mirror of
https://github.com/opnsense/plugins.git
synced 2026-05-28 04:34:15 -04:00
Merge c0ec4a543d into cb9a5d6d69
This commit is contained in:
mbedworth
GitHub
commit
311639c009
7 changed files with 162 additions and 0 deletions
|
|
@ -0,0 +1,37 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
Copyright (C) 2024 Michael Muenz <m.muenz@gmail.com>
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are met:
|
||||
|
||||
1. Redistributions of source code must retain the above copyright notice,
|
||||
this list of conditions and the following disclaimer.
|
||||
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
||||
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
||||
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
||||
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
namespace OPNsense\Bind\Api;
|
||||
|
||||
use OPNsense\Base\ApiMutableModelControllerBase;
|
||||
|
||||
class RpzController extends ApiMutableModelControllerBase
|
||||
{
|
||||
protected static $internalModelClass = '\OPNsense\Bind\Rpz';
|
||||
protected static $internalModelName = 'rpz';
|
||||
}
|
||||
|
|
@ -34,6 +34,7 @@ class GeneralController extends \OPNsense\Base\IndexController
|
|||
{
|
||||
$this->view->generalForm = $this->getForm("general");
|
||||
$this->view->dnsblForm = $this->getForm("dnsbl");
|
||||
$this->view->rpzForm = $this->getForm("rpz");
|
||||
$this->view->formDialogEditBindAcl = $this->getForm("dialogEditBindAcl");
|
||||
$this->view->formDialogEditBindPrimaryDomain = $this->getForm("dialogEditBindPrimaryDomain");
|
||||
$this->view->formDialogEditBindSecondaryDomain = $this->getForm("dialogEditBindSecondaryDomain");
|
||||
|
|
|
|||
|
|
@ -0,0 +1,26 @@
|
|||
<form>
|
||||
<field>
|
||||
<id>rpz.enabled</id>
|
||||
<label>Enable RPZ</label>
|
||||
<type>checkbox</type>
|
||||
<help>Enable Response Policy Zone support. The zone file must exist at /usr/local/etc/namedb/primary/<zone>.db before applying.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>rpz.zone</id>
|
||||
<label>Zone Name</label>
|
||||
<type>text</type>
|
||||
<help>Name of the RPZ zone (e.g. rpz.local). The zone file is expected at /usr/local/etc/namedb/primary/<zone>.db.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>rpz.policy</id>
|
||||
<label>Policy</label>
|
||||
<type>dropdown</type>
|
||||
<help>Override policy applied to names matching the RPZ zone. Leave empty to use the zone's own CNAME records (given).</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>rpz.break_dnssec</id>
|
||||
<label>Break DNSSEC</label>
|
||||
<type>checkbox</type>
|
||||
<help>Allow RPZ to rewrite DNSSEC-signed responses. Required when using NXDOMAIN or NODATA policy with DNSSEC-validating clients.</help>
|
||||
</field>
|
||||
</form>
|
||||
35
dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Rpz.php
Normal file
35
dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Rpz.php
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
Copyright (C) 2024 Michael Muenz <m.muenz@gmail.com>
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are met:
|
||||
|
||||
1. Redistributions of source code must retain the above copyright notice,
|
||||
this list of conditions and the following disclaimer.
|
||||
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
||||
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
||||
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
||||
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
namespace OPNsense\Bind;
|
||||
|
||||
use OPNsense\Base\BaseModel;
|
||||
|
||||
class Rpz extends BaseModel
|
||||
{
|
||||
}
|
||||
30
dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Rpz.xml
Normal file
30
dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Rpz.xml
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
<model>
|
||||
<mount>//OPNsense/bind/rpz</mount>
|
||||
<description>Response Policy Zone configuration</description>
|
||||
<version>1.0.0</version>
|
||||
<items>
|
||||
<enabled type="BooleanField">
|
||||
<Default>0</Default>
|
||||
<Required>Y</Required>
|
||||
</enabled>
|
||||
<zone type="TextField">
|
||||
<Required>N</Required>
|
||||
<Mask>/^([a-zA-Z0-9_\-\.]{0,253})$/</Mask>
|
||||
<ValidationMessage>Zone name may only contain letters, digits, hyphens, dots, and underscores.</ValidationMessage>
|
||||
</zone>
|
||||
<policy type="OptionField">
|
||||
<Required>N</Required>
|
||||
<OptionValues>
|
||||
<nxdomain>NXDOMAIN (block — return non-existent domain)</nxdomain>
|
||||
<nodata>NODATA (block — return empty answer)</nodata>
|
||||
<passthru>Passthru (disable policy for matching names)</passthru>
|
||||
<drop>Drop (do not answer)</drop>
|
||||
<tcp-only>TCP only (force TCP retry)</tcp-only>
|
||||
</OptionValues>
|
||||
</policy>
|
||||
<break_dnssec type="BooleanField">
|
||||
<Default>0</Default>
|
||||
<Required>Y</Required>
|
||||
</break_dnssec>
|
||||
</items>
|
||||
</model>
|
||||
|
|
@ -30,6 +30,7 @@
|
|||
<ul class="nav nav-tabs" data-tabs="tabs" id="maintabs">
|
||||
<li class="active"><a data-toggle="tab" href="#general">{{ lang._('General') }}</a></li>
|
||||
<li><a data-toggle="tab" href="#dnsbl">{{ lang._('DNSBL') }}</a></li>
|
||||
<li><a data-toggle="tab" href="#rpz">{{ lang._('RPZ') }}</a></li>
|
||||
<li><a data-toggle="tab" href="#acls">{{ lang._('ACLs') }}</a></li>
|
||||
<li><a data-toggle="tab" href="#primary-domains">{{ lang._('Primary Zones') }}</a></li>
|
||||
<li><a data-toggle="tab" href="#secondary-domains">{{ lang._('Secondary Zones') }}</a></li>
|
||||
|
|
@ -53,6 +54,14 @@
|
|||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div id="rpz" class="tab-pane fade in">
|
||||
<div class="content-box" style="padding-bottom: 1.5em;">
|
||||
{{ partial("layout_partials/base_form",['fields':rpzForm,'id':'frm_rpz_settings'])}}
|
||||
<div class="col-md-12 __mt">
|
||||
<button class="btn btn-primary" id="saveAct_rpz" type="button"><b>{{ lang._('Save') }}</b> <i id="saveAct_rpz_progress"></i></button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div id="acls" class="tab-pane fade in">
|
||||
<div id="acls-area" class="table-responsive">
|
||||
<table id="grid-acls" class="table table-condensed table-hover table-striped" data-editDialog="dialogEditBindAcl">
|
||||
|
|
@ -389,6 +398,14 @@ $(document).ready(function() {
|
|||
$('.selectpicker').selectpicker('refresh');
|
||||
});
|
||||
|
||||
let data_get_map3 = {
|
||||
'frm_rpz_settings': "/api/bind/rpz/get"
|
||||
};
|
||||
mapDataToFormUI(data_get_map3).done(function(data) {
|
||||
formatTokenizersUI();
|
||||
$('.selectpicker').selectpicker('refresh');
|
||||
});
|
||||
|
||||
updateServiceControlUI('bind');
|
||||
|
||||
$("#grid-acls").UIBootgrid({
|
||||
|
|
@ -540,6 +557,16 @@ $(document).ready(function() {
|
|||
});
|
||||
});
|
||||
|
||||
$("#saveAct_rpz").click(function() {
|
||||
saveFormToEndpoint(url = "/api/bind/rpz/set", formid = 'frm_rpz_settings', callback_ok = function() {
|
||||
$("#saveAct_rpz_progress").addClass("fa fa-spinner fa-pulse");
|
||||
ajaxCall(url = "/api/bind/service/reconfigure", sendData = {}, callback = function(data, status) {
|
||||
updateServiceControlUI('bind');
|
||||
$("#saveAct_rpz_progress").removeClass("fa fa-spinner fa-pulse");
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
$("#saveAct_acl").click(function() {
|
||||
saveFormToEndpoint(url = "/api/bind/acl/set", formid = 'frm_general_settings', callback_ok = function() {
|
||||
$("#saveAct_acl_progress").addClass("fa fa-spinner fa-pulse");
|
||||
|
|
|
|||
|
|
@ -45,6 +45,9 @@ options {
|
|||
{% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %}
|
||||
response-policy { {% if helpers.exists('OPNsense.bind.dnsbl.type') and OPNsense.bind.dnsbl.type != '' %}zone "whitelist.localdomain"; zone "blacklist.localdomain";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafegoogle') and OPNsense.bind.dnsbl.forcesafegoogle == '1' %}zone "rpzgoogle";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeduckduckgo') and OPNsense.bind.dnsbl.forcesafeduckduckgo == '1' %}zone "rpzduckduckgo";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeyoutube') and OPNsense.bind.dnsbl.forcesafeyoutube == '1' %}zone "rpzyoutube";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcestrictbing') and OPNsense.bind.dnsbl.forcestrictbing == '1' %}zone "rpzbing";{% endif %} };
|
||||
{% endif %}
|
||||
{% if helpers.exists('OPNsense.bind.rpz.enabled') and OPNsense.bind.rpz.enabled == '1' and helpers.exists('OPNsense.bind.rpz.zone') and OPNsense.bind.rpz.zone != '' %}
|
||||
response-policy { zone "{{ OPNsense.bind.rpz.zone }}"{% if helpers.exists('OPNsense.bind.rpz.policy') and OPNsense.bind.rpz.policy != '' %} policy {{ OPNsense.bind.rpz.policy }}{% endif %}; }{% if helpers.exists('OPNsense.bind.rpz.break_dnssec') and OPNsense.bind.rpz.break_dnssec == '1' %} break-dnssec yes{% endif %};
|
||||
{% endif %}
|
||||
|
||||
{% if helpers.exists('OPNsense.bind.general.recursion') and OPNsense.bind.general.recursion != '' %}
|
||||
recursion yes;
|
||||
|
|
@ -146,6 +149,9 @@ zone "rpzyoutube" { type primary; file "/usr/local/etc/namedb/primary/youtube.db
|
|||
zone "rpzbing" { type primary; file "/usr/local/etc/namedb/primary/bing.db"; notify no; check-names ignore; };
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if helpers.exists('OPNsense.bind.rpz.enabled') and OPNsense.bind.rpz.enabled == '1' and helpers.exists('OPNsense.bind.rpz.zone') and OPNsense.bind.rpz.zone != '' %}
|
||||
zone "{{ OPNsense.bind.rpz.zone }}" { type primary; file "/usr/local/etc/namedb/primary/{{ OPNsense.bind.rpz.zone }}.db"; notify no; check-names ignore; allow-update { none; }; };
|
||||
{% endif %}
|
||||
|
||||
{% if helpers.exists('OPNsense.bind.domain.domains.domain') %}
|
||||
{% set usedkeys = [] %}
|
||||
|
|
|
|||
Loading…
Reference in a new issue