free
/
freedombone
Observar 1
Favorito 0
Fork 0
Código Issues 0 Pull Requests 0 Versões 0 Wiki Atividade
Ver código fonte

Check before adding firewall rules to avoid duplicates

Bob Mottram 8 anos atrás
pai
d742ea58f8
commit
dbce6a1a18
1 arquivos alterados com 48 adições e 16 exclusões
Visão unificada Mostrar estatísticas do Diff
  1. 48
    16
      src/freedombone-utils-firewall

+ 48
- 16
src/freedombone-utils-firewall Ver arquivo

354 
     if ! grep -q "${firewall_name}=${firewall_port}" $FIREWALL_CONFIG; then
 354 
     if ! grep -q "${firewall_name}=${firewall_port}" $FIREWALL_CONFIG; then
355 
         echo "${firewall_name}=${firewall_port}" >> $FIREWALL_CONFIG
 355 
         echo "${firewall_name}=${firewall_port}" >> $FIREWALL_CONFIG
356 
         if [ ! ${firewall_protocol} ]; then
 356 
         if [ ! ${firewall_protocol} ]; then
357 
-            iptables -A INPUT -p udp --dport ${firewall_port} -j ACCEPT
358 
-            iptables -A INPUT -p tcp --dport ${firewall_port} -j ACCEPT
357 
+            iptables -C INPUT -p udp --dport ${firewall_port} -j ACCEPT
358 
+            if [ ! "$?" = "0" ]; then
359 
+                iptables -A INPUT -p udp --dport ${firewall_port} -j ACCEPT
360 
+            fi
361 
+
362 
+            iptables -C INPUT -p tcp --dport ${firewall_port} -j ACCEPT
363 
+            if [ ! "$?" = "0" ]; then
364 
+                iptables -A INPUT -p tcp --dport ${firewall_port} -j ACCEPT
365 
+            fi
359 
         else
 366 
         else
360 
             if [[ "${firewall_protocol}" == *"udp"* ]]; then
 367 
             if [[ "${firewall_protocol}" == *"udp"* ]]; then
361 
-                iptables -A INPUT -p udp --dport ${firewall_port} -j ACCEPT
368 
+                iptables -C INPUT -p udp --dport ${firewall_port} -j ACCEPT
369 
+                if [ ! "$?" = "0" ]; then
370 
+                    iptables -A INPUT -p udp --dport ${firewall_port} -j ACCEPT
371 
+                fi
362 
             fi
 372 
             fi
363 
             if [[ "${firewall_protocol}" == *"tcp"* ]]; then
 373 
             if [[ "${firewall_protocol}" == *"tcp"* ]]; then
364 
-                iptables -A INPUT -p tcp --dport ${firewall_port} -j ACCEPT
374 
+                iptables -C INPUT -p tcp --dport ${firewall_port} -j ACCEPT
375 
+                if [ ! "$?" = "0" ]; then
376 
+                    iptables -A INPUT -p tcp --dport ${firewall_port} -j ACCEPT
377 
+                fi
365 
             fi
 378 
             fi
366 
         fi
 379 
         fi
367 
         save_firewall_settings
 380 
         save_firewall_settings
377 
     if ! grep -q "${firewall_name}=${firewall_port_start}:${firewall_port_end}" $FIREWALL_CONFIG; then
 390 
     if ! grep -q "${firewall_name}=${firewall_port_start}:${firewall_port_end}" $FIREWALL_CONFIG; then
378 
         echo "${firewall_name}=${firewall_port_start}:${firewall_port_end}" >> $FIREWALL_CONFIG
 391 
         echo "${firewall_name}=${firewall_port_start}:${firewall_port_end}" >> $FIREWALL_CONFIG
379 
         if [ ! ${firewall_protocol} ]; then
 392 
         if [ ! ${firewall_protocol} ]; then
380 
-            iptables -A INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
381 
-            iptables -A INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
393 
+            iptables -C INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
394 
+            if [ ! "$?" = "0" ]; then
395 
+                iptables -A INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
396 
+            fi
397 
+            iptables -C INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
398 
+            if [ ! "$?" = "0" ]; then
399 
+                iptables -A INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
400 
+            fi
382 
         else
 401 
         else
383 
             if [[ "${firewall_protocol}" == *"udp"* ]]; then
 402 
             if [[ "${firewall_protocol}" == *"udp"* ]]; then
384 
-                iptables -A INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
403 
+                iptables -C INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
404 
+                if [ ! "$?" = "0" ]; then
405 
+                    iptables -A INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
406 
+                fi
385 
             fi
 407 
             fi
386 
             if [[ "${firewall_protocol}" == *"tcp"* ]]; then
 408 
             if [[ "${firewall_protocol}" == *"tcp"* ]]; then
387 
-                iptables -A INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
409 
+                iptables -C INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
410 
+                if [ ! "$?" = "0" ]; then
411 
+                    iptables -A INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
412 
+                fi
388 
             fi
 413 
             fi
389 
         fi
 414 
         fi
390 
         save_firewall_settings
 415 
         save_firewall_settings
438
463
439 
 function firewall_block_domain {
 464 
 function firewall_block_domain {
440 
     blocked_domain="$1"
 465 
     blocked_domain="$1"
466 
+    if [[ "$blocked_domain" == *'@'* ]]; then
467 
+        # Don't try to block email/microblog addresses
468 
+        return
469 
+    fi
441 
     if ! grep "$blocked_domain" $FIREWALL_DOMAINS; then
 470 
     if ! grep "$blocked_domain" $FIREWALL_DOMAINS; then
442 
         hexstr=$(domain_to_hex_string $blocked_domain)
 471 
         hexstr=$(domain_to_hex_string $blocked_domain)
443 
-        iptables -A INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
444 
-        iptables -A INPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
445 
-        iptables -A OUTPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
446 
-        iptables -A OUTPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
447 
-        iptables -I FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
448 
-        iptables -I FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
449 
-        echo "${blocked_domain}" >> $FIREWALL_DOMAINS
450 
-        save_firewall_settings
472 
+        iptables -C INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
473 
+        if [ ! "$?" = "0" ]; then
474 
+            iptables -A INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
475 
+            iptables -A INPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
476 
+            iptables -A OUTPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
477 
+            iptables -A OUTPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
478 
+            iptables -I FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
479 
+            iptables -I FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
480 
+            echo "${blocked_domain}" >> $FIREWALL_DOMAINS
481 
+            save_firewall_settings
482 
+        fi
451
483
452 
         # run the blocking rules now
 484 
         # run the blocking rules now
453 
         if [ -f /usr/bin/gnusocial-firewall ]; then
 485 
         if [ -f /usr/bin/gnusocial-firewall ]; then