[feat] add fw_reload to bitmaskctl

Some systems remove firewall rules, is usefull to be able to script the
reload of those rules in hooks or other custom systems.

- Resolves: #9289

3 files changed, 22 insertions, 1 deletions

diff --git a/src/leap/bitmask/cli/vpn.py b/src/leap/bitmask/cli/vpn.py
index 6917b15d..e1da2823 100644
--- a/src/leap/bitmask/cli/vpn.py
+++ b/src/leap/bitmask/cli/vpn.py
@@ -43,10 +43,11 @@ SUBCOMMANDS:
    get_cert   Get VPN Certificate from provider
    install    Install helpers (needs root)
    uninstall  Uninstall helpers (needs root)
+   fw_reload  Reload firewall rules
 
 '''.format(name=command.appname)
 
-    commands = ['stop', 'install', 'uninstall',
+    commands = ['stop', 'install', 'uninstall', 'fw_reload',
                 'enable', 'disable', 'locations', 'countries']
 
     def start(self, raw_args):
diff --git a/src/leap/bitmask/core/dispatcher.py b/src/leap/bitmask/core/dispatcher.py
index a4b8ce39..5d8c4f68 100644
--- a/src/leap/bitmask/core/dispatcher.py
+++ b/src/leap/bitmask/core/dispatcher.py
@@ -207,6 +207,11 @@ class VPNCmd(SubCommand):
         return d
 
     @register_method('dict')
+    def do_FW_RELOAD(self, vpn, *parts):
+        d = vpn.fw_reload()
+        return d
+
+    @register_method('dict')
     def do_CHECK(self, vpn, *parts):
         try:
             provider = parts[2]
diff --git a/src/leap/bitmask/vpn/service.py b/src/leap/bitmask/vpn/service.py
index 4ce573ba..da33e82b 100644
--- a/src/leap/bitmask/vpn/service.py
+++ b/src/leap/bitmask/vpn/service.py
@@ -182,6 +182,21 @@ class VPNService(HookableService):
             self.watchdog.stop()
         return {'result': 'vpn stopped'}
 
+    def fw_reload(self):
+        if not self._tunnel:
+            return {'result': 'VPN was not running'}
+
+        if self._firewall.is_up():
+            fw_ok = self._firewall.stop()
+            if not fw_ok:
+                self.log.error('Firewall: error stopping')
+
+        fw_ok = self._firewall.start()
+        if not fw_ok:
+            raise Exception('Could not start firewall')
+
+        return {'result': 'fw reloaded'}
+
     def push_status(self):
         try:
             statusdict = self.do_status()