free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Firewall for IP addresses

This commit is contained in:
Bob Mottram 2017-07-10 11:29:29 +01:00
parent 7552dc20fc
commit 00a4467d27
2 changed files with 89 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
src/freedombone-controlpanel
View File

@ -1845,6 +1845,29 @@ function domain_blocking_add {
esac
}
function ip_blocking_add {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Block an IP address" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Enter the IP address that you wish to block" 8 60 "" 2>$data
sel=$?
case $sel in
0)
blocked_ip=$(<$data)
if [ ${#blocked_ip} -gt 2 ]; then
if [[ "${blocked_ip}" == *'.'* ]]; then
firewall_block_ip $blocked_ip
if [[ "${blocked_ip}" != *'@'* ]]; then
dialog --title $"Block an IP address" \
--msgbox $"The IP address $blocked_ip has been blocked" 6 40
fi
fi
fi
;;
esac
}
function domain_blocking_remove {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
@ -1871,6 +1894,29 @@ function domain_blocking_remove {
esac
}
function ip_blocking_remove {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Unblock an IP address" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Enter the IP address that you wish to unblock" 8 60 "" 2>$data
sel=$?
case $sel in
0)
unblocked_ip=$(<$data)
if [ ${#unblocked_ip} -gt 2 ]; then
if [[ "${unblocked_ip}" == *'.'* ]]; then
firewall_unblock_ip $unblocked_ip
if [[ "${unblocked_ip}" != *'@'* ]]; then
dialog --title $"Unblock an IP address" \
--msgbox $"The IP address $unblocked_ip has been unblocked" 6 40
fi
fi
fi
;;
esac
}
function domain_blocking_show {
if [ -f $FIREWALL_DOMAINS ]; then
clear
@ -1892,11 +1938,13 @@ function domain_blocking {
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \
--title $"Domain or User Blocking" \
--radiolist $"Choose an operation:" 12 60 4 \
--radiolist $"Choose an operation:" 14 60 6 \
1 $"Block a domain or user" off \
2 $"Unblock a domain or user" off \
3 $"Show blocked domains and users" off \
4 $"Back to main menu" on 2> $data
3 $"Block an IP address" off \
4 $"Unblock an IP address" off \
5 $"Show blocked domains and users" off \
6 $"Back to main menu" on 2> $data
sel=$?
case $sel in
1) break;;
@ -1905,8 +1953,10 @@ function domain_blocking {
case $(cat $data) in
1) domain_blocking_add;;
2) domain_blocking_remove;;
3) domain_blocking_show;;
4) break;;
3) ip_blocking_add;;
4) ip_blocking_remove;;
5) domain_blocking_show;;
6) break;;
esac
done
}

34
src/freedombone-utils-firewall
View File

@ -491,6 +491,40 @@ function firewall_block_domain {
fi
}
function firewall_block_ip {
blocked_ip="$1"
if [[ "$blocked_ip" == *'@'* ]]; then
# Don't try to block email/microblog addresses
return
fi
if ! grep -q "$blocked_ip" $FIREWALL_DOMAINS; then
iptables -C INPUT -s $blocked_ip -j DROP
if [ ! "$?" = "0" ]; then
iptables -A INPUT -s $blocked_ip -j DROP
iptables -A OUTPUT -s $blocked_ip -j DROP
echo "${blocked_ip}" >> $FIREWALL_DOMAINS
save_firewall_settings
fi
fi
}
function firewall_unblock_ip {
blocked_ip="$1"
if [[ "$blocked_ip" == *'@'* ]]; then
# Don't try to block email/microblog addresses
return
fi
if grep -q "$blocked_ip" $FIREWALL_DOMAINS; then
iptables -D INPUT -s $blocked_ip -j DROP
iptables -D OUTPUT -s $blocked_ip -j DROP
sed -i '/$blocked_ip/d' $FIREWALL_DOMAINS
echo "${blocked_ip}" >> $FIREWALL_DOMAINS
save_firewall_settings
fi
}
function firewall_refresh_blocklist {
if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then
return