nl2br($item->description) : 'no description') . '</div>
