From 8674525026e3f1edaee4ce679c7f684b45f25ddf Mon Sep 17 00:00:00 2001 From: Claudio Maffioletti Date: Thu, 20 Apr 2017 11:10:30 +0200 Subject: [PATCH] terminata sistemazione sezione firewall --- firewall/firewall_aggiorna.php | 15 +++++++++ firewall/firewall_library.php | 58 ++++++++++++++++++++-------------- 2 files changed, 50 insertions(+), 23 deletions(-) create mode 100644 firewall/firewall_aggiorna.php diff --git a/firewall/firewall_aggiorna.php b/firewall/firewall_aggiorna.php new file mode 100644 index 0000000..3845440 --- /dev/null +++ b/firewall/firewall_aggiorna.php @@ -0,0 +1,15 @@ + diff --git a/firewall/firewall_library.php b/firewall/firewall_library.php index 87284cf..f67485c 100644 --- a/firewall/firewall_library.php +++ b/firewall/firewall_library.php @@ -6,8 +6,14 @@ function attiva_aggiornamento () { mysql_query( $query, $DB_ID ); } -function genera () { +function disattiva_aggiornamento () { + global $DB_ID; + $query = "UPDATE firewall_conf SET valore = 0 WHERE variabile = 'aggiornamento'"; + mysql_query( $query, $DB_ID ); +} + +function genera () { $FW_conf = carica_conf ("Firewall"); $FW = file ($FW_conf['file_in']); @@ -57,23 +63,27 @@ function genera () { $aggiungere = array_diff($nuove_int[0], $vecchie_i); foreach ($aggiungere as $regola) { + print "Attivata $regola\n"; exec ($nuove_int[2][$regola]); } foreach ($cancellare as $regola) { + print "Disattivata $regola\n"; elimina ($regola); } $new = array_merge($prima,$nuove_ext[1],$nuove_int[1],$dopo); file_put_contents ($FW_conf['file_out'], $new, LOCK_EX); - $comando = "sudo cp ".$FW_conf['file_out']." ".$FW_conf['file_in']; + $comando = "cp ".$FW_conf['file_out']." ".$FW_conf['file_in']; exec ($comando); } function genera_int () { - global $UTENTE, $DB_ID, $CONF, $FW_conf; + global $UTENTE, $DB_ID, $CONF; + $FW_conf = carica_conf ("Firewall"); + $query = " SELECT firewall_versointerno_regole.id, firewall_versointerno_regole.stato, @@ -111,6 +121,7 @@ function genera_int () { $nomi = array (); $file = array (); $esegui = array (); + $portaIN = $FW_conf['portaIN']; $res = mysql_query( $query, $DB_ID ); while ($dato = mysql_fetch_array ( $res )) { @@ -121,7 +132,6 @@ function genera_int () { $ext_port = $dato['fw_port']; $int_ip = $dato['int_ip']; $ext_ip = $dato['ext_ip']; - $portaIN = $FW_conf['portaIN']; array_push($nomi, "REGOLA-I$id"); @@ -137,11 +147,11 @@ function genera_int () { array_push($file, $regola); - $regola .= "sudo iptables -I PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port; "; - $regola .= "sudo iptables -N REGOLA-I$id; "; - $regola .= "sudo iptables -I REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT; "; - $regola .= "sudo iptables -I REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT; "; - $regola .= "sudo iptables -I FORWARD -j REGOLA-I$id; "; + $regola = "iptables -I PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port; "; + $regola .= "iptables -N REGOLA-I$id; "; + $regola .= "iptables -I REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT; "; + $regola .= "iptables -I REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT; "; + $regola .= "iptables -I FORWARD -j REGOLA-I$id; "; $esegui['REGOLA-I'.$id] = $regola; } @@ -153,7 +163,9 @@ function genera_int () { } function genera_ext () { - global $UTENTE, $DB_ID, $CONF, $FW_conf; + global $UTENTE, $DB_ID, $CONF; + + $FW_conf = carica_conf ("Firewall"); $query = " SELECT firewall_versoesterno_regole.id, @@ -192,6 +204,7 @@ function genera_ext () { $nomi = array (); $file = array (); $esegui = array (); + $portaIN = $FW_conf['portaIN']; $res = mysql_query( $query, $DB_ID ); while ($dato = mysql_fetch_array ( $res )) { @@ -202,33 +215,32 @@ function genera_ext () { $ext_port = $dato['ext_port']; $int_ip = $dato['int_ip']; $ext_ip = $dato['ext_ip']; - $portaIN = $FW_conf['portaIN']; array_push($nomi, "REGOLA-U$id"); if ($stato == 2) $perm = "PERMANENTE"; else $perm = ""; - if ($int_ip != "") { + if ($int_ip != "" && $int_ip != 0) { $ipint1 = "-s $int_ip"; $ipint2 = "-d $int_ip"; } else { $ipint1 = ""; $ipint2 = ""; } - if ($ext_ip != "") { + if ($ext_ip != "" && $ext_ip != 0) { $ipext1 = "-d $ext_ip"; $ipext2 = "-s $ext_ip"; } else { $ipext1 = ""; $ipext2 = ""; } - if ($int_port != "") { + if ($int_port != "" && $int_port != 0) { $ptint1 = "--sport $int_port"; $ptint2 = "--dport $int_port"; } else { $ptint1 = ""; $ptint2 = ""; } - if ($ext_port != "") { + if ($ext_port != "" && $ext_port != 0) { $ptext1 = "--dport $ext_port"; $ptext2 = "--sport $ext_port"; } else { @@ -245,10 +257,10 @@ function genera_ext () { array_push($file, $regola); - $regola = "sudo iptables -N REGOLA-U$id; "; - $regola .= "sudo iptables -I REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT; "; - $regola .= "sudo iptables -I REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT; "; - $regola .= "sudo iptables -I FORWARD -j REGOLA-U$id"; + $regola = "iptables -N REGOLA-U$id; "; + $regola .= "iptables -I REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT; "; + $regola .= "iptables -I REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT; "; + $regola .= "iptables -I FORWARD -j REGOLA-U$id"; $esegui['REGOLA-U'.$id] = $regola; } @@ -259,12 +271,12 @@ function genera_ext () { } function elimina ($cerca) { - exec ("sudo iptables -nL FORWARD --line-numbers | grep $cerca", $ritorno); + exec ("iptables -nL FORWARD --line-numbers | grep $cerca", $ritorno); foreach (array_reverse($ritorno) as $riga) { $pezzi = explode (" " , $riga); - exec ("sudo iptables -D FORWARD ".$pezzi[0]); - exec ("sudo iptables -F $cerca"); - exec ("sudo iptables -X $cerca"); + exec ("iptables -D FORWARD ".$pezzi[0]); + exec ("iptables -F $cerca"); + exec ("iptables -X $cerca"); } }