From 00a4467d276e57567a54ce4c9233a12eb25d49a9 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 10 Jul 2017 11:29:29 +0100 Subject: [PATCH] Firewall for IP addresses --- src/freedombone-controlpanel | 60 +++++++++++++++++++++++++++++++--- src/freedombone-utils-firewall | 34 +++++++++++++++++++ 2 files changed, 89 insertions(+), 5 deletions(-) diff --git a/src/freedombone-controlpanel b/src/freedombone-controlpanel index 6b501caa..83cdbcdf 100755 --- a/src/freedombone-controlpanel +++ b/src/freedombone-controlpanel @@ -1845,6 +1845,29 @@ function domain_blocking_add { esac } +function ip_blocking_add { + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --title $"Block an IP address" \ + --backtitle $"Freedombone Control Panel" \ + --inputbox $"Enter the IP address that you wish to block" 8 60 "" 2>$data + sel=$? + case $sel in + 0) + blocked_ip=$(<$data) + if [ ${#blocked_ip} -gt 2 ]; then + if [[ "${blocked_ip}" == *'.'* ]]; then + firewall_block_ip $blocked_ip + if [[ "${blocked_ip}" != *'@'* ]]; then + dialog --title $"Block an IP address" \ + --msgbox $"The IP address $blocked_ip has been blocked" 6 40 + fi + fi + fi + ;; + esac +} + function domain_blocking_remove { data=$(tempfile 2>/dev/null) trap "rm -f $data" 0 1 2 5 15 @@ -1871,6 +1894,29 @@ function domain_blocking_remove { esac } +function ip_blocking_remove { + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --title $"Unblock an IP address" \ + --backtitle $"Freedombone Control Panel" \ + --inputbox $"Enter the IP address that you wish to unblock" 8 60 "" 2>$data + sel=$? + case $sel in + 0) + unblocked_ip=$(<$data) + if [ ${#unblocked_ip} -gt 2 ]; then + if [[ "${unblocked_ip}" == *'.'* ]]; then + firewall_unblock_ip $unblocked_ip + if [[ "${unblocked_ip}" != *'@'* ]]; then + dialog --title $"Unblock an IP address" \ + --msgbox $"The IP address $unblocked_ip has been unblocked" 6 40 + fi + fi + fi + ;; + esac +} + function domain_blocking_show { if [ -f $FIREWALL_DOMAINS ]; then clear @@ -1892,11 +1938,13 @@ function domain_blocking { trap "rm -f $data" 0 1 2 5 15 dialog --backtitle $"Freedombone Control Panel" \ --title $"Domain or User Blocking" \ - --radiolist $"Choose an operation:" 12 60 4 \ + --radiolist $"Choose an operation:" 14 60 6 \ 1 $"Block a domain or user" off \ 2 $"Unblock a domain or user" off \ - 3 $"Show blocked domains and users" off \ - 4 $"Back to main menu" on 2> $data + 3 $"Block an IP address" off \ + 4 $"Unblock an IP address" off \ + 5 $"Show blocked domains and users" off \ + 6 $"Back to main menu" on 2> $data sel=$? case $sel in 1) break;; @@ -1905,8 +1953,10 @@ function domain_blocking { case $(cat $data) in 1) domain_blocking_add;; 2) domain_blocking_remove;; - 3) domain_blocking_show;; - 4) break;; + 3) ip_blocking_add;; + 4) ip_blocking_remove;; + 5) domain_blocking_show;; + 6) break;; esac done } diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall index 00298b2d..7880f35b 100755 --- a/src/freedombone-utils-firewall +++ b/src/freedombone-utils-firewall @@ -491,6 +491,40 @@ function firewall_block_domain { fi } +function firewall_block_ip { + blocked_ip="$1" + if [[ "$blocked_ip" == *'@'* ]]; then + # Don't try to block email/microblog addresses + return + fi + if ! grep -q "$blocked_ip" $FIREWALL_DOMAINS; then + iptables -C INPUT -s $blocked_ip -j DROP + if [ ! "$?" = "0" ]; then + iptables -A INPUT -s $blocked_ip -j DROP + iptables -A OUTPUT -s $blocked_ip -j DROP + + echo "${blocked_ip}" >> $FIREWALL_DOMAINS + save_firewall_settings + fi + fi +} + +function firewall_unblock_ip { + blocked_ip="$1" + if [[ "$blocked_ip" == *'@'* ]]; then + # Don't try to block email/microblog addresses + return + fi + if grep -q "$blocked_ip" $FIREWALL_DOMAINS; then + iptables -D INPUT -s $blocked_ip -j DROP + iptables -D OUTPUT -s $blocked_ip -j DROP + + sed -i '/$blocked_ip/d' $FIREWALL_DOMAINS + echo "${blocked_ip}" >> $FIREWALL_DOMAINS + save_firewall_settings + fi +} + function firewall_refresh_blocklist { if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then return