shorewall_code/Shorewall/action.GeoIP
Tom Eastep 78af118b9a Quote original list when a translated list is ill-formed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-15 16:39:46 -07:00

339 lines
9.1 KiB
Plaintext

#
# Shorewall 4 - GeoIP Action
#
# /usr/share/shorewall/action.GeoIP
#
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
#
# (c) 2012- Tom Eastep (teastep@shorewall.net)
#
# Complete documentation is available at http://shorewall.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# GeoIP[(<countries>[,{<action>|-}][,{src|dst}][,{audit|-}])]
#
# Where <countries> is a list of one or more ISO 3166 Country Codes (see table
# below).
#
# Default action is to do nothing, so either an <action> must be specified or
# the parameter list must be followed by :<loglevel> to generate a logging rule.
# (e.g., GeoIP(US):info).
#
##########################################################################################
FORMAT 2
DEFAULTS -,-,src,-
BEGIN PERL;
use strict;
use Shorewall::Chains qw(:DEFAULT :internal);
my ( $countries, $action, $srcdst, $audit ) = get_action_params( 4 );
our %isocodes = (
A1 => "Anonymous Proxy" ,
A2 => "Satellite Provider" ,
AD => "Andorra" ,
AE => "United Arab Emirates" ,
AF => "Afghanistan" ,
AG => "Antigua and Barbuda" ,
AI => "Anguilla" ,
AL => "Albania" ,
AM => "Armenia" ,
AN => "Netherlands Antilles" ,
AO => "Angola" ,
AP => "Asia/Pacific Region" ,
AQ => "Antarctica" ,
AR => "Argentina" ,
AS => "American Samoa" ,
AT => "Austria" ,
AU => "Australia" ,
AW => "Aruba" ,
AX => "Aland Islands" ,
AZ => "Azerbaijan" ,
BA => "Bosnia and Herzegovina" ,
BB => "Barbados" ,
BD => "Bangladesh" ,
BE => "Belgium" ,
BF => "Burkina Faso" ,
BG => "Bulgaria" ,
BH => "Bahrain" ,
BI => "Burundi" ,
BJ => "Benin" ,
BM => "Bermuda" ,
BN => "Brunei Darussalam" ,
BO => "Bolivia" ,
BR => "Brazil" ,
BS => "Bahamas" ,
BT => "Bhutan" ,
BV => "Bouvet Island" ,
BW => "Botswana" ,
BY => "Belarus" ,
BZ => "Belize" ,
CA => "Canada" ,
CC => "Cocos (Keeling) Islands" ,
CD => "Congo, The Democratic Republic of the" ,
CF => "Central African Republic" ,
CG => "Congo" ,
CH => "Switzerland" ,
CI => "Cote D'Ivoire" ,
CK => "Cook Islands" ,
CL => "Chile" ,
CM => "Cameroon" ,
CN => "China" ,
CO => "Colombia" ,
CR => "Costa Rica" ,
CU => "Cuba" ,
CV => "Cape Verde" ,
CX => "Christmas Island" ,
CY => "Cyprus" ,
CZ => "Czech Republic" ,
DE => "Germany" ,
DJ => "Djibouti" ,
DK => "Denmark" ,
DM => "Dominica" ,
DO => "Dominican Republic" ,
DZ => "Algeria" ,
EC => "Ecuador" ,
EE => "Estonia" ,
EG => "Egypt" ,
EH => "Western Sahara" ,
ER => "Eritrea" ,
ES => "Spain" ,
ET => "Ethiopia" ,
EU => "Europe" ,
FI => "Finland" ,
FJ => "Fiji" ,
FK => "Falkland Islands (Malvinas)" ,
FM => "Micronesia, Federated States of" ,
FO => "Faroe Islands" ,
FR => "France" ,
GA => "Gabon" ,
GB => "United Kingdom" ,
GD => "Grenada" ,
GE => "Georgia" ,
GF => "French Guiana" ,
GG => "Guernsey" ,
GH => "Ghana" ,
GI => "Gibraltar" ,
GL => "Greenland" ,
GM => "Gambia" ,
GN => "Guinea" ,
GP => "Guadeloupe" ,
GQ => "Equatorial Guinea" ,
GR => "Greece" ,
GS => "South Georgia and the South Sandwich Islands" ,
GT => "Guatemala" ,
GU => "Guam" ,
GW => "Guinea-Bissau" ,
GY => "Guyana" ,
HK => "Hong Kong" ,
HN => "Honduras" ,
HR => "Croatia" ,
HT => "Haiti" ,
HU => "Hungary" ,
ID => "Indonesia" ,
IE => "Ireland" ,
IL => "Israel" ,
IM => "Isle of Man" ,
IN => "India" ,
IO => "British Indian Ocean Territory" ,
IQ => "Iraq" ,
IR => "Iran, Islamic Republic of" ,
IS => "Iceland" ,
IT => "Italy" ,
JE => "Jersey" ,
JM => "Jamaica" ,
JO => "Jordan" ,
JP => "Japan" ,
KE => "Kenya" ,
KG => "Kyrgyzstan" ,
KH => "Cambodia" ,
KI => "Kiribati" ,
KM => "Comoros" ,
KN => "Saint Kitts and Nevis" ,
KP => "Korea, Democratic People's Republic of" ,
KR => "Korea, Republic of" ,
KW => "Kuwait" ,
KY => "Cayman Islands" ,
KZ => "Kazakhstan" ,
LA => "Lao People's Democratic Republic" ,
LB => "Lebanon" ,
LC => "Saint Lucia" ,
LI => "Liechtenstein" ,
LK => "Sri Lanka" ,
LR => "Liberia" ,
LS => "Lesotho" ,
LT => "Lithuania" ,
LU => "Luxembourg" ,
LV => "Latvia" ,
LY => "Libyan Arab Jamahiriya" ,
MA => "Morocco" ,
MC => "Monaco" ,
MD => "Moldova, Republic of" ,
ME => "Montenegro" ,
MG => "Madagascar" ,
MH => "Marshall Islands" ,
MK => "Macedonia" ,
ML => "Mali" ,
MM => "Myanmar" ,
MN => "Mongolia" ,
MO => "Macau" ,
MP => "Northern Mariana Islands" ,
MQ => "Martinique" ,
MR => "Mauritania" ,
MS => "Montserrat" ,
MT => "Malta" ,
MU => "Mauritius" ,
MV => "Maldives" ,
MW => "Malawi" ,
MX => "Mexico" ,
MY => "Malaysia" ,
MZ => "Mozambique" ,
NA => "Namibia" ,
NC => "New Caledonia" ,
NE => "Niger" ,
NF => "Norfolk Island" ,
NG => "Nigeria" ,
NI => "Nicaragua" ,
NL => "Netherlands" ,
NO => "Norway" ,
NP => "Nepal" ,
NR => "Nauru" ,
NU => "Niue" ,
NZ => "New Zealand" ,
OM => "Oman" ,
PA => "Panama" ,
PE => "Peru" ,
PF => "French Polynesia" ,
PG => "Papua New Guinea" ,
PH => "Philippines" ,
PK => "Pakistan" ,
PL => "Poland" ,
PM => "Saint Pierre and Miquelon" ,
PR => "Puerto Rico" ,
PS => "Palestinian Territory, Occupied" ,
PT => "Portugal" ,
PW => "Palau" ,
PY => "Paraguay" ,
QA => "Qatar" ,
RE => "Reunion" ,
RO => "Romania" ,
RS => "Serbia" ,
RU => "Russian Federation" ,
RW => "Rwanda" ,
SA => "Saudi Arabia" ,
SB => "Solomon Islands" ,
SC => "Seychelles" ,
SD => "Sudan" ,
SE => "Sweden" ,
SG => "Singapore" ,
SH => "Saint Helena" ,
SI => "Slovenia" ,
SJ => "Svalbard and Jan Mayen" ,
SK => "Slovakia" ,
SL => "Sierra Leone" ,
SM => "San Marino" ,
SN => "Senegal" ,
SO => "Somalia" ,
SR => "Suriname" ,
ST => "Sao Tome and Principe" ,
SV => "El Salvador" ,
SY => "Syrian Arab Republic" ,
SZ => "Swaziland" ,
TC => "Turks and Caicos Islands" ,
TD => "Chad" ,
TF => "French Southern Territories" ,
TG => "Togo" ,
TH => "Thailand" ,
TJ => "Tajikistan" ,
TK => "Tokelau" ,
TL => "Timor-Leste" ,
TM => "Turkmenistan" ,
TN => "Tunisia" ,
TO => "Tonga" ,
TR => "Turkey" ,
TT => "Trinidad and Tobago" ,
TV => "Tuvalu" ,
TW => "Taiwan" ,
TZ => "Tanzania, United Republic of" ,
UA => "Ukraine" ,
UG => "Uganda" ,
UM => "United States Minor Outlying Islands" ,
US => "United States" ,
UY => "Uruguay" ,
UZ => "Uzbekistan" ,
VA => "Holy See (Vatican City State)" ,
VC => "Saint Vincent and the Grenadines" ,
VE => "Venezuela" ,
VG => "Virgin Islands, British" ,
VI => "Virgin Islands, U.S." ,
VN => "Vietnam" ,
VU => "Vanuatu" ,
WF => "Wallis and Futuna" ,
WS => "Samoa" ,
YE => "Yemen" ,
YT => "Mayotte" ,
ZA => "South Africa" ,
ZM => "Zambia" ,
ZW => "Zimbabwe" ,
);
require_capability 'GEOIP_MATCH', 'The GeoIP action', 's';
fatal_error "Invalid parameter ($audit) to action GeoIP" if supplied $audit && $audit ne 'audit';
fatal_error "Invalid SRC/DST ($srcdst)" if supplied $srcdst && $srcdst !~ /^(src|dst)$/;
my $chainref = get_action_chain;
my ( $level, $tag ) = get_action_logging;
my $target = require_audit ( $action , $audit );
my $origcountries = $countries;
$countries =~ s/\|/,/g;
my @countries = split_list $countries, 'cc', $origcountries;
for ( @countries ) {
fatal_error "Unknown ISO 3661 Country Code ($_)" unless $isocodes{$_};
}
$tag = $countries[0] unless $tag || @countries > 1;
if ( $target ne '' ) {
my $targettype = $targets{$target} || 0;
fatal_error "Unknown ACTION ($target)" unless $targettype;
fatal_error "The $target action may not be passed to GeoIP" if ( ! $targettype & (STANDARD | CHAIN | ACTION ) ) || ( $targettype & ( NATRULE | NONAT ) );
if ( $level ne '' ) {
my $chain1ref = ensure_filter_chain( newlogchain('filter' ), 0 );
log_rule_limit $level, $chain1ref, $chainref->{name}, $target ? $target : 'LOG' , '', $tag, 'add', '';
add_ijump( $chain1ref, j => $target );
$target = $chain1ref->{name};
}
add_ijump $chainref , j => $target, geoip => "--${srcdst}-cc $countries";
} elsif ( $level ne '' ) {
log_rule_limit $level, $chainref, 'GeoIP' , $target ? $target : 'LOG' , '', $tag, 'add', "-m geoip --${srcdst}-cc $countries";
} else {
fatal_error "Either an action or a log level must be specified";
}
allow_optimize( $chainref );
1;
END PERL;