function perso()
{
$unix = new unix();
$pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
$pid = @file_get_contents($pidfile);
if ($unix->process_exists($pid)) {
echo "Already running pid {$pid}\n";
return;
}
$iptables = $unix->find_program("iptables");
$iptablesClass = new iptables_chains();
$sql = "SELECT * FROM iptables WHERE disable=0 AND flux='INPUT' AND service='MANUAL'";
$q = new mysql();
$results = $q->QUERY_SQL($sql, "artica_backup");
$GLOBALS["IPTABLES_WHITELISTED"] = $iptablesClass->LoadWhiteLists();
while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) {
$ip = $ligne["serverip"];
$ligne["multiples_ports"] = trim($ligne["multiples_ports"]);
$port = " --destination-port {$ligne["local_port"]}";
if ($iptablesClass->isWhiteListed($ip)) {
continue;
}
if ($ligne["local_port"] == -1) {
if ($ligne["multiples_ports"] == null) {
continue;
}
$port = " -m multiport --dports {$ligne["multiples_ports"]}";
}
if ($ligne["local_port"] == 0) {
$port = null;
}
if ($ligne["log"] == 1) {
$log = " -j LOG --log-prefix \"FW_IN DROP: \"";
}
events("LOG {$ligne["serverip"]} REJECT INBOUND PORT {$port}");
progress(35, "Building logging rules for {$ip}");
$cmd = "{$iptables} -A INPUT -s {$ip} -p tcp{$port}{$log} -m comment --comment \"ArticaPersoRules\"";
$commands[] = $cmd;
}
if (is_array($commands)) {
if ($GLOBALS["VERBOSE"]) {
echo count($commands) . " should be performed\n";
while (list($index, $line) = each($commands)) {
echo $ligne . "\n";
}
return;
}
while (list($index, $line) = each($commands)) {
shell_exec($line);
}
}
Compile_rules();
}
function perso($NoOtherRules = false)
{
$unix = new unix();
if (!$NoOtherRules) {
$pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
$pid = @file_get_contents($pidfile);
if ($unix->process_exists($pid)) {
echo "Already running pid {$pid}\n";
return;
}
}
$iptables = $unix->find_program("iptables");
$iptablesClass = new iptables_chains();
iptables_perso_delete_all();
$sock = new sockets();
$GlobalIptablesEnabled = $sock->GET_INFO("GlobalIptablesEnabled");
if (!is_numeric($GlobalIptablesEnabled)) {
$GlobalIptablesEnabled = 1;
}
if ($GlobalIptablesEnabled != 1) {
return;
}
/*
* ----------------- ALLOW -----------------------------------------------
*/
$sql = "SELECT * FROM iptables WHERE disable=0 AND flux='INPUT' AND allow=1 AND service='MANUAL'";
$q = new mysql();
$results = $q->QUERY_SQL($sql, "artica_backup");
while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) {
$ip = $ligne["serverip"];
$ligne["multiples_ports"] = trim($ligne["multiples_ports"]);
$port = " --destination-port {$ligne["local_port"]}";
if ($ligne["local_port"] == -1) {
if ($ligne["multiples_ports"] == null) {
continue;
}
$port = " -m multiport --dports {$ligne["multiples_ports"]}";
}
if ($ligne["local_port"] == 0) {
$port = null;
}
if ($ligne["log"] == 1) {
$log = " -j LOG --log-prefix \"FW_IN OK: \"";
}
events("LOG {$ligne["serverip"]} ACCEPT INBOUND PORT {$port}");
progress(35, "Building logging rules for {$ip}");
$ipsource_cmdline = "-s {$ip}";
if (preg_match("#Range:(.+)#", $ip, $re)) {
$ipsource_cmdline = " -m iprange --src-range {$re[1]}";
}
if ($ligne["log"] == 1) {
$commands[] = "{$iptables} -A INPUT {$ipsource_cmdline} -p tcp{$port} -j LOG --log-prefix \"FW_IN OK: \" -m comment --comment \"ArticaPersoRules\"";
}
$commands[] = "{$iptables} -A INPUT {$ipsource_cmdline} -p tcp{$port} -j ACCEPT -m comment --comment \"ArticaPersoRules\"";
}
/*
* ----------------- DENY -----------------------------------------------
*/
$sql = "SELECT * FROM iptables WHERE disable=0 AND flux='INPUT' AND allow=0 AND service='MANUAL'";
$q = new mysql();
$results = $q->QUERY_SQL($sql, "artica_backup");
$GLOBALS["IPTABLES_WHITELISTED"] = $iptablesClass->LoadWhiteLists();
while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) {
$ip = $ligne["serverip"];
$ligne["multiples_ports"] = trim($ligne["multiples_ports"]);
$port = " --destination-port {$ligne["local_port"]}";
if ($iptablesClass->isWhiteListed($ip)) {
continue;
}
if ($ligne["local_port"] == -1) {
if ($ligne["multiples_ports"] == null) {
continue;
}
$port = " -m multiport --dports {$ligne["multiples_ports"]}";
}
if ($ligne["local_port"] == 0) {
$port = null;
}
events("LOG {$ligne["serverip"]} REJECT INBOUND PORT {$port}");
progress(35, "Building logging rules for {$ip}");
$ipsource_cmdline = "-s {$ip}";
if (preg_match("#Range:(.+)#", $ip, $re)) {
$ipsource_cmdline = " -m iprange --src-range {$re[1]}";
}
if ($ligne["log"] == 1) {
$commands[] = "{$iptables} -A INPUT {$ipsource_cmdline} -p tcp{$port} -j LOG --log-prefix \"FW_IN DROP: \" -m comment --comment \"ArticaPersoRules\"";
}
$commands[] = "{$iptables} -A INPUT {$ipsource_cmdline} -p tcp{$port} -j DROP -m comment --comment \"ArticaPersoRules\"";
}
if (is_array($commands)) {
if ($GLOBALS["VERBOSE"]) {
echo count($commands) . " should be performed:\n";
while (list($index, $line) = each($commands)) {
echo $line . "\n";
}
return;
}
while (list($index, $line) = each($commands)) {
shell_exec($line);
}
}
if (!$NoOtherRules) {
Compile_rules(true);
}
}
$GLOBALS["VERBOSE"] = true;
$GLOBALS["debug"] = true;
}
if (posix_getuid() != 0) {
die("Cannot be used in web server mode\n\n");
}
include_once dirname(__FILE__) . '/ressources/class.users.menus.inc';
include_once dirname(__FILE__) . '/ressources/class.mysql.inc';
include_once dirname(__FILE__) . '/ressources/class.user.inc';
include_once dirname(__FILE__) . '/ressources/class.ini.inc';
include_once dirname(__FILE__) . '/ressources/class.iptables-chains.inc';
include_once dirname(__FILE__) . '/ressources/class.baseunix.inc';
include_once dirname(__FILE__) . '/framework/class.unix.inc';
$GLOBALS["EnablePostfixAutoBlock"] = trim(@file_get_contents("/etc/artica-postfix/settings/Daemons/EnablePostfixAutoBlock"));
if ($argv[1] == '--compile') {
Compile_rules();
die;
}
if ($argv[1] == '--parse-queue') {
parsequeue();
die;
}
if ($argv[1] == '--no-check') {
$_GET["nocheck"] = true;
}
if (!Build_pid_func(__FILE__, "MAIN")) {
writelogs(basename(__FILE__) . ":Already executed.. aborting the process", basename(__FILE__), __FILE__, __LINE__);
die;
}
parsequeue();
if ($EnablePostfixAutoBlock != 1) {
