Firewall for IP addresses

src/freedombone-controlpanel

@@ -1845,6 +1845,29 @@ function domain_blocking_add {
     esac
 }
 
+function ip_blocking_add {
+    data=$(tempfile 2>/dev/null)
+    trap "rm -f $data" 0 1 2 5 15
+    dialog --title $"Block an IP address" \
+           --backtitle $"Freedombone Control Panel" \
+           --inputbox $"Enter the IP address that you wish to block" 8 60 "" 2>$data
+    sel=$?
+    case $sel in
+        0)
+            blocked_ip=$(<$data)
+            if [ ${#blocked_ip} -gt 2 ]; then
+                if [[ "${blocked_ip}" == *'.'* ]]; then
+                    firewall_block_ip $blocked_ip
+                    if [[ "${blocked_ip}" != *'@'* ]]; then
+                        dialog --title $"Block an IP address" \
+                               --msgbox $"The IP address $blocked_ip has been blocked" 6 40
+                    fi
+                fi
+            fi
+            ;;
+    esac
+}
+
 function domain_blocking_remove {
     data=$(tempfile 2>/dev/null)
     trap "rm -f $data" 0 1 2 5 15
@@ -1871,6 +1894,29 @@ function domain_blocking_remove {
     esac
 }
 
+function ip_blocking_remove {
+    data=$(tempfile 2>/dev/null)
+    trap "rm -f $data" 0 1 2 5 15
+    dialog --title $"Unblock an IP address" \
+           --backtitle $"Freedombone Control Panel" \
+           --inputbox $"Enter the IP address that you wish to unblock" 8 60 "" 2>$data
+    sel=$?
+    case $sel in
+        0)
+            unblocked_ip=$(<$data)
+            if [ ${#unblocked_ip} -gt 2 ]; then
+                if [[ "${unblocked_ip}" == *'.'* ]]; then
+                    firewall_unblock_ip $unblocked_ip
+                    if [[ "${unblocked_ip}" != *'@'* ]]; then
+                        dialog --title $"Unblock an IP address" \
+                               --msgbox $"The IP address $unblocked_ip has been unblocked" 6 40
+                    fi
+                fi
+            fi
+            ;;
+    esac
+}
+
 function domain_blocking_show {
     if [ -f $FIREWALL_DOMAINS ]; then
         clear
@@ -1892,11 +1938,13 @@ function domain_blocking {
         trap "rm -f $data" 0 1 2 5 15
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Domain or User Blocking" \
-               --radiolist $"Choose an operation:" 12 60 4 \
+               --radiolist $"Choose an operation:" 14 60 6 \
                1 $"Block a domain or user" off \
                2 $"Unblock a domain or user" off \
-               3 $"Show blocked domains and users" off \
-               4 $"Back to main menu" on 2> $data
+               3 $"Block an IP address" off \
+               4 $"Unblock an IP address" off \
+               5 $"Show blocked domains and users" off \
+               6 $"Back to main menu" on 2> $data
         sel=$?
         case $sel in
             1) break;;
@@ -1905,8 +1953,10 @@ function domain_blocking {
         case $(cat $data) in
             1) domain_blocking_add;;
             2) domain_blocking_remove;;
-            3) domain_blocking_show;;
-            4) break;;
+            3) ip_blocking_add;;
+            4) ip_blocking_remove;;
+            5) domain_blocking_show;;
+            6) break;;
         esac
     done
 }

src/freedombone-utils-firewall

@@ -491,6 +491,40 @@ function firewall_block_domain {
     fi
 }
 
+function firewall_block_ip {
+    blocked_ip="$1"
+    if [[ "$blocked_ip" == *'@'* ]]; then
+        # Don't try to block email/microblog addresses
+        return
+    fi
+    if ! grep -q "$blocked_ip" $FIREWALL_DOMAINS; then
+        iptables -C INPUT -s $blocked_ip -j DROP
+        if [ ! "$?" = "0" ]; then
+            iptables -A INPUT -s $blocked_ip -j DROP
+            iptables -A OUTPUT -s $blocked_ip -j DROP
+
+            echo "${blocked_ip}" >> $FIREWALL_DOMAINS
+            save_firewall_settings
+        fi
+    fi
+}
+
+function firewall_unblock_ip {
+    blocked_ip="$1"
+    if [[ "$blocked_ip" == *'@'* ]]; then
+        # Don't try to block email/microblog addresses
+        return
+    fi
+    if grep -q "$blocked_ip" $FIREWALL_DOMAINS; then
+        iptables -D INPUT -s $blocked_ip -j DROP
+        iptables -D OUTPUT -s $blocked_ip -j DROP
+
+        sed -i '/$blocked_ip/d' $FIREWALL_DOMAINS
+        echo "${blocked_ip}" >> $FIREWALL_DOMAINS
+        save_firewall_settings
+    fi
+}
+
 function firewall_refresh_blocklist {
     if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then
         return