Jump to content
  • CoD 4 Block Player's IP Through Firewall Functionality


    Roy
    • Start Date: 04/25/2018
      Completion Date: 05/11/2018
      Expected Completion Date: 05/11/2018
     Share

    At the moment, our CoD 4 admin team (including myself) finds the B3 RCON tool inconsistent and sometimes doesn't ban players correctly (the player can stay on the server). A project I've been wanting to work on includes building a web page implemented into the forums where our admins can submit IPs in and it'll ban these IPs on a firewall level using IPTables.

     

    How The Back End Will Work

    So the front end will be an IPS 4 page with a form including a small text box (for the IP) and a submit button. This is by far the easiest part of the project.

     

    As for the back end, firstly, I will be making a custom chain via IPTables on the CoD 4 server machine:

     

    iptables -N cod4
    iptables -t filter -A INPUT -j cod4

     

    I plan on making a database with the following structure:

    • ID|int (id) - The unique ID of the row (auto-increment).
    • IP|varchar (ip) - The IP address of the user. This will have a length of 11 characters or so.
    • Date Added|int (dateadded) - The UNIX timestamp of when the row was added.
    • Added|int (added) - 0 = Yet to be added, 1 = Added.

     

    So, when the form is submitted, the back end script (through PHP) will enter the information into the database following the above structure. The added value will be 0 (default).

     

    I will be creating a bash file on the CoD 4 machine that will be ran every 5 minutes with a cron job. There will be a back end PHP script that retrieves all the database rows with added set to 0. It will convert the data into a JSON and echo to the page. I will also ensure the script has an IP whitelist using the $_SERVER['REMOTE_ADDR']. Anyways, the bash script will request the page and store the data from the page (the JSON data) into a variable and convert it into an array. It will loop through each array and execute the following command that'll add the IP to the cod4 IPTables chain:

     

    iptables -I cod4 -s $ip -j DROP

     

    After it adds the IP to the chain, it will request another back end PHP script (which will also be IP white list protected) with the blocked IP included in the POST. Once this page is requested, it will set added to 1 in the row with the blocked IP address. Basically this will tell the back end script above that this IP was already blocked and there isn't a need to block it again.

     

    That is basically it. I will also be adding two other functionalities including checking if an IP was blocked through the firewall and removing an IP from the blocked firewall. I will also add security checks to the IP submitted to be blocked (e.g. ensuring it's a valid IP and no malicious injection code).

     

    This is a project moved from our old Technical Tasks database to the Projects database. Some sensitive information may have been cut out when moving to the public.

    Edited by Roy


    Leader: Roy Members - Roy
    Progress - 100%
     Share


    User Feedback

    Recommended Comments

    4-25-18

    I will be working on this when I get the time. Unfortunately, I cannot complete the project until a couple weeks (when I have time and access).

     

    I will be working on the PHP scripts this week.

     

    I can easily do this as long as I have the time because I've done things similar with PHP in the past. The only things I need to find out is the following:

    • How bash files can convert JSON (I have another option which includes new lines if this doesn't work).
    • Implementing the front end into IPS 4.

     

    Thanks!

     

    5-3-18

    Changed Task Priority to High

     

    5-3-18

    Increasing to high priority due to ongoing issues regarding B3 RCON. I will be working on this today.

     

    Thank you.

     

    5-3-18

    Bash Script that will run every five minutes via cron job and adds IPs to the firewall:

     

    #!/bin/bash
    
    # Retrieve the IPs that need to be added.
    json=$(curl -sk 'http://127.0.0.1/miniprojects/cod4fw/retrieveips.php');
    
    # Loop through all IPs.
    for row in $(echo "${json}" | jq -r '.[] | @base64'); do
            _jq()
            {
                    echo ${row} | base64 --decode | jq -r ${1}
            }
    
            ip=$(_jq '.ip');
    
            # Firstly, let's add the IP to the firewall.
            iptables -I cod4fw -s ${ip} -j DROP
    
            # Now let's set the IP to added through cURL.
            stuff=$(curl -skd "ip=${ip}" http://127.0.0.1/miniprojects/cod4fw/setip.php)
    
            echo "Added IP '${ip}' to the firewall successfully...";
            #echo ${stuff};
    done

     

    PHP back end script #1 that retrieves all the IPs that needs to be added to the firewall and outputs with JSON:

     

    <?php
    	/**
    	*	This script will retrieve IPs that need to be blocked via the firewall.
    	**/
    	
    	require_once('sql.php');
    	
    	$IPs = Array();
    	
    	$db->where('added', '0');
    	$query = $db->get('blocks', null, 'ip');
    	
    	if ($db->count > 0)
    	{
    		foreach($query as $row)
    		{
    			$IPs[] = Array
    			(
    				'ip' => $row['ip']
    			);
    		}
    	}
    	
    	$json = json_encode($IPs);
    	
    	echo $json;
    ?>

     

    PHP back end script #2 that sets the IP as added through the database so it won't be added again:

     

    <?php
    	/**
    	*	This script sets an IP in the CoD 4 firewall to added.
    	**/
    	
    	require_once('sql.php');
    	
    	$ip = isset($_POST['ip']) ? $_POST['ip'] : false;
    	
    	if ($ip)
    	{
    		$updateData = Array
    		(
    			'added' => 1
    		);
    		
    		$db->where('ip', $ip);
    		
    		$update = $db->update('blocks', $updateData);
    		
    		if ($update)
    		{
    			echo 'Updated ' . $ip . '.';
    		}
    		else
    		{
    			echo 'Database error - ' . $db->getLastError();
    		}
    	}
    ?>

     

    I will be adjusting these scripts for security along with making the front-end scripts later on.

     

    P.S. The sql.php file is a simple file that initializes the database connection. I use this MySQLi wrapper.

     

    Thank you.

     

    5-3-18

    In addition, two columns have been added to the database structure:

    • Admin ID|int (adminid) - The Admin's IPS 4 Member ID.
    • Admin IP|int (adminip) - The Admin's IP address.

     

    Here is a screenshot of the database structure through PhpMyAdmin for the blocks table:

     

    204385c3ad2221.png

     

    Thanks!

     

    5-3-18

    Made GREAT progress on this project regarding the IPS 4 front-end. Here is the main front-end module written in PHP for IPS 4:

     

    <?php
    
    
    namespace IPS\cod4admin\modules\front\firewall;
    
    /* To prevent PHP errors (extending class does not exist) revealing path */
    if ( !defined( '\IPS\SUITE_UNIQUE_KEY' ) )
    {
    	header( ( isset( $_SERVER['SERVER_PROTOCOL'] ) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.0' ) . ' 403 Forbidden' );
    	exit;
    }
    
    /**
     * main
     */
    class _main extends \IPS\Dispatcher\Controller
    {
    	
    	// IP Whitelist...
    	public $whiteList = Array
    	(
    		'*******'
    	);
    	
    	// Group Whitelist.
    	public $groupWhiteList = Array
    	(
    		'20',	// Director.
    		'6',	// Council.
    		'8',	// Division Leader.
    		'11'	// Technical Administrator.
    	);
    	
    	// User Whitelist.
    	public $userWhiteList = Array
    	(
    		'1',	// The one and only Christiano Deaconado.
    		'1506',	// Worgee.
    		'10',	// Snoopy.
    		'21678'	// Omarock.
    	);
    		
    	/**
    	 * Execute
    	 *
    	 * @return	void
    	 */
    	public function execute()
    	{
    		
    		parent::execute();
    	}
    
    	/**
    	 * ...
    	 *
    	 * @return	void
    	 */
    	protected function manage()
    	{
    		// Get loaded member.
    		$member = \IPS\Member::loggedIn();
          
    		// Set title.
    		\IPS\Output::i()->title = $member->language()->addToStack('cod4admin_firewall_title');
    		
    		if ($member && isset($member->member_id) && (in_array($member->member_group_id, $this->groupWhiteList) || in_array($member->member_id, $this->userWhiteList)))
    		{
    			// Initialize the external database connection.
    			$connection = \IPS\Db::i('external', Array
    			(
    				'sql_host' => '*******',
    				'sql_user' => '*******',
    				'sql_pass' => '*******',
    				'sql_database' => '******',
    				'sql_port' => xxxxx
    			));
    			
    			//\IPS\Output::i()->output .= \IPS\Theme::i()->getTemplate('other', 'cod4admin', 'global')->test(json_encode($member, JSON_PRETTY_PRINT));
    			
    			// Create the block user form.
    			$blockUserForm = new \IPS\Helpers\Form('block_form', 'cod4admin_blockuser_submit');
    			
    			// Add vertical class.
    			$blockUserForm->class = 'ipsForm_vertical';
    			
    			// IP field.
    			$ipBlockInput = new \IPS\Helpers\Form\Text('blockip', '', TRUE, Array(), function ($val)
    			{
    				if (!$this->validateIP($val))
    				{
    					throw new \DomainException('form_bad_value');
    				}
    			});
    			$ipBlockInput->description = 'IP of the user you would like to block.';
    			$ipBlockInput->label = 'IP';
    			
    			// Add the fields.
    			$blockUserForm->add($ipBlockInput);
    			
    			// Create the unblock user form.
    			$unblockUserForm = new \IPS\Helpers\Form('unblock_form', 'cod4admin_unblockuser_submit');
    			
    			// Add vertical class.
    			$unblockUserForm->class = 'ipsForm_vertical';
    			
    			// IP field.
    			$ipUnblockInput = new \IPS\Helpers\Form\Text('unblockip', '', TRUE, Array(), function ($val)
    			{
    				if (!$this->validateIP($val))
    				{
    					throw new \DomainException('form_bad_value');
    				}
    			});
    			$ipUnblockInput->description = 'IP of the user you would like to unblock.';
    			$ipUnblockInput->label = 'IP';
    			
    			// Add the fields.
    			$unblockUserForm->add($ipUnblockInput);
    			
    			// Check blocked values.
    			if ($values = $blockUserForm->values())
    			{	
    				$success = true;
    				$err = "";
    				
    				$check = $connection->select('ip', 'blocks', Array('ip=? AND added=?', $values['blockip'], 0));
    
    				if (count($check) > 0)
    				{
    					$success = false;
    					$err = "IP already waiting to be added to the block list.";
    				}
    				
    				$insert = $connection->insert('blocks', Array('ip' => $values['blockip'], 'dateadded' => time(), 'added' => 0, 'adminid' => $member->member_id, 'adminip' => $_SERVER['REMOTE_ADDR']));
    				
    				if (!$insert)
    				{
    					$success = false;
    					$err = "Error with the query.";
    				}
    				
    				
    				if ($success)
    				{
    					\IPS\Output::i()->output .= \IPS\Theme::i()->getTemplate('other', 'cod4admin', 'global')->successBlock();
    				}
    				else
    				{
    					\IPS\Output::i()->output .= \IPS\Theme::i()->getTemplate('other', 'cod4admin', 'global')->failBlock();
    				}
    			}
    			
    			// Check unblocked values.
    			if ($values = $unblockUserForm->values())
    			{
    				$success = true;
    				$err = "";
    				
    				$check = $connection->select('ip', 'unblocks', Array('ip=? AND removed=?', $values['unblockip'], 0));
    
    				if (count($check) > 0)
    				{
    					$success = false;
    					$err = "IP already waiting to be added to the block list.";
    				}
    				
    				$insert = $connection->insert('unblocks', Array('ip' => $values['blockip'], 'dateadded' => time(), 'removed' => 0, 'adminid' => $member->member_id, 'adminip' => $_SERVER['REMOTE_ADDR']));
    				
    				if (!$insert)
    				{
    					$success = false;
    					$err = "Error with the query.";
    				}
    				
    				
    				if ($success)
    				{
    					\IPS\Output::i()->output .= \IPS\Theme::i()->getTemplate('other', 'cod4admin', 'global')->successBlock();
    				}
    				else
    				{
    					\IPS\Output::i()->output .= \IPS\Theme::i()->getTemplate('other', 'cod4admin', 'global')->failBlock();
    				}
    			}
    			
    			// Fucko doodle do...
    			\IPS\Output::i()->output .= $blockUserForm->customTemplate(Array(call_user_func_array(Array(\ips\Theme::i(), 'getTemplate'), array('forms', 'cod4admin', 'global')), 'blockuser'));
    			\IPS\Output::i()->output .= $unblockUserForm->customTemplate(Array(call_user_func_array(Array(\ips\Theme::i(), 'getTemplate'), array('forms', 'cod4admin', 'global')), 'unblockuser'));
    		}
    		else
    		{
    			\IPS\Output::i()->output .= \IPS\Theme::i()->getTemplate('other', 'cod4admin', 'global')->nopermission();
    		}
    		
    		// Foooooter.
    		\IPS\Output::i()->output .= \IPS\Theme::i()->getTemplate('other', 'cod4admin', 'global')->footer();
    	}
    	
    	// Create new methods with the same name as the 'do' parameter which should execute it
    	
    	// Validate IP address. Discovered filter_var() today. Cool stuffz :3
    	protected function validateIP($ip)
    	{
    		if (empty($ip) || !filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE) || in_array($ip, $this->whiteList))
    		{
    			return false;
    		}
    		
    		return true;
    	}
    }

     

    20465f0a815093.png

     

    Still A LOT of work to be done to the script including implementing it with IPS 4 permissions here. I hate using arrays for our group, user, and IP white-listing. But I do not have enough energy to look into proper permissions tonight (it's a complex set up).

     

    I also made many HTML/PHP templates through IPS 4. This project is definitely motivating me to get back into developing IPS 4 projects. I've been pretty excited tonight. I need to take a break now though.

     

    Thanks!

    Link to comment
    Share on other sites

    5-7-18

    Just an update, I am almost complete this. I wasn't able to implement IPS 4's permission system into the project yet (this would take A LOT more time after seeing how complex it is). However, I was able to implement my own permission system into it using the database, group IDs, member IDs, and an IP white-list. I still need to implement administration pages into this so higher ups can add users and groups. As of right now, you have to white list group and member IDs into the database itself (only Directors and I have access to this).

     

    At the moment, the firewall page is available for our higher ups and CoD 4 admins:

     

    xxxxxxxxxxxxxxxxxxxxxxxx

     

    I will likely be changing the URL in the future to make it more friendly (e.g. xxxxxxxxxxx/xxxxxx).

     

    I haven't set up the back end bash script on our game server machine. Therefore, it will not add IPs to the firewall yet. However, once set up, it will take all the IPs submitted to this database and block them once the bash script (cron job) is running.

     

    Here is the main module's front-end code:

     

    <?php
    
    
    namespace IPS\cod4admin\modules\front\firewall;
    
    /* To prevent PHP errors (extending class does not exist) revealing path */
    if ( !defined( '\IPS\SUITE_UNIQUE_KEY' ) )
    {
    	header( ( isset( $_SERVER['SERVER_PROTOCOL'] ) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.0' ) . ' 403 Forbidden' );
    	exit;
    }
    
    /**
     * main
     */
    class _main extends \IPS\Dispatcher\Controller
    {
    	// IP Whitelist.
    	protected $ipWhitelist = Array();
    	
    	// Group Whitelist.
    	protected $groupWhitelist = Array();
    	
    	// User Whitelist.
    	protected $userWhitelist = Array();
    		
    	/**
    	 * Execute
    	 *
    	 * @return	void
    	 */
    	public function execute()
    	{
    		parent::execute();
    	}
    
    	/**
    	 * ...
    	 *
    	 * @return	void
    	 */
    	protected function manage()
    	{
    		// Update user and group whitelist.
    		$this->updateIPWhitelist();
    		$this->updateGroupWhitelist();
    		$this->updateUserWhitelist();
    		
    		// Add the CSS file.
    		\IPS\Output::i()->cssFiles = array_merge(\IPS\Output::i()->cssFiles, \IPS\Theme::i()->css('firewall/header.css'));
    		
    		// Get loaded member.
    		$member = \IPS\Member::loggedIn();
    		
    		// Set title.
    		\IPS\Output::i()->title = $member->language()->addToStack('cod4admin_firewall_title');
    		
    		// Output header.
    		\IPS\Output::i()->output .= \IPS\Theme::i()->getTemplate('other', 'cod4admin', 'global')->header();
    		
    		// Shhhh :)
    		\IPS\Output::i()->output .= '<div class="ipsPad ipsBox">';
    		
    		if ($member && isset($member->member_id) && (in_array($member->member_group_id, $this->groupWhitelist) || in_array($member->member_id, $this->userWhitelist)))
    		{	
    			//\IPS\Output::i()->output .= \IPS\Theme::i()->getTemplate('other', 'cod4admin', 'global')->test(json_encode($member, JSON_PRETTY_PRINT));
    			
    			// Create the block user form.
    			$blockUserForm = new \IPS\Helpers\Form('block_form', 'cod4admin_blockuser_submit');
    			
    			// Add vertical class.
    			$blockUserForm->class = 'ipsForm_vertical';
    			
    			// IP field.
    			$ipBlockInput = new \IPS\Helpers\Form\Text('blockip', '', TRUE, Array(), function ($val)
    			{
    				if (!$this->validateIP($val))
    				{
    					throw new \DomainException('form_bad_value');
    				}
    			});
    			//$ipBlockInput->description = 'IP of the user you would like to block.';
    			$ipBlockInput->label = 'IP';
    			
    			// Add the fields.
    			$blockUserForm->add($ipBlockInput);
    			
    			// Create the unblock user form.
    			$unblockUserForm = new \IPS\Helpers\Form('unblock_form', 'cod4admin_unblockuser_submit');
    			
    			// Add vertical class.
    			$unblockUserForm->class = 'ipsForm_vertical';
    			
    			// IP field.
    			$ipUnblockInput = new \IPS\Helpers\Form\Text('unblockip', '', TRUE, Array(), function ($val)
    			{
    				if (!$this->validateIP($val))
    				{
    					throw new \DomainException('form_bad_value');
    				}
    			});
    			//$ipUnblockInput->description = 'IP of the user you would like to unblock.';
    			$ipUnblockInput->label = 'IP';
    			
    			// Add the fields.
    			$unblockUserForm->add($ipUnblockInput);
    			
    			// Check blocked values.
    			if ($values = $blockUserForm->values())
    			{	
    				$success = true;
    				$err = "";
    				
    				$check = \IPS\Db::i()->select('ip', 'cod4admin_blocks', Array('ip=? AND added=?', $values['blockip'], 0));
    
    				if (count($check) > 0)
    				{
    					$success = false;
    					$err = "IP already waiting to be added to the block list.";
    				}
    				
    				$insert = \IPS\Db::i()->insert('cod4admin_blocks', Array('ip' => $values['blockip'], 'dateadded' => time(), 'added' => 0, 'adminid' => $member->member_id, 'adminip' => $_SERVER['REMOTE_ADDR']));
    				
    				if (!$insert)
    				{
    					$success = false;
    					$err = "Error with the query.";
    				}
    				
    				
    				if ($success)
    				{
    					\IPS\Output::i()->output .= \IPS\Theme::i()->getTemplate('other', 'cod4admin', 'global')->successBlock();
    				}
    				else
    				{
    					\IPS\Output::i()->output .= \IPS\Theme::i()->getTemplate('other', 'cod4admin', 'global')->failBlock($err);
    				}
    			}
    			
    			// Check unblocked values.
    			if ($values = $unblockUserForm->values())
    			{
    				$success = true;
    				$err = "";
    				
    				$check = \IPS\Db::i()->select('ip', 'cod4admin_unblocks', Array('ip=? AND removed=?', $values['unblockip'], 0));
    
    				if (count($check) > 0)
    				{
    					$success = false;
    					$err = "IP already waiting to be added to the block list.";
    				}
    				
    				$insert = \IPS\Db::i()->insert('cod4admin_unblocks', Array('ip' => $values['blockip'], 'dateadded' => time(), 'removed' => 0, 'adminid' => $member->member_id, 'adminip' => $_SERVER['REMOTE_ADDR']));
    				
    				if (!$insert)
    				{
    					$success = false;
    					$err = "Error with the query.";
    				}
    				
    				
    				if ($success)
    				{
    					\IPS\Output::i()->output .= \IPS\Theme::i()->getTemplate('other', 'cod4admin', 'global')->successBlock();
    				}
    				else
    				{
    					\IPS\Output::i()->output .= \IPS\Theme::i()->getTemplate('other', 'cod4admin', 'global')->failBlock($err);
    				}
    			}
    			
    			// Fucko doodle do...
    			\IPS\Output::i()->output .= $blockUserForm->customTemplate(Array(call_user_func_array(Array(\ips\Theme::i(), 'getTemplate'), array('forms', 'cod4admin', 'global')), 'blockuser'));
    			\IPS\Output::i()->output .= $unblockUserForm->customTemplate(Array(call_user_func_array(Array(\ips\Theme::i(), 'getTemplate'), array('forms', 'cod4admin', 'global')), 'unblockuser'));
    		}
    		else
    		{
    			\IPS\Output::i()->output .= \IPS\Theme::i()->getTemplate('other', 'cod4admin', 'global')->nopermission();
    		}
    		
    		// Foooooter.
    		\IPS\Output::i()->output .= \IPS\Theme::i()->getTemplate('other', 'cod4admin', 'global')->footer();
    		
    		\IPS\Output::i()->output .= '</div>';
    	}
    	
    	// Validate IP address. Discovered filter_var() today. Cool stuffz :3
    	protected function validateIP($ip)
    	{
    		if (empty($ip) || !filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE) || in_array($ip, $this->ipWhitelist))
    		{
    			return false;
    		}
    		
    		return true;
    	}
    	
    	// Receive IP Whitelist.
    	protected function updateIPWhitelist()
    	{
    		$temp = \IPS\Db::i()->select('*', 'cod4admin_ipwhitelist', NULL);
    		$temp = $temp->setKeyField('id')->setValueField('ip');
    		
    		foreach ($temp as $id => $ip)
    		{
    			$this->ipWhitelist[] = $ip;
    		}
    	}
    	
    	// Receive Group whitelist.
    	protected function updateGroupWhitelist()
    	{
    		$temp = \IPS\Db::i()->select('*', 'cod4admin_groups', NULL);
    		$temp = $temp->setKeyField('id')->setValueField('group_id');
    		
    		foreach ($temp as $id => $group)
    		{
    			$this->groupWhitelist[] = $group;
    		}
    	}	
    	
    	// Receive User whitelist.
    	protected function updateUserWhitelist()
    	{
    		$temp = \IPS\Db::i()->select('*', 'cod4admin_users', NULL);
    		$temp = $temp->setKeyField('id')->setValueField('member_id');
    		
    		foreach ($temp as $id => $user)
    		{
    			$this->userWhitelist[] = $user;
    		}
    	}
    }

    Here's back-end script #1 (implemented into IPS 4 so I wouldn't have to set up an additional web server and MySQL server):

     

    <?php
    
    
    namespace IPS\cod4admin\modules\front\scripts;
    
    /* To prevent PHP errors (extending class does not exist) revealing path */
    if ( !defined( '\IPS\SUITE_UNIQUE_KEY' ) )
    {
    	header( ( isset( $_SERVER['SERVER_PROTOCOL'] ) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.0' ) . ' 403 Forbidden' );
    	exit;
    }
    
    /**
     * retrieveips
     */
    class _retrieveips extends \IPS\Dispatcher\Controller
    {
    	/**
    	 * Execute
    	 *
    	 * @return	void
    	 */
    	public function execute()
    	{
    		
    		parent::execute();
    	}
    
    	/**
    	 * ...
    	 *
    	 * @return	void
    	 */
    	protected function manage()
    	{
    		$ipList = Array();
    		
    		$whitelist = \IPS\Db::i()->select('ip', 'cod4admin_ipwhitelist', Array('ip=?', $_SERVER['REMOTE_ADDR']));
    		
    		if (count($whitelist) > 0)
    		{
    			$ips = \IPS\Db::i()->select('*', 'cod4admin_blocks', Array('added=?', 0));
    			$ips = $ips->setKeyField('id')->setValueField('ip');
    			
    			if ($ips)
    			{	
    				foreach ($ips as $key => $ip)
    				{
    					$ipList[] = Array
    					(
    						'ip' => $ip
    					);
    				}
    			}
    		}
    		
    		$store = json_encode($ipList);
    		
    		//\IPS\Output::i()->output .= \IPS\Theme::i()->getTemplate('scripts', 'cod4admin', 'front')->retrieveips($store);
    		echo $store;
    		
    		exit;
    	}
    	
    	// Create new methods with the same name as the 'do' parameter which should execute it
    }

     

    Back end script #2:

     

    <?php
    
    
    namespace IPS\cod4admin\modules\front\scripts;
    
    /* To prevent PHP errors (extending class does not exist) revealing path */
    if ( !defined( '\IPS\SUITE_UNIQUE_KEY' ) )
    {
    	header( ( isset( $_SERVER['SERVER_PROTOCOL'] ) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.0' ) . ' 403 Forbidden' );
    	exit;
    }
    
    /**
     * setip
     */
    class _setip extends \IPS\Dispatcher\Controller
    {
    	/**
    	 * Execute
    	 *
    	 * @return	void
    	 */
    	public function execute()
    	{
    		
    		parent::execute();
    	}
    
    	/**
    	 * ...
    	 *
    	 * @return	void
    	 */
    	protected function manage()
    	{
    		$whitelist = \IPS\Db::i()->select('ip', 'cod4admin_ipwhitelist', Array('ip=?', $_SERVER['REMOTE_ADDR']));
    		
    		if (count($whitelist) < 1)
    		{
    			\IPS\Output::i()->output .= \IPS\Theme::i()->getTemplate('other', 'cod4admin', 'global')->nopermission();
    			
    			return;
    		}
    		
    		$ip = isset(\IPS\Request::i()->ip) ? \IPS\Request::i()->ip : false;
    		
    		if ($ip)
    		{
    			\IPS\Db::i()->update('cod4admin_blocks', Array('added' => 1), Array('ip=?', $ip));
    		}
    	}
    	
    	// Create new methods with the same name as the 'do' parameter which should execute it
    }

    And finally, the new version of the bash script which is ran in the ROOT cron job list every five minutes:

     

    #!/bin/bash
    
    # Retrieve the IPs that need to be added.
    json=$(curl -sk 'https://xxxxxxxx/index.php?app=cod4admin&module=scripts&controller=retrieveips')
    
    # Loop through all IPs.
    for row in $(echo "${json}" | jq -r '.[] | @base64'); do
            _jq()
            {
                    echo ${row} | base64 --decode | jq -r ${1}
            }
    
            ip=$(_jq '.ip');
    
            # Firstly, let's add the IP to the firewall.
            /sbin/iptables -I cod4fw -s ${ip} -j DROP
    
            # Save IPTables.
            # /usr/sbin/service iptables save
    
            # Now let's set the IP to added through cURL.
            stuff=$(curl -skd "ip=${ip}" 'https://xxxxxxxxxxxx/index.php?app=cod4admin&module=scripts&controller=setip')
    
            echo "Added IP '${ip}' to the firewall successfully...";
            #echo ${stuff};
    done

     

    I still need to implement the unblock functionality but that won't be difficult. There were also many back end PHP/HTML templates made. You can see them initialized in the code above.

     

    I will give an update once I have finished adding the bash script to the back end.

     

    Thanks!

     

    5-11-18

    Hello,

     

    This script is now activated and confirmed working. Unblock functionality is not yet implemented but I will be doing so in the near future.

     

    You can visit the block/unblock page *****. Remember, the cron job runs every five minutes.

     

    If you run into any issues, please let me know.

     

    Thanks.

     

    5-11-18

    Task is now closed.

     

    Thanks!

    Link to comment
    Share on other sites


    Guest
    This is now closed for further comments

×
×
  • Create New...