Implement easy block

2014-03-31 23:50:42 +00:00 · 2014-03-31 23:50:42 +00:00 · fb3a19daf4
parent e190e321d0
commit fb3a19daf4
3 changed files with 37 additions and 3 deletions
--- a/etc/ipv4/easyblock.conf
+++ b/etc/ipv4/easyblock.conf
@ -0,0 +1,16 @@
+# Easy Block List
+# Use this file to set up quick and easy blocking of traffic
+# Use tabs or single space to separate
+
+# <direction> <interface> <address> <port> <protocol>
+#
+# Direction: Required ( IN | OUT )
+# Interface: Optional ( interface name, aka eth0 )
+# Address: Optional ( IN = source of traffic | OUT = destination of traffic )
+# Port: Optional ( 1 - 65535, Requires Protocol )
+# Protocol: Optional, Required if port is specified ( tcp | udp )
+# You can use '-' for optional fields
+#============================================================
+#<direction>	<interface>	<address>		<port> <protocol>
+#IN				eth0		10.0.0.1		22		tcp
+#IN				-			-				22		tcp
--- a/etc/ipv6/easyblock.conf
+++ b/etc/ipv6/easyblock.conf
@ -0,0 +1,16 @@
+# Easy Block List
+# Use this file to set up quick and easy blocking of traffic
+# Use tabs or single space to separate
+
+# <direction> <interface> <address> <port> <protocol>
+#
+# Direction: Required ( IN | OUT )
+# Interface: Optional ( interface name, aka eth0 )
+# Address: Optional ( IN = source of traffic | OUT = destination of traffic )
+# Port: Optional ( 1 - 65535, Requires Protocol )
+# Protocol: Optional, Required if port is specified ( tcp | udp )
+# You can use '-' for optional fields
+#============================================================
+#<direction>	<interface>	<address>				<port> <protocol>
+#IN				eth0		2002:dead:beef::/64		22		tcp
+#IN				-			-						22		tcp
--- a/lib/iptables.inc
+++ b/lib/iptables.inc
@ -241,7 +241,7 @@ function enable_easyblock {
 	${debug} ${DebugColor} "${FUNCNAME}: loading"
 	if [ -e "${FWCONFIGDIR}/ipv${IPVER}/easyblock.conf" ]; then
 		${debug} ${DebugColor} "${FUNCNAME}: read ${FWCONFIGDIR}/ipv${IPVER}/easyblock.conf successful"
-		while read -r direction interface address port; do
+		while read -r direction interface address port protocol; do
 			[[ ${direction} = \#* ]] && continue
 			
 			# Do some creative work with variables to make building the iptables rules fairly painless
@ -252,16 +252,18 @@ function enable_easyblock {
 			([[ ${interface} != "-" ]] && [[ ${direction} == "OUT" ]] && interface="-o ${interface}"
 			[[ ${direction} == "OUT" ]] && chain="${OutEasyBlock}"
 			[[ ${direction} == "IN" ]] && chain="${InEasyBlock}"
+			[[ ${protocol} != "-" ]] && protocol="-p ${protocol}"
 			
-			${debug} ${DebugColor} "${FUNCNAME}: Read: ${direction} ${interface} ${address} ${port}"
+			${debug} ${DebugColor} "${FUNCNAME}: Read: ${direction} ${interface} ${address} ${port} ${protocol}"
 			
 			# Blank variables that we're not going to use.
 			[[ ${interface} == "-" ]] && interface=""
 			[[ ${port} == "-" ]] && port=""
 			[[ ${address} == "-" ]] && address=""
+			[[ ${protocol} == "-" ]] && protocol=""
 			
 			
-			${VER_IPTABLES} -A ${chain} ${interface} ${address} ${port}
+			${VER_IPTABLES} -A ${chain} ${interface} ${address} ${protocol} ${port}
 		done < "${FWCONFIGDIR}/ipv${IPVER}/easyblock.conf"

 		${debug} ${DebugColor} "${FUNCNAME}: done"