diff --git a/src/freedombone-controlpanel b/src/freedombone-controlpanel
index e62e1a333de0169ff1869539b815aa7eb6b80a3e..7bfc5d6f24d69d4511e4aa6b54c24ad0a64379c7 100755
--- a/src/freedombone-controlpanel
+++ b/src/freedombone-controlpanel
@@ -1835,6 +1835,78 @@ function menu_email {
done
}
+function domain_blocking_add {
+ data=$(tempfile 2>/dev/null)
+ trap "rm -f $data" 0 1 2 5 15
+ dialog --title $"Block a domain name" \
+ --backtitle $"Freedombone Control Panel" \
+ --inputbox $"Enter the domain name that you wish to block" 8 60 "" 2>$data
+ sel=$?
+ case $sel in
+ 0)
+ blocked_domain=$(<$data)
+ if [ ${#blocked_domain} -gt 2 ]; then
+ firewall_block_domain $blocked_domain
+ dialog --title $"Block a domain" \
+ --msgbox $"The domain $blocked_domain has been blocked" 6 40
+ fi
+ ;;
+ esac
+}
+
+function domain_blocking_remove {
+ data=$(tempfile 2>/dev/null)
+ trap "rm -f $data" 0 1 2 5 15
+ dialog --title $"Unblock a domain name" \
+ --backtitle $"Freedombone Control Panel" \
+ --inputbox $"Enter the domain name that you wish to unblock" 8 60 "" 2>$data
+ sel=$?
+ case $sel in
+ 0)
+ unblocked_domain=$(<$data)
+ if [ ${#unblocked_domain} -gt 2 ]; then
+ firewall_unblock_domain $unblocked_domain
+ dialog --title $"Unblock a domain" \
+ --msgbox $"The domain $unblocked_domain has been unblocked" 6 40
+ fi
+ ;;
+ esac
+}
+
+function domain_blocking_show {
+ if [ -f $FIREWALL_DOMAINS ]; then
+ clear
+ cat $FIREWALL_DOMAINS | sort
+ any_key
+ fi
+}
+
+function domain_blocking {
+ while true
+ do
+ data=$(tempfile 2>/dev/null)
+ trap "rm -f $data" 0 1 2 5 15
+ dialog --backtitle $"Freedombone Control Panel" \
+ --title $"Domain Blocking" \
+ --radiolist $"Choose an operation:" 12 60 4 \
+ 1 $"Block a domain" off \
+ 2 $"Unblock a domain" off \
+ 3 $"Show blocked domains" off \
+ 4 $"Back to main menu" on 2> $data
+ sel=$?
+ case $sel in
+ 1) break;;
+ 255) break;;
+ esac
+ case $(cat $data) in
+ 1) domain_blocking_add;;
+ 2) domain_blocking_remove;;
+ 3) domain_blocking_show;;
+ 4) break;;
+ esac
+ done
+}
+
function menu_users {
while true
do
@@ -1969,7 +2041,7 @@ function menu_top_level {
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \
--title $"Control Panel" \
- --radiolist $"Choose an operation:" 28 70 21 \
+ --radiolist $"Choose an operation:" 29 70 21 \
1 $"About this system" off \
2 $"Passwords" off \
3 $"Backup and Restore" off \
@@ -1981,15 +2053,16 @@ function menu_top_level {
9 $"Ping enable/disable" off \
10 $"Manage Users" off \
11 $"Email Menu" off \
- 12 $"Security Settings" off \
- 13 $"Set the main repository (repo mirrors)" off \
- 14 $"Change the name of this system" off \
- 15 $"Set a static local IP address" off \
- 16 $"Wifi menu" off \
- 17 $"Check for updates" off \
- 18 $"Power off the system" off \
- 19 $"Restart the system" off \
- 20 $"Exit" on 2> $data
+ 12 $"Domain blocking" off \
+ 13 $"Security Settings" off \
+ 14 $"Set the main repository (repo mirrors)" off \
+ 15 $"Change the name of this system" off \
+ 16 $"Set a static local IP address" off \
+ 17 $"Wifi menu" off \
+ 18 $"Check for updates" off \
+ 19 $"Power off the system" off \
+ 20 $"Restart the system" off \
+ 21 $"Exit" on 2> $data
sel=$?
case $sel in
1) exit 1;;
@@ -2011,15 +2084,16 @@ function menu_top_level {
9) ping_enable_disable;;
10) menu_users;;
11) menu_email;;
- 12) security_settings;;
- 13) set_main_repo;;
- 14) change_system_name;;
- 15) set_static_IP;;
- 16) menu_wifi;;
- 17) check_for_updates;;
- 18) shut_down_system;;
- 19) restart_system;;
- 20) break;;
+ 12) domain_blocking;;
+ 13) security_settings;;
+ 14) set_main_repo;;
+ 15) change_system_name;;
+ 16) set_static_IP;;
+ 17) menu_wifi;;
+ 18) check_for_updates;;
+ 19) shut_down_system;;
+ 20) restart_system;;
+ 21) break;;
esac
done
}
diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall
index bd4a39c0e64d1d354d944ce32ae64b139dd2b352..8700815a6b94f955587cef14d25cd943fc8a6942 100755
--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@@ -31,6 +31,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
FIREWALL_CONFIG=$HOME/${PROJECT_NAME}-firewall.cfg
+FIREWALL_DOMAINS=$HOME/${PROJECT_NAME}-firewall-domains.cfg
function save_firewall_settings {
iptables-save > /etc/firewall.conf
@@ -339,4 +340,43 @@ function firewall_remove {
fi
}
+function domain_to_hex_string {
+ domain="$1"
+ ctr = 1
+ segment=$(echo "$domain" | awk -F '.' "{print \$$ctr}")
+ while [ ${#segment} -gt 0 ]
+ do
+ if [ ${#segment} -lt 10 ]; then
+ echo -n "|0${#segment}|$segment"
+ else
+ echo -n "|${#segment}|$segment"
+ fi
+ ctr=$((ctr + 1))
+ segment=$(echo "$domain" | awk -F '.' "{print \$$ctr}")
+ done
+ echo ""
+}
+
+function firewall_block_domain {
+ blocked_domain="$1"
+ if ! grep "$blocked_domain" $FIREWALL_DOMAINS; then
+ hexstr=$(domain_to_hex_string $blocked_domain)
+ iptables -I FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
+ iptables -I FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
+ echo "${blocked_domain}" >> $FIREWALL_DOMAINS
+ save_firewall_settings
+ fi
+}
+
+function firewall_unblock_domain {
+ unblocked_domain="$1"
+ if grep "${unblocked_domain}" $FIREWALL_DOMAINS; then
+ hexstr=$(domain_to_hex_string $unblocked_domain)
+ iptables -D FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
+ iptables -D FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
+ sed -i "/${unblocked_domain}/d" $FIREWALL_DOMAINS
+ save_firewall_settings
+ fi
+}
+
# NOTE: deliberately no exit 0