Add domain blocking to admin control panel

This commit is contained in:
Bob Mottram 2017-01-13 19:57:19 +00:00
parent 24db8ee43c
commit 27f819f4ef
2 changed files with 133 additions and 19 deletions

View File

@ -1835,6 +1835,78 @@ function menu_email {
done done
} }
function domain_blocking_add {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Block a domain name" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Enter the domain name that you wish to block" 8 60 "" 2>$data
sel=$?
case $sel in
0)
blocked_domain=$(<$data)
if [ ${#blocked_domain} -gt 2 ]; then
firewall_block_domain $blocked_domain
dialog --title $"Block a domain" \
--msgbox $"The domain $blocked_domain has been blocked" 6 40
fi
;;
esac
}
function domain_blocking_remove {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Unblock a domain name" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Enter the domain name that you wish to unblock" 8 60 "" 2>$data
sel=$?
case $sel in
0)
unblocked_domain=$(<$data)
if [ ${#unblocked_domain} -gt 2 ]; then
firewall_unblock_domain $unblocked_domain
dialog --title $"Unblock a domain" \
--msgbox $"The domain $unblocked_domain has been unblocked" 6 40
fi
;;
esac
}
function domain_blocking_show {
if [ -f $FIREWALL_DOMAINS ]; then
clear
cat $FIREWALL_DOMAINS | sort
any_key
fi
}
function domain_blocking {
while true
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \
--title $"Domain Blocking" \
--radiolist $"Choose an operation:" 12 60 4 \
1 $"Block a domain" off \
2 $"Unblock a domain" off \
3 $"Show blocked domains" off \
4 $"Back to main menu" on 2> $data
sel=$?
case $sel in
1) break;;
255) break;;
esac
case $(cat $data) in
1) domain_blocking_add;;
2) domain_blocking_remove;;
3) domain_blocking_show;;
4) break;;
esac
done
}
function menu_users { function menu_users {
while true while true
do do
@ -1969,7 +2041,7 @@ function menu_top_level {
trap "rm -f $data" 0 1 2 5 15 trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"Control Panel" \ --title $"Control Panel" \
--radiolist $"Choose an operation:" 28 70 21 \ --radiolist $"Choose an operation:" 29 70 21 \
1 $"About this system" off \ 1 $"About this system" off \
2 $"Passwords" off \ 2 $"Passwords" off \
3 $"Backup and Restore" off \ 3 $"Backup and Restore" off \
@ -1981,15 +2053,16 @@ function menu_top_level {
9 $"Ping enable/disable" off \ 9 $"Ping enable/disable" off \
10 $"Manage Users" off \ 10 $"Manage Users" off \
11 $"Email Menu" off \ 11 $"Email Menu" off \
12 $"Security Settings" off \ 12 $"Domain blocking" off \
13 $"Set the main repository (repo mirrors)" off \ 13 $"Security Settings" off \
14 $"Change the name of this system" off \ 14 $"Set the main repository (repo mirrors)" off \
15 $"Set a static local IP address" off \ 15 $"Change the name of this system" off \
16 $"Wifi menu" off \ 16 $"Set a static local IP address" off \
17 $"Check for updates" off \ 17 $"Wifi menu" off \
18 $"Power off the system" off \ 18 $"Check for updates" off \
19 $"Restart the system" off \ 19 $"Power off the system" off \
20 $"Exit" on 2> $data 20 $"Restart the system" off \
21 $"Exit" on 2> $data
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) exit 1;;
@ -2011,15 +2084,16 @@ function menu_top_level {
9) ping_enable_disable;; 9) ping_enable_disable;;
10) menu_users;; 10) menu_users;;
11) menu_email;; 11) menu_email;;
12) security_settings;; 12) domain_blocking;;
13) set_main_repo;; 13) security_settings;;
14) change_system_name;; 14) set_main_repo;;
15) set_static_IP;; 15) change_system_name;;
16) menu_wifi;; 16) set_static_IP;;
17) check_for_updates;; 17) menu_wifi;;
18) shut_down_system;; 18) check_for_updates;;
19) restart_system;; 19) shut_down_system;;
20) break;; 20) restart_system;;
21) break;;
esac esac
done done
} }

View File

@ -31,6 +31,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
FIREWALL_CONFIG=$HOME/${PROJECT_NAME}-firewall.cfg FIREWALL_CONFIG=$HOME/${PROJECT_NAME}-firewall.cfg
FIREWALL_DOMAINS=$HOME/${PROJECT_NAME}-firewall-domains.cfg
function save_firewall_settings { function save_firewall_settings {
iptables-save > /etc/firewall.conf iptables-save > /etc/firewall.conf
@ -339,4 +340,43 @@ function firewall_remove {
fi fi
} }
function domain_to_hex_string {
domain="$1"
ctr = 1
segment=$(echo "$domain" | awk -F '.' "{print \$$ctr}")
while [ ${#segment} -gt 0 ]
do
if [ ${#segment} -lt 10 ]; then
echo -n "|0${#segment}|$segment"
else
echo -n "|${#segment}|$segment"
fi
ctr=$((ctr + 1))
segment=$(echo "$domain" | awk -F '.' "{print \$$ctr}")
done
echo ""
}
function firewall_block_domain {
blocked_domain="$1"
if ! grep "$blocked_domain" $FIREWALL_DOMAINS; then
hexstr=$(domain_to_hex_string $blocked_domain)
iptables -I FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
iptables -I FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
echo "${blocked_domain}" >> $FIREWALL_DOMAINS
save_firewall_settings
fi
}
function firewall_unblock_domain {
unblocked_domain="$1"
if grep "${unblocked_domain}" $FIREWALL_DOMAINS; then
hexstr=$(domain_to_hex_string $unblocked_domain)
iptables -D FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
iptables -D FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
sed -i "/${unblocked_domain}/d" $FIREWALL_DOMAINS
save_firewall_settings
fi
}
# NOTE: deliberately no exit 0 # NOTE: deliberately no exit 0