cmaffio/pannello
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
e5d5e3402fe90e91e6420c46d69a9460f22e1def
pannello/firewall/firewall_library.php
cmaffio 2b1b48b072 fix azzeramento regole e fix font dropdown
2016-06-23 16:29:37 +02:00

289 lines
8.4 KiB
PHP
Raw Blame History

<?php
function genera () {
$FW_conf = carica_conf ("Firewall");
$FW = file ($FW_conf['file_in']);
$prima = array ();
$dopo = array ();
$vecchie_u = array ();
$vecchie_i = array ();
$stato = 0;
foreach ($FW as $riga) {
switch ($stato) {
case 0:
array_push($prima, $riga);
if (preg_match('/# REGOLE DINAMICHE/', $riga)) $stato++;
break;
case 1:
if (preg_match('/START (REGOLA-U\d+)/', $riga, $trovata)) array_push($vecchie_u, $trovata[1]);
if (preg_match('/START (REGOLA-I\d+)/', $riga, $trovata)) array_push($vecchie_i, $trovata[1]);
if (preg_match('/# FINE REGOLE DINAMICHE/', $riga)) {
$stato++;
array_push($dopo, $riga);
}
break;
case 2:
array_push($dopo, $riga);
break;
}
}
$nuove_ext = genera_ext ();
$cancellare = array_diff($vecchie_u, $nuove_ext[0]);
$aggiungere = array_diff($nuove_ext[0], $vecchie_u);
foreach ($aggiungere as $regola) {
exec ($nuove_ext[2][$regola]);
}
foreach ($cancellare as $regola) {
elimina ($regola);
}
$nuove_int = genera_int ();
$cancellare = array_diff($vecchie_i, $nuove_int[0]);
$aggiungere = array_diff($nuove_int[0], $vecchie_i);
foreach ($aggiungere as $regola) {
exec ($nuove_int[2][$regola]);
}
foreach ($cancellare as $regola) {
elimina ($regola);
}
$new = array_merge($prima,$nuove_ext[1],$nuove_int[1],$dopo);
file_put_contents ($FW_conf['file_out'], $new, LOCK_EX);
$comando = "sudo cp ".$FW_conf['file_out']." ".$FW_conf['file_in'];
exec ($comando);
}
function genera_int () {
global $UTENTE, $DB_ID, $CONF, $FW_conf;
$query = " SELECT
firewall_versointerno_regole.id,
firewall_versointerno_regole.stato,
firewall_versointerno.proto,
firewall_versointerno.int_port,
firewall_versointerno.fw_port,
proxy_pool.ip AS int_ip,
firewall_vpn.ip AS ext_ip
FROM
firewall_versointerno_regole
JOIN
firewall_versointerno
ON
firewall_versointerno_regole.id_firewall_versointerno = firewall_versointerno.id
JOIN
firewall_macchine
ON
firewall_versointerno.id_firewall_macchine = firewall_macchine.id
JOIN
proxy_pool
ON
firewall_macchine.id_proxy_pool = proxy_pool.id
JOIN
firewall_vpn
ON
firewall_versointerno.id_firewall_vpn = firewall_vpn.id
WHERE
firewall_versointerno_regole.attivo = 1
AND
firewall_versointerno_regole.stato > 0
GROUP BY
firewall_versointerno_regole.id_firewall_versointerno
";
$nomi = array ();
$file = array ();
$esegui = array ();
$res = mysql_query( $query, $DB_ID );
while ($dato = mysql_fetch_array ( $res )) {
$id = $dato['id'];
$proto = $dato['proto'];
$stato = $dato['stato'];
$int_port = $dato['int_port'];
$ext_port = $dato['fw_port'];
$int_ip = $dato['int_ip'];
$ext_ip = $dato['ext_ip'];
$portaIN = $FW_conf['portaIN'];
array_push($nomi, "REGOLA-I$id");
if ($stato == 2) $perm = "PERMANENTE"; else $perm = "";
$regola = "### START REGOLA-I$id $perm ###\n";
$regola .= "iptables -I PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port\n";
$regola .= "iptables -N REGOLA-I$id\n";
$regola .= "iptables -I REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT\n";
$regola .= "iptables -I REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT\n";
$regola .= "iptables -I FORWARD -j REGOLA-I$id\n";
$regola .= "### STOP REGOLA-I$id $perm ###\n";
array_push($file, $regola);
$regola .= "sudo iptables -I PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port; ";
$regola .= "sudo iptables -N REGOLA-I$id; ";
$regola .= "sudo iptables -I REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT; ";
$regola .= "sudo iptables -I REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT; ";
$regola .= "sudo iptables -I FORWARD -j REGOLA-I$id; ";
$esegui['REGOLA-I'.$id] = $regola;
}
$ritorna[0] = $nomi;
$ritorna[1] = $file;
$ritorna[2] = $esegui;
return $ritorna;
}
function genera_ext () {
global $UTENTE, $DB_ID, $CONF, $FW_conf;
$query = " SELECT
firewall_versoesterno_regole.id,
firewall_versoesterno_regole.stato,
firewall_versoesterno.proto,
firewall_versoesterno.int_port,
firewall_versoesterno.ext_port,
proxy_pool.ip AS int_ip,
firewall_macchine_ext.ip AS ext_ip
FROM
firewall_versoesterno_regole
JOIN
firewall_versoesterno
ON
firewall_versoesterno_regole.id_firewall_versoesterno = firewall_versoesterno.id
JOIN
firewall_macchine
ON
firewall_versoesterno.id_firewall_macchine = firewall_macchine.id
JOIN
proxy_pool
ON
firewall_macchine.id_proxy_pool = proxy_pool.id
JOIN
firewall_macchine_ext
ON
firewall_versoesterno.id_firewall_macchine_ext = firewall_macchine_ext.id
WHERE
firewall_versoesterno_regole.attivo = 1
AND
firewall_versoesterno_regole.stato > 0
GROUP BY
firewall_versoesterno_regole.id_firewall_versoesterno
";
$nomi = array ();
$file = array ();
$esegui = array ();
$res = mysql_query( $query, $DB_ID );
while ($dato = mysql_fetch_array ( $res )) {
$id = $dato['id'];
$proto = $dato['proto'];
$stato = $dato['stato'];
$int_port = $dato['int_port'];
$ext_port = $dato['ext_port'];
$int_ip = $dato['int_ip'];
$ext_ip = $dato['ext_ip'];
$portaIN = $FW_conf['portaIN'];
array_push($nomi, "REGOLA-U$id");
if ($stato == 2) $perm = "PERMANENTE"; else $perm = "";
if ($int_ip != "") {
$ipint1 = "-s $int_ip";
$ipint2 = "-d $int_ip";
} else {
$ipint1 = "";
$ipint2 = "";
}
if ($ext_ip != "") {
$ipext1 = "-d $ext_ip";
$ipext2 = "-s $ext_ip";
} else {
$ipext1 = "";
$ipext2 = "";
}
if ($int_port != "") {
$ptint1 = "--sport $int_port";
$ptint2 = "--dport $int_port";
} else {
$ptint1 = "";
$ptint2 = "";
}
if ($ext_port != "") {
$ptext1 = "--dport $ext_port";
$ptext2 = "--sport $ext_port";
} else {
$ptext1 = "";
$ptext2 = "";
}
$regola = "### START REGOLA-U$id $perm ###\n";
$regola .= "iptables -N REGOLA-U$id\n";
$regola .= "iptables -I REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT\n";
$regola .= "iptables -I REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT\n";
$regola .= "iptables -I FORWARD -j REGOLA-U$id\n";
$regola .= "### STOP REGOLA-U$id $perm ###\n";
array_push($file, $regola);
$regola = "sudo iptables -N REGOLA-U$id; ";
$regola .= "sudo iptables -I REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT; ";
$regola .= "sudo iptables -I REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT; ";
$regola .= "sudo iptables -I FORWARD -j REGOLA-U$id";
$esegui['REGOLA-U'.$id] = $regola;
}
$ritorna[0] = $nomi;
$ritorna[1] = $file;
$ritorna[2] = $esegui;
return $ritorna;
}
function elimina ($cerca) {
exec ("sudo iptables -nL FORWARD --line-numbers | grep $cerca", $ritorno);
foreach (array_reverse($ritorno) as $riga) {
$pezzi = explode (" " , $riga);
exec ("sudo iptables -D FORWARD ".$pezzi[0]);
exec ("sudo iptables -F $cerca");
exec ("sudo iptables -X $cerca");
}
}
function azzera () {
global $UTENTE, $DB_ID, $CONF, $FW_conf;
$query = "SELECT id FROM firewall_versoesterno_regole WHERE stato = 1";
$res = mysql_query( $query, $DB_ID );
while ($dato = mysql_fetch_array ( $res )) {
$id = $dato['id'];
$query = "UPDATE firewall_versoesterno_regole SET stato = 0, modifica = NOW() WHERE id = $id";
mysql_query( $query, $DB_ID );
$query = "INSERT INTO firewall_logs SET id_utenti = 1, tabella = 'versoesterno', id_regole = $id, stato = 0, data = NOW()";
mysql_query( $query, $DB_ID );
}
$query = "SELECT id FROM firewall_versointerno_regole WHERE stato = 1";
$res = mysql_query( $query, $DB_ID );
while ($dato = mysql_fetch_array ( $res )) {
$id = $dato['id'];
$query = "UPDATE firewall_versointerno_regole SET stato = 0, modifica = NOW() WHERE id = $id";
mysql_query( $query, $DB_ID );
$query = "INSERT INTO firewall_logs SET id_utenti = 1, tabella = 'versointerno', id_regole = $id, stato = 0, data = NOW()";
mysql_query( $query, $DB_ID );
}
}
?>
Reference in New Issue View Git Blame Copy Permalink