From b907bea69e338ad8cf082217ef9c63b0d19a4b3a Mon Sep 17 00:00:00 2001 From: madeITBelgium Date: Sat, 21 Jan 2017 12:37:48 -0500 Subject: [PATCH 01/12] IPv6 Support --- bin/v-add-dns-domain | 72 +++--- bin/v-add-dns-on-web-alias | 33 ++- bin/v-add-domain | 26 +- bin/v-add-firewall-ipv6-ban | 83 +++++++ bin/v-add-firewall-ipv6-chain | 86 +++++++ bin/v-add-firewall-ipv6-rule | 94 ++++++++ bin/v-add-sys-firewall | 8 +- bin/v-add-sys-ip | 6 +- bin/v-add-sys-ipv6 | 188 +++++++++++++++ bin/v-add-user | 4 + bin/v-add-web-domain | 53 +++- bin/v-add-web-domain-alias | 1 + bin/v-add-web-domain-proxy | 1 + bin/v-add-web-domain-ssl | 1 + bin/v-add-web-domain-stats | 1 + bin/v-change-dns-domain-ip | 35 ++- bin/v-change-dns-domain-ipv6 | 110 +++++++++ bin/v-change-dns-domain-tpl | 1 + bin/v-change-domain-owner | 5 + bin/v-change-firewall-ipv6-rule | 85 +++++++ bin/v-change-sys-ip-name | 4 +- bin/v-change-sys-ipv6-name | 48 ++++ bin/v-change-sys-ipv6-owner | 81 +++++++ bin/v-change-sys-ipv6-status | 56 +++++ bin/v-change-user-package | 2 + bin/v-change-web-domain-backend-tpl | 1 + bin/v-change-web-domain-ip | 81 +++++-- bin/v-change-web-domain-ipv6 | 138 +++++++++++ bin/v-change-web-domain-name | 1 + bin/v-change-web-domain-proxy-tpl | 1 + bin/v-change-web-domain-stats | 1 + bin/v-change-web-domain-tpl | 1 + bin/v-delete-dns-on-web-alias | 24 +- bin/v-delete-dns-record | 2 +- bin/v-delete-firewall-ipv6-ban | 64 +++++ bin/v-delete-firewall-ipv6-chain | 66 +++++ bin/v-delete-firewall-ipv6-rule | 51 ++++ bin/v-delete-sys-firewall | 1 + bin/v-delete-sys-ipv6 | 149 ++++++++++++ bin/v-delete-user | 3 + bin/v-delete-web-domain | 60 +++-- bin/v-delete-web-domain-alias | 1 + bin/v-delete-web-domain-proxy | 2 +- bin/v-list-dns-domain | 8 +- bin/v-list-dns-domains | 13 +- bin/v-list-firewall-ipv6 | 96 ++++++++ bin/v-list-firewall-ipv6-ban | 90 +++++++ bin/v-list-firewall-ipv6-rule | 88 +++++++ bin/v-list-sys-ip | 12 +- bin/v-list-sys-ips | 15 +- bin/v-list-user | 14 +- bin/v-list-user-ips | 52 ++-- bin/v-list-users | 2 + bin/v-list-web-domains | 6 +- bin/v-rebuild-web-domains | 1 + bin/v-restart-service | 6 + bin/v-restore-user | 22 +- bin/v-stop-firewall-ipv6 | 80 +++++++ bin/v-suspend-firewall-ipv6-rule | 49 ++++ bin/v-unsuspend-firewall-ipv6-rule | 49 ++++ bin/v-update-firewall | 5 +- bin/v-update-firewall-ipv6 | 192 +++++++++++++++ bin/v-update-user-counters | 29 ++- bin/v-update-user-stats | 6 +- func/domain.sh | 226 +++++++++++++++--- func/ip.sh | 110 +++++---- func/ipv6.sh | 223 +++++++++++++++++ func/main.sh | 105 +++++++- func/rebuild.sh | 32 ++- install/debian/7/firewallv6/ports.conf | 17 ++ install/debian/7/firewallv6/rules.conf | 11 + install/debian/7/templates/dns/child-ns.tpl | 9 +- install/debian/7/templates/dns/default.tpl | 7 +- install/debian/7/templates/dns/gmail.tpl | 6 +- install/debian/8/firewallv6/ports.conf | 17 ++ install/debian/8/firewallv6/rules.conf | 11 + install/debian/8/templates/dns/child-ns.tpl | 9 +- install/debian/8/templates/dns/default.tpl | 7 +- install/debian/8/templates/dns/gmail.tpl | 6 +- install/rhel/5/firewallv6/ports.conf | 17 ++ install/rhel/5/firewallv6/rules.conf | 11 + install/rhel/5/templates/dns/child-ns.tpl | 9 +- install/rhel/5/templates/dns/default.tpl | 7 +- install/rhel/5/templates/dns/gmail.tpl | 6 +- install/rhel/6/firewallv6/ports.conf | 17 ++ install/rhel/6/firewallv6/rules.conf | 11 + install/rhel/6/templates/dns/child-ns.tpl | 9 +- install/rhel/6/templates/dns/default.tpl | 7 +- install/rhel/6/templates/dns/gmail.tpl | 6 +- .../rhel/7/fail2ban/filter.d/vesta-ipv6.conf | 10 + install/rhel/7/firewallv6/ports.conf | 17 ++ install/rhel/7/firewallv6/rules.conf | 11 + install/rhel/7/templates/dns/child-ns.tpl | 9 +- install/rhel/7/templates/dns/default.tpl | 7 +- install/rhel/7/templates/dns/gmail.tpl | 6 +- install/ubuntu/12.04/firewallv6/ports.conf | 17 ++ install/ubuntu/12.04/firewallv6/rules.conf | 11 + .../ubuntu/12.04/templates/dns/child-ns.tpl | 9 +- .../ubuntu/12.04/templates/dns/default.tpl | 7 +- install/ubuntu/12.04/templates/dns/gmail.tpl | 6 +- install/ubuntu/12.10/firewallv6/ports.conf | 17 ++ install/ubuntu/12.10/firewallv6/rules.conf | 11 + .../ubuntu/12.10/templates/dns/child-ns.tpl | 9 +- .../ubuntu/12.10/templates/dns/default.tpl | 7 +- install/ubuntu/12.10/templates/dns/gmail.tpl | 6 +- install/ubuntu/13.04/firewallv6/ports.conf | 17 ++ install/ubuntu/13.04/firewallv6/rules.conf | 11 + .../ubuntu/13.04/templates/dns/child-ns.tpl | 9 +- .../ubuntu/13.04/templates/dns/default.tpl | 7 +- install/ubuntu/13.04/templates/dns/gmail.tpl | 6 +- install/ubuntu/13.10/firewallv6/ports.conf | 17 ++ install/ubuntu/13.10/firewallv6/rules.conf | 11 + .../ubuntu/13.10/templates/dns/child-ns.tpl | 9 +- .../ubuntu/13.10/templates/dns/default.tpl | 7 +- install/ubuntu/13.10/templates/dns/gmail.tpl | 6 +- install/ubuntu/14.04/firewallv6/ports.conf | 17 ++ install/ubuntu/14.04/firewallv6/rules.conf | 11 + .../ubuntu/14.04/templates/dns/child-ns.tpl | 9 +- .../ubuntu/14.04/templates/dns/default.tpl | 7 +- install/ubuntu/14.04/templates/dns/gmail.tpl | 6 +- install/ubuntu/14.10/firewallv6/ports.conf | 17 ++ install/ubuntu/14.10/firewallv6/rules.conf | 11 + .../ubuntu/14.10/templates/dns/child-ns.tpl | 9 +- .../ubuntu/14.10/templates/dns/default.tpl | 7 +- install/ubuntu/14.10/templates/dns/gmail.tpl | 6 +- install/ubuntu/15.04/firewallv6/ports.conf | 17 ++ install/ubuntu/15.04/firewallv6/rules.conf | 11 + .../ubuntu/15.04/templates/dns/child-ns.tpl | 9 +- .../ubuntu/15.04/templates/dns/default.tpl | 7 +- install/ubuntu/15.04/templates/dns/gmail.tpl | 6 +- install/ubuntu/15.10/firewallv6/ports.conf | 17 ++ install/ubuntu/15.10/firewallv6/rules.conf | 11 + .../ubuntu/15.10/templates/dns/child-ns.tpl | 9 +- .../ubuntu/15.10/templates/dns/default.tpl | 7 +- install/ubuntu/15.10/templates/dns/gmail.tpl | 6 +- install/ubuntu/16.04/firewallv6/ports.conf | 17 ++ install/ubuntu/16.04/firewallv6/rules.conf | 11 + .../ubuntu/16.04/templates/dns/child-ns.tpl | 9 +- .../ubuntu/16.04/templates/dns/default.tpl | 7 +- install/ubuntu/16.04/templates/dns/gmail.tpl | 6 +- install/ubuntu/16.10/firewallv6/ports.conf | 17 ++ install/ubuntu/16.10/firewallv6/rules.conf | 11 + .../ubuntu/16.10/templates/dns/child-ns.tpl | 9 +- .../ubuntu/16.10/templates/dns/default.tpl | 7 +- install/ubuntu/16.10/templates/dns/gmail.tpl | 6 +- install/vst-install-debian.sh | 14 ++ install/vst-install-rhel.sh | 38 ++- install/vst-install-ubuntu.sh | 15 +- upd/add_ipv6.sh | 55 +++++ web/add/firewallv6/banlist/index.php | 55 +++++ web/add/firewallv6/index.php | 71 ++++++ web/add/ip/index.php | 8 +- web/add/web/index.php | 25 +- web/bulk/firewallv6/banlist/index.php | 38 +++ web/bulk/firewallv6/index.php | 42 ++++ web/delete/ip/index.php | 17 +- web/edit/dns/index.php | 10 + web/edit/firewallv6/index.php | 88 +++++++ web/edit/ip/index.php | 27 ++- web/edit/web/index.php | 67 +++++- web/list/firewallv6/banlist/index.php | 24 ++ web/list/firewallv6/index.php | 24 ++ web/templates/admin/add_firewall_ipv6.html | 119 +++++++++ .../admin/add_firewall_ipv6_banlist.html | 86 +++++++ web/templates/admin/add_ip.html | 13 + web/templates/admin/add_web.html | 23 +- web/templates/admin/edit_dns.html | 12 +- web/templates/admin/edit_firewall_ipv6.html | 121 ++++++++++ web/templates/admin/edit_ip.html | 13 + web/templates/admin/edit_web.html | 21 +- web/templates/admin/list_dns.html | 17 +- web/templates/admin/list_firewall.html | 3 + web/templates/admin/list_firewall_ipv6.html | 158 ++++++++++++ .../admin/list_firewall_ipv6_banlist.html | 121 ++++++++++ web/templates/admin/list_ip.html | 14 ++ web/templates/admin/list_user.html | 7 + web/templates/admin/list_web.html | 3 +- web/templates/user/edit_dns.html | 12 +- web/templates/user/edit_web.html | 22 +- web/templates/user/list_dns.html | 2 +- 180 files changed, 5056 insertions(+), 351 deletions(-) create mode 100755 bin/v-add-firewall-ipv6-ban create mode 100755 bin/v-add-firewall-ipv6-chain create mode 100755 bin/v-add-firewall-ipv6-rule create mode 100755 bin/v-add-sys-ipv6 create mode 100755 bin/v-change-dns-domain-ipv6 create mode 100755 bin/v-change-firewall-ipv6-rule create mode 100755 bin/v-change-sys-ipv6-name create mode 100755 bin/v-change-sys-ipv6-owner create mode 100755 bin/v-change-sys-ipv6-status create mode 100755 bin/v-change-web-domain-ipv6 create mode 100755 bin/v-delete-firewall-ipv6-ban create mode 100755 bin/v-delete-firewall-ipv6-chain create mode 100755 bin/v-delete-firewall-ipv6-rule create mode 100755 bin/v-delete-sys-ipv6 create mode 100755 bin/v-list-firewall-ipv6 create mode 100755 bin/v-list-firewall-ipv6-ban create mode 100755 bin/v-list-firewall-ipv6-rule create mode 100755 bin/v-stop-firewall-ipv6 create mode 100755 bin/v-suspend-firewall-ipv6-rule create mode 100755 bin/v-unsuspend-firewall-ipv6-rule create mode 100755 bin/v-update-firewall-ipv6 create mode 100644 func/ipv6.sh create mode 100644 install/debian/7/firewallv6/ports.conf create mode 100644 install/debian/7/firewallv6/rules.conf create mode 100644 install/debian/8/firewallv6/ports.conf create mode 100644 install/debian/8/firewallv6/rules.conf create mode 100644 install/rhel/5/firewallv6/ports.conf create mode 100644 install/rhel/5/firewallv6/rules.conf create mode 100644 install/rhel/6/firewallv6/ports.conf create mode 100644 install/rhel/6/firewallv6/rules.conf create mode 100644 install/rhel/7/fail2ban/filter.d/vesta-ipv6.conf create mode 100644 install/rhel/7/firewallv6/ports.conf create mode 100644 install/rhel/7/firewallv6/rules.conf create mode 100644 install/ubuntu/12.04/firewallv6/ports.conf create mode 100644 install/ubuntu/12.04/firewallv6/rules.conf create mode 100644 install/ubuntu/12.10/firewallv6/ports.conf create mode 100644 install/ubuntu/12.10/firewallv6/rules.conf create mode 100644 install/ubuntu/13.04/firewallv6/ports.conf create mode 100644 install/ubuntu/13.04/firewallv6/rules.conf create mode 100644 install/ubuntu/13.10/firewallv6/ports.conf create mode 100644 install/ubuntu/13.10/firewallv6/rules.conf create mode 100644 install/ubuntu/14.04/firewallv6/ports.conf create mode 100644 install/ubuntu/14.04/firewallv6/rules.conf create mode 100644 install/ubuntu/14.10/firewallv6/ports.conf create mode 100644 install/ubuntu/14.10/firewallv6/rules.conf create mode 100644 install/ubuntu/15.04/firewallv6/ports.conf create mode 100644 install/ubuntu/15.04/firewallv6/rules.conf create mode 100644 install/ubuntu/15.10/firewallv6/ports.conf create mode 100644 install/ubuntu/15.10/firewallv6/rules.conf create mode 100644 install/ubuntu/16.04/firewallv6/ports.conf create mode 100644 install/ubuntu/16.04/firewallv6/rules.conf create mode 100644 install/ubuntu/16.10/firewallv6/ports.conf create mode 100644 install/ubuntu/16.10/firewallv6/rules.conf create mode 100644 upd/add_ipv6.sh create mode 100644 web/add/firewallv6/banlist/index.php create mode 100644 web/add/firewallv6/index.php create mode 100644 web/bulk/firewallv6/banlist/index.php create mode 100644 web/bulk/firewallv6/index.php create mode 100644 web/edit/firewallv6/index.php create mode 100644 web/list/firewallv6/banlist/index.php create mode 100644 web/list/firewallv6/index.php create mode 100644 web/templates/admin/add_firewall_ipv6.html create mode 100644 web/templates/admin/add_firewall_ipv6_banlist.html create mode 100644 web/templates/admin/edit_firewall_ipv6.html create mode 100644 web/templates/admin/list_firewall_ipv6.html create mode 100644 web/templates/admin/list_firewall_ipv6_banlist.html diff --git a/bin/v-add-dns-domain b/bin/v-add-dns-domain index f43891a6..f5f67a91 100755 --- a/bin/v-add-dns-domain +++ b/bin/v-add-dns-domain @@ -1,6 +1,6 @@ #!/bin/bash # info: add dns domain -# options: USER DOMAIN IP [NS1] [NS2] [NS3] [..] [NS8] [RESTART] +# options: USER DOMAIN IP IPV6 [NS1] [NS2] [NS3] [..] [NS8] [RESTART] # # The function adds DNS zone with records defined in the template. If the exp # argument isn't stated, the expiration date value will be set to next year. @@ -18,15 +18,16 @@ user=$1 domain=$2 domain_idn=$2 ip=$3 -ns1=$4 -ns2=$5 -ns3=$6 -ns4=$7 -ns5=$8 -ns6=$9 -ns7=${10} -ns8=${11} -restart=${12} +ipv6=$4 +ns1=$5 +ns2=$6 +ns3=$7 +ns4=$8 +ns5=$9 +ns6=$10 +ns7=${11} +ns8=${12} +restart=${13} # Includes source $VESTA/func/main.sh @@ -42,8 +43,21 @@ format_domain_idn # Verifications # #----------------------------------------------------------# -check_args '3' "$#" 'USER DOMAIN IP [NS1] [NS2] [NS3] [..] [NS8] [RESTART]' -is_format_valid 'user' 'domain' 'ip' +check_args '3' "$#" 'USER DOMAIN IP IPV6 [NS1] [NS2] [NS3] [..] [NS8] [RESTART]' +is_format_valid 'user' 'domain' + +if [ ! -z "$ip" ] && [ "$ip" != "no" ]; then + is_format_valid 'ip' +else + ip="" +fi + +if [ ! -z "$ipv6" ] && [ "$ipv6" != "no" ]; then + is_format_valid 'ipv6' +else + ipv6="" +fi + is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" @@ -53,35 +67,35 @@ template=$(get_user_value '$DNS_TEMPLATE') is_dns_template_valid $template if [ ! -z "$ns1" ]; then - ns1=$(echo $4 |sed -e 's/\.*$//g' -e 's/^\.*//g') + ns1=$(echo $5 |sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns1' fi if [ ! -z "$ns2" ]; then - ns2=$(echo $5 |sed -e 's/\.*$//g' -e 's/^\.*//g') + ns2=$(echo $6 |sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns2' fi if [ ! -z "$ns3" ]; then - ns3=$(echo $6 |sed -e 's/\.*$//g' -e 's/^\.*//g') + ns3=$(echo $7 |sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns3' fi if [ ! -z "$ns4" ]; then - ns4=$(echo $7 |sed -e 's/\.*$//g' -e 's/^\.*//g') + ns4=$(echo $8 |sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns4' fi if [ ! -z "$ns5" ]; then - ns5=$(echo $8 |sed -e 's/\.*$//g' -e 's/^\.*//g') + ns5=$(echo $9 |sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns5' fi if [ ! -z "$ns6" ]; then - ns6=$(echo $9 |sed -e 's/\.*$//g' -e 's/^\.*//g') + ns6=$(echo ${10} |sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns6' fi if [ ! -z "$ns7" ]; then - ns7=$(echo ${10} |sed -e 's/\.*$//g' -e 's/^\.*//g') + ns7=$(echo ${11} |sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns7' fi if [ ! -z "$ns8" ]; then - ns8=$(echo ${11} |sed -e 's/\.*$//g' -e 's/^\.*//g') + ns8=$(echo ${12} |sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns8' fi @@ -133,26 +147,14 @@ time=$(echo "$time_n_date" |cut -f 1 -d \ ) date=$(echo "$time_n_date" |cut -f 2 -d \ ) # Adding dns zone to the user config -echo "$template_data" |\ - sed -e "s/%ip%/$ip/g" \ - -e "s/%domain_idn%/$domain_idn/g" \ - -e "s/%domain%/$domain/g" \ - -e "s/%ns1%/$ns1/g" \ - -e "s/%ns2%/$ns2/g" \ - -e "s/%ns3%/$ns3/g" \ - -e "s/%ns4%/$ns4/g" \ - -e "s/%ns5%/$ns5/g" \ - -e "s/%ns6%/$ns6/g" \ - -e "s/%ns7%/$ns7/g" \ - -e "s/%ns8%/$ns8/g" \ - -e "s/%time%/$time/g" \ - -e "s/%date%/$date/g" > $USER_DATA/dns/$domain.conf +add_dns_config + chmod 660 $USER_DATA/dns/$domain.conf records="$(wc -l $USER_DATA/dns/$domain.conf |cut -f 1 -d ' ')" # Adding dns.conf record -dns_rec="DOMAIN='$domain' IP='$ip' TPL='$template' TTL='$ttl' EXP='$exp'" +dns_rec="DOMAIN='$domain' IP='$ip' IP6='$ipv6' TPL='$template' TTL='$ttl' EXP='$exp'" dns_rec="$dns_rec SOA='$soa' SERIAL='$serial' SRC='' RECORDS='$records'" dns_rec="$dns_rec SUSPENDED='no' TIME='$time' DATE='$date'" diff --git a/bin/v-add-dns-on-web-alias b/bin/v-add-dns-on-web-alias index cc587483..ac0255d5 100755 --- a/bin/v-add-dns-on-web-alias +++ b/bin/v-add-dns-on-web-alias @@ -1,6 +1,6 @@ #!/bin/bash # info: add dns domain or dns record after web domain alias -# options: USER ALIAS IP [RESTART] +# options: USER ALIAS IP IPV6 [RESTART] # # The function adds dns domain or dns record based on web domain alias. @@ -13,7 +13,8 @@ user=$1 alias=$2 ip=$3 -restart=$4 +ipv6=$4 +restart=$5 # Includes source $VESTA/func/main.sh @@ -26,7 +27,7 @@ source $VESTA/conf/vesta.conf #----------------------------------------------------------# check_args '3' "$#" 'USER ALIAS IP [RESTART]' -is_format_valid 'user' 'alias' 'ip' +is_format_valid 'user' 'alias' is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" @@ -34,6 +35,18 @@ if [ -e "$USER_DATA/dns/$alias.conf" ]; then exit fi +if [ -z "$ip" ] && [ "$ip" != "no" ]; then + is_format_valid 'ip' +else + ip="" +fi + +if [ -z "$ipv6" ] && [ "$ipv6" != "no" ]; then + is_format_valid 'ipv6' +else + ipv6="" +fi + #----------------------------------------------------------# # Action # @@ -50,12 +63,12 @@ domain_lvl=$(echo "$alias" |grep -o "\." |wc -l) # Adding second level domain if [ "$domain_lvl" -eq 1 ] || [ "${#top_domain}" -le '6' ]; then $BIN/v-add-dns-domain \ - $user $alias $ip '' '' '' '' '' $restart >> /dev/null + $user $alias $ip $ipv6 '' '' '' '' '' $restart >> /dev/null exit fi # Adding top-level domain and then its sub -$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' $restart >> /dev/null +$BIN/v-add-dns-domain $user $top_domain $ip $ipv6 '' '' '' '' $restart >> /dev/null # Checking top-level domain if [ ! -e "$USER_DATA/dns/$top_domain.conf" ]; then @@ -71,8 +84,14 @@ fi # Adding subdomain record if [ -z "$check_record" ]; then - $BIN/v-add-dns-record \ - $user $top_domain "$sub_domain" A $ip '' '' $restart >> /dev/null + if [ "$IPV4" == "yes" ] ; then + $BIN/v-add-dns-record \ + $user $top_domain "$sub_domain" A $ip '' '' $restart >> /dev/null + fi + if [ "$IPV6" == "yes" ] ; then + $BIN/v-add-dns-record \ + $user $top_domain "$sub_domain" AAAA $ipv6 '' '' $restart >> /dev/null + fi fi diff --git a/bin/v-add-domain b/bin/v-add-domain index e383481a..13e100ad 100755 --- a/bin/v-add-domain +++ b/bin/v-add-domain @@ -1,6 +1,6 @@ #!/bin/bash # info: add web/dns/mail domain -# options: USER DOMAIN [IP] [RESTART] +# options: USER DOMAIN [IP] [IPV6] [RESTART] # # The function adds web/dns/mail domain to a server. @@ -13,22 +13,27 @@ user=$1 domain=$2 ip=$3 -restart="${4-yes}" +ipv6=$4 +restart="${5-yes}" # Includes source $VESTA/func/main.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# -check_args '2' "$#" 'USER DOMAIN [IP] [RESTART]' +check_args '2' "$#" 'USER DOMAIN [IP] [IPV6] [RESTART]' is_format_valid 'user' 'domain' -if [ ! -z "$ip" ] ; then +if [ ! -z "$ip" ] && [ "$ip" != "no" ]; then is_format_valid 'ip' fi +if [ ! -z "$ipv6" ] && [ "$ipv6" != "no" ]; then + is_format_valid 'ipv6' +fi is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" @@ -38,22 +43,23 @@ is_object_unsuspended 'user' 'USER' "$user" #----------------------------------------------------------# # Get ip if it wasn't defined -if [ -z "$ip" ]; then +if [ -z "$ip" ] && [ "$ip" != "no" ]; then get_user_ip - if [ -z "$ip" ]; then - check_result $E_NOTEXIST "no avaiable IP address" - fi +fi + +if [ -z "$ipv6" ] && [ "$ipv6" != "no" ]; then + get_user_ipv6 fi # Working on web domain if [ ! -z "$WEB_SYSTEM" ]; then - $BIN/v-add-web-domain $user $domain $ip 'no' + $BIN/v-add-web-domain $user $domain $ip $ipv6 'no' check_result $? "can't add web domain" >/dev/null fi # Working on DNS domain if [ ! -z "$DNS_SYSTEM" ]; then - $BIN/v-add-dns-domain $user $domain $ip "" "" "" "" "" '' '' '' 'no' + $BIN/v-add-dns-domain $user $domain $ip $ipv6 "" "" "" "" "" '' '' '' 'no' check_result $? "can't add dns domain" >/dev/null fi diff --git a/bin/v-add-firewall-ipv6-ban b/bin/v-add-firewall-ipv6-ban new file mode 100755 index 00000000..881e0707 --- /dev/null +++ b/bin/v-add-firewall-ipv6-ban @@ -0,0 +1,83 @@ +#!/bin/bash +# info: add firewall blocking rule +# options: IP CHAIN +# +# The function adds new blocking rule to system firewall + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Argument definition +ipv6=$1 +chain=$(echo $2|tr '[:lower:]' '[:upper:]') + +# Defining absolute path for iptables and modprobe +iptables="/sbin/ip6tables" + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'IP CHAIN' +is_format_valid 'ipv6' 'chain' +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Checking server ip +if [ -e "$VESTA/data/ips/$ipv6" ] || [ "$ipv6" = '::1' ]; then + exit +fi + +# Checking ip exclusions +excludes="$VESTA/data/firewallv6/excludes.conf" +check_excludes=$(grep "^$ipv6$" $excludes 2>/dev/null) +if [ ! -z "$check_excludes" ]; then + exit +fi + +# Checking ip in banlist +conf="$VESTA/data/firewallv6/banlist.conf" +check_ip=$(grep "IP6='$ipv6' CHAIN='$chain'" $conf 2>/dev/null) +if [ ! -z "$check_ip" ]; then + exit +fi + +# Adding chain +$BIN/v-add-firewall-ipv6-chain $chain + +# Generating timestamp +time_n_date=$(date +'%T %F') +time=$(echo "$time_n_date" |cut -f 1 -d \ ) +date=$(echo "$time_n_date" |cut -f 2 -d \ ) + +# Adding ip to banlist +echo "IP6='$ipv6' CHAIN='$chain' TIME='$time' DATE='$date'" >> $conf +$iptables -I fail2ban-$chain 1 -s $ipv6 \ + -j REJECT --reject-with icmp-port-unreachable 2>/dev/null + +# Changing permissions +chmod 660 $conf + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-add-firewall-ipv6-chain b/bin/v-add-firewall-ipv6-chain new file mode 100755 index 00000000..7f72a51e --- /dev/null +++ b/bin/v-add-firewall-ipv6-chain @@ -0,0 +1,86 @@ +#!/bin/bash +# info: add firewall chain +# options: CHAIN [PORT] [PROTOCOL] [PROTOCOL] +# +# The function adds new rule to system firewall + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Argument definition +chain=$(echo $1 | tr '[:lower:]' '[:upper:]') +port=$2 +protocol=${4-TCP} +protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]') + +# Defining absolute path to iptables +iptables="/sbin/ip6tables" + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'CHAIN [PORT] [PROTOCOL]' +is_format_valid 'chain' +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Checking known chains +case $chain in + SSH) port=22; protocol=TCP ;; + FTP) port=21; protocol=TCP ;; + MAIL) port='25,465,587,2525,110,995,143,993'; protocol=TCP ;; + DNS) port=53; protocol=UDP ;; + WEB) port='80,443'; protocol=TCP ;; + DB) port='3306,5432'; protocol=TCP ;; + VESTA) port=8083; protocol=TCP ;; + *) check_args '2' "$#" 'CHAIN PORT' ;; +esac + +# Adding chain +$iptables -N fail2ban-$chain 2>/dev/null +if [ $? -eq 0 ]; then + $iptables -A fail2ban-$chain -j RETURN + + # Adding multiport module + if [[ "$port" =~ ,|-|: ]] ; then + port_str="-m multiport --dports $port" + else + port_str="--dport $port" + fi + $iptables -I INPUT -p $protocol $port_str -j fail2ban-$chain +fi + +# Preserving chain +chains=$VESTA/data/firewallv6/chains.conf +check_chain=$(grep "CHAIN='$chain'" $chains 2>/dev/null) +if [ -z "$check_chain" ]; then + echo "CHAIN='$chain' PORT='$port' PROTOCOL='$protocol'" >> $chains +fi + +# Changing permissions +chmod 660 $chains + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-add-firewall-ipv6-rule b/bin/v-add-firewall-ipv6-rule new file mode 100755 index 00000000..586ca994 --- /dev/null +++ b/bin/v-add-firewall-ipv6-rule @@ -0,0 +1,94 @@ +#!/bin/bash +# info: add firewall rule +# options: ACTION IPV6 PORT [PROTOCOL] [COMMENT] [RULE] +# +# The function adds new rule to system firewall + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Argument definition +action=$(echo $1|tr '[:lower:]' '[:upper:]') +ipv6=$2 +port_ext=$3 +protocol=${4-TCP} +protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]') +comment=$5 +rule=$6 + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + +# Get next firewall rule id +get_next_fw_rule() { + if [ -z "$rule" ]; then + curr_str=$(grep "RULE=" $VESTA/data/firewallv6/rules.conf |\ + cut -f 2 -d \' | sort -n | tail -n1) + rule="$((curr_str +1))" + fi +} + +sort_fw_rules() { + cat $VESTA/data/firewallv6/rules.conf |\ + sort -n -k 2 -t \' > $VESTA/data/firewallv6/rules.conf.tmp + mv -f $VESTA/data/firewallv6/rules.conf.tmp \ + $VESTA/data/firewallv6/rules.conf +} + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '3' "$#" 'ACTION IPV6 PORT [PROTOCOL] [COMMENT] [RULE]' +is_format_valid 'action' 'protocol' 'port_ext' 'ipv6' +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' +get_next_fw_rule +is_format_valid 'rule' +is_object_new '../../data/firewallv6/rules' 'RULE' "$rule" +if [ ! -z "$comment" ]; then + is_format_valid 'comment' +fi + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Generating timestamp +time_n_date=$(date +'%T %F') +time=$(echo "$time_n_date" |cut -f 1 -d \ ) +date=$(echo "$time_n_date" |cut -f 2 -d \ ) + +# Concatenating rule +str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'" +str="$str IP6='$ipv6' COMMENT='$comment' SUSPENDED='no'" +str="$str TIME='$time' DATE='$date'" + +# Adding to config +echo "$str" >> $VESTA/data/firewallv6/rules.conf + +# Changing permissions +chmod 660 $VESTA/data/firewallv6/rules.conf + +# Sorting firewall rules by id number +sort_fw_rules + +# Updating system firewall +$BIN/v-update-firewall-ipv6 + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-add-sys-firewall b/bin/v-add-sys-firewall index b154c7f0..437d4c41 100755 --- a/bin/v-add-sys-firewall +++ b/bin/v-add-sys-firewall @@ -29,10 +29,15 @@ fi # Adding firewall directory mkdir -p $VESTA/data/firewall/ +mkdir -p $VESTA/data/firewallv6/ # Adding default ruleset if [ ! -e "$VESTA/data/firewall/rules.conf" ]; then - cp $VESTA/install/rhel/7/* $VESTA/data/firewall/ + cp $VESTA/install/rhel/7/firewall/* $VESTA/data/firewall/ +fi + +if [ ! -e "$VESTA/data/firewallv6/rules.conf" ]; then + cp $VESTA/install/rhel/7/firewallv6/* $VESTA/data/firewallv6/ fi # Updating FIREWAL_SYSTEM value @@ -45,6 +50,7 @@ fi # Updating firewall rules $BIN/v-update-firewall +$BIN/v-update-firewall-ipv6 #----------------------------------------------------------# diff --git a/bin/v-add-sys-ip b/bin/v-add-sys-ip index f278763b..8130ceec 100755 --- a/bin/v-add-sys-ip +++ b/bin/v-add-sys-ip @@ -5,7 +5,7 @@ # The function adds ip address into a system. It also creates rc scripts. You # can specify ip name which will be used as root domain for temporary aliases. # For example, if you set a1.myhosting.com as name, each new domain created on -# this ip will automatically receive alias $domain.a1.myhosting.com. Of course +# this ip will automatically receive alias $domain.a1.myhosting.com. Of course # you must have wildcard record *.a1.myhosting.com pointed to ip. This feature # is very handy when customer wants to test domain before dns migration. @@ -46,7 +46,6 @@ if [ ! -z "$nat_ip" ] ; then is_format_valid 'nat_ip' fi - #----------------------------------------------------------# # Action # #----------------------------------------------------------# @@ -97,7 +96,8 @@ INTERFACE='$interface' NETMASK='$netmask' NAT='$nat_ip' TIME='$time' -DATE='$date'" > $VESTA/data/ips/$ip +DATE='$date' +VERSION='4'" > $VESTA/data/ips/$ip chmod 660 $VESTA/data/ips/$ip # WEB support diff --git a/bin/v-add-sys-ipv6 b/bin/v-add-sys-ipv6 new file mode 100755 index 00000000..4ee8e790 --- /dev/null +++ b/bin/v-add-sys-ipv6 @@ -0,0 +1,188 @@ +#!/bin/bash +# info: add system ip address +# options: IPV6 NETMASK [INTERFACE] [USER] [IP_STATUS] [IP_NAME] [NAT_IP] +# +# The function adds ipv6 address into a system. It also creates rc scripts. You +# can specify ipv6 name which will be used as root domain for temporary aliases. +# For example, if you set a1.myhosting.com as name, each new domain created on +# this ipv6 will automatically receive alias $domain.a1.myhosting.com. Of course +# you must have wildcard record *.a1.myhosting.com pointed to ipv6. This feature +# is very handy when customer wants to test domain before dns migration. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +ipv6=${1// /} +netmask=$2 +interface="${3-eth0}" +user="${4-admin}" +ip_status="${5-shared}" +ip_name=$6 + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/ipv6.sh +source $VESTA/func/domain.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'IPV6 NETMASK [INTERFACE] [USER] [STATUS] [NAME]' +is_format_valid 'ipv6' 'netmaskv6' 'interface' 'user' 'ip_status' +is_ipv6_free +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" +if [ ! -z "$ip_name" ] ; then + is_format_valid 'ip_name' +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# +iface=$(get_ipv6_iface) +#cidr=$(convert_netmaskv6 $netmask) +cidr=$netmask + +sys_ip_check=$(/sbin/ip -6 addr | grep "$ipv6") +if [ -z "$sys_ip_check" ]; then + # Adding sys ip + /sbin/ip addr add $ipv6/$cidr dev $interface + + # Adding RHEL/CentOS/Fedora startup script + if [ -e "/etc/redhat-release" ]; then + sys_ip="# Added by vesta" + sys_ip="$sys_ip\nIPV6INIT=yes" + sys_ip="$sys_ip\nIPV6ADDR=$ipv6/$cidr" + sys_ip="$sys_ip\nIPV6_DEFAULTGW=$interface" + sys_ip="$sys_ip\nIPV6_AUTOCONF=no" +####### sys_ip="$sys_ip\nIPV6ADDR_SECONDARIES=""" + echo -e $sys_ip > /etc/sysconfig/network-scripts/ifcfg-$interface + fi + + # Adding Debian/Ubuntu startup script + if [ -e "/etc/debian_version" ]; then + sys_ip="\n# Added by vesta" + sys_ip="$sys_ip\niface $interface inet6 static" + sys_ip="$sys_ip\naddress $ipv6" + sys_ip="$sys_ip\nnetmask $cidr" + echo -e $sys_ip >> /etc/network/interfaces + fi +fi + +# Generating timestamp +time_n_date=$(date +'%T %F') +time=$(echo "$time_n_date" |cut -f 1 -d \ ) +date=$(echo "$time_n_date" |cut -f 2 -d \ ) + +# Adding vesta ip +echo "OWNER='$user' +STATUS='$ip_status' +NAME='$ip_name' +U_SYS_USERS='' +U_WEB_DOMAINS='0' +INTERFACE='$interface' +NETMASK='$netmask' +NAT='' +TIME='$time' +DATE='$date' +VERSION='6'" > $VESTA/data/ips/$ipv6 +chmod 660 $VESTA/data/ips/$ipv6 + +# WEB support +if [ ! -z "$WEB_SYSTEM" ]; then + web_conf="/etc/$WEB_SYSTEM/conf.d/$ipv6.conf" + rm -f $web_conf + + if [ "$WEB_SYSTEM" = 'httpd' ] || [ "$WEB_SYSTEM" = 'apache2' ]; then + if [ -z "$(/usr/sbin/apachectl -v | grep Apache/2.4)" ]; then + echo "NameVirtualHost [$ipv6]:$WEB_PORT" > $web_conf + fi + echo "Listen [$ipv6]:$WEB_PORT" >> $web_conf + fi + + if [ "$WEB_SSL" = 'mod_ssl' ]; then + if [ -z "$(/usr/sbin/apachectl -v | grep Apache/2.4)" ]; then + echo "NameVirtualHost [$ipv6]:$WEB_SSL_PORT" >> $web_conf + fi + echo "Listen [$ipv6]:$WEB_SSL_PORT" >> $web_conf + fi +fi + +# Proxy support +if [ ! -z "$PROXY_SYSTEM" ]; then + cat $WEBTPL/$PROXY_SYSTEM/proxy_ip.tpl |\ + sed -e "s/%ip%/[$ipv6]/g" \ + -e "s/%web_port%/$WEB_PORT/g" \ + -e "s/%proxy_port%/$PROXY_PORT/g" \ + > /etc/$PROXY_SYSTEM/conf.d/$ipv6.conf + + # mod_extract_forwarded +# fw_conf="/etc/$WEB_SYSTEM/conf.d/mod_extract_forwarded.conf" +# if [ -e "$fw_conf" ]; then +# ips=$(grep 'MEFaccept ' $fw_conf | grep -v '#' | head -n1) +# sed -i "s/$ips/$ips $ip/g" $fw_conf +# fi + + # mod_rpaf + rpaf_conf="/etc/$WEB_SYSTEM/mods-enabled/rpaf.conf" + if [ -e "$rpaf_conf" ]; then + rpaf_str=$(grep RPAFproxy_ips $rpaf_conf) + rpaf_str="$rpaf_str $ipv6" + sed -i "s/.*RPAFproxy_ips.*/$rpaf_str/" $rpaf_conf + fi + + #mod_remoteip + remoteip_conf="/etc/$WEB_SYSTEM/mods-enabled/remoteip.conf" + if [ -e "$remoteip_conf" ]; then + if [ $( grep -ic "$ipv6" $remoteip_conf ) -eq 0 ]; then + sed -i "s/<\/IfModule>/RemoteIPInternalProxy $ipv6\n<\/IfModule>/g" $remoteip_conf + fi + fi +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Updating user counters +increase_user_value "$user" '$IPV6_OWNED' +if [ "$user" = 'admin' ]; then + if [ "$ip_status" = 'shared' ]; then + for user in $(ls $VESTA/data/users); do + increase_user_value "$user" '$IPV6_AVAIL' + done + else + increase_user_value 'admin' '$IPV6_AVAIL' + fi +else + increase_user_value "$user" '$IPV6_AVAIL' + increase_user_value 'admin' '$IPV6_AVAIL' +fi + +# Restarting web server +$BIN/v-restart-web +check_result $? "Web restart failed" >/dev/null + +# Restarting proxy server +if [ ! -z "$PROXY_SYSTEM" ]; then + $BIN/v-restart-proxy + check_result $? "Proxy restart failed" >/dev/null +fi + +# Restarting firewall +if [ ! -z "$FIREWALL_SYSTEM" ]; then + $BIN/v-update-firewall +fi + +# Logging +log_history "added system ipv6 address $ipv6" '' 'admin' +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-add-user b/bin/v-add-user index 025c7e3e..2eb97d50 100755 --- a/bin/v-add-user +++ b/bin/v-add-user @@ -141,9 +141,11 @@ date=$(echo "$time_n_date" |cut -f 2 -d \ ) # Filling user config if [ "$user" != 'admin' ]; then ip_avail=$($BIN/v-list-user-ips admin plain |grep -w shared|wc -l) + ipv6_avail=$($BIN/v-list-user-ipv6s admin plain |grep -w shared|wc -l) u_users=0 else ip_avail=0 + ipv6_avail=0 u_users=1 fi @@ -163,7 +165,9 @@ SUSPENDED_MAIL='0' SUSPENDED_DB='0' SUSPENDED_CRON='0' IP_AVAIL='$ip_avail' +IPV6_AVAIL='$ipv6_avail' IP_OWNED='0' +IPV6_OWNED='0' U_USERS='$u_users' U_DISK='0' U_DISK_DIRS='0' diff --git a/bin/v-add-web-domain b/bin/v-add-web-domain index 62619a42..95ce51d3 100755 --- a/bin/v-add-web-domain +++ b/bin/v-add-web-domain @@ -1,6 +1,6 @@ #!/bin/bash # info: add web domain -# options: USER DOMAIN [IP] [ALIASES] [PROXY_EXTENSIONS] [RESTART] +# options: USER DOMAIN [IP] [IPV6] [ALIASES] [PROXY_EXTENSIONS] [RESTART] # # The function adds virtual host to a server. In cases when ip is # undefined in the script, "default" template will be used. The alias of @@ -20,14 +20,16 @@ user=$1 domain=$2 domain_idn=$2 ip=$3 -restart=$4 # will be moved to the end soon -aliases=$5 -proxy_ext=$6 +ipv6=$4 +restart=$5 # will be moved to the end soon +aliases=$6 +proxy_ext=$7 # Includes source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf # Additional argument formatting @@ -41,18 +43,39 @@ format_aliases #----------------------------------------------------------# is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' -check_args '2' "$#" 'USER DOMAIN [IP] [RESTART] [ALIASES] [PROXY_EXTENSIONS]' -is_format_valid 'user' 'domain' 'aliases' 'ip' 'proxy_ext' +check_args '2' "$#" 'USER DOMAIN [IP] [IPV6] [RESTART] [ALIASES] [PROXY_EXTENSIONS]' +is_format_valid 'user' 'domain' 'aliases' 'proxy_ext' + +if [ -z "$ip" ] && [ "$ip" != "no" ]; then + is_format_valid 'ip' +fi + +if [ -z "$ipv6" ] && [ "$ipv6" != "no" ]; then + is_format_valid 'ipv6' +fi + is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" is_package_full 'WEB_DOMAINS' 'WEB_ALIASES' is_domain_new 'web' "$domain,$aliases" -if [ ! -z "$ip" ]; then - is_ip_valid "$ip" "$user" +if [ "$ip" != "no" ]; then + if [ ! -z "$ip" ]; then + is_ip_valid "$ip" "$user" + else + get_user_ip + fi else - get_user_ip + ip="" +fi +if [ "$ipv6" != "no" ]; then + if [ ! -z "$ipv6" ]; then + is_ipv6_valid "$ipv6" "$user" + else + get_user_ipv6 + fi +else + ipv6="" fi - #----------------------------------------------------------# # Action # @@ -114,10 +137,16 @@ else if [ ! -z "$aliases" ]; then ALIAS="$ALIAS,$aliases" fi + ip_alias=$(get_ip_alias $domain) if [ ! -z "$ip_alias" ]; then ALIAS="$ALIAS,$ip_alias" fi + + ipv6_alias=$(get_ipv6_alias $domain) + if [ ! -z "$ipv6_alias" ]; then + ALIAS="$ALIAS,$ipv6_alias" + fi fi # Preparing domain variables @@ -137,13 +166,13 @@ if [ ! -z "$PROXY_SYSTEM" ]; then add_web_config "$PROXY_SYSTEM" "$PROXY_TEMPLATE.tpl" fi - #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# # Increasing counters increase_ip_value "$local_ip" +increase_ipv6_value "$ipv6" increase_user_value "$user" '$U_WEB_DOMAINS' increase_user_value "$user" '$U_WEB_ALIASES' "$alias_number" @@ -153,7 +182,7 @@ time=$(echo "$time_n_date" |cut -f 1 -d \ ) date=$(echo "$time_n_date" |cut -f 2 -d \ ) # Adding domain in web.conf -echo "DOMAIN='$domain' IP='$ip' IP6='' ALIAS='$ALIAS' TPL='$WEB_TEMPLATE'\ +echo "DOMAIN='$domain' IP='$ip' IP6='$ipv6' ALIAS='$ALIAS' TPL='$WEB_TEMPLATE'\ SSL='no' SSL_HOME='same' LETSENCRYPT='no' FTP_USER='' FTP_MD5=''\ BACKEND='$BACKEND_TEMPLATE' PROXY='$PROXY_TEMPLATE' PROXY_EXT='$PROXY_EXT'\ STATS='' STATS_USER='' STATS_CRYPT='' U_DISK='0' U_BANDWIDTH='0'\ diff --git a/bin/v-add-web-domain-alias b/bin/v-add-web-domain-alias index 932e1ffa..962bbb89 100755 --- a/bin/v-add-web-domain-alias +++ b/bin/v-add-web-domain-alias @@ -20,6 +20,7 @@ restart="$4" source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf # Additional argument formatting diff --git a/bin/v-add-web-domain-proxy b/bin/v-add-web-domain-proxy index 9bd42746..b93dceee 100755 --- a/bin/v-add-web-domain-proxy +++ b/bin/v-add-web-domain-proxy @@ -23,6 +23,7 @@ restart="$5" source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf diff --git a/bin/v-add-web-domain-ssl b/bin/v-add-web-domain-ssl index e4d249b6..df991591 100755 --- a/bin/v-add-web-domain-ssl +++ b/bin/v-add-web-domain-ssl @@ -25,6 +25,7 @@ restart="$5" source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf # Additional argument formatting diff --git a/bin/v-add-web-domain-stats b/bin/v-add-web-domain-stats index 60caf0c1..0d2942d6 100755 --- a/bin/v-add-web-domain-stats +++ b/bin/v-add-web-domain-stats @@ -54,6 +54,7 @@ get_domain_values 'web' prepare_web_domain_values cat $WEBTPL/$type/$type.tpl |\ sed -e "s|%ip%|$ip|g" \ + -e "s|%ipv6%|$ipv6|g" \ -e "s|%web_port%|$WEB_PORT|g" \ -e "s|%web_system%|$WEB_SYSTEM|g" \ -e "s|%web_ssl_port%|$WEB_SSL_PORT|g" \ diff --git a/bin/v-change-dns-domain-ip b/bin/v-change-dns-domain-ip index fca3ecb7..03c18d99 100755 --- a/bin/v-change-dns-domain-ip +++ b/bin/v-change-dns-domain-ip @@ -17,6 +17,7 @@ restart=$4 # Includes source $VESTA/func/main.sh +source $VESTA/func/ip.sh source $VESTA/func/domain.sh source $VESTA/conf/vesta.conf @@ -30,13 +31,21 @@ format_domain_idn #----------------------------------------------------------# check_args '3' "$#" 'USER DOMAIN IP' -is_format_valid 'user' 'domain' 'ip' +is_format_valid 'user' 'domain' is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" is_object_valid 'dns' 'DOMAIN' "$domain" is_object_unsuspended 'dns' 'DOMAIN' "$domain" +if [ "$ip" != "no" ]; then + is_format_valid 'ip' +fi +if [ "$ip" != "no" ]; then + is_ip_valid "$ip" "$user" +else + ip='' +fi #----------------------------------------------------------# # Action # @@ -45,12 +54,28 @@ is_object_unsuspended 'dns' 'DOMAIN' "$domain" # Get old ip get_domain_values 'dns' old=$IP +new=$ip + +if [ -z "$old" ]; then + #Create new + # Generating timestamp + time_n_date=$(date +'%T %F') + time=$(echo "$time_n_date" |cut -f 1 -d \ ) + date=$(echo "$time_n_date" |cut -f 2 -d \ ) + add_dns_config_records +else + if [ ! -z "$ip" ]; then + # Changing records + sed -i "s/$old/$ip/g" $USER_DATA/dns/$domain.conf + else + #Delete configs + ip=$old + remove_dns_config_records + fi +fi # Changing ip -update_object_value 'dns' 'DOMAIN' "$domain" '$IP' "$ip" - -# Changing records -sed -i "s/$old/$ip/g" $USER_DATA/dns/$domain.conf +update_object_value 'dns' 'DOMAIN' "$domain" '$IP' "$new" # Updating zone if [[ "$DNS_SYSTEM" =~ named|bind ]]; then diff --git a/bin/v-change-dns-domain-ipv6 b/bin/v-change-dns-domain-ipv6 new file mode 100755 index 00000000..6717d3c2 --- /dev/null +++ b/bin/v-change-dns-domain-ipv6 @@ -0,0 +1,110 @@ +#!/bin/bash +# info: change dns domain ip address +# options: USER DOMAIN IPV6 +# +# The function for changing the main ipv6 of DNS zone. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +user=$1 +domain=$2 +ipv6=$3 +restart=$4 + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/ipv6.sh +source $VESTA/func/domain.sh +source $VESTA/conf/vesta.conf + +# Additional argument formatting +format_domain +format_domain_idn + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '3' "$#" 'USER DOMAIN IP' +is_format_valid 'user' 'domain' +is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" +is_object_valid 'dns' 'DOMAIN' "$domain" +is_object_unsuspended 'dns' 'DOMAIN' "$domain" + +if [ "$ipv6" != "no" ]; then + is_format_valid 'ipv6' +fi +if [ "$ipv6" != "no" ]; then + is_ipv6_valid "$ipv6" "$user" +else + ipv6='' +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Get old ip +get_domain_values 'dns' +old=$IP6 +new=$ipv6 + +if [ -z "$old" ]; then + #Create new + # Generating timestamp + time_n_date=$(date +'%T %F') + time=$(echo "$time_n_date" |cut -f 1 -d \ ) + date=$(echo "$time_n_date" |cut -f 2 -d \ ) + ip="" + add_dns_config_records +else + if [ ! -z "$ip" ]; then + # Changing records + sed -i "s/$old/$ipv6/g" $USER_DATA/dns/$domain.conf + else + #Delete configs + ipv6=$old + remove_dns_config_records + fi +fi + +# Changing ip +update_object_value 'dns' 'DOMAIN' "$domain" '$IP6' "$new" + +# Updating zone +if [[ "$DNS_SYSTEM" =~ named|bind ]]; then + update_domain_serial + update_domain_zone +fi + +# Updating dns-cluster queue +if [ ! -z "$DNS_CLUSTER" ]; then + # Check for first sync + dlock=$(grep "domain $user $domain" $VESTA/data/queue/dns-cluster.pipe) + if [ -z "$dlock" ]; then + cmd="$BIN/v-add-remote-dns-domain $user $domain domain yes" + echo "$cmd" >> $VESTA/data/queue/dns-cluster.pipe + fi +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Restarting named +$BIN/v-restart-dns $restart +check_result $? "DNS restart failed" >/dev/null + +# Logging +log_history "changed dns ip for $domain to $ip" +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-change-dns-domain-tpl b/bin/v-change-dns-domain-tpl index 63c71e41..12663c86 100755 --- a/bin/v-change-dns-domain-tpl +++ b/bin/v-change-dns-domain-tpl @@ -80,6 +80,7 @@ fi # Changing tpl echo "$template_data" |\ sed -e "s/%ip%/$IP/g" \ + -e "s/%ipv6%/$IP6/g" \ -e "s/%domain_idn%/$domain_idn/g" \ -e "s/%domain%/$domain/g" \ -e "s/%ns1%/$ns1/g" \ diff --git a/bin/v-change-domain-owner b/bin/v-change-domain-owner index 7f73e59e..94bc997d 100755 --- a/bin/v-change-domain-owner +++ b/bin/v-change-domain-owner @@ -15,6 +15,7 @@ user=$2 # Includes source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/func/main.sh source $VESTA/conf/vesta.conf @@ -99,6 +100,10 @@ if [ ! -z "$dns_data" ]; then dns_data=$(echo "$dns_data" | sed "s/IP='$IP'/IP='$ip'/") sed -i "s/$IP/$ip/g" $VESTA/data/users/$owner/dns/$domain.conf fi + if [ ! -z "$ipv6" ]; then + dns_data=$(echo "$dns_data" | sed "s/IP6='$IPV6'/IP6='$ipv6'/") + sed -i "s/$IP6/$ipv6/g" $VESTA/data/users/$owner/dns/$domain.conf + fi # Move config sed -i "/DOMAIN='$domain'/d" $VESTA/data/users/$owner/dns.conf diff --git a/bin/v-change-firewall-ipv6-rule b/bin/v-change-firewall-ipv6-rule new file mode 100755 index 00000000..47479007 --- /dev/null +++ b/bin/v-change-firewall-ipv6-rule @@ -0,0 +1,85 @@ +#!/bin/bash +# info: change firewall rule +# options: RULE ACTION IPV6 PORT [PROTOCOL] [COMMENT] +# +# The function is used for changing existing firewall rule. +# It fully replace rule with new one but keeps same id. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Argument definition +rule=$1 +action=$(echo $2|tr '[:lower:]' '[:upper:]') +ipv6=$3 +port_ext=$4 +protocol=${5-TCP} +protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]') +comment=$6 + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + +# Sort function +sort_fw_rules() { + cat $VESTA/data/firewallv6/rules.conf |\ + sort -n -k 2 -t \' > $VESTA/data/firewallv6/rules.conf.tmp + mv -f $VESTA/data/firewallv6/rules.conf.tmp \ + $VESTA/data/firewallv6/rules.conf +} + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '5' "$#" 'RULE ACTION IPV6 PORT [PROTOCOL] [COMMENT]' +is_format_valid 'rule' 'action' 'protocol' 'port_ext' 'ipv6' +if [ ! -z "$comment" ]; then + is_format_valid 'comment' +fi +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' +is_object_valid '../../data/firewallv6/rules' 'RULE' "$rule" + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Generating timestamp +time_n_date=$(date +'%T %F') +time=$(echo "$time_n_date" |cut -f 1 -d \ ) +date=$(echo "$time_n_date" |cut -f 2 -d \ ) + +# Concatenating firewall rule +str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'" +str="$str IP6='$ipv6' COMMENT='$comment' SUSPENDED='no'" +str="$str TIME='$time' DATE='$date'" + +# Deleting old rule +sed -i "/RULE='$rule' /d" $VESTA/data/firewallv6/rules.conf + +# Adding new +echo "$str" >> $VESTA/data/firewallv6/rules.conf + +# Sorting firewall rules by id number +sort_fw_rules + +# Updating system firewall +$BIN/v-update-firewall-ipv6 + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-change-sys-ip-name b/bin/v-change-sys-ip-name index bf930096..bce4f7c9 100755 --- a/bin/v-change-sys-ip-name +++ b/bin/v-change-sys-ip-name @@ -2,7 +2,7 @@ # info: change ip name # options: IP NAME # -# The function for changing dns domain associated with ip. +# The function for changing the name of the ip. #----------------------------------------------------------# @@ -42,7 +42,7 @@ update_ip_value '$NAME' "$ip_name" #----------------------------------------------------------# # Logging -log_history "changed associated dns on $ip to $domain" '' 'admin' +log_history "changed associated name of $ip to $ip_name" '' 'admin' log_event "$OK" "$ARGUMENTS" exit diff --git a/bin/v-change-sys-ipv6-name b/bin/v-change-sys-ipv6-name new file mode 100755 index 00000000..d4da6a50 --- /dev/null +++ b/bin/v-change-sys-ipv6-name @@ -0,0 +1,48 @@ +#!/bin/bash +# info: change ip name +# options: IPV6 NAME +# +# The function for changing the name of the ip. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +ipv6=$1 +ip_name=$2 + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/ipv6.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'IPV6 IP_NAME' +is_format_valid 'ipv6' +is_format_valid 'ip_name' +is_ipv6_valid "$ipv6" + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Changing ip name +update_ipv6_value '$NAME' "$ip_name" + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_history "changed associated name of $ipv6 to $ip_name" '' 'admin' +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-change-sys-ipv6-owner b/bin/v-change-sys-ipv6-owner new file mode 100755 index 00000000..809a13dc --- /dev/null +++ b/bin/v-change-sys-ipv6-owner @@ -0,0 +1,81 @@ +#!/bin/bash +# info: change ip owner +# options: IPV6 USER +# +# The function of changing ip address ownership. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +ipv6=$1 +user=$2 + +# Includes +source $VESTA/func/ipv6.sh +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'IPV6 USER' +is_format_valid 'ipv6' 'user' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" +is_ip_valid "$ipv6" +is_ip_key_empty '$U_WEB_DOMAINS' +is_ip_key_empty '$U_SYS_USERS' + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Changing ip owner +ip_owner=$(get_ipv6_value '$OWNER') +if [ "$ip_owner" != "$user" ]; then + ip_status="$(get_ipv6_value '$STATUS')" + update_ipv6_value '$OWNER' "$user" + decrease_user_value "$ipv6_owner" '$IPV6_OWNED' + if [ "$ip_owner" = 'admin' ]; then + if [ "$ip_status" = 'shared' ]; then + for vesta_user in $(ls $VESTA/data/users); do + decrease_user_value "$vesta_user" '$IPV6_AVAIL' + done + else + decrease_user_value 'admin' '$IPV6_AVAIL' + fi + else + decrease_user_value "$ip_owner" '$IPV6_AVAIL' + decrease_user_value 'admin' '$IPV6_AVAIL' + fi + + increase_user_value "$user" '$IP_OWNED' + if [ "$user" = 'admin' ]; then + if [ "$ip_status" = 'shared' ]; then + for user in $(ls $VESTA/data/users); do + increase_user_value "$user" '$IPV6_AVAIL' + done + else + increase_user_value 'admin' '$IPV6_AVAIL' + fi + else + increase_user_value "$user" '$IPV6_AVAIL' + increase_user_value 'admin' '$IPV6_AVAIL' + fi +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_history "changed owner of $ipv6 to $user" '' 'admin' +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-change-sys-ipv6-status b/bin/v-change-sys-ipv6-status new file mode 100755 index 00000000..ee1e6865 --- /dev/null +++ b/bin/v-change-sys-ipv6-status @@ -0,0 +1,56 @@ +#!/bin/bash +# info: change ip status +# options: IPV6 IP_STATUS +# +# The function of changing an ip address's status. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +ipv6=$1 +ip_status=$2 + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/ipv6.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'IPV6 IP_STATUS' +is_format_valid 'ipv6' 'ip_status' +is_ipv6_valid "$ipv6" +if [ "$ip_status" = "$(get_ipv6_value '$STATUS')" ]; then + check_result "$E_EXISTS" "status $ip_status is already set" +fi +web_domains=$(get_ipv6_value '$U_WEB_DOMAINS') +sys_user=$(get_ipv6_value '$U_SYS_USERS') +ip_owner=$(get_ipv6_value '$OWNER') +if [ "$web_domains" -ne '0' ] && [ "$sys_user" != "$ip_owner" ]; then + check_result "$E_INUSE" "ip $ipv6 is used" +fi + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Changing ip name +update_ipv6_value '$STATUS' "$ip_status" + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_history "changed $ipv6 status to $ip_status" '' 'admin' +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-change-user-package b/bin/v-change-user-package index bb0b21d8..1b296ea8 100755 --- a/bin/v-change-user-package +++ b/bin/v-change-user-package @@ -110,6 +110,8 @@ SUSPENDED_DB='$SUSPENDED_DB' SUSPENDED_CRON='$SUSPENDED_CRON' IP_AVAIL='$IP_AVAIL' IP_OWNED='$IP_OWNED' +IPV6_AVAIL='$IP_AVAIL' +IPV6_OWNED='$IP_OWNED' U_USERS='$U_USERS' U_DISK='$U_DISK' U_DISK_DIRS='$U_DISK_DIRS' diff --git a/bin/v-change-web-domain-backend-tpl b/bin/v-change-web-domain-backend-tpl index 36a15000..fbc98261 100755 --- a/bin/v-change-web-domain-backend-tpl +++ b/bin/v-change-web-domain-backend-tpl @@ -19,6 +19,7 @@ restart=$4 source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf # Additional argument formatting diff --git a/bin/v-change-web-domain-ip b/bin/v-change-web-domain-ip index 05fde851..ced160da 100755 --- a/bin/v-change-web-domain-ip +++ b/bin/v-change-web-domain-ip @@ -1,6 +1,6 @@ #!/bin/bash # info: change web domain ip -# options: USER DOMAIN DOMAIN [RESTART] +# options: USER DOMAIN IP [RESTART] # # The call is used for changing domain ip @@ -31,14 +31,20 @@ format_domain_idn #----------------------------------------------------------# check_args '3' "$#" 'USER DOMAIN IP [RESTART]' -is_format_valid 'user' 'domain' 'ip' +is_format_valid 'user' 'domain' is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" is_object_valid 'web' 'DOMAIN' "$domain" is_object_unsuspended 'web' 'DOMAIN' "$domain" -is_ip_valid "$ip" "$user" - +if [ "$ip" != "no" ]; then + is_format_valid 'ip' +fi +if [ "$ip" != "no" ]; then + is_ip_valid "$ip" "$user" +else + ip='' +fi #----------------------------------------------------------# # Action # @@ -49,21 +55,64 @@ get_domain_values 'web' old=$(get_real_ip $IP) new=$ip -# Replacing vhost -replace_web_config "$WEB_SYSTEM" "$TPL.tpl" -if [ "$SSL" = 'yes' ]; then - replace_web_config "$WEB_SYSTEM" "$TPL.stpl" -fi +if [ -z "$old" ]; then + #Create new configs + # Preparing domain variables + prepare_web_domain_values -# Replacing proxy vhost -if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then - replace_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + local_ip=$ip + # Adding web server config + add_web_config "$WEB_SYSTEM" "$TPL.tpl" if [ "$SSL" = 'yes' ]; then - replace_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + add_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Adding proxy config + if [ ! -z "$PROXY_SYSTEM" ]; then + add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi +else + if [ ! -z "$new" ]; then + # Preparing domain variables + prepare_web_domain_values + + # Replacing vhost + replace_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + replace_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Replacing proxy vhost + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + replace_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + replace_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi + else + #Delete configs ... + # Preparing domain variables + prepare_web_domain_values + + # Replacing vhost + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Replacing proxy vhost + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi fi fi - #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# @@ -73,7 +122,7 @@ increase_ip_value "$new" decrease_ip_value "$old" # Update config -update_object_value 'web' 'DOMAIN' "$domain" '$IP' "$3" +update_object_value 'web' 'DOMAIN' "$domain" '$IP' "$ip" # Restart web server $BIN/v-restart-web $restart @@ -83,7 +132,7 @@ $BIN/v-restart-proxy $restart check_result $? "Proxy restart failed" >/dev/null # Logging -log_history "changed web domain $domain ip to $3" +log_history "changed web domain $domain ip to $ip" log_event "$OK" "$ARGUMENTS" exit diff --git a/bin/v-change-web-domain-ipv6 b/bin/v-change-web-domain-ipv6 new file mode 100755 index 00000000..bc86ed8d --- /dev/null +++ b/bin/v-change-web-domain-ipv6 @@ -0,0 +1,138 @@ +#!/bin/bash +# info: change web domain ipv6 +# options: USER DOMAIN IPV6 [RESTART] +# +# The call is used for changing domain ip + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +user=$1 +domain=$2 +ipv6=$3 +restart=$4 + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/domain.sh +source $VESTA/func/ipv6.sh +source $VESTA/conf/vesta.conf + +# Additional argument formatting +format_domain +format_domain_idn + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '3' "$#" 'USER DOMAIN IPV6 [RESTART]' +is_format_valid 'user' 'domain' +is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" +is_object_valid 'web' 'DOMAIN' "$domain" +is_object_unsuspended 'web' 'DOMAIN' "$domain" +if [ "$ipv6" != "no" ]; then + is_format_valid 'ipv6' +fi +if [ "$ipv6" != "no" ]; then + is_ipv6_valid "$ipv6" "$user" +else + ipv6='' +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Preparing variables for vhost replace +get_domain_values 'web' +old=$IP6 +new=$ipv6 + +if [ -z "$old" ]; then + #Create new configs + # Preparing domain variables + prepare_web_domain_values + + local_ip="" + # Adding web server config + add_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + add_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Adding proxy config + if [ ! -z "$PROXY_SYSTEM" ]; then + add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi +else + if [ ! -z "$new" ]; then + # Preparing domain variables + prepare_web_domain_values + + # Replacing vhost + replace_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + replace_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Replacing proxy vhost + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + replace_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + replace_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi + else + #Delete configs ... + # Preparing domain variables + prepare_web_domain_values + + # Replacing vhost + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Replacing proxy vhost + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi + fi +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Update counters +increase_ipv6_value "$new" +decrease_ipv6_value "$old" + +# Update config +update_object_value 'web' 'DOMAIN' "$domain" '$IP6' "$ipv6" + +# Restart web server +$BIN/v-restart-web $restart +check_result $? "WEB restart failed" >/dev/null + +$BIN/v-restart-proxy $restart +check_result $? "Proxy restart failed" >/dev/null + +# Logging +log_history "changed web domain $domain ipv6 to $ipv6" +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-change-web-domain-name b/bin/v-change-web-domain-name index 51215393..e55b04e2 100755 --- a/bin/v-change-web-domain-name +++ b/bin/v-change-web-domain-name @@ -19,6 +19,7 @@ restart=$4 source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf # Additional argument formatting diff --git a/bin/v-change-web-domain-proxy-tpl b/bin/v-change-web-domain-proxy-tpl index c2be52f1..a81f235e 100755 --- a/bin/v-change-web-domain-proxy-tpl +++ b/bin/v-change-web-domain-proxy-tpl @@ -22,6 +22,7 @@ restart="$5" source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf # Additional argument formatting diff --git a/bin/v-change-web-domain-stats b/bin/v-change-web-domain-stats index afaa7fe7..70e929da 100755 --- a/bin/v-change-web-domain-stats +++ b/bin/v-change-web-domain-stats @@ -66,6 +66,7 @@ rm -f $HOMEDIR/$user/conf/web/$STATS.$domain.conf prepare_web_domain_values cat $WEBTPL/$type/$type.tpl |\ sed -e "s/%ip%/$ip/g" \ + -e "s/%ipv6%/$ipv6/g" \ -e "s/%web_port%/$WEB_PORT/g" \ -e "s/%web_system%/$WEB_SYSTEM/g" \ -e "s/%web_ssl_port%/$WEB_SSL_PORT/g" \ diff --git a/bin/v-change-web-domain-tpl b/bin/v-change-web-domain-tpl index ef88e7a4..ddd26cdc 100755 --- a/bin/v-change-web-domain-tpl +++ b/bin/v-change-web-domain-tpl @@ -20,6 +20,7 @@ restart=$4 source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf # Additional argument formatting diff --git a/bin/v-delete-dns-on-web-alias b/bin/v-delete-dns-on-web-alias index b74fc900..b955a3f6 100755 --- a/bin/v-delete-dns-on-web-alias +++ b/bin/v-delete-dns-on-web-alias @@ -59,15 +59,25 @@ else sub=$(echo "$dom_alias" | cut -f1 -d . -s) root=$(echo "$dom_alias" | sed "s/^$sub.//" ) if [ -e "$USER_DATA/dns/$root.conf" ]; then - if [ "$sub" == '*' ]; then - rec=$(grep -w "RECORD='\*'" $USER_DATA/dns/$root.conf) - else - rec=$(grep -w "RECORD='$sub'" $USER_DATA/dns/$root.conf) + total=0 + if [ $IPV4 == 'yes' ] ; then + ((total++)) fi - if [ ! -z "$rec" ]; then - eval "$rec" - $BIN/v-delete-dns-record $user "$root" "$ID" $restart + if [ $IPV6 == 'yes' ] ; then + ((total++)) fi + for (( i=1; i<=$total; i++ )) + do + if [ "$sub" == '*' ]; then + rec=$(grep -w "RECORD='\*'" $USER_DATA/dns/$root.conf) + else + rec=$(grep -w "RECORD='$sub'" $USER_DATA/dns/$root.conf) + fi + if [ ! -z "$rec" ]; then + eval "$rec" + $BIN/v-delete-dns-record $user "$root" "$ID" + fi + done fi fi diff --git a/bin/v-delete-dns-record b/bin/v-delete-dns-record index 16bb2b46..dfa56129 100755 --- a/bin/v-delete-dns-record +++ b/bin/v-delete-dns-record @@ -67,7 +67,7 @@ fi # Vesta # #----------------------------------------------------------# -# Upddate counters +# Update counters records="$(wc -l $USER_DATA/dns/$domain.conf | cut -f1 -d ' ')" update_object_value 'dns' 'DOMAIN' "$domain" '$RECORDS' "$records" decrease_user_value "$user" '$U_DNS_RECORDS' diff --git a/bin/v-delete-firewall-ipv6-ban b/bin/v-delete-firewall-ipv6-ban new file mode 100755 index 00000000..b8dd2088 --- /dev/null +++ b/bin/v-delete-firewall-ipv6-ban @@ -0,0 +1,64 @@ +#!/bin/bash +# info: delete firewall blocking rule +# options: IP CHAIN +# +# The function deletes blocking rule from system firewall + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Argument definition +ipv6=$1 +chain=$(echo $2|tr '[:lower:]' '[:upper:]') + +# Defining absolute path for iptables and modprobe +iptables="/sbin/ip6tables" + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'IP CHAIN' +is_format_valid 'ipv6' 'chain' +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Checking ip in banlist +conf="$VESTA/data/firewallv6/banlist.conf" +check_ip=$(grep "IP6='$ipv6' CHAIN='$chain'" $conf 2>/dev/null) +if [ -z "$check_ip" ]; then + exit +fi + +# Deleting ip from banlist +sip=$(echo "$ipv6"| sed "s|/|\\\/|g") +sed -i "/IP6='$sip' CHAIN='$chain'/d" $conf +b=$($iptables -L fail2ban-$chain --line-number -n|grep $ipv6|awk '{print $1}') +$iptables -D fail2ban-$chain $b 2>/dev/null + +# Changing permissions +chmod 660 $conf + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-delete-firewall-ipv6-chain b/bin/v-delete-firewall-ipv6-chain new file mode 100755 index 00000000..9ffa2cbe --- /dev/null +++ b/bin/v-delete-firewall-ipv6-chain @@ -0,0 +1,66 @@ +#!/bin/bash +# info: delete firewall chain +# options: CHAIN +# +# The function adds new rule to system firewall + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Argument definition +chain=$(echo $1 | tr '[:lower:]' '[:upper:]') + +# Defining absolute path to iptables +iptables="/sbin/ip6tables" + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'CHAIN' +is_format_valid 'chain' +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Deleting chain +chains=$VESTA/data/firewallv6/chains.conf +banlist=$VESTA/data/firewallv6/banlist.conf +chain_param=$(grep "CHAIN='$chain'" $chains 2>/dev/null) +if [ ! -z "$chain_param" ]; then + eval $chain_param + sed -i "/CHAIN='$chain'/d" $chains + sed -i "/CHAIN='$chain'/d" $banlist + $iptables -D INPUT -p $PROTOCOL \ + --dport $PORT -j fail2ban-$CHAIN 2>/dev/null +fi + +# Deleting iptables chain +$iptables -F fail2ban-$CHAIN 2>/dev/null +$iptables -X fail2ban-$CHAIN 2>/dev/null + +# Changing permissions +chmod 660 $chains + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-delete-firewall-ipv6-rule b/bin/v-delete-firewall-ipv6-rule new file mode 100755 index 00000000..ed2fcc20 --- /dev/null +++ b/bin/v-delete-firewall-ipv6-rule @@ -0,0 +1,51 @@ +#!/bin/bash +# info: delete firewall rule +# options: RULE +# +# The function deletes firewall rule. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Argument definition +rule=$1 + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'RULE' +is_format_valid 'rule' +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' +is_object_valid '../../data/firewallv6/rules' 'RULE' "$rule" + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Deleting rule +sed -i "/RULE='$rule' /d" $VESTA/data/firewallv6/rules.conf + +# Updating system firewall +$BIN/v-update-firewall-ipv6 + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-delete-sys-firewall b/bin/v-delete-sys-firewall index 75b78794..9db96dcc 100755 --- a/bin/v-delete-sys-firewall +++ b/bin/v-delete-sys-firewall @@ -29,6 +29,7 @@ fi # Stopping firewall $BIN/v-stop-firewall +$BIN/v-stop-firewall-ipv6 # Updating FIREWALL_SYSTEM value if [ -z "$(grep FIREWALL_SYSTEM $VESTA/conf/vesta.conf)" ]; then diff --git a/bin/v-delete-sys-ipv6 b/bin/v-delete-sys-ipv6 new file mode 100755 index 00000000..78509fd0 --- /dev/null +++ b/bin/v-delete-sys-ipv6 @@ -0,0 +1,149 @@ +#!/bin/bash +# info: delete system ipv6 +# options: IPV6 +# +# The function for deleting a system ip. It does not allow to delete first ip +# on interface and do not allow to delete ip which is used by a web domain. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +ipv6=$1 + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/ipv6.sh +source $VESTA/func/domain.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'IPV6' +is_format_valid 'ipv6' +is_ip_valid "$ipv6" +is_ip_key_empty '$U_WEB_DOMAINS' +is_ip_key_empty '$U_SYS_USERS' + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Import ip variables +source $VESTA/data/ips/$ipv6 +cidr=$(convert_netmaskv6 $NETMASK) + +# Checking main ip on the interface +interface=$(/sbin/ip -6 addr | grep "$ipv6/$cidr" | awk '{print $NF}') +if [ ! -z "$interface" ] && [ -z "$(echo $interface |cut -s -f2 -d :)" ]; then + echo "Error: can't delete main IP address" + log_event "$E_FORBIDEN" "$ARGUMENTS" + exit $E_FORBIDEN +fi + +# Deleting system ip +if [ ! -z "$interface" ]; then + /sbin/ip -6 addr del $ip/$cidr dev $INTERFACE + if [ "$?" -ne 0 ]; then + echo "Error: can't delete system ip" + log_event "$E_FORBIDEN" "$ARGUMENTS" + exit $E_FORBIDEN + fi +fi + +# Deleting startup conf on RHEL/CentOS/Fedora +if [ -e "/etc/sysconfig/network-scripts/ifcfg-$interface" ]; then + rm -f /etc/sysconfig/network-scripts/ifcfg-$interface +fi + +# Deleting startup conf on Debian/Ubuntu +if [ -e "/etc/network/interfaces" ]; then + ip_str=$(grep -n $ip$ /etc/network/interfaces |cut -f1 -d:) + if [ ! -z "$ip_str" ]; then + first_str=$((ip_str - 3)) + last_str=$((ip_str + 1)) + sed -i "$first_str,$last_str d" /etc/network/interfaces + fi +fi + +# Deleting vesta ip +rm -f $VESTA/data/ips/$ipv6 + +# Deleting web config +if [ ! -z "$WEB_SYSTEM" ]; then + rm -f /etc/$WEB_SYSTEM/conf.d/$ipv6.conf +fi + +# Deleting proxy config +if [ ! -z "$PROXY_SYSTEM" ]; then + rm -f /etc/$PROXY_SYSTEM/conf.d/$ipv6.conf + + # mod_extract_forwarded + fw_conf="/etc/$WEB_SYSTEM/conf.d/mod_extract_forwarded.conf" + if [ -e "$fw_conf" ]; then + ips=$(grep 'MEFaccept 127.0.0.1' $fw_conf) + new_ips=$(echo "$ips" | sed "s/$ipv6//" ) + sed -i "s/$ips/$new_ips/g" $fw_conf + fi + + # mod_rpaf + rpaf_conf="/etc/$WEB_SYSTEM/mods-enabled/rpaf.conf" + if [ -e "$rpaf_conf" ]; then + ips=$(grep RPAFproxy_ips $rpaf_conf) + new_ips=$(echo "$rpaf_str" | sed "s/$ipv6//") + sed -i "s/$ips/$new_ips/g" $rpaf_conf + fi + + #mod_remoteip + remoteip_conf="/etc/$WEB_SYSTEM/mods-enabled/remoteip.conf" + if [ -e "$remoteip_conf" ]; then + sed -i "s/RemoteIPInternalProxy $ipv6//g" $remoteip_conf + fi +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Updating user conf +if [ ! -z "$OWNER" ]; then + decrease_user_value "$OWNER" '$IPV6_OWNED' +fi + +if [ "$OWNER" = 'admin' ]; then + if [ "$STATUS" = 'shared' ]; then + for user in $(ls $VESTA/data/users/); do + decrease_user_value "$user" '$IPV6_AVAIL' + done + fi +else + decrease_user_value "$OWNER" '$IPV6_AVAIL' +fi + +# Restarting web server +$BIN/v-restart-web +check_result $? "Web restart failed" >/dev/null + +# Restarting proxy server +if [ ! -z "$PROXY_SYSTEM" ]; then + $BIN/v-restart-proxy + check_result $? "Proxy restart failed" >/dev/null +fi + +# Restarting firewall +if [ ! -z "$FIREWALL_SYSTEM" ]; then + $BIN/v-update-firewall +fi + +# Logging +log_history "deleted system ip address $ip" +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-delete-user b/bin/v-delete-user index c452f0a0..f635ee08 100755 --- a/bin/v-delete-user +++ b/bin/v-delete-user @@ -19,6 +19,7 @@ source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/db.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf @@ -69,6 +70,8 @@ fi # Releasing user ips $BIN/v-delete-user-ips "$user" check_result "$?" "user ip release failed" +$BIN/v-delete-user-ips-v6 "$user" +check_result "$?" "user ipv6 release failed" # Deleteing user pipes sed -i "/ $user$/d" $VESTA/data/queue/disk.pipe diff --git a/bin/v-delete-web-domain b/bin/v-delete-web-domain index 6ef7280b..7a4fc7ae 100755 --- a/bin/v-delete-web-domain +++ b/bin/v-delete-web-domain @@ -57,25 +57,52 @@ local_ip=$(get_real_ip $IP) # Deleting domain from web.conf sed -i "/DOMAIN='$domain'/ d" $USER_DATA/web.conf -# Deleting vhost configuration -del_web_config "$WEB_SYSTEM" "$TPL.tpl" +# Deleting vhost configuration IPv4 +if [ ! -z "$local_ip" ]; then + old=$local_ip + del_web_config "$WEB_SYSTEM" "$TPL.tpl" -# Deleting SSL configuration and certificates -if [ "$SSL" = 'yes' ]; then - del_web_config "$WEB_SYSTEM" "$TPL.stpl" - rm -f $HOMEDIR/$user/conf/web/ssl.$domain.* - rm -f $USER_DATA/ssl/$domain.* + # Deleting SSL configuration and certificates + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + rm -f $HOMEDIR/$user/conf/web/ssl.$domain.* + rm -f $USER_DATA/ssl/$domain.* + fi + + # Deleting proxy + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + if [ -e "/etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf" ]; then + sed -i "/=$domain:/d" /etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf + fi + fi fi -# Deleting proxy -if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" - if [ "$SSL" = 'yes' ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" - fi - if [ -e "/etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf" ]; then - sed -i "/=$domain:/d" /etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf - fi +# Deleting vhost configuration IPv4 +if [ ! -z "$ipv6" ]; then + old=$IP6 + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + + # Deleting SSL configuration and certificates + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + rm -f $HOMEDIR/$user/conf/web/ssl.$domain.* + rm -f $USER_DATA/ssl/$domain.* + fi + + # Deleting proxy + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + if [ -e "/etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf" ]; then + sed -i "/=$domain:/d" /etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf + fi + fi fi # Deleting web stats @@ -111,6 +138,7 @@ rm -rf $HOMEDIR/$user/web/$domain # Decreasing user counters decrease_ip_value "$local_ip" +decrease_ipv6_value "$ipv6" decrease_user_value "$user" '$U_WEB_DOMAINS' if [ "$SSL" = 'yes' ]; then decrease_user_value "$user" '$U_WEB_SSL' diff --git a/bin/v-delete-web-domain-alias b/bin/v-delete-web-domain-alias index 45bef00b..ca1e3d79 100755 --- a/bin/v-delete-web-domain-alias +++ b/bin/v-delete-web-domain-alias @@ -20,6 +20,7 @@ restart=$4 source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf diff --git a/bin/v-delete-web-domain-proxy b/bin/v-delete-web-domain-proxy index 215506cb..e019d5a2 100755 --- a/bin/v-delete-web-domain-proxy +++ b/bin/v-delete-web-domain-proxy @@ -1,4 +1,4 @@ -#!/bin/bash + #!/bin/bash # info: deleting web domain proxy configuration # options: USER DOMAIN # diff --git a/bin/v-list-dns-domain b/bin/v-list-dns-domain index f72943f9..87e2e647 100755 --- a/bin/v-list-dns-domain +++ b/bin/v-list-dns-domain @@ -22,6 +22,7 @@ json_list() { echo '{' echo ' "'$DOMAIN'": { "IP": "'$IP'", + "IP6": "'$IP6'", "TPL": "'$TPL'", "TTL": "'$TTL'", "EXP": "'$EXP'", @@ -40,6 +41,7 @@ json_list() { shell_list() { echo "DOMAIN: $DOMAIN" echo "IP: $IP" + echo "IP6: $IP6" echo "TEMPLATE: $TPL" echo "TTL: $TTL" echo "EXP: $EXP" @@ -54,14 +56,14 @@ shell_list() { # PLAIN list function plain_list() { - echo -ne "$DOMAIN\t$IP\t$TPL\t$TTL\t$EXP\t$SOA\t$SERIAL\t$RECORDS\t" + echo -ne "$DOMAIN\t$IP\t$IP6\t$TPL\t$TTL\t$EXP\t$SOA\t$SERIAL\t$RECORDS\t" echo -e "$SUSPENDED\t$TIME\t$DATE" } # CSV list function csv_list() { - echo "DOMAIN,IP,TPL,TTL,EXP,SOA,SERIAL,RECORDS,SUSPENDED,TIME,DATE" - echo -n "$DOMAIN,$IP,$TPL,$TTL,$EXP,$SOA,$SERIAL,$RECORDS,$SUSPENDED," + echo "DOMAIN,IP,IP6,TPL,TTL,EXP,SOA,SERIAL,RECORDS,SUSPENDED,TIME,DATE" + echo -n "$DOMAIN,$IP,$IP6,$TPL,$TTL,$EXP,$SOA,$SERIAL,$RECORDS,$SUSPENDED," echo "$TIME,$DATE" } diff --git a/bin/v-list-dns-domains b/bin/v-list-dns-domains index 337760e3..af9edd82 100755 --- a/bin/v-list-dns-domains +++ b/bin/v-list-dns-domains @@ -26,6 +26,7 @@ json_list() { eval $str echo -n ' "'$DOMAIN'": { "IP": "'$IP'", + "IP6": "'$IP6'", "TPL": "'$TPL'", "TTL": "'$TTL'", "EXP": "'$EXP'", @@ -50,11 +51,11 @@ json_list() { # SHELL list function shell_list() { IFS=$'\n' - echo "DOMAIN IP TPL TTL REC SPND DATE" - echo "------ -- --- --- --- ---- ----" + echo "DOMAIN IP IP6 TPL TTL REC SPND DATE" + echo "------ -- --- --- --- --- ---- ----" while read str; do eval $str - echo "$DOMAIN $IP $TPL $TTL $RECORDS $SUSPENDED $DATE" + echo "$DOMAIN $IP $IP6 $TPL $TTL $RECORDS $SUSPENDED $DATE" done < <(cat $USER_DATA/dns.conf) } @@ -64,7 +65,7 @@ plain_list() { IFS=$'\n' while read str; do eval $str - echo -ne "$DOMAIN\t$IP\t$TPL\t$TTL\t$EXP\t$SOA\t$SERIAL\t" + echo -ne "$DOMAIN\t$IP\t$IP6\t$TPL\t$TTL\t$EXP\t$SOA\t$SERIAL\t" echo -e "$SRC\t$RECORDS\t$SUSPENDED\t$TIME\t$DATE" done < <(cat $USER_DATA/dns.conf) } @@ -73,10 +74,10 @@ plain_list() { # CSV list function csv_list() { IFS=$'\n' - echo "DOMAIN,IP,TPL,TTL,EXP,SOA,SERIAL,SRC,RECORDS,SUSPENDED,TIME,DATE" + echo "DOMAIN,IP,IP6,TPL,TTL,EXP,SOA,SERIAL,SRC,RECORDS,SUSPENDED,TIME,DATE" while read str; do eval $str - echo -n "$DOMAIN,$IP,$TPL,$TTL,$EXP,$SOA,$SERIAL," + echo -n "$DOMAIN,$IP,$IP6,$TPL,$TTL,$EXP,$SOA,$SERIAL," echo "$SRC,$RECORDS,$SUSPENDED,$TIME,$DATE" done < <(cat $USER_DATA/dns.conf) } diff --git a/bin/v-list-firewall-ipv6 b/bin/v-list-firewall-ipv6 new file mode 100755 index 00000000..fd7dbfe0 --- /dev/null +++ b/bin/v-list-firewall-ipv6 @@ -0,0 +1,96 @@ +#!/bin/bash +# info: list iptables rules +# options: [FORMAT] +# +# The function of obtaining the list of all iptables rules. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +format=${1-shell} + +# Includes +source $VESTA/func/main.sh + +# JSON list function +json_list() { + IFS=$'\n' + i=1 + objects=$(grep RULE $VESTA/data/firewallv6/rules.conf |wc -l) + echo "{" + while read str; do + eval $str + echo -n ' "'$RULE'": { + "ACTION": "'$ACTION'", + "PROTOCOL": "'$PROTOCOL'", + "PORT": "'$PORT'", + "IP6": "'$IP6'", + "COMMENT": "'$COMMENT'", + "SUSPENDED": "'$SUSPENDED'", + "TIME": "'$TIME'", + "DATE": "'$DATE'" + }' + if [ "$i" -lt "$objects" ]; then + echo ',' + else + echo + fi + ((i++)) + done < <(cat $VESTA/data/firewallv6/rules.conf) + echo '}' +} + +# SHELL list function +shell_list() { + IFS=$'\n' + echo "RULE^ACTION^PROTO^PORT^IP6^SPND^DATE" + echo "----^------^-----^----^--^----^----" + while read str; do + eval $str + echo "$RULE^$ACTION^$PROTOCOL^$PORT^$IP6^$SUSPENDED^$DATE" + done < <(cat $VESTA/data/firewallv6/rules.conf) +} + +# PLAIN list function +plain_list() { + IFS=$'\n' + while read str; do + eval $str + echo -ne "$RULE\t$ACTION\t$PROTOCOL\t$PORT\t$IP6\t$COMMENT\t" + echo -e "$SUSPENDED\t$TIME\t$DATE" + done < <(cat $VESTA/data/firewallv6/rules.conf) +} + +# CSV list function +csv_list() { + IFS=$'\n' + echo "RULE,ACTION,PROTOCOL,PORT,IP6,COMMENT,SUSPENDED,TIME,DATE" + while read str; do + eval $str + echo -n "$RULE,$ACTION,$PROTOCOL,$PORT,$IP6,\"$COMMENT\"," + echo "$SUSPENDED,$TIME,$DATE" + done < <(cat $VESTA/data/firewallv6/rules.conf) +} + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Listing data +case $format in + json) json_list ;; + plain) plain_list ;; + csv) csv_list ;; + shell) shell_list |column -t -s '^' ;; +esac + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit diff --git a/bin/v-list-firewall-ipv6-ban b/bin/v-list-firewall-ipv6-ban new file mode 100755 index 00000000..77cae989 --- /dev/null +++ b/bin/v-list-firewall-ipv6-ban @@ -0,0 +1,90 @@ +#!/bin/bash +# info: list firewall block list +# options: [FORMAT] +# +# The function of obtaining the list of currently blocked ips. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +format=${1-shell} + +# Includes +source $VESTA/func/main.sh + +# JSON list function +json_list() { + IFS=$'\n' + i=1 + objects=$(grep IP6 $VESTA/data/firewallv6/banlist.conf |wc -l) + echo "{" + while read str; do + eval $str + echo -n ' "'$IP6'": { + "IP6": "'$IP6'", + "CHAIN": "'$CHAIN'", + "TIME": "'$TIME'", + "DATE": "'$DATE'" + }' + if [ "$i" -lt "$objects" ]; then + echo ',' + else + echo + fi + ((i++)) + done < <(cat $VESTA/data/firewallv6/banlist.conf) + echo '}' +} + +# SHELL list function +shell_list() { + IFS=$'\n' + echo "IP6 CHAIN TIME DATE" + echo "--- ----- ---- ----" + while read str; do + eval $str + echo "$IP6 $CHAIN $TIME $DATE" + done < <(cat $VESTA/data/firewallv6/banlist.conf) +} + +# PLAIN list function +plain_list() { + IFS=$'\n' + while read str; do + eval $str + echo -e "$IP6\t$CHAIN\t$TIME\t$DATE" + done < <(cat $VESTA/data/firewallv6/banlist.conf) +} + +# CSV list function +csv_list() { + IFS=$'\n' + echo "IP6,CHAIN,TIME,DATE" + while read str; do + eval $str + echo "$IP6,$CHAIN,$TIME,$DATE" + done < <(cat $VESTA/data/firewallv6/banlist.conf) +} + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Listing data +case $format in + json) json_list ;; + plain) plain_list ;; + csv) csv_list ;; + shell) shell_list |column -t ;; +esac + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit diff --git a/bin/v-list-firewall-ipv6-rule b/bin/v-list-firewall-ipv6-rule new file mode 100755 index 00000000..732ac597 --- /dev/null +++ b/bin/v-list-firewall-ipv6-rule @@ -0,0 +1,88 @@ +#!/bin/bash +# info: list firewall rule +# options: RULE [FORMAT] +# +# The function of obtaining firewall rule parameters. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +rule=$1 +format=${2-shell} + +# Includes +source $VESTA/func/main.sh + +json_list() { + echo '{' + echo ' "'$RULE'": { + "ACTION": "'$ACTION'", + "PROTOCOL": "'$PROTOCOL'", + "PORT": "'$PORT'", + "IP6": "'$IP6'", + "COMMENT": "'$COMMENT'", + "SUSPENDED": "'$SUSPENDED'", + "TIME": "'$TIME'", + "DATE": "'$DATE'" + }' + echo '}' +} + +# SHELL list function +shell_list() { + echo "ACTION: $ACTION" + echo "PROTOCOL: $PROTOCOL" + echo "PORT: $PORT" + echo "IP6: $IP6" + echo "COMMENT: $COMMENT" + echo "SUSPENDED: $SUSPENDED" + echo "TIME: $TIME" + echo "DATE: $DATE" +} + +# PLAIN list function +plain_list() { + echo -ne "$RULE\t$ACTION\t$PROTOCOL\t$PORT\t$IP6\t$COMMENT\t" + echo -e "$SUSPENDED\t$TIME\t$DATE" +} + +# CSV list function +csv_list() { + echo "RULE,ACTION,PROTOCOL,PORT,IP6,COMMENT,SUSPENDED,TIME,DATE" + echo "$RULE,$ACTION,$PROTOCOL,$PORT,$IP6,$COMMENT,$SUSPENDED,$TIME,$DATE" +} + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'RULE [FORMAT]' +is_number_format_valid "$rule" "rule id" +is_object_valid '../../data/firewallv6/rules' 'RULE' "$rule" + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Parsing rules +eval $(grep "RULE='$rule'" $VESTA/data/firewallv6/rules.conf) + +# Listing data +case $format in + json) json_list ;; + plain) plain_list ;; + csv) csv_list ;; + shell) shell_list ;; +esac + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit diff --git a/bin/v-list-sys-ip b/bin/v-list-sys-ip index 3a7658c5..5778f542 100755 --- a/bin/v-list-sys-ip +++ b/bin/v-list-sys-ip @@ -30,7 +30,8 @@ json_list() { "NETMASK": "'$NETMASK'", "NAT": "'$NAT'", "TIME": "'$TIME'", - "DATE": "'$DATE'" + "DATE": "'$DATE'", + "VERSION": "'$VERSION'" }' echo '}' } @@ -48,20 +49,21 @@ shell_list() { echo "DOMAINS: $U_WEB_DOMAINS" echo "TIME: $TIME" echo "DATE: $DATE" + echo "VERSION: $VERSION" } # PLAIN list function plain_list() { echo -ne "$IP\t$OWNER\t$STATUS\t$NAME\t$U_SYS_USERS\t$U_WEB_DOMAINS\t" - echo -e "$INTERFACE\t$NETMASK\t$NAT\t$TIME\t$DATE" + echo -e "$INTERFACE\t$NETMASK\t$NAT\t$TIME\t$DATE\t$VERSION" } # CSV list function csv_list() { echo -n "IP,OWNER,STATUS,NAME,U_SYS_USERS,U_WEB_DOMAINS,INTERFACE" - echo "NETMASK,NAT,TIME,DATE" + echo "NETMASK,NAT,TIME,DATE,VERSION" echo -n "$IP,$OWNER,$STATUS,$NAME,\"$U_SYS_USERS\",$U_WEB_DOMAINS," - echo "$INTERFACE, $NETMASK,$NAT,$TIME,$DATE" + echo "$INTERFACE, $NETMASK,$NAT,$TIME,$DATE,$VERSION" } @@ -70,7 +72,7 @@ csv_list() { #----------------------------------------------------------# check_args '1' "$#" 'IP [FORMAT]' -is_format_valid 'ip' +is_format_valid 'ip46' if [ ! -e "$VESTA/data/ips/$ip" ]; then check_result $E_NOTEXIST "ip $ip doesn't exist" fi diff --git a/bin/v-list-sys-ips b/bin/v-list-sys-ips index c4f3a8c0..78a5ba5a 100755 --- a/bin/v-list-sys-ips +++ b/bin/v-list-sys-ips @@ -32,7 +32,8 @@ json_list() { "NETMASK": "'$NETMASK'", "NAT": "'$NAT'", "TIME": "'$TIME'", - "DATE": "'$DATE'" + "DATE": "'$DATE'", + "VERSION": "'$VERSION'" }' if [ "$i" -lt "$ip_count" ]; then echo ',' @@ -46,14 +47,14 @@ json_list() { # SHELL list function shell_list() { - echo "IP MASK NAT STATUS WEB DATE" - echo "-- ---- --- ------ --- ----" + echo "IP MASK NAT STATUS WEB DATE VERSION" + echo "-- ---- --- ------ --- ---- -------" while read IP; do source $VESTA/data/ips/$IP if [ -z "$NAT" ]; then NAT='no' fi - echo "$IP $NETMASK $NAT $STATUS $U_WEB_DOMAINS $DATE" + echo "$IP $NETMASK $NAT $STATUS $U_WEB_DOMAINS $DATE $VERSION" done < <(ls $VESTA/data/ips/) } @@ -62,18 +63,18 @@ plain_list() { while read IP; do source $VESTA/data/ips/$IP echo -ne "$IP\t$OWNER\t$STATUS\t$NAME\t$U_SYS_USERS\t$U_WEB_DOMAINS\t" - echo -e "$INTERFACE\t$NETMASK\t$NAT\t$TIME\t$DATE" + echo -e "$INTERFACE\t$NETMASK\t$NAT\t$TIME\t$DATE\t$VERSION" done < <(ls $VESTA/data/ips/) } # CSV list function csv_list() { echo -n "IP,OWNER,STATUS,NAME,U_SYS_USERS,U_WEB_DOMAINS,INTERFACE" - echo "NETMASK,NAT,TIME,DATE" + echo "NETMASK,NAT,TIME,DATE,VERSION" while read IP; do source $VESTA/data/ips/$IP echo -n "$IP,$OWNER,$STATUS,$NAME,\"$U_SYS_USERS\",$U_WEB_DOMAINS," - echo "$INTERFACE, $NETMASK,$NAT,$TIME,$DATE" + echo "$INTERFACE, $NETMASK,$NAT,$TIME,$DATE,$VERSION" done < <(ls $VESTA/data/ips/) } diff --git a/bin/v-list-user b/bin/v-list-user index 05649f91..f520966c 100755 --- a/bin/v-list-user +++ b/bin/v-list-user @@ -53,6 +53,8 @@ json_list() { "SUSPENDED_CRON": "'$SUSPENDED_CRON'", "IP_AVAIL": "'$IP_AVAIL'", "IP_OWNED": "'$IP_OWNED'", + "IP6_AVAIL": "'$IP6_AVAIL'", + "IP6_OWNED": "'$IP6_OWNED'", "U_USERS": "'$U_USERS'", "U_DISK": "'$U_DISK'", "U_DISK_DIRS": "'$U_DISK_DIRS'", @@ -113,8 +115,8 @@ plain_list() { echo -ne "$CONTACT\t$CRON_REPORTS\t$RKEY\t$SUSPENDED\t" echo -ne "$SUSPENDED_USERS\t$SUSPENDED_WEB\t$SUSPENDED_DNS\t" echo -ne "$SUSPENDED_MAIL\t$SUSPENDED_DB\t$SUSPENDED_CRON\t" - echo -ne "$IP_AVAIL\t$IP_OWNED\t$U_USERS\t$U_DISK\t$U_DISK_DIRS\t" - echo -ne "$U_DISK_WEB\t$U_DISK_MAIL\t$U_DISK_DB\t$U_BANDWIDTH\t" + echo -ne "$IP_AVAIL\t$IP_OWNED\t$IP6_AVAIL\t$IP6_OWNED\t$U_USERS\t$U_DISK\t" + echo -ne "$U_DISK_DIRS\t$U_DISK_WEB\t$U_DISK_MAIL\t$U_DISK_DB\t$U_BANDWIDTH\t" echo -ne "$U_WEB_DOMAINS\t$U_WEB_SSL\t$U_WEB_ALIASES\t" echo -ne "$U_DNS_DOMAINS\t$U_DNS_RECORDS\t$U_MAIL_DOMAINS\t" echo -ne "$U_MAIL_DKIM\t$U_MAIL_ACCOUNTS\t$U_DATABASES\t" @@ -129,8 +131,8 @@ csv_list() { echo -n "DATABASES,CRON_JOBS,DISK_QUOTA,BANDWIDTH,NS,HOME,SHELL," echo -n "BACKUPS,CONTACT,CRON_REPORTS,RKEY,SUSPENDED,SUSPENDED_USERS," echo -n "SUSPENDED_WEB,SUSPENDED_DNS,SUSPENDED_MAIL,SUSPENDED_DB," - echo -n "SUSPENDED_CRON,IP_AVAIL,IP_OWNED,U_USERS,U_DISK,U_DISK_DIRS," - echo -n "U_DISK_WEB,U_DISK_MAIL,U_DISK_DB,U_BANDWIDTH,U_WEB_DOMAINS," + echo -n "SUSPENDED_CRON,IP_AVAIL,IP_OWNED,IP6_AVAIL,IP6_OWNED,U_USERS,U_DISK," + echo -n "U_DISK_DIRS,U_DISK_WEB,U_DISK_MAIL,U_DISK_DB,U_BANDWIDTH,U_WEB_DOMAINS," echo -n "U_WEB_SSL,U_WEB_ALIASES,U_DNS_DOMAINS,U_DNS_RECORDS," echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES" echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE" @@ -140,8 +142,8 @@ csv_list() { echo -n "$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,$DISK_QUOTA,$BANDWIDTH," echo -n "\"$NS\",$HOME,$SHELL,$BACKUPS,$CONTACT,$CRON_REPORTS,\"$RKEY\"," echo -n "$SUSPENDED,$SUSPENDED_USERS,$SUSPENDED_WEB,$SUSPENDED_DNS," - echo -n "$SUSPENDED_MAIL,$SUSPENDED_DB,$SUSPENDED_CRON,$IP_AVAIL," - echo -n "$IP_OWNED,$U_USERS,$U_DISK,$U_DISK_DIRS,$U_DISK_WEB," + echo -n "$SUSPENDED_MAIL,$SUSPENDED_DB,$SUSPENDED_CRON,$IP_AVAIL,$IP_OWNED," + echo -n "$IP6_AVAIL,$IP6_OWNED,$U_USERS,$U_DISK,$U_DISK_DIRS,$U_DISK_WEB," echo -n "$U_DISK_MAIL,$U_DISK_DB,$U_BANDWIDTH,$U_WEB_DOMAINS,$U_WEB_SSL," echo -n "$U_WEB_ALIASES,$U_DNS_DOMAINS,$U_DNS_RECORDS,$U_MAIL_DOMAINS," echo -n "$U_MAIL_DKIM,$U_MAIL_ACCOUNTS,$U_DATABASES,$U_CRON_JOBS," diff --git a/bin/v-list-user-ips b/bin/v-list-user-ips index dad6f6f8..c04fe613 100755 --- a/bin/v-list-user-ips +++ b/bin/v-list-user-ips @@ -1,6 +1,6 @@ #!/bin/bash # info: list user ips -# options: USER [FORMAT] +# options: USER [FORMAT] [VERSION] # # The function for obtaining the list of available ip addresses. @@ -12,6 +12,7 @@ # Argument definition user=$1 format=${2-shell} +version=${3-all} # Includes source $VESTA/func/main.sh @@ -27,6 +28,7 @@ json_list() { "OWNER": "'$OWNER'", "STATUS": "'$STATUS'", "NAME": "'$NAME'", + "VERSION": "'$VERSION'", "NAT": "'$NAT'" }' if [ "$i" -lt "$ip_count" ]; then @@ -41,8 +43,8 @@ json_list() { # SHELL list function shell_list() { - echo "IP NAT OWNER STATUS NAME" - echo "-- --- ----- ------ ---" + echo "IP NAT OWNER STATUS NAME VERSION" + echo "-- --- ----- ------ ---- -------" for IP in $ips; do source $VESTA/data/ips/$IP if [ -z "$NAT" ]; then @@ -51,7 +53,7 @@ shell_list() { if [ -z "$NAME" ]; then NAME='no' fi - echo "$IP $NAT $OWNER $STATUS $NAME" + echo "$IP $NAT $OWNER $STATUS $NAME $VERSION" done } @@ -59,16 +61,16 @@ shell_list() { plain_list() { for IP in $ips; do source $VESTA/data/ips/$IP - echo -e "$IP\t$OWNER\t$STATUS\t$NAME\t$NAT" + echo -e "$IP\t$OWNER\t$STATUS\t$NAME\t$NAT\t$VERSION" done } # CSV list function csv_list() { - echo "IP,OWNER,STATUS,NAME,NAT" + echo "IP,OWNER,STATUS,NAME,NAT,VERSION" for IP in $ips; do source $VESTA/data/ips/$IP - echo "$IP,$OWNER,$STATUS,$NAME,$NAT" + echo "$IP,$OWNER,$STATUS,$NAME,$NAT,$VERSION" done } @@ -87,14 +89,34 @@ is_object_valid 'user' 'USER' "$user" #----------------------------------------------------------# # Defining fileds to select -owner='admin' -owner_ips=$(grep -A 1 -H "OWNER='$owner'" $VESTA/data/ips/*) -owner_ips=$(echo "$owner_ips" |grep "STATUS='shared'") -owner_ips=$(echo "$owner_ips" |cut -f 7 -d / |cut -f 1 -d -) -user_ips=$(grep -H "OWNER='$user'" $VESTA/data/ips/*) -user_ips=$(echo "$user_ips" |cut -f 7 -d / |cut -f 1 -d :) -ips=$(echo -e "$user_ips\n$owner_ips" |sort -u |sed "/^$/d") -fields='$IP $OWNER $STATUS $NAME $NAT' +if [ "$version" == "6" ]; then + owner='admin' + owner_ips=$(grep -A 10 -H "OWNER='$owner'" $VESTA/data/ips/*) + owner_ips=$(echo "$owner_ips" |grep -A 10 "STATUS='shared'" |grep "VERSION='6'") + owner_ips=$(echo "$owner_ips" |cut -f 7 -d / |cut -f 1 -d -) + user_ips=$(grep -A 10 -H "OWNER='$user'" $VESTA/data/ips/* |grep "VERSION='6'") + user_ips=$(echo "$user_ips" |cut -f 1 -d '-' |cut -f 7 -d / |awk -F ':OWNER' '{print $1}') + ips=$(echo -e "$user_ips\n$owner_ips" |sort -u |sed "/^$/d") + fields='$IP $OWNER $STATUS $NAME $NAT' +elif [ "$version" == "4" ]; then + owner='admin' + owner_ips=$(grep -A 10 -H "OWNER='$owner'" $VESTA/data/ips/*) + owner_ips=$(echo "$owner_ips" |grep -A 10 "STATUS='shared'" |grep "VERSION='4'") + owner_ips=$(echo "$owner_ips" |cut -f 7 -d / |cut -f 1 -d -) + user_ips=$(grep -A 10 -H "OWNER='$user'" $VESTA/data/ips/* |grep "VERSION='4'") + user_ips=$(echo "$user_ips" |cut -f 1 -d '-' |cut -f 7 -d / |awk -F ':OWNER' '{print $1}') + ips=$(echo -e "$user_ips\n$owner_ips" |sort -u |sed "/^$/d") + fields='$IP $OWNER $STATUS $NAME $NAT' +else + owner='admin' + owner_ips=$(grep -A 1 -H "OWNER='$owner'" $VESTA/data/ips/*) + owner_ips=$(echo "$owner_ips" |grep "STATUS='shared'") + owner_ips=$(echo "$owner_ips" |cut -f 7 -d / |cut -f 1 -d -) + user_ips=$(grep -H "OWNER='$user'" $VESTA/data/ips/*) + user_ips=$(echo "$user_ips" |cut -f 1 -d '-' |cut -f 7 -d / |awk -F ':OWNER' '{print $1}') + ips=$(echo -e "$user_ips\n$owner_ips" |sort -u |sed "/^$/d") + fields='$IP $OWNER $STATUS $NAME $NAT' +fi # Listing data case $format in diff --git a/bin/v-list-users b/bin/v-list-users index 14a6d007..edc4860d 100755 --- a/bin/v-list-users +++ b/bin/v-list-users @@ -52,6 +52,8 @@ json_list() { "SUSPENDED_CRON": "'$SUSPENDED_CRON'", "IP_AVAIL": "'$IP_AVAIL'", "IP_OWNED": "'$IP_OWNED'", + "IPV6_AVAIL": "'$IPV6_AVAIL'", + "IPV6_OWNED": "'$IPV6_OWNED'", "U_USERS": "'$U_USERS'", "U_DISK": "'$U_DISK'", "U_DISK_DIRS": "'$U_DISK_DIRS'", diff --git a/bin/v-list-web-domains b/bin/v-list-web-domains index a31199fa..b0ab05dc 100755 --- a/bin/v-list-web-domains +++ b/bin/v-list-web-domains @@ -59,11 +59,11 @@ json_list() { # SHELL list function shell_list() { IFS=$'\n' - echo "DOMAIN IP TPL SSL DISK BW SPND DATE" - echo "------ -- --- --- ---- -- ---- -----" + echo "DOMAIN IP IP6 TPL SSL DISK BW SPND DATE" + echo "------ -- --- --- --- ---- -- ---- ----" while read str; do eval $str - echo "$DOMAIN $IP $TPL $SSL $U_DISK $U_BANDWIDTH $SUSPENDED $DATE" + echo "$DOMAIN $IP $IP6 $TPL $SSL $U_DISK $U_BANDWIDTH $SUSPENDED $DATE" done < <(cat $USER_DATA/web.conf) } diff --git a/bin/v-rebuild-web-domains b/bin/v-rebuild-web-domains index fafcf602..73033a11 100755 --- a/bin/v-rebuild-web-domains +++ b/bin/v-rebuild-web-domains @@ -17,6 +17,7 @@ restart=$2 source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/func/rebuild.sh source $VESTA/conf/vesta.conf diff --git a/bin/v-restart-service b/bin/v-restart-service index e46339f9..6742803c 100755 --- a/bin/v-restart-service +++ b/bin/v-restart-service @@ -39,6 +39,12 @@ else if [ $? -ne 0 ]; then check_result $E_RESTART "$service restart failed" fi + + $BIN/v-stop-firewall-ipv6 + $BIN/v-update-firewall-ipv6 + if [ $? -ne 0 ]; then + check_result $E_RESTART "$service restart failed" + fi fi diff --git a/bin/v-restore-user b/bin/v-restore-user index fa93482e..c4f699d0 100755 --- a/bin/v-restore-user +++ b/bin/v-restore-user @@ -32,6 +32,7 @@ fi source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/func/db.sh source $VESTA/func/rebuild.sh source $VESTA/conf/vesta.conf @@ -327,6 +328,15 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then old_ip=$IP IP=$ip fi + + # Checking ip address + check_ipv6=$(is_ipv6_valid $IP6 $user) + if [ ! -z "$check_ipv6" ]; then + local_ipv6='' + get_user_ipv6 $user + old_ipv6=$IP6 + IP6=$ipv6 + fi # Checking web template check_tpl=$(is_web_template_valid $TPL) @@ -471,11 +481,19 @@ if [ "$dns" != 'no' ] && [ ! -z "$DNS_SYSTEM" ]; then # Checking ip address check_ip=$(is_ip_valid $IP $user) if [ ! -z "$check_ip" ]; then - local_ip='' + local_ipv6='' get_user_ip $user old_ip=$IP IP=$ip fi + # Checking ipv6 address + check_ipv6=$(is_ipv6_valid $IP6 $user) + if [ ! -z "$check_ipv6" ]; then + local_ip6='' + get_user_ipv6 $user + old_ipv6=$IP6 + IP=$ipv6 + fi # Checking dns template check_tpl=$(is_dns_template_valid $TPL) @@ -484,7 +502,7 @@ if [ "$dns" != 'no' ] && [ ! -z "$DNS_SYSTEM" ]; then fi # Concatenating dns.conf keys - str="DOMAIN='$domain' IP='$IP' TPL='$TPL' TTL='$TTL' EXP='$EXP'" + str="DOMAIN='$domain' IP='$IP' IP6='$IP6' TPL='$TPL' TTL='$TTL' EXP='$EXP'" str="$str SOA='$SOA' RECORDS='$RECORDS' SUSPENDED='no'" str="$str TIME='$(date +%T)' DATE='$(date +%F)'" echo $str >> $USER_DATA/dns.conf diff --git a/bin/v-stop-firewall-ipv6 b/bin/v-stop-firewall-ipv6 new file mode 100755 index 00000000..fa3abbc3 --- /dev/null +++ b/bin/v-stop-firewall-ipv6 @@ -0,0 +1,80 @@ +#!/bin/bash +# info: stop system firewall +# options: NONE +# +# The function stops iptables + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Defining absolute path for iptables and modprobe +iptables="/sbin/ip6tables" +modprobe="/sbin/modprobe" + +# Includes +source /etc/profile.d/vesta.sh +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +#is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Creating temporary file +tmp=$(mktemp) + +# Flushing INPUT chain +echo "$iptables -P INPUT ACCEPT" >> $tmp +echo "$iptables -F INPUT" >> $tmp + +# Deleting vesta chain +echo "$iptables -X vesta" >> $tmp + +# Deleting custom chains +chains=$(cat $VESTA/data/firewallv6/chains.conf 2>/dev/null) +IFS=$'\n' +for chain in $chains; do + eval $chain + echo "$iptables -F fail2ban-$CHAIN" >> $tmp + echo "$iptables -X fail2ban-$CHAIN" >> $tmp +done + +# Applying rules +bash $tmp 2>/dev/null + +# Deleting temporary file +rm -f $tmp + +# Saving rules to the master iptables file +if [ -e "/etc/redhat-release" ]; then + /sbin/ip6tables-save > /etc/sysconfig/ip6tables + if [ -z "$(ls /etc/rc3.d/S*ip6tables 2>/dev/null)" ]; then + /sbin/chkconfig ip6tables off + fi +else + /sbin/ip6tables-save > /etc/ip6tables.rules + preup="/etc/network/if-pre-up.d/ip6tables" + if [ ! -e "$preup" ]; then + echo '#!/bin/sh' > $preup + echo "/sbin/ip6tables-restore < /etc/ip6tables.rules" >> $preup + echo "exit 0" >> $preup + chmod +x $preup + fi +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit diff --git a/bin/v-suspend-firewall-ipv6-rule b/bin/v-suspend-firewall-ipv6-rule new file mode 100755 index 00000000..5d187c41 --- /dev/null +++ b/bin/v-suspend-firewall-ipv6-rule @@ -0,0 +1,49 @@ +#!/bin/bash +# info: suspend firewall rule +# options: RULE +# +# The function suspends a certain firewall rule. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +rule=$1 + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'RULE' +is_format_valid 'rule' +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' +is_object_valid '../../data/firewallv6/rules' 'RULE' "$rule" +is_object_unsuspended '../../data/firewallv6/rules' 'RULE' "$rule" + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Suspending rule +update_object_value ../../data/firewallv6/rules RULE $rule '$SUSPENDED' yes + +# Updating system firewall +$BIN/v-update-firewall-ipv6 + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-unsuspend-firewall-ipv6-rule b/bin/v-unsuspend-firewall-ipv6-rule new file mode 100755 index 00000000..7accf7a9 --- /dev/null +++ b/bin/v-unsuspend-firewall-ipv6-rule @@ -0,0 +1,49 @@ +#!/bin/bash +# info: unsuspend firewall rule +# options: RULE +# +# The function unsuspends a certain firewall rule. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +rule=$1 + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'RULE' +is_format_valid 'rule' +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' +is_object_valid '../../data/firewallv6/rules' 'RULE' "$rule" +is_object_suspended '../../data/firewallv6/rules' 'RULE' "$rule" + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Suspending rule +update_object_value ../../data/firewallv6/rules RULE $rule '$SUSPENDED' no + +# Updating system firewall +$BIN/v-update-firewall-ipv6 + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-update-firewall b/bin/v-update-firewall index ccea7f3f..e09021a6 100755 --- a/bin/v-update-firewall +++ b/bin/v-update-firewall @@ -73,7 +73,10 @@ fi # Handling local traffic for ip in $(ls $VESTA/data/ips); do - echo "$iptables -A INPUT -s $ip -j ACCEPT" >> $tmp + source $VESTA/data/ips/$ip + if [ "4" = "$VERSION" ]; then + echo "$iptables -A INPUT -s $ip -j ACCEPT" >> $tmp + fi done echo "$iptables -A INPUT -s 127.0.0.1 -j ACCEPT" >> $tmp diff --git a/bin/v-update-firewall-ipv6 b/bin/v-update-firewall-ipv6 new file mode 100755 index 00000000..43492bf4 --- /dev/null +++ b/bin/v-update-firewall-ipv6 @@ -0,0 +1,192 @@ +#!/bin/bash +# info: update system firewall rules +# options: NONE +# +# The function updates iptables rules + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Defining absolute path for iptables and modprobe +iptables="/sbin/ip6tables" +modprobe="/sbin/modprobe" +sysctl="/sbin/sysctl" + +# Includes +source /etc/profile.d/vesta.sh +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Checking local IPv6 rules +rules="$VESTA/data/firewallv6/rules.conf" +ports="$VESTA/data/firewallv6/ports.conf" + +if [ ! -e "$rules" ]; then + exit +fi + +$sysctl net.netfilter.nf_conntrack_max >/dev/null 2>&1 +if [ $? -ne 0 ]; then + conntrack='no' +fi + +# Checking conntrack module avaiabilty +$modprobe nf_conntrack >/dev/null 2>&1 +$modprobe nf_conntrack_ftp >/dev/null 2>&1 +if [ $? -ne 0 ]; then + conntrack_ftp='no' +fi + +# Checking custom OpenSSH port +sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2) +if [[ "$sshport" =~ ^[0-9]+$ ]] && [ "$sshport" -ne "22" ]; then + sed -i "s/PORT='22'/PORT=\'$sshport\'/" $rules +fi + +# Creating temporary file +tmp=$(mktemp) + +# Flushing INPUT chain +echo "$iptables -P INPUT ACCEPT" >> $tmp +echo "$iptables -F INPUT" >> $tmp + +# Enabling stateful support +if [ "$conntrack" != 'no' ]; then + str="$iptables -A INPUT -m state" + str="$str --state ESTABLISHED,RELATED -j ACCEPT" + echo "$str" >> $tmp +fi + +# Handling local traffic +for ip in $(ls $VESTA/data/ips); do + source $VESTA/data/ips/$ip + if [ "6" = "$VERSION" ]; then + echo "$iptables -A INPUT -s $ip -j ACCEPT" >> $tmp + fi +done +echo "$iptables -A INPUT -s ::1 -j ACCEPT" >> $tmp + +# Pasring iptables rules +IFS=$'\n' +for line in $(sort -r -n -k 2 -t \' $rules); do + eval $line + if [ "$SUSPENDED" = 'no' ]; then + proto="-p $PROTOCOL" + port="--dport $PORT" + ip="-s $IP6" + state="" + action="-j $ACTION" + + # Adding multiport module + if [[ "$PORT" =~ ,|-|: ]] ; then + port="-m multiport --dports ${PORT//-/:}" + fi + + # Accepting all dst ports + if [[ "$PORT" = "0" ]] || [ "$PROTOCOL" = 'ICMPV6' ]; then + port="" + fi + + # Checking FTP for contrack module + if [ "$TYPE" = "FTP" ] || [ "$PORT" = '21' ]; then + if [ "$conntrack_ftp" != 'no' ]; then + state="-m conntrack --ctstate NEW" + else + port="-m multiport --dports 20,21,12000:12100" + fi + ftp="yes" + fi + + # Adding firewall rule + echo "$iptables -A INPUT $proto $port $ip $state $action" >> $tmp + fi +done + +# Switching chain policy to DROP +echo "$iptables -P INPUT DROP" >> $tmp + +# Adding vesta chain +echo "$iptables -N vesta" >> $tmp + +# Applying rules +bash $tmp 2>/dev/null + +# Deleting temporary file +rm -f $tmp + +# Checking custom trigger +if [ -x "$VESTA/data/firewallv6/custom.sh" ]; then + bash $VESTA/data/firewallv6/custom.sh +fi + +# Checking fail2ban support +if [ ! -z "$FIREWALL_EXTENSION" ]; then + for chain in $(cat $VESTA/data/firewallv6/chains.conf 2>/dev/null); do + eval $chain + if [[ "$PORT" =~ ,|-|: ]] ; then + port="-m multiport --dports $PORT" + else + port="--dport $PORT" + fi + echo "$iptables -N fail2ban-$CHAIN" >> $tmp + echo "$iptables -F fail2ban-$CHAIN" >> $tmp + echo "$iptables -I fail2ban-$CHAIN -s ::/0 -j RETURN" >> $tmp + echo "$iptables -I INPUT -p $PROTOCOL $port -j fail2ban-$CHAIN" >>$tmp + done + bash $tmp 2>/dev/null + rm -f $tmp + + for ban in $(cat $VESTA/data/firewallv6/banlist.conf 2>/dev/null); do + eval $ban + echo -n "$iptables -I fail2ban-$CHAIN 1 -s $IP" >> $tmp + echo " -j REJECT --reject-with icmp-port-unreachable" >> $tmp + done + bash $tmp 2>/dev/null + rm -f $tmp +fi + +# Saving rules to the master iptables file +if [ -e "/etc/redhat-release" ]; then + /sbin/ip6tables-save > /etc/sysconfig/ip6tables + if [ -z "$(ls /etc/rc3.d/S*ip6tables 2>/dev/null)" ]; then + /sbin/chkconfig ip6tables on + fi +else + /sbin/ip6tables-save > /etc/ip6tables.rules + preup="/etc/network/if-pre-up.d/iptables" + if [ ! -e "$preup" ]; then + echo '#!/bin/sh' > $preup + echo "/sbin/ip6tables-restore < /etc/ip6tables.rules" >> $preup + echo "exit 0" >> $preup + chmod +x $preup + fi +fi + +# Worarkound for OpenVZ +if [ -e "/proc/vz/veinfo" ]; then + dig @8.8.8.8 google.com +time=1 +tries=1 >/dev/null 2>&1 + if [ "$?" -ne 0 ]; then + $BIN/v-stop-firewall-ipv6 + fi +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit diff --git a/bin/v-update-user-counters b/bin/v-update-user-counters index 5fcdd671..e6d57f38 100755 --- a/bin/v-update-user-counters +++ b/bin/v-update-user-counters @@ -51,6 +51,8 @@ for user in $user_list; do SUSPENDED_CRON=0 IP_AVAIL=0 IP_OWNED=0 + IP6_AVAIL=0 + IP6_OWNED=0 U_USERS=0 U_DISK=0 U_DISK_DIRS=$(get_user_value '$U_DISK_DIRS') @@ -88,16 +90,27 @@ for user in $user_list; do # Checking ip for ip in $(ls $VESTA/data/ips) ;do source $VESTA/data/ips/$ip - if [ "$OWNER" = "$user" ]; then - IP_OWNED=$((IP_OWNED + 1)) - IP_AVAIL=$((IP_AVAIL + 1)) - fi - if [ "$OWNER" = 'admin' ] && [ "$STATUS" = 'shared' ]; then - IP_AVAIL=$((IP_AVAIL + 1)) + if [ "$VERSION" = "4" ]; then + if [ "$OWNER" = "$user" ]; then + IP_OWNED=$((IP_OWNED + 1)) + IP_AVAIL=$((IP_AVAIL + 1)) + fi + if [ "$OWNER" = 'admin' ] && [ "$STATUS" = 'shared' ]; then + IP_AVAIL=$((IP_AVAIL + 1)) + fi + else + if [ "$OWNER" = "$user" ]; then + IP6_OWNED=$((IP6_OWNED + 1)) + IP6_AVAIL=$((IP6_AVAIL + 1)) + fi + if [ "$OWNER" = 'admin' ] && [ "$STATUS" = 'shared' ]; then + IP6_AVAIL=$((IP6_AVAIL + 1)) + fi fi done if [ "$user" = 'admin' ]; then - IP_AVAIL=$(ls $VESTA/data/ips | wc -l) + IP_AVAIL=$(ls $VESTA/data/ips | grep VERSION='4' | wc -l) + IP6_AVAIL=$(ls $VESTA/data/ips | grep VERSION='6' | wc -l) fi # Checking web system @@ -185,6 +198,8 @@ for user in $user_list; do update_user_value "$user" '$SUSPENDED_CRON' "$SUSPENDED_CRON" update_user_value "$user" '$IP_AVAIL' "$IP_AVAIL" update_user_value "$user" '$IP_OWNED' "$IP_OWNED" + update_user_value "$user" '$IP6_AVAIL' "$IP6_AVAIL" + update_user_value "$user" '$IP6_OWNED' "$IP6_OWNED" update_user_value "$user" '$U_USERS' "$U_USERS" update_user_value "$user" '$U_DISK' "$U_DISK" update_user_value "$user" '$U_DISK_DIRS' "$U_DISK_DIRS" diff --git a/bin/v-update-user-stats b/bin/v-update-user-stats index f6b5ff56..ce432850 100755 --- a/bin/v-update-user-stats +++ b/bin/v-update-user-stats @@ -46,6 +46,7 @@ fi # Reset overal statistics TOTAL_IP_OWNED=0 +TOTAL_IP6_OWNED=0 TOTAL_U_DISK=0 TOTAL_U_DISK_DIRS=0 TOTAL_U_DISK_WEB=0 @@ -73,7 +74,7 @@ for user in $user_list; do DATE=$(date -d "$next_month -1day" +%F) # Compiling report string - s="DATE='$DATE' TIME='$TIME' PACKAGE='$PACKAGE' IP_OWNED='$IP_OWNED'" + s="DATE='$DATE' TIME='$TIME' PACKAGE='$PACKAGE' IP_OWNED='$IP_OWNED' IP6_OWNED='$IP6_OWNED'" s="$s DISK_QUOTA='$DISK_QUOTA' U_DISK='$U_DISK'" s="$s U_DISK_DIRS='$U_DISK_DIRS' U_DISK_WEB='$U_DISK_WEB'" s="$s U_DISK_MAIL='$U_DISK_MAIL' U_DISK_DB='$U_DISK_DB'" @@ -106,6 +107,7 @@ for user in $user_list; do # Increase overall counters TOTAL_IP_OWNED=$((TOTAL_IP_OWNED + IP_OWNED)) + TOTAL_IP6_OWNED=$((TOTAL_IP6_OWNED + IP6_OWNED)) TOTAL_U_DISK=$((TOTAL_U_DISK + U_DISK)) TOTAL_U_DISK_DIRS=$((TOTAL_U_DISK_DIRS + U_DISK_DIRS)) TOTAL_U_DISK_WEB=$((TOTAL_U_DISK_WEB + U_DISK_WEB)) @@ -130,7 +132,7 @@ done # Updating overall stats stats="$VESTA/data/users/admin/overall_stats.log" -s="DATE='$DATE' TIME='$TIME' PACKAGE='default' IP_OWNED='$TOTAL_IP_OWNED'" +s="DATE='$DATE' TIME='$TIME' PACKAGE='default' IP6_OWNED='$TOTAL_IP_OWNED' IP6_OWNED='$TOTAL_IP6_OWNED'" s="$s DISK_QUOTA='0' U_DISK='$TOTAL_U_DISK' U_DISK_DIRS='$TOTAL_U_DISK_DIRS'" s="$s U_DISK_WEB='$TOTAL_U_DISK_WEB' U_DISK_MAIL='$TOTAL_U_DISK_MAIL'" s="$s U_DISK_DB='$TOTAL_U_DISK_DB' BANDWIDTH='0'" diff --git a/func/domain.sh b/func/domain.sh index 3ee84c8c..d887860b 100644 --- a/func/domain.sh +++ b/func/domain.sh @@ -171,35 +171,69 @@ add_web_config() { if [[ "$2" =~ stpl$ ]]; then conf="$HOMEDIR/$user/conf/web/s$1.conf" fi - - cat $WEBTPL/$1/$WEB_BACKEND/$2 | \ - sed -e "s|%ip%|$local_ip|g" \ - -e "s|%domain%|$domain|g" \ - -e "s|%domain_idn%|$domain_idn|g" \ - -e "s|%alias%|${aliases//,/ }|g" \ - -e "s|%alias_idn%|${aliases_idn//,/ }|g" \ - -e "s|%alias_string%|$alias_string|g" \ - -e "s|%email%|info@$domain|g" \ - -e "s|%web_system%|$WEB_SYSTEM|g" \ - -e "s|%web_port%|$WEB_PORT|g" \ - -e "s|%web_ssl_port%|$WEB_SSL_PORT|g" \ - -e "s|%backend_lsnr%|$backend_lsnr|g" \ - -e "s|%rgroups%|$WEB_RGROUPS|g" \ - -e "s|%proxy_system%|$PROXY_SYSTEM|g" \ - -e "s|%proxy_port%|$PROXY_PORT|g" \ - -e "s|%proxy_ssl_port%|$PROXY_SSL_PORT|g" \ - -e "s/%proxy_extentions%/${PROXY_EXT//,/|}/g" \ - -e "s|%user%|$user|g" \ - -e "s|%group%|$user|g" \ - -e "s|%home%|$HOMEDIR|g" \ - -e "s|%docroot%|$docroot|g" \ - -e "s|%sdocroot%|$sdocroot|g" \ - -e "s|%ssl_crt%|$ssl_crt|g" \ - -e "s|%ssl_key%|$ssl_key|g" \ - -e "s|%ssl_pem%|$ssl_pem|g" \ - -e "s|%ssl_ca_str%|$ssl_ca_str|g" \ - -e "s|%ssl_ca%|$ssl_ca|g" \ - >> $conf + + if [ ! -z $local_ip ]; then + cat $WEBTPL/$1/$WEB_BACKEND/$2 | \ + sed -e "s|%ip%|$local_ip|g" \ + -e "s|%ipv6%|$ipv6|g" \ + -e "s|%domain%|$domain|g" \ + -e "s|%domain_idn%|$domain_idn|g" \ + -e "s|%alias%|${aliases//,/ }|g" \ + -e "s|%alias_idn%|${aliases_idn//,/ }|g" \ + -e "s|%alias_string%|$alias_string|g" \ + -e "s|%email%|info@$domain|g" \ + -e "s|%web_system%|$WEB_SYSTEM|g" \ + -e "s|%web_port%|$WEB_PORT|g" \ + -e "s|%web_ssl_port%|$WEB_SSL_PORT|g" \ + -e "s|%backend_lsnr%|$backend_lsnr|g" \ + -e "s|%rgroups%|$WEB_RGROUPS|g" \ + -e "s|%proxy_system%|$PROXY_SYSTEM|g" \ + -e "s|%proxy_port%|$PROXY_PORT|g" \ + -e "s|%proxy_ssl_port%|$PROXY_SSL_PORT|g" \ + -e "s/%proxy_extentions%/${PROXY_EXT//,/|}/g" \ + -e "s|%user%|$user|g" \ + -e "s|%group%|$user|g" \ + -e "s|%home%|$HOMEDIR|g" \ + -e "s|%docroot%|$docroot|g" \ + -e "s|%sdocroot%|$sdocroot|g" \ + -e "s|%ssl_crt%|$ssl_crt|g" \ + -e "s|%ssl_key%|$ssl_key|g" \ + -e "s|%ssl_pem%|$ssl_pem|g" \ + -e "s|%ssl_ca_str%|$ssl_ca_str|g" \ + -e "s|%ssl_ca%|$ssl_ca|g" \ + >> $conf + fi + + if [ ! -z $ipv6 ] && [ "$ipv6" != "no" ]; then + cat $WEBTPL/$1/$WEB_BACKEND/$2 | \ + sed -e "s|%ip%|[$ipv6]|g" \ + -e "s|%domain%|$domain|g" \ + -e "s|%domain_idn%|$domain_idn|g" \ + -e "s|%alias%|${aliases//,/ }|g" \ + -e "s|%alias_idn%|${aliases_idn//,/ }|g" \ + -e "s|%alias_string%|$alias_string|g" \ + -e "s|%email%|info@$domain|g" \ + -e "s|%web_system%|$WEB_SYSTEM|g" \ + -e "s|%web_port%|$WEB_PORT|g" \ + -e "s|%web_ssl_port%|$WEB_SSL_PORT|g" \ + -e "s|%backend_lsnr%|$backend_lsnr|g" \ + -e "s|%rgroups%|$WEB_RGROUPS|g" \ + -e "s|%proxy_system%|$PROXY_SYSTEM|g" \ + -e "s|%proxy_port%|$PROXY_PORT|g" \ + -e "s|%proxy_ssl_port%|$PROXY_SSL_PORT|g" \ + -e "s/%proxy_extentions%/${PROXY_EXT//,/|}/g" \ + -e "s|%user%|$user|g" \ + -e "s|%group%|$user|g" \ + -e "s|%home%|$HOMEDIR|g" \ + -e "s|%docroot%|$docroot|g" \ + -e "s|%sdocroot%|$sdocroot|g" \ + -e "s|%ssl_crt%|$ssl_crt|g" \ + -e "s|%ssl_key%|$ssl_key|g" \ + -e "s|%ssl_pem%|$ssl_pem|g" \ + -e "s|%ssl_ca_str%|$ssl_ca_str|g" \ + -e "s|%ssl_ca%|$ssl_ca|g" \ + >> $conf + fi chown root:$user $conf chmod 640 $conf @@ -215,12 +249,19 @@ add_web_config() { trigger="${2/.*pl/.sh}" if [ -x "$WEBTPL/$1/$WEB_BACKEND/$trigger" ]; then $WEBTPL/$1/$WEB_BACKEND/$trigger \ - $user $domain $local_ip $HOMEDIR $HOMEDIR/$user/web/$domain/public_html + $user $domain $local_ip $ipv6 $HOMEDIR $HOMEDIR/$user/web/$domain/public_html fi } # Get config top and bottom line number get_web_config_lines() { + v_ip="" + if [ ! -z $old ]; then + v_ip=$old + fi + if [ -z "$v_ip" ]; then + check_result $E_PARSING "V_IP in get_web_config_lines is empty" + fi tpl_lines=$(egrep -ni "name %domain_idn%" $1 |grep -w %domain_idn%) tpl_lines=$(echo "$tpl_lines" |cut -f 1 -d :) tpl_last_line=$(wc -l $1 |cut -f 1 -d ' ') @@ -228,9 +269,9 @@ get_web_config_lines() { check_result $E_PARSING "can't parse template $1" fi - vhost_lines=$(grep -niF "name $domain_idn" $2) + vhost_lines=$(grep -ni -A2 "$v_ip" $2| grep -iF "name $domain_idn") vhost_lines=$(echo "$vhost_lines" |egrep "$domain_idn($| |;)") #" - vhost_lines=$(echo "$vhost_lines" |cut -f 1 -d :) + vhost_lines=$(echo "$vhost_lines" |cut -f 1 -d : |cut -f 1 -d \-) if [ -z "$vhost_lines" ]; then check_result $E_PARSING "can't parse config $2" fi @@ -479,7 +520,128 @@ is_dns_nameserver_valid() { fi } +# Add DNS config +add_dns_config() { + spfip4="" + spfip6="" + if [ ! -z $ip ]; then + spfipv4="ip4:$ip"; + fi + if [ ! -z $ipv6 ]; then + spfipv6="ip6:$ipv6"; + fi + echo $spfipv4 + echo $spfipv6 + + # Adding dns zone to the user config + echo "$template_data" | grep -v '%ip' |\ + sed -e "s/%ip%/$ip/g" \ + -e "s/%ipv6%/$ipv6/g" \ + -e "s/%domain_idn%/$domain_idn/g" \ + -e "s/%domain%/$domain/g" \ + -e "s/%spfip4%/$spfipv4/g" \ + -e "s/%spfip6%/$spfipv6/g" \ + -e "s/%ns1%/$ns1/g" \ + -e "s/%ns2%/$ns2/g" \ + -e "s/%ns3%/$ns3/g" \ + -e "s/%ns4%/$ns4/g" \ + -e "s/%ns5%/$ns5/g" \ + -e "s/%ns6%/$ns6/g" \ + -e "s/%ns7%/$ns7/g" \ + -e "s/%ns8%/$ns8/g" \ + -e "s/%time%/$time/g" \ + -e "s/%date%/$date/g" > $USER_DATA/dns/$domain.conf + if [ ! -z $ip ]; then + echo "$template_data" |grep "%ip%" |\ + sed -e "s/%ip%/$ip/g" \ + -e "s/%ipv6%/$ipv6/g" \ + -e "s/%domain_idn%/$domain_idn/g" \ + -e "s/%domain%/$domain/g" \ + -e "s/%ns1%/$ns1/g" \ + -e "s/%ns2%/$ns2/g" \ + -e "s/%ns3%/$ns3/g" \ + -e "s/%ns4%/$ns4/g" \ + -e "s/%ns5%/$ns5/g" \ + -e "s/%ns6%/$ns6/g" \ + -e "s/%ns7%/$ns7/g" \ + -e "s/%ns8%/$ns8/g" \ + -e "s/%time%/$time/g" \ + -e "s/%date%/$date/g" >> $USER_DATA/dns/$domain.conf + fi + if [ ! -z $ipv6 ]; then + echo "$template_data" |grep "%ipv6%" |\ + sed -e "s/%ip%/$ip/g" \ + -e "s/%ipv6%/$ipv6/g" \ + -e "s/%domain_idn%/$domain_idn/g" \ + -e "s/%domain%/$domain/g" \ + -e "s/%ns1%/$ns1/g" \ + -e "s/%ns2%/$ns2/g" \ + -e "s/%ns3%/$ns3/g" \ + -e "s/%ns4%/$ns4/g" \ + -e "s/%ns5%/$ns5/g" \ + -e "s/%ns6%/$ns6/g" \ + -e "s/%ns7%/$ns7/g" \ + -e "s/%ns8%/$ns8/g" \ + -e "s/%time%/$time/g" \ + -e "s/%date%/$date/g" >> $USER_DATA/dns/$domain.conf + fi +} + +#Add DNS records +add_dns_config_records() { + template_data=$(cat $DNSTPL/$TPL.tpl) + + # Adding dns zone to the user config + template_data=$(echo "$template_data" |grep -v "v=spf1" |egrep "%ip(v6)?%") + if [ ! -z "$ip" ]; then + template_data=$(echo "$template_data" |grep "%ip%") + fi + if [ ! -z "$ipv6" ]; then + template_data=$(echo "$template_data" |grep "%ipv6%") + fi + + new_lines=$(echo "$template_data" |\ + sed -e "s/%ip%/$ip/g" \ + -e "s/%ipv6%/$ipv6/g" \ + -e "s/%time%/$time/g" \ + -e "s/%date%/$date/g" \ + |awk -F 'ID=' '{print $2}' \ + |cut -d\' --complement -s -f1,2) + + echo "$new_lines"\ + | while read line; do + id="" + get_next_dnsrecord + echo "ID='$id' $line" >> $USER_DATA/dns/$domain.conf + done +} + +#Remove DNS records +remove_dns_config_records() { + template_data=$(cat $DNSTPL/$TPL.tpl) + + # Adding dns zone to the user config + template_data=$(echo "$template_data" |grep -v "v=spf1" |egrep "%ip(v6)?%") + if [ -z "$ip" ]; then + template_data=$(echo "$template_data" |grep "%ip%") + fi + if [ -z "$ipv6" ]; then + template_data=$(echo "$template_data" |grep "%ipv6%") + fi + + delete_lines=$(echo "$template_data" |\ + sed -e "s/%ip%/$old/g" \ + -e "s/%ipv6%/$old/g" \ + |awk -F 'ID=' '{print $2}' \ + |cut -d\' --complement -s -f1,2 \ + |awk -F 'TIME=' '{print $1}'); + + echo "$delete_lines"\ + | while read line; do + sed -i '/$line/d' $USER_DATA/dns/$domain.conf + done +} #----------------------------------------------------------# # MAIL # diff --git a/func/ip.sh b/func/ip.sh index f323cf8d..456cadc5 100644 --- a/func/ip.sh +++ b/func/ip.sh @@ -55,7 +55,7 @@ update_ip_value() { # Get ip name get_ip_alias() { - ip_name=$(grep "NAME=" $VESTA/data/ips/$local_ip |cut -f 2 -d \') + ip_name=$(grep "NAME=" $VESTA/data/ips/$local_ip 2>/dev/null |cut -f 2 -d \') if [ ! -z "$ip_name" ]; then echo "${1//./-}.$ip_name" fi @@ -64,64 +64,68 @@ get_ip_alias() { # Increase ip value increase_ip_value() { sip=${1-ip} - USER=$user - web_key='U_WEB_DOMAINS' - usr_key='U_SYS_USERS' - current_web=$(grep "$web_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') - current_usr=$(grep "$usr_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') - if [ -z "$current_web" ]; then - echo "Error: Parsing error" - log_event "$E_PARSING" "$ARGUMENTS" - exit $E_PARSING - fi - new_web=$((current_web + 1)) - if [ -z "$current_usr" ]; then - new_usr="$USER" - else - check_usr=$(echo -e "${current_usr//,/\n}" |grep -w $USER) - if [ -z "$check_usr" ]; then - new_usr="$current_usr,$USER" - else - new_usr="$current_usr" + if [ "$sip" != "no" ] && [ ! -z "$sip" ]; then + USER=$user + web_key='U_WEB_DOMAINS' + usr_key='U_SYS_USERS' + current_web=$(grep "$web_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') + current_usr=$(grep "$usr_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') + if [ -z "$current_web" ]; then + echo "Error: Parsing error" + log_event "$E_PARSING" "$ARGUMENTS" + exit $E_PARSING + fi + new_web=$((current_web + 1)) + if [ -z "$current_usr" ]; then + new_usr="$USER" + else + check_usr=$(echo -e "${current_usr//,/\n}" |grep -w $USER) + if [ -z "$check_usr" ]; then + new_usr="$current_usr,$USER" + else + new_usr="$current_usr" + fi fi - fi - sed -i "s/$web_key='$current_web'/$web_key='$new_web'/g" \ - $VESTA/data/ips/$sip - sed -i "s/$usr_key='$current_usr'/$usr_key='$new_usr'/g" \ - $VESTA/data/ips/$sip + sed -i "s/$web_key='$current_web'/$web_key='$new_web'/g" \ + $VESTA/data/ips/$sip + sed -i "s/$usr_key='$current_usr'/$usr_key='$new_usr'/g" \ + $VESTA/data/ips/$sip + fi } # Decrease ip value decrease_ip_value() { sip=${1-ip} - USER=$user - web_key='U_WEB_DOMAINS' - usr_key='U_SYS_USERS' + if [ "$sip" != "no" ] && [ ! -z "$sip" ]; then + USER=$user + web_key='U_WEB_DOMAINS' + usr_key='U_SYS_USERS' - current_web=$(grep "$web_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') - current_usr=$(grep "$usr_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') + current_web=$(grep "$web_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') + current_usr=$(grep "$usr_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') - if [ -z "$current_web" ]; then - check_result $E_PARSING "Parsing errpr" + if [ -z "$current_web" ]; then + check_result $E_PARSING "Parsing error" + fi + + new_web=$((current_web - 1)) + check_ip=$(grep $sip $USER_DATA/web.conf |wc -l) + if [ "$check_ip" -lt 2 ]; then + new_usr=$(echo "$current_usr" |\ + sed "s/,/\n/g"|\ + sed "s/^$user$//g"|\ + sed "/^$/d"|\ + sed ':a;N;$!ba;s/\n/,/g') + else + new_usr="$current_usr" + fi + + sed -i "s/$web_key='$current_web'/$web_key='$new_web'/g" \ + $VESTA/data/ips/$sip + sed -i "s/$usr_key='$current_usr'/$usr_key='$new_usr'/g" \ + $VESTA/data/ips/$sip fi - - new_web=$((current_web - 1)) - check_ip=$(grep $sip $USER_DATA/web.conf |wc -l) - if [ "$check_ip" -lt 2 ]; then - new_usr=$(echo "$current_usr" |\ - sed "s/,/\n/g"|\ - sed "s/^$user$//g"|\ - sed "/^$/d"|\ - sed ':a;N;$!ba;s/\n/,/g') - else - new_usr="$current_usr" - fi - - sed -i "s/$web_key='$current_web'/$web_key='$new_web'/g" \ - $VESTA/data/ips/$sip - sed -i "s/$usr_key='$current_usr'/$usr_key='$new_usr'/g" \ - $VESTA/data/ips/$sip } # Get ip address value @@ -195,10 +199,10 @@ get_broadcast() { # Get user ips get_user_ips() { - dedicated=$(grep -H "OWNER='$user'" $VESTA/data/ips/*) - dedicated=$(echo "$dedicated" |cut -f 1 -d : |sed 's=.*/==') - shared=$(grep -H -A1 "OWNER='admin'" $VESTA/data/ips/* |grep shared) - shared=$(echo "$shared" |cut -f 1 -d : |sed 's=.*/==' |cut -f 1 -d \-) + dedicated=$(grep -H -A10 "OWNER='$user'" $VESTA/data/ips/* |grep "VERSION='4'") + dedicated=$(echo "$dedicated" |cut -f 1 -d '-' |sed 's=.*/==') + shared=$(grep -H -A10 "OWNER='admin'" $VESTA/data/ips/* |grep -A10 shared |grep "VERSION='4'") + shared=$(echo "$shared" |cut -f 1 -d '-' |sed 's=.*/==' |cut -f 1 -d \-) for dedicated_ip in $dedicated; do shared=$(echo "$shared" |grep -v $dedicated_ip) done diff --git a/func/ipv6.sh b/func/ipv6.sh new file mode 100644 index 00000000..b8b4ed5e --- /dev/null +++ b/func/ipv6.sh @@ -0,0 +1,223 @@ +# Check ipv6 ownership +is_ipv6_owner() { + owner=$(grep 'OWNER=' $VESTA/data/ips/$ipv6 |cut -f 2 -d \') + if [ "$owner" != "$user" ]; then + check_result $E_FORBIDEN "$ipv6 is not owned by $user" + fi +} + +# Check if ipv6 address is free +is_ipv6_free() { + if [ -e "$VESTA/data/ips/$ipv6" ]; then + check_result $E_EXISTS "$ipv6 is already exists" + fi +} + +# Get full interface name +get_ipv6_iface() { + i=$(/sbin/ip addr |grep -w $interface |\ + awk '{print $NF}' |tail -n 1 |cut -f 2 -d :) + if [ "$i" = "$interface" ]; then + n=0 + else + n=$((i + 1)) + fi + echo "$interface:$n" +} + + +# Check ipv6 address speciefic value +is_ipv6_key_empty() { + key="$1" + string=$(cat $VESTA/data/ips/$ipv6) + eval $string + eval value="$key" + if [ ! -z "$value" ] && [ "$value" != '0' ]; then + key="$(echo $key|sed -e "s/\$U_//")" + check_result $E_EXISTS "IP6 is in use / $key = $value" + fi +} + +# Update ipv6 address value +update_ipv6_value() { + key="$1" + value="$2" + conf="$VESTA/data/ips/$ipv6" + str=$(cat $conf) + eval $str + c_key=$(echo "${key//$/}") + eval old="${key}" + old=$(echo "$old" | sed -e 's/\\/\\\\/g' -e 's/&/\\&/g' -e 's/\//\\\//g') + new=$(echo "$value" | sed -e 's/\\/\\\\/g' -e 's/&/\\&/g' -e 's/\//\\\//g') + sed -i "$str_number s/$c_key='${old//\*/\\*}'/$c_key='${new//\*/\\*}'/g"\ + $conf +} + +# Get ipv6 name +get_ipv6_alias() { + ip_name=$(grep "NAME=" $VESTA/data/ips/$ipv6 2> /dev/null |cut -f 2 -d \') + if [ ! -z "$ip_name" ]; then + echo "${1//./-}.$ip_name" + fi +} + +# Increase ipv6 value +increase_ipv6_value() { + sip=${1-ipv6} + if [ "$sip" != "no" ] && [ ! -z "$sip" ]; then + USER=$user + web_key='U_WEB_DOMAINS' + usr_key='U_SYS_USERS' + current_web=$(grep "$web_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') + current_usr=$(grep "$usr_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') + if [ -z "$current_web" ]; then + echo "Error: Parsing error" + log_event "$E_PARSING" "$ARGUMENTS" + exit $E_PARSING + fi + new_web=$((current_web + 1)) + if [ -z "$current_usr" ]; then + new_usr="$USER" + else + check_usr=$(echo -e "${current_usr//,/\n}" |grep -w $USER) + if [ -z "$check_usr" ]; then + new_usr="$current_usr,$USER" + else + new_usr="$current_usr" + fi + fi + + sed -i "s/$web_key='$current_web'/$web_key='$new_web'/g" \ + $VESTA/data/ips/$sip + sed -i "s/$usr_key='$current_usr'/$usr_key='$new_usr'/g" \ + $VESTA/data/ips/$sip + fi +} + +# Decrease ipv6 value +decrease_ipv6_value() { + sip=${1-ipv6} + if [ "$sip" != "no" ] && [ ! -z "$sip" ]; then + USER=$user + web_key='U_WEB_DOMAINS' + usr_key='U_SYS_USERS' + + current_web=$(grep "$web_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') + current_usr=$(grep "$usr_key=" $VESTA/data/ips/$sip |cut -f 2 -d \') + + if [ -z "$current_web" ]; then + check_result $E_PARSING "Parsing error" + fi + + new_web=$((current_web - 1)) + check_ip=$(grep $sip $USER_DATA/web.conf |wc -l) + if [ "$check_ip" -lt 2 ]; then + new_usr=$(echo "$current_usr" |\ + sed "s/,/\n/g"|\ + sed "s/^$user$//g"|\ + sed "/^$/d"|\ + sed ':a;N;$!ba;s/\n/,/g') + else + new_usr="$current_usr" + fi + + sed -i "s/$web_key='$current_web'/$web_key='$new_web'/g" \ + $VESTA/data/ips/$sip + sed -i "s/$usr_key='$current_usr'/$usr_key='$new_usr'/g" \ + $VESTA/data/ips/$sip + fi +} + +# Get ipv6 address value +get_ipv6_value() { + key="$1" + string=$(cat $VESTA/data/ips/$ip) + eval $string + eval value="$key" + echo "$value" +} + + +# Get real ipv6 address +get_real_ipv6() { + if [ -e "$VESTA/data/ips/$1" ]; then + echo $1 + else + nat=$(grep -H "^NAT='$1'" $VESTA/data/ips/*) + if [ ! -z "$nat" ]; then + echo "$nat" |cut -f 1 -d : |cut -f 7 -d / + fi + fi +} + +# Convert CIDR to netmask +convert_cidrv6() { + set -- $(( 5 - ($1 / 8) )) 255 255 255 255 \ + $(((255 << (8 - ($1 % 8))) & 255 )) 0 0 0 + if [[ $1 -gt 1 ]]; then + shift $1 + else + shift + fi + echo ${1-0}.${2-0}.${3-0}.${4-0} +} + +# Convert netmask to CIDR +convert_netmaskv6() { + nbits=0 + IFS=. + for dec in $1 ; do + case $dec in + 255) let nbits+=8;; + 254) let nbits+=7;; + 252) let nbits+=6;; + 248) let nbits+=5;; + 240) let nbits+=4;; + 224) let nbits+=3;; + 192) let nbits+=2;; + 128) let nbits+=1;; + 0);; + esac + done + echo "$nbits" +} + +# Get user ips +get_user_ip6s() { + dedicated=$(grep -H -A10 "OWNER='$user'" $VESTA/data/ips/* |grep "VERSION='6'") + dedicated=$(echo "$dedicated" |cut -f 1 -d '-' |sed 's=.*/==') + shared=$(grep -H -A10 "OWNER='admin'" $VESTA/data/ips/* |grep -A10 shared |grep "VERSION='6'") + shared=$(echo "$shared" |cut -f 1 -d '-' |sed 's=.*/==' |cut -f 1 -d \-) + for dedicated_ip in $dedicated; do + shared=$(echo "$shared" |grep -v $dedicated_ip) + done + echo -e "$dedicated\n$shared" |sed "/^$/d" +} + +# Get user ipv6 +get_user_ipv6() { + ipv6=$(get_user_ip6s |head -n1) + if [ -z "$ipv6" ]; then + check_result $E_NOTEXIST "no IP6 is available" + fi +} + +# Validate ipv6 address +is_ipv6_valid() { + ipv6="$1" + if [ ! -e "$VESTA/data/ips/$1" ]; then + check_result $E_NOTEXIST "IP6 $1 doesn't exist" + fi + if [ ! -z $2 ]; then + ip_data=$(cat $VESTA/data/ips/$1) + ip_owner=$(echo "$ip_data" |grep OWNER= |cut -f2 -d \') + ip_status=$(echo "$ip_data" |grep STATUS= |cut -f2 -d \') + if [ "$ip_owner" != "$user" ] && [ "$ip_status" = 'dedicated' ]; then + check_result $E_FORBIDEN "$user user can't use IP6 $1" + fi + get_user_owner + if [ "$ip_owner" != "$user" ] && [ "$ip_owner" != "$owner" ]; then + check_result $E_FORBIDEN "$user user can't use IP6 $1" + fi + fi +} diff --git a/func/main.sh b/func/main.sh index b1761fd8..20dd6689 100644 --- a/func/main.sh +++ b/func/main.sh @@ -551,6 +551,104 @@ is_ip_format_valid() { fi } +# IPv6 format validator +is_ipv6_format_valid() { + object_name=${2-ip6} + ip_regex='([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])' + t_ip=$(echo $1 |awk -F / '{print $1}') + t_cidr=$(echo $1 |awk -F / '{print $2}') + valid_cidr=1 + + WORD="[0-9A-Fa-f]\{1,4\}" + # flat address, no compressed words + FLAT="^${WORD}\(:${WORD}\)\{7\}$" + + COMP2="^\(${WORD}:\)\{1,1\}\(:${WORD}\)\{1,6\}$" + COMP3="^\(${WORD}:\)\{1,2\}\(:${WORD}\)\{1,5\}$" + COMP4="^\(${WORD}:\)\{1,3\}\(:${WORD}\)\{1,4\}$" + COMP5="^\(${WORD}:\)\{1,4\}\(:${WORD}\)\{1,3\}$" + COMP6="^\(${WORD}:\)\{1,5\}\(:${WORD}\)\{1,2\}$" + COMP7="^\(${WORD}:\)\{1,6\}\(:${WORD}\)\{1,1\}$" + # trailing :: edge case, includes case of only :: (all 0's) + EDGE_TAIL="^\(\(${WORD}:\)\{1,7\}\|:\):$" + # leading :: edge case + EDGE_LEAD="^:\(:${WORD}\)\{1,7\}$" + + echo $t_ip | grep --silent "\(${FLAT}\)\|\(${COMP2}\)\|\(${COMP3}\)\|\(${COMP4}\)\|\(${COMP5}\)\|\(${COMP6}\)\|\(${COMP7}\)\|\(${EDGE_TAIL}\)\|\(${EDGE_LEAD}\)" + if [ $? -ne 0 ]; then + check_result $E_INVALID "invalid $object_name format :: $1" + fi + + if [ ! -z "$(echo $1|grep '/')" ]; then + if [[ "$t_cidr" -lt 0 ]] || [[ "$t_cidr" -gt 128 ]]; then + valid_cidr=0 + fi + if ! [[ "$t_cidr" =~ ^[0-9]+$ ]]; then + valid_cidr=0 + fi + fi + if [ "$valid_cidr" -eq 0 ]; then + check_result $E_INVALID "invalid $object_name format :: $1" + fi +} + +is_ip46_format_valid() { + t_ip=$(echo $1 |awk -F / '{print $1}') + t_cidr=$(echo $1 |awk -F / '{print $2}') + valid_octets=0 + valid_cidr=1 + for octet in ${t_ip//./ }; do + if [[ $octet =~ ^[0-9]{1,3}$ ]] && [[ $octet -le 255 ]]; then + ((++valid_octets)) + fi + done + + if [ ! -z "$(echo $1|grep '/')" ]; then + if [[ "$t_cidr" -lt 0 ]] || [[ "$t_cidr" -gt 32 ]]; then + valid_cidr=0 + fi + if ! [[ "$t_cidr" =~ ^[0-9]+$ ]]; then + valid_cidr=0 + fi + fi + if [ "$valid_octets" -lt 4 ] || [ "$valid_cidr" -eq 0 ]; then + #Check IPV6 + ipv6_valid="" + WORD="[0-9A-Fa-f]\{1,4\}" + # flat address, no compressed words + FLAT="^${WORD}\(:${WORD}\)\{7\}$" + + COMP2="^\(${WORD}:\)\{1,1\}\(:${WORD}\)\{1,6\}$" + COMP3="^\(${WORD}:\)\{1,2\}\(:${WORD}\)\{1,5\}$" + COMP4="^\(${WORD}:\)\{1,3\}\(:${WORD}\)\{1,4\}$" + COMP5="^\(${WORD}:\)\{1,4\}\(:${WORD}\)\{1,3\}$" + COMP6="^\(${WORD}:\)\{1,5\}\(:${WORD}\)\{1,2\}$" + COMP7="^\(${WORD}:\)\{1,6\}\(:${WORD}\)\{1,1\}$" + # trailing :: edge case, includes case of only :: (all 0's) + EDGE_TAIL="^\(\(${WORD}:\)\{1,7\}\|:\):$" + # leading :: edge case + EDGE_LEAD="^:\(:${WORD}\)\{1,7\}$" + + echo $t_ip | grep --silent "\(${FLAT}\)\|\(${COMP2}\)\|\(${COMP3}\)\|\(${COMP4}\)\|\(${COMP5}\)\|\(${COMP6}\)\|\(${COMP7}\)\|\(${EDGE_TAIL}\)\|\(${EDGE_LEAD}\)" + if [ $? -ne 0 ]; then + ipv6_valid="INVALID" + fi + + if [ ! -z "$(echo $1|grep '/')" ]; then + if [[ "$t_cidr" -lt 0 ]] || [[ "$t_cidr" -gt 128 ]]; then + valid_cidr=0 + fi + if ! [[ "$t_cidr" =~ ^[0-9]+$ ]]; then + valid_cidr=0 + fi + fi + + if [ ! -z "$ipv6_valid" ] || [ "$valid_cidr" -eq 0 ]; then + check_result $E_INVALID "invalid IP format :: $1" + fi + fi +} + # Proxy extention format validator is_extention_format_valid() { exclude="[!|#|$|^|&|(|)|+|=|{|}|:|@|<|>|?|/|\|\"|'|;|%|\`| ]" @@ -619,7 +717,7 @@ is_date_format_valid() { is_dbuser_format_valid() { exclude="[!|@|#|$|^|&|*|(|)|+|=|{|}|:|,|<|>|?|/|\|\"|'|;|%|\`| ]" if [ 17 -le ${#1} ]; then - check_result $E_INVALID "mysql username can be up to 16 characters long" + check_result $E_INVALID "mysql username can be up to 16 characters long" fi if [[ "$1" =~ $exclude ]]; then check_result $E_INVALID "invalid $2 format :: $1" @@ -639,6 +737,9 @@ is_dns_record_format_valid() { if [ "$rtype" = 'A' ]; then is_ip_format_valid "$1" fi + if [ "$rtype" = 'AAAA' ]; then + is_ipv6_format_valid "$1" + fi if [ "$rtype" = 'NS' ]; then is_domain_format_valid "${1::-1}" 'ns_record' fi @@ -800,6 +901,8 @@ is_format_valid() { hour) is_cron_format_valid "$arg" $arg_name ;; id) is_int_format_valid "$arg" 'id' ;; ip) is_ip_format_valid "$arg" ;; + ipv6) is_ipv6_format_valid "$arg" ;; + ip46) is_ip46_format_valid "$arg" ;; ip_name) is_domain_format_valid "$arg" 'IP name';; ip_status) is_ip_status_format_valid "$arg" ;; job) is_int_format_valid "$arg" 'job' ;; diff --git a/func/rebuild.sh b/func/rebuild.sh index 69331cce..ddf015ec 100644 --- a/func/rebuild.sh +++ b/func/rebuild.sh @@ -143,6 +143,7 @@ rebuild_web_domain_conf() { get_domain_values 'web' is_ip_valid $IP + is_ipv6_valid $IP6 prepare_web_domain_values # Rebuilding domain directories @@ -229,6 +230,7 @@ rebuild_web_domain_conf() { if [ ! -z "$STATS" ]; then cat $WEBTPL/$STATS/$STATS.tpl |\ sed -e "s|%ip%|$local_ip|g" \ + -e "s|%ipv6%|$ipv6|g" \ -e "s|%web_system%|$WEB_SYSTEM|g" \ -e "s|%domain_idn%|$domain_idn|g" \ -e "s|%domain%|$domain|g" \ @@ -351,8 +353,9 @@ rebuild_dns_domain_conf() { # Checking zone file if [ ! -e "$USER_DATA/dns/$domain.conf" ]; then - cat $DNSTPL/$TPL.tpl |\ + cat $DNSTPL/$TPL.tpl | grep -v '%ip' |\ sed -e "s/%ip%/$IP/g" \ + -e "s/%ipv6%/$IP6/g" \ -e "s/%domain_idn%/$domain_idn/g" \ -e "s/%domain%/$domain/g" \ -e "s/%ns1%/$ns1/g" \ @@ -361,6 +364,33 @@ rebuild_dns_domain_conf() { -e "s/%ns4%/$ns4/g" \ -e "s/%time%/$TIME/g" \ -e "s/%date%/$DATE/g" > $USER_DATA/dns/$domain.conf + if [ ! -z $IP ] && [ "$IP" != "no" ]; then + cat $DNSTPL/$TPL.tpl |grep "%ip%" |\ + sed -e "s/%ip%/$IP/g" \ + -e "s/%ipv6%/$IP6/g" \ + -e "s/%domain_idn%/$domain_idn/g" \ + -e "s/%domain%/$domain/g" \ + -e "s/%ns1%/$ns1/g" \ + -e "s/%ns2%/$ns2/g" \ + -e "s/%ns3%/$ns3/g" \ + -e "s/%ns4%/$ns4/g" \ + -e "s/%time%/$TIME/g" \ + -e "s/%date%/$DATE/g" >> $USER_DATA/dns/$domain.conf + fi + + if [ ! -z $IP6 ] && [ "$IP6" != "no" ]; then + cat $DNSTPL/$TPL.tpl |grep "%ipv6%" |\ + sed -e "s/%ip%/$IP/g" \ + -e "s/%ipv6%/$IP6/g" \ + -e "s/%domain_idn%/$domain_idn/g" \ + -e "s/%domain%/$domain/g" \ + -e "s/%ns1%/$ns1/g" \ + -e "s/%ns2%/$ns2/g" \ + -e "s/%ns3%/$ns3/g" \ + -e "s/%ns4%/$ns4/g" \ + -e "s/%time%/$TIME/g" \ + -e "s/%date%/$DATE/g" >> $USER_DATA/dns/$domain.conf + fi fi # Sorting records diff --git a/install/debian/7/firewallv6/ports.conf b/install/debian/7/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/debian/7/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/debian/7/firewallv6/rules.conf b/install/debian/7/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/debian/7/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/debian/7/templates/dns/child-ns.tpl b/install/debian/7/templates/dns/child-ns.tpl index f0695773..6a2b3c96 100755 --- a/install/debian/7/templates/dns/child-ns.tpl +++ b/install/debian/7/templates/dns/child-ns.tpl @@ -8,5 +8,12 @@ ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='ns1' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='ns2' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/7/templates/dns/default.tpl b/install/debian/7/templates/dns/default.tpl index d02cfc03..862253ff 100755 --- a/install/debian/7/templates/dns/default.tpl +++ b/install/debian/7/templates/dns/default.tpl @@ -12,5 +12,10 @@ ID='11' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%tim ID='12' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='14' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='16' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/7/templates/dns/gmail.tpl b/install/debian/7/templates/dns/gmail.tpl index 950cfa45..75aefa8e 100755 --- a/install/debian/7/templates/dns/gmail.tpl +++ b/install/debian/7/templates/dns/gmail.tpl @@ -11,4 +11,8 @@ ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPE ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' \ No newline at end of file diff --git a/install/debian/8/firewallv6/ports.conf b/install/debian/8/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/debian/8/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/debian/8/firewallv6/rules.conf b/install/debian/8/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/debian/8/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/debian/8/templates/dns/child-ns.tpl b/install/debian/8/templates/dns/child-ns.tpl index f0695773..6a2b3c96 100755 --- a/install/debian/8/templates/dns/child-ns.tpl +++ b/install/debian/8/templates/dns/child-ns.tpl @@ -8,5 +8,12 @@ ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='ns1' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='ns2' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/8/templates/dns/default.tpl b/install/debian/8/templates/dns/default.tpl index d02cfc03..862253ff 100755 --- a/install/debian/8/templates/dns/default.tpl +++ b/install/debian/8/templates/dns/default.tpl @@ -12,5 +12,10 @@ ID='11' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%tim ID='12' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='14' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='16' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/8/templates/dns/gmail.tpl b/install/debian/8/templates/dns/gmail.tpl index 950cfa45..75aefa8e 100755 --- a/install/debian/8/templates/dns/gmail.tpl +++ b/install/debian/8/templates/dns/gmail.tpl @@ -11,4 +11,8 @@ ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPE ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' \ No newline at end of file diff --git a/install/rhel/5/firewallv6/ports.conf b/install/rhel/5/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/rhel/5/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/rhel/5/firewallv6/rules.conf b/install/rhel/5/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/rhel/5/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/rhel/5/templates/dns/child-ns.tpl b/install/rhel/5/templates/dns/child-ns.tpl index f0695773..6a2b3c96 100755 --- a/install/rhel/5/templates/dns/child-ns.tpl +++ b/install/rhel/5/templates/dns/child-ns.tpl @@ -8,5 +8,12 @@ ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='ns1' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='ns2' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/rhel/5/templates/dns/default.tpl b/install/rhel/5/templates/dns/default.tpl index d02cfc03..862253ff 100755 --- a/install/rhel/5/templates/dns/default.tpl +++ b/install/rhel/5/templates/dns/default.tpl @@ -12,5 +12,10 @@ ID='11' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%tim ID='12' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='14' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='16' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/rhel/5/templates/dns/gmail.tpl b/install/rhel/5/templates/dns/gmail.tpl index 950cfa45..75aefa8e 100755 --- a/install/rhel/5/templates/dns/gmail.tpl +++ b/install/rhel/5/templates/dns/gmail.tpl @@ -11,4 +11,8 @@ ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPE ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' \ No newline at end of file diff --git a/install/rhel/6/firewallv6/ports.conf b/install/rhel/6/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/rhel/6/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/rhel/6/firewallv6/rules.conf b/install/rhel/6/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/rhel/6/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/rhel/6/templates/dns/child-ns.tpl b/install/rhel/6/templates/dns/child-ns.tpl index f0695773..6a2b3c96 100755 --- a/install/rhel/6/templates/dns/child-ns.tpl +++ b/install/rhel/6/templates/dns/child-ns.tpl @@ -8,5 +8,12 @@ ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='ns1' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='ns2' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/rhel/6/templates/dns/default.tpl b/install/rhel/6/templates/dns/default.tpl index d02cfc03..862253ff 100755 --- a/install/rhel/6/templates/dns/default.tpl +++ b/install/rhel/6/templates/dns/default.tpl @@ -12,5 +12,10 @@ ID='11' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%tim ID='12' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='14' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='16' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/rhel/6/templates/dns/gmail.tpl b/install/rhel/6/templates/dns/gmail.tpl index 950cfa45..75aefa8e 100755 --- a/install/rhel/6/templates/dns/gmail.tpl +++ b/install/rhel/6/templates/dns/gmail.tpl @@ -11,4 +11,8 @@ ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPE ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' \ No newline at end of file diff --git a/install/rhel/7/fail2ban/filter.d/vesta-ipv6.conf b/install/rhel/7/fail2ban/filter.d/vesta-ipv6.conf new file mode 100644 index 00000000..69670a56 --- /dev/null +++ b/install/rhel/7/fail2ban/filter.d/vesta-ipv6.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/rhel/7/firewallv6/ports.conf b/install/rhel/7/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/rhel/7/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/rhel/7/firewallv6/rules.conf b/install/rhel/7/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/rhel/7/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/rhel/7/templates/dns/child-ns.tpl b/install/rhel/7/templates/dns/child-ns.tpl index f0695773..6a2b3c96 100755 --- a/install/rhel/7/templates/dns/child-ns.tpl +++ b/install/rhel/7/templates/dns/child-ns.tpl @@ -8,5 +8,12 @@ ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='ns1' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='ns2' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/rhel/7/templates/dns/default.tpl b/install/rhel/7/templates/dns/default.tpl index d02cfc03..862253ff 100755 --- a/install/rhel/7/templates/dns/default.tpl +++ b/install/rhel/7/templates/dns/default.tpl @@ -12,5 +12,10 @@ ID='11' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%tim ID='12' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='14' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='16' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/rhel/7/templates/dns/gmail.tpl b/install/rhel/7/templates/dns/gmail.tpl index 950cfa45..75aefa8e 100755 --- a/install/rhel/7/templates/dns/gmail.tpl +++ b/install/rhel/7/templates/dns/gmail.tpl @@ -11,4 +11,8 @@ ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPE ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' \ No newline at end of file diff --git a/install/ubuntu/12.04/firewallv6/ports.conf b/install/ubuntu/12.04/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/12.04/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/12.04/firewallv6/rules.conf b/install/ubuntu/12.04/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/12.04/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/ubuntu/12.04/templates/dns/child-ns.tpl b/install/ubuntu/12.04/templates/dns/child-ns.tpl index f0695773..6a2b3c96 100755 --- a/install/ubuntu/12.04/templates/dns/child-ns.tpl +++ b/install/ubuntu/12.04/templates/dns/child-ns.tpl @@ -8,5 +8,12 @@ ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='ns1' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='ns2' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/12.04/templates/dns/default.tpl b/install/ubuntu/12.04/templates/dns/default.tpl index d02cfc03..862253ff 100755 --- a/install/ubuntu/12.04/templates/dns/default.tpl +++ b/install/ubuntu/12.04/templates/dns/default.tpl @@ -12,5 +12,10 @@ ID='11' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%tim ID='12' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='14' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='16' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/12.04/templates/dns/gmail.tpl b/install/ubuntu/12.04/templates/dns/gmail.tpl index 950cfa45..75aefa8e 100755 --- a/install/ubuntu/12.04/templates/dns/gmail.tpl +++ b/install/ubuntu/12.04/templates/dns/gmail.tpl @@ -11,4 +11,8 @@ ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPE ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' \ No newline at end of file diff --git a/install/ubuntu/12.10/firewallv6/ports.conf b/install/ubuntu/12.10/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/12.10/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/12.10/firewallv6/rules.conf b/install/ubuntu/12.10/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/12.10/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/ubuntu/12.10/templates/dns/child-ns.tpl b/install/ubuntu/12.10/templates/dns/child-ns.tpl index f0695773..6a2b3c96 100755 --- a/install/ubuntu/12.10/templates/dns/child-ns.tpl +++ b/install/ubuntu/12.10/templates/dns/child-ns.tpl @@ -8,5 +8,12 @@ ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='ns1' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='ns2' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/12.10/templates/dns/default.tpl b/install/ubuntu/12.10/templates/dns/default.tpl index d02cfc03..862253ff 100755 --- a/install/ubuntu/12.10/templates/dns/default.tpl +++ b/install/ubuntu/12.10/templates/dns/default.tpl @@ -12,5 +12,10 @@ ID='11' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%tim ID='12' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='14' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='16' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/12.10/templates/dns/gmail.tpl b/install/ubuntu/12.10/templates/dns/gmail.tpl index 950cfa45..75aefa8e 100755 --- a/install/ubuntu/12.10/templates/dns/gmail.tpl +++ b/install/ubuntu/12.10/templates/dns/gmail.tpl @@ -11,4 +11,8 @@ ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPE ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' \ No newline at end of file diff --git a/install/ubuntu/13.04/firewallv6/ports.conf b/install/ubuntu/13.04/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/13.04/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/13.04/firewallv6/rules.conf b/install/ubuntu/13.04/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/13.04/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/ubuntu/13.04/templates/dns/child-ns.tpl b/install/ubuntu/13.04/templates/dns/child-ns.tpl index f0695773..6a2b3c96 100755 --- a/install/ubuntu/13.04/templates/dns/child-ns.tpl +++ b/install/ubuntu/13.04/templates/dns/child-ns.tpl @@ -8,5 +8,12 @@ ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='ns1' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='ns2' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/13.04/templates/dns/default.tpl b/install/ubuntu/13.04/templates/dns/default.tpl index d02cfc03..862253ff 100755 --- a/install/ubuntu/13.04/templates/dns/default.tpl +++ b/install/ubuntu/13.04/templates/dns/default.tpl @@ -12,5 +12,10 @@ ID='11' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%tim ID='12' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='14' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='16' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/13.04/templates/dns/gmail.tpl b/install/ubuntu/13.04/templates/dns/gmail.tpl index 950cfa45..75aefa8e 100755 --- a/install/ubuntu/13.04/templates/dns/gmail.tpl +++ b/install/ubuntu/13.04/templates/dns/gmail.tpl @@ -11,4 +11,8 @@ ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPE ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' \ No newline at end of file diff --git a/install/ubuntu/13.10/firewallv6/ports.conf b/install/ubuntu/13.10/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/13.10/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/13.10/firewallv6/rules.conf b/install/ubuntu/13.10/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/13.10/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/ubuntu/13.10/templates/dns/child-ns.tpl b/install/ubuntu/13.10/templates/dns/child-ns.tpl index f0695773..6a2b3c96 100755 --- a/install/ubuntu/13.10/templates/dns/child-ns.tpl +++ b/install/ubuntu/13.10/templates/dns/child-ns.tpl @@ -8,5 +8,12 @@ ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='ns1' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='ns2' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/13.10/templates/dns/default.tpl b/install/ubuntu/13.10/templates/dns/default.tpl index d02cfc03..862253ff 100755 --- a/install/ubuntu/13.10/templates/dns/default.tpl +++ b/install/ubuntu/13.10/templates/dns/default.tpl @@ -12,5 +12,10 @@ ID='11' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%tim ID='12' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='14' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='16' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/13.10/templates/dns/gmail.tpl b/install/ubuntu/13.10/templates/dns/gmail.tpl index 950cfa45..75aefa8e 100755 --- a/install/ubuntu/13.10/templates/dns/gmail.tpl +++ b/install/ubuntu/13.10/templates/dns/gmail.tpl @@ -11,4 +11,8 @@ ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPE ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' \ No newline at end of file diff --git a/install/ubuntu/14.04/firewallv6/ports.conf b/install/ubuntu/14.04/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/14.04/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/14.04/firewallv6/rules.conf b/install/ubuntu/14.04/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/14.04/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/ubuntu/14.04/templates/dns/child-ns.tpl b/install/ubuntu/14.04/templates/dns/child-ns.tpl index f0695773..6a2b3c96 100755 --- a/install/ubuntu/14.04/templates/dns/child-ns.tpl +++ b/install/ubuntu/14.04/templates/dns/child-ns.tpl @@ -8,5 +8,12 @@ ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='ns1' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='ns2' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/14.04/templates/dns/default.tpl b/install/ubuntu/14.04/templates/dns/default.tpl index d02cfc03..862253ff 100755 --- a/install/ubuntu/14.04/templates/dns/default.tpl +++ b/install/ubuntu/14.04/templates/dns/default.tpl @@ -12,5 +12,10 @@ ID='11' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%tim ID='12' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='14' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='16' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/14.04/templates/dns/gmail.tpl b/install/ubuntu/14.04/templates/dns/gmail.tpl index 950cfa45..75aefa8e 100755 --- a/install/ubuntu/14.04/templates/dns/gmail.tpl +++ b/install/ubuntu/14.04/templates/dns/gmail.tpl @@ -11,4 +11,8 @@ ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPE ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' \ No newline at end of file diff --git a/install/ubuntu/14.10/firewallv6/ports.conf b/install/ubuntu/14.10/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/14.10/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/14.10/firewallv6/rules.conf b/install/ubuntu/14.10/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/14.10/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/ubuntu/14.10/templates/dns/child-ns.tpl b/install/ubuntu/14.10/templates/dns/child-ns.tpl index f0695773..6a2b3c96 100755 --- a/install/ubuntu/14.10/templates/dns/child-ns.tpl +++ b/install/ubuntu/14.10/templates/dns/child-ns.tpl @@ -8,5 +8,12 @@ ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='ns1' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='ns2' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/14.10/templates/dns/default.tpl b/install/ubuntu/14.10/templates/dns/default.tpl index d02cfc03..862253ff 100755 --- a/install/ubuntu/14.10/templates/dns/default.tpl +++ b/install/ubuntu/14.10/templates/dns/default.tpl @@ -12,5 +12,10 @@ ID='11' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%tim ID='12' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='14' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='16' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/14.10/templates/dns/gmail.tpl b/install/ubuntu/14.10/templates/dns/gmail.tpl index 950cfa45..75aefa8e 100755 --- a/install/ubuntu/14.10/templates/dns/gmail.tpl +++ b/install/ubuntu/14.10/templates/dns/gmail.tpl @@ -11,4 +11,8 @@ ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPE ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' \ No newline at end of file diff --git a/install/ubuntu/15.04/firewallv6/ports.conf b/install/ubuntu/15.04/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/15.04/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/15.04/firewallv6/rules.conf b/install/ubuntu/15.04/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/15.04/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/ubuntu/15.04/templates/dns/child-ns.tpl b/install/ubuntu/15.04/templates/dns/child-ns.tpl index f0695773..6a2b3c96 100755 --- a/install/ubuntu/15.04/templates/dns/child-ns.tpl +++ b/install/ubuntu/15.04/templates/dns/child-ns.tpl @@ -8,5 +8,12 @@ ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='ns1' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='ns2' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/15.04/templates/dns/default.tpl b/install/ubuntu/15.04/templates/dns/default.tpl index d02cfc03..862253ff 100755 --- a/install/ubuntu/15.04/templates/dns/default.tpl +++ b/install/ubuntu/15.04/templates/dns/default.tpl @@ -12,5 +12,10 @@ ID='11' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%tim ID='12' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='14' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='16' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/15.04/templates/dns/gmail.tpl b/install/ubuntu/15.04/templates/dns/gmail.tpl index 950cfa45..75aefa8e 100755 --- a/install/ubuntu/15.04/templates/dns/gmail.tpl +++ b/install/ubuntu/15.04/templates/dns/gmail.tpl @@ -11,4 +11,8 @@ ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPE ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' \ No newline at end of file diff --git a/install/ubuntu/15.10/firewallv6/ports.conf b/install/ubuntu/15.10/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/15.10/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/15.10/firewallv6/rules.conf b/install/ubuntu/15.10/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/15.10/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/ubuntu/15.10/templates/dns/child-ns.tpl b/install/ubuntu/15.10/templates/dns/child-ns.tpl index f0695773..6a2b3c96 100755 --- a/install/ubuntu/15.10/templates/dns/child-ns.tpl +++ b/install/ubuntu/15.10/templates/dns/child-ns.tpl @@ -8,5 +8,12 @@ ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='ns1' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='ns2' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/15.10/templates/dns/default.tpl b/install/ubuntu/15.10/templates/dns/default.tpl index d02cfc03..862253ff 100755 --- a/install/ubuntu/15.10/templates/dns/default.tpl +++ b/install/ubuntu/15.10/templates/dns/default.tpl @@ -12,5 +12,10 @@ ID='11' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%tim ID='12' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='14' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='16' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/15.10/templates/dns/gmail.tpl b/install/ubuntu/15.10/templates/dns/gmail.tpl index 950cfa45..75aefa8e 100755 --- a/install/ubuntu/15.10/templates/dns/gmail.tpl +++ b/install/ubuntu/15.10/templates/dns/gmail.tpl @@ -11,4 +11,8 @@ ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPE ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' \ No newline at end of file diff --git a/install/ubuntu/16.04/firewallv6/ports.conf b/install/ubuntu/16.04/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/16.04/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/16.04/firewallv6/rules.conf b/install/ubuntu/16.04/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/16.04/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/ubuntu/16.04/templates/dns/child-ns.tpl b/install/ubuntu/16.04/templates/dns/child-ns.tpl index f0695773..6a2b3c96 100755 --- a/install/ubuntu/16.04/templates/dns/child-ns.tpl +++ b/install/ubuntu/16.04/templates/dns/child-ns.tpl @@ -8,5 +8,12 @@ ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='ns1' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='ns2' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/16.04/templates/dns/default.tpl b/install/ubuntu/16.04/templates/dns/default.tpl index d02cfc03..862253ff 100755 --- a/install/ubuntu/16.04/templates/dns/default.tpl +++ b/install/ubuntu/16.04/templates/dns/default.tpl @@ -12,5 +12,10 @@ ID='11' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%tim ID='12' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='14' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='16' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/16.04/templates/dns/gmail.tpl b/install/ubuntu/16.04/templates/dns/gmail.tpl index 950cfa45..75aefa8e 100755 --- a/install/ubuntu/16.04/templates/dns/gmail.tpl +++ b/install/ubuntu/16.04/templates/dns/gmail.tpl @@ -11,4 +11,8 @@ ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPE ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' \ No newline at end of file diff --git a/install/ubuntu/16.10/firewallv6/ports.conf b/install/ubuntu/16.10/firewallv6/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/16.10/firewallv6/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/16.10/firewallv6/rules.conf b/install/ubuntu/16.10/firewallv6/rules.conf new file mode 100644 index 00000000..019696ad --- /dev/null +++ b/install/ubuntu/16.10/firewallv6/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMPV6' PORT='0' IP6='::/0' COMMENT='PING' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP6='::/0' COMMENT='VESTA' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP6='::/0' COMMENT='DB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP6='::/0' COMMENT='IMAP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP6='::/0' COMMENT='POP3' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP6='::/0' COMMENT='SMTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP6='::/0' COMMENT='DNS' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP6='::/0' COMMENT='FTP' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP6='::/0' COMMENT='WEB' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP6='::/0' COMMENT='SSH' SUSPENDED='no' TIME='00:00:00' DATE='2017-01-22' diff --git a/install/ubuntu/16.10/templates/dns/child-ns.tpl b/install/ubuntu/16.10/templates/dns/child-ns.tpl index f0695773..6a2b3c96 100755 --- a/install/ubuntu/16.10/templates/dns/child-ns.tpl +++ b/install/ubuntu/16.10/templates/dns/child-ns.tpl @@ -8,5 +8,12 @@ ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='ns1' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='ns2' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/16.10/templates/dns/default.tpl b/install/ubuntu/16.10/templates/dns/default.tpl index d02cfc03..862253ff 100755 --- a/install/ubuntu/16.10/templates/dns/default.tpl +++ b/install/ubuntu/16.10/templates/dns/default.tpl @@ -12,5 +12,10 @@ ID='11' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%tim ID='12' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='14' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='16' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='mail' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='www' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='pop' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='ftp' TYPE='AAAA' PRIORITY='' VALUE='%ipv6%' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/16.10/templates/dns/gmail.tpl b/install/ubuntu/16.10/templates/dns/gmail.tpl index 950cfa45..75aefa8e 100755 --- a/install/ubuntu/16.10/templates/dns/gmail.tpl +++ b/install/ubuntu/16.10/templates/dns/gmail.tpl @@ -11,4 +11,8 @@ ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPE ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx %spfip4% %spfip6% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' \ No newline at end of file diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 25973e94..e328cad3 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -776,6 +776,11 @@ wget $vestacp/firewall.tar.gz -O firewall.tar.gz tar -xzf firewall.tar.gz rm -f firewall.tar.gz +# Downloading firewallv6 rules +wget $vestacp/firewallv6.tar.gz -O firewallv6.tar.gz +tar -xzf firewallv6.tar.gz +rm -f firewallv6.tar.gz + # Configuring server hostname $VESTA/bin/v-change-sys-hostname $servername 2>/dev/null @@ -1185,6 +1190,14 @@ fi # Configuring system ips $VESTA/bin/v-update-sys-ip +# Get main ipv6 +ipv6=$(ip addr show | sed -e's/^.*inet6 \([^ ]*\)\/.*$/\1/;t;d' | grep -ve "^fe80" | tail -1) +if [ ! -z "$ipv6" ]; then + netmask="ip addr show | grep '$ipv6' | awk -F '/' '{print $2}' | awk '{print $1}'" + netmask=$(eval $netmask) + $VESTA/bin/v-add-sys-ipv6 $ipv6 $netmask +fi + # Get main ip ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) copy_of_ip=$ip @@ -1192,6 +1205,7 @@ copy_of_ip=$ip # Firewall configuration if [ "$iptables" = 'yes' ]; then $VESTA/bin/v-update-firewall + $VESTA/bin/v-update-firewall-ipv6 fi # Get public ip diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh index 7b8e4d85..02f7d9ee 100755 --- a/install/vst-install-rhel.sh +++ b/install/vst-install-rhel.sh @@ -27,8 +27,8 @@ if [ "$release" -eq 7 ]; then postgresql postgresql-server postgresql-contrib phpPgAdmin e2fsprogs openssh-clients ImageMagick curl mc screen ftp zip unzip flex sqlite pcre sudo bc jwhois mailx lsof tar telnet rrdtool net-tools ntp GeoIP freetype - fail2ban rsyslog iptables-services which vesta vesta-nginx vesta-php - vim-common expect" + fail2ban rsyslog iptables-services iptables-ipv6 which vesta vesta-nginx + vesta-php vim-common expect" else software="nginx httpd mod_ssl mod_ruid2 mod_fcgid mod_extract_forwarded php php-common php-cli php-bcmath php-gd php-imap php-mbstring php-mcrypt @@ -643,6 +643,7 @@ fi # Disable iptables service iptables stop +service ip6tables stop # Configuring NTP synchronization echo '#!/bin/sh' > /etc/cron.daily/ntpdate @@ -669,7 +670,6 @@ if [ "$release" -eq '7' ]; then systemctl daemon-reexec fi - #----------------------------------------------------------# # Configure VESTA # #----------------------------------------------------------# @@ -815,6 +815,12 @@ wget $vestacp/firewall.tar.gz -O firewall.tar.gz tar -xzf firewall.tar.gz rm -f firewall.tar.gz +# Downloading firewall ipv6 rules +chkconfig firewalld off >/dev/null 2>&1 +wget $vestacp/firewallv6.tar.gz -O firewallv6.tar.gz +tar -xzf firewallv6.tar.gz +rm -f firewallv6.tar.gz + # Configuring server hostname $VESTA/bin/v-change-sys-hostname $servername 2>/dev/null @@ -1188,6 +1194,7 @@ if [ "$fail2ban" = 'yes' ]; then wget $vestacp/fail2ban.tar.gz -O fail2ban.tar.gz tar -xzf fail2ban.tar.gz rm -f fail2ban.tar.gz + if [ "$dovecot" = 'no' ]; then fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2) fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) @@ -1229,19 +1236,30 @@ $VESTA/bin/v-change-user-language admin $lang # Configuring system ips $VESTA/bin/v-update-sys-ip +# Get main ipv6 +ipv6=$(ip addr show | sed -e's/^.*inet6 \([^ ]*\)\/.*$/\1/;t;d' | grep -ve "^fe80" | tail -1) +if [ ! -z "$ipv6" ]; then + netmask="ip addr show | grep '$ipv6' | awk -F '/' '{print $2}' | awk '{print $1}'" + netmask=$(eval $netmask) + $VESTA/bin/v-add-sys-ipv6 $ipv6 $netmask +fi + + # Get main ip ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) +# Get public ip +pub_ip=$(wget vestacp.com/what-is-my-ip/ -O - 2>/dev/null) +if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then + $VESTA/bin/v-change-sys-ip-nat $ip $pub_ip +fi +if [ -z "$pub_ip" ]; then + ip=$main_ip +fi # Firewall configuration if [ "$iptables" = 'yes' ]; then $VESTA/bin/v-update-firewall -fi - -# Get public ip -pub_ip=$(curl -s vestacp.com/what-is-my-ip/) -if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then - $VESTA/bin/v-change-sys-ip-nat $ip $pub_ip - ip=$pub_ip + $VESTA/bin/v-update-firewall-ipv6 fi # Configuring mysql host diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index 19666573..a2d2ffbd 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -610,7 +610,6 @@ check_result $? "apt-get install failed" # Restore policy rm -f /usr/sbin/policy-rc.d - #----------------------------------------------------------# # Configure system # #----------------------------------------------------------# @@ -789,6 +788,11 @@ wget $vestacp/firewall.tar.gz -O firewall.tar.gz tar -xzf firewall.tar.gz rm -f firewall.tar.gz +# Downloading firewall rules +wget $vestacp/firewallv6.tar.gz -O firewallv6.tar.gz +tar -xzf firewallv6.tar.gz +rm -f firewallv6.tar.gz + # Configuring server hostname $VESTA/bin/v-change-sys-hostname $servername 2>/dev/null @@ -1169,12 +1173,21 @@ $VESTA/bin/v-change-user-language admin $lang # Configuring system IPs $VESTA/bin/v-update-sys-ip +# Get main ipv6 +ipv6=$(ip addr show | sed -e's/^.*inet6 \([^ ]*\)\/.*$/\1/;t;d' | grep -ve "^fe80" | tail -1) +if [ ! -z "$ipv6" ]; then + netmask="ip addr show | grep '$ipv6' | awk -F '/' '{print $2}' | awk '{print $1}'" + netmask=$(eval $netmask) + $VESTA/bin/v-add-sys-ipv6 $ipv6 $netmask +fi + # Get main IP ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) # Configuring firewall if [ "$iptables" = 'yes' ]; then $VESTA/bin/v-update-firewall + $VESTA/bin/v-update-firewall-ipv6 fi # Get public IP diff --git a/upd/add_ipv6.sh b/upd/add_ipv6.sh new file mode 100644 index 00000000..29ba3159 --- /dev/null +++ b/upd/add_ipv6.sh @@ -0,0 +1,55 @@ +#!/bin/bash +source /etc/profile.d/vesta.sh + +#download new templates +$BIN/v-update-web-templates +$BIN/v-update-dns-templates + +#Download firewallv6 templates +if [ ! -e "$VESTA/data/firewallv6" ]; then + mkdir -p $VESTA/data/firewallv6 + chmod 770 $VESTA/data/firewallv6 + + cp $VESTA/install/rhel/6/firewallv6/* \ + $VESTA/data/firewallv6/ + chmod 660 $VESTA/data/firewallv6/* + +fi + +#Add IP6 field +ipv6=$(ip addr show | sed -e's/^.*inet6 \([^ ]*\)\/.*$/\1/;t;d' | grep -ve "^fe80" | tail -1) +ipv6use="" +if [ ! -z "$ipv6" ]; then + netmask="ip addr show | grep '$ipv6' | awk -F '/' '{print $2}' | awk '{print $1}'" + netmask=$(eval $netmask) + $BIN/v-add-sys-ipv6 $ipv6 $netmask + $BIN/v-update-firewall-ipv6 + ipv6use=ipv6 +fi + +#set IPv6 +userlist=$(ls --sort=time $VESTA/data/users/) +for user in $userlist; do + USER_DATA="$VESTA/data/users/$user" + + #UPDATE WEB + conf="$USER_DATA/web.conf" + while read line ; do + eval $line + update_object_value 'web' 'DOMAIN' "$DOMAIN" '$IP6' "$ipv6use" + done < $conf + + #UPDATE DNS + conf="$USER_DATA/dns.conf" + while read line ; do + eval $line + if [ "$(echo $line | grep 'IP6=')" == "" ]; then + sed -i "s/DOMAIN='$DOMAIN' IP='$IP'/DOMAIN='$DOMAIN' IP='$IP' IP6='$ipv6use'/g" "$conf" + else + update_object_value 'dns' 'DOMAIN' "$DOMAIN" '$IP6' "$ipv6use" + fi + done < $conf + $BIN/v-rebuild-user $user +done + +/usr/local/vesta/bin/v-add-user-notification admin "IPv6 support" "Your vesta installation supports IPv6!" diff --git a/web/add/firewallv6/banlist/index.php b/web/add/firewallv6/banlist/index.php new file mode 100644 index 00000000..ba425df8 --- /dev/null +++ b/web/add/firewallv6/banlist/index.php @@ -0,0 +1,55 @@ + $error) { + if ( $i == 0 ) { + $error_msg = $error; + } else { + $error_msg = $error_msg.", ".$error; + } + } + $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg); + } + + // Protect input + $v_chain = escapeshellarg($_POST['v_chain']); + $v_ipv6 = escapeshellarg($_POST['v_ipv6']); + + // Add firewall ban + if (empty($_SESSION['error_msg'])) { + exec (VESTA_CMD."v-add-firewall-ipv6-ban ".$v_ipv6." ".$v_chain, $output, $return_var); + check_return_code($return_var,$output); + unset($output); + } + + // Flush field values on success + if (empty($_SESSION['error_msg'])) { + $_SESSION['ok_msg'] = __('BANLIST_CREATED_OK'); + unset($v_ip); + } +} + +// Render +render_page($user, $TAB, 'add_firewall_ipv6_banlist'); + +// Flush session messages +unset($_SESSION['error_msg']); +unset($_SESSION['ok_msg']); diff --git a/web/add/firewallv6/index.php b/web/add/firewallv6/index.php new file mode 100644 index 00000000..dbc46dd5 --- /dev/null +++ b/web/add/firewallv6/index.php @@ -0,0 +1,71 @@ + $error) { + if ( $i == 0 ) { + $error_msg = $error; + } else { + $error_msg = $error_msg.", ".$error; + } + } + $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg); + } + + // Protect input + $v_action = escapeshellarg($_POST['v_action']); + $v_protocol = escapeshellarg($_POST['v_protocol']); + $v_port = str_replace(" ",",", $_POST['v_port']); + $v_port = preg_replace('/\,+/', ',', $v_port); + $v_port = trim($v_port, ","); + $v_port = escapeshellarg($v_port); + $v_ipv6 = escapeshellarg($_POST['v_ipv6']); + $v_comment = escapeshellarg($_POST['v_comment']); + + // Add firewall rule + if (empty($_SESSION['error_msg'])) { + exec (VESTA_CMD."v-add-firewall-ipv6-rule ".$v_action." ".$v_ipv6." ".$v_port." ".$v_protocol." ".$v_comment, $output, $return_var); + check_return_code($return_var,$output); + unset($output); + } + + // Flush field values on success + if (empty($_SESSION['error_msg'])) { + $_SESSION['ok_msg'] = __('RULE_CREATED_OK'); + unset($v_port); + unset($v_ip); + unset($v_comment); + } +} + +// Render +render_page($user, $TAB, 'add_firewall_ipv6'); + +// Flush session messages +unset($_SESSION['error_msg']); +unset($_SESSION['ok_msg']); diff --git a/web/add/ip/index.php b/web/add/ip/index.php index 8746ed08..39d82556 100644 --- a/web/add/ip/index.php +++ b/web/add/ip/index.php @@ -26,6 +26,7 @@ if (!empty($_POST['ok'])) { if (empty($_POST['v_netmask'])) $errors[] = __('netmask'); if (empty($_POST['v_interface'])) $errors[] = __('interface'); if (empty($_POST['v_owner'])) $errors[] = __('assigned user'); + if (empty($_POST['v_version'])) $errors[] = __('version'); if (!empty($errors[0])) { foreach ($errors as $i => $error) { if ( $i == 0 ) { @@ -45,6 +46,7 @@ if (!empty($_POST['ok'])) { $v_interface = escapeshellarg($_POST['v_interface']); $v_owner = escapeshellarg($_POST['v_owner']); $v_shared = $_POST['v_shared']; + $v_version = escapeshellarg($_POST['v_version']); // Check shared checkmark if ($v_shared == 'on') { @@ -57,7 +59,11 @@ if (!empty($_POST['ok'])) { // Add IP if (empty($_SESSION['error_msg'])) { - exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." '".$ip_status."' ".$v_name." ".$v_nat, $output, $return_var); + if($v_version == "6") { + exec (VESTA_CMD."v-add-sys-ipv6 ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." '".$ip_status."' ".$v_name." ".$v_nat, $output, $return_var); + } else { + exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." '".$ip_status."' ".$v_name, $output, $return_var); + } check_return_code($return_var,$output); unset($output); $v_owner = $_POST['v_owner']; diff --git a/web/add/web/index.php b/web/add/web/index.php index 486b5e12..8e2c1742 100644 --- a/web/add/web/index.php +++ b/web/add/web/index.php @@ -18,6 +18,7 @@ if (!empty($_POST['ok'])) { // Check for empty fields if (empty($_POST['v_domain'])) $errors[] = __('domain'); if (empty($_POST['v_ip'])) $errors[] = __('ip'); + if (empty($_POST['v_ipv6'])) $errors[] = __('ipv6'); if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_crt']))&& (empty($_POST['v_letsencrypt']))) $errors[] = __('ssl certificate'); if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_key']))&& (empty($_POST['v_letsencrypt']))) $errors[] = __('ssl key'); if (!empty($errors[0])) { @@ -46,18 +47,24 @@ if (!empty($_POST['ok'])) { // Define domain ip address $v_ip = escapeshellarg($_POST['v_ip']); + $v_ipv6 = escapeshellarg($_POST['v_ipv6']); // Using public IP instead of internal IP when creating DNS // Gets public IP from 'v-list-user-ips' command (that reads /vesta/data/ips/ip), precisely from 'NAT' field $v_public_ip = $v_ip; $v_clean_ip = $_POST['v_ip']; // clean_ip = IP without quotas - exec (VESTA_CMD."v-list-user-ips ".$user." json", $output, $return_var); + exec (VESTA_CMD."v-list-user-ips ".$user." json 4", $output, $return_var); $ips = json_decode(implode('', $output), true); unset($output); if (isset($ips[$v_clean_ip]) && isset($ips[$v_clean_ip]['NAT']) && trim($ips[$v_clean_ip]['NAT'])!='') { $v_public_ip = trim($ips[$v_clean_ip]['NAT']); $v_public_ip = escapeshellarg($v_public_ip); } + + $v_clean_ip = $_POST['v_ipv6']; // clean_ip = IP without quotas + exec (VESTA_CMD."v-list-user-ips ".$user." json 6", $output, $return_var); + $ip6s = json_decode(implode('', $output), true); + unset($output); // Define domain aliases $v_aliases = $_POST['v_aliases']; @@ -118,25 +125,25 @@ if (!empty($_POST['ok'])) { // Add web domain if (empty($_SESSION['error_msg'])) { - exec (VESTA_CMD."v-add-web-domain ".$user." ".$v_domain." ".$v_ip." 'no' ".$aliases." ".$proxy_ext, $output, $return_var); + exec (VESTA_CMD."v-add-web-domain ".$user." ".$v_domain." ".$v_ip." ".$v_ipv6." 'no' ".$aliases." ".$proxy_ext, $output, $return_var); check_return_code($return_var,$output); unset($output); $domain_added = empty($_SESSION['error_msg']); } - + // Add DNS domain if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_public_ip." '' '' '' '' '' '' '' '' 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_public_ip." ".$v_ipv6." '' '' '' '' '' '' '' '' 'no'", $output, $return_var); check_return_code($return_var,$output); unset($output); } - + // Add DNS for domain aliases if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) { foreach ($aliases_arr as $alias) { if ($alias != "www.".$_POST['v_domain']) { $alias = escapeshellarg($alias); - exec (VESTA_CMD."v-add-dns-on-web-alias ".$user." ".$alias." ".$v_ip." 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-dns-on-web-alias ".$user." ".$alias." ".$v_ip." ".$v_ipv6." 'no'", $output, $return_var); check_return_code($return_var,$output); unset($output); } @@ -351,10 +358,14 @@ $v_ftp_user_prepath = $panel[$user]['HOME'] . "/web"; $v_ftp_email = $panel[$user]['CONTACT']; // List IP addresses -exec (VESTA_CMD."v-list-user-ips ".$user." json", $output, $return_var); +exec (VESTA_CMD."v-list-user-ips ".$user." json 4", $output, $return_var); $ips = json_decode(implode('', $output), true); unset($output); +exec (VESTA_CMD."v-list-user-ips ".$user." json 6", $output, $return_var); +$ip6s = json_decode(implode('', $output), true); +unset($output); + // List web stat engines exec (VESTA_CMD."v-list-web-stats json", $output, $return_var); $stats = json_decode(implode('', $output), true); diff --git a/web/bulk/firewallv6/banlist/index.php b/web/bulk/firewallv6/banlist/index.php new file mode 100644 index 00000000..5a3ae44e --- /dev/null +++ b/web/bulk/firewallv6/banlist/index.php @@ -0,0 +1,38 @@ + +
+
+ + → ".htmlentities($_SESSION['error_msg']).""; + } else { + if (!empty($_SESSION['ok_msg'])) { + echo " → ".$_SESSION['ok_msg'].""; + } + } + ?> +
+
+ + +
+ + +
+ +
+ + + + + + + + +
+ + +
+ 		+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ +
+ +
+ +
+ () +
+ "> +
+ () +
+ "> +
+ () +
+ "> +
+ + + + + +
+ + + +
+
+ + +
\ No newline at end of file diff --git a/web/templates/admin/add_firewall_ipv6_banlist.html b/web/templates/admin/add_firewall_ipv6_banlist.html new file mode 100644 index 00000000..76b09726 --- /dev/null +++ b/web/templates/admin/add_firewall_ipv6_banlist.html @@ -0,0 +1,86 @@ +
+
+
+ + → ".htmlentities($_SESSION['error_msg']).""; + } else { + if (!empty($_SESSION['ok_msg'])) { + echo " → ".$_SESSION['ok_msg'].""; + } + } + ?> +
+
+
+ +
+ + +
+ + + + + + + + + + +
+ + +
+ 		+ + + + + + + + + + + + + +
+ +
+ +
+ () +
+ "> +
+ + + + + +
+ + + +
+
+ +
diff --git a/web/templates/admin/add_ip.html b/web/templates/admin/add_ip.html index 89653389..7f63d9d5 100644 --- a/web/templates/admin/add_ip.html +++ b/web/templates/admin/add_ip.html @@ -78,6 +78,19 @@ + + + + + + + + + + diff --git a/web/templates/admin/add_web.html b/web/templates/admin/add_web.html index 56f25edc..3b9d45db 100644 --- a/web/templates/admin/add_web.html +++ b/web/templates/admin/add_web.html @@ -50,19 +50,19 @@ - "> + "> - + + + + + + + + + + + diff --git a/web/templates/admin/edit_dns.html b/web/templates/admin/edit_dns.html index 812de9a9..b2912d61 100644 --- a/web/templates/admin/edit_dns.html +++ b/web/templates/admin/edit_dns.html @@ -63,7 +63,17 @@ - "> + "> + + + + + + + + + + "> diff --git a/web/templates/admin/edit_firewall_ipv6.html b/web/templates/admin/edit_firewall_ipv6.html new file mode 100644 index 00000000..cbf0af99 --- /dev/null +++ b/web/templates/admin/edit_firewall_ipv6.html @@ -0,0 +1,121 @@ +
+
+
+ + → ".htmlentities($_SESSION['error_msg']).""; + } else { + if (!empty($_SESSION['ok_msg'])) { + echo " → ".$_SESSION['ok_msg'].""; + } + } + ?> +
+
+
+ +
+ + +
+ + + + + + + + + + +
+ + + + + +
+
+ +
+ 		+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ +
+ +
+ +
+ () +
+ "> +
+ () +
+ "> +
+ () +
+ "> +
+ + + + + +
+ + + +
+
+ +
diff --git a/web/templates/admin/edit_ip.html b/web/templates/admin/edit_ip.html index b4306993..ee73cdb2 100644 --- a/web/templates/admin/edit_ip.html +++ b/web/templates/admin/edit_ip.html @@ -77,6 +77,19 @@ " disabled> + + + + + + + + + + diff --git a/web/templates/admin/edit_web.html b/web/templates/admin/edit_web.html index af7d44ed..bb4d8fcc 100644 --- a/web/templates/admin/edit_web.html +++ b/web/templates/admin/edit_web.html @@ -66,15 +66,34 @@ + + + + + + + + + + diff --git a/web/templates/admin/list_dns.html b/web/templates/admin/list_dns.html index 5ce29219..df92892d 100644 --- a/web/templates/admin/list_dns.html +++ b/web/templates/admin/list_dns.html @@ -37,7 +37,7 @@ - : + : @@ -153,8 +153,8 @@ sort-expire="" sort-records=" -
-
+
+
@@ -175,6 +175,17 @@ sort-expire="" sort-records=" + + +
+
+
+ + + + + + +
+ +
+ + + +
+ $value) { + ++$i; + if ($data[$key]['SUSPENDED'] == 'yes') { + $status = 'suspended'; + $spnd_action = 'unsuspend' ; + $spnd_confirmation = 'UNSUSPEND_RULE_CONFIRMATION' ; + } else { + $status = 'active'; + $spnd_action = 'suspend' ; + $spnd_confirmation = 'SUSPEND_RULE_CONFIRMATION' ; + } + ?> + +
+
+
+ + +
+ +
+
+
 ↵
+
+ + + + + +  S +
+
+ + + + + +  Del +
+ +
+ +
+ +
+ + +
+
+
+ +
+
+ +
+
+
+
+
+
+
+
+ +
+ +
+ + + + + +
+ +
+
+
+
+
+ +
+
+ +
+
+
+
diff --git a/web/templates/admin/list_firewall_ipv6_banlist.html b/web/templates/admin/list_firewall_ipv6_banlist.html new file mode 100644 index 00000000..5f3bc43d --- /dev/null +++ b/web/templates/admin/list_firewall_ipv6_banlist.html @@ -0,0 +1,121 @@ +
+
+ + +
+ + + + + + +
+
+ + + +
+ 		+ + + +
+ +
+ +
+ +
+
+
+ +
+ +
+ + + +
+ $value) { + ++$i; + list($ip,$chain) = explode(":",$key); + + ?> + +
+
+
+ + +
+ +
+
+
+ + + + + +  Del +
+ +
+ +
+ +
+ + +
+ +
+
+
 
+
+
+
+
+ +
+ +
+ + + + + +
+ +
+
+
+
+
+ +
+
+ 1) { + echo __('%s IPv6 addresses',$i); + } + ?> +
+
+ +
+
+
+
diff --git a/web/templates/admin/list_ip.html b/web/templates/admin/list_ip.html index 7da9fa2c..ee237ecc 100644 --- a/web/templates/admin/list_ip.html +++ b/web/templates/admin/list_ip.html @@ -162,6 +162,20 @@ sort-owner="" sort-star=" + + +
+
+
+
+
+ + + + + + + diff --git a/web/templates/admin/list_user.html b/web/templates/admin/list_user.html index b3b627e7..4ad0be00 100644 --- a/web/templates/admin/list_user.html +++ b/web/templates/admin/list_user.html @@ -287,6 +287,13 @@ sort-bandwidth="" sort-disk=" +
+
:
+
+ +
+
+ diff --git a/web/templates/admin/list_web.html b/web/templates/admin/list_web.html index 72fe1454..d251294e 100644 --- a/web/templates/admin/list_web.html +++ b/web/templates/admin/list_web.html @@ -118,7 +118,7 @@ ?>
@@ -179,6 +179,7 @@ sort-name="" sort-bandwidth="" sort-dis
+ -
diff --git a/web/templates/user/edit_dns.html b/web/templates/user/edit_dns.html index b8c11723..ed16ed71 100644 --- a/web/templates/user/edit_dns.html +++ b/web/templates/user/edit_dns.html @@ -63,7 +63,17 @@ - "> + "> + + + + + + + + + + "> diff --git a/web/templates/user/edit_web.html b/web/templates/user/edit_web.html index 20358b03..5f72c6a5 100644 --- a/web/templates/user/edit_web.html +++ b/web/templates/user/edit_web.html @@ -66,9 +66,29 @@ + + + + + + + + + + + From f4bc3f50c4d3557cb62099ee495c31cc3e36e1dc Mon Sep 17 00:00:00 2001 From: MadeITBelgium Date: Fri, 22 Sep 2017 16:55:16 +0000 Subject: [PATCH 06/12] Fix ipv6 bugs --- bin/v-add-web-domain-alias | 45 +++++++++++-- bin/v-change-dns-domain-ip | 2 +- bin/v-change-dns-domain-ipv6 | 1 + bin/v-delete-user-ips | 2 +- bin/v-delete-user-ipv6s | 63 +++++++++++++++++++ bin/v-delete-web-domain | 97 ++++++++++++++++------------- bin/v-suspend-web-domain | 52 +++++++++++----- bin/v-unsuspend-web-domain | 52 +++++++++++----- install/rhel/5/dovecot/dovecot.conf | 1 + install/rhel/5/named/named.conf | 1 + install/rhel/6/dovecot/dovecot.conf | 2 +- install/rhel/6/named/named.conf | 1 + install/rhel/7/dovecot/dovecot.conf | 2 +- install/rhel/7/named/named.conf | 1 + install/vst-install-debian.sh | 2 +- install/vst-install-rhel.sh | 2 +- install/vst-install-ubuntu.sh | 2 +- upd/add_ipv6.sh | 2 +- 18 files changed, 243 insertions(+), 87 deletions(-) create mode 100755 bin/v-delete-user-ipv6s diff --git a/bin/v-add-web-domain-alias b/bin/v-add-web-domain-alias index cb75568e..a48b278c 100755 --- a/bin/v-add-web-domain-alias +++ b/bin/v-add-web-domain-alias @@ -55,6 +55,7 @@ get_domain_values 'web' # Preparing domain values for the template substitution local_ip=$(get_real_ip $IP) +ipv6=$IP6 if [ -z "$ALIAS" ]; then ALIAS="$aliases" else @@ -62,12 +63,35 @@ else fi prepare_web_domain_values -# Rebuilding vhost -del_web_config "$WEB_SYSTEM" "$TPL.tpl" -add_web_config "$WEB_SYSTEM" "$TPL.tpl" -if [ "$SSL" = 'yes' ]; then - del_web_config "$WEB_SYSTEM" "$TPL.stpl" - add_web_config "$WEB_SYSTEM" "$TPL.stpl" +if [ ! -z "$local_ip" ]; then + old=$local_ip + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + add_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + add_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Rebuilding proxy configuration + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi +fi + +# Rebuilding vhost IPv6 +if [ ! -z "$IP6" ]; then + old=$IP6 + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + add_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + add_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi fi # Rebuilding proxy configuration @@ -78,6 +102,15 @@ if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" fi + # Rebuilding proxy configuration + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi fi diff --git a/bin/v-change-dns-domain-ip b/bin/v-change-dns-domain-ip index 65b12cb5..810fe8a4 100755 --- a/bin/v-change-dns-domain-ip +++ b/bin/v-change-dns-domain-ip @@ -57,6 +57,7 @@ fi get_domain_values 'dns' old=$IP new=$ip +ipv6=$IP6 if [ -z "$old" ]; then #Create new @@ -71,7 +72,6 @@ else sed -i "s/$old/$ip/g" $USER_DATA/dns/$domain.conf else #Delete configs - ip=$old remove_dns_config_records fi fi diff --git a/bin/v-change-dns-domain-ipv6 b/bin/v-change-dns-domain-ipv6 index 6717d3c2..2f810b69 100755 --- a/bin/v-change-dns-domain-ipv6 +++ b/bin/v-change-dns-domain-ipv6 @@ -55,6 +55,7 @@ fi get_domain_values 'dns' old=$IP6 new=$ipv6 +ip=$IP if [ -z "$old" ]; then #Create new diff --git a/bin/v-delete-user-ips b/bin/v-delete-user-ips index 7f8e3224..34b7935c 100755 --- a/bin/v-delete-user-ips +++ b/bin/v-delete-user-ips @@ -36,7 +36,7 @@ fi #----------------------------------------------------------# # Parsing user ips -ip_list=$(grep -H "OWNER='$user'" $VESTA/data/ips/* | cut -f 1 -d:) +ip_list=$(grep -H -A10 "OWNER='$user'" $VESTA/data/ips/* |grep "VERSION='4'" | cut -f 1 -d '-') for ip in $ip_list; do ip=$(basename $ip) diff --git a/bin/v-delete-user-ipv6s b/bin/v-delete-user-ipv6s new file mode 100755 index 00000000..35a41c5c --- /dev/null +++ b/bin/v-delete-user-ipv6s @@ -0,0 +1,63 @@ +#!/bin/bash +# info: delete user ips +# options: USER +# +# The function deletes all user's ip addresses. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +user=$1 + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/ipv6.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'USER' +is_format_valid 'user' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" +if [ "$user" = 'admin' ]; then + exit +fi + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Parsing user ips +ip_list=$(grep -H -A10 "OWNER='$user'" $VESTA/data/ips/* |grep "VERSION='6'" | cut -f 1 -d '-') + +for ip in $ip_list; do + ip=$(basename $ip) + + # Checking webdomains and users + is_ip_key_empty '$U_WEB_DOMAINS' + is_ip_key_empty '$U_SYS_USERS' + + # Assig ip to main account + update_ip_value '$OWNER' 'admin' + update_ip_value '$STATUS' 'dedicated' + increase_user_value 'admin' '$IP_OWNED' + increase_user_value 'admin' '$IP_AVAIL' +done + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit \ No newline at end of file diff --git a/bin/v-delete-web-domain b/bin/v-delete-web-domain index 3c0f4680..db19ed0c 100755 --- a/bin/v-delete-web-domain +++ b/bin/v-delete-web-domain @@ -22,6 +22,7 @@ restart=$3 source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/func/ip.sh +source $VESTA/func/ipv6.sh source $VESTA/conf/vesta.conf # Additional argument formatting @@ -56,55 +57,61 @@ fi get_domain_values 'web' local_ip=$(get_real_ip $IP) -# Deleting domain from web.conf -sed -i "/DOMAIN='$domain'/ d" $USER_DATA/web.conf - -# Deleting vhost configuration IPv4 -if [ ! -z "$local_ip" ]; then - old=$local_ip - del_web_config "$WEB_SYSTEM" "$TPL.tpl" - - # Deleting SSL configuration and certificates - if [ "$SSL" = 'yes' ]; then - del_web_config "$WEB_SYSTEM" "$TPL.stpl" - rm -f $HOMEDIR/$user/conf/web/ssl.$domain.* - rm -f $USER_DATA/ssl/$domain.* - fi - - # Deleting proxy - if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" - if [ "$SSL" = 'yes' ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" - fi - if [ -e "/etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf" ]; then - sed -i "/=$domain:/d" /etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf - fi - fi +if [ -z "$IP6" ]; then + # Deleting domain from web.conf + sed -i "/DOMAIN='$domain'/ d" $USER_DATA/web.conf fi # Deleting vhost configuration IPv4 -if [ ! -z "$ipv6" ]; then - old=$IP6 - del_web_config "$WEB_SYSTEM" "$TPL.tpl" +if [ ! -z "$local_ip" ]; then + old=$local_ip + del_web_config "$WEB_SYSTEM" "$TPL.tpl" - # Deleting SSL configuration and certificates - if [ "$SSL" = 'yes' ]; then - del_web_config "$WEB_SYSTEM" "$TPL.stpl" - rm -f $HOMEDIR/$user/conf/web/ssl.$domain.* - rm -f $USER_DATA/ssl/$domain.* - fi + # Deleting SSL configuration and certificates + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + rm -f $HOMEDIR/$user/conf/web/ssl.$domain.* + rm -f $USER_DATA/ssl/$domain.* + fi - # Deleting proxy - if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" - if [ "$SSL" = 'yes' ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" - fi - if [ -e "/etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf" ]; then - sed -i "/=$domain:/d" /etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf - fi - fi + # Deleting proxy + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + if [ -e "/etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf" ]; then + sed -i "/=$domain:/d" /etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf + fi + fi +fi + +# Deleting vhost configuration IPv6 +web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l) +if [ ! -z "$IP6" ] && [ "$web_domain" -gt '0' ]; then + # Deleting domain from web.conf + sed -i "/DOMAIN='$domain'/d" $USER_DATA/web.conf + + old=$IP6 + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + + # Deleting SSL configuration and certificates + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + rm -f $HOMEDIR/$user/conf/web/ssl.$domain.* + rm -f $USER_DATA/ssl/$domain.* + fi + + # Deleting proxy + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + if [ -e "/etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf" ]; then + sed -i "/=$domain:/d" /etc/$PROXY_SYSTEM/conf.d/01_caching_pool.conf + fi + fi fi # Deleting web stats @@ -140,7 +147,7 @@ rm -rf $HOMEDIR/$user/web/$domain # Decreasing user counters decrease_ip_value "$local_ip" -decrease_ipv6_value "$ipv6" +decrease_ipv6_value "$IP6" decrease_user_value "$user" '$U_WEB_DOMAINS' if [ "$SSL" = 'yes' ]; then decrease_user_value "$user" '$U_WEB_SSL' diff --git a/bin/v-suspend-web-domain b/bin/v-suspend-web-domain index 7bd658ce..1b8a0241 100755 --- a/bin/v-suspend-web-domain +++ b/bin/v-suspend-web-domain @@ -53,24 +53,48 @@ local_ip=$(get_real_ip $IP) # Preparing domain values for the template substitution prepare_web_domain_values -# Rebuilding vhost -del_web_config "$WEB_SYSTEM" "$TPL.tpl" -add_web_config "$WEB_SYSTEM" "$TPL.tpl" -if [ "$SSL" = 'yes' ]; then - del_web_config "$WEB_SYSTEM" "$TPL.stpl" - add_web_config "$WEB_SYSTEM" "$TPL.stpl" -fi - -# Rebuilding proxy configuration -if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" - add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" +# Rebuilding vhost IPv4 +if [ ! -z "$local_ip" ]; then + old=$local_ip + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + add_web_config "$WEB_SYSTEM" "$TPL.tpl" if [ "$SSL" = 'yes' ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" - add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + add_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Rebuilding proxy configuration + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi fi fi +# Rebuilding vhost IPv6 +if [ ! -z "$IP6" ]; then + old=$IP6 + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + add_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + add_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Rebuilding proxy configuration + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi + fi + #----------------------------------------------------------# # Vesta # diff --git a/bin/v-unsuspend-web-domain b/bin/v-unsuspend-web-domain index 91bc1e16..b3ad2b4b 100755 --- a/bin/v-unsuspend-web-domain +++ b/bin/v-unsuspend-web-domain @@ -51,21 +51,45 @@ local_ip=$(get_real_ip $IP) # Preparing domain values for the template substitution prepare_web_domain_values -# Rebuilding vhost -del_web_config "$WEB_SYSTEM" "$TPL.tpl" -add_web_config "$WEB_SYSTEM" "$TPL.tpl" -if [ "$SSL" = 'yes' ]; then - del_web_config "$WEB_SYSTEM" "$TPL.stpl" - add_web_config "$WEB_SYSTEM" "$TPL.stpl" -fi - -# Rebuilding proxy configuration -if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" - add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" +# Rebuilding vhost IPv4 +if [ ! -z "$local_ip" ]; then + old=$local_ip + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + add_web_config "$WEB_SYSTEM" "$TPL.tpl" if [ "$SSL" = 'yes' ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" - add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + add_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Rebuilding proxy configuration + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi +fi + +# Rebuilding vhost IPv6 +if [ ! -z "$IP6" ]; then + old=$IP6 + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + add_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + add_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + # Rebuilding proxy configuration + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi fi fi diff --git a/install/rhel/5/dovecot/dovecot.conf b/install/rhel/5/dovecot/dovecot.conf index 544d851e..07f0d900 100644 --- a/install/rhel/5/dovecot/dovecot.conf +++ b/install/rhel/5/dovecot/dovecot.conf @@ -1,3 +1,4 @@ +listen = *, :: protocols = imap imaps pop3 pop3s log_path = /var/log/dovecot.log ssl_cert_file = /usr/local/vesta/ssl/certificate.crt diff --git a/install/rhel/5/named/named.conf b/install/rhel/5/named/named.conf index 472bd829..38c1b6c0 100644 --- a/install/rhel/5/named/named.conf +++ b/install/rhel/5/named/named.conf @@ -6,6 +6,7 @@ options { version "get lost"; allow-transfer {"none";}; recursion no; + listen-on-v6 { any; }; }; diff --git a/install/rhel/6/dovecot/dovecot.conf b/install/rhel/6/dovecot/dovecot.conf index b44bd6a8..0a855351 100644 --- a/install/rhel/6/dovecot/dovecot.conf +++ b/install/rhel/6/dovecot/dovecot.conf @@ -1,4 +1,4 @@ protocols = imap pop3 -listen = * +listen = *, :: base_dir = /var/run/dovecot/ !include conf.d/*.conf diff --git a/install/rhel/6/named/named.conf b/install/rhel/6/named/named.conf index 472bd829..38c1b6c0 100644 --- a/install/rhel/6/named/named.conf +++ b/install/rhel/6/named/named.conf @@ -6,6 +6,7 @@ options { version "get lost"; allow-transfer {"none";}; recursion no; + listen-on-v6 { any; }; }; diff --git a/install/rhel/7/dovecot/dovecot.conf b/install/rhel/7/dovecot/dovecot.conf index b44bd6a8..0a855351 100644 --- a/install/rhel/7/dovecot/dovecot.conf +++ b/install/rhel/7/dovecot/dovecot.conf @@ -1,4 +1,4 @@ protocols = imap pop3 -listen = * +listen = *, :: base_dir = /var/run/dovecot/ !include conf.d/*.conf diff --git a/install/rhel/7/named/named.conf b/install/rhel/7/named/named.conf index 472bd829..38c1b6c0 100644 --- a/install/rhel/7/named/named.conf +++ b/install/rhel/7/named/named.conf @@ -6,6 +6,7 @@ options { version "get lost"; allow-transfer {"none";}; recursion no; + listen-on-v6 { any; }; }; diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 8f08bd7a..8a556dc0 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1200,7 +1200,7 @@ $VESTA/bin/v-update-sys-ip # Get main ipv6 ipv6=$(ip addr show | sed -e's/^.*inet6 \([^ ]*\)\/.*$/\1/;t;d' | grep -ve "^fe80" | tail -1) -if [ ! -z "$ipv6" ]; then +if [ ! -z "$ipv6" ] && [ "::1" != "$ipv6" ]; then netmask="ip addr show | grep '$ipv6' | awk -F '/' '{print $2}' | awk '{print $1}'" netmask=$(eval $netmask) $VESTA/bin/v-add-sys-ipv6 $ipv6 $netmask diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh index af98ab03..800d94bc 100755 --- a/install/vst-install-rhel.sh +++ b/install/vst-install-rhel.sh @@ -1245,7 +1245,7 @@ $VESTA/bin/v-update-sys-ip # Get main ipv6 ipv6=$(ip addr show | sed -e's/^.*inet6 \([^ ]*\)\/.*$/\1/;t;d' | grep -ve "^fe80" | tail -1) -if [ ! -z "$ipv6" ]; then +if [ ! -z "$ipv6" ] && [ "::1" != "$ipv6" ]; then netmask="ip addr show | grep '$ipv6' | awk -F '/' '{print $2}' | awk '{print $1}'" netmask=$(eval $netmask) $VESTA/bin/v-add-sys-ipv6 $ipv6 $netmask diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index f7280c93..4b630663 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -1195,7 +1195,7 @@ $VESTA/bin/v-update-sys-ip # Get main ipv6 ipv6=$(ip addr show | sed -e's/^.*inet6 \([^ ]*\)\/.*$/\1/;t;d' | grep -ve "^fe80" | tail -1) -if [ ! -z "$ipv6" ]; then +if [ ! -z "$ipv6" ] && [ "::1" != "$ipv6" ]; then netmask="ip addr show | grep '$ipv6' | awk -F '/' '{print $2}' | awk '{print $1}'" netmask=$(eval $netmask) $VESTA/bin/v-add-sys-ipv6 $ipv6 $netmask diff --git a/upd/add_ipv6.sh b/upd/add_ipv6.sh index 552961a3..9faf6a30 100755 --- a/upd/add_ipv6.sh +++ b/upd/add_ipv6.sh @@ -33,7 +33,7 @@ ipv6use="" if [ ! -z "$ipv6" ] && [ "::1" != "$ipv6" ]; then netmask="ip addr show | grep '$ipv6' | awk -F '/' '{print \$2}' | awk '{print \$1}'" netmask=$(eval $netmask) - $VESTA/bin/v-add-sys-ipv6 $ipv6 $netmask + $BIN/v-add-sys-ipv6 $ipv6 $netmask $BIN/v-update-firewall-ipv6 ipv6use=$ipv6 fi From 668da0178e1ac84c74e2b8718d6d8247eec57241 Mon Sep 17 00:00:00 2001 From: MadeITBelgium Date: Sat, 23 Sep 2017 14:13:09 +0000 Subject: [PATCH 07/12] Fix change IP and suspending web domain --- bin/v-change-dns-domain-ip | 21 ++++++++++++++++----- bin/v-change-dns-domain-ipv6 | 23 ++++++++++++++++------- bin/v-change-web-domain-ip | 4 ++++ bin/v-change-web-domain-ipv6 | 4 ++++ bin/v-suspend-web-domain | 2 ++ bin/v-unsuspend-web-domain | 2 ++ func/domain.sh | 20 +++++++------------- 7 files changed, 51 insertions(+), 25 deletions(-) diff --git a/bin/v-change-dns-domain-ip b/bin/v-change-dns-domain-ip index 810fe8a4..5e513c79 100755 --- a/bin/v-change-dns-domain-ip +++ b/bin/v-change-dns-domain-ip @@ -49,15 +49,18 @@ else ip='' fi + +# Get old ip +get_domain_values 'dns' +if [ -z "$ip" ] && [ -z "$IP6" ]; then + check_result $E_INVALID "IP or IPv6 is required" +fi + #----------------------------------------------------------# # Action # #----------------------------------------------------------# -# Get old ip -get_domain_values 'dns' old=$IP -new=$ip -ipv6=$IP6 if [ -z "$old" ]; then #Create new @@ -71,13 +74,21 @@ else # Changing records sed -i "s/$old/$ip/g" $USER_DATA/dns/$domain.conf else + ip="" + ipv6=$IP6 #Delete configs remove_dns_config_records fi fi # Changing ip -update_object_value 'dns' 'DOMAIN' "$domain" '$IP' "$new" +update_object_value 'dns' 'DOMAIN' "$domain" '$IP' "$ip" + +#update counters +records="$(wc -l $USER_DATA/dns/$domain.conf | cut -f1 -d ' ')" +update_object_value 'dns' 'DOMAIN' "$domain" '$RECORDS' "$records" +records=$(wc -l $USER_DATA/dns/*.conf | cut -f 1 -d ' ') +update_user_value "$user" '$U_DNS_RECORDS' "$records" # Updating zone if [[ "$DNS_SYSTEM" =~ named|bind ]]; then diff --git a/bin/v-change-dns-domain-ipv6 b/bin/v-change-dns-domain-ipv6 index 2f810b69..a0a0510c 100755 --- a/bin/v-change-dns-domain-ipv6 +++ b/bin/v-change-dns-domain-ipv6 @@ -47,15 +47,17 @@ else ipv6='' fi +# Get old ip +get_domain_values 'dns' +if [ -z @"$ipv6" ] && [ -z "$IP" ]; then + check_result $E_INVALID "IP or IPv6 is required" +fi + #----------------------------------------------------------# # Action # #----------------------------------------------------------# -# Get old ip -get_domain_values 'dns' old=$IP6 -new=$ipv6 -ip=$IP if [ -z "$old" ]; then #Create new @@ -66,18 +68,25 @@ if [ -z "$old" ]; then ip="" add_dns_config_records else - if [ ! -z "$ip" ]; then + if [ ! -z "$ipv6" ]; then # Changing records sed -i "s/$old/$ipv6/g" $USER_DATA/dns/$domain.conf else #Delete configs - ipv6=$old + ipv6="" + ip=$IP remove_dns_config_records fi fi # Changing ip -update_object_value 'dns' 'DOMAIN' "$domain" '$IP6' "$new" +update_object_value 'dns' 'DOMAIN' "$domain" '$IP6' "$ipv6" + +#update counters +records="$(wc -l $USER_DATA/dns/$domain.conf | cut -f1 -d ' ')" +update_object_value 'dns' 'DOMAIN' "$domain" '$RECORDS' "$records" +records=$(wc -l $USER_DATA/dns/*.conf | cut -f 1 -d ' ') +update_user_value "$user" '$U_DNS_RECORDS' "$records" # Updating zone if [[ "$DNS_SYSTEM" =~ named|bind ]]; then diff --git a/bin/v-change-web-domain-ip b/bin/v-change-web-domain-ip index 0a6965d2..0cb5a861 100755 --- a/bin/v-change-web-domain-ip +++ b/bin/v-change-web-domain-ip @@ -54,6 +54,10 @@ fi # Preparing variables for vhost replace get_domain_values 'web' +if [ -z "$ip" ] && [ -z "$IP6" ]; then + check_result $E_INVALID "IP or IPv6 is required" +fi + old=$(get_real_ip $IP) new=$ip diff --git a/bin/v-change-web-domain-ipv6 b/bin/v-change-web-domain-ipv6 index bc86ed8d..eb8c8e57 100755 --- a/bin/v-change-web-domain-ipv6 +++ b/bin/v-change-web-domain-ipv6 @@ -52,6 +52,10 @@ fi # Preparing variables for vhost replace get_domain_values 'web' +if [ -z "$ipv6" ] && [ -z "$IP" ]; then + check_result $E_INVALID "IP or IPv6 is required" +fi + old=$IP6 new=$ipv6 diff --git a/bin/v-suspend-web-domain b/bin/v-suspend-web-domain index 1b8a0241..6d6cdc4f 100755 --- a/bin/v-suspend-web-domain +++ b/bin/v-suspend-web-domain @@ -76,6 +76,8 @@ fi # Rebuilding vhost IPv6 if [ ! -z "$IP6" ]; then + local_ip="" + ipv6=$IP6 old=$IP6 del_web_config "$WEB_SYSTEM" "$TPL.tpl" add_web_config "$WEB_SYSTEM" "$TPL.tpl" diff --git a/bin/v-unsuspend-web-domain b/bin/v-unsuspend-web-domain index b3ad2b4b..588da249 100755 --- a/bin/v-unsuspend-web-domain +++ b/bin/v-unsuspend-web-domain @@ -75,6 +75,8 @@ fi # Rebuilding vhost IPv6 if [ ! -z "$IP6" ]; then old=$IP6 + local_ip="" + ipv6=$IP6 del_web_config "$WEB_SYSTEM" "$TPL.tpl" add_web_config "$WEB_SYSTEM" "$TPL.tpl" if [ "$SSL" = 'yes' ]; then diff --git a/func/domain.sh b/func/domain.sh index 4c058609..987f5998 100644 --- a/func/domain.sh +++ b/func/domain.sh @@ -535,8 +535,6 @@ add_dns_config() { if [ ! -z $ipv6 ]; then spfipv6="ip6:$ipv6"; fi - echo $spfipv4 - echo $spfipv6 # Adding dns zone to the user config echo "$template_data" | grep -v '%ip' |\ @@ -605,16 +603,14 @@ add_dns_config_records() { if [ ! -z "$ipv6" ]; then template_data=$(echo "$template_data" |grep "%ipv6%") fi - - new_lines=$(echo "$template_data" |\ + + echo "$template_data" |\ sed -e "s/%ip%/$ip/g" \ -e "s/%ipv6%/$ipv6/g" \ -e "s/%time%/$time/g" \ -e "s/%date%/$date/g" \ |awk -F 'ID=' '{print $2}' \ - |cut -d\' --complement -s -f1,2) - - echo "$new_lines"\ + |cut -d\' --complement -s -f1,2 \ | while read line; do id="" get_next_dnsrecord @@ -626,7 +622,7 @@ add_dns_config_records() { remove_dns_config_records() { template_data=$(cat $DNSTPL/$TPL.tpl) - # Adding dns zone to the user config + # Search template data template_data=$(echo "$template_data" |grep -v "v=spf1" |egrep "%ip(v6)?%") if [ -z "$ip" ]; then template_data=$(echo "$template_data" |grep "%ip%") @@ -635,16 +631,14 @@ remove_dns_config_records() { template_data=$(echo "$template_data" |grep "%ipv6%") fi - delete_lines=$(echo "$template_data" |\ + echo "$template_data" |\ sed -e "s/%ip%/$old/g" \ -e "s/%ipv6%/$old/g" \ |awk -F 'ID=' '{print $2}' \ |cut -d\' --complement -s -f1,2 \ - |awk -F 'TIME=' '{print $1}'); - - echo "$delete_lines"\ + |awk -F ' SUSPENDED=' '{print $1}' \ | while read line; do - sed -i '/$line/d' $USER_DATA/dns/$domain.conf + sed -i "/$line/d" $USER_DATA/dns/$domain.conf done } From 37a2525ab0e752ffb9a047934d4ae9ab39543837 Mon Sep 17 00:00:00 2001 From: MadeITBelgium Date: Sat, 23 Sep 2017 15:09:27 +0000 Subject: [PATCH 08/12] Fix backup --- bin/v-backup-user | 98 ++++++++++++++++++++++++++++++++++------------ bin/v-restore-user | 13 +++++- 2 files changed, 85 insertions(+), 26 deletions(-) diff --git a/bin/v-backup-user b/bin/v-backup-user index 6749f1c1..59bf483f 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -146,35 +146,83 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then cd $tmpdir/web/$domain/ conf="$USER_DATA/web.conf" grep "DOMAIN='$domain'" $conf > vesta/web.conf - - # Backup vhost config - tpl_file="$WEBTPL/$WEB_SYSTEM/$WEB_BACKEND/$TPL.tpl" - conf="$HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf" - get_web_config_lines $tpl_file $conf - sed -n "$top_line,$bottom_line p" $conf > conf/$WEB_SYSTEM.conf - - # Backup ssl vhost - if [ "$SSL" = 'yes' ]; then - tpl_file="$WEBTPL/$WEB_SYSTEM/$WEB_BACKEND/$TPL.stpl" - conf="$HOMEDIR/$user/conf/web/s$WEB_SYSTEM.conf" + + if [ ! -z "$IP" ]; then + old="$IP" + # Backup vhost config + tpl_file="$WEBTPL/$WEB_SYSTEM/$WEB_BACKEND/$TPL.tpl" + conf="$HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf" get_web_config_lines $tpl_file $conf - sed -n "$top_line,$bottom_line p" $conf > conf/s$WEB_SYSTEM.conf + sed -n "$top_line,$bottom_line p" $conf > conf/$WEB_SYSTEM.conf + + # Backup ssl vhost + if [ "$SSL" = 'yes' ]; then + tpl_file="$WEBTPL/$WEB_SYSTEM/$WEB_BACKEND/$TPL.stpl" + conf="$HOMEDIR/$user/conf/web/s$WEB_SYSTEM.conf" + get_web_config_lines $tpl_file $conf + sed -n "$top_line,$bottom_line p" $conf > conf/s$WEB_SYSTEM.conf + fi + + # Backup proxy config + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + tpl_file="$WEBTPL/$PROXY_SYSTEM/$PROXY.tpl" + conf="$HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf" + get_web_config_lines $tpl_file $conf + sed -n "$top_line,$bottom_line p" $conf > conf/$PROXY_SYSTEM.conf + fi + + # Backup ssl proxy config + if [ ! -z "$PROXY_SYSTEM" ] && [ "$SSL" = 'yes' ]; then + tpl_file="$WEBTPL/$PROXY_SYSTEM/$PROXY.stpl" + conf="$HOMEDIR/$user/conf/web/s$PROXY_SYSTEM.conf" + get_web_config_lines $tpl_file $conf + sed -n "$top_line,$bottom_line p" $conf > conf/s$PROXY_SYSTEM.conf + fi fi - - # Backup proxy config - if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then - tpl_file="$WEBTPL/$PROXY_SYSTEM/$PROXY.tpl" - conf="$HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf" + + if [ ! -z "$IP6" ]; then + if [ -z "$IP" ]; then + echo "" > conf/$WEB_SYSTEM.conf + if [ "$SSL" = 'yes' ]; then + echo "" > conf/s$WEB_SYSTEM.conf + fi + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + echo "" > conf/$PROXY_SYSTEM.conf + fi + if [ ! -z "$PROXY_SYSTEM" ] && [ "$SSL" = 'yes' ]; then + echo > conf/s$PROXY_SYSTEM.conf + fi + fi + old=$IP6 + # Backup vhost config + tpl_file="$WEBTPL/$WEB_SYSTEM/$WEB_BACKEND/$TPL.tpl" + conf="$HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf" get_web_config_lines $tpl_file $conf - sed -n "$top_line,$bottom_line p" $conf > conf/$PROXY_SYSTEM.conf - fi + sed -n "$top_line,$bottom_line p" $conf >> conf/$WEB_SYSTEM.conf - # Backup ssl proxy config - if [ ! -z "$PROXY_SYSTEM" ] && [ "$SSL" = 'yes' ]; then - tpl_file="$WEBTPL/$PROXY_SYSTEM/$PROXY.stpl" - conf="$HOMEDIR/$user/conf/web/s$PROXY_SYSTEM.conf" - get_web_config_lines $tpl_file $conf - sed -n "$top_line,$bottom_line p" $conf > conf/s$PROXY_SYSTEM.conf + # Backup ssl vhost + if [ "$SSL" = 'yes' ]; then + tpl_file="$WEBTPL/$WEB_SYSTEM/$WEB_BACKEND/$TPL.stpl" + conf="$HOMEDIR/$user/conf/web/s$WEB_SYSTEM.conf" + get_web_config_lines $tpl_file $conf + sed -n "$top_line,$bottom_line p" $conf >> conf/s$WEB_SYSTEM.conf + fi + + # Backup proxy config + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + tpl_file="$WEBTPL/$PROXY_SYSTEM/$PROXY.tpl" + conf="$HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf" + get_web_config_lines $tpl_file $conf + sed -n "$top_line,$bottom_line p" $conf >> conf/$PROXY_SYSTEM.conf + fi + + # Backup ssl proxy config + if [ ! -z "$PROXY_SYSTEM" ] && [ "$SSL" = 'yes' ]; then + tpl_file="$WEBTPL/$PROXY_SYSTEM/$PROXY.stpl" + conf="$HOMEDIR/$user/conf/web/s$PROXY_SYSTEM.conf" + get_web_config_lines $tpl_file $conf + sed -n "$top_line,$bottom_line p" $conf >> conf/s$PROXY_SYSTEM.conf + fi fi # Backup custom config diff --git a/bin/v-restore-user b/bin/v-restore-user index 477f01ac..887bc443 100755 --- a/bin/v-restore-user +++ b/bin/v-restore-user @@ -492,13 +492,16 @@ if [ "$dns" != 'no' ] && [ ! -z "$DNS_SYSTEM" ]; then old_ip=$IP IP=$ip fi + # Checking ipv6 address check_ipv6=$(is_ipv6_valid $IP6 $user) if [ ! -z "$check_ipv6" ]; then local_ip6='' get_user_ipv6 $user old_ipv6=$IP6 - IP=$ipv6 + IP6=$ipv6 + else + old_ipv6='' fi # Checking dns template @@ -516,6 +519,14 @@ if [ "$dns" != 'no' ] && [ ! -z "$DNS_SYSTEM" ]; then # Restoring dns records cp -f $tmpdir/dns/$domain/vesta/$domain.conf $USER_DATA/dns/ + if [ -z "$old_ipv6" ] && [ ! -z "$IP6" ]; then + time_n_date=$(date +'%T %F') + time=$(echo "$time_n_date" |cut -f 1 -d \ ) + date=$(echo "$time_n_date" |cut -f 2 -d \ ) + ip="" + ipv6="$IP6" + add_dns_config_records + fi # Rebuilding dns domain rebuild_dns_domain_conf From 6399721fe247adadb8847fe7b1d08c19b8a91d20 Mon Sep 17 00:00:00 2001 From: MadeITBelgium Date: Sat, 23 Sep 2017 19:51:11 +0000 Subject: [PATCH 09/12] Fix add ipv6 --- web/add/ip/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/add/ip/index.php b/web/add/ip/index.php index 39d82556..94840839 100644 --- a/web/add/ip/index.php +++ b/web/add/ip/index.php @@ -46,7 +46,7 @@ if (!empty($_POST['ok'])) { $v_interface = escapeshellarg($_POST['v_interface']); $v_owner = escapeshellarg($_POST['v_owner']); $v_shared = $_POST['v_shared']; - $v_version = escapeshellarg($_POST['v_version']); + $v_version = $_POST['v_version']; // Check shared checkmark if ($v_shared == 'on') { From b40bad31ea18743966317ba11e14bf2ee7b36a2f Mon Sep 17 00:00:00 2001 From: "Made I.T" Date: Mon, 23 Oct 2017 14:25:24 +0200 Subject: [PATCH 10/12] Update v-change-web-domain-backend-tpl --- bin/v-change-web-domain-backend-tpl | 90 ++++++++++++++++++++++++----- 1 file changed, 76 insertions(+), 14 deletions(-) diff --git a/bin/v-change-web-domain-backend-tpl b/bin/v-change-web-domain-backend-tpl index 8fc24f86..1237031c 100755 --- a/bin/v-change-web-domain-backend-tpl +++ b/bin/v-change-web-domain-backend-tpl @@ -78,29 +78,59 @@ if [ "$backend_type" = "$user" ]; then for domain in $(shell_list); do get_domain_values 'web' local_ip=$(get_real_ip $IP) - prepare_web_domain_values + ipv6=$IP6 + + # Deleting vhost configuration IPv4 + if [ ! -z "$local_ip" ]; then + old=$local_ip + # Deleting proxy + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi + fi - # Rebuilding vhost - del_web_config "$WEB_SYSTEM" "$TPL.tpl" + # Deleting vhost configuration IPv6 + if [ ! -z "$IP6" ]; then + old=$IP6 + + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi + fi + + prepare_web_domain_values add_web_config "$WEB_SYSTEM" "$TPL.tpl" if [ "$SSL" = 'yes' ]; then - del_web_config "$WEB_SYSTEM" "$TPL.stpl" add_web_config "$WEB_SYSTEM" "$TPL.stpl" fi # Rebuilding proxy configuration if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" if [ "$SSL" = 'yes' ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" fi fi # Update config - add_object_key "web" 'DOMAIN' "$domain" 'BACKEND' 'PROXY' - update_object_value 'web' 'DOMAIN' "$domain" '$BACKEND' "$template" + add_object_key "web" 'DOMAIN' "$domain_idn" 'BACKEND' 'PROXY' + update_object_value 'web' 'DOMAIN' "$domain_idn" '$BACKEND' "$template" done # Chaning template in user config @@ -115,29 +145,61 @@ else # Parsing domain values get_domain_values 'web' local_ip=$(get_real_ip $IP) + ipv6=$IP6 + + # Deleting vhost configuration IPv4 + if [ ! -z "$local_ip" ]; then + old=$local_ip + # Deleting proxy + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi + + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi + fi + + # Deleting vhost configuration IPv6 + if [ ! -z "$IP6" ]; then + old=$IP6 + + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + + if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi + fi + fi + prepare_web_domain_values # Rebuilding vhost - del_web_config "$WEB_SYSTEM" "$TPL.tpl" add_web_config "$WEB_SYSTEM" "$TPL.tpl" if [ "$SSL" = 'yes' ]; then - del_web_config "$WEB_SYSTEM" "$TPL.stpl" add_web_config "$WEB_SYSTEM" "$TPL.stpl" fi # Rebuilding proxy configuration if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" add_web_config "$PROXY_SYSTEM" "$PROXY.tpl" if [ "$SSL" = 'yes' ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" add_web_config "$PROXY_SYSTEM" "$PROXY.stpl" fi fi # Update config - add_object_key "web" 'DOMAIN' "$domain" 'BACKEND' 'PROXY' - update_object_value 'web' 'DOMAIN' "$domain" '$BACKEND' "$template" + add_object_key "web" 'DOMAIN' "$domain_idn" 'BACKEND' 'PROXY' + update_object_value 'web' 'DOMAIN' "$domain_idn" '$BACKEND' "$template" fi From cac3b0617f837ffae0ba7a468aa0c8d5c5bbe907 Mon Sep 17 00:00:00 2001 From: "Made I.T" Date: Mon, 23 Oct 2017 14:25:52 +0200 Subject: [PATCH 11/12] Update v-change-web-domain-proxy-tpl --- bin/v-change-web-domain-proxy-tpl | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/bin/v-change-web-domain-proxy-tpl b/bin/v-change-web-domain-proxy-tpl index 8b5977fe..fbfed7a8 100755 --- a/bin/v-change-web-domain-proxy-tpl +++ b/bin/v-change-web-domain-proxy-tpl @@ -54,11 +54,26 @@ is_proxy_template_valid $template # Parsing domain values get_domain_values 'web' local_ip=$(get_real_ip $IP) +ipv6=$IP6 -# Delete old vhost -del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" -if [ "$SSL" = 'yes' ]; then - del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" +# Deleting vhost configuration IPv4 +if [ ! -z "$local_ip" ]; then + old=$local_ip + # Deleting proxy + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi +fi + +# Deleting domain +if [ ! -z "$IP6" ]; then + old=$IP6 + + del_web_config "$PROXY_SYSTEM" "$PROXY.tpl" + if [ "$SSL" = 'yes' ]; then + del_web_config "$PROXY_SYSTEM" "$PROXY.stpl" + fi fi # Add new vhost From 3ac0abe6c0317c49039c17d0e7212231e5c8eeba Mon Sep 17 00:00:00 2001 From: "Made I.T" Date: Mon, 23 Oct 2017 14:26:15 +0200 Subject: [PATCH 12/12] Update v-change-web-domain-tpl --- bin/v-change-web-domain-tpl | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/bin/v-change-web-domain-tpl b/bin/v-change-web-domain-tpl index ca847293..82f994df 100755 --- a/bin/v-change-web-domain-tpl +++ b/bin/v-change-web-domain-tpl @@ -51,11 +51,28 @@ is_web_template_valid "$template" # Parsing domain values get_domain_values 'web' local_ip=$(get_real_ip $IP) +ipv6=$IP6 + +# Deleting vhost configuration IPv4 +if [ ! -z "$local_ip" ]; then + old=$local_ip + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + + # Deleting SSL configuration and certificates + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl"- + fi +fi # Deleting domain -del_web_config "$WEB_SYSTEM" "$TPL.tpl" -if [ "$SSL" = 'yes' ]; then - del_web_config "$WEB_SYSTEM" "$TPL.stpl" +if [ ! -z "$IP6" ]; then + old=$IP6 + del_web_config "$WEB_SYSTEM" "$TPL.tpl" + + # Deleting SSL configuration and certificates + if [ "$SSL" = 'yes' ]; then + del_web_config "$WEB_SYSTEM" "$TPL.stpl" + fi fi # Defining variables for new vhost config