Commit ea21e8c2 by netz.coop eG

NCFilters mit iptables Start

1 parent 2f550642
close_fw_cron.conf
fw.txt
hosts.open
...@@ -47,3 +47,15 @@ Vanilla Login: ...@@ -47,3 +47,15 @@ Vanilla Login:
Benutzer: admin Benutzer: admin
Passwort: testpassword Passwort: testpassword
# Änderungen Heiko
include/install/dblayout.sql
UNIQUE in domains rausgenommen bei url und ip
include/classes/Sytemoutput.php
Ausgabe für fw.txt angepassst
Erste Zeile soll sein
# iptables -t nat -F PREROUTING
Reihenfolge für fw.txt geändert
Wenn open im Interface rot ist, wird die iptables-regel geschrieben
...@@ -55,8 +55,12 @@ class Connectdb extends SQLite3 ...@@ -55,8 +55,12 @@ class Connectdb extends SQLite3
$result = $this->query('SELECT * from pclist as p INNER JOIN groups as g ON p.group_id = g.group_id;'); $result = $this->query('SELECT * from pclist as p INNER JOIN groups as g ON p.group_id = g.group_id;');
$ary_content = array(); $ary_content = array();
$i = 0; $i = 0;
$key = null;
while ($res = $result->fetchArray(SQLITE3_ASSOC)) { while ($res = $result->fetchArray(SQLITE3_ASSOC)) {
foreach ($res as $key => $value) { foreach ($res as $key => $value) {
if (!isset($ary_content[$i][$key])){
$ary_content[$i][$key] = null;
}
$ary_content[$i][$key] .= $value; $ary_content[$i][$key] .= $value;
} }
$i++; $i++;
...@@ -81,6 +85,27 @@ class Connectdb extends SQLite3 ...@@ -81,6 +85,27 @@ class Connectdb extends SQLite3
return $ary_content; return $ary_content;
} }
public function getclosefwcronarray(){
$result = $this->query('SELECT * from close_fw_cron;');
$ary_content = array();
$i = 0;
$key = null;
while ($res = $result->fetchArray(SQLITE3_ASSOC)) {
foreach ($res as $key => $value) {
if (!isset($ary_content[$i][$key])){
$ary_content[$i][$key] = null;
}
$ary_content[$i][$key] .= $value;
}
$i++;
}
return $ary_content;
}
public function cleanstringfromspecial($string,$password){ public function cleanstringfromspecial($string,$password){
$string = str_replace(' ', '-', $string); // Replaces all spaces with hyphens. $string = str_replace(' ', '-', $string); // Replaces all spaces with hyphens.
......
...@@ -63,7 +63,7 @@ class Output { ...@@ -63,7 +63,7 @@ class Output {
public function printlogo($name) { public function printlogo($name) {
$string = '<div class="header">'; $string = '<div class="header">';
$string .= ' <img class="logo" src="include/images/logo.png" alt="logo" />'; $string .= ' <a href="https://netz.coop"><img class="logo" src="include/images/logo.png" alt="logo" /></a>';
$string .= '<h1>' . $name . '</h1>'; $string .= '<h1>' . $name . '</h1>';
$string .= ' </div>'; $string .= ' </div>';
return $string; return $string;
......
...@@ -44,41 +44,62 @@ class Sytemoutput { ...@@ -44,41 +44,62 @@ class Sytemoutput {
public function createfw($array_pclistgroups){ public function createfw($array_pclistgroups){
$i=0; $i=0;
file_put_contents(FWFILENAME, PHP_EOL); file_put_contents(FWFILENAME, PHP_EOL);
file_put_contents(FWFILENAME,'iptables -t nat -F PREROUTING'. PHP_EOL);
file_put_contents(FWFILENAME,'iptables -F FORWARD'. PHP_EOL ,FILE_APPEND);
foreach($array_pclistgroups as $key =>$value){ foreach($array_pclistgroups as $key =>$value){
if($value['open']==='0'){ if($value['open']==='1'){
// file_put_contents(FWFILENAME,''.$value['ip'].'\n',FILE_APPEND); // file_put_contents(FWFILENAME,''.$value['ip'].'\n',FILE_APPEND);
// by Heiko }else if($value['open']==='0' || $value['open']==='off' ){ file_put_contents(FWFILENAME,'iptables -t nat -A PREROUTING --src '.$value['ip'].' -i eth1 -j OPEN'. PHP_EOL ,FILE_APPEND);
}else if($value['open']==='1' || $value['open']==='on' ){ }else if($value['open']==='0' || $value['open']==='off' ){
// by Heiko }else if($value['open']==='1' || $value['open']==='on' ){
if($i===0){ // if($i===0){
// file_put_contents(FWFILENAME,'iptables -t nat -A PREROUTING --src '.$value['ip'].' -i eth1 -p udp --dport 53 -j REDIRECT --to-port 5335 '. PHP_EOL ,FILE_APPEND);
// }else{
file_put_contents(FWFILENAME,'iptables -t nat -A PREROUTING --src '.$value['ip'].' -i eth1 -j BLOCK'. PHP_EOL ,FILE_APPEND);
file_put_contents(FWFILENAME,'iptables -t nat -A PREROUTING --src '.$value['ip'].' -i eth1 -p udp --dport 53 -j REDIRECT --to-port 5335 '. PHP_EOL);
}else{ // schlechte Idee, blockiert auch den gewünschten Datenverkehr
file_put_contents(FWFILENAME,'iptables -t nat -A PREROUTING --src '.$value['ip'].' -i eth1 -p udp --dport 53 -j REDIRECT --to-port 5335 '. PHP_EOL ,FILE_APPEND); // file_put_contents(FWFILENAME,'iptables -A FORWARD --src '.$value['ip'].' -i eth1 -j DROP'. PHP_EOL ,FILE_APPEND);
} // }
file_put_contents(FWFILENAME,'iptables -t nat -A PREROUTING --src '.$value['ip'].' -i eth1 -p tcp --dport 53 -j REDIRECT --to-port 5335 '. PHP_EOL ,FILE_APPEND); // file_put_contents(FWFILENAME,'iptables -t nat -A PREROUTING --src '.$value['ip'].' -i eth1 -p tcp --dport 53 -j REDIRECT --to-port 5335 '. PHP_EOL ,FILE_APPEND);
} }
$i++; // $i++;
} }
} }
public function createhosts($array_pclistgroups){ public function createhosts($array_pclistgroups){
file_put_contents(DNSFILENAME, PHP_EOL); file_put_contents(DNSFILENAME,'iptables -t nat -N OPEN'. PHP_EOL);
$i=0; file_put_contents(DNSFILENAME,'iptables -t nat -F OPEN'. PHP_EOL ,FILE_APPEND);
file_put_contents(DNSFILENAME,'iptables -t nat -A OPEN -j ACCEPT'. PHP_EOL ,FILE_APPEND);
file_put_contents(DNSFILENAME,'iptables -t nat -N BLOCK'. PHP_EOL ,FILE_APPEND);
file_put_contents(DNSFILENAME,'iptables -t nat -F BLOCK'. PHP_EOL ,FILE_APPEND);
foreach($array_pclistgroups as $key =>$value){ foreach($array_pclistgroups as $key =>$value){
if($value['open']==='0'){ if($value['open']==='0'){
}else if($value['enable']==='1' || $value['enable']==='on' ){ }else if($value['enable']==='1' || $value['enable']==='on' ){
if($i===0){ file_put_contents(DNSFILENAME,'iptables -t nat -A BLOCK -i eth1 -d '.$value['ip'].' -j ACCEPT'. PHP_EOL ,FILE_APPEND);
file_put_contents(DNSFILENAME,'address=/'.$value['url'].'/'.$value['ip'] .PHP_EOL );
}else{
file_put_contents(DNSFILENAME,'address=/'.$value['url'].'/'.$value['ip'] .PHP_EOL ,FILE_APPEND);
}
} }
$i++;
} }
file_put_contents(DNSFILENAME,'iptables -t nat -A BLOCK -i eth1 -m multiport -p tcp --dports 80,443,8080 -j DNAT --to-destination 10.8.11.10'. PHP_EOL ,FILE_APPEND);
} }
public function closefwcron($array_closefwcron){
$i=0;
foreach($array_closefwcron as $key =>$value){
if($i===0){
file_put_contents(CRONFILENAME,$value['close_time_minute'].' '.$value['close_time_hour'].' * * * /usr/local/sbin/close_fw.sh'. PHP_EOL);
}else{
file_put_contents(CRONFILENAME,$value['close_time_minute'].' '.$value['close_time_hour'].' * * * /usr/local/sbin/close_fw.sh'. PHP_EOL ,FILE_APPEND);
}
$i++;
}
}
} }
...@@ -10,6 +10,6 @@ define('DBFILE', 'include/db/nclists.sqlite'); ...@@ -10,6 +10,6 @@ define('DBFILE', 'include/db/nclists.sqlite');
define('FWFILENAME', 'fw.txt'); define('FWFILENAME', 'fw.txt');
define('FW2FILENAME', 'fw.txt'); define('FW2FILENAME', 'fw.txt');
define('DNSFILENAME', 'hosts.open'); define('DNSFILENAME', 'hosts.open');
define('CRONFILENAME', 'close_fw_cron.conf');
define('SQLSORT', 'ORDER BY id DESC'); define('SQLSORT', 'ORDER BY id DESC');
define('SQLGRPSORT', 'ORDER BY group_id DESC'); define('SQLGRPSORT', 'ORDER BY group_id DESC');
\ No newline at end of file
...@@ -9,7 +9,9 @@ and open the template in the editor. ...@@ -9,7 +9,9 @@ and open the template in the editor.
*/ */
body{ body{
background-color: #d0d5d8;
/* background-color: #d0d5d8; */
background-color: #ffffff;
} }
.logo{ .logo{
...@@ -66,4 +68,4 @@ body{ ...@@ -66,4 +68,4 @@ body{
clear: left; clear: left;
float: left; float: left;
min-width:30%; min-width:30%;
} }
\ No newline at end of file
...@@ -7,7 +7,7 @@ PRAGMA foreign_keys = off; ...@@ -7,7 +7,7 @@ PRAGMA foreign_keys = off;
BEGIN TRANSACTION; BEGIN TRANSACTION;
-- Table: domains -- Table: domains
CREATE TABLE domains (id INTEGER PRIMARY KEY UNIQUE, url TEXT NOT NULL, ip TEXT NOT NULL UNIQUE, priority INT DEFAULT (0), intern BOOLEAN DEFAULT (0), enable BOOLEAN DEFAULT (1), childlvl INT DEFAULT (4), updated DATETIME, updatedby TEXT); CREATE TABLE domains (id INTEGER PRIMARY KEY UNIQUE, url TEXT NOT NULL, ip TEXT NOT NULL, priority INT DEFAULT (0), intern BOOLEAN DEFAULT (0), enable BOOLEAN DEFAULT (1), childlvl INT DEFAULT (4), updated DATETIME, updatedby TEXT);
-- Table: pclist -- Table: pclist
CREATE TABLE pclist (id INTEGER PRIMARY KEY UNIQUE, ip TEXT NOT NULL UNIQUE, group_id INTEGER NOT NULL, updated DATETIME, updatedby TEXT); CREATE TABLE pclist (id INTEGER PRIMARY KEY UNIQUE, ip TEXT NOT NULL UNIQUE, group_id INTEGER NOT NULL, updated DATETIME, updatedby TEXT);
...@@ -18,10 +18,16 @@ INSERT INTO nclistsuser (id, name, password, updated, updatedby) VALUES (0, 'adm ...@@ -18,10 +18,16 @@ INSERT INTO nclistsuser (id, name, password, updated, updatedby) VALUES (0, 'adm
-- Table: groups -- Table: groups
CREATE TABLE groups (group_id INTEGER PRIMARY KEY AUTOINCREMENT UNIQUE, name TEXT UNIQUE, chldvlv INTEGER DEFAULT (4) NOT NULL, open BOOLEAN DEFAULT (0), updated DATETIME, updatedby TEXT); CREATE TABLE groups (group_id INTEGER PRIMARY KEY AUTOINCREMENT UNIQUE, name TEXT UNIQUE, chldvlv INTEGER DEFAULT (4) NOT NULL, open BOOLEAN DEFAULT (0), updated DATETIME, updatedby TEXT);
INSERT INTO groups (group_id, name, chldvlv, open, updated, updatedby) VALUES (0, 'Klasse 1a', 1, 1, NULL, NULL); INSERT INTO groups (group_id, name, chldvlv, open, updated, updatedby) VALUES (0, 'Klasse 1-2a', 2, 1, NULL, NULL);
INSERT INTO groups (group_id, name, chldvlv, open, updated, updatedby) VALUES (2, 'Klasse 1b', 1, 1, NULL, NULL); INSERT INTO groups (group_id, name, chldvlv, open, updated, updatedby) VALUES (1, 'Klasse 1-2b', 2, 1, NULL, NULL);
INSERT INTO groups (group_id, name, chldvlv, open, updated, updatedby) VALUES (3, 'Klasse 2a', 2, 0, NULL, NULL); INSERT INTO groups (group_id, name, chldvlv, open, updated, updatedby) VALUES (2, 'Klasse 1-2c', 2, 1, NULL, NULL);
INSERT INTO groups (group_id, name, chldvlv, open, updated, updatedby) VALUES (4, 'Klasse 4a', 4, 0, NULL, NULL); INSERT INTO groups (group_id, name, chldvlv, open, updated, updatedby) VALUES (3, 'Klasse 1-2d', 2, 1, NULL, NULL);
INSERT INTO groups (group_id, name, chldvlv, open, updated, updatedby) VALUES (4, 'Klasse 3a', 3, 0, NULL, NULL);
INSERT INTO groups (group_id, name, chldvlv, open, updated, updatedby) VALUES (5, 'Klasse 3b', 3, 0, NULL, NULL);
INSERT INTO groups (group_id, name, chldvlv, open, updated, updatedby) VALUES (6, 'Klasse 4a', 4, 0, NULL, NULL);
INSERT INTO groups (group_id, name, chldvlv, open, updated, updatedby) VALUES (7, 'Klasse 4b', 4, 0, NULL, NULL);
INSERT INTO groups (group_id, name, chldvlv, open, updated, updatedby) VALUES (8, 'PC-Raum', 4, 0, NULL, NULL);
INSERT INTO groups (group_id, name, chldvlv, open, updated, updatedby) VALUES (9, 'Forscherraum', 4, 0, NULL, NULL);
COMMIT TRANSACTION; COMMIT TRANSACTION;
PRAGMA foreign_keys = on; PRAGMA foreign_keys = on;
* * * * * root /usr/local/sbin/switch_fw.sh
* * * * * root /usr/local/sbin/close_fw_cron.sh
#!/bin/bash
# Wird aus der crontab heraus aufgerufen, um zeitabhängig den Blocker einzuschalten
PATH=/usr/bin:/bin:/sbin:/usr/sbin
cd /var/www/ncfilters.gs-ams.local/ncfilters/
php shell/close_fw.php
#!/bin/bash
# Schaut nach, ob neue crontab-Regeln vorhanden sind und führt sie aus
PATH=/usr/bin:/bin:/sbin:/usr/sbin
cd /var/www/ncfilters.gs-ams.local/ncfilters/
/usr/bin/find . -mmin -1 -exec /usr/bin/crontab "close_fw_cron.conf" \;
#!/bin/bash
# Wenn per Frontend eine neue Domain oder ein PC geändert wird, werden die zwei unten stehenden Dateinen geschrieben.
# Dieses Script schaut, ob sich die Dateien verändert haben und wenn ja, führt sie aus.
# Es werden neue iptables Regeln ausgeführt
PATH=/usr/bin:/bin:/sbin:/usr/sbin
cd /var/www/ncfilters.gs-ams.local/ncfilters/
/usr/bin/find . -mmin -1 -exec /bin/bash "hosts.open" \;
/usr/bin/find . -mmin -1 -exec /bin/bash "fw.txt" \;
...@@ -110,7 +110,7 @@ if (!isset($_SESSION['user_id'])) { ...@@ -110,7 +110,7 @@ if (!isset($_SESSION['user_id'])) {
if (!$_POST['name'] || !$_POST['group_id'] || !$_POST['chldvlv']) { if (!$_POST['name'] || !$_POST['group_id'] || !$_POST['chldvlv']) {
$error = ' Bitte alle Daten eintragen'; $error = ' Bitte alle Daten eintragen';
$var_sql = false; //www.google.de/search?q=sqlite+sort+by+multiple+columns&ie=utf-8&oe=utf-8&gws_rd=cr&ei=S801WdjVNIOgsAG_85OYBQ $var_sql = false;
} }
} }
if ($var_sql) { if ($var_sql) {
...@@ -168,6 +168,7 @@ if (!isset($_SESSION['user_id'])) { ...@@ -168,6 +168,7 @@ if (!isset($_SESSION['user_id'])) {
$sysout->createfw($array_pclistgroups); $sysout->createfw($array_pclistgroups);
$domaingroupsarray = $db->getdomaingroupsarray(); $domaingroupsarray = $db->getdomaingroupsarray();
$sysout->createhosts($domaingroupsarray); $sysout->createhosts($domaingroupsarray);
} }
/** /**
* Create Controlls - Buttons * Create Controlls - Buttons
...@@ -179,10 +180,12 @@ if (!isset($_SESSION['user_id'])) { ...@@ -179,10 +180,12 @@ if (!isset($_SESSION['user_id'])) {
$tablestring .= $out->printmintablecell($tablestringcontent); $tablestring .= $out->printmintablecell($tablestringcontent);
$tablestringcontent = $out->printformstart('groups', 'print'); $tablestringcontent = $out->printformstart('groups', 'print');
$tablestringcontent .= $out->printbutton('Zeige Gruppen'); $tablestringcontent .= $out->printbutton('Zeige Schulklassen');
$tablestringcontent .= $out->printformend(); $tablestringcontent .= $out->printformend();
$tablestring .= $out->printmintablecell($tablestringcontent); $tablestring .= $out->printmintablecell($tablestringcontent);
$stringadv .= $out->printformstart('pclist', 'print'); $stringadv .= $out->printformstart('pclist', 'print');
$stringadv .= $out->printbutton('Zeige Pcs'); $stringadv .= $out->printbutton('Zeige Pcs');
$stringadv .= $out->printformend(); $stringadv .= $out->printformend();
...@@ -191,8 +194,8 @@ if (!isset($_SESSION['user_id'])) { ...@@ -191,8 +194,8 @@ if (!isset($_SESSION['user_id'])) {
$stringadv .= $out->printbutton('Zeige ncfilters Benutzer'); $stringadv .= $out->printbutton('Zeige ncfilters Benutzer');
$stringadv .= $out->printformend(); $stringadv .= $out->printformend();
$stringadv .= $out->printformstart('insert', 'sample'); $stringadv .= $out->printformstart('cron', 'print');
$stringadv .= $out->printbutton('Insert Sample Data'); $stringadv .= $out->printbutton('Zeige Abschaltzeiten');
$stringadv .= $out->printformend(); $stringadv .= $out->printformend();
$tablestringcontent = $out->printcollapsebtn('Erweitert', 'collapseId', 'warning btn-sm'); $tablestringcontent = $out->printcollapsebtn('Erweitert', 'collapseId', 'warning btn-sm');
...@@ -200,7 +203,7 @@ if (!isset($_SESSION['user_id'])) { ...@@ -200,7 +203,7 @@ if (!isset($_SESSION['user_id'])) {
$tablestring .= $out->printmintableend(); $tablestring .= $out->printmintableend();
echo $tablestring; echo $tablestring;
echo $out->printcollapsecontent($stringadv, 'Erweitert', 'collapseId', 'warning btn-sm'); echo $out->printcollapsecontent($stringadv, 'Erweitert', 'collapseId', 'warning btn-sm');
/*
if (is_array($_POST) && key_exists('insert', $_POST) && $_POST['insert'] === 'sample') { if (is_array($_POST) && key_exists('insert', $_POST) && $_POST['insert'] === 'sample') {
$db->exec("INSERT INTO domains (id,url,ip,priority,intern,enable,childlvl) VALUES ('0','antolin.de','217.13.73.6','0','0','1','1') "); $db->exec("INSERT INTO domains (id,url,ip,priority,intern,enable,childlvl) VALUES ('0','antolin.de','217.13.73.6','0','0','1','1') ");
$db->exec('INSERT INTO domains (id,url,ip,priority,intern,enable,childlvl) VALUES ("1","blindekuh.de/","217.160.231.96","0","0","1","1") '); $db->exec('INSERT INTO domains (id,url,ip,priority,intern,enable,childlvl) VALUES ("1","blindekuh.de/","217.160.231.96","0","0","1","1") ');
...@@ -220,7 +223,7 @@ if (!isset($_SESSION['user_id'])) { ...@@ -220,7 +223,7 @@ if (!isset($_SESSION['user_id'])) {
$db->exec('INSERT INTO pclist (id,ip,group_id) VALUES ("6","10.8.11.114","4") '); $db->exec('INSERT INTO pclist (id,ip,group_id) VALUES ("6","10.8.11.114","4") ');
// echo 'INSERT INTO pclist (id,ip,group_id) VALUES ("6","10.8.11.114","4")'; // echo 'INSERT INTO pclist (id,ip,group_id) VALUES ("6","10.8.11.114","4")';
} }
*/
if (is_array($_POST) && key_exists('domains', $_POST) && $_POST['domains'] === 'print') { if (is_array($_POST) && key_exists('domains', $_POST) && $_POST['domains'] === 'print') {
echo '<br> <h3>Domains:</h3> '; echo '<br> <h3>Domains:</h3> ';
$resultndomains = $db->query('SELECT * FROM domains ' . SQLSORT); $resultndomains = $db->query('SELECT * FROM domains ' . SQLSORT);
...@@ -243,6 +246,30 @@ if (!isset($_SESSION['user_id'])) { ...@@ -243,6 +246,30 @@ if (!isset($_SESSION['user_id'])) {
} }
if (is_array($_POST) && key_exists('cron', $_POST) && $_POST['cron'] === 'print') {
echo '<br> <h3>Abschaltzeiten:</h3> ';
$resultclosefwcron = $db->query('SELECT * FROM close_fw_cron ORDER BY close_time_hour, close_time_minute');
$i = 0;
$ary_head_cron = array();
$ary_content_cron = array();
$ary_controll = array('fastinput' => true, 'delete' => true, 'table' => 'close_fw_cron', 'fields' => array());
while ($res = $resultclosefwcron->fetchArray(SQLITE3_ASSOC)) {
if ($i === 0) {
foreach ($res as $key => $value) {
$ary_head_cron[] .= $key;
}
}
foreach ($res as $key => $value) {
$ary_content_cron[$i][$key] .= $value;
}
$i++;
}
echo $out->printtable($ary_head_cron, $ary_content_cron, true, $ary_controll);
}
if (is_array($_POST) && key_exists('nclistsuser', $_POST) && $_POST['nclistsuser'] === 'print') { if (is_array($_POST) && key_exists('nclistsuser', $_POST) && $_POST['nclistsuser'] === 'print') {
echo '<br> <h3>Users: </h3>'; echo '<br> <h3>Users: </h3>';
......
<?php
require_once './include/configure.php';
require_once './include/classes/Connectdb.php';
require_once './include/classes/Sytemoutput.php';
$db = new Connectdb();
$db->exec('UPDATE groups SET open = 0 ;');
$sysout = new Sytemoutput();
$array_pclistgroups = $db->getpclistgroupsarray();
$sysout->createfw($array_pclistgroups);
<?php
require_once './include/configure.php';
require_once './include/classes/Connectdb.php';
require_once './include/classes/Sytemoutput.php';
$db = new Connectdb();
$sysout = new Sytemoutput();
$array_closefwcron = $db->getclosefwcronarray();
$sysout->closefwcron($array_closefwcron);
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!