function destinations_macro($macro, $destinations = array(), $eth, $port = 0, $destinationProto = 0) { $nic = new system_nic(); $interface = null; $portText = null; $trace = @debug_backtrace(); if (isset($trace[1])) { $called = "in " . basename($trace[1]["file"]) . " function {$trace[1]["function"]}() line {$trace[1]["line"]}"; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: Destination: " . count($destinations) . " items eth={$eth} port={$port} destinationProto={$destinationProto} - {$called}\n"; } if (is_numeric($eth)) { $eth = null; } if ($port > 0) { $portText = "--srcport {$port}"; if ($destinationProto == 1) { $portText = " --dport {$port}"; } } $pdest = "-s "; if ($eth != null) { if ($destinationProto == 0) { $interface = " -m physdev --physdev-in {$eth} "; } } if ($destinationProto == 1) { $pdest = "-d "; } include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc"; $nets = new products_ip_ranges(); if ($macro == "google") { $mains = $nets->google_ssl(); } if ($macro == "teamviewer") { $mains = $nets->teamviewer_networks(); } if ($macro == "whatsapp") { $mains = $nets->whatsapp_networks(); } if ($macro == "dropbox") { $mains = $nets->dropbox_networks(); } if ($macro == "skype") { $mains = $nets->skype_networks(); } if ($macro == "office365") { $mains = $nets->office365_networks(); $mains = $nets->office365_domains($mains); } if ($macro == "youtube") { $mains = $nets->youtube_networks(); } if ($destinationProto == 1) { $rangeText = "--dst-range"; } else { $rangeText = "--src-range"; } $ipClass = new IP(); while (list($b, $www) = each($mains)) { if ($ipClass->IsARange($www)) { $destinations["{$interface}-m iprange {$rangeText} '{$www}'{$portText}"] = true; continue; } if ($ipClass->IsACDIR($www)) { $destinations["{$interface}{$pdest}{$www}{$portText}"] = true; continue; } if (!$ipClass->isValid($www)) { $ipaddr = gethostbyname($www); } if (!$ipClass->isValid($ipaddr)) { continue; } $destinations["{$interface}{$pdest}{$ipaddr}{$portText}"] = true; } return $destinations; }
function trusted_ssl_sites() { $sock = new sockets(); $unix = new unix(); $iptables = $unix->find_program("iptables"); $ArticaHotSpotInterface = $sock->GET_INFO("ArticaHotSpotInterface"); if ($ArticaHotSpotInterface == null) { $ArticaHotSpotInterface = "eth0"; } $WifiGroup = "WiFiDog_{$ArticaHotSpotInterface}_Internet"; $WifiGroupUnknown = "WiFiDog_{$ArticaHotSpotInterface}_Unknown"; $HotSpotWhiteWhatsApp = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotWhiteWhatsApp")); $f = array(); include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc"; $q = new mysql_squid_builder(); $sql = "SELECT hotspot_sslwhitelists.objectid,\n\t\t\twebfilters_sqgroups.GroupName,\n\t\t\twebfilters_sqgroups.GroupType,\n\t\t\thotspot_sslwhitelists.enabled \n\t\t\tFROM webfilters_sqgroups,hotspot_sslwhitelists\n\t\t\tWHERE webfilters_sqgroups.ID=hotspot_sslwhitelists.objectid \n\t\t\tAND hotspot_sslwhitelists.enabled=1"; $results = $q->QUERY_SQL($sql); $Count = mysql_num_rows($results); if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Checking SSL whitelists {$Count} rule(s)\n"; } $prefix_iptables = "{$iptables} -t nat -I {$WifiGroup} -i {$ArticaHotSpotInterface} -m mark --mark 0x2 -p tcp --dport 443"; $prefix_iptables_full = "{$iptables} -t nat -I {$WifiGroup} -i {$ArticaHotSpotInterface} -p tcp"; $suffix_iptables = "-j RETURN"; if ($HotSpotWhiteWhatsApp == 1) { $products_ip_ranges = new products_ip_ranges(); $array = $products_ip_ranges->whatsapp_networks(); if ($GLOBALS["VERBOSE"]) { echo "whatsapp_networks ->" . count($array) . " items [" . __LINE__ . "]\n"; } while (list($a, $b) = each($array)) { if (preg_match("#([0-9]+)-([0-9]+)#", $b)) { $f["{$prefix_iptables_full} -m iprange --dst-range {$b} {$suffix_iptables}"] = true; continue; } $f["{$prefix_iptables_full} --dst {$b} {$suffix_iptables}"] = true; } } while ($ligne = mysql_fetch_assoc($results)) { $GroupType = $ligne["GroupType"]; if ($GroupType == "teamviewer") { $products_ip_ranges = new products_ip_ranges(); $array = $products_ip_ranges->teamviewer_networks(); if ($GLOBALS["VERBOSE"]) { echo "teamviewer_networks ->" . count($array) . " items [" . __LINE__ . "]\n"; } while (list($a, $b) = each($array)) { if (preg_match("#([0-9]+)-([0-9]+)#", $b)) { $f["{$prefix_iptables} -m iprange --dst-range {$b} {$suffix_iptables}"] = true; continue; } $f["{$prefix_iptables} --dst {$b} {$suffix_iptables}"] = true; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: teamviewer::{$ligne["objectid"]} -> " . count($f) . " item(s).\n"; } continue; } if ($GroupType == "whatsapp") { if ($HotSpotWhiteWhatsApp == 1) { continue; } $products_ip_ranges = new products_ip_ranges(); $array = $products_ip_ranges->whatsapp_networks(); if ($GLOBALS["VERBOSE"]) { echo "whatsapp_networks ->" . count($array) . " items [" . __LINE__ . "]\n"; } while (list($a, $b) = each($array)) { if (preg_match("#([0-9]+)-([0-9]+)#", $b)) { $f["{$prefix_iptables} -m iprange --dst-range {$b} {$suffix_iptables}"] = true; continue; } $f["{$prefix_iptables} --dst {$b} {$suffix_iptables}"] = true; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: teamviewer::{$ligne["objectid"]} -> " . count($f) . " item(s).\n"; } continue; } if ($GroupType == "skype") { $products_ip_ranges = new products_ip_ranges(); $array = $products_ip_ranges->skype_networks(); if ($GLOBALS["VERBOSE"]) { echo "teamviewer_networks ->" . count($array) . " items [" . __LINE__ . "]\n"; } while (list($a, $b) = each($array)) { if (preg_match("#([0-9]+)-([0-9]+)#", $b)) { $f["{$prefix_iptables} -m iprange --dst-range {$b} {$suffix_iptables}"] = true; continue; } $f["{$prefix_iptables} --dst {$b} {$suffix_iptables}"] = true; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: teamviewer::{$ligne["objectid"]} -> " . count($f) . " item(s).\n"; } continue; } if ($GroupType == "google") { $products_ip_ranges = new products_ip_ranges(); $array = $products_ip_ranges->google_networks(); if ($GLOBALS["VERBOSE"]) { echo "google_networks ->" . count($array) . " items [" . __LINE__ . "]\n"; } while (list($a, $b) = each($array)) { if (preg_match("#([0-9]+)-([0-9]+)#", $b)) { $f["{$prefix_iptables} -m iprange --dst-range {$b} {$suffix_iptables}"] = true; continue; } $f["{$prefix_iptables} --dst {$b} {$suffix_iptables}"] = true; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: google_networks::{$ligne["objectid"]} -> " . count($f) . " item(s).\n"; } continue; } if ($GroupType == "youtube") { $products_ip_ranges = new products_ip_ranges(); $array = $products_ip_ranges->youtube_networks(); if ($GLOBALS["VERBOSE"]) { echo "youtube_networks ->" . count($array) . " items [" . __LINE__ . "]\n"; } while (list($a, $b) = each($array)) { if (preg_match("#([0-9]+)-([0-9]+)#", $b)) { $f["{$prefix_iptables} -m iprange --dst-range {$b} {$suffix_iptables}"] = true; continue; } $f["{$prefix_iptables} --dst {$b} {$suffix_iptables}"] = true; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: youtube_networks::{$ligne["objectid"]} -> " . count($f) . " item(s).\n"; } continue; } if ($GroupType == "google_ssl") { include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc"; $products_ip_ranges = new products_ip_ranges(); $array = $products_ip_ranges->google_ssl(); if ($GLOBALS["VERBOSE"]) { echo "google_networks ->" . count($array) . " items [" . __LINE__ . "]\n"; } while (list($a, $b) = each($array)) { if (preg_match("#([0-9]+)-([0-9]+)#", $b)) { $f["{$prefix_iptables} -m iprange --dst-range {$b} {$suffix_iptables}"] = true; continue; } $f["{$prefix_iptables} --dst {$b} {$suffix_iptables}"] = true; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: google_ssl::{$ligne["objectid"]} -> " . count($f) . " item(s).\n"; } return $f; } if ($GroupType == "dst") { $f = trusted_ssl_groups($ligne["objectid"], $f, $prefix_iptables, $suffix_iptables); } } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Building " . count($f) . " Trusted SSL sites\n"; } if (count($f) > 0) { while (list($cmdline, $b) = each($f)) { system($cmdline); } } }