forked from poppyred/1.6.x
/
exec.iptables.php
executable file
·92 lines (70 loc) · 3.19 KB
/
exec.iptables.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
<?php
if(posix_getuid()<>0){die("Cannot be used in web server mode\n\n");}
if(preg_match("#--verbose#",implode(" ",$argv))){$GLOBALS["VERBOSE"]=true;$GLOBALS["OUTPUT"]=true;$GLOBALS["debug"]=true;ini_set('display_errors', 1);ini_set('error_reporting', E_ALL);ini_set('error_prepend_string',null);ini_set('error_append_string',null);}
include_once(dirname(__FILE__).'/ressources/class.templates.inc');
include_once(dirname(__FILE__).'/ressources/class.ini.inc');
include_once(dirname(__FILE__).'/ressources/class.mysql.inc');
include_once(dirname(__FILE__).'/ressources/class.iptables.exec.rules.inc');
include_once(dirname(__FILE__).'/ressources/class.ccurl.inc');
include_once(dirname(__FILE__).'/framework/class.unix.inc');
include_once(dirname(__FILE__).'/framework/frame.class.inc');
if(preg_match("#--reload#",implode(" ",$argv))){$GLOBALS["RELOAD"]=true;}
if($argv[1]=="--dns"){iprulesDNS();exit;}
$unix=new unix();
$sock=new sockets();
$pidfile="/etc/artica-postfix/".basename(__FILE__).".pid";
if($unix->process_exists(@file_get_contents($pidfile),basename(__FILE__))){echo "Starting......: ".date("H:i:s")." iptables configurator already executed PID ". @file_get_contents($pidfile)."\n";die();}
$pid=getmypid();
echo "Starting......: ".date("H:i:s")." iptables configurator running $pid\n";
file_put_contents($pidfile,$pid);
$ip=new iptables_exec();
$ip->buildrules();
function iprulesDNS(){
$unix=new unix();
$IPCHAIN="dnsfilter";
$pidfile="/etc/artica-postfix/".basename(__FILE__).".".__FUNCTION__.".pid";
if($unix->process_exists(@file_get_contents($pidfile),basename(__FILE__))){echo "Starting......: ".date("H:i:s")." iptables configurator already executed PID ". @file_get_contents($pidfile)."\n";die();}
$pid=getmypid();
file_put_contents($pidfile,$pid);
$sock=new sockets();
$EnableIptablesDNS=$sock->GET_INFO("EnableIptablesDNS");
if(!is_numeric($EnableIptablesDNS)){$EnableIptablesDNS=1;}
if($EnableIptablesDNS==0){
$ip=new iptables_exec();
if($ip->is_chain_exists($IPCHAIN)){
shell_exec("{$GLOBALS["iptables"]} -F $IPCHAIN");
shell_exec("{$GLOBALS["iptables"]} -X $IPCHAIN");
}
return;
}
$tmpfile=$unix->FILE_TEMP();
$curl=new ccurl("https://raw.github.com/smurfmonitor/dns-iptables-rules/master/domain-blacklist.txt");
$curl->NoHTTP_POST=true;
if($curl->GetFile($tmpfile)){
$size=@filesize($tmpfile);
if($size<100){$tmpfile="/usr/share/artica-postfix/bin/install/iptables_defaults.txt";}
}
$ip=new iptables_exec();
if(!$ip->is_chain_exists($IPCHAIN)){
echo "Adding chain $IPCHAIN\n";
shell_exec("{$GLOBALS["iptables"]} -N $IPCHAIN");
shell_exec("{$GLOBALS["iptables"]} -I INPUT -p udp --dport 53 -j $IPCHAIN");
}else{
echo "chain $IPCHAIN exists...\n";
}
shell_exec("{$GLOBALS["iptables"]} -F $IPCHAIN");
shell_exec("{$GLOBALS["iptables"]} -A $IPCHAIN -j RETURN");
$f=explode("\n",@file_get_contents($tmpfile));
while (list ($num, $ligne) = each ($f) ){
$ligne=trim($ligne);
if($ligne==null){continue;}
$ligne=str_replace("INPUT", $IPCHAIN, $ligne);
$ligne=str_replace("iptables",$GLOBALS["iptables"],$ligne);
$results=array();
exec($ligne,$results);
echo "$ligne\n";
while (list ($a, $b) = each ($results) ){
echo "$b\n";
}
}
}