Skip to content
Snippets Groups Projects
Commit 00a4467d authored by Bob Mottram's avatar Bob Mottram
Browse files

Firewall for IP addresses

parent 7552dc20
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/freedombone-controlpanel
+ 55
5
View file @ 00a4467d
...@@ -1845,6 +1845,29 @@ function domain_blocking_add { ...@@ -1845,6 +1845,29 @@ function domain_blocking_add {
esac esac
} }
function ip_blocking_add {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Block an IP address" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Enter the IP address that you wish to block" 8 60 "" 2>$data
sel=$?
case $sel in
0)
blocked_ip=$(<$data)
if [ ${#blocked_ip} -gt 2 ]; then
if [[ "${blocked_ip}" == *'.'* ]]; then
firewall_block_ip $blocked_ip
if [[ "${blocked_ip}" != *'@'* ]]; then
dialog --title $"Block an IP address" \
--msgbox $"The IP address $blocked_ip has been blocked" 6 40
fi
fi
fi
;;
esac
}
function domain_blocking_remove { function domain_blocking_remove {
data=$(tempfile 2>/dev/null) data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15 trap "rm -f $data" 0 1 2 5 15
...@@ -1871,6 +1894,29 @@ function domain_blocking_remove { ...@@ -1871,6 +1894,29 @@ function domain_blocking_remove {
esac esac
} }
function ip_blocking_remove {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Unblock an IP address" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Enter the IP address that you wish to unblock" 8 60 "" 2>$data
sel=$?
case $sel in
0)
unblocked_ip=$(<$data)
if [ ${#unblocked_ip} -gt 2 ]; then
if [[ "${unblocked_ip}" == *'.'* ]]; then
firewall_unblock_ip $unblocked_ip
if [[ "${unblocked_ip}" != *'@'* ]]; then
dialog --title $"Unblock an IP address" \
--msgbox $"The IP address $unblocked_ip has been unblocked" 6 40
fi
fi
fi
;;
esac
}
function domain_blocking_show { function domain_blocking_show {
if [ -f $FIREWALL_DOMAINS ]; then if [ -f $FIREWALL_DOMAINS ]; then
clear clear
...@@ -1892,11 +1938,13 @@ function domain_blocking { ...@@ -1892,11 +1938,13 @@ function domain_blocking {
trap "rm -f $data" 0 1 2 5 15 trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"Domain or User Blocking" \ --title $"Domain or User Blocking" \
--radiolist $"Choose an operation:" 12 60 4 \ --radiolist $"Choose an operation:" 14 60 6 \
1 $"Block a domain or user" off \ 1 $"Block a domain or user" off \
2 $"Unblock a domain or user" off \ 2 $"Unblock a domain or user" off \
3 $"Show blocked domains and users" off \ 3 $"Block an IP address" off \
4 $"Back to main menu" on 2> $data 4 $"Unblock an IP address" off \
5 $"Show blocked domains and users" off \
6 $"Back to main menu" on 2> $data
sel=$? sel=$?
case $sel in case $sel in
1) break;; 1) break;;
...@@ -1905,8 +1953,10 @@ function domain_blocking { ...@@ -1905,8 +1953,10 @@ function domain_blocking {
case $(cat $data) in case $(cat $data) in
1) domain_blocking_add;; 1) domain_blocking_add;;
2) domain_blocking_remove;; 2) domain_blocking_remove;;
3) domain_blocking_show;; 3) ip_blocking_add;;
4) break;; 4) ip_blocking_remove;;
5) domain_blocking_show;;
6) break;;
esac esac
done done
} }
......
src/freedombone-utils-firewall
+ 34
0
View file @ 00a4467d
...@@ -491,6 +491,40 @@ function firewall_block_domain { ...@@ -491,6 +491,40 @@ function firewall_block_domain {
fi fi
} }
function firewall_block_ip {
blocked_ip="$1"
if [[ "$blocked_ip" == *'@'* ]]; then
# Don't try to block email/microblog addresses
return
fi
if ! grep -q "$blocked_ip" $FIREWALL_DOMAINS; then
iptables -C INPUT -s $blocked_ip -j DROP
if [ ! "$?" = "0" ]; then
iptables -A INPUT -s $blocked_ip -j DROP
iptables -A OUTPUT -s $blocked_ip -j DROP
echo "${blocked_ip}" >> $FIREWALL_DOMAINS
save_firewall_settings
fi
fi
}
function firewall_unblock_ip {
blocked_ip="$1"
if [[ "$blocked_ip" == *'@'* ]]; then
# Don't try to block email/microblog addresses
return
fi
if grep -q "$blocked_ip" $FIREWALL_DOMAINS; then
iptables -D INPUT -s $blocked_ip -j DROP
iptables -D OUTPUT -s $blocked_ip -j DROP
sed -i '/$blocked_ip/d' $FIREWALL_DOMAINS
echo "${blocked_ip}" >> $FIREWALL_DOMAINS
save_firewall_settings
fi
}
function firewall_refresh_blocklist { function firewall_refresh_blocklist {
if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then
return return
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment