lgaetz/DTMF 2 Trusted Zone

## DTMF 2 Trusted Zone
[from-internal-custom]

; Dialplan for a feature code to add ; an IP address to the FreePBX trusted zone
; Dial F-I-R-E-W-A-L-L from an internal extension and enter an IPv4 address using
; DTMF with * as the dot character.
;
; License: GNU GPL3+
; latest version: https://gist.github.com/lgaetz/8a043b7aa39484f622f0f7c138909558
;
; version history   2023-01-21  First commit working
;                   2024-03-28  Added firewall restart shell command and email confirmation

exten => 34739255,1,Noop(Entering user defined context from-internal-custom in extensions_custom.conf)
exten => 34739255,n,Read(address,please-enter-your&address&followed_pound)      ; use dtmf to enter IPv4 address, accept * for the .
exten => 34739255,n,Noop(${address})

; Was thinking to add a regex to validate dtmf input here
; but the fwconsole will validate the address anyway

; there is no easy way to read back an IP address, so slice up into octets
exten => 34739255,n,Set(address1=${CUT(address,*,1)})
exten => 34739255,n,Set(address2=${CUT(address,*,2)})
exten => 34739255,n,Set(address3=${CUT(address,*,3)})
exten => 34739255,n,Set(address4=${CUT(address,*,4)})

; read back in octets
exten => 34739255,n,ExecIf($["${address1}"!=""]?SayDigits(${address1}))
exten => 34739255,n,ExecIf($["${address2}"!=""]?Playback(point))
exten => 34739255,n,ExecIf($["${address2}"!=""]?SayDigits(${address2}))
exten => 34739255,n,ExecIf($["${address3}"!=""]?Playback(point))
exten => 34739255,n,ExecIf($["${address3}"!=""]?SayDigits(${address3}))
exten => 34739255,n,ExecIf($["${address4}"!=""]?Playback(point))
exten => 34739255,n,ExecIf($["${address4}"!=""]?SayDigits(${address4}))

; fix up address, replace *'s with dots
exten => 34739255,n,Set(address=${STRREPLACE(address,*,.)})

; use fwconsole to add address to firewall as trusted
exten => 34739255,n,Set(foo=${SHELL(fwconsole firewall trust ${address})})

; when adding IPs via bash, you must restart firewall for iptables rules to be written
; it takes a while for the command to finish, so SHELL may timeout here
exten => 34739255,n,Set(bar=${SHELL(fwconsole firewall restart)})

// check if bash reports Success! then send confirmation email
exten => 34739255,n,GotoIf($[${REGEX("Success" ${foo})}]?pass:fail)
exten => 34739255,n(pass),Set(foo=${SHELL(echo "${foo}" | mail -s "${address} added to Firewall Trusted List using feature code" admin@example.com)})
exten => 34739255,n,Goto(end)
exten => 34739255,n(fail),Set(foo=${SHELL(echo "${foo}" | mail -s "${address} NOT added to Firewall Trusted List using feature code" admin@example.com)})

exten => 34739255,n(end),hangup
	[from-internal-custom]

	; Dialplan for a feature code to add ; an IP address to the FreePBX trusted zone
	; Dial F-I-R-E-W-A-L-L from an internal extension and enter an IPv4 address using
	; DTMF with * as the dot character.
	;
	; License: GNU GPL3+
	; latest version: https://gist.github.com/lgaetz/8a043b7aa39484f622f0f7c138909558
	;
	; version history 2023-01-21 First commit working
	; 2024-03-28 Added firewall restart shell command and email confirmation

	exten => 34739255,1,Noop(Entering user defined context from-internal-custom in extensions_custom.conf)
	exten => 34739255,n,Read(address,please-enter-your&address&followed_pound) ; use dtmf to enter IPv4 address, accept * for the .
	exten => 34739255,n,Noop(${address})

	; Was thinking to add a regex to validate dtmf input here
	; but the fwconsole will validate the address anyway

	; there is no easy way to read back an IP address, so slice up into octets
	exten => 34739255,n,Set(address1=${CUT(address,*,1)})
	exten => 34739255,n,Set(address2=${CUT(address,*,2)})
	exten => 34739255,n,Set(address3=${CUT(address,*,3)})
	exten => 34739255,n,Set(address4=${CUT(address,*,4)})

	; read back in octets
	exten => 34739255,n,ExecIf($["${address1}"!=""]?SayDigits(${address1}))
	exten => 34739255,n,ExecIf($["${address2}"!=""]?Playback(point))
	exten => 34739255,n,ExecIf($["${address2}"!=""]?SayDigits(${address2}))
	exten => 34739255,n,ExecIf($["${address3}"!=""]?Playback(point))
	exten => 34739255,n,ExecIf($["${address3}"!=""]?SayDigits(${address3}))
	exten => 34739255,n,ExecIf($["${address4}"!=""]?Playback(point))
	exten => 34739255,n,ExecIf($["${address4}"!=""]?SayDigits(${address4}))

	; fix up address, replace *'s with dots
	exten => 34739255,n,Set(address=${STRREPLACE(address,*,.)})

	; use fwconsole to add address to firewall as trusted
	exten => 34739255,n,Set(foo=${SHELL(fwconsole firewall trust ${address})})

	; when adding IPs via bash, you must restart firewall for iptables rules to be written
	; it takes a while for the command to finish, so SHELL may timeout here
	exten => 34739255,n,Set(bar=${SHELL(fwconsole firewall restart)})

	// check if bash reports Success! then send confirmation email
	exten => 34739255,n,GotoIf($[${REGEX("Success" ${foo})}]?pass:fail)
	exten => 34739255,n(pass),Set(foo=${SHELL(echo "${foo}" \| mail -s "${address} added to Firewall Trusted List using feature code" admin@example.com)})
	exten => 34739255,n,Goto(end)
	exten => 34739255,n(fail),Set(foo=${SHELL(echo "${foo}" \| mail -s "${address} NOT added to Firewall Trusted List using feature code" admin@example.com)})

	exten => 34739255,n(end),hangup