|
#!/usr/local/bin/ksh
#################################################################################
# Script localproxy #
# Description Restricts or Allows access to internet via squid ip allow list. #
# Modifications 06/26/04 - Rewritten due to bufoo that deleted all scripts from #
# /home/bin. - rmorten #
# Written On 06/24/04 #
# Written By Rick Mortensen #
# Known Bugs Microsoft never seems to understand the need for padding zeros #
# anywhere so there will be a problem if the restricted IPs in #
# the 4th octet are less than 100. Since the DHCP server only #
# allows IPs over 128 this should never be a problem but if there #
# is ever a reason to allow or restrict access for IPs under 100 #
# consideration will have to be given to writing a section to #
# pad the octets that don't get filled with zeros. - rmorten #
#################################################################################
# Program Variables
progname=localproxy
bkdate=/bin/bkdate
awk=/usr/bin/awk
nawk=/usr/local/bin/nawk
htod=/home/bin/htod
dtoh=/home/bin/dtoh
squidboot=/home/rmorten/Bin/squidboot
DAYMINUS30=`$bkdate -d30 '+%y%m%d'`
YESTERDATE=`$bkdate -d1 '+%m/%d'`
YESTERDAY=`$bkdate -d1 '+%y%m%d'`
DATE=`date '+%m/%d'`
DAY=`date '+%y%m%d'`
SERIAL=`date '+%y%m%d%H%M%S'`
MASK=255.255.255.255
# Directory Variables
ETC=/usr/home/etc
SQUID=/usr/local/squid/etc
# File Variables
LIST=`cat $ETC/restricted.txt`
IPFILE=$SQUID/squid.allow.source.ip
TMP1=/tmp/tmp1.$$
TMP2=/tmp/tmp2.$$
TMP3=/tmp/tmp3.$$
TMP4=/tmp/tmp4.$$
# We now expect the user to use a variable to show the type of activity.
# We will test for that here.
if [ $# -ne 1 ]
then
echo "\n\nYou must either enter allow or restrict.\nExiting...\n\n";exit
fi
case $1 in
allow) ;;
restrict) ;;
*) echo "\n\nThe only choices are allow or restrict.\nExiting...\n\n" ; exit ;;
esac
# Functions
# Create a list of IPs based upon $LIST
IPLIST=`for name in $LIST
do
awk ' /Address/ {print $2} ' $ETC/$name.ip.txt | tail -1
done`
# Remove IPs from $IPFILE if we are restricting
if [ $1 = restrict ]
then
for ip in $IPLIST
do
cp $IPFILE $TMP1.ipfile
grep -v $ip $TMP1.ipfile > $IPFILE
done
fi
# Add IPs to $IPFILE if we are allowing
if [ $1 = allow ]
then
cp $IPFILE $TMP1.ipfile
for ip in $IPLIST
do
echo "$ip/$MASK" >> $TMP1.ipfile
done
cat $TMP1.ipfile | sort -n > $IPFILE
fi
# Restart Squid
$squidboot
# Cleanup
rm -fr $TMP1* $TMP2* $TMP3* $TMP4*
| 
![[Under Construction]](../images/undercon.gif){kind=small}
This
website will always be under construction...