Skip to content
Snippets Groups Projects
Commit 27f819f4 authored by Bob Mottram's avatar Bob Mottram
Browse files

Add domain blocking to admin control panel

parent 24db8ee4
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/freedombone-controlpanel
+ 93
19
View file @ 27f819f4
......@@ -1835,6 +1835,78 @@ function menu_email {
done
}
function domain_blocking_add {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Block a domain name" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Enter the domain name that you wish to block" 8 60 "" 2>$data
sel=$?
case $sel in
0)
blocked_domain=$(<$data)
if [ ${#blocked_domain} -gt 2 ]; then
firewall_block_domain $blocked_domain
dialog --title $"Block a domain" \
--msgbox $"The domain $blocked_domain has been blocked" 6 40
fi
;;
esac
}
function domain_blocking_remove {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Unblock a domain name" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Enter the domain name that you wish to unblock" 8 60 "" 2>$data
sel=$?
case $sel in
0)
unblocked_domain=$(<$data)
if [ ${#unblocked_domain} -gt 2 ]; then
firewall_unblock_domain $unblocked_domain
dialog --title $"Unblock a domain" \
--msgbox $"The domain $unblocked_domain has been unblocked" 6 40
fi
;;
esac
}
function domain_blocking_show {
if [ -f $FIREWALL_DOMAINS ]; then
clear
cat $FIREWALL_DOMAINS | sort
any_key
fi
}
function domain_blocking {
while true
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \
--title $"Domain Blocking" \
--radiolist $"Choose an operation:" 12 60 4 \
1 $"Block a domain" off \
2 $"Unblock a domain" off \
3 $"Show blocked domains" off \
4 $"Back to main menu" on 2> $data
sel=$?
case $sel in
1) break;;
255) break;;
esac
case $(cat $data) in
1) domain_blocking_add;;
2) domain_blocking_remove;;
3) domain_blocking_show;;
4) break;;
esac
done
}
function menu_users {
while true
do
......@@ -1969,7 +2041,7 @@ function menu_top_level {
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \
--title $"Control Panel" \
--radiolist $"Choose an operation:" 28 70 21 \
--radiolist $"Choose an operation:" 29 70 21 \
1 $"About this system" off \
2 $"Passwords" off \
3 $"Backup and Restore" off \
......@@ -1981,15 +2053,16 @@ function menu_top_level {
9 $"Ping enable/disable" off \
10 $"Manage Users" off \
11 $"Email Menu" off \
12 $"Security Settings" off \
13 $"Set the main repository (repo mirrors)" off \
14 $"Change the name of this system" off \
15 $"Set a static local IP address" off \
16 $"Wifi menu" off \
17 $"Check for updates" off \
18 $"Power off the system" off \
19 $"Restart the system" off \
20 $"Exit" on 2> $data
12 $"Domain blocking" off \
13 $"Security Settings" off \
14 $"Set the main repository (repo mirrors)" off \
15 $"Change the name of this system" off \
16 $"Set a static local IP address" off \
17 $"Wifi menu" off \
18 $"Check for updates" off \
19 $"Power off the system" off \
20 $"Restart the system" off \
21 $"Exit" on 2> $data
sel=$?
case $sel in
1) exit 1;;
......@@ -2011,15 +2084,16 @@ function menu_top_level {
9) ping_enable_disable;;
10) menu_users;;
11) menu_email;;
12) security_settings;;
13) set_main_repo;;
14) change_system_name;;
15) set_static_IP;;
16) menu_wifi;;
17) check_for_updates;;
18) shut_down_system;;
19) restart_system;;
20) break;;
12) domain_blocking;;
13) security_settings;;
14) set_main_repo;;
15) change_system_name;;
16) set_static_IP;;
17) menu_wifi;;
18) check_for_updates;;
19) shut_down_system;;
20) restart_system;;
21) break;;
esac
done
}
......
src/freedombone-utils-firewall
+ 40
0
View file @ 27f819f4
......@@ -31,6 +31,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
FIREWALL_CONFIG=$HOME/${PROJECT_NAME}-firewall.cfg
FIREWALL_DOMAINS=$HOME/${PROJECT_NAME}-firewall-domains.cfg
function save_firewall_settings {
iptables-save > /etc/firewall.conf
......@@ -339,4 +340,43 @@ function firewall_remove {
fi
}
function domain_to_hex_string {
domain="$1"
ctr = 1
segment=$(echo "$domain" | awk -F '.' "{print \$$ctr}")
while [ ${#segment} -gt 0 ]
do
if [ ${#segment} -lt 10 ]; then
echo -n "|0${#segment}|$segment"
else
echo -n "|${#segment}|$segment"
fi
ctr=$((ctr + 1))
segment=$(echo "$domain" | awk -F '.' "{print \$$ctr}")
done
echo ""
}
function firewall_block_domain {
blocked_domain="$1"
if ! grep "$blocked_domain" $FIREWALL_DOMAINS; then
hexstr=$(domain_to_hex_string $blocked_domain)
iptables -I FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
iptables -I FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
echo "${blocked_domain}" >> $FIREWALL_DOMAINS
save_firewall_settings
fi
}
function firewall_unblock_domain {
unblocked_domain="$1"
if grep "${unblocked_domain}" $FIREWALL_DOMAINS; then
hexstr=$(domain_to_hex_string $unblocked_domain)
iptables -D FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
iptables -D FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
sed -i "/${unblocked_domain}/d" $FIREWALL_DOMAINS
save_firewall_settings
fi
}
# NOTE: deliberately no exit 0
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment