free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Firewall for IP addresses

This commit is contained in:
Bob Mottram 2017-07-10 11:29:29 +01:00
parent 7552dc20fc
commit 00a4467d27
2 changed files with 89 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
src/freedombone-controlpanel
View File

@ -1845,6 +1845,29 @@ function domain_blocking_add {
esac esac
} }
function ip_blocking_add {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Block an IP address" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Enter the IP address that you wish to block" 8 60 "" 2>$data
sel=$?
case $sel in
0)
blocked_ip=$(<$data)
if [ ${#blocked_ip} -gt 2 ]; then
if [[ "${blocked_ip}" == *'.'* ]]; then
firewall_block_ip $blocked_ip
if [[ "${blocked_ip}" != *'@'* ]]; then
dialog --title $"Block an IP address" \
--msgbox $"The IP address $blocked_ip has been blocked" 6 40
fi
fi
fi
;;
esac
}
function domain_blocking_remove { function domain_blocking_remove {
data=$(tempfile 2>/dev/null) data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15 trap "rm -f $data" 0 1 2 5 15
@ -1871,6 +1894,29 @@ function domain_blocking_remove {
esac esac
} }
function ip_blocking_remove {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Unblock an IP address" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Enter the IP address that you wish to unblock" 8 60 "" 2>$data
sel=$?
case $sel in
0)
unblocked_ip=$(<$data)
if [ ${#unblocked_ip} -gt 2 ]; then
if [[ "${unblocked_ip}" == *'.'* ]]; then
firewall_unblock_ip $unblocked_ip
if [[ "${unblocked_ip}" != *'@'* ]]; then
dialog --title $"Unblock an IP address" \
--msgbox $"The IP address $unblocked_ip has been unblocked" 6 40
fi
fi
fi
;;
esac
}
function domain_blocking_show { function domain_blocking_show {
if [ -f $FIREWALL_DOMAINS ]; then if [ -f $FIREWALL_DOMAINS ]; then
clear clear
@ -1892,11 +1938,13 @@ function domain_blocking {
trap "rm -f $data" 0 1 2 5 15 trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"Domain or User Blocking" \ --title $"Domain or User Blocking" \
--radiolist $"Choose an operation:" 12 60 4 \ --radiolist $"Choose an operation:" 14 60 6 \
1 $"Block a domain or user" off \ 1 $"Block a domain or user" off \
2 $"Unblock a domain or user" off \ 2 $"Unblock a domain or user" off \
3 $"Show blocked domains and users" off \ 3 $"Block an IP address" off \
4 $"Back to main menu" on 2> $data 4 $"Unblock an IP address" off \
5 $"Show blocked domains and users" off \
6 $"Back to main menu" on 2> $data
sel=$? sel=$?
case $sel in case $sel in
1) break;; 1) break;;
@ -1905,8 +1953,10 @@ function domain_blocking {
case $(cat $data) in case $(cat $data) in
1) domain_blocking_add;; 1) domain_blocking_add;;
2) domain_blocking_remove;; 2) domain_blocking_remove;;
3) domain_blocking_show;; 3) ip_blocking_add;;
4) break;; 4) ip_blocking_remove;;
5) domain_blocking_show;;
6) break;;
esac esac
done done
} }

34
src/freedombone-utils-firewall
View File

@ -491,6 +491,40 @@ function firewall_block_domain {
fi fi
} }
function firewall_block_ip {
blocked_ip="$1"
if [[ "$blocked_ip" == *'@'* ]]; then
# Don't try to block email/microblog addresses
return
fi
if ! grep -q "$blocked_ip" $FIREWALL_DOMAINS; then
iptables -C INPUT -s $blocked_ip -j DROP
if [ ! "$?" = "0" ]; then
iptables -A INPUT -s $blocked_ip -j DROP
iptables -A OUTPUT -s $blocked_ip -j DROP
echo "${blocked_ip}" >> $FIREWALL_DOMAINS
save_firewall_settings
fi
fi
}
function firewall_unblock_ip {
blocked_ip="$1"
if [[ "$blocked_ip" == *'@'* ]]; then
# Don't try to block email/microblog addresses
return
fi
if grep -q "$blocked_ip" $FIREWALL_DOMAINS; then
iptables -D INPUT -s $blocked_ip -j DROP
iptables -D OUTPUT -s $blocked_ip -j DROP
sed -i '/$blocked_ip/d' $FIREWALL_DOMAINS
echo "${blocked_ip}" >> $FIREWALL_DOMAINS
save_firewall_settings
fi
}
function firewall_refresh_blocklist { function firewall_refresh_blocklist {
if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then
return return