1 |
jpp |
1.1 |
diff -Nur smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/db/configuration/defaults/masq/BadCountries smeserver-xt_geoip-1.0.1/root/etc/e-smith/db/configuration/defaults/masq/BadCountries |
2 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/db/configuration/defaults/masq/BadCountries 2017-09-15 14:44:39.000000000 +0200 |
3 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/db/configuration/defaults/masq/BadCountries 2019-07-23 02:54:03.000000000 +0200 |
4 |
|
|
@@ -1 +0,0 @@ |
5 |
|
|
-A1 |
6 |
|
|
diff -Nur smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/xt_geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/xt_geoip |
7 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/xt_geoip 2019-07-23 03:16:53.259411436 +0200 |
8 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/xt_geoip 2019-07-23 03:20:21.597404763 +0200 |
9 |
|
|
@@ -197,4 +197,25 @@ |
10 |
|
|
<trans>Too many countries chosen: {$ctr}</trans> |
11 |
|
|
</entry> |
12 |
|
|
|
13 |
|
|
+ <entry> |
14 |
|
|
+ <base>LABEL_REVERSE_MATCH</base> |
15 |
|
|
+ <trans>Reject if</trans> |
16 |
|
|
+ </entry> |
17 |
|
|
+ |
18 |
|
|
+ <entry> |
19 |
|
|
+ <base>DESC_REVERSE_MATCH</base> |
20 |
|
|
+ <trans>The following option allow to chose if you want reject visitors from the country list (==) which is the default behaviour, or if you want to only let them in (!=).</trans> |
21 |
|
|
+ </entry> |
22 |
|
|
+ |
23 |
|
|
+ <entry> |
24 |
|
|
+ <base>LABEL_OTHERS</base> |
25 |
|
|
+ <trans>General filter only for services without rules</trans> |
26 |
|
|
+ </entry> |
27 |
|
|
+ |
28 |
|
|
+ <entry> |
29 |
|
|
+ <base>DESC_OTHERS</base> |
30 |
|
|
+ <trans>Choose if you want to have the general filter to apply to all incoming connections or if you do not want to filter ports already defined with a specific service rule. This would allow you to have a service less restricted than the general rule if you enable this.</trans> |
31 |
|
|
+ </entry> |
32 |
|
|
+ |
33 |
|
|
+ |
34 |
|
|
</lexicon> |
35 |
|
|
diff -Nur smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip |
36 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip 2019-07-23 03:16:53.270411434 +0200 |
37 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip 2019-07-22 03:12:53.000000000 +0200 |
38 |
|
|
@@ -8,14 +8,10 @@ |
39 |
|
|
my $PATH2_MODULE = "/lib/modules/$KERNEL/weak-updates/xt_geoip.ko"; |
40 |
|
|
my $PATH3_MODULE = "/lib/modules/$KERNEL/weak-updates/xtables-addons/xt_geoip.ko"; |
41 |
|
|
my $port; |
42 |
|
|
- my $locPorts; |
43 |
|
|
+ my @locPorts; |
44 |
|
|
my $servStatus; |
45 |
|
|
my $locBC; |
46 |
|
|
- if ($GP eq 'enabled') |
47 |
|
|
- { |
48 |
|
|
- if (-s $PATH_MODULE || -s $PATH2_MODULE || -s $PATH3_MODULE) |
49 |
|
|
- { |
50 |
|
|
- # to allow reload |
51 |
|
|
+ # to allow reload |
52 |
|
|
$OUT .=<<'EOF'; |
53 |
|
|
# A blacklist chain for xtables-addons GEOIP |
54 |
|
|
/sbin/iptables --new-chain XTGeoIP |
55 |
|
|
@@ -24,8 +20,34 @@ |
56 |
|
|
/sbin/iptables --insert INPUT 1 \ |
57 |
|
|
-j XTGeoIP |
58 |
|
|
EOF |
59 |
|
|
+ |
60 |
|
|
+ if ($GP eq 'enabled') |
61 |
|
|
+ { |
62 |
|
|
+ if (-s $PATH_MODULE || -s $PATH2_MODULE || -s $PATH3_MODULE) |
63 |
|
|
+ { |
64 |
|
|
+ |
65 |
|
|
+# do not block LAN |
66 |
|
|
+ my $locals = "@locals"; |
67 |
|
|
+ if (@locals) |
68 |
|
|
+ { |
69 |
|
|
+ # Make a new local_chk chain and add any networks found in networks db |
70 |
|
|
+ foreach my $local (@locals) |
71 |
|
|
+ { |
72 |
|
|
+ # If the network is a remote vpn subnet, restrict it to the ipsec0 |
73 |
|
|
+ # interface. |
74 |
|
|
+ my ($net, $msk) = split /\//, $local; |
75 |
|
|
+ my $netrec = $nets->get($net); |
76 |
|
|
+ die "Can't find network $net in networks db!\n" unless $netrec; |
77 |
|
|
+ $OUT .= " /sbin/iptables -A XTGeoIP_1 -s $local"; |
78 |
|
|
+ if (($netrec->prop('remoteVPNSubnet') || 'no') eq 'yes') |
79 |
|
|
+ { |
80 |
|
|
+ $OUT .= " --in-interface ipsec0"; |
81 |
|
|
+ } |
82 |
|
|
+ $OUT .= " -j RETURN\n"; |
83 |
|
|
+ } |
84 |
|
|
+ } |
85 |
|
|
+ |
86 |
|
|
##adding here for service specific |
87 |
|
|
- $locPorts=''; |
88 |
|
|
|
89 |
|
|
my @services = split(/,/, $masq{'XtServices'}); |
90 |
|
|
foreach my $servName (@services) |
91 |
|
|
@@ -34,22 +56,27 @@ |
92 |
|
|
my $servStatus = ${$servName}{'status'} || 'disabled'; |
93 |
|
|
my $servAccess = ${$servName}{'access'} || 'private'; |
94 |
|
|
my $locBC = ${$servName}{'BadCountries'} || ''; |
95 |
|
|
+ my $reverse = ( ( ${$servName}{'XTGeoipRev'} || 'disabled' ) eq "enabled" )? "!": ""; |
96 |
|
|
if ($port ne '' and $servStatus eq 'enabled' and $servAccess eq 'public' and $locBC ne '') { |
97 |
|
|
- $locPorts .= "$port,"; |
98 |
|
|
- $OUT .= " /sbin/iptables -A XTGeoIP_1 -m geoip --src-cc $locBC -p tcp --dport $port -j ULOG --ulog-prefix \"GeoIP BAN: $servName\"\n"; |
99 |
|
|
- $OUT .= " /sbin/iptables -A XTGeoIP_1 -m geoip --src-cc $locBC -p tcp --dport $port -j DROP\n"; |
100 |
|
|
+ push @locPorts, $port; |
101 |
|
|
+ my $multi = ( $port =~ /[,:]/ )? "-m multiport --dports" : "--dport"; |
102 |
|
|
+ $OUT .= " /sbin/iptables -A XTGeoIP_1 -m geoip $reverse --src-cc $locBC -p tcp $multi $port -j ULOG --ulog-prefix \"GeoIP BAN: $servName\"\n"; |
103 |
|
|
+ $OUT .= " /sbin/iptables -A XTGeoIP_1 -m geoip $reverse --src-cc $locBC -p tcp $multi $port -j DROP\n"; |
104 |
|
|
} |
105 |
|
|
} |
106 |
|
|
|
107 |
|
|
# block for other or all should move there |
108 |
|
|
if ($BC ne '') { |
109 |
|
|
- if ($locPorts ne '') { |
110 |
|
|
- $locPorts = substr $locPorts, 0, -1; |
111 |
|
|
- $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip -m multiport ! --dports $locPorts --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: OTHER\"\n"; |
112 |
|
|
- $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip -m multiport ! --dports $locPorts --src-cc $BC -j DROP\n"; |
113 |
|
|
+ my $reverse = ( ( $masq{'XTGeoipRev'} || 'disabled' ) eq "enabled" )? "!": ""; |
114 |
|
|
+ my $others = ( ( $masq{'XTGeoipOther'} || 'enabled') eq "disabled") ? 1 : 0; |
115 |
|
|
+ @locPorts = () unless $others; |
116 |
|
|
+ if (@locPorts != 0) { |
117 |
|
|
+ my $LocPorts = join ',', @locPorts; |
118 |
|
|
+ $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip -m multiport ! --dports $LocPorts $reverse --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: OTHER\"\n"; |
119 |
|
|
+ $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip -m multiport ! --dports $LocPorts $reverse --src-cc $BC -j DROP\n"; |
120 |
|
|
} else { |
121 |
|
|
- $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: ALL\"\n"; |
122 |
|
|
- $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip --src-cc $BC -j DROP\n"; |
123 |
|
|
+ $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip $reverse --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: ALL\"\n"; |
124 |
|
|
+ $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip $reverse --src-cc $BC -j DROP\n"; |
125 |
|
|
} |
126 |
|
|
} |
127 |
|
|
$OUT .= " /sbin/iptables --append XTGeoIP_1" . |
128 |
|
|
diff -Nur smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip |
129 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip 2019-07-23 03:16:53.293411435 +0200 |
130 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip 2019-07-22 00:35:29.000000000 +0200 |
131 |
|
|
@@ -7,11 +7,11 @@ |
132 |
|
|
my $PATH2_MODULE = "/lib/modules/$KERNEL/weak-updates/xt_geoip.ko"; |
133 |
|
|
my $PATH3_MODULE = "/lib/modules/$KERNEL/weak-updates/xtables-addons/xt_geoip.ko"; |
134 |
|
|
my $port; |
135 |
|
|
- my $locPorts; |
136 |
|
|
+ my @locPorts; |
137 |
|
|
my $servStatus; |
138 |
|
|
my $locBC; |
139 |
|
|
|
140 |
|
|
- # to allow reload without locking just after initial install |
141 |
|
|
+ # to allow reload without locking just after initial install |
142 |
|
|
$OUT .=<<'EOF'; |
143 |
|
|
iptables -n --list XTGeoIP >/dev/null 2>&1 |
144 |
|
|
test=$? |
145 |
|
|
@@ -36,8 +36,28 @@ |
146 |
|
|
{ |
147 |
|
|
if (-s $PATH_MODULE || -s $PATH2_MODULE || -s $PATH3_MODULE) |
148 |
|
|
{ |
149 |
|
|
- # add content here |
150 |
|
|
- $locPorts = ''; |
151 |
|
|
+ |
152 |
|
|
+# do not block LAN |
153 |
|
|
+ my $locals = "@locals"; |
154 |
|
|
+ if (@locals) |
155 |
|
|
+ { |
156 |
|
|
+ # Make a new local_chk chain and add any networks found in networks db |
157 |
|
|
+ foreach my $local (@locals) |
158 |
|
|
+ { |
159 |
|
|
+ # If the network is a remote vpn subnet, restrict it to the ipsec0 |
160 |
|
|
+ # interface. |
161 |
|
|
+ my ($net, $msk) = split /\//, $local; |
162 |
|
|
+ my $netrec = $nets->get($net); |
163 |
|
|
+ die "Can't find network $net in networks db!\n" unless $netrec; |
164 |
|
|
+ $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -s $local"; |
165 |
|
|
+ if (($netrec->prop('remoteVPNSubnet') || 'no') eq 'yes') |
166 |
|
|
+ { |
167 |
|
|
+ $OUT .= " --in-interface ipsec0"; |
168 |
|
|
+ } |
169 |
|
|
+ $OUT .= " -j RETURN\n"; |
170 |
|
|
+ } |
171 |
|
|
+ } |
172 |
|
|
+ |
173 |
|
|
my @services = split(/,/, $masq{'XtServices'}); |
174 |
|
|
|
175 |
|
|
foreach my $servName (@services) |
176 |
|
|
@@ -46,33 +66,27 @@ |
177 |
|
|
my $servStatus = ${$servName}{'status'} || 'disabled'; |
178 |
|
|
my $servAccess = ${$servName}{'access'} || 'private'; |
179 |
|
|
my $locBC = ${$servName}{'BadCountries'} || ''; |
180 |
|
|
+ my $reverse = ( ( ${$servName}{'XTGeoipRev'} || 'disabled' ) eq "enabled" )? "!": ""; |
181 |
|
|
if ($port ne '' and $servStatus eq 'enabled' and $servAccess eq 'public' and $locBC ne '') { |
182 |
|
|
- $locPorts .= "$port,"; |
183 |
|
|
- $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip --src-cc $locBC -p tcp --dport $port -j ULOG --ulog-prefix \"GeoIP BAN: $servName\"\n"; |
184 |
|
|
- $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip --src-cc $locBC -p tcp --dport $port -j DROP\n"; |
185 |
|
|
+ push @locPorts, $port; |
186 |
|
|
+ my $multi = ( $port =~ /[,:]/ )? "-m multiport --dports" : "--dport"; |
187 |
|
|
+ $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip $reverse --src-cc $locBC -p tcp $multi $port -j ULOG --ulog-prefix \"GeoIP BAN: $servName\"\n"; |
188 |
|
|
+ $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip $reverse --src-cc $locBC -p tcp $multi $port -j DROP\n"; |
189 |
|
|
} |
190 |
|
|
} |
191 |
|
|
|
192 |
|
|
- ##adding here for service specific |
193 |
|
|
- # imaps 993 |
194 |
|
|
- #$locBC = $imaps{BadCountries} || ''; |
195 |
|
|
- #$servStatus = $imaps{'status'} || 'disabled'; |
196 |
|
|
- #$port = $imaps{'TCPPort'} || '993'; |
197 |
|
|
- #if ($servStatus eq 'enabled' and $locBC ne '') { |
198 |
|
|
- # $locPorts .= "${port},"; |
199 |
|
|
- # $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip --src-cc $locBC -p tcp --dport $port -j ULOG --ulog-prefix \"GeoIP BAN: IMAPS\"\n"; |
200 |
|
|
- # $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip --src-cc $locBC -p tcp --dport $port -j DROP\n"; |
201 |
|
|
- #} |
202 |
|
|
- |
203 |
|
|
# block for all or other ports should move there |
204 |
|
|
if ($BC ne '') { |
205 |
|
|
- if ($locPorts ne '') { |
206 |
|
|
- $locPorts = substr $locPorts, 0, -1; |
207 |
|
|
- $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip -m multiport ! --dports $locPorts --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: OTHER\"\n"; |
208 |
|
|
- $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip -m multiport ! --dports $locPorts --src-cc $BC -j DROP\n"; |
209 |
|
|
+ my $reverse = ( ( $masq{'XTGeoipRev'} || 'disabled' ) eq "enabled" )? "!": ""; |
210 |
|
|
+ my $others = ( ( $masq{'XTGeoipOther'} || 'disabled') eq "enabled") ? 1 : 0; |
211 |
|
|
+ @locPorts = () unless $others; |
212 |
|
|
+ if (@locPorts != 0) { |
213 |
|
|
+ my $LocPorts = join ',', @locPorts; |
214 |
|
|
+ $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip -m multiport ! --dports $LocPorts $reverse --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: OTHER\"\n"; |
215 |
|
|
+ $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip -m multiport ! --dports $LocPorts $reverse --src-cc $BC -j DROP\n"; |
216 |
|
|
} else { |
217 |
|
|
- $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: ALL\"\n"; |
218 |
|
|
- $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip --src-cc $BC -j DROP\n"; |
219 |
|
|
+ $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip $reverse --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: ALL\"\n"; |
220 |
|
|
+ $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip $reverse --src-cc $BC -j DROP\n"; |
221 |
|
|
} |
222 |
|
|
} |
223 |
|
|
$OUT .= " /sbin/iptables --append \$NEW_XTGeoIP" . |
224 |
|
|
diff -Nur smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/web/functions/xt_geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/web/functions/xt_geoip |
225 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/web/functions/xt_geoip 2019-07-23 03:16:53.279411436 +0200 |
226 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/web/functions/xt_geoip 2019-07-23 02:18:09.000000000 +0200 |
227 |
|
|
@@ -81,7 +81,7 @@ |
228 |
|
|
<field |
229 |
|
|
type="literal" |
230 |
|
|
id="badcountries" |
231 |
|
|
- value="get_badcountries()"> |
232 |
|
|
+ value="get_badcountries(1)"> |
233 |
|
|
<label>LABEL_BADCOUNTRIES_STATUS</label> |
234 |
|
|
</field> |
235 |
|
|
|
236 |
|
|
@@ -102,7 +102,6 @@ |
237 |
|
|
<field type="literal" id="service_label" value=""> |
238 |
|
|
<description>SERVICE_DESCRIPTION</description> |
239 |
|
|
</field> |
240 |
|
|
- |
241 |
|
|
<subroutine src="print_custom_button('PER_SERVICE_GEOIP', 'Service', '')"/> |
242 |
|
|
|
243 |
|
|
<field type="literal" id="stats_label" value=""> |
244 |
|
|
@@ -128,10 +127,20 @@ |
245 |
|
|
<description>DESC_GEOIP</description> |
246 |
|
|
</field> |
247 |
|
|
|
248 |
|
|
+ <field |
249 |
|
|
+ type="select" |
250 |
|
|
+ id="masq_reverse" |
251 |
|
|
+ options="'enabled' => '!=', 'disabled' => '=='" |
252 |
|
|
+ value="get_reverse('masq','XTGeoipRev')"> |
253 |
|
|
+ <label>LABEL_REVERSE_MATCH</label> |
254 |
|
|
+ <description>DESC_REVERSE_MATCH</description> |
255 |
|
|
+ </field> |
256 |
|
|
+ |
257 |
|
|
<field |
258 |
|
|
type="text" |
259 |
|
|
id="masq_badcountries" |
260 |
|
|
size="64" |
261 |
|
|
+ value="get_badcountries(0)" |
262 |
|
|
validation="must_exist()"> |
263 |
|
|
<label>LABEL_BADCOUNTRIES</label> |
264 |
|
|
<description>DESC_BADCOUNTRIES</description> |
265 |
|
|
@@ -140,9 +149,18 @@ |
266 |
|
|
<field |
267 |
|
|
type="literal" |
268 |
|
|
id="badcountries" |
269 |
|
|
- value="get_badcountries()"> |
270 |
|
|
+ value="get_badcountries(1)"> |
271 |
|
|
<label>LABEL_BADCOUNTRIES_STATUS</label> |
272 |
|
|
</field> |
273 |
|
|
+ |
274 |
|
|
+ <field |
275 |
|
|
+ type="select" |
276 |
|
|
+ id="masq_others" |
277 |
|
|
+ options="'enabled' => 'enabled', 'disabled' => 'disabled'" |
278 |
|
|
+ value="get_reverse('masq','XTGeoipOther')"> |
279 |
|
|
+ <label>LABEL_OTHERS</label> |
280 |
|
|
+ <description>DESC_OTHERS</description> |
281 |
|
|
+ </field> |
282 |
|
|
|
283 |
|
|
<field |
284 |
|
|
type="select" |
285 |
|
|
@@ -163,7 +181,7 @@ |
286 |
|
|
<field |
287 |
|
|
type="literal" |
288 |
|
|
id="badcountries" |
289 |
|
|
- value="get_badcountries()"> |
290 |
|
|
+ value="get_badcountries(1)"> |
291 |
|
|
<label>LABEL_BADCOUNTRIES_STATUS</label> |
292 |
|
|
</field> |
293 |
|
|
<subroutine src="print_service_table()" /> |
294 |
|
|
@@ -187,14 +205,24 @@ |
295 |
|
|
<field |
296 |
|
|
type="literal" |
297 |
|
|
id="badcountries" |
298 |
|
|
- value="get_badcountries()"> |
299 |
|
|
+ value="get_badcountries(1)"> |
300 |
|
|
<label>LABEL_BADCOUNTRIES_STATUS</label> |
301 |
|
|
</field> |
302 |
|
|
|
303 |
|
|
+ <field |
304 |
|
|
+ type="select" |
305 |
|
|
+ id="masq_srv_reverse" |
306 |
|
|
+ options="'enabled' => '!=', 'disabled' => '=='" |
307 |
|
|
+ value="get_reverse('','XTGeoipRev')"> |
308 |
|
|
+ <label>LABEL_REVERSE_MATCH</label> |
309 |
|
|
+ <description>DESC_REVERSE_MATCH</description> |
310 |
|
|
+ </field> |
311 |
|
|
+ |
312 |
|
|
<field |
313 |
|
|
type="text" |
314 |
|
|
id="masq_srv_badcountries" |
315 |
|
|
size="64" |
316 |
|
|
+ value="get_srv_badcountries(0)" |
317 |
|
|
validation="srv_must_exist()"> |
318 |
|
|
<label>LABEL_BADCOUNTRIES</label> |
319 |
|
|
<description>DESC_BADCOUNTRIES</description> |
320 |
|
|
@@ -203,7 +231,7 @@ |
321 |
|
|
<field |
322 |
|
|
type="literal" |
323 |
|
|
id="srv_badcountries" |
324 |
|
|
- value="get_srv_badcountries()"> |
325 |
|
|
+ value="get_srv_badcountries(1)"> |
326 |
|
|
<label>LABEL_SERV_BADCOUNTRIES_STATUS</label> |
327 |
|
|
</field> |
328 |
|
|
|
329 |
|
|
diff -Nur smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/web/panels/manager/cgi-bin/xt_geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/web/panels/manager/cgi-bin/xt_geoip |
330 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/web/panels/manager/cgi-bin/xt_geoip 2019-07-23 03:16:53.279411436 +0200 |
331 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/web/panels/manager/cgi-bin/xt_geoip 2019-07-23 02:18:09.000000000 +0200 |
332 |
|
|
@@ -81,7 +81,7 @@ |
333 |
|
|
<field |
334 |
|
|
type="literal" |
335 |
|
|
id="badcountries" |
336 |
|
|
- value="get_badcountries()"> |
337 |
|
|
+ value="get_badcountries(1)"> |
338 |
|
|
<label>LABEL_BADCOUNTRIES_STATUS</label> |
339 |
|
|
</field> |
340 |
|
|
|
341 |
|
|
@@ -102,7 +102,6 @@ |
342 |
|
|
<field type="literal" id="service_label" value=""> |
343 |
|
|
<description>SERVICE_DESCRIPTION</description> |
344 |
|
|
</field> |
345 |
|
|
- |
346 |
|
|
<subroutine src="print_custom_button('PER_SERVICE_GEOIP', 'Service', '')"/> |
347 |
|
|
|
348 |
|
|
<field type="literal" id="stats_label" value=""> |
349 |
|
|
@@ -128,10 +127,20 @@ |
350 |
|
|
<description>DESC_GEOIP</description> |
351 |
|
|
</field> |
352 |
|
|
|
353 |
|
|
+ <field |
354 |
|
|
+ type="select" |
355 |
|
|
+ id="masq_reverse" |
356 |
|
|
+ options="'enabled' => '!=', 'disabled' => '=='" |
357 |
|
|
+ value="get_reverse('masq','XTGeoipRev')"> |
358 |
|
|
+ <label>LABEL_REVERSE_MATCH</label> |
359 |
|
|
+ <description>DESC_REVERSE_MATCH</description> |
360 |
|
|
+ </field> |
361 |
|
|
+ |
362 |
|
|
<field |
363 |
|
|
type="text" |
364 |
|
|
id="masq_badcountries" |
365 |
|
|
size="64" |
366 |
|
|
+ value="get_badcountries(0)" |
367 |
|
|
validation="must_exist()"> |
368 |
|
|
<label>LABEL_BADCOUNTRIES</label> |
369 |
|
|
<description>DESC_BADCOUNTRIES</description> |
370 |
|
|
@@ -140,9 +149,18 @@ |
371 |
|
|
<field |
372 |
|
|
type="literal" |
373 |
|
|
id="badcountries" |
374 |
|
|
- value="get_badcountries()"> |
375 |
|
|
+ value="get_badcountries(1)"> |
376 |
|
|
<label>LABEL_BADCOUNTRIES_STATUS</label> |
377 |
|
|
</field> |
378 |
|
|
+ |
379 |
|
|
+ <field |
380 |
|
|
+ type="select" |
381 |
|
|
+ id="masq_others" |
382 |
|
|
+ options="'enabled' => 'enabled', 'disabled' => 'disabled'" |
383 |
|
|
+ value="get_reverse('masq','XTGeoipOther')"> |
384 |
|
|
+ <label>LABEL_OTHERS</label> |
385 |
|
|
+ <description>DESC_OTHERS</description> |
386 |
|
|
+ </field> |
387 |
|
|
|
388 |
|
|
<field |
389 |
|
|
type="select" |
390 |
|
|
@@ -163,7 +181,7 @@ |
391 |
|
|
<field |
392 |
|
|
type="literal" |
393 |
|
|
id="badcountries" |
394 |
|
|
- value="get_badcountries()"> |
395 |
|
|
+ value="get_badcountries(1)"> |
396 |
|
|
<label>LABEL_BADCOUNTRIES_STATUS</label> |
397 |
|
|
</field> |
398 |
|
|
<subroutine src="print_service_table()" /> |
399 |
|
|
@@ -187,14 +205,24 @@ |
400 |
|
|
<field |
401 |
|
|
type="literal" |
402 |
|
|
id="badcountries" |
403 |
|
|
- value="get_badcountries()"> |
404 |
|
|
+ value="get_badcountries(1)"> |
405 |
|
|
<label>LABEL_BADCOUNTRIES_STATUS</label> |
406 |
|
|
</field> |
407 |
|
|
|
408 |
|
|
+ <field |
409 |
|
|
+ type="select" |
410 |
|
|
+ id="masq_srv_reverse" |
411 |
|
|
+ options="'enabled' => '!=', 'disabled' => '=='" |
412 |
|
|
+ value="get_reverse('','XTGeoipRev')"> |
413 |
|
|
+ <label>LABEL_REVERSE_MATCH</label> |
414 |
|
|
+ <description>DESC_REVERSE_MATCH</description> |
415 |
|
|
+ </field> |
416 |
|
|
+ |
417 |
|
|
<field |
418 |
|
|
type="text" |
419 |
|
|
id="masq_srv_badcountries" |
420 |
|
|
size="64" |
421 |
|
|
+ value="get_srv_badcountries(0)" |
422 |
|
|
validation="srv_must_exist()"> |
423 |
|
|
<label>LABEL_BADCOUNTRIES</label> |
424 |
|
|
<description>DESC_BADCOUNTRIES</description> |
425 |
|
|
@@ -203,7 +231,7 @@ |
426 |
|
|
<field |
427 |
|
|
type="literal" |
428 |
|
|
id="srv_badcountries" |
429 |
|
|
- value="get_srv_badcountries()"> |
430 |
|
|
+ value="get_srv_badcountries(1)"> |
431 |
|
|
<label>LABEL_SERV_BADCOUNTRIES_STATUS</label> |
432 |
|
|
</field> |
433 |
|
|
|
434 |
|
|
diff -Nur smeserver-xt_geoip-1.0.1.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/xt_geoip.pm smeserver-xt_geoip-1.0.1/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/xt_geoip.pm |
435 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/xt_geoip.pm 2019-07-23 03:16:53.284411435 +0200 |
436 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/xt_geoip.pm 2019-07-23 02:49:15.000000000 +0200 |
437 |
|
|
@@ -23,6 +23,7 @@ |
438 |
|
|
get_value |
439 |
|
|
get_badcountries |
440 |
|
|
get_geoip |
441 |
|
|
+ get_reverse |
442 |
|
|
print_service_table |
443 |
|
|
get_stat_geoip |
444 |
|
|
print_custom_button |
445 |
|
|
@@ -139,7 +140,12 @@ |
446 |
|
|
|
447 |
|
|
sub get_badcountries |
448 |
|
|
{ |
449 |
|
|
- return $db->get_prop("masq", "BadCountries"); |
450 |
|
|
+ my $self = shift; |
451 |
|
|
+ my $full = shift; |
452 |
|
|
+ my $badc=$db->get_prop("masq", "BadCountries")||""; |
453 |
|
|
+ return $badc unless $full ; |
454 |
|
|
+ my $rev = (($db->get_prop("masq", "XTGeoipRev")||"disabled") eq "enabled") ? "!=" : "=="; |
455 |
|
|
+ return "$rev $badc "; |
456 |
|
|
} |
457 |
|
|
|
458 |
|
|
=head2 get_geoip |
459 |
|
|
@@ -152,6 +158,20 @@ |
460 |
|
|
return $db->get_prop("masq", "GeoIP") || 'disabled'; |
461 |
|
|
} |
462 |
|
|
|
463 |
|
|
+=head2 get_reverse |
464 |
|
|
+ |
465 |
|
|
+method to retrieve the value of geoip for the form |
466 |
|
|
+=cut |
467 |
|
|
+ |
468 |
|
|
+sub get_reverse |
469 |
|
|
+{ |
470 |
|
|
+ my $fm = shift; |
471 |
|
|
+ my $item = shift; |
472 |
|
|
+ my $prop = shift; |
473 |
|
|
+ $item = ($item eq 'masq') ? $item : $fm->cgi->param('name'); |
474 |
|
|
+ return $db->get_prop("$item", "$prop") || "disabled"; |
475 |
|
|
+} |
476 |
|
|
+ |
477 |
|
|
=head2 get_stat_geoip |
478 |
|
|
|
479 |
|
|
method to retrieve the status of geoip for the form |
480 |
|
|
@@ -189,15 +209,23 @@ |
481 |
|
|
|
482 |
|
|
my $mq_bc = get_badcountries(); |
483 |
|
|
my $mq_gp = get_geoip(); |
484 |
|
|
- my $n_mq_bc = $q->param("masq_badcountries") || $mq_bc; |
485 |
|
|
+ my $masq = $db->get('masq') || "disabled"; |
486 |
|
|
+ my $mq_rv = $masq->prop('XTGeoipRev') || 'disabled'; |
487 |
|
|
+ my $mq_ot = $masq->prop('XTGeoipOther') || 'disabled'; |
488 |
|
|
+ |
489 |
|
|
+ my $n_mq_bc = $q->param("masq_badcountries"); |
490 |
|
|
my $n_mq_gp = $q->param("masq_geoip") || $mq_gp; |
491 |
|
|
my $n_upd_gp = $q->param("update_geoip") || ''; |
492 |
|
|
- |
493 |
|
|
- if (($n_mq_bc eq $mq_bc) && ($n_mq_gp eq $mq_gp) && ($n_upd_gp eq 'NO')) { |
494 |
|
|
+ my $n_mq_rv = $q->param("masq_reverse") || $mq_rv ; |
495 |
|
|
+ my $n_mq_ot = $q->param("masq_others") || $mq_ot ; |
496 |
|
|
+ |
497 |
|
|
+ if (($n_mq_bc eq $mq_bc) && ($n_mq_gp eq $mq_gp) && ($n_upd_gp eq 'NO') && ($n_mq_rv eq $mq_rv) && ($n_mq_ot eq $mq_ot)) { |
498 |
|
|
return $self->success("NO_CHANGE") |
499 |
|
|
} |
500 |
|
|
$db->set_prop("masq", "BadCountries", $n_mq_bc); |
501 |
|
|
$db->set_prop("masq", "GeoIP", $n_mq_gp); |
502 |
|
|
+ $db->set_prop("masq", "XTGeoipRev", $n_mq_rv); |
503 |
|
|
+ $db->set_prop("masq", "XTGeoipOther", $n_mq_ot); |
504 |
|
|
|
505 |
|
|
my $eventloc = "xt_geoip-modify"; |
506 |
|
|
$eventloc = "xt_geoip-update" if $n_upd_gp eq 'YES'; |
507 |
|
|
@@ -293,9 +321,13 @@ |
508 |
|
|
|
509 |
|
|
sub get_srv_badcountries |
510 |
|
|
{ |
511 |
|
|
- my ($self) = @_; |
512 |
|
|
+ my $self = shift; |
513 |
|
|
my $name = $self->cgi->param('name'); |
514 |
|
|
- return $db->get_prop($name, "BadCountries"); |
515 |
|
|
+ my $full = shift; |
516 |
|
|
+ my $badc=$db->get_prop($name, "BadCountries")||""; |
517 |
|
|
+ return $badc unless $full ; |
518 |
|
|
+ my $rev = (($db->get_prop($name, "XTGeoipRev")||"disabled") eq "enabled") ? "!=" : "=="; |
519 |
|
|
+ return "$rev $badc "; |
520 |
|
|
} |
521 |
|
|
|
522 |
|
|
sub print_service_table { |
523 |
|
|
@@ -338,6 +370,7 @@ |
524 |
|
|
my $status = $i->prop('status'); |
525 |
|
|
my $access = $i->prop('access'); |
526 |
|
|
my $servBC = $i->prop('BadCountries') || ' '; |
527 |
|
|
+ my $servRev = (( $i->prop('XTGeoipRev')|| 'disabled') eq 'disabled' )? '==': '!='; |
528 |
|
|
|
529 |
|
|
my $params = $self->build_serv_cgi_params($servname, $i->props()); |
530 |
|
|
|
531 |
|
|
@@ -352,13 +385,15 @@ |
532 |
|
|
. ' '; |
533 |
|
|
|
534 |
|
|
my $color = 'red'; |
535 |
|
|
- if ($status eq 'disabled' || $access ne 'public') { $color = 'green'; } |
536 |
|
|
+ my $deco= "none"; |
537 |
|
|
+ if ($servRev eq '!=' ) { $color = 'green'; } |
538 |
|
|
+ if ($status eq 'disabled' || $access ne 'public') { $color = 'grey'; $deco= "line-through"; } |
539 |
|
|
print $q->Tr ( |
540 |
|
|
esmith::cgi::genSmallCell($q, $servname,"normal"), |
541 |
|
|
esmith::cgi::genSmallCell($q, $port,"normal"), |
542 |
|
|
- esmith::cgi::genSmallCell($q, $status,"header"), |
543 |
|
|
- esmith::cgi::genSmallCell($q, $access,"header"), |
544 |
|
|
- esmith::cgi::genSmallCell($q, "<font color='$color'>" . $servBC . "</font>","header"), |
545 |
|
|
+ esmith::cgi::genSmallCell($q, $status,"normal"), |
546 |
|
|
+ esmith::cgi::genSmallCell($q, $access,"normal"), |
547 |
|
|
+ esmith::cgi::genSmallCell($q, "<font color='$color' style='text-decoration: $deco'>" . "$servRev $servBC" . "</font>","normal"), |
548 |
|
|
esmith::cgi::genSmallCell($q, $actionModify,"normal"), |
549 |
|
|
esmith::cgi::genSmallCell($q, $actionRemove,"normal")); |
550 |
|
|
} |
551 |
|
|
@@ -386,7 +421,8 @@ |
552 |
|
|
if (my $serv = $db->get($name)) { |
553 |
|
|
my $servBC = $serv->prop('BadCountries') || ''; |
554 |
|
|
if ($servBC ne '') { |
555 |
|
|
- $db->set_prop($name, "BadCountries", ''); |
556 |
|
|
+ my $tps = $db->set_prop_and_delete($name, "BadCountries"); |
557 |
|
|
+ $tps = $db->get_prop_and_delete($name, "XTGeoipRev"); |
558 |
|
|
# Untaint $name before use in system() |
559 |
|
|
# $name =~ /(.+)/; $name = $1; |
560 |
|
|
if (system ("/sbin/e-smith/signal-event", "xt_geoip-service") == 0) |
561 |
|
|
@@ -410,14 +446,17 @@ |
562 |
|
|
my $name = $self->cgi->param('name'); |
563 |
|
|
if (my $serv = $db->get($name)) { |
564 |
|
|
my $servBC = $serv->prop('BadCountries') || ''; |
565 |
|
|
+ my $servRev = $serv->prop('XTGeoipRev') || 'disabled'; |
566 |
|
|
|
567 |
|
|
my $q = $self->{'cgi'}; |
568 |
|
|
- my $n_servBC = $q->param("masq_srv_badcountries") || $servBC; |
569 |
|
|
- |
570 |
|
|
- if ($n_servBC eq $servBC) { |
571 |
|
|
+ my $n_servBC = $q->param("masq_srv_badcountries"); |
572 |
|
|
+ my $n_servRev = $q->param("masq_srv_reverse") || $servRev; |
573 |
|
|
+ |
574 |
|
|
+ if ($n_servBC eq $servBC && $n_servRev eq $servRev ) { |
575 |
|
|
return $self->success("NO_CHANGE") |
576 |
|
|
} |
577 |
|
|
$db->set_prop($name, "BadCountries", $n_servBC); |
578 |
|
|
+ $db->set_prop($name, "XTGeoipRev", $n_servRev); |
579 |
|
|
|
580 |
|
|
if (system ( "/sbin/e-smith/signal-event", "xt_geoip-service" ) == 0 ) |
581 |
|
|
{ |