Optional monitoring ports

skalenetwork · Dec 4, 2024 · f25d4b6 · f25d4b6
1 parent 3f9de98
commit f25d4b6
Show file tree

Hide file tree

Showing 8 changed files with 83 additions and 154 deletions.
diff --git a/node_cli/cli/node.py b/node_cli/cli/node.py
@@ -239,12 +239,13 @@ def check(network):
     run_checks(network)
 
 
-@node.command(help='Reconfigure iptables rules')
+@node.command(help='Reconfigure nftables rules')
+@click.option('--monitoring', is_flag=True)
 @click.option('--yes', is_flag=True, callback=abort_if_false,
               expose_value=False,
               prompt='Are you sure you want to reconfigure firewall rules?')
-def configure_firewall():
-    configure_firewall_rules()
+def configure_firewall(monitoring):
+    configure_firewall_rules(enable_monitoring=monitoring)
 
 
 @node.command(help='Show node version information')

diff --git a/node_cli/core/checks.py b/node_cli/core/checks.py
@@ -422,7 +422,7 @@ def docker_compose(self) -> CheckResult:
             return self._failed(name=name, info=info)
 
         v_cmd_result = run_cmd(
-            ['docker compose', 'version'],
+            ['docker', 'compose', 'version'],
             check_code=False,
             separate_stderr=True
         )

diff --git a/node_cli/core/nftables.py b/node_cli/core/nftables.py
@@ -287,7 +287,7 @@ def add_loopback_rule(self, chain) -> None:
         else:
             logger.info('Loopback rule already exists in chain %s', chain)
 
-    def setup_firewall(self) -> None:
+    def setup_firewall(self, enable_monitoring: bool = False) -> None:
         """Setup firewall rules"""
         try:
             self.create_table_if_not_exists()
@@ -306,6 +306,8 @@ def setup_firewall(self) -> None:
             self.add_connection_tracking_rule(self.chain)
 
             tcp_ports = [get_ssh_port(), 8080, 443, 53, 3009, 9100]
+            if enable_monitoring:
+                tcp_ports.extend([8080, 9100])
             for port in tcp_ports:
                 self.add_rule_if_not_exists(Rule(chain=self.chain, protocol='tcp', port=port))
 
@@ -330,7 +332,7 @@ def setup_firewall(self) -> None:
             raise NFTablesError(e)
 
 
-def configure_nftables() -> None:
+def configure_nftables(enable_monitoring: bool = False) -> None:
     nft_mgr = NFTablesManager()
-    nft_mgr.setup_firewall()
+    nft_mgr.setup_firewall(enable_monitoring=enable_monitoring)
     logger.info('Firewall setup completed successfully')