| 348 |
348 |
}
|
| 349 |
349 |
return gettext("Unknown block error.");
|
| 350 |
350 |
}
|
|
351 |
|
|
352 |
function easyrule_parse_unblock($int, $host, $ipproto = "inet") {
|
|
353 |
global $blockaliasname, $config;
|
|
354 |
|
|
355 |
if (!empty($host) && !empty($int)) {
|
|
356 |
$host = trim($host, "[]");
|
|
357 |
if (!is_ipaddr($host) && !is_subnet($host)) {
|
|
358 |
return gettext("Tried to unblock invalid IP:") . ' ' . htmlspecialchars($host);
|
|
359 |
}
|
|
360 |
$real_int = easyrule_find_rule_interface($int);
|
|
361 |
if ($real_int === false) {
|
|
362 |
return gettext("Invalid interface for block rule:") . ' ' . htmlspecialchars($int);
|
|
363 |
}
|
|
364 |
|
|
365 |
/* Try to get the ID - will fail if there are no rules/alias on this interface */
|
|
366 |
$id = easyrule_block_alias_getid($real_int);
|
|
367 |
if ($id === false || !$config['aliases']['alias'][$id]) {
|
|
368 |
return gettext("No block rules set on interface:") . ' ' . htmlspecialchars($int);
|
|
369 |
}
|
|
370 |
|
|
371 |
$alias = &$config['aliases']['alias'][$id];
|
|
372 |
|
|
373 |
if (is_subnet($host)) {
|
|
374 |
list($host, $mask) = explode("/", $host);
|
|
375 |
} elseif (is_specialnet($host)) {
|
|
376 |
$mask = 0;
|
|
377 |
} elseif (is_ipaddrv6($host)) {
|
|
378 |
$mask = 128;
|
|
379 |
} else {
|
|
380 |
$mask = 32;
|
|
381 |
}
|
|
382 |
|
|
383 |
// Create the expected string representation
|
|
384 |
$unblock = $host.'/'.$mask;
|
|
385 |
|
|
386 |
$a_address = explode(" ", $config['aliases']['alias'][$id]['address']);
|
|
387 |
$a_detail = explode("||", $config['aliases']['alias'][$id]['detail']);
|
|
388 |
|
|
389 |
if(($key = array_search($unblock, $a_address)) !== false) {
|
|
390 |
unset($a_address[$key]);
|
|
391 |
unset($a_detail[$key]);
|
|
392 |
// Write back the result to the config array
|
|
393 |
$config['aliases']['alias'][$id]['address'] = join(" ", $a_address);
|
|
394 |
$config['aliases']['alias'][$id]['detail'] = join("||", $a_detail);
|
|
395 |
|
|
396 |
// Update config
|
|
397 |
write_config();
|
|
398 |
$retval = filter_configure();
|
|
399 |
if (!empty($_SERVER['DOCUMENT_ROOT'])) {
|
|
400 |
header("Location: firewall_aliases.php");
|
|
401 |
exit;
|
|
402 |
} else {
|
|
403 |
return gettext("Host unblocked successfully");
|
|
404 |
}
|
|
405 |
} else {
|
|
406 |
return gettext("Host ist not on block list: " . $host);
|
|
407 |
}
|
|
408 |
}
|
|
409 |
|
|
410 |
return gettext("Tried to unblock but had no host IP or interface");
|
|
411 |
|
|
412 |
}
|
|
413 |
|
|
414 |
function easyrule_parse_getblock($int = 'wan', $sep = "\n") {
|
|
415 |
global $blockaliasname, $config;
|
|
416 |
|
|
417 |
$real_int = easyrule_find_rule_interface($int);
|
|
418 |
if ($real_int === false) {
|
|
419 |
return gettext("Invalid interface for block rule:") . ' ' . htmlspecialchars($int);
|
|
420 |
}
|
|
421 |
|
|
422 |
/* Try to get the ID - will fail if there are no rules/alias on this interface */
|
|
423 |
$id = easyrule_block_alias_getid($real_int);
|
|
424 |
|
|
425 |
if ($id === false || !$config['aliases']['alias'][$id] || empty($config['aliases']['alias'][$id]['address'])) {
|
|
426 |
return gettext("No block rules set on interface:") . ' ' . htmlspecialchars($int);
|
|
427 |
}
|
|
428 |
return join($sep, explode(" ", $config['aliases']['alias'][$id]['address']));
|
|
429 |
|
|
430 |
}
|
|
431 |
|
| 351 |
432 |
function easyrule_parse_pass($int, $proto, $src, $dst, $dstport = 0, $ipproto = "inet") {
|
| 352 |
433 |
/* Check for valid int, srchost, dsthost, dstport, and proto */
|
| 353 |
434 |
global $protocols_with_ports;
|
Add showblock and unblock options to easyrule CLI tool
Block rules added with easyrule block.... can now be listed and removed using
the easyrule tool. This is handy to be used with external IDS like tools, e.g
fail2ban.