From 4ffa926a77d16f36556584a61188e57cf6969386 Mon Sep 17 00:00:00 2001
From: devdatt <shreebhattji@urmic.org>
Date: Sat, 27 Dec 2025 14:06:09 +0530
Subject: [PATCH] ufw

---
 encoder/firewall.php                          | 15 ++++++++
 ...b6679b8d8815a2ec8e5524407f1b25d6eb1c46.php | 36 -------------------
 2 files changed, 15 insertions(+), 36 deletions(-)
 delete mode 100755 encoder/setup/ac4d5de9f5785044565fe1fd9578413738e9b7c9c4df6fd4dae247d8d2828c4e2a490b9edb0d6c84f5a1b6679b8d8815a2ec8e5524407f1b25d6eb1c46.php

diff --git a/encoder/firewall.php b/encoder/firewall.php
index 21da598..27291e8 100644
--- a/encoder/firewall.php
+++ b/encoder/firewall.php
@@ -21,6 +21,10 @@ if (is_file($jsonFile)) {
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 
+    exec("sudo ufw reset");
+    exec("sudo ufw default allow outgoing");
+    exec("sudo ufw default deny incoming");
+
     foreach ($defaults as $port => $_) {
         $data[$port] = trim($_POST["port_$port"] ?? '');
     }
@@ -31,6 +35,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         json_encode($data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES)
     );
     rename($tmp, $jsonFile);
+
+    foreach ($data as $port => $value) {
+        $tmp = explode(",", trim($value));
+        if (count($tmp) > 0)
+            foreach ($tmp as $ip)
+                exec("sudo ufw allow in on " . $port . " from " . $ip);
+        else
+            exec("sudo ufw allow " . $port);
+    }
+
+    exec("sudo ufw --force enable");
 }
 ?>
 
diff --git a/encoder/setup/ac4d5de9f5785044565fe1fd9578413738e9b7c9c4df6fd4dae247d8d2828c4e2a490b9edb0d6c84f5a1b6679b8d8815a2ec8e5524407f1b25d6eb1c46.php b/encoder/setup/ac4d5de9f5785044565fe1fd9578413738e9b7c9c4df6fd4dae247d8d2828c4e2a490b9edb0d6c84f5a1b6679b8d8815a2ec8e5524407f1b25d6eb1c46.php
deleted file mode 100755
index 9c96105..0000000
--- a/encoder/setup/ac4d5de9f5785044565fe1fd9578413738e9b7c9c4df6fd4dae247d8d2828c4e2a490b9edb0d6c84f5a1b6679b8d8815a2ec8e5524407f1b25d6eb1c46.php
+++ /dev/null
@@ -1,36 +0,0 @@
-<?php
-
-$ethInterfaces = [];
-
-foreach (scandir('/sys/class/net') as $iface) {
-    if ($iface === '.' || $iface === '..' || $iface === 'lo') {
-        continue;
-    }
-
-    $base = "/sys/class/net/$iface";
-
-    // Must be physical hardware
-    if (!is_dir("$base/device")) {
-        continue;
-    }
-
-    // Exclude wireless
-    if (is_dir("$base/wireless")) {
-        continue;
-    }
-
-    // Must be Ethernet
-    $type = @file_get_contents("$base/type");
-    if (trim($type) !== '1') {
-        continue;
-    }
-
-    $ethInterfaces[] = $iface;
-}
-
-$ethInterface = "";
-
-$ethInterfaces
-    ? $ethInterface = $ethInterfaces[0]
-    : 'No physical wired Ethernet NIC found';
-