diff --git a/src/freedombone-controlpanel b/src/freedombone-controlpanel index e62e1a33..7bfc5d6f 100755 --- a/src/freedombone-controlpanel +++ b/src/freedombone-controlpanel @@ -1835,6 +1835,78 @@ function menu_email { done } +function domain_blocking_add { + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --title $"Block a domain name" \ + --backtitle $"Freedombone Control Panel" \ + --inputbox $"Enter the domain name that you wish to block" 8 60 "" 2>$data + sel=$? + case $sel in + 0) + blocked_domain=$(<$data) + if [ ${#blocked_domain} -gt 2 ]; then + firewall_block_domain $blocked_domain + dialog --title $"Block a domain" \ + --msgbox $"The domain $blocked_domain has been blocked" 6 40 + fi + ;; + esac +} + +function domain_blocking_remove { + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --title $"Unblock a domain name" \ + --backtitle $"Freedombone Control Panel" \ + --inputbox $"Enter the domain name that you wish to unblock" 8 60 "" 2>$data + sel=$? + case $sel in + 0) + unblocked_domain=$(<$data) + if [ ${#unblocked_domain} -gt 2 ]; then + firewall_unblock_domain $unblocked_domain + dialog --title $"Unblock a domain" \ + --msgbox $"The domain $unblocked_domain has been unblocked" 6 40 + fi + ;; + esac +} + +function domain_blocking_show { + if [ -f $FIREWALL_DOMAINS ]; then + clear + cat $FIREWALL_DOMAINS | sort + any_key + fi +} + +function domain_blocking { + while true + do + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title $"Domain Blocking" \ + --radiolist $"Choose an operation:" 12 60 4 \ + 1 $"Block a domain" off \ + 2 $"Unblock a domain" off \ + 3 $"Show blocked domains" off \ + 4 $"Back to main menu" on 2> $data + sel=$? + case $sel in + 1) break;; + 255) break;; + esac + case $(cat $data) in + 1) domain_blocking_add;; + 2) domain_blocking_remove;; + 3) domain_blocking_show;; + 4) break;; + esac + done +} + function menu_users { while true do @@ -1969,7 +2041,7 @@ function menu_top_level { trap "rm -f $data" 0 1 2 5 15 dialog --backtitle $"Freedombone Control Panel" \ --title $"Control Panel" \ - --radiolist $"Choose an operation:" 28 70 21 \ + --radiolist $"Choose an operation:" 29 70 21 \ 1 $"About this system" off \ 2 $"Passwords" off \ 3 $"Backup and Restore" off \ @@ -1981,15 +2053,16 @@ function menu_top_level { 9 $"Ping enable/disable" off \ 10 $"Manage Users" off \ 11 $"Email Menu" off \ - 12 $"Security Settings" off \ - 13 $"Set the main repository (repo mirrors)" off \ - 14 $"Change the name of this system" off \ - 15 $"Set a static local IP address" off \ - 16 $"Wifi menu" off \ - 17 $"Check for updates" off \ - 18 $"Power off the system" off \ - 19 $"Restart the system" off \ - 20 $"Exit" on 2> $data + 12 $"Domain blocking" off \ + 13 $"Security Settings" off \ + 14 $"Set the main repository (repo mirrors)" off \ + 15 $"Change the name of this system" off \ + 16 $"Set a static local IP address" off \ + 17 $"Wifi menu" off \ + 18 $"Check for updates" off \ + 19 $"Power off the system" off \ + 20 $"Restart the system" off \ + 21 $"Exit" on 2> $data sel=$? case $sel in 1) exit 1;; @@ -2011,15 +2084,16 @@ function menu_top_level { 9) ping_enable_disable;; 10) menu_users;; 11) menu_email;; - 12) security_settings;; - 13) set_main_repo;; - 14) change_system_name;; - 15) set_static_IP;; - 16) menu_wifi;; - 17) check_for_updates;; - 18) shut_down_system;; - 19) restart_system;; - 20) break;; + 12) domain_blocking;; + 13) security_settings;; + 14) set_main_repo;; + 15) change_system_name;; + 16) set_static_IP;; + 17) menu_wifi;; + 18) check_for_updates;; + 19) shut_down_system;; + 20) restart_system;; + 21) break;; esac done } diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall index bd4a39c0..8700815a 100755 --- a/src/freedombone-utils-firewall +++ b/src/freedombone-utils-firewall @@ -31,6 +31,7 @@ # along with this program. If not, see . FIREWALL_CONFIG=$HOME/${PROJECT_NAME}-firewall.cfg +FIREWALL_DOMAINS=$HOME/${PROJECT_NAME}-firewall-domains.cfg function save_firewall_settings { iptables-save > /etc/firewall.conf @@ -339,4 +340,43 @@ function firewall_remove { fi } +function domain_to_hex_string { + domain="$1" + ctr = 1 + segment=$(echo "$domain" | awk -F '.' "{print \$$ctr}") + while [ ${#segment} -gt 0 ] + do + if [ ${#segment} -lt 10 ]; then + echo -n "|0${#segment}|$segment" + else + echo -n "|${#segment}|$segment" + fi + ctr=$((ctr + 1)) + segment=$(echo "$domain" | awk -F '.' "{print \$$ctr}") + done + echo "" +} + +function firewall_block_domain { + blocked_domain="$1" + if ! grep "$blocked_domain" $FIREWALL_DOMAINS; then + hexstr=$(domain_to_hex_string $blocked_domain) + iptables -I FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP + iptables -I FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP + echo "${blocked_domain}" >> $FIREWALL_DOMAINS + save_firewall_settings + fi +} + +function firewall_unblock_domain { + unblocked_domain="$1" + if grep "${unblocked_domain}" $FIREWALL_DOMAINS; then + hexstr=$(domain_to_hex_string $unblocked_domain) + iptables -D FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP + iptables -D FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP + sed -i "/${unblocked_domain}/d" $FIREWALL_DOMAINS + save_firewall_settings + fi +} + # NOTE: deliberately no exit 0