nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2026-01-10 18:48:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove cache from switch.blocked.

Browse Source 
Since the IP address is blocked don't need to cache it.
This commit is contained in:
FusionPBX
2022-08-01 19:37:59 -06:00
committed by GitHub
parent 854f2bf1f0
commit 73ded9bf60
1 changed files with 64 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

160
app/event_guard/resources/service/event_guard.php
View File

@@ -196,58 +196,49 @@
return false;
}
//create the cache object
$cache = new cache;
if (!is_blocked($ip_address)) {
//add the blocked ip address to the cache
$cache->set("switch:blocked:".$ip_address, 'true');
//run the block command for iptables
if ($firewall == 'iptables') {
//example: iptables -I INPUT -s 127.0.0.1 -j DROP
$command = 'iptables -I '.$filter.' -s '.$ip_address.' -j DROP';
$result = shell($command);
}
//run the block command for pf
if ($firewall == 'pf') {
//example: pfctl -t sip-auth-ip -T add 127.0.0.5/32
$command = 'pfctl -t '.$filter.' -T add '.$ip_address.'/32';
$result = shell($command);
}
//log the blocked ip address to the syslog
openlog("fusionpbx", LOG_PID | LOG_PERROR);
syslog(LOG_WARNING, "fusionpbx: blocked: [ip_address: ".$ip_address.", filter: ".$filter.", to-user: ".$array['to-user'].", to-host: ".$array['to-host'].", line: ".__line__."]");
closelog();
//log the blocked ip address to the database
$array['event_guard_logs'][0]['event_guard_log_uuid'] = uuid();
$array['event_guard_logs'][0]['hostname'] = gethostname();
$array['event_guard_logs'][0]['log_date'] = 'now()';
$array['event_guard_logs'][0]['filter'] = $filter;
$array['event_guard_logs'][0]['ip_address'] = $ip_address;
$array['event_guard_logs'][0]['extension'] = $array['to-user'].'@'.$array['to-host'];
$array['event_guard_logs'][0]['log_status'] = 'blocked';
$p = new permissions;
$p->add('event_guard_log_add', 'temp');
$database = new database;
$database->app_name = 'event guard';
$database->app_uuid = 'c5b86612-1514-40cb-8e2c-3f01a8f6f637';
$database->save($array);
$p->add('event_guard_log_add', 'temp');
//send debug information to the console
if ($debug) {
echo "blocked address ".$ip_address .", line ".__line__."\n";
}
//unset the array
unset($array);
//run the block command for iptables
if ($firewall == 'iptables') {
//example: iptables -I INPUT -s 127.0.0.1 -j DROP
$command = 'iptables -I '.$filter.' -s '.$ip_address.' -j DROP';
$result = shell($command);
}
//run the block command for pf
if ($firewall == 'pf') {
//example: pfctl -t sip-auth-ip -T add 127.0.0.5/32
$command = 'pfctl -t '.$filter.' -T add '.$ip_address.'/32';
$result = shell($command);
}
//log the blocked ip address to the syslog
openlog("fusionpbx", LOG_PID | LOG_PERROR);
syslog(LOG_WARNING, "fusionpbx: blocked: [ip_address: ".$ip_address.", filter: ".$filter.", to-user: ".$array['to-user'].", to-host: ".$array['to-host'].", line: ".__line__."]");
closelog();
//log the blocked ip address to the database
$array['event_guard_logs'][0]['event_guard_log_uuid'] = uuid();
$array['event_guard_logs'][0]['hostname'] = gethostname();
$array['event_guard_logs'][0]['log_date'] = 'now()';
$array['event_guard_logs'][0]['filter'] = $filter;
$array['event_guard_logs'][0]['ip_address'] = $ip_address;
$array['event_guard_logs'][0]['extension'] = $array['to-user'].'@'.$array['to-host'];
$array['event_guard_logs'][0]['log_status'] = 'blocked';
$p = new permissions;
$p->add('event_guard_log_add', 'temp');
$database = new database;
$database->app_name = 'event guard';
$database->app_uuid = 'c5b86612-1514-40cb-8e2c-3f01a8f6f637';
$database->save($array);
$p->add('event_guard_log_add', 'temp');
//send debug information to the console
if ($debug) {
echo "blocked address ".$ip_address .", line ".__line__."\n";
}
//unset the array
unset($array);
}
//unblock the ip address
@@ -260,12 +251,6 @@
return false;
}
//create the cache object
$cache = new cache;
//delete the blocked ip address from the cache
$cache->delete("switch:blocked:".$ip_address);
//unblock the address
if ($firewall == 'iptables') {
$command = 'iptables -L -n --line-numbers | grep '.$ip_address;
@@ -305,48 +290,26 @@
return false;
}
//create the cache object
$cache = new cache;
//set blocked to false by default
$blocked = false;
//check the cache to see if the address is blocked
if ($cache->get("switch:blocked:".$ip_address) === 'true') {
$blocked = true;
//determine whether to return true or false
if ($firewall == 'iptables') {
//check to see if the address is blocked
$command = 'iptables -L -n --line-numbers | grep '.$ip_address;
$result = shell($command);
if (strlen($result) > 3) {
return true;
}
}
elseif ($firewall == 'pf') {
//check to see if the address is blocked
$command = 'pfctl -t ".$filter." -Ts | grep '.$ip_address;
$result = shell($command);
if (strlen($result) > 3) {
return true;
}
}
else {
//run command to see if address is blocked
if ($firewall == 'iptables') {
//check to see if the address is blocked
$command = 'iptables -L -n --line-numbers | grep '.$ip_address;
//echo $command."\n";
$result = shell($command);
if (strlen($result) > 3) {
//address is blocked but not cached add it to the cache
$cache->set("switch:blocked:".$ip_address, 'true');
//set blocked to true
$blocked = true;
}
}
//run command to see if address is blocked
if ($firewall == 'pf') {
//check to see if the address is blocked
$command = 'pfctl -t ".$filter." -Ts | grep '.$ip_address;
//echo $command."\n";
$result = shell($command);
if (strlen($result) > 3) {
//address is blocked but not cached add it to the cache
$cache->set("switch:blocked:".$ip_address, 'true');
//set blocked to true
$blocked = true;
}
}
return false;
}
return $blocked;
}
//is the ip address registered
@@ -374,6 +337,11 @@
//define global variables
global $debug;
//invalid ip address
if (!filter_var($ip_address, FILTER_VALIDATE_IP)) {
return false;
}
//check the cache to see if the address is allowed
$cache = new cache;
if ($cache->get("switch:allowed:".$ip_address) === 'true') {