Adding users to the blocklist

This commit is contained in:
Bob Mottram 2017-07-20 22:43:18 +01:00
parent df3df89fa8
commit cbcdc4dd40
1 changed files with 11 additions and 8 deletions

View File

@ -465,6 +465,7 @@ function firewall_block_domain {
blocked_domain="$1" blocked_domain="$1"
if [[ "$blocked_domain" == *'@'* ]]; then if [[ "$blocked_domain" == *'@'* ]]; then
# Don't try to block email/microblog addresses # Don't try to block email/microblog addresses
echo "${blocked_domain}" >> $FIREWALL_DOMAINS
return return
fi fi
if ! grep -q "$blocked_domain" $FIREWALL_DOMAINS; then if ! grep -q "$blocked_domain" $FIREWALL_DOMAINS; then
@ -538,6 +539,7 @@ function firewall_refresh_blocklist {
function firewall_unblock_domain { function firewall_unblock_domain {
unblocked_domain="$1" unblocked_domain="$1"
if grep -q "${unblocked_domain}" $FIREWALL_DOMAINS; then if grep -q "${unblocked_domain}" $FIREWALL_DOMAINS; then
if [[ "${unblocked_domain}" != *'@'* ]]; then
hexstr=$(domain_to_hex_string $unblocked_domain) hexstr=$(domain_to_hex_string $unblocked_domain)
iptables -D INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP iptables -D INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
iptables -D INPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP iptables -D INPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
@ -545,9 +547,10 @@ function firewall_unblock_domain {
iptables -D OUTPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP iptables -D OUTPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
iptables -D FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP iptables -D FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
iptables -D FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP iptables -D FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
sed -i "/${unblocked_domain}/d" $FIREWALL_DOMAINS
save_firewall_settings save_firewall_settings
fi fi
sed -i "/${unblocked_domain}/d" $FIREWALL_DOMAINS
fi
} }
function firewall_drop_spoofed_packets { function firewall_drop_spoofed_packets {