Initial

2024-03-19 22:05:27 +03:00
commit 346a50856b
1572 changed files with 182163 additions and 0 deletions
--- a/bin/v-add-firewall-rule
+++ b/bin/v-add-firewall-rule
@@ -0,0 +1,109 @@
+#!/bin/bash
+# info: add firewall rule
+# options: ACTION IP PORT [PROTOCOL] [COMMENT] [RULE]
+#
+# example: v-add-firewall-rule DROP 185.137.111.77 25
+#
+# This function adds new rule to system firewall
+
+#----------------------------------------------------------#
+#                Variables & Functions                     #
+#----------------------------------------------------------#
+
+# Argument definition
+action=$(echo $1 | tr '[:lower:]' '[:upper:]')
+ip=$2
+port_ext=$3
+protocol=${4-TCP}
+protocol=$(echo $protocol | tr '[:lower:]' '[:upper:]')
+comment=$5
+rule=$6
+
+# Includes
+# shellcheck source=/etc/hestiacp/hestia.conf
+source /etc/hestiacp/hestia.conf
+# shellcheck source=/usr/local/hestia/func/main.sh
+source $HESTIA/func/main.sh
+# load config file
+source_conf "$HESTIA/conf/hestia.conf"
+
+# Get next firewall rule id
+get_next_fw_rule() {
+	if [ -z "$rule" ]; then
+		curr_str=$(grep "RULE=" $HESTIA/data/firewall/rules.conf \
+			| cut -f 2 -d \' | sort -n | tail -n1)
+		rule="$((curr_str + 1))"
+	fi
+}
+
+sort_fw_rules() {
+	cat $HESTIA/data/firewall/rules.conf \
+		| sort -n -k 2 -t \' > $HESTIA/data/firewall/rules.conf.tmp
+	mv -f $HESTIA/data/firewall/rules.conf.tmp \
+		$HESTIA/data/firewall/rules.conf
+}
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '3' "$#" 'ACTION IP PORT [PROTOCOL] [COMMENT] [RULE]'
+is_format_valid 'action' 'protocol' 'port_ext'
+is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
+get_next_fw_rule
+is_format_valid 'rule'
+is_object_new '../../data/firewall/rules' 'RULE' "$rule"
+if [ -n "$comment" ]; then
+	is_format_valid 'comment'
+fi
+if [[ "$ip" =~ ^ipset: ]]; then
+	ipset_name="${ip#ipset:}"
+	$BIN/v-list-firewall-ipset plain | grep "^$ipset_name\s" > /dev/null
+	check_result $? 'ipset object not found' "$E_NOTEXIST"
+else
+	is_format_valid 'ip'
+fi
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Generating timestamp
+time_n_date=$(date +'%T %F')
+time=$(echo "$time_n_date" | cut -f 1 -d \ )
+date=$(echo "$time_n_date" | cut -f 2 -d \ )
+
+# Concatenating rule
+str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'"
+str="$str IP='$ip' COMMENT='$comment' SUSPENDED='no'"
+str="$str TIME='$time' DATE='$date'"
+
+# Adding to config
+echo "$str" >> $HESTIA/data/firewall/rules.conf
+
+# Changing permissions
+chmod 660 $HESTIA/data/firewall/rules.conf
+
+# Sorting firewall rules by id number
+sort_fw_rules
+
+# Updating system firewall
+$BIN/v-update-firewall
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Fix missing port value in log if zero
+if [ -z "$port" ]; then
+	port="0"
+fi
+
+# Logging
+$BIN/v-log-action "system" "Info" "Firewall" "Added firewall rule (Action: $action, Port: $port, Protocol: $protocol)."
+log_event "$OK" "$ARGUMENTS"
+
+exit