diff --git a/src/network.js b/src/network.js index 9741d2737..269943df4 100644 --- a/src/network.js +++ b/src/network.js @@ -56,6 +56,15 @@ async function getBlocklist() { return value ? value.toString('utf8') : ''; } +async function applyBlocklist() { + const blocklist = await getBlocklist(); + + if (!safe.fs.writeFileSync(paths.FIREWALL_BLOCKLIST_FILE, blocklist + '\n', 'utf8')) throw new BoxError(BoxError.FS_ERROR, safe.error.message); + + const [error] = await safe(shell.sudo([ SET_BLOCKLIST_CMD ], {})); + if (error) throw new BoxError(BoxError.IPTABLES_ERROR, `Error setting blocklist: ${error.message}`); +} + async function setBlocklist(blocklist, auditSource) { assert.strictEqual(typeof blocklist, 'string'); assert.strictEqual(typeof auditSource, 'object'); @@ -84,11 +93,7 @@ async function setBlocklist(blocklist, auditSource) { // store in blob since the value field is TEXT and has 16kb size limit await settings.setBlob(settings.FIREWALL_BLOCKLIST_KEY, Buffer.from(blocklist)); - // this is done only because it's easier for the shell script and the firewall service to get the value - if (!safe.fs.writeFileSync(paths.FIREWALL_BLOCKLIST_FILE, blocklist + '\n', 'utf8')) throw new BoxError(BoxError.FS_ERROR, safe.error.message); - - const [error] = await safe(shell.sudo([ SET_BLOCKLIST_CMD ], {})); - if (error) throw new BoxError(BoxError.IPTABLES_ERROR, `Error setting blocklist: ${error.message}`); + await applyBlocklist(); } async function getDynamicDns() { @@ -189,6 +194,7 @@ export default { testIPv4Config, testIPv6Config, + applyBlocklist, getBlocklist, setBlocklist, diff --git a/src/provision.js b/src/provision.js index 0c663eb9e..616153628 100644 --- a/src/provision.js +++ b/src/provision.js @@ -190,6 +190,7 @@ async function restoreTask(backupSite, remotePath, ipv4Config, ipv6Config, optio await ensureDhparams(); await network.setIPv4Config(ipv4Config); await network.setIPv6Config(ipv6Config); + await network.applyBlocklist(); await reverseProxy.reprovision(); await backupSites.reinitAll();