1 |
michel |
1.1 |
diff -urN smeserver-xt_geoip-1.0.1.old/createlinks smeserver-xt_geoip-1.0.1/createlinks |
2 |
|
|
--- smeserver-xt_geoip-1.0.1.old/createlinks 2019-05-02 00:12:10.000000000 +0400 |
3 |
|
|
+++ smeserver-xt_geoip-1.0.1/createlinks 2019-04-23 22:52:31.000000000 +0400 |
4 |
|
|
@@ -12,14 +12,16 @@ |
5 |
|
|
# links to add |
6 |
|
|
|
7 |
|
|
# templates to expand |
8 |
|
|
-for my $event (qw(xt_geoip-modify xt_geoip-update bootstrap-console-save console-save)) |
9 |
|
|
+for my $event (qw(xt_geoip-modify xt_geoip-update xt_geoip-service bootstrap-console-save console-save)) |
10 |
|
|
{ |
11 |
|
|
templates2events("/etc/rc.d/init.d/masq", $event); |
12 |
|
|
templates2events("/etc/crontab", $event); |
13 |
|
|
templates2events("/usr/share/xt_geoip/update_base", $event); |
14 |
|
|
- if ($event ne 'xt_geoip-modify') { |
15 |
|
|
- event_link("smeserver-xt_geoip-download-action", $event, "10"); |
16 |
|
|
} |
17 |
|
|
+ |
18 |
|
|
+for my $event (qw(xt_geoip-update bootstrap-console-save console-save)) |
19 |
|
|
+{ |
20 |
|
|
+ event_link("smeserver-xt_geoip-download-action", $event, "10"); |
21 |
|
|
} |
22 |
|
|
|
23 |
|
|
# services to launch on event |
24 |
|
|
@@ -29,4 +31,10 @@ |
25 |
|
|
"root/etc/e-smith/events/$event/services2adjust/masq"); |
26 |
|
|
} |
27 |
|
|
|
28 |
|
|
+for my $event (qw(xt_geoip-service)) |
29 |
|
|
+{ |
30 |
|
|
+ safe_symlink("adjust", |
31 |
|
|
+ "root/etc/e-smith/events/$event/services2adjust/masq"); |
32 |
|
|
+} |
33 |
|
|
+ |
34 |
|
|
# actions to perform |
35 |
|
|
diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/db/configuration/defaults/masq/XtServices smeserver-xt_geoip-1.0.1/root/etc/e-smith/db/configuration/defaults/masq/XtServices |
36 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/db/configuration/defaults/masq/XtServices 1970-01-01 04:00:00.000000000 +0400 |
37 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/db/configuration/defaults/masq/XtServices 2019-04-24 14:38:38.000000000 +0400 |
38 |
|
|
@@ -0,0 +1 @@ |
39 |
|
|
+imaps,pop3s,sshd,ftp,ssmtpd |
40 |
|
|
diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/xt_geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/xt_geoip |
41 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/xt_geoip 2019-05-02 00:12:10.000000000 +0400 |
42 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/xt_geoip 2019-04-29 19:35:33.000000000 +0400 |
43 |
|
|
@@ -96,12 +96,12 @@ |
44 |
|
|
|
45 |
|
|
<entry> |
46 |
|
|
<base>IPT_LIST</base> |
47 |
|
|
- <trans>Geoip ban</trans> |
48 |
|
|
+ <trans>Stats of XT-geoip prevented connections</trans> |
49 |
|
|
</entry> |
50 |
|
|
|
51 |
|
|
<entry> |
52 |
|
|
<base>SSH_LIST</base> |
53 |
|
|
- <trans>Ssh errors</trans> |
54 |
|
|
+ <trans>Stats of SSH errors not blocked by XT-geoip</trans> |
55 |
|
|
</entry> |
56 |
|
|
|
57 |
|
|
<entry> |
58 |
|
|
@@ -129,4 +129,72 @@ |
59 |
|
|
</trans> |
60 |
|
|
</entry> |
61 |
|
|
|
62 |
|
|
+ <entry> |
63 |
|
|
+ <base>SERVICE_DESCRIPTION</base> |
64 |
|
|
+ <trans><![CDATA[ <h2> Per service filtering for Xtables GeoIP</h2><ul> |
65 |
|
|
+ <li>If you want different filtering for certain services</li> |
66 |
|
|
+ </ul><p><i></i></p> ]]> |
67 |
|
|
+ </trans> |
68 |
|
|
+ </entry> |
69 |
|
|
+ |
70 |
|
|
+ <entry> |
71 |
|
|
+ <base>LABEL_SERVICE</base> |
72 |
|
|
+ <trans>Service name : </trans> |
73 |
|
|
+ </entry> |
74 |
|
|
+ |
75 |
|
|
+ <entry> |
76 |
|
|
+ <base>PER_SERVICE_GEOIP</base> |
77 |
|
|
+ <trans>-> Services</trans> |
78 |
|
|
+ </entry> |
79 |
|
|
+ |
80 |
|
|
+ <entry> |
81 |
|
|
+ <base>ADD_SERVICE</base> |
82 |
|
|
+ <trans>Add or modify a per service filtering</trans> |
83 |
|
|
+ </entry> |
84 |
|
|
+ |
85 |
|
|
+ <entry> |
86 |
|
|
+ <base>ADD_DESC</base> |
87 |
|
|
+ <trans>You are choosing a particular country filtering for this service</trans> |
88 |
|
|
+ </entry> |
89 |
|
|
+ |
90 |
|
|
+ <entry> |
91 |
|
|
+ <base>REMOVE_SERVICE</base> |
92 |
|
|
+ <trans>Delete a per service filtering</trans> |
93 |
|
|
+ </entry> |
94 |
|
|
+ |
95 |
|
|
+ <entry> |
96 |
|
|
+ <base>REMOVE_DESC</base> |
97 |
|
|
+ <trans>You are deleting a filtering by service. The general filtering will then apply.</trans> |
98 |
|
|
+ </entry> |
99 |
|
|
+ |
100 |
|
|
+ <entry> |
101 |
|
|
+ <base>SERV_NOT_BAN</base> |
102 |
|
|
+ <trans>Unfiltered service.</trans> |
103 |
|
|
+ </entry> |
104 |
|
|
+ |
105 |
|
|
+ <entry> |
106 |
|
|
+ <base>NO_SERVICES</base> |
107 |
|
|
+ <trans>No services.</trans> |
108 |
|
|
+ </entry> |
109 |
|
|
+ |
110 |
|
|
+ <entry> |
111 |
|
|
+ <base>LABEL_SERV_BADCOUNTRIES_STATUS</base> |
112 |
|
|
+ <trans>List of rejected country codes for the service : </trans> |
113 |
|
|
+ </entry> |
114 |
|
|
+ |
115 |
|
|
+ <entry> |
116 |
|
|
+ <base>SUCCESSFULLY_DELETED_SERVICE</base> |
117 |
|
|
+ <trans>Per service filtering successfully deleted... New filtering taken into account.</trans> |
118 |
|
|
+ </entry> |
119 |
|
|
+ |
120 |
|
|
+ <entry> |
121 |
|
|
+ <base>BADCOUNTRIES</base> |
122 |
|
|
+ <trans>Blacklist</trans> |
123 |
|
|
+ </entry> |
124 |
|
|
+ |
125 |
|
|
+ <entry> |
126 |
|
|
+ <base>ERR_COUNTRY_MAX: {$ctr}</base> |
127 |
|
|
+ <trans>Too many countries chosen: {$ctr}</trans> |
128 |
|
|
+ </entry> |
129 |
|
|
+ |
130 |
|
|
</lexicon> |
131 |
|
|
diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/xt_geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/xt_geoip |
132 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/xt_geoip 2019-05-02 00:12:10.000000000 +0400 |
133 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/xt_geoip 2019-04-29 19:33:56.000000000 +0400 |
134 |
|
|
@@ -43,15 +43,16 @@ |
135 |
|
|
|
136 |
|
|
<entry> |
137 |
|
|
<base>XT_GEOIP_STATUS_DESCRIPTION</base> |
138 |
|
|
- <trans><![CDATA[ <ul> <li>Le filtrage IP peut être activé ou désactivé à l'aide du bouton adéquat</li> |
139 |
|
|
+ <trans><![CDATA[ <h2>Filtrage général pour Xtables GeoIP </h2> |
140 |
|
|
+ <ul> <li>Le filtrage IP peut être activé ou désactivé à l'aide du bouton adéquat</li> |
141 |
|
|
<li>Les codes des pays à bannir peut être saisis dans le champ correspondant</li> |
142 |
|
|
<li>Une mise à jour immédiate de la table peut être demandée ici.</li></ul> |
143 |
|
|
- <p><i>Attention à ne pas bannir les adresses IP nécessaires au fonctionnement de votre serveur !</i></p> <br><br> ]]></trans> |
144 |
|
|
+ <p><i>Attention à ne pas bannir les adresses IP nécessaires au fonctionnement de votre serveur !</i></p> <br> ]]></trans> |
145 |
|
|
</entry> |
146 |
|
|
|
147 |
|
|
<entry> |
148 |
|
|
<base>LABEL_BADCOUNTRIES_STATUS</base> |
149 |
|
|
- <trans>Liste actuelle des codes pays rejetés : </trans> |
150 |
|
|
+ <trans>Liste générale des codes pays rejetés : </trans> |
151 |
|
|
</entry> |
152 |
|
|
|
153 |
|
|
<entry> |
154 |
|
|
@@ -60,12 +61,6 @@ |
155 |
|
|
</entry> |
156 |
|
|
|
157 |
|
|
<entry> |
158 |
|
|
- <base>ERR_COUNTRY_MAX: {$ctr}</base> |
159 |
|
|
- <trans>Code pays, maximum atteint: {$ctr}</trans> |
160 |
|
|
- </entry> |
161 |
|
|
- |
162 |
|
|
- |
163 |
|
|
- <entry> |
164 |
|
|
<base>LABEL_BADCOUNTRIES</base> |
165 |
|
|
<trans>Nouveaux codes pays à utiliser :</trans> |
166 |
|
|
</entry> |
167 |
|
|
@@ -98,14 +93,15 @@ |
168 |
|
|
|
169 |
|
|
<entry> |
170 |
|
|
<base>IPT_LIST</base> |
171 |
|
|
- <trans>Geoip stop</trans> |
172 |
|
|
+ <trans>Stats des connexions évitées à l'aide de XT-geoip</trans> |
173 |
|
|
</entry> |
174 |
|
|
|
175 |
|
|
<entry> |
176 |
|
|
<base>SSH_LIST</base> |
177 |
|
|
- <trans>Ssh erreurs</trans> |
178 |
|
|
+ <trans>Stats des erreurs SSH non bloquées par XT-geoip</trans> |
179 |
|
|
</entry> |
180 |
|
|
|
181 |
|
|
+ |
182 |
|
|
<entry> |
183 |
|
|
<base>STATS_GENERATED</base> |
184 |
|
|
<trans>Statistiques générées</trans> |
185 |
|
|
@@ -123,12 +119,80 @@ |
186 |
|
|
|
187 |
|
|
<entry> |
188 |
|
|
<base>STATS_DESCRIPTION</base> |
189 |
|
|
- <trans><![CDATA[ <h3>Statistiques pour Xtables GeoIP</h3><ul> |
190 |
|
|
+ <trans><![CDATA[ <h2>Statistiques pour Xtables GeoIP </h2><ul> |
191 |
|
|
<li>Pour 3 périodes : Jour, Semaine et Mois</li> |
192 |
|
|
<li>Ips bloqués par pays triés par score</li> |
193 |
|
|
<li>Erreurs Ssh par pays triées par score </li> |
194 |
|
|
</ul><p><i>XX signifie Pays non trouvé !</i></p> ]]> |
195 |
|
|
</trans> |
196 |
|
|
</entry> |
197 |
|
|
+ |
198 |
|
|
+ <entry> |
199 |
|
|
+ <base>SERVICE_DESCRIPTION</base> |
200 |
|
|
+ <trans><![CDATA[ <h2> Filtrage par service pour Xtables GeoIP</h2><ul> |
201 |
|
|
+ <li>Si vous souhaitez un filtrage différent pour certains services</li> |
202 |
|
|
+ </ul><p><i></i></p> ]]> |
203 |
|
|
+ </trans> |
204 |
|
|
+ </entry> |
205 |
|
|
+ |
206 |
|
|
+ <entry> |
207 |
|
|
+ <base>LABEL_SERVICE</base> |
208 |
|
|
+ <trans>Nom du service : </trans> |
209 |
|
|
+ </entry> |
210 |
|
|
+ |
211 |
|
|
+ <entry> |
212 |
|
|
+ <base>PER_SERVICE_GEOIP</base> |
213 |
|
|
+ <trans>-> Services</trans> |
214 |
|
|
+ </entry> |
215 |
|
|
+ |
216 |
|
|
+ <entry> |
217 |
|
|
+ <base>ADD_SERVICE</base> |
218 |
|
|
+ <trans>Ajouter ou modifier un fitrage par service</trans> |
219 |
|
|
+ </entry> |
220 |
|
|
+ |
221 |
|
|
+ <entry> |
222 |
|
|
+ <base>ADD_DESC</base> |
223 |
|
|
+ <trans>Vous allez choisir un filtrage pays particulier pour ce service</trans> |
224 |
|
|
+ </entry> |
225 |
|
|
+ |
226 |
|
|
+ <entry> |
227 |
|
|
+ <base>REMOVE_SERVICE</base> |
228 |
|
|
+ <trans>Supprimer un fitrage par service</trans> |
229 |
|
|
+ </entry> |
230 |
|
|
+ |
231 |
|
|
+ <entry> |
232 |
|
|
+ <base>REMOVE_DESC</base> |
233 |
|
|
+ <trans>Vous allez supprimer un filtrage par service. Le filtrage général va alors s'appliquer.</trans> |
234 |
|
|
+ </entry> |
235 |
|
|
+ |
236 |
|
|
+ <entry> |
237 |
|
|
+ <base>SERV_NOT_BAN</base> |
238 |
|
|
+ <trans>Service non filtré.</trans> |
239 |
|
|
+ </entry> |
240 |
|
|
+ |
241 |
|
|
+ <entry> |
242 |
|
|
+ <base>NO_SERVICES</base> |
243 |
|
|
+ <trans>Aucun service.</trans> |
244 |
|
|
+ </entry> |
245 |
|
|
+ |
246 |
|
|
+ <entry> |
247 |
|
|
+ <base>LABEL_SERV_BADCOUNTRIES_STATUS</base> |
248 |
|
|
+ <trans>Liste des codes pays rejetés du service : </trans> |
249 |
|
|
+ </entry> |
250 |
|
|
+ |
251 |
|
|
+ <entry> |
252 |
|
|
+ <base>SUCCESSFULLY_DELETED_SERVICE</base> |
253 |
|
|
+ <trans>Suppression du service réussi... Nouveau filtrage pris en compte.</trans> |
254 |
|
|
+ </entry> |
255 |
|
|
+ |
256 |
|
|
+ <entry> |
257 |
|
|
+ <base>BADCOUNTRIES</base> |
258 |
|
|
+ <trans>Liste noire</trans> |
259 |
|
|
+ </entry> |
260 |
|
|
+ |
261 |
|
|
+ <entry> |
262 |
|
|
+ <base>ERR_COUNTRY_MAX: {$ctr}</base> |
263 |
|
|
+ <trans>Code(s) pays inexistant(s) sur le serveur: {$listerr}</trans> |
264 |
|
|
+ </entry> |
265 |
|
|
|
266 |
|
|
</lexicon> |
267 |
|
|
diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip |
268 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip 2019-05-02 00:12:10.000000000 +0400 |
269 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip 2019-04-24 17:24:02.000000000 +0400 |
270 |
|
|
@@ -7,16 +7,54 @@ |
271 |
|
|
my $PATH_MODULE = "/lib/modules/$KERNEL/extra/xt_geoip.ko"; |
272 |
|
|
my $PATH2_MODULE = "/lib/modules/$KERNEL/weak-updates/xt_geoip.ko"; |
273 |
|
|
my $PATH3_MODULE = "/lib/modules/$KERNEL/weak-updates/xtables-addons/xt_geoip.ko"; |
274 |
|
|
- if ($GP eq 'enabled' and $BC ne '') |
275 |
|
|
+ my $port; |
276 |
|
|
+ my $locPorts; |
277 |
|
|
+ my $servStatus; |
278 |
|
|
+ my $locBC; |
279 |
|
|
+ if ($GP eq 'enabled') |
280 |
|
|
{ |
281 |
|
|
if (-s $PATH_MODULE || -s $PATH2_MODULE || -s $PATH3_MODULE) |
282 |
|
|
{ |
283 |
|
|
- $OUT .= " ## xtables-addons GEOIP ##\n"; |
284 |
|
|
- $OUT .= " /sbin/iptables -A INPUT -m geoip --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: ALL\"\n"; |
285 |
|
|
- $OUT .= " /sbin/iptables -A INPUT -m geoip --src-cc $BC -j DROP\n"; |
286 |
|
|
- $OUT .= " ## xtables-addons GEOIP ##\n"; |
287 |
|
|
- } else |
288 |
|
|
- { $OUT .= " # module xt_geoip not found for current kernel"; } |
289 |
|
|
- } else |
290 |
|
|
- { $OUT .= " # xt_geoip disabled or no 'BadCountries' defined\n"; } |
291 |
|
|
+ # to allow reload |
292 |
|
|
+ $OUT .=<<'EOF'; |
293 |
|
|
+ # A blacklist chain for xtables-addons GEOIP |
294 |
|
|
+ /sbin/iptables --new-chain XTGeoIP |
295 |
|
|
+ /sbin/iptables --new-chain XTGeoIP_1 |
296 |
|
|
+ /sbin/iptables --append XTGeoIP -j XTGeoIP_1 |
297 |
|
|
+ /sbin/iptables --insert INPUT 1 \ |
298 |
|
|
+ -j XTGeoIP |
299 |
|
|
+EOF |
300 |
|
|
+ ##adding here for service specific |
301 |
|
|
+ $locPorts=''; |
302 |
|
|
+ |
303 |
|
|
+ my @services = split(/,/, $masq{'XtServices'}); |
304 |
|
|
+ foreach my $servName (@services) |
305 |
|
|
+ { |
306 |
|
|
+ $port = ${$servName}{'TCPPort'} || ''; |
307 |
|
|
+ my $servStatus = ${$servName}{'status'} || 'disabled'; |
308 |
|
|
+ my $servAccess = ${$servName}{'access'} || 'private'; |
309 |
|
|
+ my $locBC = ${$servName}{'BadCountries'} || ''; |
310 |
|
|
+ if ($port ne '' and $servStatus eq 'enabled' and $servAccess eq 'public' and $locBC ne '') { |
311 |
|
|
+ $locPorts .= "$port,"; |
312 |
|
|
+ $OUT .= " /sbin/iptables -A XTGeoIP_1 -m geoip --src-cc $locBC -p tcp --dport $port -j ULOG --ulog-prefix \"GeoIP BAN: $servName\"\n"; |
313 |
|
|
+ $OUT .= " /sbin/iptables -A XTGeoIP_1 -m geoip --src-cc $locBC -p tcp --dport $port -j DROP\n"; |
314 |
|
|
+ } |
315 |
|
|
+ } |
316 |
|
|
+ |
317 |
|
|
+ # block for other or all should move there |
318 |
|
|
+ if ($BC ne '') { |
319 |
|
|
+ if ($locPorts ne '') { |
320 |
|
|
+ $locPorts = substr $locPorts, 0, -1; |
321 |
|
|
+ $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip -m multiport ! --dports $locPorts --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: OTHER\"\n"; |
322 |
|
|
+ $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip -m multiport ! --dports $locPorts --src-cc $BC -j DROP\n"; |
323 |
|
|
+ } else { |
324 |
|
|
+ $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: ALL\"\n"; |
325 |
|
|
+ $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip --src-cc $BC -j DROP\n"; |
326 |
|
|
+ } |
327 |
|
|
+ } |
328 |
|
|
+ $OUT .= " /sbin/iptables --append XTGeoIP_1" . |
329 |
|
|
+ " -j RETURN\n"; |
330 |
|
|
+ ## end of add |
331 |
|
|
+ } else { $OUT .= " # module xt_geoip not found for current kernel\n"; } |
332 |
|
|
+ } else { $OUT .= " # xt_geoip disabled\n"; } |
333 |
|
|
} |
334 |
|
|
diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip |
335 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip 1970-01-01 04:00:00.000000000 +0400 |
336 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip 2019-04-24 17:24:22.000000000 +0400 |
337 |
|
|
@@ -0,0 +1,81 @@ |
338 |
|
|
+{ |
339 |
|
|
+ my $BC = $masq{BadCountries} || ''; |
340 |
|
|
+ my $GP = $masq{GeoIP} || 'disabled'; |
341 |
|
|
+ my $KERNEL = `/bin/uname -r`; |
342 |
|
|
+ chomp($KERNEL); |
343 |
|
|
+ my $PATH_MODULE = "/lib/modules/$KERNEL/extra/xt_geoip.ko"; |
344 |
|
|
+ my $PATH2_MODULE = "/lib/modules/$KERNEL/weak-updates/xt_geoip.ko"; |
345 |
|
|
+ my $PATH3_MODULE = "/lib/modules/$KERNEL/weak-updates/xtables-addons/xt_geoip.ko"; |
346 |
|
|
+ my $port; |
347 |
|
|
+ my $locPorts; |
348 |
|
|
+ my $servStatus; |
349 |
|
|
+ my $locBC; |
350 |
|
|
+ |
351 |
|
|
+ |
352 |
|
|
+ # Find the current XTGeoIP_$$ chain, and create a new one. |
353 |
|
|
+ $OUT .=<<'EOF'; |
354 |
|
|
+ OLD_XTGeoIP=$(get_safe_id XTGeoIP filter find) |
355 |
|
|
+ NEW_XTGeoIP=$(get_safe_id XTGeoIP filter new) |
356 |
|
|
+ /sbin/iptables --new-chain $NEW_XTGeoIP |
357 |
|
|
+EOF |
358 |
|
|
+ |
359 |
|
|
+ if ($GP eq 'enabled' and $BC ne '') |
360 |
|
|
+ { |
361 |
|
|
+ if (-s $PATH_MODULE || -s $PATH2_MODULE || -s $PATH3_MODULE) |
362 |
|
|
+ { |
363 |
|
|
+ # add content here |
364 |
|
|
+ $locPorts = ''; |
365 |
|
|
+ my @services = split(/,/, $masq{'XtServices'}); |
366 |
|
|
+ |
367 |
|
|
+ foreach my $servName (@services) |
368 |
|
|
+ { |
369 |
|
|
+ $port = ${$servName}{'TCPPort'} || ''; |
370 |
|
|
+ my $servStatus = ${$servName}{'status'} || 'disabled'; |
371 |
|
|
+ my $servAccess = ${$servName}{'access'} || 'private'; |
372 |
|
|
+ my $locBC = ${$servName}{'BadCountries'} || ''; |
373 |
|
|
+ if ($port ne '' and $servStatus eq 'enabled' and $servAccess eq 'public' and $locBC ne '') { |
374 |
|
|
+ $locPorts .= "$port,"; |
375 |
|
|
+ $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip --src-cc $locBC -p tcp --dport $port -j ULOG --ulog-prefix \"GeoIP BAN: $servName\"\n"; |
376 |
|
|
+ $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip --src-cc $locBC -p tcp --dport $port -j DROP\n"; |
377 |
|
|
+ } |
378 |
|
|
+ } |
379 |
|
|
+ |
380 |
|
|
+ ##adding here for service specific |
381 |
|
|
+ # imaps 993 |
382 |
|
|
+ #$locBC = $imaps{BadCountries} || ''; |
383 |
|
|
+ #$servStatus = $imaps{'status'} || 'disabled'; |
384 |
|
|
+ #$port = $imaps{'TCPPort'} || '993'; |
385 |
|
|
+ #if ($servStatus eq 'enabled' and $locBC ne '') { |
386 |
|
|
+ # $locPorts .= "${port},"; |
387 |
|
|
+ # $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip --src-cc $locBC -p tcp --dport $port -j ULOG --ulog-prefix \"GeoIP BAN: IMAPS\"\n"; |
388 |
|
|
+ # $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip --src-cc $locBC -p tcp --dport $port -j DROP\n"; |
389 |
|
|
+ #} |
390 |
|
|
+ |
391 |
|
|
+ # block for all or other ports should move there |
392 |
|
|
+ if ($BC ne '') { |
393 |
|
|
+ if ($locPorts ne '') { |
394 |
|
|
+ $locPorts = substr $locPorts, 0, -1; |
395 |
|
|
+ $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip -m multiport ! --dports $locPorts --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: OTHER\"\n"; |
396 |
|
|
+ $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip -m multiport ! --dports $locPorts --src-cc $BC -j DROP\n"; |
397 |
|
|
+ } else { |
398 |
|
|
+ $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: ALL\"\n"; |
399 |
|
|
+ $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip --src-cc $BC -j DROP\n"; |
400 |
|
|
+ } |
401 |
|
|
+ } |
402 |
|
|
+ $OUT .= " /sbin/iptables --append \$NEW_XTGeoIP" . |
403 |
|
|
+ " -j RETURN\n"; |
404 |
|
|
+ ## end of add |
405 |
|
|
+ |
406 |
|
|
+ } |
407 |
|
|
+ } |
408 |
|
|
+ |
409 |
|
|
+ |
410 |
|
|
+ # Having created a new XTGeoIP chain, activate it and destroy the old. |
411 |
|
|
+ $OUT .=<<'EOF'; |
412 |
|
|
+ /sbin/iptables --replace XTGeoIP 1 \ |
413 |
|
|
+ --jump $NEW_XTGeoIP |
414 |
|
|
+ /sbin/iptables --flush $OLD_XTGeoIP |
415 |
|
|
+ /sbin/iptables --delete-chain $OLD_XTGeoIP |
416 |
|
|
+EOF |
417 |
|
|
+ |
418 |
|
|
+} |
419 |
|
|
diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/web/functions/xt_geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/web/functions/xt_geoip |
420 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/web/functions/xt_geoip 2019-05-02 00:12:10.000000000 +0400 |
421 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/web/functions/xt_geoip 2019-05-02 00:01:09.000000000 +0400 |
422 |
|
|
@@ -2,9 +2,9 @@ |
423 |
|
|
# vim: set ft=xml: |
424 |
|
|
|
425 |
|
|
#---------------------------------------------------------------------- |
426 |
|
|
-# heading : Administration |
427 |
|
|
+# heading : Security |
428 |
|
|
# description : GeoIP IP filtering |
429 |
|
|
-# navigation : 4000 4900 |
430 |
|
|
+# navigation : 5000 5610 |
431 |
|
|
#---------------------------------------------------------------------- |
432 |
|
|
# copyright (C) 2007 Mitel Networks Corporation |
433 |
|
|
# |
434 |
|
|
@@ -67,11 +67,10 @@ |
435 |
|
|
header="/etc/e-smith/web/common/head.tmpl" |
436 |
|
|
footer="/etc/e-smith/web/common/foot.tmpl"> |
437 |
|
|
|
438 |
|
|
- <page name="First" |
439 |
|
|
- pre-event="print_status_message()"> |
440 |
|
|
- # post-event="wherenext('Second')" > |
441 |
|
|
- # Ssh Ipt Second |
442 |
|
|
+ <page name="First" pre-event="print_status_message()"> |
443 |
|
|
+ # post-event="wherenext('Second')" |
444 |
|
|
<description>XT_GEOIP_STATUS_DESCRIPTION</description> |
445 |
|
|
+ |
446 |
|
|
<field |
447 |
|
|
type="literal" |
448 |
|
|
id="geoip" |
449 |
|
|
@@ -100,7 +99,13 @@ |
450 |
|
|
<label> </label> |
451 |
|
|
</field> |
452 |
|
|
|
453 |
|
|
- <field type="literal" id="client_label" value=""> |
454 |
|
|
+ <field type="literal" id="service_label" value=""> |
455 |
|
|
+ <description>SERVICE_DESCRIPTION</description> |
456 |
|
|
+ </field> |
457 |
|
|
+ |
458 |
|
|
+ <subroutine src="print_custom_button('PER_SERVICE_GEOIP', 'Service', '')"/> |
459 |
|
|
+ |
460 |
|
|
+ <field type="literal" id="stats_label" value=""> |
461 |
|
|
<description>STATS_DESCRIPTION</description> |
462 |
|
|
</field> |
463 |
|
|
|
464 |
|
|
@@ -110,9 +115,9 @@ |
465 |
|
|
<subroutine src="print_button('NEXT')" /> |
466 |
|
|
</page> |
467 |
|
|
|
468 |
|
|
- <page name="Second" |
469 |
|
|
- pre-event="turn_off_buttons" |
470 |
|
|
- post-event="change_settings()"> |
471 |
|
|
+ |
472 |
|
|
+ |
473 |
|
|
+ <page name="Second" pre-event="turn_off_buttons" post-event="change_settings()"> |
474 |
|
|
|
475 |
|
|
<field |
476 |
|
|
type="select" |
477 |
|
|
@@ -153,9 +158,84 @@ |
478 |
|
|
</page> |
479 |
|
|
|
480 |
|
|
|
481 |
|
|
- <page name="Stats" |
482 |
|
|
- pre-event="generateStats" |
483 |
|
|
- post-event="wherenext('First')" > |
484 |
|
|
+ <page name="Service" pre-event="print_status_message()" post-event="wherenext('First')"> |
485 |
|
|
+ <description>SERVICE_DESCRIPTION</description> |
486 |
|
|
+ <field |
487 |
|
|
+ type="literal" |
488 |
|
|
+ id="badcountries" |
489 |
|
|
+ value="get_badcountries()"> |
490 |
|
|
+ <label>LABEL_BADCOUNTRIES_STATUS</label> |
491 |
|
|
+ </field> |
492 |
|
|
+ <subroutine src="print_service_table()" /> |
493 |
|
|
+ <subroutine src="print_button('NEXT')"/> |
494 |
|
|
+ </page> |
495 |
|
|
+ |
496 |
|
|
+ |
497 |
|
|
+ |
498 |
|
|
+ <page name="SrvModify" pre-event="turn_off_buttons()" post-event="modify_serv()"> |
499 |
|
|
+ |
500 |
|
|
+ <title>ADD_SERVICE</title> |
501 |
|
|
+ <description>ADD_DESC</description> |
502 |
|
|
+ |
503 |
|
|
+ <field |
504 |
|
|
+ type="literal" |
505 |
|
|
+ id="service" |
506 |
|
|
+ value="get_srv_name()"> |
507 |
|
|
+ <label>LABEL_SERVICE</label> |
508 |
|
|
+ </field> |
509 |
|
|
+ |
510 |
|
|
+ <field |
511 |
|
|
+ type="literal" |
512 |
|
|
+ id="badcountries" |
513 |
|
|
+ value="get_badcountries()"> |
514 |
|
|
+ <label>LABEL_BADCOUNTRIES_STATUS</label> |
515 |
|
|
+ </field> |
516 |
|
|
+ |
517 |
|
|
+ <field |
518 |
|
|
+ type="text" |
519 |
|
|
+ id="masq_srv_badcountries" |
520 |
|
|
+ size="64" |
521 |
|
|
+ validation="srv_must_exist()"> |
522 |
|
|
+ <label>LABEL_BADCOUNTRIES</label> |
523 |
|
|
+ <description>DESC_BADCOUNTRIES</description> |
524 |
|
|
+ </field> |
525 |
|
|
+ |
526 |
|
|
+ <field |
527 |
|
|
+ type="literal" |
528 |
|
|
+ id="srv_badcountries" |
529 |
|
|
+ value="get_srv_badcountries()"> |
530 |
|
|
+ <label>LABEL_SERV_BADCOUNTRIES_STATUS</label> |
531 |
|
|
+ </field> |
532 |
|
|
+ |
533 |
|
|
+ <subroutine src="print_button('SAVE')" /> |
534 |
|
|
+ </page> |
535 |
|
|
+ |
536 |
|
|
+ |
537 |
|
|
+ <page name="SrvRemove" pre-event="turn_off_buttons()" post-event="remove_serv()"> |
538 |
|
|
+ |
539 |
|
|
+ <title>REMOVE_SERVICE</title> |
540 |
|
|
+ <description>REMOVE_DESC</description> |
541 |
|
|
+ |
542 |
|
|
+ <field |
543 |
|
|
+ type="literal" |
544 |
|
|
+ id="service" |
545 |
|
|
+ value="get_srv_name()"> |
546 |
|
|
+ <label>LABEL_SERVICE</label> |
547 |
|
|
+ </field> |
548 |
|
|
+ |
549 |
|
|
+ <field |
550 |
|
|
+ type="literal" |
551 |
|
|
+ id="badcountries" |
552 |
|
|
+ value="get_srv_badcountries()"> |
553 |
|
|
+ <label>LABEL_SERV_BADCOUNTRIES_STATUS</label> |
554 |
|
|
+ </field> |
555 |
|
|
+ |
556 |
|
|
+ <subroutine src="print_button('REMOVE')" /> |
557 |
|
|
+ |
558 |
|
|
+ </page> |
559 |
|
|
+ |
560 |
|
|
+ |
561 |
|
|
+ <page name="Stats" pre-event="generateStats" post-event="wherenext('First')"> |
562 |
|
|
<subroutine src="print_button('NEXT')"/> |
563 |
|
|
</page> |
564 |
|
|
|
565 |
michel |
1.2 |
|
566 |
michel |
1.1 |
diff -urN smeserver-xt_geoip-1.0.1.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/xt_geoip.pm smeserver-xt_geoip-1.0.1/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/xt_geoip.pm |
567 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/xt_geoip.pm 2019-05-02 00:12:10.000000000 +0400 |
568 |
michel |
1.2 |
+++ smeserver-xt_geoip-1.0.1/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/xt_geoip.pm 2019-05-02 01:28:49.000000000 +0400 |
569 |
michel |
1.1 |
@@ -11,6 +11,7 @@ |
570 |
|
|
use esmith::FormMagick; |
571 |
|
|
use esmith::ConfigDB; |
572 |
|
|
use esmith::util; |
573 |
|
|
+use esmith::cgi; |
574 |
|
|
use File::Basename; |
575 |
|
|
use Exporter; |
576 |
|
|
use POSIX qw(strftime); |
577 |
michel |
1.2 |
@@ -22,6 +23,15 @@ |
578 |
|
|
get_value |
579 |
|
|
get_badcountries |
580 |
|
|
get_geoip |
581 |
michel |
1.1 |
+ print_service_table |
582 |
|
|
+ get_stat_geoip |
583 |
|
|
+ print_custom_button |
584 |
|
|
+ generateStats |
585 |
|
|
+ get_srv_name |
586 |
|
|
+ get_srv_badcountries |
587 |
|
|
+ remove_serv |
588 |
|
|
+ modify_serv |
589 |
|
|
+ srv_must_exist |
590 |
michel |
1.2 |
get_date_update |
591 |
|
|
change_settings |
592 |
|
|
must_exist |
593 |
michel |
1.1 |
@@ -214,7 +224,7 @@ |
594 |
|
|
my @mq_bcs = split /[,:]/, $q->param("masq_badcountries"); |
595 |
|
|
if (@mq_bcs) { |
596 |
|
|
my $ctr = @mq_bcs; |
597 |
|
|
- return $self->localise('ERR_COUNTRY_MAX: {$ctr}', {ctr=> "$ctr"}) if ($ctr > 50); |
598 |
|
|
+ return $self->localise('ERROR_COUNTRY_MAX: {$ctr}', {ctr=> "$ctr"}) if ($ctr > 50); |
599 |
|
|
|
600 |
|
|
foreach my $bcs (@mq_bcs) { |
601 |
|
|
my $file = "/usr/share/xt_geoip/LE/" . $bcs . ".iv4"; |
602 |
|
|
@@ -248,7 +258,7 @@ |
603 |
|
|
$stats_type =~ /(.+)/; $stats_type = $1; |
604 |
|
|
if ($stats_type ne "ipt" && $stats_type ne "ssh") |
605 |
|
|
{ |
606 |
|
|
- print $q->p($q->b($self->localise('INVALID_STATS_TYPE'). |
607 |
|
|
+ print $q->p($q->b($self->localise('INVALID_STATS_TYPE')." ". |
608 |
|
|
$stats_type)); |
609 |
|
|
return ''; |
610 |
|
|
} else { |
611 |
|
|
@@ -270,8 +280,174 @@ |
612 |
|
|
print "</pre>\n"; |
613 |
|
|
|
614 |
|
|
print $q->h3($self->localise('END_OF_STATS')); |
615 |
|
|
+ $self->wherenext('First'); |
616 |
|
|
return ''; |
617 |
|
|
} |
618 |
|
|
} |
619 |
|
|
|
620 |
|
|
+sub get_srv_name |
621 |
|
|
+{ |
622 |
|
|
+ my ($self) = @_; |
623 |
|
|
+ return $self->cgi->param('name'); |
624 |
|
|
+} |
625 |
|
|
+ |
626 |
|
|
+sub get_srv_badcountries |
627 |
|
|
+{ |
628 |
|
|
+ my ($self) = @_; |
629 |
|
|
+ my $name = $self->cgi->param('name'); |
630 |
|
|
+ return $db->get_prop($name, "BadCountries"); |
631 |
|
|
+} |
632 |
|
|
+ |
633 |
|
|
+sub print_service_table { |
634 |
|
|
+ my $self = shift; |
635 |
|
|
+ my $q = $self->{cgi}; |
636 |
|
|
+ my $servname = $self->localise('NAME'); |
637 |
|
|
+ my $port = $self->localise('PORT'); |
638 |
|
|
+ my $status = $self->localise('STATUS'); |
639 |
|
|
+ my $access = $self->localise('ACCESS'); |
640 |
|
|
+ my $servBC = $self->localise('BADCOUNTRIES'); |
641 |
|
|
+ my $modify = $self->localise('MODIFY'); |
642 |
|
|
+ my $remove = $self->localise('REMOVE'); |
643 |
|
|
+ my $action_h = $self->localise('ACTION'); |
644 |
|
|
+ |
645 |
|
|
+ my @services = split(/,/, $db->get_prop("masq", "XtServices")); |
646 |
|
|
+ #my @services = ('imaps','pop3s','sshd','ftp','ssmtpd'); |
647 |
|
|
+ |
648 |
|
|
+ unless ( scalar @services ) |
649 |
|
|
+ { |
650 |
|
|
+ print $q->Tr($q->td($self->localise('NO_SERVICES'))); |
651 |
|
|
+ return ""; |
652 |
|
|
+ } |
653 |
|
|
+ |
654 |
|
|
+ print $q->start_table({-CLASS => "sme-border"}),"\n"; |
655 |
|
|
+ print $q->Tr ( |
656 |
|
|
+ esmith::cgi::genSmallCell($q, $servname,"header"), |
657 |
|
|
+ esmith::cgi::genSmallCell($q, $port,"header"), |
658 |
|
|
+ esmith::cgi::genSmallCell($q, $status,"header"), |
659 |
|
|
+ esmith::cgi::genSmallCell($q, $access,"header"), |
660 |
|
|
+ esmith::cgi::genSmallCell($q, $servBC,"header"), |
661 |
|
|
+ esmith::cgi::genSmallCell($q, $action_h,"header", 2)),"\n"; |
662 |
|
|
+ |
663 |
|
|
+ my $scriptname = basename($0); |
664 |
|
|
+ |
665 |
|
|
+ foreach my $servname (@services) |
666 |
|
|
+ { |
667 |
|
|
+ my $i = $db->get($servname); |
668 |
|
|
+ |
669 |
|
|
+ my $port = $i->prop('TCPPort'); |
670 |
|
|
+ my $status = $i->prop('status'); |
671 |
|
|
+ my $access = $i->prop('access'); |
672 |
|
|
+ my $servBC = $i->prop('BadCountries') || ' '; |
673 |
|
|
+ |
674 |
|
|
+ my $params = $self->build_serv_cgi_params($servname, $i->props()); |
675 |
|
|
+ |
676 |
|
|
+ my $href = "$scriptname?$params&action=modify&wherenext="; |
677 |
|
|
+ |
678 |
|
|
+ my $actionModify = ' '; |
679 |
|
|
+ $actionModify .= $q->a({href => "${href}SrvModify"},$modify) |
680 |
|
|
+ . ' '; |
681 |
|
|
+ |
682 |
|
|
+ my $actionRemove = ' '; |
683 |
|
|
+ $actionRemove .= $q->a({href => "${href}SrvRemove"}, $remove) |
684 |
|
|
+ . ' '; |
685 |
|
|
+ |
686 |
|
|
+ my $color = 'red'; |
687 |
|
|
+ if ($status eq 'disabled' || $access ne 'public') { $color = 'green'; } |
688 |
|
|
+ print $q->Tr ( |
689 |
|
|
+ esmith::cgi::genSmallCell($q, $servname,"normal"), |
690 |
|
|
+ esmith::cgi::genSmallCell($q, $port,"normal"), |
691 |
|
|
+ esmith::cgi::genSmallCell($q, $status,"header"), |
692 |
|
|
+ esmith::cgi::genSmallCell($q, $access,"header"), |
693 |
|
|
+ esmith::cgi::genSmallCell($q, "<font color='$color'>" . $servBC . "</font>","header"), |
694 |
|
|
+ esmith::cgi::genSmallCell($q, $actionModify,"normal"), |
695 |
|
|
+ esmith::cgi::genSmallCell($q, $actionRemove,"normal")); |
696 |
|
|
+ } |
697 |
|
|
+ |
698 |
|
|
+ print $q->end_table,"\n"; |
699 |
|
|
+ |
700 |
|
|
+ return ""; |
701 |
|
|
+} |
702 |
|
|
+ |
703 |
|
|
+sub build_serv_cgi_params { |
704 |
|
|
+ my ($self, $servname, %oldprops) = @_; |
705 |
|
|
+ |
706 |
|
|
+ my %props = ( |
707 |
|
|
+ page => 0, |
708 |
|
|
+ page_stack => "", |
709 |
|
|
+ name => $servname, |
710 |
|
|
+ ); |
711 |
|
|
+ |
712 |
|
|
+ return $self->props_to_query_string(\%props); |
713 |
|
|
+} |
714 |
|
|
+ |
715 |
|
|
+sub remove_serv { |
716 |
|
|
+ my ($self) = @_; |
717 |
|
|
+ my $name = $self->cgi->param('name'); |
718 |
|
|
+ if (my $serv = $db->get($name)) { |
719 |
|
|
+ my $servBC = $serv->prop('BadCountries') || ''; |
720 |
|
|
+ if ($servBC ne '') { |
721 |
|
|
+ $db->set_prop($name, "BadCountries", ''); |
722 |
|
|
+ # Untaint $name before use in system() |
723 |
|
|
+ # $name =~ /(.+)/; $name = $1; |
724 |
|
|
+ if (system ("/sbin/e-smith/signal-event", "xt_geoip-service") == 0) |
725 |
|
|
+ { |
726 |
|
|
+ return $self->success("SUCCESSFULLY_DELETED_SERVICE"); |
727 |
|
|
+ } else { |
728 |
|
|
+ return $self->error("ERROR_WHILE_DELETING_SERVICE"); |
729 |
|
|
+ } |
730 |
|
|
+ } else { |
731 |
|
|
+ return $self->success('NO_CHANGE'); |
732 |
|
|
+ } |
733 |
|
|
+ |
734 |
|
|
+ } else { |
735 |
|
|
+ $self->error('CANT_FIND_SERV'); |
736 |
|
|
+ } |
737 |
|
|
+ $self->wherenext('First'); |
738 |
|
|
+} |
739 |
|
|
+ |
740 |
|
|
+sub modify_serv { |
741 |
|
|
+ my ($self) = @_; |
742 |
|
|
+ my $name = $self->cgi->param('name'); |
743 |
|
|
+ if (my $serv = $db->get($name)) { |
744 |
|
|
+ my $servBC = $serv->prop('BadCountries') || ''; |
745 |
|
|
+ |
746 |
|
|
+ my $q = $self->{'cgi'}; |
747 |
|
|
+ my $n_servBC = $q->param("masq_srv_badcountries") || $servBC; |
748 |
|
|
+ |
749 |
|
|
+ if ($n_servBC eq $servBC) { |
750 |
|
|
+ return $self->success("NO_CHANGE") |
751 |
|
|
+ } |
752 |
|
|
+ $db->set_prop($name, "BadCountries", $n_servBC); |
753 |
|
|
+ |
754 |
|
|
+ if (system ( "/sbin/e-smith/signal-event", "xt_geoip-service" ) == 0 ) |
755 |
|
|
+ { |
756 |
|
|
+ return $self->success("SUCCESS"); |
757 |
|
|
+ } else { |
758 |
|
|
+ return $self->error("ERROR_UPDATING"); |
759 |
|
|
+ } |
760 |
|
|
+ } else { |
761 |
|
|
+ $self->error('CANT_FIND_SERV'); |
762 |
|
|
+ } |
763 |
|
|
+ $self->wherenext('First'); |
764 |
|
|
+} |
765 |
|
|
+ |
766 |
|
|
+sub srv_must_exist |
767 |
|
|
+{ |
768 |
|
|
+ my $self = shift; |
769 |
|
|
+ my $q = $self->{cgi}; |
770 |
|
|
+ my $listerr = ""; |
771 |
|
|
+ my @mq_bcs = split /[,:]/, $q->param("masq_srv_badcountries"); |
772 |
|
|
+ if (@mq_bcs) { |
773 |
|
|
+ my $ctr = @mq_bcs; |
774 |
|
|
+ return $self->localise('ERROR_COUNTRY_MAX: {$ctr}', {ctr=> "$ctr"}) if ($ctr > 50); |
775 |
|
|
+ |
776 |
|
|
+ foreach my $bcs (@mq_bcs) { |
777 |
|
|
+ my $file = "/usr/share/xt_geoip/LE/" . $bcs . ".iv4"; |
778 |
|
|
+ if (! -f $file) { $listerr .= $bcs . ","; } |
779 |
|
|
+ } |
780 |
|
|
+ return $self->localise('ERR_COUNTRY_NOT_EXIST: {$listerr}', {listerr=> "$listerr"}) if $listerr; |
781 |
|
|
+ } |
782 |
|
|
+ return 'OK'; |
783 |
|
|
+} |
784 |
|
|
+ |
785 |
|
|
1; |