cgi для установки квот на интернет
Создано: 07-02-2010 16:58:34 изменено: 16-06-2012 20:52:26  Метки: cgi netams tcl
Скрипт для блокировки узверей (нужен пакет для обрезки соединений cutter и цепочка в iptables lock добавленная до разрешения форварда из локалки"
/etc/netams# less lockuser

#!/bin/bash
action=$1       # Действие(DENY|ALLOW)
oid=$2
ip_user=$3
name=`grep $3 /etc/hosts|awk '{print $2}'`
why=$4          #  Причина(QUOTA|LOGIN|...)


case "$action" in
    DENY)
        /sbin/iptables -A lock -s $ip_user -j DROP
        /usr/sbin/cutter $ip_user > /dev/null
        logger -t NETAMS "Blocked $name $ip_user by $why..."
        echo "NETAMS Blocked $name $ip_user by $why...`LANG=C date`"|mail -s "NETAMS Blocked $name $ip_user by $why..." root
        ;;
    ALLOW)
        /sbin/iptables -D lock -s $ip_user -j DROP
        logger -t NETAMS "Unblocked $name $ip_user by $why..."
        echo "NETAMS Unblocked $name $ip_user by $why...`LANG=C date`"|mail -s "NETAMS Unblocked $name $ip_user by $why..." root
        ;;
    *)
        logger -t NETAMS "Unknown option..."
        echo "NETAMS Unknown option...`LANG=C date`"|mail -s "NETAMS Unknown option..." root
        ;;
esac


Cgi-обертка для установки квот
#!/usr/bin/tclsh
package require ncgi
#package require html
ncgi::header
puts {<html><head></head><body>}
if {[::ncgi::query] ne ""} {
  array set q [::ncgi::nvlist]
  foreach n [array names q] {
    if ![string is integer -strict $q($n)] {set q($n) 1 }
    exec /home/sanych/netams_setquota $n $q($n)
  }
  set f [open quota w]
  puts $f [list array set q [array get q]]
  close $f
puts "New quota is set"
}
source quota
#puts [::html::tableFromArray q] 
puts {<h1>Internet daily quota in Mb</h1>
<form method="post" action="/cgi-bin/q.cgi">
<table style="font-size:2em" border=1>}
foreach name [lsort [array names q]] {
    puts "<tr><td>$name</td><td><input name=\"$name\" value=\"$q($name)\"></td></tr>"
}
puts {</table>
<input type="submit">
</form></body></html>}

cat quota
array set q {lena 1 ira 30 gl_buhg 50 makarov 10 kassir 30 administrator 70 ksusha 10 kadry 30 art 30 akva 50}

Скрипт для установки квоты
$ cat ./netams_setquota
#! /bin/bash
if [ $# -lt 2 ] ; then
    echo -e "usage `basename $0` name QUOTA_DAY_MB [QUOTA_MONTH_MB]"; exit 1
fi
#echo $#
#exit
name_client=$1
quotad=$2
#ip_client=`grep $name_client /etc/hosts|awk '{print $1}'`
if [ $# -eq 3 ] ; then
    quotam=$3
    /usr/sbin/netamsctl -f /home/sanych/.netamsctl.rc -s "service quota 0 && set name $name_client day ${quotad}M in month ${quotam}M in && exit"
else
    /usr/sbin/netamsctl -f /home/sanych/.netamsctl.rc -s "service quota 0 && set name $name_client day ${quotad}M in && exit"
fi

todo: Надо переделать в божеский вид и закинуть в серверную сборку
до кучи этот бред:
#!/usr/bin/tclsh
# mail.tcl user [lock|unlock]

array set ips {
192.168.0.16 mail,tensor
192.168.0.3 mail
192.168.0.4 mail
192.168.0.2 mail
192.168.0.8 yandex
192.168.0.7 yandex
192.168.0.9 all
192.168.0.5 bca
}

array set serv {
mail 94.100.176.0/20
tensor 85.158.55.7
yandex 87.250.224.0/19,93.158.128.0/18,213.180.192.0/19,77.88.0.0/18
all 0.0.0.0/0
bca 195.98.32.0/24
}

if {$argc < 2} {
    puts {Usage: mail.tcl ip [lock|unlock]}
    exit 1
}
set ip [lindex $argv 0]
if {[array names ips $ip] eq ""} { exit 0 }
set lock [lindex $argv 1]
foreach s [split $ips($ip) ,] {
  foreach se [split $serv($s) ,] {
    if {$lock eq "unlock"} {
        exec /sbin/iptables -I FORWARD -s $ip -d $se -p tcp -m tcp --dport 25 -j ACCEPT
        exec /sbin/iptables -I FORWARD -s $ip -d $se -p tcp -m tcp --dport 110 -j ACCEPT
    } else {
        exec /sbin/iptables -D FORWARD -s $ip -d $se -p tcp -m tcp --dport 25 -j ACCEPT
        exec /sbin/iptables -D FORWARD -s $ip -d $se -p tcp -m tcp --dport 110 -j ACCEPT
    }
  }
}
1569 просмотров комментировать