最終更新 1 month ago

nuno revised this gist 1 month ago. Go to revision

1 file changed, 129 insertions

gistfile1.txt(file created)

@@ -0,0 +1,129 @@
1 + function cmd::unblock::run() {
2 + local name="" identity="" type=""
3 + local ips=() subnets=() ports=() services=()
4 + local all=false quiet=false force=false
5 + local reason=""
6 +
7 + while [[ $# -gt 0 ]]; do
8 + case "$1" in
9 + --name) name="$2"; shift 2 ;;
10 + --identity) identity="$2"; shift 2 ;;
11 + --type) type="$2"; shift 2 ;;
12 + --ip) ips+=("$2"); shift 2 ;;
13 + --force) force=true; shift ;;
14 + --quiet) quiet=true; shift ;;
15 + --subnet) subnets+=("$2"); shift 2 ;;
16 + --port) ports+=("$2"); shift 2 ;;
17 + --service) services+=("$2"); shift 2 ;;
18 + --reason) reason="$2"; shift 2 ;;
19 + --all) all=true; shift ;;
20 + --help) cmd::unblock::help; return ;;
21 + *)
22 + log::error "Unknown flag: $1"
23 + cmd::unblock::help
24 + return 1
25 + ;;
26 + esac
27 + done
28 +
29 + # --identity: unblock all peers for this identity
30 + if [[ -n "$identity" ]]; then
31 + cmd::unblock::_unblock_identity "$identity" "$quiet" || return 1
32 + return 0
33 + fi
34 +
35 + if [[ -z "$name" ]]; then
36 + log::error "Missing required flag: --name or --identity"
37 + cmd::unblock::help
38 + return 1
39 + fi
40 +
41 + name=$(peers::resolve_and_require "$name" "$type") || return 1
42 +
43 + if ! peers::is_blocked "$name" && ! block::has_file "$name"; then
44 + log::wg_warning "Client is not blocked: ${name}"
45 + return 0
46 + fi
47 +
48 + if [[ ${#ips[@]} -eq 0 && ${#subnets[@]} -eq 0 && \
49 + ${#ports[@]} -eq 0 && ${#services[@]} -eq 0 ]]; then
50 + all=true
51 + fi
52 +
53 + local client_ip
54 + client_ip=$(peers::get_ip "$name") || return 1
55 +
56 + if $all; then
57 + cmd::unblock::_unblock_all "$name" "$client_ip" "$quiet"
58 + return 0
59 + fi
60 +
61 + # Unblock specific IPs
62 + for ip in "${ips[@]}"; do
63 + fw::unblock_ip "$client_ip" "$ip"
64 + block::remove_rule "$name" "ip" "$ip"
65 + $quiet || log::wg_success "${ip} has been unblocked for ${name}"
66 + done
67 +
68 + # Unblock specific subnets
69 + for subnet in "${subnets[@]}"; do
70 + fw::unblock_subnet "$client_ip" "$subnet"
71 + block::remove_rule "$name" "subnet" "$subnet"
72 + $quiet || log::wg_success "${subnet} has been unblocked for ${name}"
73 + done
74 +
75 + # Unblock specific ports
76 + for entry in "${ports[@]}"; do
77 + local target port proto
78 + IFS=":" read -r target port proto <<< "$entry"
79 + proto="${proto:-tcp}"
80 + fw::unblock_port "$client_ip" "$target" "$port" "$proto"
81 + block::remove_rule "$name" "port" "$target" "$port" "$proto"
82 + $quiet || log::wg_success "${target}:${port}:${proto} has been unblocked for ${name}"
83 + done
84 +
85 + # Unblock services
86 + for svc in "${services[@]}"; do
87 + local resolved_lines=()
88 + mapfile -t resolved_lines < <(net::resolve "$svc" 2>/dev/null)
89 + if [[ ${#resolved_lines[@]} -eq 0 ]]; then
90 + log::error "Service not found: ${svc}"
91 + return 1
92 + fi
93 +
94 + local is_blocked=false
95 + for resolved in "${resolved_lines[@]}"; do
96 + if [[ "$resolved" == *:*:* ]]; then
97 + local b_ip b_port b_proto
98 + IFS=":" read -r b_ip b_port b_proto <<< "$resolved"
99 + fw::has_block_rule "$client_ip" "$b_ip" "$b_port" "$b_proto" 2>/dev/null && \
100 + { is_blocked=true; break; }
101 + else
102 + fw::has_block_rule "$client_ip" "$resolved" 2>/dev/null && \
103 + { is_blocked=true; break; }
104 + fi
105 + done
106 +
107 + if ! $is_blocked; then
108 + $quiet || log::wg_warning "${svc} is not blocked for ${name}"
109 + continue
110 + fi
111 +
112 + for resolved in "${resolved_lines[@]}"; do
113 + if [[ "$resolved" == *:*:* ]]; then
114 + local b_ip b_port b_proto
115 + IFS=":" read -r b_ip b_port b_proto <<< "$resolved"
116 + fw::unblock_port "$client_ip" "$b_ip" "$b_port" "$b_proto"
117 + block::remove_rule "$name" "port" "$b_ip" "$b_port" "$b_proto"
118 + else
119 + fw::unblock_ip "$client_ip" "$resolved"
120 + block::remove_rule "$name" "ip" "$resolved"
121 + fi
122 + done
123 +
124 + $quiet || log::wg_success "${svc} has been unblocked for ${name}"
125 + done
126 +
127 + block::cleanup "$name"
128 + return 0
129 + }
Newer Older