diff --git a/.gitignore b/.gitignore index 6701a887..afc82407 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,11 @@ *.gzip *.gz .vscode -.DS_Store +conf +data +log +php +nginx +ssl +web/rrd +.DS_Store \ No newline at end of file diff --git a/bin/v-add-dns-domain b/bin/v-add-dns-domain index 17bdc4ae..c6e51d98 100755 --- a/bin/v-add-dns-domain +++ b/bin/v-add-dns-domain @@ -1,6 +1,6 @@ #!/bin/bash # info: add dns domain -# options: USER DOMAIN IP [NS1] [NS2] [NS3] [..] [NS8] [RESTART] +# options: USER DOMAIN IP IPV6 [NS1] [NS2] [NS3] [..] [NS8] [RESTART] # # The function adds DNS zone with records defined in the template. If the exp # argument isn't stated, the expiration date value will be set to next year. @@ -17,15 +17,16 @@ user=$1 domain=$2 ip=$3 -ns1=$4 -ns2=$5 -ns3=$6 -ns4=$7 -ns5=$8 -ns6=$9 -ns7=${10} -ns8=${11} -restart=${12} +ipv6=$4 +ns1=$5 +ns2=$6 +ns3=$7 +ns4=$8 +ns5=$9 +ns6=$10 +ns7=${11} +ns8=${12} +restart=${13} # Includes source $VESTA/func/main.sh @@ -41,8 +42,21 @@ format_domain_idn # Verifications # #----------------------------------------------------------# -check_args '3' "$#" 'USER DOMAIN IP [NS1] [NS2] [NS3] [..] [NS8] [RESTART]' -is_format_valid 'user' 'domain' 'ip' +check_args '3' "$#" 'USER DOMAIN IP IPV6 [NS1] [NS2] [NS3] [..] [NS8] [RESTART]' +is_format_valid 'user' 'domain' + +if [ ! -z "$ip" ] && [ "$ip" != "no" ]; then + is_format_valid 'ip' +else + ip="" +fi + +if [ ! -z "$ipv6" ] && [ "$ipv6" != "no" ]; then + is_format_valid 'ipv6' +else + ipv6="" +fi + is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" @@ -52,35 +66,35 @@ template=$(get_user_value '$DNS_TEMPLATE') is_dns_template_valid $template if [ ! -z "$ns1" ]; then - ns1=$(echo $4 |sed -e 's/\.*$//g' -e 's/^\.*//g') + ns1=$(echo $5 |sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns1' fi if [ ! -z "$ns2" ]; then - ns2=$(echo $5 |sed -e 's/\.*$//g' -e 's/^\.*//g') + ns2=$(echo $6 |sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns2' fi if [ ! -z "$ns3" ]; then - ns3=$(echo $6 |sed -e 's/\.*$//g' -e 's/^\.*//g') + ns3=$(echo $7 |sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns3' fi if [ ! -z "$ns4" ]; then - ns4=$(echo $7 |sed -e 's/\.*$//g' -e 's/^\.*//g') + ns4=$(echo $8 |sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns4' fi if [ ! -z "$ns5" ]; then - ns5=$(echo $8 |sed -e 's/\.*$//g' -e 's/^\.*//g') + ns5=$(echo $9 |sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns5' fi if [ ! -z "$ns6" ]; then - ns6=$(echo $9 |sed -e 's/\.*$//g' -e 's/^\.*//g') + ns6=$(echo ${10} |sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns6' fi if [ ! -z "$ns7" ]; then - ns7=$(echo ${10} |sed -e 's/\.*$//g' -e 's/^\.*//g') + ns7=$(echo ${11} |sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns7' fi if [ ! -z "$ns8" ]; then - ns8=$(echo ${11} |sed -e 's/\.*$//g' -e 's/^\.*//g') + ns8=$(echo ${12} |sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns8' fi @@ -132,26 +146,14 @@ time=$(echo "$time_n_date" |cut -f 1 -d \ ) date=$(echo "$time_n_date" |cut -f 2 -d \ ) # Adding dns zone to the user config -echo "$template_data" |\ - sed -e "s/%ip%/$ip/g" \ - -e "s/%domain_idn%/$domain_idn/g" \ - -e "s/%domain%/$domain/g" \ - -e "s/%ns1%/$ns1/g" \ - -e "s/%ns2%/$ns2/g" \ - -e "s/%ns3%/$ns3/g" \ - -e "s/%ns4%/$ns4/g" \ - -e "s/%ns5%/$ns5/g" \ - -e "s/%ns6%/$ns6/g" \ - -e "s/%ns7%/$ns7/g" \ - -e "s/%ns8%/$ns8/g" \ - -e "s/%time%/$time/g" \ - -e "s/%date%/$date/g" > $USER_DATA/dns/$domain.conf +add_dns_config + chmod 660 $USER_DATA/dns/$domain.conf records="$(wc -l $USER_DATA/dns/$domain.conf |cut -f 1 -d ' ')" # Adding dns.conf record -dns_rec="DOMAIN='$domain' IP='$ip' TPL='$template' TTL='$ttl' EXP='$exp'" +dns_rec="DOMAIN='$domain' IP='$ip' IP6='$ipv6' TPL='$template' TTL='$ttl' EXP='$exp'" dns_rec="$dns_rec SOA='$soa' SERIAL='$serial' SRC='' RECORDS='$records'" dns_rec="$dns_rec SUSPENDED='no' TIME='$time' DATE='$date'" diff --git a/bin/v-add-dns-on-web-alias b/bin/v-add-dns-on-web-alias index 705594f3..61e01904 100755 --- a/bin/v-add-dns-on-web-alias +++ b/bin/v-add-dns-on-web-alias @@ -1,6 +1,6 @@ #!/bin/bash # info: add dns domain or dns record after web domain alias -# options: USER ALIAS IP [RESTART] +# options: USER ALIAS IP IPV6 [RESTART] # # The function adds dns domain or dns record based on web domain alias. @@ -13,7 +13,8 @@ user=$1 alias=$2 ip=$3 -restart=$4 +ipv6=$4 +restart=$5 # Includes source $VESTA/func/main.sh @@ -26,7 +27,7 @@ source $VESTA/conf/vesta.conf #----------------------------------------------------------# check_args '3' "$#" 'USER ALIAS IP [RESTART]' -is_format_valid 'user' 'alias' 'ip' +is_format_valid 'user' 'alias' is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" @@ -34,6 +35,18 @@ if [ -e "$USER_DATA/dns/$alias.conf" ]; then exit fi +if [ -z "$ip" ] && [ "$ip" != "no" ]; then + is_format_valid 'ip' +else + ip="" +fi + +if [ -z "$ipv6" ] && [ "$ipv6" != "no" ]; then + is_format_valid 'ipv6' +else + ipv6="" +fi + #----------------------------------------------------------# # Action # @@ -50,12 +63,12 @@ domain_lvl=$(echo "$alias" |grep -o "\." |wc -l) # Adding second level domain if [ "$domain_lvl" -eq 1 ] || [ "${#top_domain}" -le '6' ]; then $BIN/v-add-dns-domain \ - $user $alias $ip '' '' '' '' '' '' '' '' $restart >> /dev/null + $user $alias $ip $ipv6 '' '' '' '' '' '' '' '' $restart >> /dev/null exit fi # Adding top-level domain and then its sub -$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' '' '' '' '' $restart >> /dev/null +$BIN/v-add-dns-domain $user $top_domain $ip $ipv6 '' '' '' '' '' '' '' '' $restart >> /dev/null # Checking top-level domain if [ ! -e "$USER_DATA/dns/$top_domain.conf" ]; then @@ -71,8 +84,14 @@ fi # Adding subdomain record if [ -z "$check_record" ]; then - $BIN/v-add-dns-record \ - $user $top_domain "$sub_domain" A $ip '' '' $restart >> /dev/null + if [ "$IPV4" == "yes" ] ; then + $BIN/v-add-dns-record \ + $user $top_domain "$sub_domain" A $ip '' '' $restart >> /dev/null + fi + if [ "$IPV6" == "yes" ] ; then + $BIN/v-add-dns-record \ + $user $top_domain "$sub_domain" AAAA $ipv6 '' '' $restart >> /dev/null + fi fi diff --git a/bin/v-add-domain b/bin/v-add-domain index e383481a..13e100ad 100755 --- a/bin/v-add-domain +++ b/bin/v-add-domain @@ -1,6 +1,6 @@ #!/bin/bash # info: add web/dns/mail domain -# options: USER DOMAIN [IP] [RESTART] +# options: USER DOMAIN [IP] [IPV6] [RESTART] # # The function adds web/dns/mail domain to a server. @@ -13,22 +13,27 @@ user=$1 domain=$2 ip=$3 -restart="${4-yes}" +ipv6=$4 +restart="${5-yes}" # Includes source $VESTA/func/main.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# -check_args '2' "$#" 'USER DOMAIN [IP] [RESTART]' +check_args '2' "$#" 'USER DOMAIN [IP] [IPV6] [RESTART]' is_format_valid 'user' 'domain' -if [ ! -z "$ip" ] ; then +if [ ! -z "$ip" ] && [ "$ip" != "no" ]; then is_format_valid 'ip' fi +if [ ! -z "$ipv6" ] && [ "$ipv6" != "no" ]; then + is_format_valid 'ipv6' +fi is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" @@ -38,22 +43,23 @@ is_object_unsuspended 'user' 'USER' "$user" #----------------------------------------------------------# # Get ip if it wasn't defined -if [ -z "$ip" ]; then +if [ -z "$ip" ] && [ "$ip" != "no" ]; then get_user_ip - if [ -z "$ip" ]; then - check_result $E_NOTEXIST "no avaiable IP address" - fi +fi + +if [ -z "$ipv6" ] && [ "$ipv6" != "no" ]; then + get_user_ipv6 fi # Working on web domain if [ ! -z "$WEB_SYSTEM" ]; then - $BIN/v-add-web-domain $user $domain $ip 'no' + $BIN/v-add-web-domain $user $domain $ip $ipv6 'no' check_result $? "can't add web domain" >/dev/null fi # Working on DNS domain if [ ! -z "$DNS_SYSTEM" ]; then - $BIN/v-add-dns-domain $user $domain $ip "" "" "" "" "" '' '' '' 'no' + $BIN/v-add-dns-domain $user $domain $ip $ipv6 "" "" "" "" "" '' '' '' 'no' check_result $? "can't add dns domain" >/dev/null fi diff --git a/bin/v-add-firewall-ipv6-ban b/bin/v-add-firewall-ipv6-ban new file mode 100644 index 00000000..881e0707 --- /dev/null +++ b/bin/v-add-firewall-ipv6-ban @@ -0,0 +1,83 @@ +#!/bin/bash +# info: add firewall blocking rule +# options: IP CHAIN +# +# The function adds new blocking rule to system firewall + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Argument definition +ipv6=$1 +chain=$(echo $2|tr '[:lower:]' '[:upper:]') + +# Defining absolute path for iptables and modprobe +iptables="/sbin/ip6tables" + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'IP CHAIN' +is_format_valid 'ipv6' 'chain' +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Checking server ip +if [ -e "$VESTA/data/ips/$ipv6" ] || [ "$ipv6" = '::1' ]; then + exit +fi + +# Checking ip exclusions +excludes="$VESTA/data/firewallv6/excludes.conf" +check_excludes=$(grep "^$ipv6$" $excludes 2>/dev/null) +if [ ! -z "$check_excludes" ]; then + exit +fi + +# Checking ip in banlist +conf="$VESTA/data/firewallv6/banlist.conf" +check_ip=$(grep "IP6='$ipv6' CHAIN='$chain'" $conf 2>/dev/null) +if [ ! -z "$check_ip" ]; then + exit +fi + +# Adding chain +$BIN/v-add-firewall-ipv6-chain $chain + +# Generating timestamp +time_n_date=$(date +'%T %F') +time=$(echo "$time_n_date" |cut -f 1 -d \ ) +date=$(echo "$time_n_date" |cut -f 2 -d \ ) + +# Adding ip to banlist +echo "IP6='$ipv6' CHAIN='$chain' TIME='$time' DATE='$date'" >> $conf +$iptables -I fail2ban-$chain 1 -s $ipv6 \ + -j REJECT --reject-with icmp-port-unreachable 2>/dev/null + +# Changing permissions +chmod 660 $conf + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-add-firewall-ipv6-chain b/bin/v-add-firewall-ipv6-chain new file mode 100644 index 00000000..7f72a51e --- /dev/null +++ b/bin/v-add-firewall-ipv6-chain @@ -0,0 +1,86 @@ +#!/bin/bash +# info: add firewall chain +# options: CHAIN [PORT] [PROTOCOL] [PROTOCOL] +# +# The function adds new rule to system firewall + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Argument definition +chain=$(echo $1 | tr '[:lower:]' '[:upper:]') +port=$2 +protocol=${4-TCP} +protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]') + +# Defining absolute path to iptables +iptables="/sbin/ip6tables" + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'CHAIN [PORT] [PROTOCOL]' +is_format_valid 'chain' +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Checking known chains +case $chain in + SSH) port=22; protocol=TCP ;; + FTP) port=21; protocol=TCP ;; + MAIL) port='25,465,587,2525,110,995,143,993'; protocol=TCP ;; + DNS) port=53; protocol=UDP ;; + WEB) port='80,443'; protocol=TCP ;; + DB) port='3306,5432'; protocol=TCP ;; + VESTA) port=8083; protocol=TCP ;; + *) check_args '2' "$#" 'CHAIN PORT' ;; +esac + +# Adding chain +$iptables -N fail2ban-$chain 2>/dev/null +if [ $? -eq 0 ]; then + $iptables -A fail2ban-$chain -j RETURN + + # Adding multiport module + if [[ "$port" =~ ,|-|: ]] ; then + port_str="-m multiport --dports $port" + else + port_str="--dport $port" + fi + $iptables -I INPUT -p $protocol $port_str -j fail2ban-$chain +fi + +# Preserving chain +chains=$VESTA/data/firewallv6/chains.conf +check_chain=$(grep "CHAIN='$chain'" $chains 2>/dev/null) +if [ -z "$check_chain" ]; then + echo "CHAIN='$chain' PORT='$port' PROTOCOL='$protocol'" >> $chains +fi + +# Changing permissions +chmod 660 $chains + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-add-firewall-ipv6-rule b/bin/v-add-firewall-ipv6-rule new file mode 100644 index 00000000..586ca994 --- /dev/null +++ b/bin/v-add-firewall-ipv6-rule @@ -0,0 +1,94 @@ +#!/bin/bash +# info: add firewall rule +# options: ACTION IPV6 PORT [PROTOCOL] [COMMENT] [RULE] +# +# The function adds new rule to system firewall + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Argument definition +action=$(echo $1|tr '[:lower:]' '[:upper:]') +ipv6=$2 +port_ext=$3 +protocol=${4-TCP} +protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]') +comment=$5 +rule=$6 + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + +# Get next firewall rule id +get_next_fw_rule() { + if [ -z "$rule" ]; then + curr_str=$(grep "RULE=" $VESTA/data/firewallv6/rules.conf |\ + cut -f 2 -d \' | sort -n | tail -n1) + rule="$((curr_str +1))" + fi +} + +sort_fw_rules() { + cat $VESTA/data/firewallv6/rules.conf |\ + sort -n -k 2 -t \' > $VESTA/data/firewallv6/rules.conf.tmp + mv -f $VESTA/data/firewallv6/rules.conf.tmp \ + $VESTA/data/firewallv6/rules.conf +} + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '3' "$#" 'ACTION IPV6 PORT [PROTOCOL] [COMMENT] [RULE]' +is_format_valid 'action' 'protocol' 'port_ext' 'ipv6' +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' +get_next_fw_rule +is_format_valid 'rule' +is_object_new '../../data/firewallv6/rules' 'RULE' "$rule" +if [ ! -z "$comment" ]; then + is_format_valid 'comment' +fi + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Generating timestamp +time_n_date=$(date +'%T %F') +time=$(echo "$time_n_date" |cut -f 1 -d \ ) +date=$(echo "$time_n_date" |cut -f 2 -d \ ) + +# Concatenating rule +str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'" +str="$str IP6='$ipv6' COMMENT='$comment' SUSPENDED='no'" +str="$str TIME='$time' DATE='$date'" + +# Adding to config +echo "$str" >> $VESTA/data/firewallv6/rules.conf + +# Changing permissions +chmod 660 $VESTA/data/firewallv6/rules.conf + +# Sorting firewall rules by id number +sort_fw_rules + +# Updating system firewall +$BIN/v-update-firewall-ipv6 + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-add-sys-firewall b/bin/v-add-sys-firewall index b154c7f0..437d4c41 100755 --- a/bin/v-add-sys-firewall +++ b/bin/v-add-sys-firewall @@ -29,10 +29,15 @@ fi # Adding firewall directory mkdir -p $VESTA/data/firewall/ +mkdir -p $VESTA/data/firewallv6/ # Adding default ruleset if [ ! -e "$VESTA/data/firewall/rules.conf" ]; then - cp $VESTA/install/rhel/7/* $VESTA/data/firewall/ + cp $VESTA/install/rhel/7/firewall/* $VESTA/data/firewall/ +fi + +if [ ! -e "$VESTA/data/firewallv6/rules.conf" ]; then + cp $VESTA/install/rhel/7/firewallv6/* $VESTA/data/firewallv6/ fi # Updating FIREWAL_SYSTEM value @@ -45,6 +50,7 @@ fi # Updating firewall rules $BIN/v-update-firewall +$BIN/v-update-firewall-ipv6 #----------------------------------------------------------# diff --git a/bin/v-add-sys-ip b/bin/v-add-sys-ip index 54245bcc..c8e951b4 100755 --- a/bin/v-add-sys-ip +++ b/bin/v-add-sys-ip @@ -5,7 +5,7 @@ # The function adds ip address into a system. It also creates rc scripts. You # can specify ip name which will be used as root domain for temporary aliases. # For example, if you set a1.myhosting.com as name, each new domain created on -# this ip will automatically receive alias $domain.a1.myhosting.com. Of course +# this ip will automatically receive alias $domain.a1.myhosting.com. Of course # you must have wildcard record *.a1.myhosting.com pointed to ip. This feature # is very handy when customer wants to test domain before dns migration. @@ -46,7 +46,6 @@ if [ ! -z "$nat_ip" ] ; then is_format_valid 'nat_ip' fi - #----------------------------------------------------------# # Action # #----------------------------------------------------------# @@ -97,7 +96,8 @@ INTERFACE='$interface' NETMASK='$netmask' NAT='$nat_ip' TIME='$time' -DATE='$date'" > $VESTA/data/ips/$ip +DATE='$date' +VERSION='4'" > $VESTA/data/ips/$ip chmod 660 $VESTA/data/ips/$ip # WEB support diff --git a/bin/v-add-sys-ipv6 b/bin/v-add-sys-ipv6 new file mode 100644 index 00000000..4ee8e790 --- /dev/null +++ b/bin/v-add-sys-ipv6 @@ -0,0 +1,188 @@ +#!/bin/bash +# info: add system ip address +# options: IPV6 NETMASK [INTERFACE] [USER] [IP_STATUS] [IP_NAME] [NAT_IP] +# +# The function adds ipv6 address into a system. It also creates rc scripts. You +# can specify ipv6 name which will be used as root domain for temporary aliases. +# For example, if you set a1.myhosting.com as name, each new domain created on +# this ipv6 will automatically receive alias $domain.a1.myhosting.com. Of course +# you must have wildcard record *.a1.myhosting.com pointed to ipv6. This feature +# is very handy when customer wants to test domain before dns migration. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +ipv6=${1// /} +netmask=$2 +interface="${3-eth0}" +user="${4-admin}" +ip_status="${5-shared}" +ip_name=$6 + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/ipv6.sh +source $VESTA/func/domain.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'IPV6 NETMASK [INTERFACE] [USER] [STATUS] [NAME]' +is_format_valid 'ipv6' 'netmaskv6' 'interface' 'user' 'ip_status' +is_ipv6_free +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" +if [ ! -z "$ip_name" ] ; then + is_format_valid 'ip_name' +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# +iface=$(get_ipv6_iface) +#cidr=$(convert_netmaskv6 $netmask) +cidr=$netmask + +sys_ip_check=$(/sbin/ip -6 addr | grep "$ipv6") +if [ -z "$sys_ip_check" ]; then + # Adding sys ip + /sbin/ip addr add $ipv6/$cidr dev $interface + + # Adding RHEL/CentOS/Fedora startup script + if [ -e "/etc/redhat-release" ]; then + sys_ip="# Added by vesta" + sys_ip="$sys_ip\nIPV6INIT=yes" + sys_ip="$sys_ip\nIPV6ADDR=$ipv6/$cidr" + sys_ip="$sys_ip\nIPV6_DEFAULTGW=$interface" + sys_ip="$sys_ip\nIPV6_AUTOCONF=no" +####### sys_ip="$sys_ip\nIPV6ADDR_SECONDARIES=""" + echo -e $sys_ip > /etc/sysconfig/network-scripts/ifcfg-$interface + fi + + # Adding Debian/Ubuntu startup script + if [ -e "/etc/debian_version" ]; then + sys_ip="\n# Added by vesta" + sys_ip="$sys_ip\niface $interface inet6 static" + sys_ip="$sys_ip\naddress $ipv6" + sys_ip="$sys_ip\nnetmask $cidr" + echo -e $sys_ip >> /etc/network/interfaces + fi +fi + +# Generating timestamp +time_n_date=$(date +'%T %F') +time=$(echo "$time_n_date" |cut -f 1 -d \ ) +date=$(echo "$time_n_date" |cut -f 2 -d \ ) + +# Adding vesta ip +echo "OWNER='$user' +STATUS='$ip_status' +NAME='$ip_name' +U_SYS_USERS='' +U_WEB_DOMAINS='0' +INTERFACE='$interface' +NETMASK='$netmask' +NAT='' +TIME='$time' +DATE='$date' +VERSION='6'" > $VESTA/data/ips/$ipv6 +chmod 660 $VESTA/data/ips/$ipv6 + +# WEB support +if [ ! -z "$WEB_SYSTEM" ]; then + web_conf="/etc/$WEB_SYSTEM/conf.d/$ipv6.conf" + rm -f $web_conf + + if [ "$WEB_SYSTEM" = 'httpd' ] || [ "$WEB_SYSTEM" = 'apache2' ]; then + if [ -z "$(/usr/sbin/apachectl -v | grep Apache/2.4)" ]; then + echo "NameVirtualHost [$ipv6]:$WEB_PORT" > $web_conf + fi + echo "Listen [$ipv6]:$WEB_PORT" >> $web_conf + fi + + if [ "$WEB_SSL" = 'mod_ssl' ]; then + if [ -z "$(/usr/sbin/apachectl -v | grep Apache/2.4)" ]; then + echo "NameVirtualHost [$ipv6]:$WEB_SSL_PORT" >> $web_conf + fi + echo "Listen [$ipv6]:$WEB_SSL_PORT" >> $web_conf + fi +fi + +# Proxy support +if [ ! -z "$PROXY_SYSTEM" ]; then + cat $WEBTPL/$PROXY_SYSTEM/proxy_ip.tpl |\ + sed -e "s/%ip%/[$ipv6]/g" \ + -e "s/%web_port%/$WEB_PORT/g" \ + -e "s/%proxy_port%/$PROXY_PORT/g" \ + > /etc/$PROXY_SYSTEM/conf.d/$ipv6.conf + + # mod_extract_forwarded +# fw_conf="/etc/$WEB_SYSTEM/conf.d/mod_extract_forwarded.conf" +# if [ -e "$fw_conf" ]; then +# ips=$(grep 'MEFaccept ' $fw_conf | grep -v '#' | head -n1) +# sed -i "s/$ips/$ips $ip/g" $fw_conf +# fi + + # mod_rpaf + rpaf_conf="/etc/$WEB_SYSTEM/mods-enabled/rpaf.conf" + if [ -e "$rpaf_conf" ]; then + rpaf_str=$(grep RPAFproxy_ips $rpaf_conf) + rpaf_str="$rpaf_str $ipv6" + sed -i "s/.*RPAFproxy_ips.*/$rpaf_str/" $rpaf_conf + fi + + #mod_remoteip + remoteip_conf="/etc/$WEB_SYSTEM/mods-enabled/remoteip.conf" + if [ -e "$remoteip_conf" ]; then + if [ $( grep -ic "$ipv6" $remoteip_conf ) -eq 0 ]; then + sed -i "s/<\/IfModule>/RemoteIPInternalProxy $ipv6\n<\/IfModule>/g" $remoteip_conf + fi + fi +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Updating user counters +increase_user_value "$user" '$IPV6_OWNED' +if [ "$user" = 'admin' ]; then + if [ "$ip_status" = 'shared' ]; then + for user in $(ls $VESTA/data/users); do + increase_user_value "$user" '$IPV6_AVAIL' + done + else + increase_user_value 'admin' '$IPV6_AVAIL' + fi +else + increase_user_value "$user" '$IPV6_AVAIL' + increase_user_value 'admin' '$IPV6_AVAIL' +fi + +# Restarting web server +$BIN/v-restart-web +check_result $? "Web restart failed" >/dev/null + +# Restarting proxy server +if [ ! -z "$PROXY_SYSTEM" ]; then + $BIN/v-restart-proxy + check_result $? "Proxy restart failed" >/dev/null +fi + +# Restarting firewall +if [ ! -z "$FIREWALL_SYSTEM" ]; then + $BIN/v-update-firewall +fi + +# Logging +log_history "added system ipv6 address $ipv6" '' 'admin' +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-add-user b/bin/v-add-user index 025c7e3e..2eb97d50 100755 --- a/bin/v-add-user +++ b/bin/v-add-user @@ -141,9 +141,11 @@ date=$(echo "$time_n_date" |cut -f 2 -d \ ) # Filling user config if [ "$user" != 'admin' ]; then ip_avail=$($BIN/v-list-user-ips admin plain |grep -w shared|wc -l) + ipv6_avail=$($BIN/v-list-user-ipv6s admin plain |grep -w shared|wc -l) u_users=0 else ip_avail=0 + ipv6_avail=0 u_users=1 fi @@ -163,7 +165,9 @@ SUSPENDED_MAIL='0' SUSPENDED_DB='0' SUSPENDED_CRON='0' IP_AVAIL='$ip_avail' +IPV6_AVAIL='$ipv6_avail' IP_OWNED='0' +IPV6_OWNED='0' U_USERS='$u_users' U_DISK='0' U_DISK_DIRS='0' diff --git a/bin/v-add-web-domain b/bin/v-add-web-domain index 72de559a..1decef41 100755 --- a/bin/v-add-web-domain +++ b/bin/v-add-web-domain @@ -1,6 +1,6 @@ #!/bin/bash # info: add web domain -# options: USER DOMAIN [IP] [ALIASES] [PROXY_EXTENSIONS] [RESTART] +# options: USER DOMAIN [IP] [IPV6] [ALIASES] [PROXY_EXTENSIONS] [RESTART] # # The function adds virtual host to a server. In cases when ip is # undefined in the script, "default" template will be used. The alias of @@ -20,14 +20,16 @@ user=$1 domain=$2 domain_idn=$2 ip=$3 -restart=$4 # will be moved to the end soon -aliases=$5 -proxy_ext=$6 +ipv6=$4 +restart=$5 # will be moved to the end soon +aliases=$6 +proxy_ext=$7 # Includes source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf # Additional argument formatting @@ -41,8 +43,17 @@ format_aliases #----------------------------------------------------------# is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' -check_args '2' "$#" 'USER DOMAIN [IP] [RESTART] [ALIASES] [PROXY_EXTENSIONS]' -is_format_valid 'user' 'domain' 'aliases' 'ip' 'proxy_ext' +check_args '2' "$#" 'USER DOMAIN [IP] [IPV6] [RESTART] [ALIASES] [PROXY_EXTENSIONS]' +is_format_valid 'user' 'domain' 'aliases' 'proxy_ext' + +if [ -z "$ip" ] && [ "$ip" != "no" ]; then + is_format_valid 'ip' +fi + +if [ -z "$ipv6" ] && [ "$ipv6" != "no" ]; then + is_format_valid 'ipv6' +fi + is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" is_package_full 'WEB_DOMAINS' 'WEB_ALIASES' @@ -50,12 +61,24 @@ is_domain_new 'web' "$domain,$aliases" is_dir_symlink $HOMEDIR/$user/web if_dir_exists $HOMEDIR/$user/web/$domain is_dir_symlink $HOMEDIR/$user/web/$domain -if [ ! -z "$ip" ]; then - is_ip_valid "$ip" "$user" +if [ "$ip" != "no" ]; then + if [ ! -z "$ip" ]; then + is_ip_valid "$ip" "$user" + else + get_user_ip + fi else - get_user_ip + ip="" +fi +if [ "$ipv6" != "no" ]; then + if [ ! -z "$ipv6" ]; then + is_ipv6_valid "$ipv6" "$user" + else + get_user_ipv6 + fi +else + ipv6="" fi - #----------------------------------------------------------# # Action # @@ -125,6 +148,11 @@ else if [ ! -z "$ip_alias" ]; then ALIAS="$ALIAS,$ip_alias" fi + + ipv6_alias=$(get_ipv6_alias $domain) + if [ ! -z "$ipv6_alias" ]; then + ALIAS="$ALIAS,$ipv6_alias" + fi fi # Preparing domain variables @@ -144,13 +172,13 @@ if [ ! -z "$PROXY_SYSTEM" ]; then add_web_config "$PROXY_SYSTEM" "$PROXY_TEMPLATE.tpl" fi - #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# # Increasing counters increase_ip_value "$local_ip" +increase_ipv6_value "$ipv6" increase_user_value "$user" '$U_WEB_DOMAINS' increase_user_value "$user" '$U_WEB_ALIASES' "$alias_number" @@ -160,7 +188,7 @@ time=$(echo "$time_n_date" |cut -f 1 -d \ ) date=$(echo "$time_n_date" |cut -f 2 -d \ ) # Adding domain in web.conf -echo "DOMAIN='$domain' IP='$ip' IP6='' ALIAS='$ALIAS' TPL='$WEB_TEMPLATE'\ +echo "DOMAIN='$domain' IP='$ip' IP6='$ipv6' ALIAS='$ALIAS' TPL='$WEB_TEMPLATE'\ SSL='no' SSL_HOME='same' LETSENCRYPT='no' FTP_USER='' FTP_MD5=''\ BACKEND='$BACKEND_TEMPLATE' PROXY='$PROXY_TEMPLATE' PROXY_EXT='$PROXY_EXT'\ STATS='' STATS_USER='' STATS_CRYPT='' U_DISK='0' U_BANDWIDTH='0'\ diff --git a/bin/v-add-web-domain-alias b/bin/v-add-web-domain-alias index e5676af4..a48b278c 100755 --- a/bin/v-add-web-domain-alias +++ b/bin/v-add-web-domain-alias @@ -21,6 +21,7 @@ restart="$4" source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf # Additional argument formatting @@ -54,6 +55,7 @@ get_domain_values 'web' # Preparing domain values for the template substitution local_ip=$(get_real_ip $IP) +ipv6=$IP6 if [ -z "$ALIAS" ]; then ALIAS="$aliases" else @@ -61,12 +63,35 @@ else fi prepare_web_domain_values -# Rebuilding vhost -del_web_config "$WEB_SYSTEM" "$TPL.tpl" -add_web_config "$WEB_SYSTEM" "$TPL.tpl" -if [ "$SSL" = 'yes' ]; then - del_web_config "$WEB_SYSTEM" "$TPL.stpl" - add_web_config "$WEB_SYSTEM" "$TPL.stpl" +if [ ! -z "$local_ip" ]; then + old=$local_ip + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + add_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + add_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Rebuilding proxy configuration + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi +fi + +# Rebuilding vhost IPv6 +if [ ! -z "$IP6" ]; then + old=$IP6 + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + add_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + add_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi fi # Rebuilding proxy configuration @@ -77,6 +102,15 @@ if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" fi + # Rebuilding proxy configuration + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi fi diff --git a/bin/v-add-web-domain-proxy b/bin/v-add-web-domain-proxy index 330fa677..8ae13bb6 100755 --- a/bin/v-add-web-domain-proxy +++ b/bin/v-add-web-domain-proxy @@ -22,6 +22,7 @@ restart="$5" source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf diff --git a/bin/v-add-web-domain-ssl b/bin/v-add-web-domain-ssl index 6d9deb9b..e4414779 100755 --- a/bin/v-add-web-domain-ssl +++ b/bin/v-add-web-domain-ssl @@ -39,6 +39,7 @@ domain_idn=$(idn -t --quiet -a "$domain") source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf # Additional argument formatting diff --git a/bin/v-add-web-domain-stats b/bin/v-add-web-domain-stats index 8da1451f..62254c93 100755 --- a/bin/v-add-web-domain-stats +++ b/bin/v-add-web-domain-stats @@ -55,6 +55,7 @@ get_domain_values 'web' prepare_web_domain_values cat $WEBTPL/$type/$type.tpl |\ sed -e "s|%ip%|$ip|g" \ + -e "s|%ipv6%|$ipv6|g" \ -e "s|%web_port%|$WEB_PORT|g" \ -e "s|%web_system%|$WEB_SYSTEM|g" \ -e "s|%web_ssl_port%|$WEB_SSL_PORT|g" \ diff --git a/bin/v-backup-user b/bin/v-backup-user index 0db5d376..23632807 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -175,59 +175,132 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then conf="$USER_DATA/web.conf" grep "DOMAIN='$domain'" $conf > vesta/web.conf - # Backup vhost config - conf=$HOMEDIR/$user/conf/web/$domain.$WEB_SYSTEM.conf - if [ -e "$conf" ]; then - cp $conf conf/$WEB_SYSTEM.conf - else - # old style configs - tpl_file="$WEBTPL/$WEB_SYSTEM/$WEB_BACKEND/$TPL.tpl" - conf="$HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf" - get_web_config_lines $tpl_file $conf - sed -n "$top_line,$bottom_line p" $conf > conf/$WEB_SYSTEM.conf - fi + if [ ! -z "$IP" ]; then + old="$IP" + # Backup vhost config + conf=$HOMEDIR/$user/conf/web/$domain.$WEB_SYSTEM.conf + if [ -e "$conf" ]; then + cp $conf conf/$WEB_SYSTEM.conf + else + # old style configs + tpl_file="$WEBTPL/$WEB_SYSTEM/$WEB_BACKEND/$TPL.tpl" + conf="$HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf" + get_web_config_lines $tpl_file $conf + sed -n "$top_line,$bottom_line p" $conf > conf/$WEB_SYSTEM.conf + fi + + # Backup ssl vhost + if [ "$SSL" = 'yes' ]; then + conf=$HOMEDIR/$user/conf/web/$domain.$WEB_SYSTEM.ssl.conf + if [ -e "$conf" ]; then + cp $conf conf/$WEB_SYSTEM.ssl.conf + else + tpl_file="$WEBTPL/$WEB_SYSTEM/$WEB_BACKEND/$TPL.stpl" + conf="$HOMEDIR/$user/conf/web/s$WEB_SYSTEM.conf" + get_web_config_lines $tpl_file $conf + sed -n "$top_line,$bottom_line p" $conf > \ + conf/s$WEB_SYSTEM.conf + fi + fi + + # Backup proxy config + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + conf=$HOMEDIR/$user/conf/web/$domain.$PROXY_SYSTEM.conf + if [ -e "$conf" ]; then + cp $conf conf/$PROXY_SYSTEM.conf + else + tpl_file="$WEBTPL/$PROXY_SYSTEM/$PROXY.tpl" + conf="$HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf" + get_web_config_lines $tpl_file $conf + sed -n "$top_line,$bottom_line p" $conf > \ + conf/$PROXY_SYSTEM.conf + fi + fi + + # Backup ssl proxy config + if [ ! -z "$PROXY_SYSTEM" ] && [ "$SSL" = 'yes' ]; then + conf=$HOMEDIR/$user/conf/web/$domain.$PROXY_SYSTEM.ssl.conf + if [ -e "$conf" ]; then + cp $conf conf/$PROXY_SYSTEM.ssl.conf + else + tpl_file="$WEBTPL/$PROXY_SYSTEM/$PROXY.stpl" + conf="$HOMEDIR/$user/conf/web/s$PROXY_SYSTEM.conf" + get_web_config_lines $tpl_file $conf + sed -n "$top_line,$bottom_line p" $conf >\ + conf/s$PROXY_SYSTEM.conf + fi + fi + fi - # Backup ssl vhost - if [ "$SSL" = 'yes' ]; then - conf=$HOMEDIR/$user/conf/web/$domain.$WEB_SYSTEM.ssl.conf - if [ -e "$conf" ]; then - cp $conf conf/$WEB_SYSTEM.ssl.conf - else - tpl_file="$WEBTPL/$WEB_SYSTEM/$WEB_BACKEND/$TPL.stpl" - conf="$HOMEDIR/$user/conf/web/s$WEB_SYSTEM.conf" - get_web_config_lines $tpl_file $conf - sed -n "$top_line,$bottom_line p" $conf > \ - conf/s$WEB_SYSTEM.conf + if [ ! -z "$IP6" ]; then + if [ -z "$IP" ]; then + echo "" > conf/$domain.$WEB_SYSTEM.conf + if [ "$SSL" = 'yes' ]; then + echo "" > conf/$domain.$WEB_SYSTEM.ssl.conf + fi + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + echo "" > conf/$domain.$PROXY_SYSTEM.conf + fi + if [ ! -z "$PROXY_SYSTEM" ] && [ "$SSL" = 'yes' ]; then + echo > conf/$domain.$PROXY_SYSTEM.ssl.conf + fi fi - fi + old=$IP6 + # Backup vhost config + conf=$HOMEDIR/$user/conf/web/$domain.$WEB_SYSTEM.conf + if [ -e "$conf" ]; then + cp $conf conf/$WEB_SYSTEM.conf + else + # old style configs + tpl_file="$WEBTPL/$WEB_SYSTEM/$WEB_BACKEND/$TPL.tpl" + conf="$HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf" + get_web_config_lines $tpl_file $conf + sed -n "$top_line,$bottom_line p" $conf > conf/$WEB_SYSTEM.conf + fi + + # Backup ssl vhost + if [ "$SSL" = 'yes' ]; then + conf=$HOMEDIR/$user/conf/web/$domain.$WEB_SYSTEM.ssl.conf + if [ -e "$conf" ]; then + cp $conf conf/$WEB_SYSTEM.ssl.conf + else + tpl_file="$WEBTPL/$WEB_SYSTEM/$WEB_BACKEND/$TPL.stpl" + conf="$HOMEDIR/$user/conf/web/s$WEB_SYSTEM.conf" + get_web_config_lines $tpl_file $conf + sed -n "$top_line,$bottom_line p" $conf > \ + conf/s$WEB_SYSTEM.conf + fi + fi + + # Backup proxy config + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + conf=$HOMEDIR/$user/conf/web/$domain.$PROXY_SYSTEM.conf + if [ -e "$conf" ]; then + cp $conf conf/$PROXY_SYSTEM.conf + else + tpl_file="$WEBTPL/$PROXY_SYSTEM/$PROXY.tpl" + conf="$HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf" + get_web_config_lines $tpl_file $conf + sed -n "$top_line,$bottom_line p" $conf > \ + conf/$PROXY_SYSTEM.conf + fi + fi + + # Backup ssl proxy config + if [ ! -z "$PROXY_SYSTEM" ] && [ "$SSL" = 'yes' ]; then + conf=$HOMEDIR/$user/conf/web/$domain.$PROXY_SYSTEM.ssl.conf + if [ -e "$conf" ]; then + cp $conf conf/$PROXY_SYSTEM.ssl.conf + else + tpl_file="$WEBTPL/$PROXY_SYSTEM/$PROXY.stpl" + conf="$HOMEDIR/$user/conf/web/s$PROXY_SYSTEM.conf" + get_web_config_lines $tpl_file $conf + sed -n "$top_line,$bottom_line p" $conf >\ + conf/s$PROXY_SYSTEM.conf + fi + fi + fi - # Backup proxy config - if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then - conf=$HOMEDIR/$user/conf/web/$domain.$PROXY_SYSTEM.conf - if [ -e "$conf" ]; then - cp $conf conf/$PROXY_SYSTEM.conf - else - tpl_file="$WEBTPL/$PROXY_SYSTEM/$PROXY.tpl" - conf="$HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf" - get_web_config_lines $tpl_file $conf - sed -n "$top_line,$bottom_line p" $conf > \ - conf/$PROXY_SYSTEM.conf - fi - fi - - # Backup ssl proxy config - if [ ! -z "$PROXY_SYSTEM" ] && [ "$SSL" = 'yes' ]; then - conf=$HOMEDIR/$user/conf/web/$domain.$PROXY_SYSTEM.ssl.conf - if [ -e "$conf" ]; then - cp $conf conf/$PROXY_SYSTEM.ssl.conf - else - tpl_file="$WEBTPL/$PROXY_SYSTEM/$PROXY.stpl" - conf="$HOMEDIR/$user/conf/web/s$PROXY_SYSTEM.conf" - get_web_config_lines $tpl_file $conf - sed -n "$top_line,$bottom_line p" $conf >\ - conf/s$PROXY_SYSTEM.conf - fi - fi # Backup custom config / backup LE config for sconfig in $(ls $HOMEDIR/$user/conf/web/|grep ".$domain.conf"); do diff --git a/bin/v-change-dns-domain-ip b/bin/v-change-dns-domain-ip index 175268e3..5e513c79 100755 --- a/bin/v-change-dns-domain-ip +++ b/bin/v-change-dns-domain-ip @@ -18,6 +18,7 @@ restart=$4 # Includes source $VESTA/func/main.sh +source $VESTA/func/ip.sh source $VESTA/func/domain.sh source $VESTA/conf/vesta.conf @@ -32,27 +33,62 @@ format_domain_idn #----------------------------------------------------------# check_args '3' "$#" 'USER DOMAIN IP' -is_format_valid 'user' 'domain' 'ip' +is_format_valid 'user' 'domain' is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" is_object_valid 'dns' 'DOMAIN' "$domain" is_object_unsuspended 'dns' 'DOMAIN' "$domain" +if [ "$ip" != "no" ]; then + is_format_valid 'ip' +fi +if [ "$ip" != "no" ]; then + is_ip_valid "$ip" "$user" +else + ip='' +fi + + +# Get old ip +get_domain_values 'dns' +if [ -z "$ip" ] && [ -z "$IP6" ]; then + check_result $E_INVALID "IP or IPv6 is required" +fi #----------------------------------------------------------# # Action # #----------------------------------------------------------# -# Get old ip -get_domain_values 'dns' old=$IP +if [ -z "$old" ]; then + #Create new + # Generating timestamp + time_n_date=$(date +'%T %F') + time=$(echo "$time_n_date" |cut -f 1 -d \ ) + date=$(echo "$time_n_date" |cut -f 2 -d \ ) + add_dns_config_records +else + if [ ! -z "$ip" ]; then + # Changing records + sed -i "s/$old/$ip/g" $USER_DATA/dns/$domain.conf + else + ip="" + ipv6=$IP6 + #Delete configs + remove_dns_config_records + fi +fi + # Changing ip update_object_value 'dns' 'DOMAIN' "$domain" '$IP' "$ip" -# Changing records -sed -i "s/$old/$ip/g" $USER_DATA/dns/$domain.conf +#update counters +records="$(wc -l $USER_DATA/dns/$domain.conf | cut -f1 -d ' ')" +update_object_value 'dns' 'DOMAIN' "$domain" '$RECORDS' "$records" +records=$(wc -l $USER_DATA/dns/*.conf | cut -f 1 -d ' ') +update_user_value "$user" '$U_DNS_RECORDS' "$records" # Updating zone if [[ "$DNS_SYSTEM" =~ named|bind ]]; then diff --git a/bin/v-change-dns-domain-ipv6 b/bin/v-change-dns-domain-ipv6 new file mode 100644 index 00000000..a0a0510c --- /dev/null +++ b/bin/v-change-dns-domain-ipv6 @@ -0,0 +1,120 @@ +#!/bin/bash +# info: change dns domain ip address +# options: USER DOMAIN IPV6 +# +# The function for changing the main ipv6 of DNS zone. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +user=$1 +domain=$2 +ipv6=$3 +restart=$4 + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/ipv6.sh +source $VESTA/func/domain.sh +source $VESTA/conf/vesta.conf + +# Additional argument formatting +format_domain +format_domain_idn + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '3' "$#" 'USER DOMAIN IP' +is_format_valid 'user' 'domain' +is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" +is_object_valid 'dns' 'DOMAIN' "$domain" +is_object_unsuspended 'dns' 'DOMAIN' "$domain" + +if [ "$ipv6" != "no" ]; then + is_format_valid 'ipv6' +fi +if [ "$ipv6" != "no" ]; then + is_ipv6_valid "$ipv6" "$user" +else + ipv6='' +fi + +# Get old ip +get_domain_values 'dns' +if [ -z @"$ipv6" ] && [ -z "$IP" ]; then + check_result $E_INVALID "IP or IPv6 is required" +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +old=$IP6 + +if [ -z "$old" ]; then + #Create new + # Generating timestamp + time_n_date=$(date +'%T %F') + time=$(echo "$time_n_date" |cut -f 1 -d \ ) + date=$(echo "$time_n_date" |cut -f 2 -d \ ) + ip="" + add_dns_config_records +else + if [ ! -z "$ipv6" ]; then + # Changing records + sed -i "s/$old/$ipv6/g" $USER_DATA/dns/$domain.conf + else + #Delete configs + ipv6="" + ip=$IP + remove_dns_config_records + fi +fi + +# Changing ip +update_object_value 'dns' 'DOMAIN' "$domain" '$IP6' "$ipv6" + +#update counters +records="$(wc -l $USER_DATA/dns/$domain.conf | cut -f1 -d ' ')" +update_object_value 'dns' 'DOMAIN' "$domain" '$RECORDS' "$records" +records=$(wc -l $USER_DATA/dns/*.conf | cut -f 1 -d ' ') +update_user_value "$user" '$U_DNS_RECORDS' "$records" + +# Updating zone +if [[ "$DNS_SYSTEM" =~ named|bind ]]; then + update_domain_serial + update_domain_zone +fi + +# Updating dns-cluster queue +if [ ! -z "$DNS_CLUSTER" ]; then + # Check for first sync + dlock=$(grep "domain $user $domain" $VESTA/data/queue/dns-cluster.pipe) + if [ -z "$dlock" ]; then + cmd="$BIN/v-add-remote-dns-domain $user $domain domain yes" + echo "$cmd" >> $VESTA/data/queue/dns-cluster.pipe + fi +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Restarting named +$BIN/v-restart-dns $restart +check_result $? "DNS restart failed" >/dev/null + +# Logging +log_history "changed dns ip for $domain to $ip" +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-change-dns-domain-tpl b/bin/v-change-dns-domain-tpl index 7f4d17b1..1bf501b5 100755 --- a/bin/v-change-dns-domain-tpl +++ b/bin/v-change-dns-domain-tpl @@ -81,6 +81,7 @@ fi # Changing tpl echo "$template_data" |\ sed -e "s/%ip%/$IP/g" \ + -e "s/%ipv6%/$IP6/g" \ -e "s/%domain_idn%/$domain_idn/g" \ -e "s/%domain%/$domain/g" \ -e "s/%ns1%/$ns1/g" \ diff --git a/bin/v-change-domain-owner b/bin/v-change-domain-owner index 09ae9bcc..1362f026 100755 --- a/bin/v-change-domain-owner +++ b/bin/v-change-domain-owner @@ -15,6 +15,7 @@ user=$2 # Includes source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/func/main.sh source $VESTA/conf/vesta.conf @@ -111,6 +112,10 @@ if [ ! -z "$dns_data" ]; then dns_data=$(echo "$dns_data" | sed "s/IP='$IP'/IP='$ip'/") sed -i "s/$IP/$ip/g" $VESTA/data/users/$owner/dns/$domain.conf fi + if [ ! -z "$ipv6" ]; then + dns_data=$(echo "$dns_data" | sed "s/IP6='$IPV6'/IP6='$ipv6'/") + sed -i "s/$IP6/$ipv6/g" $VESTA/data/users/$owner/dns/$domain.conf + fi # Move config sed -i "/DOMAIN='$domain'/d" $VESTA/data/users/$owner/dns.conf diff --git a/bin/v-change-firewall-ipv6-rule b/bin/v-change-firewall-ipv6-rule new file mode 100644 index 00000000..47479007 --- /dev/null +++ b/bin/v-change-firewall-ipv6-rule @@ -0,0 +1,85 @@ +#!/bin/bash +# info: change firewall rule +# options: RULE ACTION IPV6 PORT [PROTOCOL] [COMMENT] +# +# The function is used for changing existing firewall rule. +# It fully replace rule with new one but keeps same id. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Argument definition +rule=$1 +action=$(echo $2|tr '[:lower:]' '[:upper:]') +ipv6=$3 +port_ext=$4 +protocol=${5-TCP} +protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]') +comment=$6 + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + +# Sort function +sort_fw_rules() { + cat $VESTA/data/firewallv6/rules.conf |\ + sort -n -k 2 -t \' > $VESTA/data/firewallv6/rules.conf.tmp + mv -f $VESTA/data/firewallv6/rules.conf.tmp \ + $VESTA/data/firewallv6/rules.conf +} + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '5' "$#" 'RULE ACTION IPV6 PORT [PROTOCOL] [COMMENT]' +is_format_valid 'rule' 'action' 'protocol' 'port_ext' 'ipv6' +if [ ! -z "$comment" ]; then + is_format_valid 'comment' +fi +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' +is_object_valid '../../data/firewallv6/rules' 'RULE' "$rule" + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Generating timestamp +time_n_date=$(date +'%T %F') +time=$(echo "$time_n_date" |cut -f 1 -d \ ) +date=$(echo "$time_n_date" |cut -f 2 -d \ ) + +# Concatenating firewall rule +str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'" +str="$str IP6='$ipv6' COMMENT='$comment' SUSPENDED='no'" +str="$str TIME='$time' DATE='$date'" + +# Deleting old rule +sed -i "/RULE='$rule' /d" $VESTA/data/firewallv6/rules.conf + +# Adding new +echo "$str" >> $VESTA/data/firewallv6/rules.conf + +# Sorting firewall rules by id number +sort_fw_rules + +# Updating system firewall +$BIN/v-update-firewall-ipv6 + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-change-sys-ipv6-name b/bin/v-change-sys-ipv6-name new file mode 100644 index 00000000..d4da6a50 --- /dev/null +++ b/bin/v-change-sys-ipv6-name @@ -0,0 +1,48 @@ +#!/bin/bash +# info: change ip name +# options: IPV6 NAME +# +# The function for changing the name of the ip. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +ipv6=$1 +ip_name=$2 + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/ipv6.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'IPV6 IP_NAME' +is_format_valid 'ipv6' +is_format_valid 'ip_name' +is_ipv6_valid "$ipv6" + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Changing ip name +update_ipv6_value '$NAME' "$ip_name" + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_history "changed associated name of $ipv6 to $ip_name" '' 'admin' +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-change-sys-ipv6-owner b/bin/v-change-sys-ipv6-owner new file mode 100644 index 00000000..809a13dc --- /dev/null +++ b/bin/v-change-sys-ipv6-owner @@ -0,0 +1,81 @@ +#!/bin/bash +# info: change ip owner +# options: IPV6 USER +# +# The function of changing ip address ownership. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +ipv6=$1 +user=$2 + +# Includes +source $VESTA/func/ipv6.sh +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'IPV6 USER' +is_format_valid 'ipv6' 'user' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" +is_ip_valid "$ipv6" +is_ip_key_empty '$U_WEB_DOMAINS' +is_ip_key_empty '$U_SYS_USERS' + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Changing ip owner +ip_owner=$(get_ipv6_value '$OWNER') +if [ "$ip_owner" != "$user" ]; then + ip_status="$(get_ipv6_value '$STATUS')" + update_ipv6_value '$OWNER' "$user" + decrease_user_value "$ipv6_owner" '$IPV6_OWNED' + if [ "$ip_owner" = 'admin' ]; then + if [ "$ip_status" = 'shared' ]; then + for vesta_user in $(ls $VESTA/data/users); do + decrease_user_value "$vesta_user" '$IPV6_AVAIL' + done + else + decrease_user_value 'admin' '$IPV6_AVAIL' + fi + else + decrease_user_value "$ip_owner" '$IPV6_AVAIL' + decrease_user_value 'admin' '$IPV6_AVAIL' + fi + + increase_user_value "$user" '$IP_OWNED' + if [ "$user" = 'admin' ]; then + if [ "$ip_status" = 'shared' ]; then + for user in $(ls $VESTA/data/users); do + increase_user_value "$user" '$IPV6_AVAIL' + done + else + increase_user_value 'admin' '$IPV6_AVAIL' + fi + else + increase_user_value "$user" '$IPV6_AVAIL' + increase_user_value 'admin' '$IPV6_AVAIL' + fi +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_history "changed owner of $ipv6 to $user" '' 'admin' +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-change-sys-ipv6-status b/bin/v-change-sys-ipv6-status new file mode 100644 index 00000000..ee1e6865 --- /dev/null +++ b/bin/v-change-sys-ipv6-status @@ -0,0 +1,56 @@ +#!/bin/bash +# info: change ip status +# options: IPV6 IP_STATUS +# +# The function of changing an ip address's status. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +ipv6=$1 +ip_status=$2 + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/ipv6.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'IPV6 IP_STATUS' +is_format_valid 'ipv6' 'ip_status' +is_ipv6_valid "$ipv6" +if [ "$ip_status" = "$(get_ipv6_value '$STATUS')" ]; then + check_result "$E_EXISTS" "status $ip_status is already set" +fi +web_domains=$(get_ipv6_value '$U_WEB_DOMAINS') +sys_user=$(get_ipv6_value '$U_SYS_USERS') +ip_owner=$(get_ipv6_value '$OWNER') +if [ "$web_domains" -ne '0' ] && [ "$sys_user" != "$ip_owner" ]; then + check_result "$E_INUSE" "ip $ipv6 is used" +fi + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Changing ip name +update_ipv6_value '$STATUS' "$ip_status" + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_history "changed $ipv6 status to $ip_status" '' 'admin' +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-change-user-package b/bin/v-change-user-package index d0de98db..578dc0da 100755 --- a/bin/v-change-user-package +++ b/bin/v-change-user-package @@ -110,6 +110,8 @@ SUSPENDED_DB='$SUSPENDED_DB' SUSPENDED_CRON='$SUSPENDED_CRON' IP_AVAIL='$IP_AVAIL' IP_OWNED='$IP_OWNED' +IPV6_AVAIL='$IP_AVAIL' +IPV6_OWNED='$IP_OWNED' U_USERS='$U_USERS' U_DISK='$U_DISK' U_DISK_DIRS='$U_DISK_DIRS' diff --git a/bin/v-change-web-domain-backend-tpl b/bin/v-change-web-domain-backend-tpl index 62918d09..7b8bba75 100755 --- a/bin/v-change-web-domain-backend-tpl +++ b/bin/v-change-web-domain-backend-tpl @@ -20,6 +20,7 @@ restart=$4 source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf # Additional argument formatting @@ -77,29 +78,59 @@ if [ "$backend_type" = "$user" ]; then for domain in $(shell_list); do get_domain_values 'web' local_ip=$(get_real_ip $IP) - prepare_web_domain_values + ipv6=$IP6 + + # Deleting vhost configuration IPv4 + if [ ! -z "$local_ip" ]; then + old=$local_ip + # Deleting proxy + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi + fi - # Rebuilding vhost - del_web_config "$WEB_SYSTEM" "$TPL.tpl" + # Deleting vhost configuration IPv6 + if [ ! -z "$IP6" ]; then + old=$IP6 + + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi + fi + + prepare_web_domain_values add_web_config "$WEB_SYSTEM" "$TPL.tpl" if [ "$SSL" = 'yes' ]; then - del_web_config "$WEB_SYSTEM" "$TPL.stpl" add_web_config "$WEB_SYSTEM" "$TPL.stpl" fi # Rebuilding proxy configuration if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" if [ "$SSL" = 'yes' ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" fi fi # Update config - add_object_key "web" 'DOMAIN' "$domain" 'BACKEND' 'PROXY' - update_object_value 'web' 'DOMAIN' "$domain" '$BACKEND' "$template" + add_object_key "web" 'DOMAIN' "$domain_idn" 'BACKEND' 'PROXY' + update_object_value 'web' 'DOMAIN' "$domain_idn" '$BACKEND' "$template" done # Chaning template in user config @@ -114,29 +145,61 @@ else # Parsing domain values get_domain_values 'web' local_ip=$(get_real_ip $IP) + ipv6=$IP6 + + # Deleting vhost configuration IPv4 + if [ ! -z "$local_ip" ]; then + old=$local_ip + # Deleting proxy + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi + fi + + # Deleting vhost configuration IPv6 + if [ ! -z "$IP6" ]; then + old=$IP6 + + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi + fi + prepare_web_domain_values # Rebuilding vhost - del_web_config "$WEB_SYSTEM" "$TPL.tpl" add_web_config "$WEB_SYSTEM" "$TPL.tpl" if [ "$SSL" = 'yes' ]; then - del_web_config "$WEB_SYSTEM" "$TPL.stpl" add_web_config "$WEB_SYSTEM" "$TPL.stpl" fi # Rebuilding proxy configuration if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" if [ "$SSL" = 'yes' ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" fi fi # Update config - add_object_key "web" 'DOMAIN' "$domain" 'BACKEND' 'PROXY' - update_object_value 'web' 'DOMAIN' "$domain" '$BACKEND' "$template" + add_object_key "web" 'DOMAIN' "$domain_idn" 'BACKEND' 'PROXY' + update_object_value 'web' 'DOMAIN' "$domain_idn" '$BACKEND' "$template" fi diff --git a/bin/v-change-web-domain-ip b/bin/v-change-web-domain-ip index 5b2ab31b..30d4e8a1 100755 --- a/bin/v-change-web-domain-ip +++ b/bin/v-change-web-domain-ip @@ -1,6 +1,6 @@ #!/bin/bash # info: change web domain ip -# options: USER DOMAIN DOMAIN [RESTART] +# options: USER DOMAIN IP [RESTART] # # The call is used for changing domain ip @@ -33,14 +33,20 @@ format_domain_idn #----------------------------------------------------------# check_args '3' "$#" 'USER DOMAIN IP [RESTART]' -is_format_valid 'user' 'domain' 'ip' +is_format_valid 'user' 'domain' is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" is_object_valid 'web' 'DOMAIN' "$domain" is_object_unsuspended 'web' 'DOMAIN' "$domain" -is_ip_valid "$ip" "$user" - +if [ "$ip" != "no" ]; then + is_format_valid 'ip' +fi +if [ "$ip" != "no" ]; then + is_ip_valid "$ip" "$user" +else + ip='' +fi #----------------------------------------------------------# # Action # @@ -48,24 +54,71 @@ is_ip_valid "$ip" "$user" # Preparing variables for vhost replace get_domain_values 'web' +if [ -z "$ip" ] && [ -z "$IP6" ]; then + check_result $E_INVALID "IP or IPv6 is required" +fi + old=$(get_real_ip $IP) new=$(get_real_ip $ip) -# Replacing vhost -replace_web_config "$WEB_SYSTEM" "$TPL.tpl" -if [ "$SSL" = 'yes' ]; then - replace_web_config "$WEB_SYSTEM" "$TPL.stpl" -fi +if [ -z "$old" ]; then + #Create new configs + # Preparing domain variables + prepare_web_domain_values -# Replacing proxy vhost -if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then - replace_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + local_ip=$ip + # Adding web server config + add_web_config "$WEB_SYSTEM" "$TPL.tpl" if [ "$SSL" = 'yes' ]; then - replace_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + add_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Adding proxy config + if [ ! -z "$PROXY_SYSTEM" ]; then + add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi +else + if [ ! -z "$new" ]; then + # Preparing domain variables + prepare_web_domain_values + + # Replacing vhost + replace_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + replace_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Replacing proxy vhost + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + replace_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + replace_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi + else + #Delete configs ... + # Preparing domain variables + prepare_web_domain_values + + # Replacing vhost + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Replacing proxy vhost + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi fi fi - #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# @@ -75,7 +128,7 @@ increase_ip_value "$new" decrease_ip_value "$old" # Update config -update_object_value 'web' 'DOMAIN' "$domain" '$IP' "$3" +update_object_value 'web' 'DOMAIN' "$domain" '$IP' "$ip" # Restart web server $BIN/v-restart-web $restart @@ -85,7 +138,7 @@ $BIN/v-restart-proxy $restart check_result $? "Proxy restart failed" >/dev/null # Logging -log_history "changed web domain $domain ip to $3" +log_history "changed web domain $domain ip to $ip" log_event "$OK" "$ARGUMENTS" exit diff --git a/bin/v-change-web-domain-ipv6 b/bin/v-change-web-domain-ipv6 new file mode 100644 index 00000000..eb8c8e57 --- /dev/null +++ b/bin/v-change-web-domain-ipv6 @@ -0,0 +1,142 @@ +#!/bin/bash +# info: change web domain ipv6 +# options: USER DOMAIN IPV6 [RESTART] +# +# The call is used for changing domain ip + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +user=$1 +domain=$2 +ipv6=$3 +restart=$4 + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/domain.sh +source $VESTA/func/ipv6.sh +source $VESTA/conf/vesta.conf + +# Additional argument formatting +format_domain +format_domain_idn + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '3' "$#" 'USER DOMAIN IPV6 [RESTART]' +is_format_valid 'user' 'domain' +is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" +is_object_valid 'web' 'DOMAIN' "$domain" +is_object_unsuspended 'web' 'DOMAIN' "$domain" +if [ "$ipv6" != "no" ]; then + is_format_valid 'ipv6' +fi +if [ "$ipv6" != "no" ]; then + is_ipv6_valid "$ipv6" "$user" +else + ipv6='' +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Preparing variables for vhost replace +get_domain_values 'web' +if [ -z "$ipv6" ] && [ -z "$IP" ]; then + check_result $E_INVALID "IP or IPv6 is required" +fi + +old=$IP6 +new=$ipv6 + +if [ -z "$old" ]; then + #Create new configs + # Preparing domain variables + prepare_web_domain_values + + local_ip="" + # Adding web server config + add_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + add_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Adding proxy config + if [ ! -z "$PROXY_SYSTEM" ]; then + add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi +else + if [ ! -z "$new" ]; then + # Preparing domain variables + prepare_web_domain_values + + # Replacing vhost + replace_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + replace_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Replacing proxy vhost + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + replace_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + replace_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi + else + #Delete configs ... + # Preparing domain variables + prepare_web_domain_values + + # Replacing vhost + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Replacing proxy vhost + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi + fi +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Update counters +increase_ipv6_value "$new" +decrease_ipv6_value "$old" + +# Update config +update_object_value 'web' 'DOMAIN' "$domain" '$IP6' "$ipv6" + +# Restart web server +$BIN/v-restart-web $restart +check_result $? "WEB restart failed" >/dev/null + +$BIN/v-restart-proxy $restart +check_result $? "Proxy restart failed" >/dev/null + +# Logging +log_history "changed web domain $domain ipv6 to $ipv6" +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-change-web-domain-name b/bin/v-change-web-domain-name index 6cbd1d99..7178dbf3 100755 --- a/bin/v-change-web-domain-name +++ b/bin/v-change-web-domain-name @@ -20,6 +20,7 @@ restart=$4 source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf # Additional argument formatting diff --git a/bin/v-change-web-domain-proxy-tpl b/bin/v-change-web-domain-proxy-tpl index 93f67723..f3b78528 100755 --- a/bin/v-change-web-domain-proxy-tpl +++ b/bin/v-change-web-domain-proxy-tpl @@ -22,6 +22,7 @@ restart="$5" source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf # Additional argument formatting @@ -52,11 +53,26 @@ is_proxy_template_valid $template # Parsing domain values get_domain_values 'web' local_ip=$(get_real_ip $IP) +ipv6=$IP6 -# Delete old vhost -del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" -if [ "$SSL" = 'yes' ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" +# Deleting vhost configuration IPv4 +if [ ! -z "$local_ip" ]; then + old=$local_ip + # Deleting proxy + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi +fi + +# Deleting domain +if [ ! -z "$IP6" ]; then + old=$IP6 + + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi fi # Add new vhost diff --git a/bin/v-change-web-domain-stats b/bin/v-change-web-domain-stats index 6355e4a1..81368b9c 100755 --- a/bin/v-change-web-domain-stats +++ b/bin/v-change-web-domain-stats @@ -67,6 +67,7 @@ rm -f $HOMEDIR/$user/conf/web/$STATS.$domain.conf prepare_web_domain_values cat $WEBTPL/$type/$type.tpl |\ sed -e "s/%ip%/$ip/g" \ + -e "s/%ipv6%/$ipv6/g" \ -e "s/%web_port%/$WEB_PORT/g" \ -e "s/%web_system%/$WEB_SYSTEM/g" \ -e "s/%web_ssl_port%/$WEB_SSL_PORT/g" \ diff --git a/bin/v-change-web-domain-tpl b/bin/v-change-web-domain-tpl index 9b9623bb..82f994df 100755 --- a/bin/v-change-web-domain-tpl +++ b/bin/v-change-web-domain-tpl @@ -21,6 +21,7 @@ restart=$4 source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf # Additional argument formatting @@ -50,11 +51,28 @@ is_web_template_valid "$template" # Parsing domain values get_domain_values 'web' local_ip=$(get_real_ip $IP) +ipv6=$IP6 + +# Deleting vhost configuration IPv4 +if [ ! -z "$local_ip" ]; then + old=$local_ip + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + + # Deleting SSL configuration and certificates + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl"- + fi +fi # Deleting domain -del_web_config "$WEB_SYSTEM" "$TPL.tpl" -if [ "$SSL" = 'yes' ]; then - del_web_config "$WEB_SYSTEM" "$TPL.stpl" +if [ ! -z "$IP6" ]; then + old=$IP6 + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + + # Deleting SSL configuration and certificates + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi fi # Defining variables for new vhost config diff --git a/bin/v-delete-dns-on-web-alias b/bin/v-delete-dns-on-web-alias index 87e68849..dc99f63d 100755 --- a/bin/v-delete-dns-on-web-alias +++ b/bin/v-delete-dns-on-web-alias @@ -61,15 +61,25 @@ else sub=$(echo "$dom_alias" | cut -f1 -d . -s) root=$(echo "$dom_alias" | sed "s/^$sub.//" ) if [ -e "$USER_DATA/dns/$root.conf" ]; then - if [ "$sub" == '*' ]; then - rec=$(grep -w "RECORD='\*'" $USER_DATA/dns/$root.conf) - else - rec=$(grep -w "RECORD='$sub'" $USER_DATA/dns/$root.conf) + total=0 + if [ $IPV4 == 'yes' ] ; then + ((total++)) fi - if [ ! -z "$rec" ]; then - eval "$rec" - $BIN/v-delete-dns-record $user "$root" "$ID" $restart + if [ $IPV6 == 'yes' ] ; then + ((total++)) fi + for (( i=1; i<=$total; i++ )) + do + if [ "$sub" == '*' ]; then + rec=$(grep -w "RECORD='\*'" $USER_DATA/dns/$root.conf) + else + rec=$(grep -w "RECORD='$sub'" $USER_DATA/dns/$root.conf) + fi + if [ ! -z "$rec" ]; then + eval "$rec" + $BIN/v-delete-dns-record $user "$root" "$ID" + fi + done fi fi diff --git a/bin/v-delete-dns-record b/bin/v-delete-dns-record index 4b4555df..5b965156 100755 --- a/bin/v-delete-dns-record +++ b/bin/v-delete-dns-record @@ -69,7 +69,7 @@ fi # Vesta # #----------------------------------------------------------# -# Upddate counters +# Update counters records="$(wc -l $USER_DATA/dns/$domain.conf | cut -f1 -d ' ')" update_object_value 'dns' 'DOMAIN' "$domain" '$RECORDS' "$records" decrease_user_value "$user" '$U_DNS_RECORDS' diff --git a/bin/v-delete-firewall-ipv6-ban b/bin/v-delete-firewall-ipv6-ban new file mode 100644 index 00000000..b8dd2088 --- /dev/null +++ b/bin/v-delete-firewall-ipv6-ban @@ -0,0 +1,64 @@ +#!/bin/bash +# info: delete firewall blocking rule +# options: IP CHAIN +# +# The function deletes blocking rule from system firewall + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Argument definition +ipv6=$1 +chain=$(echo $2|tr '[:lower:]' '[:upper:]') + +# Defining absolute path for iptables and modprobe +iptables="/sbin/ip6tables" + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'IP CHAIN' +is_format_valid 'ipv6' 'chain' +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Checking ip in banlist +conf="$VESTA/data/firewallv6/banlist.conf" +check_ip=$(grep "IP6='$ipv6' CHAIN='$chain'" $conf 2>/dev/null) +if [ -z "$check_ip" ]; then + exit +fi + +# Deleting ip from banlist +sip=$(echo "$ipv6"| sed "s|/|\\\/|g") +sed -i "/IP6='$sip' CHAIN='$chain'/d" $conf +b=$($iptables -L fail2ban-$chain --line-number -n|grep $ipv6|awk '{print $1}') +$iptables -D fail2ban-$chain $b 2>/dev/null + +# Changing permissions +chmod 660 $conf + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-delete-firewall-ipv6-chain b/bin/v-delete-firewall-ipv6-chain new file mode 100644 index 00000000..9ffa2cbe --- /dev/null +++ b/bin/v-delete-firewall-ipv6-chain @@ -0,0 +1,66 @@ +#!/bin/bash +# info: delete firewall chain +# options: CHAIN +# +# The function adds new rule to system firewall + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Argument definition +chain=$(echo $1 | tr '[:lower:]' '[:upper:]') + +# Defining absolute path to iptables +iptables="/sbin/ip6tables" + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'CHAIN' +is_format_valid 'chain' +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Deleting chain +chains=$VESTA/data/firewallv6/chains.conf +banlist=$VESTA/data/firewallv6/banlist.conf +chain_param=$(grep "CHAIN='$chain'" $chains 2>/dev/null) +if [ ! -z "$chain_param" ]; then + eval $chain_param + sed -i "/CHAIN='$chain'/d" $chains + sed -i "/CHAIN='$chain'/d" $banlist + $iptables -D INPUT -p $PROTOCOL \ + --dport $PORT -j fail2ban-$CHAIN 2>/dev/null +fi + +# Deleting iptables chain +$iptables -F fail2ban-$CHAIN 2>/dev/null +$iptables -X fail2ban-$CHAIN 2>/dev/null + +# Changing permissions +chmod 660 $chains + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-delete-firewall-ipv6-rule b/bin/v-delete-firewall-ipv6-rule new file mode 100644 index 00000000..ed2fcc20 --- /dev/null +++ b/bin/v-delete-firewall-ipv6-rule @@ -0,0 +1,51 @@ +#!/bin/bash +# info: delete firewall rule +# options: RULE +# +# The function deletes firewall rule. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Argument definition +rule=$1 + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'RULE' +is_format_valid 'rule' +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' +is_object_valid '../../data/firewallv6/rules' 'RULE' "$rule" + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Deleting rule +sed -i "/RULE='$rule' /d" $VESTA/data/firewallv6/rules.conf + +# Updating system firewall +$BIN/v-update-firewall-ipv6 + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-delete-sys-firewall b/bin/v-delete-sys-firewall index 75b78794..9db96dcc 100755 --- a/bin/v-delete-sys-firewall +++ b/bin/v-delete-sys-firewall @@ -29,6 +29,7 @@ fi # Stopping firewall $BIN/v-stop-firewall +$BIN/v-stop-firewall-ipv6 # Updating FIREWALL_SYSTEM value if [ -z "$(grep FIREWALL_SYSTEM $VESTA/conf/vesta.conf)" ]; then diff --git a/bin/v-delete-sys-ipv6 b/bin/v-delete-sys-ipv6 new file mode 100644 index 00000000..78509fd0 --- /dev/null +++ b/bin/v-delete-sys-ipv6 @@ -0,0 +1,149 @@ +#!/bin/bash +# info: delete system ipv6 +# options: IPV6 +# +# The function for deleting a system ip. It does not allow to delete first ip +# on interface and do not allow to delete ip which is used by a web domain. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +ipv6=$1 + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/ipv6.sh +source $VESTA/func/domain.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'IPV6' +is_format_valid 'ipv6' +is_ip_valid "$ipv6" +is_ip_key_empty '$U_WEB_DOMAINS' +is_ip_key_empty '$U_SYS_USERS' + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Import ip variables +source $VESTA/data/ips/$ipv6 +cidr=$(convert_netmaskv6 $NETMASK) + +# Checking main ip on the interface +interface=$(/sbin/ip -6 addr | grep "$ipv6/$cidr" | awk '{print $NF}') +if [ ! -z "$interface" ] && [ -z "$(echo $interface |cut -s -f2 -d :)" ]; then + echo "Error: can't delete main IP address" + log_event "$E_FORBIDEN" "$ARGUMENTS" + exit $E_FORBIDEN +fi + +# Deleting system ip +if [ ! -z "$interface" ]; then + /sbin/ip -6 addr del $ip/$cidr dev $INTERFACE + if [ "$?" -ne 0 ]; then + echo "Error: can't delete system ip" + log_event "$E_FORBIDEN" "$ARGUMENTS" + exit $E_FORBIDEN + fi +fi + +# Deleting startup conf on RHEL/CentOS/Fedora +if [ -e "/etc/sysconfig/network-scripts/ifcfg-$interface" ]; then + rm -f /etc/sysconfig/network-scripts/ifcfg-$interface +fi + +# Deleting startup conf on Debian/Ubuntu +if [ -e "/etc/network/interfaces" ]; then + ip_str=$(grep -n $ip$ /etc/network/interfaces |cut -f1 -d:) + if [ ! -z "$ip_str" ]; then + first_str=$((ip_str - 3)) + last_str=$((ip_str + 1)) + sed -i "$first_str,$last_str d" /etc/network/interfaces + fi +fi + +# Deleting vesta ip +rm -f $VESTA/data/ips/$ipv6 + +# Deleting web config +if [ ! -z "$WEB_SYSTEM" ]; then + rm -f /etc/$WEB_SYSTEM/conf.d/$ipv6.conf +fi + +# Deleting proxy config +if [ ! -z "$PROXY_SYSTEM" ]; then + rm -f /etc/$PROXY_SYSTEM/conf.d/$ipv6.conf + + # mod_extract_forwarded + fw_conf="/etc/$WEB_SYSTEM/conf.d/mod_extract_forwarded.conf" + if [ -e "$fw_conf" ]; then + ips=$(grep 'MEFaccept 127.0.0.1' $fw_conf) + new_ips=$(echo "$ips" | sed "s/$ipv6//" ) + sed -i "s/$ips/$new_ips/g" $fw_conf + fi + + # mod_rpaf + rpaf_conf="/etc/$WEB_SYSTEM/mods-enabled/rpaf.conf" + if [ -e "$rpaf_conf" ]; then + ips=$(grep RPAFproxy_ips $rpaf_conf) + new_ips=$(echo "$rpaf_str" | sed "s/$ipv6//") + sed -i "s/$ips/$new_ips/g" $rpaf_conf + fi + + #mod_remoteip + remoteip_conf="/etc/$WEB_SYSTEM/mods-enabled/remoteip.conf" + if [ -e "$remoteip_conf" ]; then + sed -i "s/RemoteIPInternalProxy $ipv6//g" $remoteip_conf + fi +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Updating user conf +if [ ! -z "$OWNER" ]; then + decrease_user_value "$OWNER" '$IPV6_OWNED' +fi + +if [ "$OWNER" = 'admin' ]; then + if [ "$STATUS" = 'shared' ]; then + for user in $(ls $VESTA/data/users/); do + decrease_user_value "$user" '$IPV6_AVAIL' + done + fi +else + decrease_user_value "$OWNER" '$IPV6_AVAIL' +fi + +# Restarting web server +$BIN/v-restart-web +check_result $? "Web restart failed" >/dev/null + +# Restarting proxy server +if [ ! -z "$PROXY_SYSTEM" ]; then + $BIN/v-restart-proxy + check_result $? "Proxy restart failed" >/dev/null +fi + +# Restarting firewall +if [ ! -z "$FIREWALL_SYSTEM" ]; then + $BIN/v-update-firewall +fi + +# Logging +log_history "deleted system ip address $ip" +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-delete-user b/bin/v-delete-user index c452f0a0..f635ee08 100755 --- a/bin/v-delete-user +++ b/bin/v-delete-user @@ -19,6 +19,7 @@ source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/db.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf @@ -69,6 +70,8 @@ fi # Releasing user ips $BIN/v-delete-user-ips "$user" check_result "$?" "user ip release failed" +$BIN/v-delete-user-ips-v6 "$user" +check_result "$?" "user ipv6 release failed" # Deleteing user pipes sed -i "/ $user$/d" $VESTA/data/queue/disk.pipe diff --git a/bin/v-delete-user-ips b/bin/v-delete-user-ips index 7f8e3224..34b7935c 100755 --- a/bin/v-delete-user-ips +++ b/bin/v-delete-user-ips @@ -36,7 +36,7 @@ fi #----------------------------------------------------------# # Parsing user ips -ip_list=$(grep -H "OWNER='$user'" $VESTA/data/ips/* | cut -f 1 -d:) +ip_list=$(grep -H -A10 "OWNER='$user'" $VESTA/data/ips/* |grep "VERSION='4'" | cut -f 1 -d '-') for ip in $ip_list; do ip=$(basename $ip) diff --git a/bin/v-delete-user-ipv6s b/bin/v-delete-user-ipv6s new file mode 100644 index 00000000..35a41c5c --- /dev/null +++ b/bin/v-delete-user-ipv6s @@ -0,0 +1,63 @@ +#!/bin/bash +# info: delete user ips +# options: USER +# +# The function deletes all user's ip addresses. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +user=$1 + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/ipv6.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'USER' +is_format_valid 'user' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" +if [ "$user" = 'admin' ]; then + exit +fi + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Parsing user ips +ip_list=$(grep -H -A10 "OWNER='$user'" $VESTA/data/ips/* |grep "VERSION='6'" | cut -f 1 -d '-') + +for ip in $ip_list; do + ip=$(basename $ip) + + # Checking webdomains and users + is_ip_key_empty '$U_WEB_DOMAINS' + is_ip_key_empty '$U_SYS_USERS' + + # Assig ip to main account + update_ip_value '$OWNER' 'admin' + update_ip_value '$STATUS' 'dedicated' + increase_user_value 'admin' '$IP_OWNED' + increase_user_value 'admin' '$IP_AVAIL' +done + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit \ No newline at end of file diff --git a/bin/v-delete-web-domain b/bin/v-delete-web-domain index 43362e34..76e2b5bd 100755 --- a/bin/v-delete-web-domain +++ b/bin/v-delete-web-domain @@ -22,6 +22,7 @@ restart=$3 source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf # Additional argument formatting @@ -81,8 +82,10 @@ for PHPV in /etc/php/*; do fi done -# Deleting domain from web.conf -sed -i "/DOMAIN='$domain'/ d" $USER_DATA/web.conf +if [ -z "$IP6" ]; then + # Deleting domain from web.conf + sed -i "/DOMAIN='$domain'/ d" $USER_DATA/web.conf +fi # Deleting vhost configuration del_web_config "$WEB_SYSTEM" "$TPL.tpl" @@ -94,14 +97,55 @@ if [ "$SSL" = 'yes' ]; then rm -f $USER_DATA/ssl/$domain.* fi -# Deleting proxy -if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" +# Deleting vhost configuration IPv4 +if [ ! -z "$local_ip" ]; then + old=$local_ip + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + + # Deleting SSL configuration and certificates if [ "$SSL" = 'yes' ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + rm -f $HOMEDIR/$user/conf/web/ssl.$domain.* + rm -f $USER_DATA/ssl/$domain.* fi - if [ -e "/etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf" ]; then - sed -i "/=$domain:/d" /etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf + + # Deleting proxy + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + if [ -e "/etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf" ]; then + sed -i "/=$domain:/d" /etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf + fi + fi +fi + +# Deleting vhost configuration IPv6 +web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l) +if [ ! -z "$IP6" ] && [ "$web_domain" -gt '0' ]; then + # Deleting domain from web.conf + sed -i "/DOMAIN='$domain'/d" $USER_DATA/web.conf + + old=$IP6 + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + + # Deleting SSL configuration and certificates + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + rm -f $HOMEDIR/$user/conf/web/ssl.$domain.* + rm -f $USER_DATA/ssl/$domain.* + fi + + # Deleting proxy + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + if [ -e "/etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf" ]; then + sed -i "/=$domain:/d" /etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf + fi fi fi @@ -138,6 +182,7 @@ rm -rf $HOMEDIR/$user/web/$domain # Decreasing user counters decrease_ip_value "$local_ip" +decrease_ipv6_value "$IP6" decrease_user_value "$user" '$U_WEB_DOMAINS' if [ "$SSL" = 'yes' ]; then decrease_user_value "$user" '$U_WEB_SSL' diff --git a/bin/v-delete-web-domain-alias b/bin/v-delete-web-domain-alias index 45bef00b..ca1e3d79 100755 --- a/bin/v-delete-web-domain-alias +++ b/bin/v-delete-web-domain-alias @@ -20,6 +20,7 @@ restart=$4 source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf diff --git a/bin/v-delete-web-domain-proxy b/bin/v-delete-web-domain-proxy index 73eeabb7..52b20ac5 100755 --- a/bin/v-delete-web-domain-proxy +++ b/bin/v-delete-web-domain-proxy @@ -1,4 +1,4 @@ -#!/bin/bash + #!/bin/bash # info: deleting web domain proxy configuration # options: USER DOMAIN # diff --git a/bin/v-list-dns-domain b/bin/v-list-dns-domain index c9c3f1ea..c77c120b 100755 --- a/bin/v-list-dns-domain +++ b/bin/v-list-dns-domain @@ -22,6 +22,7 @@ json_list() { echo '{' echo ' "'$DOMAIN'": { "IP": "'$IP'", + "IP6": "'$IP6'", "TPL": "'$TPL'", "TTL": "'$TTL'", "EXP": "'$EXP'", @@ -40,6 +41,7 @@ json_list() { shell_list() { echo "DOMAIN: $DOMAIN" echo "IP: $IP" + echo "IP6: $IP6" echo "TEMPLATE: $TPL" echo "TTL: $TTL" echo "EXP: $EXP" @@ -54,14 +56,14 @@ shell_list() { # PLAIN list function plain_list() { - echo -ne "$DOMAIN\t$IP\t$TPL\t$TTL\t$EXP\t$SOA\t$SERIAL\t$RECORDS\t" + echo -ne "$DOMAIN\t$IP\t$IP6\t$TPL\t$TTL\t$EXP\t$SOA\t$SERIAL\t$RECORDS\t" echo -e "$SUSPENDED\t$TIME\t$DATE" } # CSV list function csv_list() { - echo "DOMAIN,IP,TPL,TTL,EXP,SOA,SERIAL,RECORDS,SUSPENDED,TIME,DATE" - echo -n "$DOMAIN,$IP,$TPL,$TTL,$EXP,$SOA,$SERIAL,$RECORDS,$SUSPENDED," + echo "DOMAIN,IP,IP6,TPL,TTL,EXP,SOA,SERIAL,RECORDS,SUSPENDED,TIME,DATE" + echo -n "$DOMAIN,$IP,$IP6,$TPL,$TTL,$EXP,$SOA,$SERIAL,$RECORDS,$SUSPENDED," echo "$TIME,$DATE" } diff --git a/bin/v-list-dns-domains b/bin/v-list-dns-domains index 337760e3..af9edd82 100755 --- a/bin/v-list-dns-domains +++ b/bin/v-list-dns-domains @@ -26,6 +26,7 @@ json_list() { eval $str echo -n ' "'$DOMAIN'": { "IP": "'$IP'", + "IP6": "'$IP6'", "TPL": "'$TPL'", "TTL": "'$TTL'", "EXP": "'$EXP'", @@ -50,11 +51,11 @@ json_list() { # SHELL list function shell_list() { IFS=$'\n' - echo "DOMAIN IP TPL TTL REC SPND DATE" - echo "------ -- --- --- --- ---- ----" + echo "DOMAIN IP IP6 TPL TTL REC SPND DATE" + echo "------ -- --- --- --- --- ---- ----" while read str; do eval $str - echo "$DOMAIN $IP $TPL $TTL $RECORDS $SUSPENDED $DATE" + echo "$DOMAIN $IP $IP6 $TPL $TTL $RECORDS $SUSPENDED $DATE" done < <(cat $USER_DATA/dns.conf) } @@ -64,7 +65,7 @@ plain_list() { IFS=$'\n' while read str; do eval $str - echo -ne "$DOMAIN\t$IP\t$TPL\t$TTL\t$EXP\t$SOA\t$SERIAL\t" + echo -ne "$DOMAIN\t$IP\t$IP6\t$TPL\t$TTL\t$EXP\t$SOA\t$SERIAL\t" echo -e "$SRC\t$RECORDS\t$SUSPENDED\t$TIME\t$DATE" done < <(cat $USER_DATA/dns.conf) } @@ -73,10 +74,10 @@ plain_list() { # CSV list function csv_list() { IFS=$'\n' - echo "DOMAIN,IP,TPL,TTL,EXP,SOA,SERIAL,SRC,RECORDS,SUSPENDED,TIME,DATE" + echo "DOMAIN,IP,IP6,TPL,TTL,EXP,SOA,SERIAL,SRC,RECORDS,SUSPENDED,TIME,DATE" while read str; do eval $str - echo -n "$DOMAIN,$IP,$TPL,$TTL,$EXP,$SOA,$SERIAL," + echo -n "$DOMAIN,$IP,$IP6,$TPL,$TTL,$EXP,$SOA,$SERIAL," echo "$SRC,$RECORDS,$SUSPENDED,$TIME,$DATE" done < <(cat $USER_DATA/dns.conf) } diff --git a/bin/v-list-firewall-ipv6 b/bin/v-list-firewall-ipv6 new file mode 100644 index 00000000..fd7dbfe0 --- /dev/null +++ b/bin/v-list-firewall-ipv6 @@ -0,0 +1,96 @@ +#!/bin/bash +# info: list iptables rules +# options: [FORMAT] +# +# The function of obtaining the list of all iptables rules. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +format=${1-shell} + +# Includes +source $VESTA/func/main.sh + +# JSON list function +json_list() { + IFS=$'\n' + i=1 + objects=$(grep RULE $VESTA/data/firewallv6/rules.conf |wc -l) + echo "{" + while read str; do + eval $str + echo -n ' "'$RULE'": { + "ACTION": "'$ACTION'", + "PROTOCOL": "'$PROTOCOL'", + "PORT": "'$PORT'", + "IP6": "'$IP6'", + "COMMENT": "'$COMMENT'", + "SUSPENDED": "'$SUSPENDED'", + "TIME": "'$TIME'", + "DATE": "'$DATE'" + }' + if [ "$i" -lt "$objects" ]; then + echo ',' + else + echo + fi + ((i++)) + done < <(cat $VESTA/data/firewallv6/rules.conf) + echo '}' +} + +# SHELL list function +shell_list() { + IFS=$'\n' + echo "RULE^ACTION^PROTO^PORT^IP6^SPND^DATE" + echo "----^------^-----^----^--^----^----" + while read str; do + eval $str + echo "$RULE^$ACTION^$PROTOCOL^$PORT^$IP6^$SUSPENDED^$DATE" + done < <(cat $VESTA/data/firewallv6/rules.conf) +} + +# PLAIN list function +plain_list() { + IFS=$'\n' + while read str; do + eval $str + echo -ne "$RULE\t$ACTION\t$PROTOCOL\t$PORT\t$IP6\t$COMMENT\t" + echo -e "$SUSPENDED\t$TIME\t$DATE" + done < <(cat $VESTA/data/firewallv6/rules.conf) +} + +# CSV list function +csv_list() { + IFS=$'\n' + echo "RULE,ACTION,PROTOCOL,PORT,IP6,COMMENT,SUSPENDED,TIME,DATE" + while read str; do + eval $str + echo -n "$RULE,$ACTION,$PROTOCOL,$PORT,$IP6,\"$COMMENT\"," + echo "$SUSPENDED,$TIME,$DATE" + done < <(cat $VESTA/data/firewallv6/rules.conf) +} + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Listing data +case $format in + json) json_list ;; + plain) plain_list ;; + csv) csv_list ;; + shell) shell_list |column -t -s '^' ;; +esac + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit diff --git a/bin/v-list-firewall-ipv6-ban b/bin/v-list-firewall-ipv6-ban new file mode 100644 index 00000000..77cae989 --- /dev/null +++ b/bin/v-list-firewall-ipv6-ban @@ -0,0 +1,90 @@ +#!/bin/bash +# info: list firewall block list +# options: [FORMAT] +# +# The function of obtaining the list of currently blocked ips. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +format=${1-shell} + +# Includes +source $VESTA/func/main.sh + +# JSON list function +json_list() { + IFS=$'\n' + i=1 + objects=$(grep IP6 $VESTA/data/firewallv6/banlist.conf |wc -l) + echo "{" + while read str; do + eval $str + echo -n ' "'$IP6'": { + "IP6": "'$IP6'", + "CHAIN": "'$CHAIN'", + "TIME": "'$TIME'", + "DATE": "'$DATE'" + }' + if [ "$i" -lt "$objects" ]; then + echo ',' + else + echo + fi + ((i++)) + done < <(cat $VESTA/data/firewallv6/banlist.conf) + echo '}' +} + +# SHELL list function +shell_list() { + IFS=$'\n' + echo "IP6 CHAIN TIME DATE" + echo "--- ----- ---- ----" + while read str; do + eval $str + echo "$IP6 $CHAIN $TIME $DATE" + done < <(cat $VESTA/data/firewallv6/banlist.conf) +} + +# PLAIN list function +plain_list() { + IFS=$'\n' + while read str; do + eval $str + echo -e "$IP6\t$CHAIN\t$TIME\t$DATE" + done < <(cat $VESTA/data/firewallv6/banlist.conf) +} + +# CSV list function +csv_list() { + IFS=$'\n' + echo "IP6,CHAIN,TIME,DATE" + while read str; do + eval $str + echo "$IP6,$CHAIN,$TIME,$DATE" + done < <(cat $VESTA/data/firewallv6/banlist.conf) +} + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Listing data +case $format in + json) json_list ;; + plain) plain_list ;; + csv) csv_list ;; + shell) shell_list |column -t ;; +esac + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit diff --git a/bin/v-list-firewall-ipv6-rule b/bin/v-list-firewall-ipv6-rule new file mode 100644 index 00000000..732ac597 --- /dev/null +++ b/bin/v-list-firewall-ipv6-rule @@ -0,0 +1,88 @@ +#!/bin/bash +# info: list firewall rule +# options: RULE [FORMAT] +# +# The function of obtaining firewall rule parameters. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +rule=$1 +format=${2-shell} + +# Includes +source $VESTA/func/main.sh + +json_list() { + echo '{' + echo ' "'$RULE'": { + "ACTION": "'$ACTION'", + "PROTOCOL": "'$PROTOCOL'", + "PORT": "'$PORT'", + "IP6": "'$IP6'", + "COMMENT": "'$COMMENT'", + "SUSPENDED": "'$SUSPENDED'", + "TIME": "'$TIME'", + "DATE": "'$DATE'" + }' + echo '}' +} + +# SHELL list function +shell_list() { + echo "ACTION: $ACTION" + echo "PROTOCOL: $PROTOCOL" + echo "PORT: $PORT" + echo "IP6: $IP6" + echo "COMMENT: $COMMENT" + echo "SUSPENDED: $SUSPENDED" + echo "TIME: $TIME" + echo "DATE: $DATE" +} + +# PLAIN list function +plain_list() { + echo -ne "$RULE\t$ACTION\t$PROTOCOL\t$PORT\t$IP6\t$COMMENT\t" + echo -e "$SUSPENDED\t$TIME\t$DATE" +} + +# CSV list function +csv_list() { + echo "RULE,ACTION,PROTOCOL,PORT,IP6,COMMENT,SUSPENDED,TIME,DATE" + echo "$RULE,$ACTION,$PROTOCOL,$PORT,$IP6,$COMMENT,$SUSPENDED,$TIME,$DATE" +} + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'RULE [FORMAT]' +is_number_format_valid "$rule" "rule id" +is_object_valid '../../data/firewallv6/rules' 'RULE' "$rule" + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Parsing rules +eval $(grep "RULE='$rule'" $VESTA/data/firewallv6/rules.conf) + +# Listing data +case $format in + json) json_list ;; + plain) plain_list ;; + csv) csv_list ;; + shell) shell_list ;; +esac + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit diff --git a/bin/v-list-sys-ip b/bin/v-list-sys-ip index 3a7658c5..5778f542 100755 --- a/bin/v-list-sys-ip +++ b/bin/v-list-sys-ip @@ -30,7 +30,8 @@ json_list() { "NETMASK": "'$NETMASK'", "NAT": "'$NAT'", "TIME": "'$TIME'", - "DATE": "'$DATE'" + "DATE": "'$DATE'", + "VERSION": "'$VERSION'" }' echo '}' } @@ -48,20 +49,21 @@ shell_list() { echo "DOMAINS: $U_WEB_DOMAINS" echo "TIME: $TIME" echo "DATE: $DATE" + echo "VERSION: $VERSION" } # PLAIN list function plain_list() { echo -ne "$IP\t$OWNER\t$STATUS\t$NAME\t$U_SYS_USERS\t$U_WEB_DOMAINS\t" - echo -e "$INTERFACE\t$NETMASK\t$NAT\t$TIME\t$DATE" + echo -e "$INTERFACE\t$NETMASK\t$NAT\t$TIME\t$DATE\t$VERSION" } # CSV list function csv_list() { echo -n "IP,OWNER,STATUS,NAME,U_SYS_USERS,U_WEB_DOMAINS,INTERFACE" - echo "NETMASK,NAT,TIME,DATE" + echo "NETMASK,NAT,TIME,DATE,VERSION" echo -n "$IP,$OWNER,$STATUS,$NAME,\"$U_SYS_USERS\",$U_WEB_DOMAINS," - echo "$INTERFACE, $NETMASK,$NAT,$TIME,$DATE" + echo "$INTERFACE, $NETMASK,$NAT,$TIME,$DATE,$VERSION" } @@ -70,7 +72,7 @@ csv_list() { #----------------------------------------------------------# check_args '1' "$#" 'IP [FORMAT]' -is_format_valid 'ip' +is_format_valid 'ip46' if [ ! -e "$VESTA/data/ips/$ip" ]; then check_result $E_NOTEXIST "ip $ip doesn't exist" fi diff --git a/bin/v-list-sys-ips b/bin/v-list-sys-ips index c4f3a8c0..78a5ba5a 100755 --- a/bin/v-list-sys-ips +++ b/bin/v-list-sys-ips @@ -32,7 +32,8 @@ json_list() { "NETMASK": "'$NETMASK'", "NAT": "'$NAT'", "TIME": "'$TIME'", - "DATE": "'$DATE'" + "DATE": "'$DATE'", + "VERSION": "'$VERSION'" }' if [ "$i" -lt "$ip_count" ]; then echo ',' @@ -46,14 +47,14 @@ json_list() { # SHELL list function shell_list() { - echo "IP MASK NAT STATUS WEB DATE" - echo "-- ---- --- ------ --- ----" + echo "IP MASK NAT STATUS WEB DATE VERSION" + echo "-- ---- --- ------ --- ---- -------" while read IP; do source $VESTA/data/ips/$IP if [ -z "$NAT" ]; then NAT='no' fi - echo "$IP $NETMASK $NAT $STATUS $U_WEB_DOMAINS $DATE" + echo "$IP $NETMASK $NAT $STATUS $U_WEB_DOMAINS $DATE $VERSION" done < <(ls $VESTA/data/ips/) } @@ -62,18 +63,18 @@ plain_list() { while read IP; do source $VESTA/data/ips/$IP echo -ne "$IP\t$OWNER\t$STATUS\t$NAME\t$U_SYS_USERS\t$U_WEB_DOMAINS\t" - echo -e "$INTERFACE\t$NETMASK\t$NAT\t$TIME\t$DATE" + echo -e "$INTERFACE\t$NETMASK\t$NAT\t$TIME\t$DATE\t$VERSION" done < <(ls $VESTA/data/ips/) } # CSV list function csv_list() { echo -n "IP,OWNER,STATUS,NAME,U_SYS_USERS,U_WEB_DOMAINS,INTERFACE" - echo "NETMASK,NAT,TIME,DATE" + echo "NETMASK,NAT,TIME,DATE,VERSION" while read IP; do source $VESTA/data/ips/$IP echo -n "$IP,$OWNER,$STATUS,$NAME,\"$U_SYS_USERS\",$U_WEB_DOMAINS," - echo "$INTERFACE, $NETMASK,$NAT,$TIME,$DATE" + echo "$INTERFACE, $NETMASK,$NAT,$TIME,$DATE,$VERSION" done < <(ls $VESTA/data/ips/) } diff --git a/bin/v-list-user b/bin/v-list-user index 57b48bb3..d8aaebfd 100755 --- a/bin/v-list-user +++ b/bin/v-list-user @@ -53,6 +53,8 @@ json_list() { "SUSPENDED_CRON": "'$SUSPENDED_CRON'", "IP_AVAIL": "'$IP_AVAIL'", "IP_OWNED": "'$IP_OWNED'", + "IP6_AVAIL": "'$IP6_AVAIL'", + "IP6_OWNED": "'$IP6_OWNED'", "U_USERS": "'$U_USERS'", "U_DISK": "'$U_DISK'", "U_DISK_DIRS": "'$U_DISK_DIRS'", @@ -113,8 +115,8 @@ plain_list() { echo -ne "$CONTACT\t$CRON_REPORTS\t$RKEY\t$SUSPENDED\t" echo -ne "$SUSPENDED_USERS\t$SUSPENDED_WEB\t$SUSPENDED_DNS\t" echo -ne "$SUSPENDED_MAIL\t$SUSPENDED_DB\t$SUSPENDED_CRON\t" - echo -ne "$IP_AVAIL\t$IP_OWNED\t$U_USERS\t$U_DISK\t$U_DISK_DIRS\t" - echo -ne "$U_DISK_WEB\t$U_DISK_MAIL\t$U_DISK_DB\t$U_BANDWIDTH\t" + echo -ne "$IP_AVAIL\t$IP_OWNED\t$IP6_AVAIL\t$IP6_OWNED\t$U_USERS\t$U_DISK\t" + echo -ne "$U_DISK_DIRS\t$U_DISK_WEB\t$U_DISK_MAIL\t$U_DISK_DB\t$U_BANDWIDTH\t" echo -ne "$U_WEB_DOMAINS\t$U_WEB_SSL\t$U_WEB_ALIASES\t" echo -ne "$U_DNS_DOMAINS\t$U_DNS_RECORDS\t$U_MAIL_DOMAINS\t" echo -ne "$U_MAIL_DKIM\t$U_MAIL_ACCOUNTS\t$U_DATABASES\t" @@ -129,8 +131,8 @@ csv_list() { echo -n "DATABASES,CRON_JOBS,DISK_QUOTA,BANDWIDTH,NS,HOME,SHELL," echo -n "BACKUPS,CONTACT,CRON_REPORTS,RKEY,SUSPENDED,SUSPENDED_USERS," echo -n "SUSPENDED_WEB,SUSPENDED_DNS,SUSPENDED_MAIL,SUSPENDED_DB," - echo -n "SUSPENDED_CRON,IP_AVAIL,IP_OWNED,U_USERS,U_DISK,U_DISK_DIRS," - echo -n "U_DISK_WEB,U_DISK_MAIL,U_DISK_DB,U_BANDWIDTH,U_WEB_DOMAINS," + echo -n "SUSPENDED_CRON,IP_AVAIL,IP_OWNED,IP6_AVAIL,IP6_OWNED,U_USERS,U_DISK," + echo -n "U_DISK_DIRS,U_DISK_WEB,U_DISK_MAIL,U_DISK_DB,U_BANDWIDTH,U_WEB_DOMAINS," echo -n "U_WEB_SSL,U_WEB_ALIASES,U_DNS_DOMAINS,U_DNS_RECORDS," echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES" echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE" @@ -140,8 +142,8 @@ csv_list() { echo -n "$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,$DISK_QUOTA,$BANDWIDTH," echo -n "\"$NS\",$HOME,$SHELL,$BACKUPS,$CONTACT,$CRON_REPORTS,\"$RKEY\"," echo -n "$SUSPENDED,$SUSPENDED_USERS,$SUSPENDED_WEB,$SUSPENDED_DNS," - echo -n "$SUSPENDED_MAIL,$SUSPENDED_DB,$SUSPENDED_CRON,$IP_AVAIL," - echo -n "$IP_OWNED,$U_USERS,$U_DISK,$U_DISK_DIRS,$U_DISK_WEB," + echo -n "$SUSPENDED_MAIL,$SUSPENDED_DB,$SUSPENDED_CRON,$IP_AVAIL,$IP_OWNED," + echo -n "$IP6_AVAIL,$IP6_OWNED,$U_USERS,$U_DISK,$U_DISK_DIRS,$U_DISK_WEB," echo -n "$U_DISK_MAIL,$U_DISK_DB,$U_BANDWIDTH,$U_WEB_DOMAINS,$U_WEB_SSL," echo -n "$U_WEB_ALIASES,$U_DNS_DOMAINS,$U_DNS_RECORDS,$U_MAIL_DOMAINS," echo -n "$U_MAIL_DKIM,$U_MAIL_ACCOUNTS,$U_DATABASES,$U_CRON_JOBS," diff --git a/bin/v-list-user-ips b/bin/v-list-user-ips index dad6f6f8..c04fe613 100755 --- a/bin/v-list-user-ips +++ b/bin/v-list-user-ips @@ -1,6 +1,6 @@ #!/bin/bash # info: list user ips -# options: USER [FORMAT] +# options: USER [FORMAT] [VERSION] # # The function for obtaining the list of available ip addresses. @@ -12,6 +12,7 @@ # Argument definition user=$1 format=${2-shell} +version=${3-all} # Includes source $VESTA/func/main.sh @@ -27,6 +28,7 @@ json_list() { "OWNER": "'$OWNER'", "STATUS": "'$STATUS'", "NAME": "'$NAME'", + "VERSION": "'$VERSION'", "NAT": "'$NAT'" }' if [ "$i" -lt "$ip_count" ]; then @@ -41,8 +43,8 @@ json_list() { # SHELL list function shell_list() { - echo "IP NAT OWNER STATUS NAME" - echo "-- --- ----- ------ ---" + echo "IP NAT OWNER STATUS NAME VERSION" + echo "-- --- ----- ------ ---- -------" for IP in $ips; do source $VESTA/data/ips/$IP if [ -z "$NAT" ]; then @@ -51,7 +53,7 @@ shell_list() { if [ -z "$NAME" ]; then NAME='no' fi - echo "$IP $NAT $OWNER $STATUS $NAME" + echo "$IP $NAT $OWNER $STATUS $NAME $VERSION" done } @@ -59,16 +61,16 @@ shell_list() { plain_list() { for IP in $ips; do source $VESTA/data/ips/$IP - echo -e "$IP\t$OWNER\t$STATUS\t$NAME\t$NAT" + echo -e "$IP\t$OWNER\t$STATUS\t$NAME\t$NAT\t$VERSION" done } # CSV list function csv_list() { - echo "IP,OWNER,STATUS,NAME,NAT" + echo "IP,OWNER,STATUS,NAME,NAT,VERSION" for IP in $ips; do source $VESTA/data/ips/$IP - echo "$IP,$OWNER,$STATUS,$NAME,$NAT" + echo "$IP,$OWNER,$STATUS,$NAME,$NAT,$VERSION" done } @@ -87,14 +89,34 @@ is_object_valid 'user' 'USER' "$user" #----------------------------------------------------------# # Defining fileds to select -owner='admin' -owner_ips=$(grep -A 1 -H "OWNER='$owner'" $VESTA/data/ips/*) -owner_ips=$(echo "$owner_ips" |grep "STATUS='shared'") -owner_ips=$(echo "$owner_ips" |cut -f 7 -d / |cut -f 1 -d -) -user_ips=$(grep -H "OWNER='$user'" $VESTA/data/ips/*) -user_ips=$(echo "$user_ips" |cut -f 7 -d / |cut -f 1 -d :) -ips=$(echo -e "$user_ips\n$owner_ips" |sort -u |sed "/^$/d") -fields='$IP $OWNER $STATUS $NAME $NAT' +if [ "$version" == "6" ]; then + owner='admin' + owner_ips=$(grep -A 10 -H "OWNER='$owner'" $VESTA/data/ips/*) + owner_ips=$(echo "$owner_ips" |grep -A 10 "STATUS='shared'" |grep "VERSION='6'") + owner_ips=$(echo "$owner_ips" |cut -f 7 -d / |cut -f 1 -d -) + user_ips=$(grep -A 10 -H "OWNER='$user'" $VESTA/data/ips/* |grep "VERSION='6'") + user_ips=$(echo "$user_ips" |cut -f 1 -d '-' |cut -f 7 -d / |awk -F ':OWNER' '{print $1}') + ips=$(echo -e "$user_ips\n$owner_ips" |sort -u |sed "/^$/d") + fields='$IP $OWNER $STATUS $NAME $NAT' +elif [ "$version" == "4" ]; then + owner='admin' + owner_ips=$(grep -A 10 -H "OWNER='$owner'" $VESTA/data/ips/*) + owner_ips=$(echo "$owner_ips" |grep -A 10 "STATUS='shared'" |grep "VERSION='4'") + owner_ips=$(echo "$owner_ips" |cut -f 7 -d / |cut -f 1 -d -) + user_ips=$(grep -A 10 -H "OWNER='$user'" $VESTA/data/ips/* |grep "VERSION='4'") + user_ips=$(echo "$user_ips" |cut -f 1 -d '-' |cut -f 7 -d / |awk -F ':OWNER' '{print $1}') + ips=$(echo -e "$user_ips\n$owner_ips" |sort -u |sed "/^$/d") + fields='$IP $OWNER $STATUS $NAME $NAT' +else + owner='admin' + owner_ips=$(grep -A 1 -H "OWNER='$owner'" $VESTA/data/ips/*) + owner_ips=$(echo "$owner_ips" |grep "STATUS='shared'") + owner_ips=$(echo "$owner_ips" |cut -f 7 -d / |cut -f 1 -d -) + user_ips=$(grep -H "OWNER='$user'" $VESTA/data/ips/*) + user_ips=$(echo "$user_ips" |cut -f 1 -d '-' |cut -f 7 -d / |awk -F ':OWNER' '{print $1}') + ips=$(echo -e "$user_ips\n$owner_ips" |sort -u |sed "/^$/d") + fields='$IP $OWNER $STATUS $NAME $NAT' +fi # Listing data case $format in diff --git a/bin/v-list-users b/bin/v-list-users index 32a94736..753891aa 100755 --- a/bin/v-list-users +++ b/bin/v-list-users @@ -57,6 +57,8 @@ json_list() { "SUSPENDED_CRON": "'$SUSPENDED_CRON'", "IP_AVAIL": "'$IP_AVAIL'", "IP_OWNED": "'$IP_OWNED'", + "IPV6_AVAIL": "'$IPV6_AVAIL'", + "IPV6_OWNED": "'$IPV6_OWNED'", "U_USERS": "'$U_USERS'", "U_DISK": "'$U_DISK'", "U_DISK_DIRS": "'$U_DISK_DIRS'", diff --git a/bin/v-list-web-domains b/bin/v-list-web-domains index 23de5fb4..6482c5ae 100755 --- a/bin/v-list-web-domains +++ b/bin/v-list-web-domains @@ -59,11 +59,11 @@ json_list() { # SHELL list function shell_list() { IFS=$'\n' - echo "DOMAIN IP TPL SSL DISK BW SPND DATE" - echo "------ -- --- --- ---- -- ---- -----" + echo "DOMAIN IP IP6 TPL SSL DISK BW SPND DATE" + echo "------ -- --- --- --- ---- -- ---- ----" while read str; do eval $str - echo "$DOMAIN $IP $TPL $SSL $U_DISK $U_BANDWIDTH $SUSPENDED $DATE" + echo "$DOMAIN $IP $IP6 $TPL $SSL $U_DISK $U_BANDWIDTH $SUSPENDED $DATE" done < <(cat $USER_DATA/web.conf) } diff --git a/bin/v-rebuild-web-domains b/bin/v-rebuild-web-domains index 2094d19c..fa305c1d 100755 --- a/bin/v-rebuild-web-domains +++ b/bin/v-rebuild-web-domains @@ -17,6 +17,7 @@ restart=$2 source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/func/rebuild.sh source $VESTA/conf/vesta.conf diff --git a/bin/v-restart-service b/bin/v-restart-service index e46339f9..6742803c 100755 --- a/bin/v-restart-service +++ b/bin/v-restart-service @@ -39,6 +39,12 @@ else if [ $? -ne 0 ]; then check_result $E_RESTART "$service restart failed" fi + + $BIN/v-stop-firewall-ipv6 + $BIN/v-update-firewall-ipv6 + if [ $? -ne 0 ]; then + check_result $E_RESTART "$service restart failed" + fi fi diff --git a/bin/v-restore-user b/bin/v-restore-user index af451d88..c7ab9aab 100755 --- a/bin/v-restore-user +++ b/bin/v-restore-user @@ -37,6 +37,7 @@ fi source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/func/db.sh source $VESTA/func/rebuild.sh source $VESTA/conf/vesta.conf @@ -353,6 +354,15 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then old_ip=$IP IP=$ip fi + + # Checking ip address + check_ipv6=$(is_ipv6_valid $IP6 $user) + if [ ! -z "$check_ipv6" ]; then + local_ipv6='' + get_user_ipv6 $user + old_ipv6=$IP6 + IP6=$ipv6 + fi # Checking web template check_tpl=$(is_web_template_valid $TPL) @@ -514,11 +524,22 @@ if [ "$dns" != 'no' ] && [ ! -z "$DNS_SYSTEM" ]; then # Checking ip address check_ip=$(is_ip_valid $IP $user) if [ ! -z "$check_ip" ]; then - local_ip='' + local_ipv6='' get_user_ip $user old_ip=$IP IP=$ip fi + + # Checking ipv6 address + check_ipv6=$(is_ipv6_valid $IP6 $user) + if [ ! -z "$check_ipv6" ]; then + local_ip6='' + get_user_ipv6 $user + old_ipv6=$IP6 + IP6=$ipv6 + else + old_ipv6='' + fi # Checking dns template check_tpl=$(is_dns_template_valid $TPL) @@ -527,7 +548,7 @@ if [ "$dns" != 'no' ] && [ ! -z "$DNS_SYSTEM" ]; then fi # Concatenating dns.conf keys - str="DOMAIN='$domain' IP='$IP' TPL='$TPL' TTL='$TTL' EXP='$EXP'" + str="DOMAIN='$domain' IP='$IP' IP6='$IP6' TPL='$TPL' TTL='$TTL' EXP='$EXP'" str="$str SOA='$SOA' RECORDS='$RECORDS' SUSPENDED='no'" str="$str TIME='$(date +%T)' DATE='$(date +%F)'" echo $str >> $USER_DATA/dns.conf @@ -535,6 +556,14 @@ if [ "$dns" != 'no' ] && [ ! -z "$DNS_SYSTEM" ]; then # Restoring dns records cp -f $tmpdir/dns/$domain/vesta/$domain.conf $USER_DATA/dns/ + if [ -z "$old_ipv6" ] && [ ! -z "$IP6" ]; then + time_n_date=$(date +'%T %F') + time=$(echo "$time_n_date" |cut -f 1 -d \ ) + date=$(echo "$time_n_date" |cut -f 2 -d \ ) + ip="" + ipv6="$IP6" + add_dns_config_records + fi # Rebuilding dns domain rebuild_dns_domain_conf diff --git a/bin/v-stop-firewall-ipv6 b/bin/v-stop-firewall-ipv6 new file mode 100644 index 00000000..fa3abbc3 --- /dev/null +++ b/bin/v-stop-firewall-ipv6 @@ -0,0 +1,80 @@ +#!/bin/bash +# info: stop system firewall +# options: NONE +# +# The function stops iptables + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Defining absolute path for iptables and modprobe +iptables="/sbin/ip6tables" +modprobe="/sbin/modprobe" + +# Includes +source /etc/profile.d/vesta.sh +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +#is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Creating temporary file +tmp=$(mktemp) + +# Flushing INPUT chain +echo "$iptables -P INPUT ACCEPT" >> $tmp +echo "$iptables -F INPUT" >> $tmp + +# Deleting vesta chain +echo "$iptables -X vesta" >> $tmp + +# Deleting custom chains +chains=$(cat $VESTA/data/firewallv6/chains.conf 2>/dev/null) +IFS=$'\n' +for chain in $chains; do + eval $chain + echo "$iptables -F fail2ban-$CHAIN" >> $tmp + echo "$iptables -X fail2ban-$CHAIN" >> $tmp +done + +# Applying rules +bash $tmp 2>/dev/null + +# Deleting temporary file +rm -f $tmp + +# Saving rules to the master iptables file +if [ -e "/etc/redhat-release" ]; then + /sbin/ip6tables-save > /etc/sysconfig/ip6tables + if [ -z "$(ls /etc/rc3.d/S*ip6tables 2>/dev/null)" ]; then + /sbin/chkconfig ip6tables off + fi +else + /sbin/ip6tables-save > /etc/ip6tables.rules + preup="/etc/network/if-pre-up.d/ip6tables" + if [ ! -e "$preup" ]; then + echo '#!/bin/sh' > $preup + echo "/sbin/ip6tables-restore < /etc/ip6tables.rules" >> $preup + echo "exit 0" >> $preup + chmod +x $preup + fi +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit diff --git a/bin/v-suspend-firewall-ipv6-rule b/bin/v-suspend-firewall-ipv6-rule new file mode 100644 index 00000000..5d187c41 --- /dev/null +++ b/bin/v-suspend-firewall-ipv6-rule @@ -0,0 +1,49 @@ +#!/bin/bash +# info: suspend firewall rule +# options: RULE +# +# The function suspends a certain firewall rule. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +rule=$1 + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'RULE' +is_format_valid 'rule' +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' +is_object_valid '../../data/firewallv6/rules' 'RULE' "$rule" +is_object_unsuspended '../../data/firewallv6/rules' 'RULE' "$rule" + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Suspending rule +update_object_value ../../data/firewallv6/rules RULE $rule '$SUSPENDED' yes + +# Updating system firewall +$BIN/v-update-firewall-ipv6 + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-suspend-web-domain b/bin/v-suspend-web-domain index c9120122..85a9e3ba 100755 --- a/bin/v-suspend-web-domain +++ b/bin/v-suspend-web-domain @@ -57,24 +57,50 @@ local_ip=$(get_real_ip $IP) # Preparing domain values for the template substitution prepare_web_domain_values -# Rebuilding vhost -del_web_config "$WEB_SYSTEM" "$TPL.tpl" -add_web_config "$WEB_SYSTEM" "$TPL.tpl" -if [ "$SSL" = 'yes' ]; then - del_web_config "$WEB_SYSTEM" "$TPL.stpl" - add_web_config "$WEB_SYSTEM" "$TPL.stpl" -fi - -# Rebuilding proxy configuration -if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" - add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" +# Rebuilding vhost IPv4 +if [ ! -z "$local_ip" ]; then + old=$local_ip + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + add_web_config "$WEB_SYSTEM" "$TPL.tpl" if [ "$SSL" = 'yes' ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" - add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + add_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Rebuilding proxy configuration + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi fi fi +# Rebuilding vhost IPv6 +if [ ! -z "$IP6" ]; then + local_ip="" + ipv6=$IP6 + old=$IP6 + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + add_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + add_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Rebuilding proxy configuration + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi + fi + #----------------------------------------------------------# # Vesta # diff --git a/bin/v-unsuspend-firewall-ipv6-rule b/bin/v-unsuspend-firewall-ipv6-rule new file mode 100644 index 00000000..7accf7a9 --- /dev/null +++ b/bin/v-unsuspend-firewall-ipv6-rule @@ -0,0 +1,49 @@ +#!/bin/bash +# info: unsuspend firewall rule +# options: RULE +# +# The function unsuspends a certain firewall rule. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +rule=$1 + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'RULE' +is_format_valid 'rule' +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' +is_object_valid '../../data/firewallv6/rules' 'RULE' "$rule" +is_object_suspended '../../data/firewallv6/rules' 'RULE' "$rule" + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Suspending rule +update_object_value ../../data/firewallv6/rules RULE $rule '$SUSPENDED' no + +# Updating system firewall +$BIN/v-update-firewall-ipv6 + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-unsuspend-web-domain b/bin/v-unsuspend-web-domain index 91bc1e16..588da249 100755 --- a/bin/v-unsuspend-web-domain +++ b/bin/v-unsuspend-web-domain @@ -51,21 +51,47 @@ local_ip=$(get_real_ip $IP) # Preparing domain values for the template substitution prepare_web_domain_values -# Rebuilding vhost -del_web_config "$WEB_SYSTEM" "$TPL.tpl" -add_web_config "$WEB_SYSTEM" "$TPL.tpl" -if [ "$SSL" = 'yes' ]; then - del_web_config "$WEB_SYSTEM" "$TPL.stpl" - add_web_config "$WEB_SYSTEM" "$TPL.stpl" -fi - -# Rebuilding proxy configuration -if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" - add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" +# Rebuilding vhost IPv4 +if [ ! -z "$local_ip" ]; then + old=$local_ip + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + add_web_config "$WEB_SYSTEM" "$TPL.tpl" if [ "$SSL" = 'yes' ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" - add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + add_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Rebuilding proxy configuration + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi +fi + +# Rebuilding vhost IPv6 +if [ ! -z "$IP6" ]; then + old=$IP6 + local_ip="" + ipv6=$IP6 + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + add_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + add_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Rebuilding proxy configuration + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi fi fi diff --git a/bin/v-update-firewall b/bin/v-update-firewall index d3a46686..84a7a670 100755 --- a/bin/v-update-firewall +++ b/bin/v-update-firewall @@ -75,7 +75,10 @@ fi # Handling local traffic for ip in $(ls $VESTA/data/ips); do - echo "$iptables -A INPUT -s $ip -j ACCEPT" >> $tmp + source $VESTA/data/ips/$ip + if [ "4" = "$VERSION" ]; then + echo "$iptables -A INPUT -s $ip -j ACCEPT" >> $tmp + fi done echo "$iptables -A INPUT -s 127.0.0.1 -j ACCEPT" >> $tmp diff --git a/bin/v-update-firewall-ipv6 b/bin/v-update-firewall-ipv6 new file mode 100644 index 00000000..43492bf4 --- /dev/null +++ b/bin/v-update-firewall-ipv6 @@ -0,0 +1,192 @@ +#!/bin/bash +# info: update system firewall rules +# options: NONE +# +# The function updates iptables rules + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Defining absolute path for iptables and modprobe +iptables="/sbin/ip6tables" +modprobe="/sbin/modprobe" +sysctl="/sbin/sysctl" + +# Includes +source /etc/profile.d/vesta.sh +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Checking local IPv6 rules +rules="$VESTA/data/firewallv6/rules.conf" +ports="$VESTA/data/firewallv6/ports.conf" + +if [ ! -e "$rules" ]; then + exit +fi + +$sysctl net.netfilter.nf_conntrack_max >/dev/null 2>&1 +if [ $? -ne 0 ]; then + conntrack='no' +fi + +# Checking conntrack module avaiabilty +$modprobe nf_conntrack >/dev/null 2>&1 +$modprobe nf_conntrack_ftp >/dev/null 2>&1 +if [ $? -ne 0 ]; then + conntrack_ftp='no' +fi + +# Checking custom OpenSSH port +sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2) +if [[ "$sshport" =~ ^[0-9]+$ ]] && [ "$sshport" -ne "22" ]; then + sed -i "s/PORT='22'/PORT=\'$sshport\'/" $rules +fi + +# Creating temporary file +tmp=$(mktemp) + +# Flushing INPUT chain +echo "$iptables -P INPUT ACCEPT" >> $tmp +echo "$iptables -F INPUT" >> $tmp + +# Enabling stateful support +if [ "$conntrack" != 'no' ]; then + str="$iptables -A INPUT -m state" + str="$str --state ESTABLISHED,RELATED -j ACCEPT" + echo "$str" >> $tmp +fi + +# Handling local traffic +for ip in $(ls $VESTA/data/ips); do + source $VESTA/data/ips/$ip + if [ "6" = "$VERSION" ]; then + echo "$iptables -A INPUT -s $ip -j ACCEPT" >> $tmp + fi +done +echo "$iptables -A INPUT -s ::1 -j ACCEPT" >> $tmp + +# Pasring iptables rules +IFS=$'\n' +for line in $(sort -r -n -k 2 -t \' $rules); do + eval $line + if [ "$SUSPENDED" = 'no' ]; then + proto="-p $PROTOCOL" + port="--dport $PORT" + ip="-s $IP6" + state="" + action="-j $ACTION" + + # Adding multiport module + if [[ "$PORT" =~ ,|-|: ]] ; then + port="-m multiport --dports ${PORT//-/:}" + fi + + # Accepting all dst ports + if [[ "$PORT" = "0" ]] || [ "$PROTOCOL" = 'ICMPV6' ]; then + port="" + fi + + # Checking FTP for contrack module + if [ "$TYPE" = "FTP" ] || [ "$PORT" = '21' ]; then + if [ "$conntrack_ftp" != 'no' ]; then + state="-m conntrack --ctstate NEW" + else + port="-m multiport --dports 20,21,12000:12100" + fi + ftp="yes" + fi + + # Adding firewall rule + echo "$iptables -A INPUT $proto $port $ip $state $action" >> $tmp + fi +done + +# Switching chain policy to DROP +echo "$iptables -P INPUT DROP" >> $tmp + +# Adding vesta chain +echo "$iptables -N vesta" >> $tmp + +# Applying rules +bash $tmp 2>/dev/null + +# Deleting temporary file +rm -f $tmp + +# Checking custom trigger +if [ -x "$VESTA/data/firewallv6/custom.sh" ]; then + bash $VESTA/data/firewallv6/custom.sh +fi + +# Checking fail2ban support +if [ ! -z "$FIREWALL_EXTENSION" ]; then + for chain in $(cat $VESTA/data/firewallv6/chains.conf 2>/dev/null); do + eval $chain + if [[ "$PORT" =~ ,|-|: ]] ; then + port="-m multiport --dports $PORT" + else + port="--dport $PORT" + fi + echo "$iptables -N fail2ban-$CHAIN" >> $tmp + echo "$iptables -F fail2ban-$CHAIN" >> $tmp + echo "$iptables -I fail2ban-$CHAIN -s ::/0 -j RETURN" >> $tmp + echo "$iptables -I INPUT -p $PROTOCOL $port -j fail2ban-$CHAIN" >>$tmp + done + bash $tmp 2>/dev/null + rm -f $tmp + + for ban in $(cat $VESTA/data/firewallv6/banlist.conf 2>/dev/null); do + eval $ban + echo -n "$iptables -I fail2ban-$CHAIN 1 -s $IP" >> $tmp + echo " -j REJECT --reject-with icmp-port-unreachable" >> $tmp + done + bash $tmp 2>/dev/null + rm -f $tmp +fi + +# Saving rules to the master iptables file +if [ -e "/etc/redhat-release" ]; then + /sbin/ip6tables-save > /etc/sysconfig/ip6tables + if [ -z "$(ls /etc/rc3.d/S*ip6tables 2>/dev/null)" ]; then + /sbin/chkconfig ip6tables on + fi +else + /sbin/ip6tables-save > /etc/ip6tables.rules + preup="/etc/network/if-pre-up.d/iptables" + if [ ! -e "$preup" ]; then + echo '#!/bin/sh' > $preup + echo "/sbin/ip6tables-restore < /etc/ip6tables.rules" >> $preup + echo "exit 0" >> $preup + chmod +x $preup + fi +fi + +# Worarkound for OpenVZ +if [ -e "/proc/vz/veinfo" ]; then + dig @8.8.8.8 google.com +time=1 +tries=1 >/dev/null 2>&1 + if [ "$?" -ne 0 ]; then + $BIN/v-stop-firewall-ipv6 + fi +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit diff --git a/bin/v-update-user-counters b/bin/v-update-user-counters index b0f94430..23cb8f25 100755 --- a/bin/v-update-user-counters +++ b/bin/v-update-user-counters @@ -51,6 +51,8 @@ for user in $user_list; do SUSPENDED_CRON=0 IP_AVAIL=0 IP_OWNED=0 + IP6_AVAIL=0 + IP6_OWNED=0 U_USERS=0 U_DISK=0 DISK=0 @@ -89,16 +91,27 @@ for user in $user_list; do # Checking ip for ip in $(ls $VESTA/data/ips) ;do source $VESTA/data/ips/$ip - if [ "$OWNER" = "$user" ]; then - IP_OWNED=$((IP_OWNED + 1)) - IP_AVAIL=$((IP_AVAIL + 1)) - fi - if [ "$OWNER" = 'admin' ] && [ "$STATUS" = 'shared' ]; then - IP_AVAIL=$((IP_AVAIL + 1)) + if [ "$VERSION" = "4" ]; then + if [ "$OWNER" = "$user" ]; then + IP_OWNED=$((IP_OWNED + 1)) + IP_AVAIL=$((IP_AVAIL + 1)) + fi + if [ "$OWNER" = 'admin' ] && [ "$STATUS" = 'shared' ]; then + IP_AVAIL=$((IP_AVAIL + 1)) + fi + else + if [ "$OWNER" = "$user" ]; then + IP6_OWNED=$((IP6_OWNED + 1)) + IP6_AVAIL=$((IP6_AVAIL + 1)) + fi + if [ "$OWNER" = 'admin' ] && [ "$STATUS" = 'shared' ]; then + IP6_AVAIL=$((IP6_AVAIL + 1)) + fi fi done if [ "$user" = 'admin' ]; then - IP_AVAIL=$(ls $VESTA/data/ips | wc -l) + IP_AVAIL=$(ls $VESTA/data/ips | grep VERSION='4' | wc -l) + IP6_AVAIL=$(ls $VESTA/data/ips | grep VERSION='6' | wc -l) fi # Checking web system @@ -186,6 +199,8 @@ for user in $user_list; do update_user_value "$user" '$SUSPENDED_CRON' "$SUSPENDED_CRON" update_user_value "$user" '$IP_AVAIL' "$IP_AVAIL" update_user_value "$user" '$IP_OWNED' "$IP_OWNED" + update_user_value "$user" '$IP6_AVAIL' "$IP6_AVAIL" + update_user_value "$user" '$IP6_OWNED' "$IP6_OWNED" update_user_value "$user" '$U_USERS' "$U_USERS" update_user_value "$user" '$U_DISK' "$U_DISK" update_user_value "$user" '$U_DISK_DIRS' "$U_DISK_DIRS" diff --git a/bin/v-update-user-stats b/bin/v-update-user-stats index 23854328..f1775384 100755 --- a/bin/v-update-user-stats +++ b/bin/v-update-user-stats @@ -46,6 +46,7 @@ fi # Reset overal statistics TOTAL_IP_OWNED=0 +TOTAL_IP6_OWNED=0 TOTAL_U_DISK=0 TOTAL_U_DISK_DIRS=0 TOTAL_U_DISK_WEB=0 @@ -76,7 +77,7 @@ for user in $user_list; do DATE=$(date -d "$next_month -1day" +%F) # Compiling report string - s="DATE='$DATE' TIME='$TIME' PACKAGE='$PACKAGE' IP_OWNED='$IP_OWNED'" + s="DATE='$DATE' TIME='$TIME' PACKAGE='$PACKAGE' IP_OWNED='$IP_OWNED' IP6_OWNED='$IP6_OWNED'" s="$s DISK_QUOTA='$DISK_QUOTA' U_DISK='$U_DISK'" s="$s U_DISK_DIRS='$U_DISK_DIRS' U_DISK_WEB='$U_DISK_WEB'" s="$s U_DISK_MAIL='$U_DISK_MAIL' U_DISK_DB='$U_DISK_DB'" @@ -109,6 +110,7 @@ for user in $user_list; do # Increase overall counters TOTAL_IP_OWNED=$((TOTAL_IP_OWNED + IP_OWNED)) + TOTAL_IP6_OWNED=$((TOTAL_IP6_OWNED + IP6_OWNED)) TOTAL_U_DISK=$((TOTAL_U_DISK + U_DISK)) TOTAL_U_DISK_DIRS=$((TOTAL_U_DISK_DIRS + U_DISK_DIRS)) TOTAL_U_DISK_WEB=$((TOTAL_U_DISK_WEB + U_DISK_WEB)) @@ -133,7 +135,7 @@ done # Updating overall stats stats="$VESTA/data/users/admin/overall_stats.log" -s="DATE='$DATE' TIME='$TIME' PACKAGE='default' IP_OWNED='$TOTAL_IP_OWNED'" +s="DATE='$DATE' TIME='$TIME' PACKAGE='default' IP6_OWNED='$TOTAL_IP_OWNED' IP6_OWNED='$TOTAL_IP6_OWNED'" s="$s DISK_QUOTA='0' U_DISK='$TOTAL_U_DISK' U_DISK_DIRS='$TOTAL_U_DISK_DIRS'" s="$s U_DISK_WEB='$TOTAL_U_DISK_WEB' U_DISK_MAIL='$TOTAL_U_DISK_MAIL'" s="$s U_DISK_DB='$TOTAL_U_DISK_DB' BANDWIDTH='0'" diff --git a/func/domain.sh b/func/domain.sh index f2a45e71..c33d50e4 100644 --- a/func/domain.sh +++ b/func/domain.sh @@ -171,38 +171,72 @@ add_web_config() { if [[ "$2" =~ stpl$ ]]; then conf="$HOMEDIR/$user/conf/web/$domain.$1.ssl.conf" fi - + domain_idn=$domain format_domain_idn - cat $WEBTPL/$1/$WEB_BACKEND/$2 | \ - sed -e "s|%ip%|$local_ip|g" \ - -e "s|%domain%|$domain|g" \ - -e "s|%domain_idn%|$domain_idn|g" \ - -e "s|%alias%|${aliases//,/ }|g" \ - -e "s|%alias_idn%|${aliases_idn//,/ }|g" \ - -e "s|%alias_string%|$alias_string|g" \ - -e "s|%email%|info@$domain|g" \ - -e "s|%web_system%|$WEB_SYSTEM|g" \ - -e "s|%web_port%|$WEB_PORT|g" \ - -e "s|%web_ssl_port%|$WEB_SSL_PORT|g" \ - -e "s|%backend_lsnr%|$backend_lsnr|g" \ - -e "s|%rgroups%|$WEB_RGROUPS|g" \ - -e "s|%proxy_system%|$PROXY_SYSTEM|g" \ - -e "s|%proxy_port%|$PROXY_PORT|g" \ - -e "s|%proxy_ssl_port%|$PROXY_SSL_PORT|g" \ - -e "s/%proxy_extentions%/${PROXY_EXT//,/|}/g" \ - -e "s|%user%|$user|g" \ - -e "s|%group%|$user|g" \ - -e "s|%home%|$HOMEDIR|g" \ - -e "s|%docroot%|$docroot|g" \ - -e "s|%sdocroot%|$sdocroot|g" \ - -e "s|%ssl_crt%|$ssl_crt|g" \ - -e "s|%ssl_key%|$ssl_key|g" \ - -e "s|%ssl_pem%|$ssl_pem|g" \ - -e "s|%ssl_ca_str%|$ssl_ca_str|g" \ - -e "s|%ssl_ca%|$ssl_ca|g" \ - > $conf + if [ ! -z $local_ip ]; then + cat $WEBTPL/$1/$WEB_BACKEND/$2 | \ + sed -e "s|%ip%|$local_ip|g" \ + -e "s|%ipv6%|$ipv6|g" \ + -e "s|%domain%|$domain|g" \ + -e "s|%domain_idn%|$domain_idn|g" \ + -e "s|%alias%|${aliases//,/ }|g" \ + -e "s|%alias_idn%|${aliases_idn//,/ }|g" \ + -e "s|%alias_string%|$alias_string|g" \ + -e "s|%email%|info@$domain|g" \ + -e "s|%web_system%|$WEB_SYSTEM|g" \ + -e "s|%web_port%|$WEB_PORT|g" \ + -e "s|%web_ssl_port%|$WEB_SSL_PORT|g" \ + -e "s|%backend_lsnr%|$backend_lsnr|g" \ + -e "s|%rgroups%|$WEB_RGROUPS|g" \ + -e "s|%proxy_system%|$PROXY_SYSTEM|g" \ + -e "s|%proxy_port%|$PROXY_PORT|g" \ + -e "s|%proxy_ssl_port%|$PROXY_SSL_PORT|g" \ + -e "s/%proxy_extentions%/${PROXY_EXT//,/|}/g" \ + -e "s|%user%|$user|g" \ + -e "s|%group%|$user|g" \ + -e "s|%home%|$HOMEDIR|g" \ + -e "s|%docroot%|$docroot|g" \ + -e "s|%sdocroot%|$sdocroot|g" \ + -e "s|%ssl_crt%|$ssl_crt|g" \ + -e "s|%ssl_key%|$ssl_key|g" \ + -e "s|%ssl_pem%|$ssl_pem|g" \ + -e "s|%ssl_ca_str%|$ssl_ca_str|g" \ + -e "s|%ssl_ca%|$ssl_ca|g" \ + > $conf + fi + + if [ ! -z $ipv6 ] && [ "$ipv6" != "no" ]; then + cat $WEBTPL/$1/$WEB_BACKEND/$2 | \ + sed -e "s|%ip%|[$ipv6]|g" \ + -e "s|%domain%|$domain|g" \ + -e "s|%domain_idn%|$domain_idn|g" \ + -e "s|%alias%|${aliases//,/ }|g" \ + -e "s|%alias_idn%|${aliases_idn//,/ }|g" \ + -e "s|%alias_string%|$alias_string|g" \ + -e "s|%email%|info@$domain|g" \ + -e "s|%web_system%|$WEB_SYSTEM|g" \ + -e "s|%web_port%|$WEB_PORT|g" \ + -e "s|%web_ssl_port%|$WEB_SSL_PORT|g" \ + -e "s|%backend_lsnr%|$backend_lsnr|g" \ + -e "s|%rgroups%|$WEB_RGROUPS|g" \ + -e "s|%proxy_system%|$PROXY_SYSTEM|g" \ + -e "s|%proxy_port%|$PROXY_PORT|g" \ + -e "s|%proxy_ssl_port%|$PROXY_SSL_PORT|g" \ + -e "s/%proxy_extentions%/${PROXY_EXT//,/|}/g" \ + -e "s|%user%|$user|g" \ + -e "s|%group%|$user|g" \ + -e "s|%home%|$HOMEDIR|g" \ + -e "s|%docroot%|$docroot|g" \ + -e "s|%sdocroot%|$sdocroot|g" \ + -e "s|%ssl_crt%|$ssl_crt|g" \ + -e "s|%ssl_key%|$ssl_key|g" \ + -e "s|%ssl_pem%|$ssl_pem|g" \ + -e "s|%ssl_ca_str%|$ssl_ca_str|g" \ + -e "s|%ssl_ca%|$ssl_ca|g" \ + > $conf + fi chown root:$user $conf chmod 640 $conf @@ -222,8 +256,7 @@ add_web_config() { if [ -x "$WEBTPL/$1/$WEB_BACKEND/$trigger" ]; then $WEBTPL/$1/$WEB_BACKEND/$trigger \ - $user $domain $local_ip $HOMEDIR \ - $HOMEDIR/$user/web/$domain/public_html + $user $domain $local_ip $ipv6 $HOMEDIR $HOMEDIR/$user/web/$domain/public_html fi if [[ "$2" =~ ^PHP-FPM ]]; then @@ -233,6 +266,13 @@ add_web_config() { # Get config top and bottom line number get_web_config_lines() { + v_ip="" + if [ ! -z $old ]; then + v_ip=$old + fi + if [ -z "$v_ip" ]; then + check_result $E_PARSING "V_IP in get_web_config_lines is empty" + fi tpl_lines=$(egrep -ni "name %domain_idn%" $1 |grep -w %domain_idn%) tpl_lines=$(echo "$tpl_lines" |cut -f 1 -d :) tpl_last_line=$(wc -l $1 |cut -f 1 -d ' ') @@ -242,9 +282,9 @@ get_web_config_lines() { domain_idn=$domain format_domain_idn - vhost_lines=$(grep -niF "name $domain_idn" $2) + vhost_lines=$(grep -ni -A2 "$v_ip" $2| grep -iF "name $domain_idn") vhost_lines=$(echo "$vhost_lines" |egrep "$domain_idn($| |;)") #" - vhost_lines=$(echo "$vhost_lines" |cut -f 1 -d :) + vhost_lines=$(echo "$vhost_lines" |cut -f 1 -d : |cut -f 1 -d \-) if [ -z "$vhost_lines" ]; then check_result $E_PARSING "can't parse config $2" fi @@ -535,7 +575,122 @@ is_dns_nameserver_valid() { fi } +# Add DNS config +add_dns_config() { + spfip4="" + spfip6="" + if [ ! -z $ip ]; then + spfipv4="ip4:$ip"; + fi + if [ ! -z $ipv6 ]; then + spfipv6="ip6:$ipv6"; + fi + + # Adding dns zone to the user config + echo "$template_data" | grep -v '%ip' |\ + sed -e "s/%ip%/$ip/g" \ + -e "s/%ipv6%/$ipv6/g" \ + -e "s/%domain_idn%/$domain_idn/g" \ + -e "s/%domain%/$domain/g" \ + -e "s/%spfip4%/$spfipv4/g" \ + -e "s/%spfip6%/$spfipv6/g" \ + -e "s/%ns1%/$ns1/g" \ + -e "s/%ns2%/$ns2/g" \ + -e "s/%ns3%/$ns3/g" \ + -e "s/%ns4%/$ns4/g" \ + -e "s/%ns5%/$ns5/g" \ + -e "s/%ns6%/$ns6/g" \ + -e "s/%ns7%/$ns7/g" \ + -e "s/%ns8%/$ns8/g" \ + -e "s/%time%/$time/g" \ + -e "s/%date%/$date/g" > $USER_DATA/dns/$domain.conf + if [ ! -z $ip ]; then + echo "$template_data" |grep "%ip%" |\ + sed -e "s/%ip%/$ip/g" \ + -e "s/%ipv6%/$ipv6/g" \ + -e "s/%domain_idn%/$domain_idn/g" \ + -e "s/%domain%/$domain/g" \ + -e "s/%ns1%/$ns1/g" \ + -e "s/%ns2%/$ns2/g" \ + -e "s/%ns3%/$ns3/g" \ + -e "s/%ns4%/$ns4/g" \ + -e "s/%ns5%/$ns5/g" \ + -e "s/%ns6%/$ns6/g" \ + -e "s/%ns7%/$ns7/g" \ + -e "s/%ns8%/$ns8/g" \ + -e "s/%time%/$time/g" \ + -e "s/%date%/$date/g" >> $USER_DATA/dns/$domain.conf + fi + if [ ! -z $ipv6 ]; then + echo "$template_data" |grep "%ipv6%" |\ + sed -e "s/%ip%/$ip/g" \ + -e "s/%ipv6%/$ipv6/g" \ + -e "s/%domain_idn%/$domain_idn/g" \ + -e "s/%domain%/$domain/g" \ + -e "s/%ns1%/$ns1/g" \ + -e "s/%ns2%/$ns2/g" \ + -e "s/%ns3%/$ns3/g" \ + -e "s/%ns4%/$ns4/g" \ + -e "s/%ns5%/$ns5/g" \ + -e "s/%ns6%/$ns6/g" \ + -e "s/%ns7%/$ns7/g" \ + -e "s/%ns8%/$ns8/g" \ + -e "s/%time%/$time/g" \ + -e "s/%date%/$date/g" >> $USER_DATA/dns/$domain.conf + fi +} + +#Add DNS records +add_dns_config_records() { + template_data=$(cat $DNSTPL/$TPL.tpl) + + # Adding dns zone to the user config + template_data=$(echo "$template_data" |grep -v "v=spf1" |egrep "%ip(v6)?%") + if [ ! -z "$ip" ]; then + template_data=$(echo "$template_data" |grep "%ip%") + fi + if [ ! -z "$ipv6" ]; then + template_data=$(echo "$template_data" |grep "%ipv6%") + fi + + echo "$template_data" |\ + sed -e "s/%ip%/$ip/g" \ + -e "s/%ipv6%/$ipv6/g" \ + -e "s/%time%/$time/g" \ + -e "s/%date%/$date/g" \ + |awk -F 'ID=' '{print $2}' \ + |cut -d\' --complement -s -f1,2 \ + | while read line; do + id="" + get_next_dnsrecord + echo "ID='$id' $line" >> $USER_DATA/dns/$domain.conf + done +} + +#Remove DNS records +remove_dns_config_records() { + template_data=$(cat $DNSTPL/$TPL.tpl) + + # Search template data + template_data=$(echo "$template_data" |grep -v "v=spf1" |egrep "%ip(v6)?%") + if [ -z "$ip" ]; then + template_data=$(echo "$template_data" |grep "%ip%") + fi + if [ -z "$ipv6" ]; then + template_data=$(echo "$template_data" |grep "%ipv6%") + fi + + echo "$template_data" |\ + sed -e "s/%ip%/$old/g" \ + -e "s/%ipv6%/$old/g" \ + |awk -F 'ID=' '{print $2}' \ + |cut -d\' --complement -s -f1,2 \ + |awk -F ' SUSPENDED=' '{print $1}' \ + | while read line; do + sed -i "/$line/d" $USER_DATA/dns/$domain.conf + done +} #----------------------------------------------------------# # MAIL # diff --git a/func/ip.sh b/func/ip.sh index c99a3272..50585ad4 100644 --- a/func/ip.sh +++ b/func/ip.sh @@ -55,7 +55,7 @@ update_ip_value() { # Get ip name get_ip_alias() { - ip_name=$(grep "NAME=" $VESTA/data/ips/$local_ip |cut -f 2 -d \') + ip_name=$(grep "NAME=" $VESTA/data/ips/$local_ip 2>/dev/null |cut -f 2 -d \') if [ ! -z "$ip_name" ]; then echo "${1//./-}.$ip_name" fi @@ -64,64 +64,68 @@ get_ip_alias() { # Increase ip value increase_ip_value() { sip=${1-ip} - USER=$user - web_key='U_WEB_DOMAINS' - usr_key='U_SYS_USERS' - current_web=$(grep "$web_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') - current_usr=$(grep "$usr_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') - if [ -z "$current_web" ]; then - echo "Error: Parsing error" - log_event "$E_PARSING" "$ARGUMENTS" - exit $E_PARSING - fi - new_web=$((current_web + 1)) - if [ -z "$current_usr" ]; then - new_usr="$USER" - else - check_usr=$(echo -e "${current_usr//,/\n}" |grep -w $USER) - if [ -z "$check_usr" ]; then - new_usr="$current_usr,$USER" - else - new_usr="$current_usr" + if [ "$sip" != "no" ] && [ ! -z "$sip" ]; then + USER=$user + web_key='U_WEB_DOMAINS' + usr_key='U_SYS_USERS' + current_web=$(grep "$web_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') + current_usr=$(grep "$usr_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') + if [ -z "$current_web" ]; then + echo "Error: Parsing error" + log_event "$E_PARSING" "$ARGUMENTS" + exit $E_PARSING + fi + new_web=$((current_web + 1)) + if [ -z "$current_usr" ]; then + new_usr="$USER" + else + check_usr=$(echo -e "${current_usr//,/\n}" |grep -w $USER) + if [ -z "$check_usr" ]; then + new_usr="$current_usr,$USER" + else + new_usr="$current_usr" + fi fi - fi - sed -i "s/$web_key='$current_web'/$web_key='$new_web'/g" \ - $VESTA/data/ips/$sip - sed -i "s/$usr_key='$current_usr'/$usr_key='$new_usr'/g" \ - $VESTA/data/ips/$sip + sed -i "s/$web_key='$current_web'/$web_key='$new_web'/g" \ + $VESTA/data/ips/$sip + sed -i "s/$usr_key='$current_usr'/$usr_key='$new_usr'/g" \ + $VESTA/data/ips/$sip + fi } # Decrease ip value decrease_ip_value() { sip=${1-ip} - USER=$user - web_key='U_WEB_DOMAINS' - usr_key='U_SYS_USERS' + if [ "$sip" != "no" ] && [ ! -z "$sip" ]; then + USER=$user + web_key='U_WEB_DOMAINS' + usr_key='U_SYS_USERS' - current_web=$(grep "$web_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') - current_usr=$(grep "$usr_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') + current_web=$(grep "$web_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') + current_usr=$(grep "$usr_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') - if [ -z "$current_web" ]; then - check_result $E_PARSING "Parsing error" + if [ -z "$current_web" ]; then + check_result $E_PARSING "Parsing error" + fi + + new_web=$((current_web - 1)) + check_ip=$(grep $sip $USER_DATA/web.conf |wc -l) + if [ "$check_ip" -lt 2 ]; then + new_usr=$(echo "$current_usr" |\ + sed "s/,/\n/g"|\ + sed "s/^$user$//g"|\ + sed "/^$/d"|\ + sed ':a;N;$!ba;s/\n/,/g') + else + new_usr="$current_usr" + fi + + sed -i "s/$web_key='$current_web'/$web_key='$new_web'/g" \ + $VESTA/data/ips/$sip + sed -i "s/$usr_key='$current_usr'/$usr_key='$new_usr'/g" \ + $VESTA/data/ips/$sip fi - - new_web=$((current_web - 1)) - check_ip=$(grep $sip $USER_DATA/web.conf |wc -l) - if [ "$check_ip" -lt 2 ]; then - new_usr=$(echo "$current_usr" |\ - sed "s/,/\n/g"|\ - sed "s/^$user$//g"|\ - sed "/^$/d"|\ - sed ':a;N;$!ba;s/\n/,/g') - else - new_usr="$current_usr" - fi - - sed -i "s/$web_key='$current_web'/$web_key='$new_web'/g" \ - $VESTA/data/ips/$sip - sed -i "s/$usr_key='$current_usr'/$usr_key='$new_usr'/g" \ - $VESTA/data/ips/$sip } # Get ip address value @@ -195,10 +199,10 @@ get_broadcast() { # Get user ips get_user_ips() { - dedicated=$(grep -H "OWNER='$user'" $VESTA/data/ips/*) - dedicated=$(echo "$dedicated" |cut -f 1 -d : |sed 's=.*/==') - shared=$(grep -H -A1 "OWNER='admin'" $VESTA/data/ips/* |grep shared) - shared=$(echo "$shared" |cut -f 1 -d : |sed 's=.*/==' |cut -f 1 -d \-) + dedicated=$(grep -H -A10 "OWNER='$user'" $VESTA/data/ips/* |grep "VERSION='4'") + dedicated=$(echo "$dedicated" |cut -f 1 -d '-' |sed 's=.*/==') + shared=$(grep -H -A10 "OWNER='admin'" $VESTA/data/ips/* |grep -A10 shared |grep "VERSION='4'") + shared=$(echo "$shared" |cut -f 1 -d '-' |sed 's=.*/==' |cut -f 1 -d \-) for dedicated_ip in $dedicated; do shared=$(echo "$shared" |grep -v $dedicated_ip) done @@ -209,7 +213,8 @@ get_user_ips() { get_user_ip() { ip=$(get_user_ips |head -n1) if [ -z "$ip" ]; then - check_result $E_NOTEXIST "no IP is available" + ip="no" + #check_result $E_NOTEXIST "no IP is available" fi local_ip=$ip nat=$(grep "^NAT" $VESTA/data/ips/$ip |cut -f 2 -d \') diff --git a/func/ipv6.sh b/func/ipv6.sh new file mode 100644 index 00000000..5a35be50 --- /dev/null +++ b/func/ipv6.sh @@ -0,0 +1,224 @@ +# Check ipv6 ownership +is_ipv6_owner() { + owner=$(grep 'OWNER=' $VESTA/data/ips/$ipv6 |cut -f 2 -d \') + if [ "$owner" != "$user" ]; then + check_result $E_FORBIDEN "$ipv6 is not owned by $user" + fi +} + +# Check if ipv6 address is free +is_ipv6_free() { + if [ -e "$VESTA/data/ips/$ipv6" ]; then + check_result $E_EXISTS "$ipv6 is already exists" + fi +} + +# Get full interface name +get_ipv6_iface() { + i=$(/sbin/ip addr |grep -w $interface |\ + awk '{print $NF}' |tail -n 1 |cut -f 2 -d :) + if [ "$i" = "$interface" ]; then + n=0 + else + n=$((i + 1)) + fi + echo "$interface:$n" +} + + +# Check ipv6 address speciefic value +is_ipv6_key_empty() { + key="$1" + string=$(cat $VESTA/data/ips/$ipv6) + eval $string + eval value="$key" + if [ ! -z "$value" ] && [ "$value" != '0' ]; then + key="$(echo $key|sed -e "s/\$U_//")" + check_result $E_EXISTS "IP6 is in use / $key = $value" + fi +} + +# Update ipv6 address value +update_ipv6_value() { + key="$1" + value="$2" + conf="$VESTA/data/ips/$ipv6" + str=$(cat $conf) + eval $str + c_key=$(echo "${key//$/}") + eval old="${key}" + old=$(echo "$old" | sed -e 's/\\/\\\\/g' -e 's/&/\\&/g' -e 's/\//\\\//g') + new=$(echo "$value" | sed -e 's/\\/\\\\/g' -e 's/&/\\&/g' -e 's/\//\\\//g') + sed -i "$str_number s/$c_key='${old//\*/\\*}'/$c_key='${new//\*/\\*}'/g"\ + $conf +} + +# Get ipv6 name +get_ipv6_alias() { + ip_name=$(grep "NAME=" $VESTA/data/ips/$ipv6 2> /dev/null |cut -f 2 -d \') + if [ ! -z "$ip_name" ]; then + echo "${1//./-}.$ip_name" + fi +} + +# Increase ipv6 value +increase_ipv6_value() { + sip=${1-ipv6} + if [ "$sip" != "no" ] && [ ! -z "$sip" ]; then + USER=$user + web_key='U_WEB_DOMAINS' + usr_key='U_SYS_USERS' + current_web=$(grep "$web_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') + current_usr=$(grep "$usr_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') + if [ -z "$current_web" ]; then + echo "Error: Parsing error" + log_event "$E_PARSING" "$ARGUMENTS" + exit $E_PARSING + fi + new_web=$((current_web + 1)) + if [ -z "$current_usr" ]; then + new_usr="$USER" + else + check_usr=$(echo -e "${current_usr//,/\n}" |grep -w $USER) + if [ -z "$check_usr" ]; then + new_usr="$current_usr,$USER" + else + new_usr="$current_usr" + fi + fi + + sed -i "s/$web_key='$current_web'/$web_key='$new_web'/g" \ + $VESTA/data/ips/$sip + sed -i "s/$usr_key='$current_usr'/$usr_key='$new_usr'/g" \ + $VESTA/data/ips/$sip + fi +} + +# Decrease ipv6 value +decrease_ipv6_value() { + sip=${1-ipv6} + if [ "$sip" != "no" ] && [ ! -z "$sip" ]; then + USER=$user + web_key='U_WEB_DOMAINS' + usr_key='U_SYS_USERS' + + current_web=$(grep "$web_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') + current_usr=$(grep "$usr_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') + + if [ -z "$current_web" ]; then + check_result $E_PARSING "Parsing error" + fi + + new_web=$((current_web - 1)) + check_ip=$(grep $sip $USER_DATA/web.conf |wc -l) + if [ "$check_ip" -lt 2 ]; then + new_usr=$(echo "$current_usr" |\ + sed "s/,/\n/g"|\ + sed "s/^$user$//g"|\ + sed "/^$/d"|\ + sed ':a;N;$!ba;s/\n/,/g') + else + new_usr="$current_usr" + fi + + sed -i "s/$web_key='$current_web'/$web_key='$new_web'/g" \ + $VESTA/data/ips/$sip + sed -i "s/$usr_key='$current_usr'/$usr_key='$new_usr'/g" \ + $VESTA/data/ips/$sip + fi +} + +# Get ipv6 address value +get_ipv6_value() { + key="$1" + string=$(cat $VESTA/data/ips/$ip) + eval $string + eval value="$key" + echo "$value" +} + + +# Get real ipv6 address +get_real_ipv6() { + if [ -e "$VESTA/data/ips/$1" ]; then + echo $1 + else + nat=$(grep -H "^NAT='$1'" $VESTA/data/ips/*) + if [ ! -z "$nat" ]; then + echo "$nat" |cut -f 1 -d : |cut -f 7 -d / + fi + fi +} + +# Convert CIDR to netmask +convert_cidrv6() { + set -- $(( 5 - ($1 / 8) )) 255 255 255 255 \ + $(((255 << (8 - ($1 % 8))) & 255 )) 0 0 0 + if [[ $1 -gt 1 ]]; then + shift $1 + else + shift + fi + echo ${1-0}.${2-0}.${3-0}.${4-0} +} + +# Convert netmask to CIDR +convert_netmaskv6() { + nbits=0 + IFS=. + for dec in $1 ; do + case $dec in + 255) let nbits+=8;; + 254) let nbits+=7;; + 252) let nbits+=6;; + 248) let nbits+=5;; + 240) let nbits+=4;; + 224) let nbits+=3;; + 192) let nbits+=2;; + 128) let nbits+=1;; + 0);; + esac + done + echo "$nbits" +} + +# Get user ips +get_user_ip6s() { + dedicated=$(grep -H -A10 "OWNER='$user'" $VESTA/data/ips/* |grep "VERSION='6'") + dedicated=$(echo "$dedicated" |cut -f 1 -d '-' |sed 's=.*/==') + shared=$(grep -H -A10 "OWNER='admin'" $VESTA/data/ips/* |grep -A10 shared |grep "VERSION='6'") + shared=$(echo "$shared" |cut -f 1 -d '-' |sed 's=.*/==' |cut -f 1 -d \-) + for dedicated_ip in $dedicated; do + shared=$(echo "$shared" |grep -v $dedicated_ip) + done + echo -e "$dedicated\n$shared" |sed "/^$/d" +} + +# Get user ipv6 +get_user_ipv6() { + ipv6=$(get_user_ip6s |head -n1) + if [ -z "$ipv6" ]; then + ipv6="no" + #check_result $E_NOTEXIST "no IP6 is available" + fi +} + +# Validate ipv6 address +is_ipv6_valid() { + ipv6="$1" + if [ ! -e "$VESTA/data/ips/$1" ]; then + check_result $E_NOTEXIST "IP6 $1 doesn't exist" + fi + if [ ! -z $2 ]; then + ip_data=$(cat $VESTA/data/ips/$1) + ip_owner=$(echo "$ip_data" |grep OWNER= |cut -f2 -d \') + ip_status=$(echo "$ip_data" |grep STATUS= |cut -f2 -d \') + if [ "$ip_owner" != "$user" ] && [ "$ip_status" = 'dedicated' ]; then + check_result $E_FORBIDEN "$user user can't use IP6 $1" + fi + get_user_owner + if [ "$ip_owner" != "$user" ] && [ "$ip_owner" != "$owner" ]; then + check_result $E_FORBIDEN "$user user can't use IP6 $1" + fi + fi +} diff --git a/func/main.sh b/func/main.sh index 10de469a..dd4f282d 100644 --- a/func/main.sh +++ b/func/main.sh @@ -590,6 +590,104 @@ is_ip_format_valid() { fi } +# IPv6 format validator +is_ipv6_format_valid() { + object_name=${2-ip6} + ip_regex='([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])' + t_ip=$(echo $1 |awk -F / '{print $1}') + t_cidr=$(echo $1 |awk -F / '{print $2}') + valid_cidr=1 + + WORD="[0-9A-Fa-f]\{1,4\}" + # flat address, no compressed words + FLAT="^${WORD}\(:${WORD}\)\{7\}$" + + COMP2="^\(${WORD}:\)\{1,1\}\(:${WORD}\)\{1,6\}$" + COMP3="^\(${WORD}:\)\{1,2\}\(:${WORD}\)\{1,5\}$" + COMP4="^\(${WORD}:\)\{1,3\}\(:${WORD}\)\{1,4\}$" + COMP5="^\(${WORD}:\)\{1,4\}\(:${WORD}\)\{1,3\}$" + COMP6="^\(${WORD}:\)\{1,5\}\(:${WORD}\)\{1,2\}$" + COMP7="^\(${WORD}:\)\{1,6\}\(:${WORD}\)\{1,1\}$" + # trailing :: edge case, includes case of only :: (all 0's) + EDGE_TAIL="^\(\(${WORD}:\)\{1,7\}\|:\):$" + # leading :: edge case + EDGE_LEAD="^:\(:${WORD}\)\{1,7\}$" + + echo $t_ip | grep --silent "\(${FLAT}\)\|\(${COMP2}\)\|\(${COMP3}\)\|\(${COMP4}\)\|\(${COMP5}\)\|\(${COMP6}\)\|\(${COMP7}\)\|\(${EDGE_TAIL}\)\|\(${EDGE_LEAD}\)" + if [ $? -ne 0 ]; then + check_result $E_INVALID "invalid $object_name format :: $1" + fi + + if [ ! -z "$(echo $1|grep '/')" ]; then + if [[ "$t_cidr" -lt 0 ]] || [[ "$t_cidr" -gt 128 ]]; then + valid_cidr=0 + fi + if ! [[ "$t_cidr" =~ ^[0-9]+$ ]]; then + valid_cidr=0 + fi + fi + if [ "$valid_cidr" -eq 0 ]; then + check_result $E_INVALID "invalid $object_name format :: $1" + fi +} + +is_ip46_format_valid() { + t_ip=$(echo $1 |awk -F / '{print $1}') + t_cidr=$(echo $1 |awk -F / '{print $2}') + valid_octets=0 + valid_cidr=1 + for octet in ${t_ip//./ }; do + if [[ $octet =~ ^[0-9]{1,3}$ ]] && [[ $octet -le 255 ]]; then + ((++valid_octets)) + fi + done + + if [ ! -z "$(echo $1|grep '/')" ]; then + if [[ "$t_cidr" -lt 0 ]] || [[ "$t_cidr" -gt 32 ]]; then + valid_cidr=0 + fi + if ! [[ "$t_cidr" =~ ^[0-9]+$ ]]; then + valid_cidr=0 + fi + fi + if [ "$valid_octets" -lt 4 ] || [ "$valid_cidr" -eq 0 ]; then + #Check IPV6 + ipv6_valid="" + WORD="[0-9A-Fa-f]\{1,4\}" + # flat address, no compressed words + FLAT="^${WORD}\(:${WORD}\)\{7\}$" + + COMP2="^\(${WORD}:\)\{1,1\}\(:${WORD}\)\{1,6\}$" + COMP3="^\(${WORD}:\)\{1,2\}\(:${WORD}\)\{1,5\}$" + COMP4="^\(${WORD}:\)\{1,3\}\(:${WORD}\)\{1,4\}$" + COMP5="^\(${WORD}:\)\{1,4\}\(:${WORD}\)\{1,3\}$" + COMP6="^\(${WORD}:\)\{1,5\}\(:${WORD}\)\{1,2\}$" + COMP7="^\(${WORD}:\)\{1,6\}\(:${WORD}\)\{1,1\}$" + # trailing :: edge case, includes case of only :: (all 0's) + EDGE_TAIL="^\(\(${WORD}:\)\{1,7\}\|:\):$" + # leading :: edge case + EDGE_LEAD="^:\(:${WORD}\)\{1,7\}$" + + echo $t_ip | grep --silent "\(${FLAT}\)\|\(${COMP2}\)\|\(${COMP3}\)\|\(${COMP4}\)\|\(${COMP5}\)\|\(${COMP6}\)\|\(${COMP7}\)\|\(${EDGE_TAIL}\)\|\(${EDGE_LEAD}\)" + if [ $? -ne 0 ]; then + ipv6_valid="INVALID" + fi + + if [ ! -z "$(echo $1|grep '/')" ]; then + if [[ "$t_cidr" -lt 0 ]] || [[ "$t_cidr" -gt 128 ]]; then + valid_cidr=0 + fi + if ! [[ "$t_cidr" =~ ^[0-9]+$ ]]; then + valid_cidr=0 + fi + fi + + if [ ! -z "$ipv6_valid" ] || [ "$valid_cidr" -eq 0 ]; then + check_result $E_INVALID "invalid IP format :: $1" + fi + fi +} + # Proxy extention format validator is_extention_format_valid() { exclude="[!|#|$|^|&|(|)|+|=|{|}|:|@|<|>|?|/|\|\"|'|;|%|\`| ]" @@ -697,6 +795,9 @@ is_dns_record_format_valid() { if [ "$rtype" = 'A' ]; then is_ip_format_valid "$1" fi + if [ "$rtype" = 'AAAA' ]; then + is_ipv6_format_valid "$1" + fi if [ "$rtype" = 'NS' ]; then is_domain_format_valid "${1::-1}" 'ns_record' fi @@ -894,6 +995,8 @@ is_format_valid() { id) is_int_format_valid "$arg" 'id' ;; interface) is_interface_format_valid "$arg" ;; ip) is_ip_format_valid "$arg" ;; + ipv6) is_ipv6_format_valid "$arg" ;; + ip46) is_ip46_format_valid "$arg" ;; ip_name) is_domain_format_valid "$arg" 'IP name';; ip_status) is_ip_status_format_valid "$arg" ;; job) is_int_format_valid "$arg" 'job' ;; diff --git a/func/rebuild.sh b/func/rebuild.sh index b4a5f73d..7628089c 100644 --- a/func/rebuild.sh +++ b/func/rebuild.sh @@ -149,6 +149,7 @@ rebuild_web_domain_conf() { get_domain_values 'web' is_ip_valid $IP + is_ipv6_valid $IP6 prepare_web_domain_values # Rebuilding domain directories @@ -238,6 +239,7 @@ rebuild_web_domain_conf() { format_domain_idn cat $WEBTPL/$STATS/$STATS.tpl |\ sed -e "s|%ip%|$local_ip|g" \ + -e "s|%ipv6%|$ipv6|g" \ -e "s|%web_system%|$WEB_SYSTEM|g" \ -e "s|%domain_idn%|$domain_idn|g" \ -e "s|%domain%|$domain|g" \ @@ -360,8 +362,9 @@ rebuild_dns_domain_conf() { # Checking zone file if [ ! -e "$USER_DATA/dns/$domain.conf" ]; then - cat $DNSTPL/$TPL.tpl |\ + cat $DNSTPL/$TPL.tpl | grep -v '%ip' |\ sed -e "s/%ip%/$IP/g" \ + -e "s/%ipv6%/$IP6/g" \ -e "s/%domain_idn%/$domain_idn/g" \ -e "s/%domain%/$domain/g" \ -e "s/%ns1%/$ns1/g" \ @@ -370,6 +373,33 @@ rebuild_dns_domain_conf() { -e "s/%ns4%/$ns4/g" \ -e "s/%time%/$TIME/g" \ -e "s/%date%/$DATE/g" > $USER_DATA/dns/$domain.conf + if [ ! -z $IP ] && [ "$IP" != "no" ]; then + cat $DNSTPL/$TPL.tpl |grep "%ip%" |\ + sed -e "s/%ip%/$IP/g" \ + -e "s/%ipv6%/$IP6/g" \ + -e "s/%domain_idn%/$domain_idn/g" \ + -e "s/%domain%/$domain/g" \ + -e "s/%ns1%/$ns1/g" \ + -e "s/%ns2%/$ns2/g" \ + -e "s/%ns3%/$ns3/g" \ + -e "s/%ns4%/$ns4/g" \ + -e "s/%time%/$TIME/g" \ + -e "s/%date%/$DATE/g" >> $USER_DATA/dns/$domain.conf + fi + + if [ ! -z $IP6 ] && [ "$IP6" != "no" ]; then + cat $DNSTPL/$TPL.tpl |grep "%ipv6%" |\ + sed -e "s/%ip%/$IP/g" \ + -e "s/%ipv6%/$IP6/g" \ + -e "s/%domain_idn%/$domain_idn/g" \ + -e "s/%domain%/$domain/g" \ + -e "s/%ns1%/$ns1/g" \ + -e "s/%ns2%/$ns2/g" \ + -e "s/%ns3%/$ns3/g" \ + -e "s/%ns4%/$ns4/g" \ + -e "s/%time%/$TIME/g" \ + -e "s/%date%/$DATE/g" >> $USER_DATA/dns/$domain.conf + fi fi # Sorting records diff --git a/install/debian/7/firewallv6/ports.conf b/install/debian/7/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/debian/7/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/debian/7/firewallv6/rules.conf b/install/debian/7/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/debian/7/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/debian/7/templates/dns/child-ns.tpl b/install/debian/7/templates/dns/child-ns.tpl index 42c046e4..ca02e4e5 100755 --- a/install/debian/7/templates/dns/child-ns.tpl +++ b/install/debian/7/templates/dns/child-ns.tpl @@ -10,5 +10,12 @@ ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%tim ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ip6:%ipv6% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none;"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='ns1' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='ns2' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/7/templates/dns/default.tpl b/install/debian/7/templates/dns/default.tpl index e0a37e62..3fbff5ac 100755 --- a/install/debian/7/templates/dns/default.tpl +++ b/install/debian/7/templates/dns/default.tpl @@ -14,5 +14,11 @@ ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%ti ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='16' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ip6:%ipv6% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='18' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='22' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='23' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' + diff --git a/install/debian/7/templates/dns/gmail.tpl b/install/debian/7/templates/dns/gmail.tpl index 219c9d24..15028a39 100755 --- a/install/debian/7/templates/dns/gmail.tpl +++ b/install/debian/7/templates/dns/gmail.tpl @@ -9,4 +9,9 @@ ID='8' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPEN ID='9' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT3.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='11' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT4.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ip6:%ipv6% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/8/firewallv6/ports.conf b/install/debian/8/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/debian/8/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/debian/8/firewallv6/rules.conf b/install/debian/8/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/debian/8/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/debian/8/templates/dns/child-ns.tpl b/install/debian/8/templates/dns/child-ns.tpl index 42c046e4..ca02e4e5 100755 --- a/install/debian/8/templates/dns/child-ns.tpl +++ b/install/debian/8/templates/dns/child-ns.tpl @@ -10,5 +10,12 @@ ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%tim ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ip6:%ipv6% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none;"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='ns1' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='ns2' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/8/templates/dns/default.tpl b/install/debian/8/templates/dns/default.tpl index e0a37e62..3fbff5ac 100755 --- a/install/debian/8/templates/dns/default.tpl +++ b/install/debian/8/templates/dns/default.tpl @@ -14,5 +14,11 @@ ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%ti ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='16' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ip6:%ipv6% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='18' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='22' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='23' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' + diff --git a/install/debian/8/templates/dns/gmail.tpl b/install/debian/8/templates/dns/gmail.tpl index 219c9d24..15028a39 100755 --- a/install/debian/8/templates/dns/gmail.tpl +++ b/install/debian/8/templates/dns/gmail.tpl @@ -9,4 +9,9 @@ ID='8' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPEN ID='9' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT3.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='11' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT4.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ip6:%ipv6% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/rhel/5/dovecot/dovecot.conf b/install/rhel/5/dovecot/dovecot.conf index 544d851e..07f0d900 100644 --- a/install/rhel/5/dovecot/dovecot.conf +++ b/install/rhel/5/dovecot/dovecot.conf @@ -1,3 +1,4 @@ +listen = *, :: protocols = imap imaps pop3 pop3s log_path = /var/log/dovecot.log ssl_cert_file = /usr/local/vesta/ssl/certificate.crt diff --git a/install/rhel/5/firewallv6/ports.conf b/install/rhel/5/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/rhel/5/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/rhel/5/firewallv6/rules.conf b/install/rhel/5/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/rhel/5/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/rhel/5/named/named.conf b/install/rhel/5/named/named.conf index 472bd829..38c1b6c0 100644 --- a/install/rhel/5/named/named.conf +++ b/install/rhel/5/named/named.conf @@ -6,6 +6,7 @@ options { version "get lost"; allow-transfer {"none";}; recursion no; + listen-on-v6 { any; }; }; diff --git a/install/rhel/6/dovecot/dovecot.conf b/install/rhel/6/dovecot/dovecot.conf index b44bd6a8..0a855351 100644 --- a/install/rhel/6/dovecot/dovecot.conf +++ b/install/rhel/6/dovecot/dovecot.conf @@ -1,4 +1,4 @@ protocols = imap pop3 -listen = * +listen = *, :: base_dir = /var/run/dovecot/ !include conf.d/*.conf diff --git a/install/rhel/6/firewallv6/ports.conf b/install/rhel/6/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/rhel/6/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/rhel/6/firewallv6/rules.conf b/install/rhel/6/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/rhel/6/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/rhel/6/named/named.conf b/install/rhel/6/named/named.conf index 472bd829..38c1b6c0 100644 --- a/install/rhel/6/named/named.conf +++ b/install/rhel/6/named/named.conf @@ -6,6 +6,7 @@ options { version "get lost"; allow-transfer {"none";}; recursion no; + listen-on-v6 { any; }; }; diff --git a/install/rhel/7/dovecot/dovecot.conf b/install/rhel/7/dovecot/dovecot.conf index b44bd6a8..0a855351 100644 --- a/install/rhel/7/dovecot/dovecot.conf +++ b/install/rhel/7/dovecot/dovecot.conf @@ -1,4 +1,4 @@ protocols = imap pop3 -listen = * +listen = *, :: base_dir = /var/run/dovecot/ !include conf.d/*.conf diff --git a/install/rhel/7/fail2ban/filter.d/vesta-ipv6.conf b/install/rhel/7/fail2ban/filter.d/vesta-ipv6.conf new file mode 100644 index 00000000..69670a56 --- /dev/null +++ b/install/rhel/7/fail2ban/filter.d/vesta-ipv6.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/rhel/7/firewallv6/ports.conf b/install/rhel/7/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/rhel/7/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/rhel/7/firewallv6/rules.conf b/install/rhel/7/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/rhel/7/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/rhel/7/named/named.conf b/install/rhel/7/named/named.conf index 472bd829..38c1b6c0 100644 --- a/install/rhel/7/named/named.conf +++ b/install/rhel/7/named/named.conf @@ -6,6 +6,7 @@ options { version "get lost"; allow-transfer {"none";}; recursion no; + listen-on-v6 { any; }; }; diff --git a/install/ubuntu/12.04/firewallv6/ports.conf b/install/ubuntu/12.04/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/12.04/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/12.04/firewallv6/rules.conf b/install/ubuntu/12.04/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/12.04/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/ubuntu/12.10/firewallv6/ports.conf b/install/ubuntu/12.10/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/12.10/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/12.10/firewallv6/rules.conf b/install/ubuntu/12.10/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/12.10/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/ubuntu/13.04/firewallv6/ports.conf b/install/ubuntu/13.04/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/13.04/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/13.04/firewallv6/rules.conf b/install/ubuntu/13.04/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/13.04/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/ubuntu/13.10/firewallv6/ports.conf b/install/ubuntu/13.10/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/13.10/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/13.10/firewallv6/rules.conf b/install/ubuntu/13.10/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/13.10/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/ubuntu/14.04/firewallv6/ports.conf b/install/ubuntu/14.04/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/14.04/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/14.04/firewallv6/rules.conf b/install/ubuntu/14.04/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/14.04/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/ubuntu/14.10/firewallv6/ports.conf b/install/ubuntu/14.10/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/14.10/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/14.10/firewallv6/rules.conf b/install/ubuntu/14.10/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/14.10/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/ubuntu/15.04/firewallv6/ports.conf b/install/ubuntu/15.04/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/15.04/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/15.04/firewallv6/rules.conf b/install/ubuntu/15.04/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/15.04/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/ubuntu/15.10/firewallv6/ports.conf b/install/ubuntu/15.10/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/15.10/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/15.10/firewallv6/rules.conf b/install/ubuntu/15.10/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/15.10/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/ubuntu/16.04/firewallv6/ports.conf b/install/ubuntu/16.04/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/16.04/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/16.04/firewallv6/rules.conf b/install/ubuntu/16.04/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/16.04/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/ubuntu/16.10/firewallv6/ports.conf b/install/ubuntu/16.10/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/16.10/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/16.10/firewallv6/rules.conf b/install/ubuntu/16.10/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/16.10/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 9ba1a2ec..9aa53d3a 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1083,6 +1083,11 @@ sed -i 's/%domain%/It worked!/g' /var/www/index.html echo "== Copying firewall rules" cp -rf $vestacp/firewall $VESTA/data/ +# Downloading firewallv6 rules +wget $vestacp/firewallv6.tar.gz -O firewallv6.tar.gz +tar -xzf firewallv6.tar.gz +rm -f firewallv6.tar.gz + echo "== Configuring server hostname: $servername" $VESTA/bin/v-change-sys-hostname $servername 2>/dev/null @@ -1712,6 +1717,14 @@ chown admin:admin $VESTA/data/sessions echo "== Configuring system ips (this can take a few minutes, relax)" $VESTA/bin/v-update-sys-ip +echo "== Get main ipv6" +ipv6=$(ip addr show | sed -e's/^.*inet6 \([^ ]*\)\/.*$/\1/;t;d' | grep -ve "^fe80" | tail -1) +if [ ! -z "$ipv6" ] && [ "::1" != "$ipv6" ]; then + netmask="ip addr show | grep '$ipv6' | awk -F '/' '{print $2}' | awk '{print $1}'" + netmask=$(eval $netmask) + $VESTA/bin/v-add-sys-ipv6 $ipv6 $netmask +fi + echo "== Get main ip" ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) local_ip=$ip @@ -1730,6 +1743,7 @@ fi if [ "$iptables" = 'yes' ]; then echo "== Firewall configuration" $VESTA/bin/v-update-firewall + $VESTA/bin/v-update-firewall-ipv6 fi echo "== Get public ip" diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index f3aa6549..cd4cd596 100644 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -648,7 +648,6 @@ check_result $? "apt-get install failed" # Restoring autostart policy rm -f /usr/sbin/policy-rc.d - #----------------------------------------------------------# # Configure system # #----------------------------------------------------------# @@ -821,6 +820,11 @@ sed -i 's/%domain%/It worked!/g' /var/www/index.html # Installing firewall rules cp -rf $vestacp/firewall $VESTA/data/ +# Downloading firewall rules +wget $vestacp/firewallv6.tar.gz -O firewallv6.tar.gz +tar -xzf firewallv6.tar.gz +rm -f firewallv6.tar.gz + # Configuring server hostname $VESTA/bin/v-change-sys-hostname $servername 2>/dev/null @@ -1263,12 +1267,21 @@ $VESTA/bin/v-change-user-language admin $lang # Configuring system IPs $VESTA/bin/v-update-sys-ip +# Get main ipv6 +ipv6=$(ip addr show | sed -e's/^.*inet6 \([^ ]*\)\/.*$/\1/;t;d' | grep -ve "^fe80" | tail -1) +if [ ! -z "$ipv6" ] && [ "::1" != "$ipv6" ]; then + netmask="ip addr show | grep '$ipv6' | awk -F '/' '{print $2}' | awk '{print $1}'" + netmask=$(eval $netmask) + $VESTA/bin/v-add-sys-ipv6 $ipv6 $netmask +fi + # Get main IP ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) # Configuring firewall if [ "$iptables" = 'yes' ]; then $VESTA/bin/v-update-firewall + $VESTA/bin/v-update-firewall-ipv6 fi # Get public IP diff --git a/upd/add_ipv6.sh b/upd/add_ipv6.sh new file mode 100644 index 00000000..9faf6a30 --- /dev/null +++ b/upd/add_ipv6.sh @@ -0,0 +1,68 @@ +#!/bin/bash +source /etc/profile.d/vesta.sh +source /usr/local/vesta/func/main.sh + +#Download firewallv6 templates +if [ ! -e "$VESTA/data/firewallv6" ]; then + mkdir -p $VESTA/data/firewallv6 + chmod 770 $VESTA/data/firewallv6 + + cp $VESTA/install/rhel/6/firewallv6/* \ + $VESTA/data/firewallv6/ + chmod 660 $VESTA/data/firewallv6/* + +fi + +#download new templates +$BIN/v-update-web-templates +$BIN/v-update-dns-templates + +#testing +#rm -rf /usr/local/vesta/data/templates/* +# cp -rf /usr/local/vesta/install/rhel/7/templates/* /usr/local/vesta/data/templates/es/ + +#set IPv4 version +iplist=$(ls --sort=time $VESTA/data/ips/) +for ip in $iplist; do + echo "VERSION='4'" >> $VESTA/data/ips/$ip +done + +#Add IP6 field +ipv6=$(ip addr show | sed -e's/^.*inet6 \([^ ]*\)\/.*$/\1/;t;d' | grep -ve "^fe80" | tail -1) +ipv6use="" +if [ ! -z "$ipv6" ] && [ "::1" != "$ipv6" ]; then + netmask="ip addr show | grep '$ipv6' | awk -F '/' '{print \$2}' | awk '{print \$1}'" + netmask=$(eval $netmask) + $BIN/v-add-sys-ipv6 $ipv6 $netmask + $BIN/v-update-firewall-ipv6 + ipv6use=$ipv6 +fi + +#set IPv6 +userlist=$(ls --sort=time $VESTA/data/users/) +for user in $userlist; do + USER_DATA="$VESTA/data/users/$user" + + #UPDATE WEB + conf="$USER_DATA/web.conf" + while read line ; do + eval $line + update_object_value 'web' 'DOMAIN' "$DOMAIN" '$IP6' "$ipv6use" + done < $conf + + #UPDATE DNS + conf="$USER_DATA/dns.conf" + while read line ; do + eval $line + if [ "$(echo $line | grep 'IP6=')" == "" ]; then + sed -i "s/DOMAIN='$DOMAIN' IP='$IP'/DOMAIN='$DOMAIN' IP='$IP' IP6='$ipv6use'/g" "$conf" + else + update_object_value 'dns' 'DOMAIN' "$DOMAIN" '$IP6' "$ipv6use" + fi + done < $conf + $BIN/v-rebuild-user $user +done + +$BIN/v-update-sys-ip-counters + +$BIN/v-add-user-notification admin "IPv6 support" "Your vesta installation supports IPv6!" diff --git a/web/add/firewallv6/banlist/index.php b/web/add/firewallv6/banlist/index.php new file mode 100644 index 00000000..ba425df8 --- /dev/null +++ b/web/add/firewallv6/banlist/index.php @@ -0,0 +1,55 @@ + $error) { + if ( $i == 0 ) { + $error_msg = $error; + } else { + $error_msg = $error_msg.", ".$error; + } + } + $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg); + } + + // Protect input + $v_chain = escapeshellarg($_POST['v_chain']); + $v_ipv6 = escapeshellarg($_POST['v_ipv6']); + + // Add firewall ban + if (empty($_SESSION['error_msg'])) { + exec (VESTA_CMD."v-add-firewall-ipv6-ban ".$v_ipv6." ".$v_chain, $output, $return_var); + check_return_code($return_var,$output); + unset($output); + } + + // Flush field values on success + if (empty($_SESSION['error_msg'])) { + $_SESSION['ok_msg'] = __('BANLIST_CREATED_OK'); + unset($v_ip); + } +} + +// Render +render_page($user, $TAB, 'add_firewall_ipv6_banlist'); + +// Flush session messages +unset($_SESSION['error_msg']); +unset($_SESSION['ok_msg']); diff --git a/web/add/firewallv6/index.php b/web/add/firewallv6/index.php new file mode 100644 index 00000000..dbc46dd5 --- /dev/null +++ b/web/add/firewallv6/index.php @@ -0,0 +1,71 @@ + $error) { + if ( $i == 0 ) { + $error_msg = $error; + } else { + $error_msg = $error_msg.", ".$error; + } + } + $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg); + } + + // Protect input + $v_action = escapeshellarg($_POST['v_action']); + $v_protocol = escapeshellarg($_POST['v_protocol']); + $v_port = str_replace(" ",",", $_POST['v_port']); + $v_port = preg_replace('/\,+/', ',', $v_port); + $v_port = trim($v_port, ","); + $v_port = escapeshellarg($v_port); + $v_ipv6 = escapeshellarg($_POST['v_ipv6']); + $v_comment = escapeshellarg($_POST['v_comment']); + + // Add firewall rule + if (empty($_SESSION['error_msg'])) { + exec (VESTA_CMD."v-add-firewall-ipv6-rule ".$v_action." ".$v_ipv6." ".$v_port." ".$v_protocol." ".$v_comment, $output, $return_var); + check_return_code($return_var,$output); + unset($output); + } + + // Flush field values on success + if (empty($_SESSION['error_msg'])) { + $_SESSION['ok_msg'] = __('RULE_CREATED_OK'); + unset($v_port); + unset($v_ip); + unset($v_comment); + } +} + +// Render +render_page($user, $TAB, 'add_firewall_ipv6'); + +// Flush session messages +unset($_SESSION['error_msg']); +unset($_SESSION['ok_msg']); diff --git a/web/add/ip/index.php b/web/add/ip/index.php index 73f56b38..dffe1437 100644 --- a/web/add/ip/index.php +++ b/web/add/ip/index.php @@ -26,6 +26,7 @@ if (!empty($_POST['ok'])) { if (empty($_POST['v_netmask'])) $errors[] = __('netmask'); if (empty($_POST['v_interface'])) $errors[] = __('interface'); if (empty($_POST['v_owner'])) $errors[] = __('assigned user'); + if (empty($_POST['v_version'])) $errors[] = __('version'); if (!empty($errors[0])) { foreach ($errors as $i => $error) { if ( $i == 0 ) { @@ -45,6 +46,7 @@ if (!empty($_POST['ok'])) { $v_interface = escapeshellarg($_POST['v_interface']); $v_owner = escapeshellarg($_POST['v_owner']); $v_shared = $_POST['v_shared']; + $v_version = $_POST['v_version']; // Check shared checkmark if ($v_shared == 'on') { @@ -57,7 +59,11 @@ if (!empty($_POST['ok'])) { // Add IP if (empty($_SESSION['error_msg'])) { - exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." ".$ip_status." ".$v_name." ".$v_nat, $output, $return_var); + if($v_version == "6") { + exec (VESTA_CMD."v-add-sys-ipv6 ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." '".$ip_status."' ".$v_name." ".$v_nat, $output, $return_var); + } else { + exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." '".$ip_status."' ".$v_name." ".$v_nat, $output, $return_var); + } check_return_code($return_var,$output); unset($output); $v_owner = $_POST['v_owner']; diff --git a/web/add/web/index.php b/web/add/web/index.php index d77b8f40..f068c961 100644 --- a/web/add/web/index.php +++ b/web/add/web/index.php @@ -18,6 +18,7 @@ if (!empty($_POST['ok'])) { // Check for empty fields if (empty($_POST['v_domain'])) $errors[] = __('domain'); if (empty($_POST['v_ip'])) $errors[] = __('ip'); + if (empty($_POST['v_ipv6'])) $errors[] = __('ipv6'); if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_crt']))&& (empty($_POST['v_letsencrypt']))) $errors[] = __('ssl certificate'); if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_key']))&& (empty($_POST['v_letsencrypt']))) $errors[] = __('ssl key'); if (!empty($errors[0])) { @@ -46,18 +47,24 @@ if (!empty($_POST['ok'])) { // Define domain ip address $v_ip = escapeshellarg($_POST['v_ip']); + $v_ipv6 = escapeshellarg($_POST['v_ipv6']); // Using public IP instead of internal IP when creating DNS // Gets public IP from 'v-list-user-ips' command (that reads /vesta/data/ips/ip), precisely from 'NAT' field $v_public_ip = $v_ip; $v_clean_ip = $_POST['v_ip']; // clean_ip = IP without quotas - exec (VESTA_CMD."v-list-user-ips ".$user." json", $output, $return_var); + exec (VESTA_CMD."v-list-user-ips ".$user." json 4", $output, $return_var); $ips = json_decode(implode('', $output), true); unset($output); if (isset($ips[$v_clean_ip]) && isset($ips[$v_clean_ip]['NAT']) && trim($ips[$v_clean_ip]['NAT'])!='') { $v_public_ip = trim($ips[$v_clean_ip]['NAT']); $v_public_ip = escapeshellarg($v_public_ip); } + + $v_clean_ip = $_POST['v_ipv6']; // clean_ip = IP without quotas + exec (VESTA_CMD."v-list-user-ips ".$user." json 6", $output, $return_var); + $ip6s = json_decode(implode('', $output), true); + unset($output); // Define domain aliases $v_aliases = $_POST['v_aliases']; @@ -118,25 +125,25 @@ if (!empty($_POST['ok'])) { // Add web domain if (empty($_SESSION['error_msg'])) { - exec (VESTA_CMD."v-add-web-domain ".$user." ".$v_domain." ".$v_ip." no ".$aliases." ".$proxy_ext, $output, $return_var); + exec (VESTA_CMD."v-add-web-domain ".$user." ".$v_domain." ".$v_ip." ".$v_ipv6." 'no' ".$aliases." ".$proxy_ext, $output, $return_var); check_return_code($return_var,$output); unset($output); $domain_added = empty($_SESSION['error_msg']); } - + // Add DNS domain if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_public_ip." '' '' '' '' '' '' '' '' no", $output, $return_var); + exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_public_ip." ".$v_ipv6." '' '' '' '' '' '' '' '' 'no'", $output, $return_var); check_return_code($return_var,$output); unset($output); } - + // Add DNS for domain aliases if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) { foreach ($aliases_arr as $alias) { if ($alias != "www.".$_POST['v_domain']) { $alias = escapeshellarg($alias); - exec (VESTA_CMD."v-add-dns-on-web-alias ".$user." ".$alias." ".$v_ip." no", $output, $return_var); + exec (VESTA_CMD."v-add-dns-on-web-alias ".$user." ".$alias." ".$v_ip." ".$v_ipv6." 'no'", $output, $return_var); check_return_code($return_var,$output); unset($output); } @@ -351,10 +358,14 @@ $v_ftp_user_prepath = $panel[$user]['HOME'] . "/web"; $v_ftp_email = $panel[$user]['CONTACT']; // List IP addresses -exec (VESTA_CMD."v-list-user-ips ".$user." json", $output, $return_var); +exec (VESTA_CMD."v-list-user-ips ".$user." json 4", $output, $return_var); $ips = json_decode(implode('', $output), true); unset($output); +exec (VESTA_CMD."v-list-user-ips ".$user." json 6", $output, $return_var); +$ip6s = json_decode(implode('', $output), true); +unset($output); + // List web stat engines exec (VESTA_CMD."v-list-web-stats json", $output, $return_var); $stats = json_decode(implode('', $output), true); diff --git a/web/bulk/firewallv6/banlist/index.php b/web/bulk/firewallv6/banlist/index.php new file mode 100644 index 00000000..5a3ae44e --- /dev/null +++ b/web/bulk/firewallv6/banlist/index.php @@ -0,0 +1,38 @@ + +
+
+ + → ".htmlentities($_SESSION['error_msg']).""; + } else { + if (!empty($_SESSION['ok_msg'])) { + echo " → ".$_SESSION['ok_msg'].""; + } + } + ?> +
+
+ + +
+ + +
+ +
+ + + + + + + + +
+ + +
+ 		+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ +
+ +
+ +
+ () +
+ "> +
+ () +
+ "> +
+ () +
+ "> +
+ + + + + +
+ + + +
+
+ + +
\ No newline at end of file diff --git a/web/templates/admin/add_firewall_ipv6_banlist.html b/web/templates/admin/add_firewall_ipv6_banlist.html new file mode 100644 index 00000000..76b09726 --- /dev/null +++ b/web/templates/admin/add_firewall_ipv6_banlist.html @@ -0,0 +1,86 @@ +
+
+
+ + → ".htmlentities($_SESSION['error_msg']).""; + } else { + if (!empty($_SESSION['ok_msg'])) { + echo " → ".$_SESSION['ok_msg'].""; + } + } + ?> +
+
+
+ +
+ + +
+ + + + + + + + + + +
+ + +
+ 		+ + + + + + + + + + + + + +
+ +
+ +
+ () +
+ "> +
+ + + + + +
+ + + +
+
+ +
diff --git a/web/templates/admin/add_ip.html b/web/templates/admin/add_ip.html index 89653389..7f63d9d5 100644 --- a/web/templates/admin/add_ip.html +++ b/web/templates/admin/add_ip.html @@ -78,6 +78,19 @@ + + + + + + + + + + diff --git a/web/templates/admin/add_web.html b/web/templates/admin/add_web.html index 77e72239..df81001d 100644 --- a/web/templates/admin/add_web.html +++ b/web/templates/admin/add_web.html @@ -50,19 +50,19 @@ - "> + "> - + + + + + + + + + + + diff --git a/web/templates/admin/edit_dns.html b/web/templates/admin/edit_dns.html index 812de9a9..b2912d61 100644 --- a/web/templates/admin/edit_dns.html +++ b/web/templates/admin/edit_dns.html @@ -63,7 +63,17 @@ - "> + "> + + + + + + + + + + "> diff --git a/web/templates/admin/edit_firewall_ipv6.html b/web/templates/admin/edit_firewall_ipv6.html new file mode 100644 index 00000000..cbf0af99 --- /dev/null +++ b/web/templates/admin/edit_firewall_ipv6.html @@ -0,0 +1,121 @@ +
+
+
+ + → ".htmlentities($_SESSION['error_msg']).""; + } else { + if (!empty($_SESSION['ok_msg'])) { + echo " → ".$_SESSION['ok_msg'].""; + } + } + ?> +
+
+
+ +
+ + +
+ + + + + + + + + + +
+ + + + + +
+
+ +
+ 		+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ +
+ +
+ +
+ () +
+ "> +
+ () +
+ "> +
+ () +
+ "> +
+ + + + + +
+ + + +
+
+ +
diff --git a/web/templates/admin/edit_ip.html b/web/templates/admin/edit_ip.html index b4306993..ee73cdb2 100644 --- a/web/templates/admin/edit_ip.html +++ b/web/templates/admin/edit_ip.html @@ -77,6 +77,19 @@ " disabled> + + + + + + + + + + diff --git a/web/templates/admin/edit_web.html b/web/templates/admin/edit_web.html index b0d79d25..4ac155cd 100644 --- a/web/templates/admin/edit_web.html +++ b/web/templates/admin/edit_web.html @@ -66,15 +66,34 @@ + + + + + + + + + + diff --git a/web/templates/admin/list_dns.html b/web/templates/admin/list_dns.html index 57a0d57e..0529d9d8 100644 --- a/web/templates/admin/list_dns.html +++ b/web/templates/admin/list_dns.html @@ -37,7 +37,7 @@ - : + : @@ -153,8 +153,8 @@ sort-expire="" sort-records=" -
-
+
+
@@ -175,6 +175,17 @@ sort-expire="" sort-records=" + + +
+
+
+ + + + + + +
+ +
+ + + +
+ $value) { + ++$i; + if ($data[$key]['SUSPENDED'] == 'yes') { + $status = 'suspended'; + $spnd_action = 'unsuspend' ; + $spnd_confirmation = 'UNSUSPEND_RULE_CONFIRMATION' ; + } else { + $status = 'active'; + $spnd_action = 'suspend' ; + $spnd_confirmation = 'SUSPEND_RULE_CONFIRMATION' ; + } + ?> + +
+
+
+ + +
+ +
+
+
 ↵
+
+ + + + + +  S +
+
+ + + + + +  Del +
+ +
+ +
+ +
+ + +
+
+
+ +
+
+ +
+
+
+
+
+
+
+
+ +
+ +
+ + + + + +
+ +
+
+
+
+
+ +
+
+ +
+
+
+
diff --git a/web/templates/admin/list_firewall_ipv6_banlist.html b/web/templates/admin/list_firewall_ipv6_banlist.html new file mode 100644 index 00000000..5f3bc43d --- /dev/null +++ b/web/templates/admin/list_firewall_ipv6_banlist.html @@ -0,0 +1,121 @@ +
+
+ + +
+ + + + + + +
+
+ + + +
+ 		+ + + +
+ +
+ +
+ +
+
+
+ +
+ +
+ + + +
+ $value) { + ++$i; + list($ip,$chain) = explode(":",$key); + + ?> + +
+
+
+ + +
+ +
+
+
+ + + + + +  Del +
+ +
+ +
+ +
+ + +
+ +
+
+
 
+
+
+
+
+ +
+ +
+ + + + + +
+ +
+
+
+
+
+ +
+
+ 1) { + echo __('%s IPv6 addresses',$i); + } + ?> +
+
+ +
+
+
+
diff --git a/web/templates/admin/list_ip.html b/web/templates/admin/list_ip.html index 006fa74d..7b667ef5 100644 --- a/web/templates/admin/list_ip.html +++ b/web/templates/admin/list_ip.html @@ -162,6 +162,20 @@ sort-owner="" sort-star=" + + +
+
+
+
+
+ + + + + + + diff --git a/web/templates/admin/list_user.html b/web/templates/admin/list_user.html index 0bcbddd7..94ee463b 100644 --- a/web/templates/admin/list_user.html +++ b/web/templates/admin/list_user.html @@ -323,6 +323,13 @@ sort-bandwidth="" sort-disk=" +
+
:
+
+ +
+
+ diff --git a/web/templates/admin/list_web.html b/web/templates/admin/list_web.html index 5bb2d868..8c43f2d2 100644 --- a/web/templates/admin/list_web.html +++ b/web/templates/admin/list_web.html @@ -118,7 +118,7 @@ ?>
@@ -179,6 +179,7 @@ sort-name="" sort-bandwidth="" sort-dis
+ -
diff --git a/web/templates/user/edit_dns.html b/web/templates/user/edit_dns.html index 78ef084a..458f9274 100644 --- a/web/templates/user/edit_dns.html +++ b/web/templates/user/edit_dns.html @@ -63,7 +63,17 @@ - "> + "> + + + + + + + + + + "> diff --git a/web/templates/user/edit_web.html b/web/templates/user/edit_web.html index f17d95bd..cdc61f9d 100644 --- a/web/templates/user/edit_web.html +++ b/web/templates/user/edit_web.html @@ -66,9 +66,29 @@ + + + + + + + + + +