firewall cli

serghey-rodin · serghey-rodin · commit 09e4c2d22e74 · 2014-09-17T00:32:25.000+03:00
diff --git a/bin/v-add-sys-firewall-rule b/bin/v-add-sys-firewall-rule
@@ -0,0 +1,85 @@
+#!/bin/bash
+# info: add firewall rule
+# options: ACTION PROTOCOL PORT IP [COMMENT] [RULE]
+#
+# The function adds new rule to system firewall
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument defenition
+action=$(echo $1|tr '[:lower:]' '[:upper:]')
+protocol=$(echo $2|tr '[:lower:]' '[:upper:]')
+port_ext=$3
+ip=$4
+comment=$5
+rule=$6
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+# Get next firewall rule id
+get_next_fw_rule() {
+    if [ -z "$rule" ]; then
+        curr_str=$(grep "RULE=" $VESTA/data/firewall/rules_ipv4.conf |\
+         cut -f 2 -d \' | sort -n | tail -n1)
+        rule="$((curr_str +1))"
+    fi
+}
+
+sort_fw_rules() {
+    cat $VESTA/data/firewall/rules_ipv4.conf |\
+        sort -n -k 2 -t \' > $VESTA/data/firewall/rules_ipv4.conf.tmp
+    mv -f $VESTA/data/firewall/rules_ipv4.conf.tmp \
+        $VESTA/data/firewall/rules_ipv4.conf
+}
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '4' "$#" 'ACTION PROTOCOL PORT IP [COMMENT] [RULE]'
+validate_format 'action' 'protocol' 'port_ext' 'ip'
+is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
+get_next_fw_rule
+validate_format 'rule'
+is_object_new '../../data/firewall/rules_ipv4' 'RULE' "$rule"
+if [ ! -z "$comment"]; then
+    validate_format 'comment'
+fi
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Concatenating cron string
+str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'"
+str="$str IP='$ip' COMMENT='$comment' SUSPENDED='no'"
+str="$str TIME='$TIME' DATE='$DATE'"
+
+# Adding to crontab
+echo "$str" >> $VESTA/data/firewall/rules_ipv4.conf
+
+# Changing permissions
+chmod 660 $VESTA/data/firewall/rules_ipv4.conf
+
+# Sorting firewall rules by id number
+sort_fw_rules
+
+# Updating system firewall
+$BIN/v-update-sys-firewall
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$EVENT"
+
+exit
diff --git a/bin/v-change-sys-firewall-rule b/bin/v-change-sys-firewall-rule
@@ -0,0 +1,73 @@
+#!/bin/bash
+# info: change firewall rule
+# options: RULE ACTION PROTOCOL PORT IP [COMMENT]
+#
+# The function is used for changing existing firewall rule.
+# It fully replace rule with new one but keeps same id.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument defenition
+rule=$1
+action=$(echo $2|tr '[:lower:]' '[:upper:]')
+protocol=$(echo $3|tr '[:lower:]' '[:upper:]')
+port_ext=$4
+ip=$5
+comment=$6
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+# Sort function
+sort_fw_rules() {
+    cat $VESTA/data/firewall/rules_ipv4.conf |\
+        sort -n -k 2 -t \' > $VESTA/data/firewall/rules_ipv4.conf.tmp
+    mv -f $VESTA/data/firewall/rules_ipv4.conf.tmp \
+        $VESTA/data/firewall/rules_ipv4.conf
+}
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '5' "$#" 'RULE ACTION PROTOCOL PORT IP [COMMENT]'
+validate_format 'rule' 'action' 'protocol' 'port_ext' 'ip' 'comment'
+is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
+is_object_valid '../../data/firewall/rules_ipv4' 'RULE' "$rule"
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Concatenating firewall rule
+str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'"
+str="$str IP='$ip' COMMENT='$comment' SUSPENDED='no'"
+str="$str TIME='$TIME' DATE='$DATE'"
+
+# Deleting old rule
+sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules_ipv4.conf
+
+# Adding new
+echo "$str" >> $VESTA/data/firewall/rules_ipv4.conf
+
+# Sorting firewall rules by id number
+sort_fw_rules
+
+# Updating system firewall
+$BIN/v-update-sys-firewall
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$EVENT"
+
+exit
diff --git a/bin/v-delete-sys-firewall-rule b/bin/v-delete-sys-firewall-rule
@@ -0,0 +1,48 @@
+#!/bin/bash
+# info: delete firewall rule
+# options: RULE
+#
+# The function deletes firewall rule.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument defenition
+rule=$1
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'RULE'
+validate_format 'rule'
+is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
+is_object_valid '../../data/firewall/rules_ipv4' 'RULE' "$rule"
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Deleting rule
+sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules_ipv4.conf
+
+# Updating system firewall
+$BIN/v-update-sys-firewall
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$EVENT"
+
+exit
diff --git a/bin/v-list-sys-firewall b/bin/v-list-sys-firewall
@@ -0,0 +1,44 @@
+#!/bin/bash
+# info: list iptables rules
+# options: [FORMAT]
+#
+# The function of obtaining the list of all iptables rules.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument defenition
+format=${1-shell}
+
+# Includes
+source $VESTA/func/main.sh
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Defining config
+conf=$VESTA/data/firewall/rules_ipv4.conf
+
+# Defining fileds to select
+fields="\$RULE \$ACTION \$PROTOCOL \$PORT \$IP \$COMMENT"
+fields="$fields \$RULE \$SUSPENDED \$TIME \$DATE"
+
+# Listing domains
+case $format in 
+    json)   json_list ;;
+    plain)  nohead=1; shell_list ;;
+    shell)  fields="\$ACTION \$PROTOCOL \$PORT \$IP";
+            shell_list | column -t ;;
+    *)      check_args '1' '0' 'USER [FORMAT]'
+esac
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit
diff --git a/bin/v-list-sys-firewall-rule b/bin/v-list-sys-firewall-rule
@@ -0,0 +1,89 @@
+#!/bin/bash
+# info: list firewall rule
+# options: RULE [FORMAT]
+#
+# The function of obtaining firewall rule parameters.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument defenition
+rule=$1
+format=${2-shell}
+
+# Includes
+source $VESTA/func/main.sh
+
+# Json function
+json_list_fw_rule() {
+    i=1
+    fileds_count=$(echo "$fields" | wc -w)
+    line=$(grep "RULE='$rule'" $conf)
+    echo '{'
+    eval $line
+    for field in $fields; do
+        eval value=$field
+        if [ "$i" -eq 1 ]; then
+            echo -e "\t\"$value\": {"
+        else
+            if [ "$fileds_count" -eq "$i" ]; then
+                echo -e "\t\t\"${field//$/}\": \"$value\""
+            else
+                echo -e "\t\t\"${field//$/}\": \"$value\","
+            fi
+        fi
+        (( ++i))
+    done
+    if [ -n "$value" ]; then
+        echo -e '        }'
+    fi
+    echo -e "}"
+}
+
+# Shell function
+shell_list_fw_rule() {
+    line=$(grep "RULE='$rule'" $conf)
+    eval $line
+    for field in $fields; do
+        eval key="$field"
+        if [ -z "$key" ]; then
+            key=NULL
+        fi
+        echo "${field//$/}: $key "
+    done
+}
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'RULE [FORMAT]'
+is_object_valid '../../data/firewall/rules_ipv4' 'RULE' "$rule"
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Defining config and fields to select
+conf=$VESTA/data/firewall/rules_ipv4.conf
+fields="\$RULE \$ACTION \$PROTOCOL \$PORT \$IP \$COMMENT"
+fields="$fields \$RULE \$SUSPENDED \$TIME \$DATE"
+
+# Listing fw rule
+case $format in 
+    json)   json_list_fw_rule ;;
+    plain)  nohead=1; shell_list_fw_rule ;;
+    shell)  shell_list_fw_rule |column -t ;;
+    *)      check_args '2' '0' 'RULE [FORMAT]'
+esac
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit
diff --git a/bin/v-list-sys-services b/bin/v-list-sys-services
@@ -187,6 +187,18 @@ if [ ! -z "$service" ] && [ "$service" != 'remote' ]; then
     str="$str CPU='$cpu' MEM='$mem' RTIME='$rtime'"
 fi
 
+# FIREWALL
+service=$FIREWALL_SYSTEM
+if [ ! -z "$service" ] && [ "$service" != 'remote' ]; then
+    state="stopped"
+    /sbin/iptables -L vesta >/dev/null 2>&1
+    if [ "$?" -eq 0 ]; then
+        state="running"
+    fi
+    str="$str\nNAME='$FIREWALL_SYSTEM' SYSTEM='firewall'"
+    str="$str STATE='$state' CPU='0' MEM='0' RTIME='0'"
+fi
+
 # Defining config
 echo -e "$str" > $tmp_file
 conf=$tmp_file
diff --git a/bin/v-update-sys-firewall b/bin/v-update-sys-firewall
