From 00a4467d276e57567a54ce4c9233a12eb25d49a9 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Mon, 10 Jul 2017 11:29:29 +0100
Subject: [PATCH] Firewall for IP addresses
---
src/freedombone-controlpanel | 60 +++++++++++++++++++++++++++++++---
src/freedombone-utils-firewall | 34 +++++++++++++++++++
2 files changed, 89 insertions(+), 5 deletions(-)
diff --git a/src/freedombone-controlpanel b/src/freedombone-controlpanel
index 6b501caa0..83cdbcdf2 100755
--- a/src/freedombone-controlpanel
+++ b/src/freedombone-controlpanel
@@ -1845,6 +1845,29 @@ function domain_blocking_add {
esac
}
+function ip_blocking_add {
+ data=$(tempfile 2>/dev/null)
+ trap "rm -f $data" 0 1 2 5 15
+ dialog --title $"Block an IP address" \
+ --backtitle $"Freedombone Control Panel" \
+ --inputbox $"Enter the IP address that you wish to block" 8 60 "" 2>$data
+ sel=$?
+ case $sel in
+ 0)
+ blocked_ip=$(<$data)
+ if [ ${#blocked_ip} -gt 2 ]; then
+ if [[ "${blocked_ip}" == *'.'* ]]; then
+ firewall_block_ip $blocked_ip
+ if [[ "${blocked_ip}" != *'@'* ]]; then
+ dialog --title $"Block an IP address" \
+ --msgbox $"The IP address $blocked_ip has been blocked" 6 40
+ fi
+ fi
+ fi
+ ;;
+ esac
+}
+
function domain_blocking_remove {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
@@ -1871,6 +1894,29 @@ function domain_blocking_remove {
esac
}
+function ip_blocking_remove {
+ data=$(tempfile 2>/dev/null)
+ trap "rm -f $data" 0 1 2 5 15
+ dialog --title $"Unblock an IP address" \
+ --backtitle $"Freedombone Control Panel" \
+ --inputbox $"Enter the IP address that you wish to unblock" 8 60 "" 2>$data
+ sel=$?
+ case $sel in
+ 0)
+ unblocked_ip=$(<$data)
+ if [ ${#unblocked_ip} -gt 2 ]; then
+ if [[ "${unblocked_ip}" == *'.'* ]]; then
+ firewall_unblock_ip $unblocked_ip
+ if [[ "${unblocked_ip}" != *'@'* ]]; then
+ dialog --title $"Unblock an IP address" \
+ --msgbox $"The IP address $unblocked_ip has been unblocked" 6 40
+ fi
+ fi
+ fi
+ ;;
+ esac
+}
+
function domain_blocking_show {
if [ -f $FIREWALL_DOMAINS ]; then
clear
@@ -1892,11 +1938,13 @@ function domain_blocking {
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \
--title $"Domain or User Blocking" \
- --radiolist $"Choose an operation:" 12 60 4 \
+ --radiolist $"Choose an operation:" 14 60 6 \
1 $"Block a domain or user" off \
2 $"Unblock a domain or user" off \
- 3 $"Show blocked domains and users" off \
- 4 $"Back to main menu" on 2> $data
+ 3 $"Block an IP address" off \
+ 4 $"Unblock an IP address" off \
+ 5 $"Show blocked domains and users" off \
+ 6 $"Back to main menu" on 2> $data
sel=$?
case $sel in
1) break;;
@@ -1905,8 +1953,10 @@ function domain_blocking {
case $(cat $data) in
1) domain_blocking_add;;
2) domain_blocking_remove;;
- 3) domain_blocking_show;;
- 4) break;;
+ 3) ip_blocking_add;;
+ 4) ip_blocking_remove;;
+ 5) domain_blocking_show;;
+ 6) break;;
esac
done
}
diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall
index 00298b2d1..7880f35b0 100755
--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@@ -491,6 +491,40 @@ function firewall_block_domain {
fi
}
+function firewall_block_ip {
+ blocked_ip="$1"
+ if [[ "$blocked_ip" == *'@'* ]]; then
+ # Don't try to block email/microblog addresses
+ return
+ fi
+ if ! grep -q "$blocked_ip" $FIREWALL_DOMAINS; then
+ iptables -C INPUT -s $blocked_ip -j DROP
+ if [ ! "$?" = "0" ]; then
+ iptables -A INPUT -s $blocked_ip -j DROP
+ iptables -A OUTPUT -s $blocked_ip -j DROP
+
+ echo "${blocked_ip}" >> $FIREWALL_DOMAINS
+ save_firewall_settings
+ fi
+ fi
+}
+
+function firewall_unblock_ip {
+ blocked_ip="$1"
+ if [[ "$blocked_ip" == *'@'* ]]; then
+ # Don't try to block email/microblog addresses
+ return
+ fi
+ if grep -q "$blocked_ip" $FIREWALL_DOMAINS; then
+ iptables -D INPUT -s $blocked_ip -j DROP
+ iptables -D OUTPUT -s $blocked_ip -j DROP
+
+ sed -i '/$blocked_ip/d' $FIREWALL_DOMAINS
+ echo "${blocked_ip}" >> $FIREWALL_DOMAINS
+ save_firewall_settings
+ fi
+}
+
function firewall_refresh_blocklist {
if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then
return
--
GitLab