gistfile1.txt
· 3.9 KiB · Text
Bruto
function cmd::unblock::run() {
local name="" identity="" type=""
local ips=() subnets=() ports=() services=()
local all=false quiet=false force=false
local reason=""
while [[ $# -gt 0 ]]; do
case "$1" in
--name) name="$2"; shift 2 ;;
--identity) identity="$2"; shift 2 ;;
--type) type="$2"; shift 2 ;;
--ip) ips+=("$2"); shift 2 ;;
--force) force=true; shift ;;
--quiet) quiet=true; shift ;;
--subnet) subnets+=("$2"); shift 2 ;;
--port) ports+=("$2"); shift 2 ;;
--service) services+=("$2"); shift 2 ;;
--reason) reason="$2"; shift 2 ;;
--all) all=true; shift ;;
--help) cmd::unblock::help; return ;;
*)
log::error "Unknown flag: $1"
cmd::unblock::help
return 1
;;
esac
done
# --identity: unblock all peers for this identity
if [[ -n "$identity" ]]; then
cmd::unblock::_unblock_identity "$identity" "$quiet" || return 1
return 0
fi
if [[ -z "$name" ]]; then
log::error "Missing required flag: --name or --identity"
cmd::unblock::help
return 1
fi
name=$(peers::resolve_and_require "$name" "$type") || return 1
if ! peers::is_blocked "$name" && ! block::has_file "$name"; then
log::wg_warning "Client is not blocked: ${name}"
return 0
fi
if [[ ${#ips[@]} -eq 0 && ${#subnets[@]} -eq 0 && \
${#ports[@]} -eq 0 && ${#services[@]} -eq 0 ]]; then
all=true
fi
local client_ip
client_ip=$(peers::get_ip "$name") || return 1
if $all; then
cmd::unblock::_unblock_all "$name" "$client_ip" "$quiet"
return 0
fi
# Unblock specific IPs
for ip in "${ips[@]}"; do
fw::unblock_ip "$client_ip" "$ip"
block::remove_rule "$name" "ip" "$ip"
$quiet || log::wg_success "${ip} has been unblocked for ${name}"
done
# Unblock specific subnets
for subnet in "${subnets[@]}"; do
fw::unblock_subnet "$client_ip" "$subnet"
block::remove_rule "$name" "subnet" "$subnet"
$quiet || log::wg_success "${subnet} has been unblocked for ${name}"
done
# Unblock specific ports
for entry in "${ports[@]}"; do
local target port proto
IFS=":" read -r target port proto <<< "$entry"
proto="${proto:-tcp}"
fw::unblock_port "$client_ip" "$target" "$port" "$proto"
block::remove_rule "$name" "port" "$target" "$port" "$proto"
$quiet || log::wg_success "${target}:${port}:${proto} has been unblocked for ${name}"
done
# Unblock services
for svc in "${services[@]}"; do
local resolved_lines=()
mapfile -t resolved_lines < <(net::resolve "$svc" 2>/dev/null)
if [[ ${#resolved_lines[@]} -eq 0 ]]; then
log::error "Service not found: ${svc}"
return 1
fi
local is_blocked=false
for resolved in "${resolved_lines[@]}"; do
if [[ "$resolved" == *:*:* ]]; then
local b_ip b_port b_proto
IFS=":" read -r b_ip b_port b_proto <<< "$resolved"
fw::has_block_rule "$client_ip" "$b_ip" "$b_port" "$b_proto" 2>/dev/null && \
{ is_blocked=true; break; }
else
fw::has_block_rule "$client_ip" "$resolved" 2>/dev/null && \
{ is_blocked=true; break; }
fi
done
if ! $is_blocked; then
$quiet || log::wg_warning "${svc} is not blocked for ${name}"
continue
fi
for resolved in "${resolved_lines[@]}"; do
if [[ "$resolved" == *:*:* ]]; then
local b_ip b_port b_proto
IFS=":" read -r b_ip b_port b_proto <<< "$resolved"
fw::unblock_port "$client_ip" "$b_ip" "$b_port" "$b_proto"
block::remove_rule "$name" "port" "$b_ip" "$b_port" "$b_proto"
else
fw::unblock_ip "$client_ip" "$resolved"
block::remove_rule "$name" "ip" "$resolved"
fi
done
$quiet || log::wg_success "${svc} has been unblocked for ${name}"
done
block::cleanup "$name"
return 0
}
| 1 | function cmd::unblock::run() { |
| 2 | local name="" identity="" type="" |
| 3 | local ips=() subnets=() ports=() services=() |
| 4 | local all=false quiet=false force=false |
| 5 | local reason="" |
| 6 | |
| 7 | while [[ $# -gt 0 ]]; do |
| 8 | case "$1" in |
| 9 | --name) name="$2"; shift 2 ;; |
| 10 | --identity) identity="$2"; shift 2 ;; |
| 11 | --type) type="$2"; shift 2 ;; |
| 12 | --ip) ips+=("$2"); shift 2 ;; |
| 13 | --force) force=true; shift ;; |
| 14 | --quiet) quiet=true; shift ;; |
| 15 | --subnet) subnets+=("$2"); shift 2 ;; |
| 16 | --port) ports+=("$2"); shift 2 ;; |
| 17 | --service) services+=("$2"); shift 2 ;; |
| 18 | --reason) reason="$2"; shift 2 ;; |
| 19 | --all) all=true; shift ;; |
| 20 | --help) cmd::unblock::help; return ;; |
| 21 | *) |
| 22 | log::error "Unknown flag: $1" |
| 23 | cmd::unblock::help |
| 24 | return 1 |
| 25 | ;; |
| 26 | esac |
| 27 | done |
| 28 | |
| 29 | # --identity: unblock all peers for this identity |
| 30 | if [[ -n "$identity" ]]; then |
| 31 | cmd::unblock::_unblock_identity "$identity" "$quiet" || return 1 |
| 32 | return 0 |
| 33 | fi |
| 34 | |
| 35 | if [[ -z "$name" ]]; then |
| 36 | log::error "Missing required flag: --name or --identity" |
| 37 | cmd::unblock::help |
| 38 | return 1 |
| 39 | fi |
| 40 | |
| 41 | name=$(peers::resolve_and_require "$name" "$type") || return 1 |
| 42 | |
| 43 | if ! peers::is_blocked "$name" && ! block::has_file "$name"; then |
| 44 | log::wg_warning "Client is not blocked: ${name}" |
| 45 | return 0 |
| 46 | fi |
| 47 | |
| 48 | if [[ ${#ips[@]} -eq 0 && ${#subnets[@]} -eq 0 && \ |
| 49 | ${#ports[@]} -eq 0 && ${#services[@]} -eq 0 ]]; then |
| 50 | all=true |
| 51 | fi |
| 52 | |
| 53 | local client_ip |
| 54 | client_ip=$(peers::get_ip "$name") || return 1 |
| 55 | |
| 56 | if $all; then |
| 57 | cmd::unblock::_unblock_all "$name" "$client_ip" "$quiet" |
| 58 | return 0 |
| 59 | fi |
| 60 | |
| 61 | # Unblock specific IPs |
| 62 | for ip in "${ips[@]}"; do |
| 63 | fw::unblock_ip "$client_ip" "$ip" |
| 64 | block::remove_rule "$name" "ip" "$ip" |
| 65 | $quiet || log::wg_success "${ip} has been unblocked for ${name}" |
| 66 | done |
| 67 | |
| 68 | # Unblock specific subnets |
| 69 | for subnet in "${subnets[@]}"; do |
| 70 | fw::unblock_subnet "$client_ip" "$subnet" |
| 71 | block::remove_rule "$name" "subnet" "$subnet" |
| 72 | $quiet || log::wg_success "${subnet} has been unblocked for ${name}" |
| 73 | done |
| 74 | |
| 75 | # Unblock specific ports |
| 76 | for entry in "${ports[@]}"; do |
| 77 | local target port proto |
| 78 | IFS=":" read -r target port proto <<< "$entry" |
| 79 | proto="${proto:-tcp}" |
| 80 | fw::unblock_port "$client_ip" "$target" "$port" "$proto" |
| 81 | block::remove_rule "$name" "port" "$target" "$port" "$proto" |
| 82 | $quiet || log::wg_success "${target}:${port}:${proto} has been unblocked for ${name}" |
| 83 | done |
| 84 | |
| 85 | # Unblock services |
| 86 | for svc in "${services[@]}"; do |
| 87 | local resolved_lines=() |
| 88 | mapfile -t resolved_lines < <(net::resolve "$svc" 2>/dev/null) |
| 89 | if [[ ${#resolved_lines[@]} -eq 0 ]]; then |
| 90 | log::error "Service not found: ${svc}" |
| 91 | return 1 |
| 92 | fi |
| 93 | |
| 94 | local is_blocked=false |
| 95 | for resolved in "${resolved_lines[@]}"; do |
| 96 | if [[ "$resolved" == *:*:* ]]; then |
| 97 | local b_ip b_port b_proto |
| 98 | IFS=":" read -r b_ip b_port b_proto <<< "$resolved" |
| 99 | fw::has_block_rule "$client_ip" "$b_ip" "$b_port" "$b_proto" 2>/dev/null && \ |
| 100 | { is_blocked=true; break; } |
| 101 | else |
| 102 | fw::has_block_rule "$client_ip" "$resolved" 2>/dev/null && \ |
| 103 | { is_blocked=true; break; } |
| 104 | fi |
| 105 | done |
| 106 | |
| 107 | if ! $is_blocked; then |
| 108 | $quiet || log::wg_warning "${svc} is not blocked for ${name}" |
| 109 | continue |
| 110 | fi |
| 111 | |
| 112 | for resolved in "${resolved_lines[@]}"; do |
| 113 | if [[ "$resolved" == *:*:* ]]; then |
| 114 | local b_ip b_port b_proto |
| 115 | IFS=":" read -r b_ip b_port b_proto <<< "$resolved" |
| 116 | fw::unblock_port "$client_ip" "$b_ip" "$b_port" "$b_proto" |
| 117 | block::remove_rule "$name" "port" "$b_ip" "$b_port" "$b_proto" |
| 118 | else |
| 119 | fw::unblock_ip "$client_ip" "$resolved" |
| 120 | block::remove_rule "$name" "ip" "$resolved" |
| 121 | fi |
| 122 | done |
| 123 | |
| 124 | $quiet || log::wg_success "${svc} has been unblocked for ${name}" |
| 125 | done |
| 126 | |
| 127 | block::cleanup "$name" |
| 128 | return 0 |
| 129 | } |