1 |
michel |
1.1 |
diff -urN smeserver-xt_geoip-1.0.1.old/createlinks smeserver-xt_geoip-1.0.1/createlinks |
2 |
|
|
--- smeserver-xt_geoip-1.0.1.old/createlinks 2019-04-24 15:05:21.000000000 +0400 |
3 |
|
|
+++ smeserver-xt_geoip-1.0.1/createlinks 2019-04-23 22:52:31.000000000 +0400 |
4 |
|
|
@@ -12,14 +12,16 @@ |
5 |
|
|
# links to add |
6 |
|
|
|
7 |
|
|
# templates to expand |
8 |
|
|
-for my $event (qw(xt_geoip-modify xt_geoip-update bootstrap-console-save console-save)) |
9 |
|
|
+for my $event (qw(xt_geoip-modify xt_geoip-update xt_geoip-service bootstrap-console-save console-save)) |
10 |
|
|
{ |
11 |
|
|
templates2events("/etc/rc.d/init.d/masq", $event); |
12 |
|
|
templates2events("/etc/crontab", $event); |
13 |
|
|
templates2events("/usr/share/xt_geoip/update_base", $event); |
14 |
|
|
- if ($event ne 'xt_geoip-modify') { |
15 |
|
|
- event_link("smeserver-xt_geoip-download-action", $event, "10"); |
16 |
|
|
} |
17 |
|
|
+ |
18 |
|
|
+for my $event (qw(xt_geoip-update bootstrap-console-save console-save)) |
19 |
|
|
+{ |
20 |
|
|
+ event_link("smeserver-xt_geoip-download-action", $event, "10"); |
21 |
|
|
} |
22 |
|
|
|
23 |
|
|
# services to launch on event |
24 |
|
|
@@ -29,4 +31,10 @@ |
25 |
|
|
"root/etc/e-smith/events/$event/services2adjust/masq"); |
26 |
|
|
} |
27 |
|
|
|
28 |
|
|
+for my $event (qw(xt_geoip-service)) |
29 |
|
|
+{ |
30 |
|
|
+ safe_symlink("adjust", |
31 |
|
|
+ "root/etc/e-smith/events/$event/services2adjust/masq"); |
32 |
|
|
+} |
33 |
|
|
+ |
34 |
|
|
# actions to perform |
35 |
|
|
diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/db/configuration/defaults/masq/XtServices smeserver-xt_geoip-1.0.1/root/etc/e-smith/db/configuration/defaults/masq/XtServices |
36 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/db/configuration/defaults/masq/XtServices 1970-01-01 04:00:00.000000000 +0400 |
37 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/db/configuration/defaults/masq/XtServices 2019-04-24 14:38:38.000000000 +0400 |
38 |
|
|
@@ -0,0 +1 @@ |
39 |
|
|
+imaps,pop3s,sshd,ftp,ssmtpd |
40 |
|
|
diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/xt_geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/xt_geoip |
41 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/xt_geoip 2019-04-24 15:05:21.000000000 +0400 |
42 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/xt_geoip 2019-04-25 20:56:40.000000000 +0400 |
43 |
|
|
@@ -129,4 +129,72 @@ |
44 |
|
|
</trans> |
45 |
|
|
</entry> |
46 |
|
|
|
47 |
|
|
+ <entry> |
48 |
|
|
+ <base>SERVICE_DESCRIPTION</base> |
49 |
|
|
+ <trans><![CDATA[ <h2> Per service filtering for Xtables GeoIP</h2><ul> |
50 |
|
|
+ <li>If you want different filtering for certain services</li> |
51 |
|
|
+ </ul><p><i></i></p> ]]> |
52 |
|
|
+ </trans> |
53 |
|
|
+ </entry> |
54 |
|
|
+ |
55 |
|
|
+ <entry> |
56 |
|
|
+ <base>LABEL_SERVICE</base> |
57 |
|
|
+ <trans>Service name : </trans> |
58 |
|
|
+ </entry> |
59 |
|
|
+ |
60 |
|
|
+ <entry> |
61 |
|
|
+ <base>PER_SERVICE_GEOIP</base> |
62 |
|
|
+ <trans>-> Services</trans> |
63 |
|
|
+ </entry> |
64 |
|
|
+ |
65 |
|
|
+ <entry> |
66 |
|
|
+ <base>ADD_SERVICE</base> |
67 |
|
|
+ <trans>Add or modify a per service filtering</trans> |
68 |
|
|
+ </entry> |
69 |
|
|
+ |
70 |
|
|
+ <entry> |
71 |
|
|
+ <base>ADD_DESC</base> |
72 |
|
|
+ <trans>You are choosing a particular country filtering for this service</trans> |
73 |
|
|
+ </entry> |
74 |
|
|
+ |
75 |
|
|
+ <entry> |
76 |
|
|
+ <base>REMOVE_SERVICE</base> |
77 |
|
|
+ <trans>Delete a per service filtering</trans> |
78 |
|
|
+ </entry> |
79 |
|
|
+ |
80 |
|
|
+ <entry> |
81 |
|
|
+ <base>REMOVE_DESC</base> |
82 |
|
|
+ <trans>You are deleting a filtering by service. The general filtering will then apply.</trans> |
83 |
|
|
+ </entry> |
84 |
|
|
+ |
85 |
|
|
+ <entry> |
86 |
|
|
+ <base>SERV_NOT_BAN</base> |
87 |
|
|
+ <trans>Unfiltered service.</trans> |
88 |
|
|
+ </entry> |
89 |
|
|
+ |
90 |
|
|
+ <entry> |
91 |
|
|
+ <base>NO_SERVICES</base> |
92 |
|
|
+ <trans>No services.</trans> |
93 |
|
|
+ </entry> |
94 |
|
|
+ |
95 |
|
|
+ <entry> |
96 |
|
|
+ <base>LABEL_SERV_BADCOUNTRIES_STATUS</base> |
97 |
|
|
+ <trans>List of rejected country codes for the service : </trans> |
98 |
|
|
+ </entry> |
99 |
|
|
+ |
100 |
|
|
+ <entry> |
101 |
|
|
+ <base>SUCCESSFULLY_DELETED_SERVICE</base> |
102 |
|
|
+ <trans>Per service filtering successfully deleted... New filtering taken into account.</trans> |
103 |
|
|
+ </entry> |
104 |
|
|
+ |
105 |
|
|
+ <entry> |
106 |
|
|
+ <base>BADCOUNTRIES</base> |
107 |
|
|
+ <trans>Blacklist</trans> |
108 |
|
|
+ </entry> |
109 |
|
|
+ |
110 |
|
|
+ <entry> |
111 |
|
|
+ <base>ERR_COUNTRY_MAX: {$ctr}</base> |
112 |
|
|
+ <trans>Too many countries chosen: {$ctr}</trans> |
113 |
|
|
+ </entry> |
114 |
|
|
+ |
115 |
|
|
</lexicon> |
116 |
|
|
diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/xt_geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/xt_geoip |
117 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/xt_geoip 2019-04-24 15:05:21.000000000 +0400 |
118 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/xt_geoip 2019-04-25 20:56:24.000000000 +0400 |
119 |
|
|
@@ -43,15 +43,16 @@ |
120 |
|
|
|
121 |
|
|
<entry> |
122 |
|
|
<base>XT_GEOIP_STATUS_DESCRIPTION</base> |
123 |
|
|
- <trans><![CDATA[ <ul> <li>Le filtrage IP peut être activé ou désactivé à l'aide du bouton adéquat</li> |
124 |
|
|
+ <trans><![CDATA[ <h2>Filtrage général pour Xtables GeoIP </h2> |
125 |
|
|
+ <ul> <li>Le filtrage IP peut être activé ou désactivé à l'aide du bouton adéquat</li> |
126 |
|
|
<li>Les codes des pays à bannir peut être saisis dans le champ correspondant</li> |
127 |
|
|
<li>Une mise à jour immédiate de la table peut être demandée ici.</li></ul> |
128 |
|
|
- <p><i>Attention à ne pas bannir les adresses IP nécessaires au fonctionnement de votre serveur !</i></p> <br><br> ]]></trans> |
129 |
|
|
+ <p><i>Attention à ne pas bannir les adresses IP nécessaires au fonctionnement de votre serveur !</i></p> <br> ]]></trans> |
130 |
|
|
</entry> |
131 |
|
|
|
132 |
|
|
<entry> |
133 |
|
|
<base>LABEL_BADCOUNTRIES_STATUS</base> |
134 |
|
|
- <trans>Liste actuelle des codes pays rejetés : </trans> |
135 |
|
|
+ <trans>Liste générale des codes pays rejetés : </trans> |
136 |
|
|
</entry> |
137 |
|
|
|
138 |
|
|
<entry> |
139 |
|
|
@@ -60,12 +61,6 @@ |
140 |
|
|
</entry> |
141 |
|
|
|
142 |
|
|
<entry> |
143 |
|
|
- <base>ERR_COUNTRY_MAX: {$ctr}</base> |
144 |
|
|
- <trans>Code pays, maximum atteint: {$ctr}</trans> |
145 |
|
|
- </entry> |
146 |
|
|
- |
147 |
|
|
- |
148 |
|
|
- <entry> |
149 |
|
|
<base>LABEL_BADCOUNTRIES</base> |
150 |
|
|
<trans>Nouveaux codes pays à utiliser :</trans> |
151 |
|
|
</entry> |
152 |
|
|
@@ -123,12 +118,80 @@ |
153 |
|
|
|
154 |
|
|
<entry> |
155 |
|
|
<base>STATS_DESCRIPTION</base> |
156 |
|
|
- <trans><![CDATA[ <h3>Statistiques pour Xtables GeoIP</h3><ul> |
157 |
|
|
+ <trans><![CDATA[ <h2>Statistiques pour Xtables GeoIP </h2><ul> |
158 |
|
|
<li>Pour 3 périodes : Jour, Semaine et Mois</li> |
159 |
|
|
<li>Ips bloqués par pays triés par score</li> |
160 |
|
|
<li>Erreurs Ssh par pays triées par score </li> |
161 |
|
|
</ul><p><i>XX signifie Pays non trouvé !</i></p> ]]> |
162 |
|
|
</trans> |
163 |
|
|
</entry> |
164 |
|
|
+ |
165 |
|
|
+ <entry> |
166 |
|
|
+ <base>SERVICE_DESCRIPTION</base> |
167 |
|
|
+ <trans><![CDATA[ <h2> Filtrage par service pour Xtables GeoIP</h2><ul> |
168 |
|
|
+ <li>Si vous souhaitez un filtrage différent pour certains services</li> |
169 |
|
|
+ </ul><p><i></i></p> ]]> |
170 |
|
|
+ </trans> |
171 |
|
|
+ </entry> |
172 |
|
|
+ |
173 |
|
|
+ <entry> |
174 |
|
|
+ <base>LABEL_SERVICE</base> |
175 |
|
|
+ <trans>Nom du service : </trans> |
176 |
|
|
+ </entry> |
177 |
|
|
+ |
178 |
|
|
+ <entry> |
179 |
|
|
+ <base>PER_SERVICE_GEOIP</base> |
180 |
|
|
+ <trans>-> Services</trans> |
181 |
|
|
+ </entry> |
182 |
|
|
+ |
183 |
|
|
+ <entry> |
184 |
|
|
+ <base>ADD_SERVICE</base> |
185 |
|
|
+ <trans>Ajouter ou modifier un fitrage par service</trans> |
186 |
|
|
+ </entry> |
187 |
|
|
+ |
188 |
|
|
+ <entry> |
189 |
|
|
+ <base>ADD_DESC</base> |
190 |
|
|
+ <trans>Vous allez choisir un filtrage pays particulier pour ce service</trans> |
191 |
|
|
+ </entry> |
192 |
|
|
+ |
193 |
|
|
+ <entry> |
194 |
|
|
+ <base>REMOVE_SERVICE</base> |
195 |
|
|
+ <trans>Supprimer un fitrage par service</trans> |
196 |
|
|
+ </entry> |
197 |
|
|
+ |
198 |
|
|
+ <entry> |
199 |
|
|
+ <base>REMOVE_DESC</base> |
200 |
|
|
+ <trans>Vous allez supprimer un filtrage par service. Le filtrage général va alors s'appliquer.</trans> |
201 |
|
|
+ </entry> |
202 |
|
|
+ |
203 |
|
|
+ <entry> |
204 |
|
|
+ <base>SERV_NOT_BAN</base> |
205 |
|
|
+ <trans>Service non filtré.</trans> |
206 |
|
|
+ </entry> |
207 |
|
|
+ |
208 |
|
|
+ <entry> |
209 |
|
|
+ <base>NO_SERVICES</base> |
210 |
|
|
+ <trans>Aucun service.</trans> |
211 |
|
|
+ </entry> |
212 |
|
|
+ |
213 |
|
|
+ <entry> |
214 |
|
|
+ <base>LABEL_SERV_BADCOUNTRIES_STATUS</base> |
215 |
|
|
+ <trans>Liste des codes pays rejetés du service : </trans> |
216 |
|
|
+ </entry> |
217 |
|
|
+ |
218 |
|
|
+ <entry> |
219 |
|
|
+ <base>SUCCESSFULLY_DELETED_SERVICE</base> |
220 |
|
|
+ <trans>Suppression du service réussi... Nouveau filtrage pris en compte.</trans> |
221 |
|
|
+ </entry> |
222 |
|
|
+ |
223 |
|
|
+ <entry> |
224 |
|
|
+ <base>BADCOUNTRIES</base> |
225 |
|
|
+ <trans>Liste noire</trans> |
226 |
|
|
+ </entry> |
227 |
|
|
+ |
228 |
|
|
+ <entry> |
229 |
|
|
+ <base>ERR_COUNTRY_MAX: {$ctr}</base> |
230 |
|
|
+ <trans>Code(s) pays inexistant(s) sur le serveur: {$listerr}</trans> |
231 |
|
|
+ </entry> |
232 |
|
|
|
233 |
|
|
</lexicon> |
234 |
|
|
diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip |
235 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip 2019-04-24 15:05:21.000000000 +0400 |
236 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip 2019-04-24 17:24:02.000000000 +0400 |
237 |
|
|
@@ -7,16 +7,54 @@ |
238 |
|
|
my $PATH_MODULE = "/lib/modules/$KERNEL/extra/xt_geoip.ko"; |
239 |
|
|
my $PATH2_MODULE = "/lib/modules/$KERNEL/weak-updates/xt_geoip.ko"; |
240 |
|
|
my $PATH3_MODULE = "/lib/modules/$KERNEL/weak-updates/xtables-addons/xt_geoip.ko"; |
241 |
|
|
- if ($GP eq 'enabled' and $BC ne '') |
242 |
|
|
+ my $port; |
243 |
|
|
+ my $locPorts; |
244 |
|
|
+ my $servStatus; |
245 |
|
|
+ my $locBC; |
246 |
|
|
+ if ($GP eq 'enabled') |
247 |
|
|
{ |
248 |
|
|
if (-s $PATH_MODULE || -s $PATH2_MODULE || -s $PATH3_MODULE) |
249 |
|
|
{ |
250 |
|
|
- $OUT .= " ## xtables-addons GEOIP ##\n"; |
251 |
|
|
- $OUT .= " /sbin/iptables -A INPUT -m geoip --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: ALL\"\n"; |
252 |
|
|
- $OUT .= " /sbin/iptables -A INPUT -m geoip --src-cc $BC -j DROP\n"; |
253 |
|
|
- $OUT .= " ## xtables-addons GEOIP ##\n"; |
254 |
|
|
- } else |
255 |
|
|
- { $OUT .= " # module xt_geoip not found for current kernel"; } |
256 |
|
|
- } else |
257 |
|
|
- { $OUT .= " # xt_geoip disabled or no 'BadCountries' defined\n"; } |
258 |
|
|
+ # to allow reload |
259 |
|
|
+ $OUT .=<<'EOF'; |
260 |
|
|
+ # A blacklist chain for xtables-addons GEOIP |
261 |
|
|
+ /sbin/iptables --new-chain XTGeoIP |
262 |
|
|
+ /sbin/iptables --new-chain XTGeoIP_1 |
263 |
|
|
+ /sbin/iptables --append XTGeoIP -j XTGeoIP_1 |
264 |
|
|
+ /sbin/iptables --insert INPUT 1 \ |
265 |
|
|
+ -j XTGeoIP |
266 |
|
|
+EOF |
267 |
|
|
+ ##adding here for service specific |
268 |
|
|
+ $locPorts=''; |
269 |
|
|
+ |
270 |
|
|
+ my @services = split(/,/, $masq{'XtServices'}); |
271 |
|
|
+ foreach my $servName (@services) |
272 |
|
|
+ { |
273 |
|
|
+ $port = ${$servName}{'TCPPort'} || ''; |
274 |
|
|
+ my $servStatus = ${$servName}{'status'} || 'disabled'; |
275 |
|
|
+ my $servAccess = ${$servName}{'access'} || 'private'; |
276 |
|
|
+ my $locBC = ${$servName}{'BadCountries'} || ''; |
277 |
|
|
+ if ($port ne '' and $servStatus eq 'enabled' and $servAccess eq 'public' and $locBC ne '') { |
278 |
|
|
+ $locPorts .= "$port,"; |
279 |
|
|
+ $OUT .= " /sbin/iptables -A XTGeoIP_1 -m geoip --src-cc $locBC -p tcp --dport $port -j ULOG --ulog-prefix \"GeoIP BAN: $servName\"\n"; |
280 |
|
|
+ $OUT .= " /sbin/iptables -A XTGeoIP_1 -m geoip --src-cc $locBC -p tcp --dport $port -j DROP\n"; |
281 |
|
|
+ } |
282 |
|
|
+ } |
283 |
|
|
+ |
284 |
|
|
+ # block for other or all should move there |
285 |
|
|
+ if ($BC ne '') { |
286 |
|
|
+ if ($locPorts ne '') { |
287 |
|
|
+ $locPorts = substr $locPorts, 0, -1; |
288 |
|
|
+ $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip -m multiport ! --dports $locPorts --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: OTHER\"\n"; |
289 |
|
|
+ $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip -m multiport ! --dports $locPorts --src-cc $BC -j DROP\n"; |
290 |
|
|
+ } else { |
291 |
|
|
+ $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: ALL\"\n"; |
292 |
|
|
+ $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip --src-cc $BC -j DROP\n"; |
293 |
|
|
+ } |
294 |
|
|
+ } |
295 |
|
|
+ $OUT .= " /sbin/iptables --append XTGeoIP_1" . |
296 |
|
|
+ " -j RETURN\n"; |
297 |
|
|
+ ## end of add |
298 |
|
|
+ } else { $OUT .= " # module xt_geoip not found for current kernel\n"; } |
299 |
|
|
+ } else { $OUT .= " # xt_geoip disabled\n"; } |
300 |
|
|
} |
301 |
|
|
diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip |
302 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip 1970-01-01 04:00:00.000000000 +0400 |
303 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip 2019-04-24 17:24:22.000000000 +0400 |
304 |
|
|
@@ -0,0 +1,81 @@ |
305 |
|
|
+{ |
306 |
|
|
+ my $BC = $masq{BadCountries} || ''; |
307 |
|
|
+ my $GP = $masq{GeoIP} || 'disabled'; |
308 |
|
|
+ my $KERNEL = `/bin/uname -r`; |
309 |
|
|
+ chomp($KERNEL); |
310 |
|
|
+ my $PATH_MODULE = "/lib/modules/$KERNEL/extra/xt_geoip.ko"; |
311 |
|
|
+ my $PATH2_MODULE = "/lib/modules/$KERNEL/weak-updates/xt_geoip.ko"; |
312 |
|
|
+ my $PATH3_MODULE = "/lib/modules/$KERNEL/weak-updates/xtables-addons/xt_geoip.ko"; |
313 |
|
|
+ my $port; |
314 |
|
|
+ my $locPorts; |
315 |
|
|
+ my $servStatus; |
316 |
|
|
+ my $locBC; |
317 |
|
|
+ |
318 |
|
|
+ |
319 |
|
|
+ # Find the current XTGeoIP_$$ chain, and create a new one. |
320 |
|
|
+ $OUT .=<<'EOF'; |
321 |
|
|
+ OLD_XTGeoIP=$(get_safe_id XTGeoIP filter find) |
322 |
|
|
+ NEW_XTGeoIP=$(get_safe_id XTGeoIP filter new) |
323 |
|
|
+ /sbin/iptables --new-chain $NEW_XTGeoIP |
324 |
|
|
+EOF |
325 |
|
|
+ |
326 |
|
|
+ if ($GP eq 'enabled' and $BC ne '') |
327 |
|
|
+ { |
328 |
|
|
+ if (-s $PATH_MODULE || -s $PATH2_MODULE || -s $PATH3_MODULE) |
329 |
|
|
+ { |
330 |
|
|
+ # add content here |
331 |
|
|
+ $locPorts = ''; |
332 |
|
|
+ my @services = split(/,/, $masq{'XtServices'}); |
333 |
|
|
+ |
334 |
|
|
+ foreach my $servName (@services) |
335 |
|
|
+ { |
336 |
|
|
+ $port = ${$servName}{'TCPPort'} || ''; |
337 |
|
|
+ my $servStatus = ${$servName}{'status'} || 'disabled'; |
338 |
|
|
+ my $servAccess = ${$servName}{'access'} || 'private'; |
339 |
|
|
+ my $locBC = ${$servName}{'BadCountries'} || ''; |
340 |
|
|
+ if ($port ne '' and $servStatus eq 'enabled' and $servAccess eq 'public' and $locBC ne '') { |
341 |
|
|
+ $locPorts .= "$port,"; |
342 |
|
|
+ $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip --src-cc $locBC -p tcp --dport $port -j ULOG --ulog-prefix \"GeoIP BAN: $servName\"\n"; |
343 |
|
|
+ $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip --src-cc $locBC -p tcp --dport $port -j DROP\n"; |
344 |
|
|
+ } |
345 |
|
|
+ } |
346 |
|
|
+ |
347 |
|
|
+ ##adding here for service specific |
348 |
|
|
+ # imaps 993 |
349 |
|
|
+ #$locBC = $imaps{BadCountries} || ''; |
350 |
|
|
+ #$servStatus = $imaps{'status'} || 'disabled'; |
351 |
|
|
+ #$port = $imaps{'TCPPort'} || '993'; |
352 |
|
|
+ #if ($servStatus eq 'enabled' and $locBC ne '') { |
353 |
|
|
+ # $locPorts .= "${port},"; |
354 |
|
|
+ # $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip --src-cc $locBC -p tcp --dport $port -j ULOG --ulog-prefix \"GeoIP BAN: IMAPS\"\n"; |
355 |
|
|
+ # $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip --src-cc $locBC -p tcp --dport $port -j DROP\n"; |
356 |
|
|
+ #} |
357 |
|
|
+ |
358 |
|
|
+ # block for all or other ports should move there |
359 |
|
|
+ if ($BC ne '') { |
360 |
|
|
+ if ($locPorts ne '') { |
361 |
|
|
+ $locPorts = substr $locPorts, 0, -1; |
362 |
|
|
+ $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip -m multiport ! --dports $locPorts --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: OTHER\"\n"; |
363 |
|
|
+ $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip -m multiport ! --dports $locPorts --src-cc $BC -j DROP\n"; |
364 |
|
|
+ } else { |
365 |
|
|
+ $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: ALL\"\n"; |
366 |
|
|
+ $OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip --src-cc $BC -j DROP\n"; |
367 |
|
|
+ } |
368 |
|
|
+ } |
369 |
|
|
+ $OUT .= " /sbin/iptables --append \$NEW_XTGeoIP" . |
370 |
|
|
+ " -j RETURN\n"; |
371 |
|
|
+ ## end of add |
372 |
|
|
+ |
373 |
|
|
+ } |
374 |
|
|
+ } |
375 |
|
|
+ |
376 |
|
|
+ |
377 |
|
|
+ # Having created a new XTGeoIP chain, activate it and destroy the old. |
378 |
|
|
+ $OUT .=<<'EOF'; |
379 |
|
|
+ /sbin/iptables --replace XTGeoIP 1 \ |
380 |
|
|
+ --jump $NEW_XTGeoIP |
381 |
|
|
+ /sbin/iptables --flush $OLD_XTGeoIP |
382 |
|
|
+ /sbin/iptables --delete-chain $OLD_XTGeoIP |
383 |
|
|
+EOF |
384 |
|
|
+ |
385 |
|
|
+} |
386 |
|
|
diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/web/functions/xt_geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/web/functions/xt_geoip |
387 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/web/functions/xt_geoip 2019-04-24 15:05:21.000000000 +0400 |
388 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/web/functions/xt_geoip 2019-04-25 21:05:02.000000000 +0400 |
389 |
|
|
@@ -67,11 +67,10 @@ |
390 |
|
|
header="/etc/e-smith/web/common/head.tmpl" |
391 |
|
|
footer="/etc/e-smith/web/common/foot.tmpl"> |
392 |
|
|
|
393 |
|
|
- <page name="First" |
394 |
|
|
- pre-event="print_status_message()"> |
395 |
|
|
- # post-event="wherenext('Second')" > |
396 |
|
|
- # Ssh Ipt Second |
397 |
|
|
+ <page name="First" pre-event="print_status_message()"> |
398 |
|
|
+ # post-event="wherenext('Second')" |
399 |
|
|
<description>XT_GEOIP_STATUS_DESCRIPTION</description> |
400 |
|
|
+ |
401 |
|
|
<field |
402 |
|
|
type="literal" |
403 |
|
|
id="geoip" |
404 |
|
|
@@ -100,7 +99,13 @@ |
405 |
|
|
<label> </label> |
406 |
|
|
</field> |
407 |
|
|
|
408 |
|
|
- <field type="literal" id="client_label" value=""> |
409 |
|
|
+ <field type="literal" id="service_label" value=""> |
410 |
|
|
+ <description>SERVICE_DESCRIPTION</description> |
411 |
|
|
+ </field> |
412 |
|
|
+ |
413 |
|
|
+ <subroutine src="print_custom_button('PER_SERVICE_GEOIP', 'Service', '')"/> |
414 |
|
|
+ |
415 |
|
|
+ <field type="literal" id="stats_label" value=""> |
416 |
|
|
<description>STATS_DESCRIPTION</description> |
417 |
|
|
</field> |
418 |
|
|
|
419 |
|
|
@@ -110,9 +115,9 @@ |
420 |
|
|
<subroutine src="print_button('NEXT')" /> |
421 |
|
|
</page> |
422 |
|
|
|
423 |
|
|
- <page name="Second" |
424 |
|
|
- pre-event="turn_off_buttons" |
425 |
|
|
- post-event="change_settings()"> |
426 |
|
|
+ |
427 |
|
|
+ |
428 |
|
|
+ <page name="Second" pre-event="turn_off_buttons" post-event="change_settings()"> |
429 |
|
|
|
430 |
|
|
<field |
431 |
|
|
type="select" |
432 |
|
|
@@ -153,9 +158,84 @@ |
433 |
|
|
</page> |
434 |
|
|
|
435 |
|
|
|
436 |
|
|
- <page name="Stats" |
437 |
|
|
- pre-event="generateStats" |
438 |
|
|
- post-event="wherenext('First')" > |
439 |
|
|
+ <page name="Service" pre-event="print_status_message()" post-event="wherenext('First')"> |
440 |
|
|
+ <description>SERVICE_DESCRIPTION</description> |
441 |
|
|
+ <field |
442 |
|
|
+ type="literal" |
443 |
|
|
+ id="badcountries" |
444 |
|
|
+ value="get_badcountries()"> |
445 |
|
|
+ <label>LABEL_BADCOUNTRIES_STATUS</label> |
446 |
|
|
+ </field> |
447 |
|
|
+ <subroutine src="print_service_table()" /> |
448 |
|
|
+ <subroutine src="print_button('NEXT')"/> |
449 |
|
|
+ </page> |
450 |
|
|
+ |
451 |
|
|
+ |
452 |
|
|
+ |
453 |
|
|
+ <page name="SrvModify" pre-event="turn_off_buttons()" post-event="modify_serv()"> |
454 |
|
|
+ |
455 |
|
|
+ <title>ADD_SERVICE</title> |
456 |
|
|
+ <description>ADD_DESC</description> |
457 |
|
|
+ |
458 |
|
|
+ <field |
459 |
|
|
+ type="literal" |
460 |
|
|
+ id="service" |
461 |
|
|
+ value="get_srv_name()"> |
462 |
|
|
+ <label>LABEL_SERVICE</label> |
463 |
|
|
+ </field> |
464 |
|
|
+ |
465 |
|
|
+ <field |
466 |
|
|
+ type="literal" |
467 |
|
|
+ id="badcountries" |
468 |
|
|
+ value="get_badcountries()"> |
469 |
|
|
+ <label>LABEL_BADCOUNTRIES_STATUS</label> |
470 |
|
|
+ </field> |
471 |
|
|
+ |
472 |
|
|
+ <field |
473 |
|
|
+ type="text" |
474 |
|
|
+ id="masq_srv_badcountries" |
475 |
|
|
+ size="64" |
476 |
|
|
+ validation="srv_must_exist()"> |
477 |
|
|
+ <label>LABEL_BADCOUNTRIES</label> |
478 |
|
|
+ <description>DESC_BADCOUNTRIES</description> |
479 |
|
|
+ </field> |
480 |
|
|
+ |
481 |
|
|
+ <field |
482 |
|
|
+ type="literal" |
483 |
|
|
+ id="srv_badcountries" |
484 |
|
|
+ value="get_srv_badcountries()"> |
485 |
|
|
+ <label>LABEL_SERV_BADCOUNTRIES_STATUS</label> |
486 |
|
|
+ </field> |
487 |
|
|
+ |
488 |
|
|
+ <subroutine src="print_button('SAVE')" /> |
489 |
|
|
+ </page> |
490 |
|
|
+ |
491 |
|
|
+ |
492 |
|
|
+ <page name="SrvRemove" pre-event="turn_off_buttons()" post-event="remove_serv()"> |
493 |
|
|
+ |
494 |
|
|
+ <title>REMOVE_SERVICE</title> |
495 |
|
|
+ <description>REMOVE_DESC</description> |
496 |
|
|
+ |
497 |
|
|
+ <field |
498 |
|
|
+ type="literal" |
499 |
|
|
+ id="service" |
500 |
|
|
+ value="get_srv_name()"> |
501 |
|
|
+ <label>LABEL_SERVICE</label> |
502 |
|
|
+ </field> |
503 |
|
|
+ |
504 |
|
|
+ <field |
505 |
|
|
+ type="literal" |
506 |
|
|
+ id="badcountries" |
507 |
|
|
+ value="get_srv_badcountries()"> |
508 |
|
|
+ <label>LABEL_SERV_BADCOUNTRIES_STATUS</label> |
509 |
|
|
+ </field> |
510 |
|
|
+ |
511 |
|
|
+ <subroutine src="print_button('REMOVE')" /> |
512 |
|
|
+ |
513 |
|
|
+ </page> |
514 |
|
|
+ |
515 |
|
|
+ |
516 |
|
|
+ <page name="Stats" pre-event="generateStats" post-event="wherenext('First')"> |
517 |
|
|
<subroutine src="print_button('NEXT')"/> |
518 |
|
|
</page> |
519 |
|
|
|
520 |
|
|
diff -urN smeserver-xt_geoip-1.0.1.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/xt_geoip.pm smeserver-xt_geoip-1.0.1/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/xt_geoip.pm |
521 |
|
|
--- smeserver-xt_geoip-1.0.1.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/xt_geoip.pm 2019-04-24 15:05:21.000000000 +0400 |
522 |
|
|
+++ smeserver-xt_geoip-1.0.1/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/xt_geoip.pm 2019-04-25 20:33:34.000000000 +0400 |
523 |
|
|
@@ -11,6 +11,7 @@ |
524 |
|
|
use esmith::FormMagick; |
525 |
|
|
use esmith::ConfigDB; |
526 |
|
|
use esmith::util; |
527 |
|
|
+use esmith::cgi; |
528 |
|
|
use File::Basename; |
529 |
|
|
use Exporter; |
530 |
|
|
use POSIX qw(strftime); |
531 |
|
|
|
532 |
michel |
1.2 |
our $VERSION = sprintf '%d.%03d', q$Revision: 1.1 $ =~ /: (\d+).(\d+)/; |
533 |
michel |
1.1 |
@@ -214,7 +224,7 @@ |
534 |
|
|
my @mq_bcs = split /[,:]/, $q->param("masq_badcountries"); |
535 |
|
|
if (@mq_bcs) { |
536 |
|
|
my $ctr = @mq_bcs; |
537 |
|
|
- return $self->localise('ERR_COUNTRY_MAX: {$ctr}', {ctr=> "$ctr"}) if ($ctr > 50); |
538 |
|
|
+ return $self->localise('ERROR_COUNTRY_MAX: {$ctr}', {ctr=> "$ctr"}) if ($ctr > 50); |
539 |
|
|
|
540 |
|
|
foreach my $bcs (@mq_bcs) { |
541 |
|
|
my $file = "/usr/share/xt_geoip/LE/" . $bcs . ".iv4"; |
542 |
|
|
@@ -248,7 +258,7 @@ |
543 |
|
|
$stats_type =~ /(.+)/; $stats_type = $1; |
544 |
|
|
if ($stats_type ne "ipt" && $stats_type ne "ssh") |
545 |
|
|
{ |
546 |
|
|
- print $q->p($q->b($self->localise('INVALID_STATS_TYPE'). |
547 |
|
|
+ print $q->p($q->b($self->localise('INVALID_STATS_TYPE')." ". |
548 |
|
|
$stats_type)); |
549 |
|
|
return ''; |
550 |
|
|
} else { |
551 |
|
|
@@ -270,8 +280,174 @@ |
552 |
|
|
print "</pre>\n"; |
553 |
|
|
|
554 |
|
|
print $q->h3($self->localise('END_OF_STATS')); |
555 |
|
|
+ $self->wherenext('First'); |
556 |
|
|
return ''; |
557 |
|
|
} |
558 |
|
|
} |
559 |
|
|
|
560 |
|
|
+sub get_srv_name |
561 |
|
|
+{ |
562 |
|
|
+ my ($self) = @_; |
563 |
|
|
+ return $self->cgi->param('name'); |
564 |
|
|
+} |
565 |
|
|
+ |
566 |
|
|
+sub get_srv_badcountries |
567 |
|
|
+{ |
568 |
|
|
+ my ($self) = @_; |
569 |
|
|
+ my $name = $self->cgi->param('name'); |
570 |
|
|
+ return $db->get_prop($name, "BadCountries"); |
571 |
|
|
+} |
572 |
|
|
+ |
573 |
|
|
+sub print_service_table { |
574 |
|
|
+ my $self = shift; |
575 |
|
|
+ my $q = $self->{cgi}; |
576 |
|
|
+ my $servname = $self->localise('NAME'); |
577 |
|
|
+ my $port = $self->localise('PORT'); |
578 |
|
|
+ my $status = $self->localise('STATUS'); |
579 |
|
|
+ my $access = $self->localise('ACCESS'); |
580 |
|
|
+ my $servBC = $self->localise('BADCOUNTRIES'); |
581 |
|
|
+ my $modify = $self->localise('MODIFY'); |
582 |
|
|
+ my $remove = $self->localise('REMOVE'); |
583 |
|
|
+ my $action_h = $self->localise('ACTION'); |
584 |
|
|
+ |
585 |
|
|
+ my @services = split(/,/, $db->get_prop("masq", "XtServices")); |
586 |
|
|
+ #my @services = ('imaps','pop3s','sshd','ftp','ssmtpd'); |
587 |
|
|
+ |
588 |
|
|
+ unless ( scalar @services ) |
589 |
|
|
+ { |
590 |
|
|
+ print $q->Tr($q->td($self->localise('NO_SERVICES'))); |
591 |
|
|
+ return ""; |
592 |
|
|
+ } |
593 |
|
|
+ |
594 |
|
|
+ print $q->start_table({-CLASS => "sme-border"}),"\n"; |
595 |
|
|
+ print $q->Tr ( |
596 |
|
|
+ esmith::cgi::genSmallCell($q, $servname,"header"), |
597 |
|
|
+ esmith::cgi::genSmallCell($q, $port,"header"), |
598 |
|
|
+ esmith::cgi::genSmallCell($q, $status,"header"), |
599 |
|
|
+ esmith::cgi::genSmallCell($q, $access,"header"), |
600 |
|
|
+ esmith::cgi::genSmallCell($q, $servBC,"header"), |
601 |
|
|
+ esmith::cgi::genSmallCell($q, $action_h,"header", 2)),"\n"; |
602 |
|
|
+ |
603 |
|
|
+ my $scriptname = basename($0); |
604 |
|
|
+ |
605 |
|
|
+ foreach my $servname (@services) |
606 |
|
|
+ { |
607 |
|
|
+ my $i = $db->get($servname); |
608 |
|
|
+ |
609 |
|
|
+ my $port = $i->prop('TCPPort'); |
610 |
|
|
+ my $status = $i->prop('status'); |
611 |
|
|
+ my $access = $i->prop('access'); |
612 |
|
|
+ my $servBC = $i->prop('BadCountries') || ' '; |
613 |
|
|
+ |
614 |
|
|
+ my $params = $self->build_serv_cgi_params($servname, $i->props()); |
615 |
|
|
+ |
616 |
|
|
+ my $href = "$scriptname?$params&action=modify&wherenext="; |
617 |
|
|
+ |
618 |
|
|
+ my $actionModify = ' '; |
619 |
|
|
+ $actionModify .= $q->a({href => "${href}SrvModify"},$modify) |
620 |
|
|
+ . ' '; |
621 |
|
|
+ |
622 |
|
|
+ my $actionRemove = ' '; |
623 |
|
|
+ $actionRemove .= $q->a({href => "${href}SrvRemove"}, $remove) |
624 |
|
|
+ . ' '; |
625 |
|
|
+ |
626 |
|
|
+ my $color = 'red'; |
627 |
|
|
+ if ($status eq 'disabled' || $access ne 'public') { $color = 'green'; } |
628 |
|
|
+ print $q->Tr ( |
629 |
|
|
+ esmith::cgi::genSmallCell($q, $servname,"normal"), |
630 |
|
|
+ esmith::cgi::genSmallCell($q, $port,"normal"), |
631 |
|
|
+ esmith::cgi::genSmallCell($q, $status,"header"), |
632 |
|
|
+ esmith::cgi::genSmallCell($q, $access,"header"), |
633 |
|
|
+ esmith::cgi::genSmallCell($q, "<font color='$color'>" . $servBC . "</font>","header"), |
634 |
|
|
+ esmith::cgi::genSmallCell($q, $actionModify,"normal"), |
635 |
|
|
+ esmith::cgi::genSmallCell($q, $actionRemove,"normal")); |
636 |
|
|
+ } |
637 |
|
|
+ |
638 |
|
|
+ print $q->end_table,"\n"; |
639 |
|
|
+ |
640 |
|
|
+ return ""; |
641 |
|
|
+} |
642 |
|
|
+ |
643 |
|
|
+sub build_serv_cgi_params { |
644 |
|
|
+ my ($self, $servname, %oldprops) = @_; |
645 |
|
|
+ |
646 |
|
|
+ my %props = ( |
647 |
|
|
+ page => 0, |
648 |
|
|
+ page_stack => "", |
649 |
|
|
+ name => $servname, |
650 |
|
|
+ ); |
651 |
|
|
+ |
652 |
|
|
+ return $self->props_to_query_string(\%props); |
653 |
|
|
+} |
654 |
|
|
+ |
655 |
|
|
+sub remove_serv { |
656 |
|
|
+ my ($self) = @_; |
657 |
|
|
+ my $name = $self->cgi->param('name'); |
658 |
|
|
+ if (my $serv = $db->get($name)) { |
659 |
|
|
+ my $servBC = $serv->prop('BadCountries') || ''; |
660 |
|
|
+ if ($servBC ne '') { |
661 |
|
|
+ $db->set_prop($name, "BadCountries", ''); |
662 |
|
|
+ # Untaint $name before use in system() |
663 |
|
|
+ # $name =~ /(.+)/; $name = $1; |
664 |
|
|
+ if (system ("/sbin/e-smith/signal-event", "xt_geoip-service") == 0) |
665 |
|
|
+ { |
666 |
|
|
+ return $self->success("SUCCESSFULLY_DELETED_SERVICE"); |
667 |
|
|
+ } else { |
668 |
|
|
+ return $self->error("ERROR_WHILE_DELETING_SERVICE"); |
669 |
|
|
+ } |
670 |
|
|
+ } else { |
671 |
|
|
+ return $self->success('NO_CHANGE'); |
672 |
|
|
+ } |
673 |
|
|
+ |
674 |
|
|
+ } else { |
675 |
|
|
+ $self->error('CANT_FIND_SERV'); |
676 |
|
|
+ } |
677 |
|
|
+ $self->wherenext('First'); |
678 |
|
|
+} |
679 |
|
|
+ |
680 |
|
|
+sub modify_serv { |
681 |
|
|
+ my ($self) = @_; |
682 |
|
|
+ my $name = $self->cgi->param('name'); |
683 |
|
|
+ if (my $serv = $db->get($name)) { |
684 |
|
|
+ my $servBC = $serv->prop('BadCountries') || ''; |
685 |
|
|
+ |
686 |
|
|
+ my $q = $self->{'cgi'}; |
687 |
|
|
+ my $n_servBC = $q->param("masq_srv_badcountries") || $servBC; |
688 |
|
|
+ |
689 |
|
|
+ if ($n_servBC eq $servBC) { |
690 |
|
|
+ return $self->success("NO_CHANGE") |
691 |
|
|
+ } |
692 |
|
|
+ $db->set_prop($name, "BadCountries", $n_servBC); |
693 |
|
|
+ |
694 |
|
|
+ if (system ( "/sbin/e-smith/signal-event", "xt_geoip-service" ) == 0 ) |
695 |
|
|
+ { |
696 |
|
|
+ return $self->success("SUCCESS"); |
697 |
|
|
+ } else { |
698 |
|
|
+ return $self->error("ERROR_UPDATING"); |
699 |
|
|
+ } |
700 |
|
|
+ } else { |
701 |
|
|
+ $self->error('CANT_FIND_SERV'); |
702 |
|
|
+ } |
703 |
|
|
+ $self->wherenext('First'); |
704 |
|
|
+} |
705 |
|
|
+ |
706 |
|
|
+sub srv_must_exist |
707 |
|
|
+{ |
708 |
|
|
+ my $self = shift; |
709 |
|
|
+ my $q = $self->{cgi}; |
710 |
|
|
+ my $listerr = ""; |
711 |
|
|
+ my @mq_bcs = split /[,:]/, $q->param("masq_srv_badcountries"); |
712 |
|
|
+ if (@mq_bcs) { |
713 |
|
|
+ my $ctr = @mq_bcs; |
714 |
|
|
+ return $self->localise('ERROR_COUNTRY_MAX: {$ctr}', {ctr=> "$ctr"}) if ($ctr > 50); |
715 |
|
|
+ |
716 |
|
|
+ foreach my $bcs (@mq_bcs) { |
717 |
|
|
+ my $file = "/usr/share/xt_geoip/LE/" . $bcs . ".iv4"; |
718 |
|
|
+ if (! -f $file) { $listerr .= $bcs . ","; } |
719 |
|
|
+ } |
720 |
|
|
+ return $self->localise('ERR_COUNTRY_NOT_EXIST: {$listerr}', {listerr=> "$listerr"}) if $listerr; |
721 |
|
|
+ } |
722 |
|
|
+ return 'OK'; |
723 |
|
|
+} |
724 |
|
|
+ |
725 |
|
|
1; |