|
<?php |
|
/** |
|
* Script for dynamically adding firewall rules to FreePBX from a remote host. |
|
* |
|
* This program is free software: you can redistribute it and/or modify |
|
* it under the terms of the GNU General Public License as published by |
|
* the Free Software Foundation, either version 3 of the License, or |
|
* (at your option) any later version. |
|
* |
|
* This program is distributed in the hope that it will be useful, |
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
* GNU General Public License for more details. |
|
* |
|
* @author Brandon Brown |
|
* @copyright 2019 Brandon Brown |
|
* @license http://opensource.org/licenses/gpl-3.0 GNU General Public License, version 3 (GPLv3) |
|
*/ |
|
|
|
$data = file_get_contents("https://www.example.com/myAuthorizedIPS"); |
|
|
|
if(strlen($data) < 7) { |
|
echo "No possibility of valid IP's found in data\n"; |
|
die(); |
|
} |
|
|
|
$ipRegex = '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}'; |
|
|
|
$existingIPs = shell_exec("/usr/sbin/fwconsole firewall list other"); |
|
$ipsInIptables = preg_match_all("/$ipRegex/", $existingIPs, $existingIPsArray); |
|
$ipsToPersist = preg_match_all("/$ipRegex/", $data, $ipsToPersistArray); |
|
|
|
$ipTablesSize = sizeof($existingIPsArray); |
|
$ipsToAdd = []; |
|
$ipsToRemove = []; |
|
|
|
if($ipTablesSize == 1) { |
|
$ipsToAdd = array_diff($ipsToPersistArray[0], $existingIPsArray[0]); |
|
$ipsToRemove = array_diff($existingIPsArray[0], $ipsToPersistArray[0]); |
|
} |
|
|
|
if(!empty($ipsToRemove)) { |
|
$ipsToRemoveList = implode(" ", $ipsToRemove); |
|
$delCommand = "/usr/sbin/fwconsole firewall del other $ipsToRemoveList"; |
|
system(escapeshellcmd($delCommand)); |
|
} |
|
|
|
if(!empty($ipsToAdd)) { |
|
$ipsToAddList = implode(" ", $ipsToAdd); |
|
$addCommand = "/usr/sbin/fwconsole firewall add other $ipsToAddList"; |
|
system(escapeshellcmd($addCommand)); |
|
} |
|
|
|
|
|
?> |
