From d45f6ddae0350185ab428f4123826bbd552c4b1e Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Sun, 25 Aug 2024 19:31:05 -0600 Subject: [PATCH] Update event guard for freebsd --- .../resources/service/event_guard.php | 42 +++++++++++++++---- 1 file changed, 34 insertions(+), 8 deletions(-) diff --git a/app/event_guard/resources/service/event_guard.php b/app/event_guard/resources/service/event_guard.php index 42376d2114..25cd190ade 100644 --- a/app/event_guard/resources/service/event_guard.php +++ b/app/event_guard/resources/service/event_guard.php @@ -1,6 +1,6 @@ + Copyright (C) 2022-2024 Mark J Crane Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -88,6 +88,14 @@ exit; } +//add pf tables into your pf.conf file + //if ($firewall_name == 'pf') { + // table persist + // table persist + // block in quick from + // block in quick from + //} + //add the iptables chains if ($firewall_name == 'iptables') { //create a chain array @@ -321,8 +329,8 @@ //run the block command for pf if ($firewall_name == 'pf') { - //example: pfctl -t sip-auth-ip -T add 127.0.0.5/32 - $command = $firewall_path.'/pfctl -t '.$filter.' -T add '.$ip_address.'/32'; + //example: pfctl -t sip-auth-ip -T add 127.0.0.5 + $command = $firewall_path.'/pfctl -t '.$filter.' -T add '.$ip_address; $result = shell($command); } @@ -380,8 +388,8 @@ //unblock the address if ($firewall_name == 'pf') { - //example: pfctl -t sip-auth-ip -T delete 127.0.0.5/32 - $command = $firewall_path.'/pfctl -t '.$filter.' -T delete '.$ip_address.'/32'; + //example: pfctl -t sip-auth-ip -T delete 127.0.0.5 + $command = $firewall_path.'/pfctl -t '.$filter.' -T delete '.$ip_address; $result = shell($command); } @@ -406,7 +414,7 @@ //check to see if the address is blocked $command = $firewall_path.'/./iptables -L -n --line-numbers | grep '.$ip_address; $result = shell($command); - if (strlen($result) > 3) { + if (!empty($result) && strlen($result) > 3) { return true; } } @@ -414,7 +422,7 @@ //check to see if the address is blocked $command = $firewall_path.'/pfctl -t ".$filter." -Ts | grep '.$ip_address; $result = shell($command); - if (strlen($result) > 3) { + if (!empty($result) && strlen($result) > 3) { return true; } } @@ -602,7 +610,7 @@ $allowed = false; //use the ip address to get the authorized nodes - if ($user_log_count > 0) { + if (!empty($user_log_count) && $user_log_count > 0) { $allowed = true; } @@ -645,6 +653,23 @@ return $allowed; } +//check if the iptables chain exists + function pf_table_exists($table) { + //define the global variables + global $firewall_path, $firewall_name; + + //build the command to check if the pf table exists + $command = $firewall_path."/./pfctl -t ".$table." -T show | grep error"; + //if ($debug) { echo $command."\n"; } + $response = shell($command); + if (!empty($response)) { + return true; + } + else { + return false; + } + } + //add IP table chains function iptables_chain_add($chain) { //define the global variables @@ -691,3 +716,4 @@ } ?> +