function CreateRules() { $iptables = find_program("iptables"); $iptables_save = "/sbin/iptables-save"; $iptables_restore = "/sbin/iptables-restore"; $MIKROTIK_FIREWALL = unserialize(@file_get_contents("/etc/squid3/MIKROTIK_FIREWALL.array")); DeleteRules(); if (count($MIKROTIK_FIREWALL) == 0) { return; } $suffixTables = "-m comment --comment \"ArticaMikroTik\""; $SquidMikrotikMaskerade = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/SquidMikrotikMaskerade")); while (list($INDEX, $ARRAY) = each($MIKROTIK_FIREWALL)) { $PORT = $ARRAY["PORT"]; $SRC_PORT = $ARRAY["SRC_PORT"]; $IPADDR = $ARRAY["IPADDR"]; $cmd = "{$iptables} -t mangle -I PREROUTING -p tcp --dport {$SRC_PORT} -j TPROXY --tproxy-mark 0x1/0x1 --on-port {$PORT} {$suffixTables}"; echo "{$cmd}\n"; exec("{$cmd} >/dev/null 2>&1"); $cmd = "{$iptables} -t nat -I PREROUTING -s {$IPADDR} -p tcp --dport {$SRC_PORT} -j ACCEPT {$suffixTables}"; //$cmd="$iptables -t nat -I PREROUTING -p tcp --dport $SRC_PORT -j ACCEPT $suffixTables"; echo "{$cmd}\n"; exec("{$cmd} >/dev/null 2>&1"); } $cmd = "{$iptables} -t mangle -N DIVERT {$suffixTables} >/dev/null 2>&1"; echo "{$cmd}\n"; system("{$cmd}"); if ($SquidMikrotikMaskerade == 1) { exec("{$iptables} -t nat -I POSTROUTING -j MASQUERADE {$suffixTables}"); } $cmd = "{$iptables} -t mangle -I PREROUTING -p tcp -m socket -j DIVERT {$suffixTables}"; echo "{$cmd}\n"; exec("{$cmd} >/dev/null 2>&1"); $cmd = "{$iptables} -t mangle -I DIVERT -j ACCEPT {$suffixTables}"; echo "{$cmd}\n"; system("{$cmd}"); $cmd = "{$iptables} -t mangle -I DIVERT -j MARK --set-mark 1 {$suffixTables}"; echo "{$cmd}\n"; system("{$cmd}"); shell_exec("/sbin/sysctl -w net.ipv4.ip_forward=1 >/dev/null 2>&1"); shell_exec("/sbin/sysctl -w net.ipv4.conf.default.send_redirects=0 >/dev/null 2>&1"); shell_exec("/sbin/sysctl -w net.ipv4.conf.all.send_redirects=0 >/dev/null 2>&1"); shell_exec("/sbin/sysctl -w net.ipv4.conf.all.accept_redirects=0 >/dev/null 2>&1"); shell_exec("/sbin/sysctl -w net.ipv4.conf.default.rp_filter=0 >/dev/null 2>&1"); shell_exec("/sbin/sysctl -w net.ipv4.conf.all.rp_filter=0 >/dev/null 2>&1"); shell_exec("/sbin/sysctl -w net.ipv4.conf.eth0.rp_filter=0 >/dev/null 2>&1"); shell_exec("/sbin/sysctl -w net.ipv4.conf.eth1.rp_filter=0 >/dev/null 2>&1"); shell_exec("/sbin/sysctl -w net.ipv4.conf.eth2.rp_filter=0 >/dev/null 2>&1"); shell_exec("/sbin/sysctl -w net.ipv4.conf.eth3.rp_filter=0 >/dev/null 2>&1"); shell_exec("/sbin/sysctl -w net.ipv4.conf.eth4.rp_filter=0 >/dev/null 2>&1"); shell_exec("modprobe ip_tables >/dev/null 2>&1"); shell_exec("modprobe nf_conntrack_ipv4 >/dev/null 2>&1"); shell_exec("modprobe xt_tcpudp >/dev/null 2>&1"); shell_exec("modprobe nf_tproxy_core >/dev/null 2>&1"); shell_exec("modprobe xt_MARK2 >/dev/null 2>&1"); shell_exec("modprobe xt_TPROXY2 >/dev/null 2>&1"); shell_exec("modprobe xt_socket2 >/dev/null 2>&1"); }
function xrun() { $unix = new unix(); $pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid"; $pid = @file_get_contents($pidfile); if ($pid < 100) { $pid = null; } if ($unix->process_exists($pid, basename(__FILE__))) { echo "PID: {$pid} Already exists....\n"; die; } @file_put_contents($pidfile, getmypid()); DeleteRules(); xstart(true); shell_exec("/bin/suricata-fw.sh"); }
function CreateRules() { $unix = new unix(); $q = new mysql(); $iptables = $unix->find_program("iptables"); $iptables_save = "/sbin/iptables-save"; $iptables_restore = "/sbin/iptables-restore"; $sql = "SELECT * FROM `gateway_secure` WHERE enabled=1"; $results = $q->QUERY_SQL($sql, "artica_backup"); if (!$q->ok) { return; } DeleteRules(); $suffixTables = "-m comment --comment \"ArticaSecureGateway\""; $EnableSecureGateway = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/EnableSecureGateway")); if ($EnableSecureGateway == 0) { @unlink("/bin/artica-secure-gateway.sh"); return; } $PROTO[0] = "tcp"; $PROTO[1] = "udp"; $SH[] = "#!/bin/sh"; $SH[] = "{$iptables} -I FORWARD -p tcp -m tcp {$suffixTables} -j REJECT"; $SH[] = "{$iptables} -I FORWARD -p udp -m udp {$suffixTables} -j REJECT"; $SH[] = "{$iptables} -I FORWARD -p icmp -m conntrack --ctstate RELATED -j ACCEPT"; while ($ligne = mysql_fetch_assoc($results)) { $dport = $ligne["dport"]; $xPROTO = $PROTO[$ligne["dproto"]]; $SH[] = "{$iptables} -I FORWARD -p {$xPROTO} -m {$xPROTO} --dport {$dport} {$suffixTables} -j ACCEPT >/dev/null 2>&1"; } $net = new networkscanner(); while (list($num, $maks) = each($net->networklist)) { if (trim($maks) == null) { continue; } $SH[] = "{$iptables} -I FORWARD -p tcp -m tcp -d {$maks} {$suffixTables} -j ACCEPT"; } $SH[] = ""; @file_put_contents("/bin/artica-secure-gateway.sh", @implode("\n", $SH)); @chmod("/bin/artica-secure-gateway.sh", 0755); }
function reconfigure() { $unix = new unix(); $sock = new sockets(); $SquidEnforceRules = intval($sock->GET_INFO("SquidEnforceRules")); $php = $unix->LOCATE_PHP5_BIN(); if ($SquidEnforceRules == 1) { build_progress("{building_service}", 10); system("{$php} /usr/share/artica-postfix/exec.initslapd.php --hypercache-web"); build_progress("{building_rules}", 20); buildRules(); build_progress("{removing_old_rules}", 20); DeleteRules(); build_progress("{checking_proxy_service}", 30); if (!IsClientInProxy()) { build_progress("{reconfiguring_proxy_service}", 30); $sock->SET_INFO("UfdbUseArticaClient", 1); system("{$php} /usr/share/artica-postfix/exec.squid.php --build --force"); } build_progress("{reloading_web_service}", 50); system("{$php} /usr/share/artica-postfix/exec.HyperCacheWeb.php --reload"); build_progress("{reloading_proxy_plugins}", 80); system("{$php} /usr/share/artica-postfix/exec.ufdbclient.reload.php"); build_progress("{please_wait_restarting_artica_status}", 90); system("/etc/init.d/artica-status restart"); build_progress("{done}", 100); } else { build_progress("{stopping_web_service}", 50); system("{$php} /usr/share/artica-postfix/exec.HyperCacheWeb.php --stop"); build_progress("{please_wait_restarting_artica_status}", 90); system("/etc/init.d/artica-status restart"); build_progress("{done}", 100); } }
require_once "./_logic.php"; switch ($_POST["action"]) { case "create": $startDate = $_POST["create_start_date"]; $endDate = $_POST["create_end_date"]; $startTime = $_POST["create_start_hour"] . ":" . $_POST["create_start_minute"] . ":00"; $endTime = $_POST["create_end_hour"] . ":" . $_POST["create_end_minute"] . ":00"; $newRuleIDs = @CreateRules($_POST["create_lots"], $_POST["create_passes"], (string) $startDate, (string) $endDate, (string) $startTime, (string) $endTime, implode($_POST["create_days"], ",")); if ($newRuleIDs != null) { ui_info("Rules Created: <strong>" . count($newRuleIDs) . "</strong>"); } else { ui_alert("Rules Created: <strong>" . count($newRuleIDs) . "</strong>"); } break; case "delete": $results = @DeleteRules($_POST["delete_rules"]); if ($results > 0) { ui_info("Rules Deleted: <strong>" . $results . "</strong>"); } else { ui_alert("No Rules Deleted."); } break; default: break; } $passes = GetPassTypes("name"); $all_lots = GetLots(); $lots = GetRulesByLot(); ?> <script type="text/javascript" src="http://ajax.aspnetcdn.com/ajax/jquery.validate/1.8/jquery.validate.min.js"></script>