Add route managing web interface / utils

parent 209e631d
...@@ -112,4 +112,27 @@ disown ...@@ -112,4 +112,27 @@ disown
ipset add full_ip 192.168.1.2 ipset add full_ip 192.168.1.2
ipset add full_ip 192.168.1.3 ipset add full_ip 192.168.1.3
# TOR Trap
echo 1 > /proc/sys/net/ipv4/conf/$LLAN/route_local
ipset create tor_ip hash:ip family inet
iptables -I INPUT -i $LLAN -p udp -m set --match-set tor_ip src -j DROP
iptables -I INPUT -i $LLAN -p udp --dport 53 -m set --match-set tor_ip src -j ACCEPT
iptables -I INPUT -i $LLAN -p udp --dport 5300 -m set --match-set tor_ip src -j ACCEPT
iptables -I FORWARD -i $LLAN -p udp -m set --match-set tor_ip src -j DROP
iptables -I FORWARD -i $LLAN -p udp --dport 53 -m set --match-set tor_ip src -j ACCEPT
iptables -I FORWARD -i $LLAN -p udp --dport 5300 -m set --match-set tor_ip src -j ACCEPT
iptables -t nat -I PREROUTING -i $LLAN -p udp --dport 53 -m set --match-set tor_ip src -j RETURN
iptables -t nat -I PREROUTING -i $LLAN -p udp --dport 5300 -m set --match-set tor_ip src -j RETURN
iptables -t nat -I PREROUTING -i $LLAN -p udp --dport 53 -m set --match-set tor_ip src -j DNAT --to-destination 127.0.0.1:5300
iptables -t nat -I PREROUTING -i $LLAN -p tcp -m set --match-set tor_ip src -j RETURN
iptables -t nat -I PREROUTING -i $LLAN -p tcp -m set --match-set tor_ip src -j DNAT --to-destination $MYLANIP:9040
# BLOCK TRAP
ipset create block_ip hash:ip family inet
iptables -I FORWARD -i $LLAN -m set --match-set block_ip src -j DROP
iptables -I FORWARD -i $LLAN -p udp --dport 53 -m set --match-set block_ip src -j ACCEPT
exit 0 exit 0
Place the executables in /usr/local/bin
#!/bin/bash
logger -t "DHCPEVENT" "$@"
#cleanup NordVPN redirections
case $1 in
commit)
true
;;
release|expire)
/usr/local/bin/route_remove $2
;;
*)
logger -t "DHCPEVENT ERROR" "$@"
;;
esac
#!/bin/bash
curl http://$1:8008/ssdp/device-desc.xml 2> /dev/null | grep -oP '(?<=friendlyName>)[^<]+'
#!/bin/bash
table="no"
case $2 in
it)
table="nordvpn.it"
;;
us)
table="nordvpn.us"
;;
tor)
table="tor"
;;
rain)
table="rain"
;;
block)
table="block"
;;
*)
table="no"
;;
esac
/usr/local/bin/route_remove $1
if [ x"$table" != "no" ] ; then
if [ x"$table" == x"tor" ] ; then
ipset add tor_ip $1 > /dev/null 2>&1 || true
elif [ x"$table" == x"block" ] ; then
ipset add block_ip $1 > /dev/null 2>&1 || true
else
ip rule add priority 700 from $1 lookup $table > /dev/null 2>&1 || true
fi
fi
exit 0
#!/bin/bash
res="no"
for table in nordvpn.it nordvpn.us rain ; do
check=`ip rule show lookup $table | grep $1`
if [ x"$check" != x"" ] ; then
if [ x"$res" == x"no" ] ; then
res=$table
fi
fi
done
if [ x"$res" == x"no" ] ; then
check=`ipset list tor_ip | grep $1`
if [ x"$check" != x"" ] ; then
res="tor"
fi
fi
if [ x"$res" == x"no" ] ; then
check=`ipset list block_ip | grep $1`
if [ x"$check" != x"" ] ; then
res="block"
fi
fi
if [ x"$res" == x"nordvpn.it" ] ; then
echo it
elif [ x"$res" == x"nordvpn.us" ] ; then
echo "us"
else
echo $res
fi
#!/bin/bash
for table in nordvpn.it nordvpn.us rain; do
ip rule del priority 700 from $1 lookup $table > /dev/null 2>&1 || true
done
ipset del tor_ip $1 > /dev/null 2>&1 || true
ipset del block_ip $1 > /dev/null 2>&1 || true
exit 0
Place the content of the "public" directory in your documentroot on nginx or apache with enabled
add this line in visudo:
www-data ALL=NOPASSWD: /usr/local/bin/route_add, /usr/local/bin/route_remove, /usr/local/bin/route_check
( change www-data with the actual user for your web server )
<?php
$localnet="192.168.42.";
$fixed=array(
"zeiss" => "192.168.42.3",
"dedalo" => "192.168.42.2",
"nas" => "192.168.42.12"
);
?>
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
<?php
include("config.php");
function activeButton($route, $act) {
if($route == $act) {
echo "btn-primary";
} else {
echo "btn-secondary";
}
}
function hostButtons($ip, $active="no") {
?>
<div class="btn-group btn-group-sm" role="group" id="<?php echo $ip;?>">
<button type="button" data-ip="<?php echo $ip;?>" data-route="no" class="hostbtn btn <?php activeButton("no", $active);?>">NO VPN</button>
<button type="button" data-ip="<?php echo $ip;?>" data-route="it" class="hostbtn btn <?php activeButton("it", $active);?>">ITALY VPN</button>
<button type="button" data-ip="<?php echo $ip;?>" data-route="us" class="hostbtn btn <?php activeButton("us", $active);?>">US VPN</button>
<button type="button" data-ip="<?php echo $ip;?>" data-route="tor" class="hostbtn btn <?php activeButton("us", $active);?>"> -TOR- </button>
</div>
<?php
}
?><html>
<head>
<title>Routes Admin Panel</title>
<link href="/css/bootstrap.min.css" rel="stylesheet" >
<script src="/js/jquery-3.6.0.min.js" ></script>
<script src="/js/bootstrap.bundle.min.js" ></script>
</head>
<body>
<div id="BASE" data-hash="NOT_INITIALIZED">
<div>
<h3><b>DHCP HOSTS:</b></h1>
</div>
<div id="DHCP">
</div>
<div>
<h3><b>FIXED IP HOSTS:</b></h1>
</div>
<div id="FIXED">
</div>
</div>
<script language="javascript">
function activeButton(route, act) {
if(route == act) return "btn-primary";
return 'btn-secondary';
}
function addButton(block, ip, name, route) {
$(block).append(
'<div>'+
' <div data-ip="'+ip+'" data-name="'+name+'"><b>'+ip+' - '+name+' </b><br /></div>'+
' <div class="btn-group btn-group-sm" role="group" id="'+ip+'" >' +
' <button type="button" data-ip="'+ip+'" data-route="no" class="hostbtn btn '+activeButton("no", route)+'">NO VPN</button>' +
' <button type="button" data-ip="'+ip+'" data-route="it" class="hostbtn btn '+activeButton("it", route)+'">IT VPN</button>' +
' <button type="button" data-ip="'+ip+'" data-route="us" class="hostbtn btn '+activeButton("us", route)+'">US VPN</button>' +
' <button type="button" data-ip="'+ip+'" data-route="tor" class="hostbtn btn '+activeButton("tor", route)+'"> -TOR- </button>' +
' <button type="button" data-ip="'+ip+'" data-route="rain" class="hostbtn btn '+activeButton("rain", route)+'"> RAIN </button>' +
' <button type="button" data-ip="'+ip+'" data-route="block" class="hostbtn btn '+activeButton("block", route)+'"> BLOCK </button>' +
' </div>'+
'</div>'+
'<hr>'
);
}
function updateButton(ip, name, route) {
$('div[data-ip="'+ip+'"]').attr('data-name', name);
$('div[data-ip="'+ip+'"] b').text(ip+" - "+name);
$('button[data-ip="'+ip+'"]').attr('data-name', name);
$('button[data-ip="'+ip+'"].btn-primary').removeClass('btn-primary').addClass('btn-secondary');
$('button[data-ip="'+ip+'"][data-route="'+route+'"]').removeClass('btn-secondary').addClass('btn-primary');
}
function refreshData(data) {
if($("#BASE").attr('data-hash') != data.uphash) {
$("#BASE").attr('data-hash', data.uphash);
$.each(data.dhcp, function(ip, v) {
if(document.getElementById(ip)) {
updateButton(ip, v.name, v.route);
} else {
addButton("#DHCP", ip, v.name, v.route);
}
});
$.each(data.fixed, function(ip, v) {
if(document.getElementById(ip)) {
updateButton(ip, v.name, v.route);
} else {
addButton("#FIXED", ip, v.name, v.route);
}
});
}
};
function getData() {
$.getJSON("route.php", refreshData);
}
function sendButton() {
var ip = $(this).attr('data-ip');
var route = $(this).attr('data-route');
$.ajax('setroute.php', {
type: 'POST',
data: { 'ip': ip, 'route': route },
success: getData
});
}
$(document).ready(function() {
getData();
$("#DHCP").on('click', '.hostbtn', sendButton);
$("#FIXED").on('click', '.hostbtn', sendButton);
setInterval(getData, 2000);
});
</script>
</body>
</html>
This diff is collapsed.
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
<?php
include("config.php");
$hosts=explode("\n", (string)shell_exec("dhcp-lease-list"));
$DHCPIP=array();
$FIXEDIP=array();
$ROUTESTRING="";
function getRoute($ip) {
return(str_replace("\n", "", shell_exec("sudo -u root /usr/local/bin/route_check $ip")));
}
foreach($hosts as $line) {
$part = explode(" ", $line);
if(count($part) > 4 && str_starts_with($part[2], $localnet)) {
$cname = "";
if($part[4] == "Chromecast") {
$cname = str_replace("\r", "", str_replace("\n", "", shell_exec("/usr/local/bin/getChromecast ".$part[2])));
if($cname != "") { $cname = " ".$cname; } else { $cname = " OFFLINE"; }
}
$ip = $part[2];
$name = $part[4].$cname;
$route = getRoute($ip);
$DHCPIP[$ip] = array("name" => $name, "ip" => $ip, "route" => $route);
$ROUTESTRING.=$route;
}
}
foreach($fixed as $host => $ip) {
$route=getRoute($ip);
$FIXEDIP[$ip] =array("name" => $host, "ip" => $ip, "route" => $route);
$ROUTESTRING.=$route;
}
print(
json_encode(
array(
'fixed' => $FIXEDIP,
'dhcp' => $DHCPIP,
'uphash' => hash("sha256", implode("|", array_keys($DHCPIP))."-".implode("|", array_keys($FIXEDIP)).$ROUTESTRING)
)
)
);
?>
<?php
include("config.php");
function getRoute($ip, $route) {
return(str_replace("\n", "", shell_exec("sudo -u root /usr/local/bin/route_add $ip $route")));
}
$ip = $_POST['ip'];
$route = $_POST['route'];
getRoute($ip, $route);
print('ok');
?>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment