Exemplo n.º 1
0
function destinations_macro($macro, $destinations = array(), $eth, $port = 0, $destinationProto = 0)
{
    $nic = new system_nic();
    $interface = null;
    $portText = null;
    $trace = @debug_backtrace();
    if (isset($trace[1])) {
        $called = "in " . basename($trace[1]["file"]) . " function {$trace[1]["function"]}() line {$trace[1]["line"]}";
    }
    if ($GLOBALS["VERBOSE"]) {
        echo "[" . __LINE__ . "]: Destination: " . count($destinations) . " items eth={$eth} port={$port} destinationProto={$destinationProto} - {$called}\n";
    }
    if (is_numeric($eth)) {
        $eth = null;
    }
    if ($port > 0) {
        $portText = "--srcport {$port}";
        if ($destinationProto == 1) {
            $portText = " --dport {$port}";
        }
    }
    $pdest = "-s ";
    if ($eth != null) {
        if ($destinationProto == 0) {
            $interface = " -m physdev --physdev-in {$eth} ";
        }
    }
    if ($destinationProto == 1) {
        $pdest = "-d ";
    }
    include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc";
    $nets = new products_ip_ranges();
    if ($macro == "google") {
        $mains = $nets->google_ssl();
    }
    if ($macro == "teamviewer") {
        $mains = $nets->teamviewer_networks();
    }
    if ($macro == "dropbox") {
        $mains = $nets->dropbox_networks();
    }
    if ($macro == "skype") {
        $mains = $nets->skype_networks();
    }
    if ($macro == "office365") {
        $mains = $nets->office365_networks();
        $mains = $nets->office365_domains($mains);
    }
    if ($destinationProto == 1) {
        $rangeText = "--dst-range";
    } else {
        $rangeText = "--src-range";
    }
    $ipClass = new IP();
    while (list($b, $www) = each($mains)) {
        if ($ipClass->IsARange($www)) {
            $destinations["{$interface}-m iprange {$rangeText} '{$www}'{$portText}"] = true;
            continue;
        }
        if ($ipClass->IsACDIR($www)) {
            $destinations["{$interface}{$pdest}{$www}{$portText}"] = true;
            continue;
        }
        if (!$ipClass->isValid($www)) {
            $ipaddr = gethostbyname($www);
        }
        if (!$ipClass->isValid($ipaddr)) {
            continue;
        }
        $destinations["{$interface}{$pdest}{$ipaddr}{$portText}"] = true;
    }
    return $destinations;
}
Exemplo n.º 2
0
function GroupInArray($ID = 0, $IsArray = false)
{
    if ($ID == 0) {
        return array();
    }
    $q = new mysql_squid_builder();
    $sql = "SELECT GroupType FROM webfilters_sqgroups WHERE ID={$ID}";
    $ligne = mysql_fetch_array($q->QUERY_SQL($sql));
    if (!$q->ok) {
        echo "[" . __LINE__ . "]: {$q->mysql_error}\n";
    }
    $GroupType = $ligne["GroupType"];
    if ($GLOBALS["VERBOSE"]) {
        echo "[" . __LINE__ . "]: src_items:{$ID} -> {$GroupType} Get items.\n";
    }
    if ($GroupType == "teamviewer") {
        include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc";
        $products_ip_ranges = new products_ip_ranges();
        $array = $products_ip_ranges->teamviewer_networks();
        if ($GLOBALS["VERBOSE"]) {
            echo "teamviewer_networks ->" . count($array) . " items [" . __LINE__ . "]\n";
        }
        while (list($a, $b) = each($array)) {
            if (preg_match("#([0-9]+)-([0-9]+)#", $b)) {
                $f["-m iprange --dst-range {$b}"] = true;
                continue;
            }
            $f["--dst {$b}"] = true;
        }
        if ($GLOBALS["VERBOSE"]) {
            echo "[" . __LINE__ . "]: teamviewer::{$ID} -> " . count($f) . " item(s).\n";
        }
        return $f;
    }
    if ($GroupType == "office365") {
        include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc";
        $products_ip_ranges = new products_ip_ranges();
        $array = $products_ip_ranges->office365_networks();
        if ($GLOBALS["VERBOSE"]) {
            echo "office365 ->" . count($array) . " items [" . __LINE__ . "]\n";
        }
        while (list($a, $b) = each($array)) {
            if (preg_match("#([0-9]+)-([0-9]+)#", $b)) {
                $f["-m iprange --dst-range {$b}"] = true;
                continue;
            }
            $f["--dst {$b}"] = true;
        }
        if ($GLOBALS["VERBOSE"]) {
            echo "[" . __LINE__ . "]: teamviewer::{$ID} -> " . count($f) . " item(s).\n";
        }
        return $f;
    }
    if ($GroupType == "skype") {
        include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc";
        $products_ip_ranges = new products_ip_ranges();
        $array = $products_ip_ranges->skype_networks();
        if ($GLOBALS["VERBOSE"]) {
            echo "skype_networks ->" . count($array) . " items [" . __LINE__ . "]\n";
        }
        while (list($a, $b) = each($array)) {
            if (preg_match("#([0-9]+)-([0-9]+)#", $b)) {
                $f["-m iprange --dst-range {$b}"] = true;
                continue;
            }
            $f["--dst {$b}"] = true;
        }
        if ($GLOBALS["VERBOSE"]) {
            echo "[" . __LINE__ . "]: teamviewer::{$ID} -> " . count($f) . " item(s).\n";
        }
        return $f;
    }
    if ($GroupType == "google") {
        include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc";
        $products_ip_ranges = new products_ip_ranges();
        $array = $products_ip_ranges->google_networks();
        if ($GLOBALS["VERBOSE"]) {
            echo "google_networks ->" . count($array) . " items [" . __LINE__ . "]\n";
        }
        while (list($a, $b) = each($array)) {
            if (preg_match("#([0-9]+)-([0-9]+)#", $b)) {
                $f["-m iprange --dst-range {$b}"] = true;
                continue;
            }
            $f["--dst {$b}"] = true;
        }
        if ($GLOBALS["VERBOSE"]) {
            echo "[" . __LINE__ . "]: teamviewer::{$ID} -> " . count($f) . " item(s).\n";
        }
        return $f;
    }
    if ($GroupType == "google_ssl") {
        include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc";
        $products_ip_ranges = new products_ip_ranges();
        $array = $products_ip_ranges->google_ssl();
        if ($GLOBALS["VERBOSE"]) {
            echo "google_networks ->" . count($array) . " items [" . __LINE__ . "]\n";
        }
        while (list($a, $b) = each($array)) {
            if (preg_match("#([0-9]+)-([0-9]+)#", $b)) {
                $f["-m iprange --dst-range {$b}"] = true;
                continue;
            }
            $f["--dst {$b}"] = true;
        }
        if ($GLOBALS["VERBOSE"]) {
            echo "[" . __LINE__ . "]: teamviewer::{$ID} -> " . count($f) . " item(s).\n";
        }
        return $f;
    }
    if ($GroupType == "dropbox") {
        include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc";
        $products_ip_ranges = new products_ip_ranges();
        $array = $products_ip_ranges->dropbox_networks();
        if ($GLOBALS["VERBOSE"]) {
            echo "google_networks ->" . count($array) . " items [" . __LINE__ . "]\n";
        }
        while (list($a, $b) = each($array)) {
            if (preg_match("#([0-9]+)-([0-9]+)#", $b)) {
                $f["-m iprange --dst-range {$b}"] = true;
                continue;
            }
            $f["--dst {$b}"] = true;
        }
        if ($GLOBALS["VERBOSE"]) {
            echo "[" . __LINE__ . "]: dropbox::{$ID} -> " . count($f) . " item(s).\n";
        }
        return $f;
    }
    $IpClass = new IP();
    $sql = "SELECT pattern FROM webfilters_sqitems WHERE gpid={$ID} AND enabled=1";
    $f = array();
    $results = $q->QUERY_SQL($sql);
    if (!$q->ok) {
        echo "[" . __LINE__ . "]: {$q->mysql_error}\n";
    }
    while ($ligne = mysql_fetch_assoc($results)) {
        $pattern = trim($ligne["pattern"]);
        if ($pattern == null) {
            continue;
        }
        if ($GLOBALS["VERBOSE"]) {
            echo "[" . __LINE__ . "]: src_items:{$ID} -> {$pattern} item.\n";
        }
        if ($GroupType == "arp") {
            if (!$IpClass->IsvalidMAC($pattern)) {
                if ($GLOBALS["VERBOSE"]) {
                    echo "[" . __LINE__ . "]: src_items:{$ID} -> {$pattern} INVALID.\n";
                }
                continue;
            }
            if ($GLOBALS["VERBOSE"]) {
                echo "[" . __LINE__ . "]: src_items:{$ID} -> ADD -m mac --mac-source {$pattern}.\n";
            }
            $f["-m mac --mac-source {$pattern}"] = true;
            continue;
        }
        if ($GroupType == "src") {
            if (preg_match("#[0-9\\.]+-[0-9\\.]+#", $pattern)) {
                $f["-m iprange --src-range {$pattern}"] = true;
                continue;
            }
            $f["--source {$pattern}"] = true;
            continue;
        }
        if ($GroupType == "dst") {
            if (preg_match("#[0-9\\.]+-[0-9\\.]+#", $pattern)) {
                $f["-m iprange --dst-range {$pattern}"] = true;
                continue;
            }
            $f["--dst {$pattern}"] = true;
            continue;
        }
        if ($GroupType == "port") {
            $f[$pattern] = true;
        }
    }
    if ($GroupType == "port") {
        $T = array();
        if ($IsArray) {
            $T[] = 0;
        }
        while (list($a, $b) = each($f)) {
            $T[] = $a;
        }
        if ($IsArray) {
            return $T;
        }
        if (count($T) == 0) {
            return null;
        }
        if (count($T) == 1) {
            return "--destination-port " . @implode("", $T);
        }
        return "--destination-ports " . @implode(",", $T);
    }
    if ($GLOBALS["VERBOSE"]) {
        echo "[" . __LINE__ . "]: src_items:{$ID} -> " . count($f) . " item(s).\n";
    }
    return $f;
}
Exemplo n.º 3
0
function trusted_ssl_sites()
{
    $sock = new sockets();
    $unix = new unix();
    $iptables = $unix->find_program("iptables");
    $ArticaHotSpotInterface = $sock->GET_INFO("ArticaHotSpotInterface");
    if ($ArticaHotSpotInterface == null) {
        $ArticaHotSpotInterface = "eth0";
    }
    $WifiGroup = "WiFiDog_{$ArticaHotSpotInterface}_WIFI2Internet";
    $f = array();
    include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc";
    $q = new mysql_squid_builder();
    $sql = "SELECT hotspot_sslwhitelists.objectid,\n\t\t\twebfilters_sqgroups.GroupName,\n\t\t\twebfilters_sqgroups.GroupType,\n\t\t\thotspot_sslwhitelists.enabled \n\t\t\tFROM webfilters_sqgroups,hotspot_sslwhitelists\n\t\t\tWHERE webfilters_sqgroups.ID=hotspot_sslwhitelists.objectid \n\t\t\tAND hotspot_sslwhitelists.enabled=1";
    $results = $q->QUERY_SQL($sql);
    $Count = mysql_num_rows($results);
    if ($GLOBALS["OUTPUT"]) {
        echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Checking SSL whitelists {$Count} rule(s)\n";
    }
    if ($Count == 0) {
        return;
    }
    $prefix_iptables = "{$iptables} -t nat -I {$WifiGroup} -i {$ArticaHotSpotInterface} -m mark --mark 0x2 -p tcp --dport 443";
    $suffix_iptables = "-j RETURN";
    while ($ligne = mysql_fetch_assoc($results)) {
        $GroupType = $ligne["GroupType"];
        if ($GroupType == "teamviewer") {
            $products_ip_ranges = new products_ip_ranges();
            $array = $products_ip_ranges->teamviewer_networks();
            if ($GLOBALS["VERBOSE"]) {
                echo "teamviewer_networks ->" . count($array) . " items [" . __LINE__ . "]\n";
            }
            while (list($a, $b) = each($array)) {
                if (preg_match("#([0-9]+)-([0-9]+)#", $b)) {
                    $f["{$prefix_iptables} -m iprange --dst-range {$b} {$suffix_iptables}"] = true;
                    continue;
                }
                $f["{$prefix_iptables} --dst {$b} {$suffix_iptables}"] = true;
            }
            if ($GLOBALS["VERBOSE"]) {
                echo "[" . __LINE__ . "]: teamviewer::{$ligne["objectid"]} -> " . count($f) . " item(s).\n";
            }
            continue;
        }
        if ($GroupType == "google") {
            $products_ip_ranges = new products_ip_ranges();
            $array = $products_ip_ranges->google_networks();
            if ($GLOBALS["VERBOSE"]) {
                echo "google_networks ->" . count($array) . " items [" . __LINE__ . "]\n";
            }
            while (list($a, $b) = each($array)) {
                if (preg_match("#([0-9]+)-([0-9]+)#", $b)) {
                    $f["{$prefix_iptables} -m iprange --dst-range {$b} {$suffix_iptables}"] = true;
                    continue;
                }
                $f["{$prefix_iptables} --dst {$b} {$suffix_iptables}"] = true;
            }
            if ($GLOBALS["VERBOSE"]) {
                echo "[" . __LINE__ . "]: google_networks::{$ligne["objectid"]} -> " . count($f) . " item(s).\n";
            }
            continue;
        }
        if ($GroupType == "google_ssl") {
            include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc";
            $products_ip_ranges = new products_ip_ranges();
            $array = $products_ip_ranges->google_ssl();
            if ($GLOBALS["VERBOSE"]) {
                echo "google_networks ->" . count($array) . " items [" . __LINE__ . "]\n";
            }
            while (list($a, $b) = each($array)) {
                if (preg_match("#([0-9]+)-([0-9]+)#", $b)) {
                    $f["{$prefix_iptables} -m iprange --dst-range {$b} {$suffix_iptables}"] = true;
                    continue;
                }
                $f["{$prefix_iptables} --dst {$b} {$suffix_iptables}"] = true;
            }
            if ($GLOBALS["VERBOSE"]) {
                echo "[" . __LINE__ . "]: google_ssl::{$ligne["objectid"]} -> " . count($f) . " item(s).\n";
            }
            return $f;
        }
        if ($GroupType == "dst") {
            $f = trusted_ssl_groups($ligne["objectid"], $f, $prefix_iptables, $suffix_iptables);
        }
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Building " . count($f) . " Trusted SSL sites\n";
    }
    if (count($f) > 0) {
        while (list($cmdline, $b) = each($f)) {
            system($cmdline);
        }
    }
}