/src/usr/local/bin/easyrule - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/bin/easyrule @ 02af1494

1	cb7d18d5	Renato Botelho	#!/usr/local/bin/php-cgi -q
2	865ff9b4	jim-p	<?php
3			/*
4	ac24dc24	Renato Botelho	* easyrule
5			*
6			* part of pfSense (https://www.pfsense.org)
7	b8f91b7c	Luiz Souza	* Copyright (c) 2010-2018 Rubicon Communications, LLC (Netgate)
8	ac24dc24	Renato Botelho	* All rights reserved.
9			*
10	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
11			* you may not use this file except in compliance with the License.
12			* You may obtain a copy of the License at
13	ac24dc24	Renato Botelho	*
14	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
15	ac24dc24	Renato Botelho	*
16	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
17			* distributed under the License is distributed on an "AS IS" BASIS,
18			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19			* See the License for the specific language governing permissions and
20			* limitations under the License.
21	ac24dc24	Renato Botelho	*/
22	865ff9b4	jim-p
23
24			require_once("pfsense-utils.inc");
25			require_once("easyrule.inc");
26			require_once("filter.inc");
27			require_once("shaper.inc");
28
29			$message = "";
30			$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn");
31	0c305760	jim-p	$ifdisp = get_configured_interface_with_descr();
32			foreach ($ifdisp as $kif => $kdescr) {
33			$specialsrcdst[] = "{$kif}";
34			$specialsrcdst[] = "{$kif}ip";
35			}
36	865ff9b4	jim-p
37			/* Borrow this function from guiconfig.inc since we can't include it for use at the CLI
38
39			- Maybe these need to be moved to util.inc or pfsense-utils.inc?
40
41			*/
42			function pconfig_to_address(&$adr, $padr, $pmask, $pnot=false, $pbeginport=0, $pendport=0) {
43
44			$adr = array();
45
46	7d61beba	Phil Davis	if ($padr == "any") {
47	865ff9b4	jim-p	$adr['any'] = true;
48	7d61beba	Phil Davis	} else if (is_specialnet($padr)) {
49	865ff9b4	jim-p	$adr['network'] = $padr;
50	7d61beba	Phil Davis	} else {
51	865ff9b4	jim-p	$adr['address'] = $padr;
52	7d61beba	Phil Davis	if ($pmask != 32) {
53	865ff9b4	jim-p	$adr['address'] .= "/" . $pmask;
54	7d61beba	Phil Davis	}
55	865ff9b4	jim-p	}
56
57	7d61beba	Phil Davis	if ($pnot) {
58	865ff9b4	jim-p	$adr['not'] = true;
59	7d61beba	Phil Davis	} else {
60	865ff9b4	jim-p	unset($adr['not']);
61	7d61beba	Phil Davis	}
62	865ff9b4	jim-p
63			if (($pbeginport != 0) && ($pbeginport != "any")) {
64	7d61beba	Phil Davis	if ($pbeginport != $pendport) {
65	865ff9b4	jim-p	$adr['port'] = $pbeginport . "-" . $pendport;
66	7d61beba	Phil Davis	} else {
67	865ff9b4	jim-p	$adr['port'] = $pbeginport;
68	7d61beba	Phil Davis	}
69	865ff9b4	jim-p	}
70
71	7d61beba	Phil Davis	if (is_alias($pbeginport)) {
72	865ff9b4	jim-p	$adr['port'] = $pbeginport;
73			}
74			}
75
76			/* Borrow this one from guiconfig.inc also */
77			function is_specialnet($net) {
78			global $specialsrcdst;
79
80	7d61beba	Phil Davis	if (!$net) {
81	865ff9b4	jim-p	return false;
82	7d61beba	Phil Davis	}
83			if (in_array($net, $specialsrcdst)) {
84	865ff9b4	jim-p	return true;
85	7d61beba	Phil Davis	} else {
86	865ff9b4	jim-p	return false;
87	7d61beba	Phil Davis	}
88	865ff9b4	jim-p	}
89
90
91			if (($argc > 1) && !empty($argv[1])) {
92	50242425	Oliver Welter
93	a6f973a1	Oliver Welter	/* Automagically derive an alternate alias name from the scripts name
94			* This allows for using alternate alias lists with just a symlink */
95	50242425	Oliver Welter	if (($alias = basename($argv[0])) != 'easyrule') {
96			$blockaliasname = ucfirst($alias).'Rules';
97			}
98
99	865ff9b4	jim-p	$message = "";
100			switch ($argv[1]) {
101			case 'block':
102			$message = easyrule_parse_block($argv[2], $argv[3]);
103			break;
104	4dedce6d	Oliver Welter	case 'unblock':
105			$message = easyrule_parse_unblock($argv[2], $argv[3]);
106			break;
107			case 'showblock':
108			$message = easyrule_parse_getblock($argv[2]);
109			break;
110	865ff9b4	jim-p	case 'pass':
111			$message = easyrule_parse_pass($argv[2], $argv[3], $argv[4], $argv[5], $argv[6]);
112			break;
113			}
114			echo $message . "\n";
115			} else {
116			// Print usage:
117			echo "usage:\n";
118	4dedce6d	Oliver Welter	echo " Blocking only requires an IP to block, block rules can be shown with showblock and revoked using unblock\n";
119	865ff9b4	jim-p	echo " " . basename($argv[0]) . " block <interface> <source IP>\n";
120			echo "\n";
121			echo " Passing requires more detail, as it must be as specific as possible. The destination port is optional if you're using a protocol without a port (e.g. ICMP, OSPF, etc).\n";
122			echo " " . basename($argv[0]) . " pass <interface> <protocol> <source IP> <destination ip> [destination port]\n";
123			echo "\n";
124			echo " Block example:\n";
125			echo " " . basename($argv[0]) . " block wan 1.2.3.4\n";
126			echo "\n";
127	4dedce6d	Oliver Welter	echo " Show active blocks example:\n";
128			echo " " . basename($argv[0]) . " showblock wan\n";
129			echo "\n";
130			echo " Unblock example:\n";
131			echo " " . basename($argv[0]) . " unblock wan 1.2.3.4\n";
132			echo "\n";
133	865ff9b4	jim-p	echo " Pass example (protocol with port):\n";
134			echo " " . basename($argv[0]) . " pass wan tcp 1.2.3.4 192.168.0.4 80\n";
135			echo "\n";
136	633136b8	jim-p	echo " Pass example (protocol without port):\n";
137	865ff9b4	jim-p	echo " " . basename($argv[0]) . " pass wan icmp 1.2.3.4 192.168.0.4\n";
138			echo "\n";
139			}
140	a6f973a1	Oliver Welter	?>

Project

General

Profile

pfSense