Add domain blocking to admin control panel

src/freedombone-controlpanel

@@ -1835,6 +1835,78 @@ function menu_email {
     done
 }
 
+function domain_blocking_add {
+    data=$(tempfile 2>/dev/null)
+    trap "rm -f $data" 0 1 2 5 15
+    dialog --title $"Block a domain name" \
+           --backtitle $"Freedombone Control Panel" \
+           --inputbox $"Enter the domain name that you wish to block" 8 60 "" 2>$data
+    sel=$?
+    case $sel in
+        0)
+            blocked_domain=$(<$data)
+            if [ ${#blocked_domain} -gt 2 ]; then
+                firewall_block_domain $blocked_domain
+                dialog --title $"Block a domain" \
+                       --msgbox $"The domain $blocked_domain has been blocked" 6 40
+            fi
+            ;;
+    esac
+}
+
+function domain_blocking_remove {
+    data=$(tempfile 2>/dev/null)
+    trap "rm -f $data" 0 1 2 5 15
+    dialog --title $"Unblock a domain name" \
+           --backtitle $"Freedombone Control Panel" \
+           --inputbox $"Enter the domain name that you wish to unblock" 8 60 "" 2>$data
+    sel=$?
+    case $sel in
+        0)
+            unblocked_domain=$(<$data)
+            if [ ${#unblocked_domain} -gt 2 ]; then
+                firewall_unblock_domain $unblocked_domain
+                dialog --title $"Unblock a domain" \
+                       --msgbox $"The domain $unblocked_domain has been unblocked" 6 40
+            fi
+            ;;
+    esac
+}
+
+function domain_blocking_show {
+    if [ -f $FIREWALL_DOMAINS ]; then
+        clear
+        cat $FIREWALL_DOMAINS | sort
+        any_key
+    fi
+}
+
+function domain_blocking {
+    while true
+    do
+        data=$(tempfile 2>/dev/null)
+        trap "rm -f $data" 0 1 2 5 15
+        dialog --backtitle $"Freedombone Control Panel" \
+               --title $"Domain Blocking" \
+               --radiolist $"Choose an operation:" 12 60 4 \
+               1 $"Block a domain" off \
+               2 $"Unblock a domain" off \
+               3 $"Show blocked domains" off \
+               4 $"Back to main menu" on 2> $data
+        sel=$?
+        case $sel in
+            1) break;;
+            255) break;;
+        esac
+        case $(cat $data) in
+            1) domain_blocking_add;;
+            2) domain_blocking_remove;;
+            3) domain_blocking_show;;
+            4) break;;
+        esac
+    done
+}
+
 function menu_users {
     while true
     do
@@ -1969,7 +2041,7 @@ function menu_top_level {
         trap "rm -f $data" 0 1 2 5 15
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Control Panel" \
-               --radiolist $"Choose an operation:" 28 70 21 \
+               --radiolist $"Choose an operation:" 29 70 21 \
                1 $"About this system" off \
                2 $"Passwords" off \
                3 $"Backup and Restore" off \
@@ -1981,15 +2053,16 @@ function menu_top_level {
                9 $"Ping enable/disable" off \
                10 $"Manage Users" off \
                11 $"Email Menu" off \
-               12 $"Security Settings" off \
-               13 $"Set the main repository (repo mirrors)" off \
-               14 $"Change the name of this system" off \
-               15 $"Set a static local IP address" off \
-               16 $"Wifi menu" off \
-               17 $"Check for updates" off \
-               18 $"Power off the system" off \
-               19 $"Restart the system" off \
-               20 $"Exit" on 2> $data
+               12 $"Domain blocking" off \
+               13 $"Security Settings" off \
+               14 $"Set the main repository (repo mirrors)" off \
+               15 $"Change the name of this system" off \
+               16 $"Set a static local IP address" off \
+               17 $"Wifi menu" off \
+               18 $"Check for updates" off \
+               19 $"Power off the system" off \
+               20 $"Restart the system" off \
+               21 $"Exit" on 2> $data
         sel=$?
         case $sel in
             1) exit 1;;
@@ -2011,15 +2084,16 @@ function menu_top_level {
             9) ping_enable_disable;;
             10) menu_users;;
             11) menu_email;;
-            12) security_settings;;
-            13) set_main_repo;;
-            14) change_system_name;;
-            15) set_static_IP;;
-            16) menu_wifi;;
-            17) check_for_updates;;
-            18) shut_down_system;;
-            19) restart_system;;
-            20) break;;
+            12) domain_blocking;;
+            13) security_settings;;
+            14) set_main_repo;;
+            15) change_system_name;;
+            16) set_static_IP;;
+            17) menu_wifi;;
+            18) check_for_updates;;
+            19) shut_down_system;;
+            20) restart_system;;
+            21) break;;
         esac
     done
 }

src/freedombone-utils-firewall

@@ -31,6 +31,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 FIREWALL_CONFIG=$HOME/${PROJECT_NAME}-firewall.cfg
+FIREWALL_DOMAINS=$HOME/${PROJECT_NAME}-firewall-domains.cfg
 
 function save_firewall_settings {
     iptables-save > /etc/firewall.conf
@@ -339,4 +340,43 @@ function firewall_remove {
     fi
 }
 
+function domain_to_hex_string {
+    domain="$1"
+    ctr = 1
+    segment=$(echo "$domain" | awk -F '.' "{print \$$ctr}")
+    while [ ${#segment} -gt 0 ]
+    do
+        if [ ${#segment} -lt 10 ]; then
+            echo -n "|0${#segment}|$segment"
+        else
+            echo -n "|${#segment}|$segment"
+        fi
+        ctr=$((ctr + 1))
+        segment=$(echo "$domain" | awk -F '.' "{print \$$ctr}")
+    done
+    echo ""
+}
+
+function firewall_block_domain {
+    blocked_domain="$1"
+    if ! grep "$blocked_domain" $FIREWALL_DOMAINS; then
+        hexstr=$(domain_to_hex_string $blocked_domain)
+        iptables -I FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
+        iptables -I FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
+        echo "${blocked_domain}" >> $FIREWALL_DOMAINS
+        save_firewall_settings
+    fi
+}
+
+function firewall_unblock_domain {
+    unblocked_domain="$1"
+    if grep "${unblocked_domain}" $FIREWALL_DOMAINS; then
+        hexstr=$(domain_to_hex_string $unblocked_domain)
+        iptables -D FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
+        iptables -D FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
+        sed -i "/${unblocked_domain}/d" $FIREWALL_DOMAINS
+        save_firewall_settings
+    fi
+}
+
 # NOTE: deliberately no exit 0