VestaCP offers an API which allows the firewall rules to be changed, but I could only find examples which use PHP and cURL and I required a script which would work as a Bash script. I've created a script below which you're free to use.
- Ensure your host URL, admin username and password are correct on line 21 to 23.
- Replace the content within the 'VESTACP_CMD' variable with your firewall API command, either
v-unsuspend-firewall-ruleorv-suspend-firewall-rule - You will need to find the ID for the firewall rule you wish to amend. The easiest way I have found these is by using either Chrome or FireFox's Dev tools, look for
v_unit_id="XX"on the DIV wrapping your rule. Once you have found the ID, replace the content within the 'VESTACP_FIREWALL_RULE' variable with your ID. Some screenshots:\
- Save the file as
firewall-change.sh - Make the file executable by running
chmod +x firewall-change.sh - Now you can run the the file with
./firewall-change.sh
The full script:
#!/bin/bash
## VestaCP firewall change script
## Author: Ryan Fitton (ryanfitton.co.uk)
## Version 1.0.0
##
## Tested on VestaCP up to version '0.9.8-18'
##
## Usage: run 'sudo sh ./firewall-change.sh' to change the firewall rules
## Ensure the script is set to be executable by running 'chmod +x firewall-change.sh'
##
## API return messages
## Success: `OK`
## Already suspended: `Error: rules X is suspended`
## Already unsuspended: `Error: rules X is not suspended`
##
## Required software libaries:
## 'curl' Used for check if the file exists on the FTP server via the 'curl' command
#VestaCP connection details
VESTACP_SERVER="https://youripaddresshere:8083/api/" #Host URL
VESTACP_USER="admin" #Admin username
VESTACP_PASSWORD="youradminpasswordhere" #Admin password
#VestaCP command
#Possible commands:
# v-unsuspend-firewall-rule
# v-suspend-firewall-rule
VESTACP_CMD="v-suspend-firewall-rule"
#VestaCP firewall rule rule setup within the VestaCP firewall table
VESTACP_FIREWALL_RULE="1" #Replace 1 with the Firewall rule ID
# -------------------- Nothing to change after this point --------------------
#Should not need to change these
VESTACP_OUTPUT_FORMAT="json"
VESTACP_API_SUCCESS_OUTPUT="OK" #Text which is checked for a successul outcome
# Clear terminal window
clear
# Welcome/Start message
echo "****************************************"
echo "VestaCP firewall change script"
echo "Author: Ryan Fitton (ryanfitton.co.uk)"
echo "Version 1.0.0"
echo "****************************************"
printf "\n"
#Un-suspending the Firewall rule
echo "Changing the Firewall rule."
echo "..."
#Run Curl command
if curl -s --insecure -d 'user='$VESTACP_USER --data-urlencode 'password='$VESTACP_PASSWORD -d 'cmd='$VESTACP_CMD -d 'arg1='$VESTACP_FIREWALL_RULE -d 'arg2='$VESTACP_OUTPUT_FORMAT -X POST $VESTACP_SERVER | grep "$VESTACP_API_SUCCESS_OUTPUT"
#If the output matches, this is a success
then
echo "Success: rule has been changed."
echo "Process finished successfully."
exit 0 # Successful exit
#Else, failure as the output does not match
else
echo "Failure: cannot change rule."
echo "Process finished with errors."
exit 1 # Exit with general error
fi