MOON
Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
System: Linux csr818.wilogic.com 2.6.18-419.el5xen #1 SMP Fri Feb 24 22:50:37 UTC 2017 x86_64
User: digitals (531)
PHP: 5.4.45
Disabled: NONE
$ pwd: /scripts.20110531.215904.25158/
Upload Files
File: //scripts.20110531.215904.25158/configure_rh_firewall_for_cpanel
#!/usr/bin/perl
# cpanel - scripts/configure_rh_filewall_for_cpanel
#                                                 Copyright(c) 2010 cPanel, Inc.
#                                                           All rights Reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

BEGIN { unshift @INC, '/usr/local/cpanel'; }

use Cpanel::StringFunc::File ();
use Cpanel::LoadFile         ();

my $system_config_securitylevel_file = '/etc/sysconfig/system-config-securitylevel';
my $iptables_file                    = '/etc/sysconfig/iptables';

if (! -e $system_config_securitylevel_file) {
    print "this tool is not supported on this system (missing $system_config_securitylevel_file)\n";
    exit;
}

if (! -e $iptables_file) {
    print "this tool is not supported on this system (missing $iptables_file)\n";
    exit;
}


my $system_config_securitylevel = Cpanel::LoadFile::loadfile($system_config_securitylevel_file);

if ( $system_config_securitylevel !~ m/^\s*--enable/m ) {
    print "system filewall not enabled or configured\n";
    exit;
}

my @PORTS = qw(2082 2083 2095 2096 2086 2087 25 26 21 22 53 80 110 143 443 465 993 995 2077 2078 3306 8080);

my $has_all_ports = 1;
foreach my $port (@PORTS) {
    if ( $system_config_securitylevel !~ m/^\s*--port=$port/m ) { $has_all_ports = 0; last; }
}

if ($has_all_ports) {
    print "system is already configured for all needed ports\n";
    exit;
}

my($iptables_lines_changes,$system_config_securitylevel_lines_changes);

#
# add_lines_to_file_after will not add duplicate lines in the 2nd argument
#
my ( $result, $msg, $iptables_lines_changes ) = Cpanel::StringFunc::File::add_lines_to_file_after( $iptables_file, [ map { "-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport $_ -j ACCEPT" } @PORTS ], [ '-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT', '-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT' ] );
print "$msg ($iptables_file)\n";

if ($result) {
#
# add_lines_to_file_after will not add duplicate lines in the 2nd argument
#
    ( $result, $msg, $system_config_securitylevel_lines_changes ) = Cpanel::StringFunc::File::add_lines_to_file_after( $system_config_securitylevel_file, [ map { "--port=$_:tcp" } @PORTS ], [ '--port=22:tcp', '--enabled' ] );
    print "$msg ($system_config_securitylevel_file)\n";
}

if ( ( $iptables_lines_changes || $system_config_securitylevel_lines_changes )  && -x '/sbin/service') {
    exec '/sbin/service','iptables','restart';
}
@ Telegram