banip

1. #!/bin/bash
2.  
3. #temp directory and filename.
4. TempFileNameAndPath="/etc/asterisk/disallowedextensions.txt"
5.  
6. #this is the ALLOWED devices in your system
7. #if you just one, use "'DeviceName'"
8. #if multiple use "'Device1Name\|Device2Name'" and use the \| as a seperator
9.  
10. alloweddevices="'Bria'"
11.  
12. #number of minutes to pause after previous firewall bans are removed to allow new extensions to try and reconnect
13. pauseminute=0
14.  
15. #This lets you set an extension range that would be affected.
16. #for testing, set both values to match your test extension
17.  
18. lowestextension=3151
19. highestextension=3151
20.  
21. #this code removes any previous blocks the script put in.
22. sipphonesANDip="$TempFileNameAndPath"
23. while IFS= read -r line
24. do
25. extensionIP="$(cut -d' ' -f2 <<<"$line")"
26. FirewallCommand="fwconsole firewall del blacklist "$extensionIP""
27. eval "$FirewallCommand"
28. done < "$sipphonesANDip"
29.  
30. #delete the temp file, as we've cleared all users from firewall.
31. rm $TempFileNameAndPath
32.  
33. #pause script for X minutes. This will allow anyone who have been blocked by this script to get time to reconnect
34. sleep ${pauseminute}m
35.  
36. #this pulls all registered extensions in asterisk. Final output is the extension number and IP address.
37. sipphonesANDip="$(asterisk -rx 'sip show peers' | grep / | awk '{print $1,$2}' | awk 'BEGIN { FS = "/" } ; {print $2}')"
38.  
39. #now we parse the list of extensions and IPs to make sure they are valid. This should sort out SIP TRUNKS too
40. while read -r sipphonesANDip
41. do
42.  
43. #were going to make sure the extension is valid (sometimes they can be names like a trunk so we want to sift those out)
44. extensionnumber=$(echo $sipphonesANDip | awk '{print $1}')
45.  
46. #checking to see if the extension is an INTIGER.
47. if expr "$extensionnumber" : '-\?[0-9]\+$' >/dev/null
48. then
49. echo "$extensionnumber valid extension value"
50. else
51. echo "$extensionnumber invalid extension. Skipping."
52. continue
53. fi
54.  
55. #check to see if the number is within a valid range to work with that was set in the variables at the top
56. if [ "$extensionnumber" -le "$highestextension" ] && [ "$extensionnumber" -ge "$lowestextension" ]
57. then
58. echo "$extensionnumber IN RANGE";
59. else
60. echo "$extensionnumber OUT OF RANGE"
61. continue
62. fi
63.  
64. #this will remove extensions that have no IP assigned.
65. extensionIP=$(echo $sipphonesANDip | awk '{print $2}')
66.  
67. if [ "$extensionIP" = "(Unspecified)" ]
68. then
69. echo "$extensionIP is null"
70. continue
71. fi
72.  
73. #I have not worked out how to send a variable to the "asterisk -rx" command from bash. So did it using EVAL command.
74. #output looks like below and is stored in a temp file (assigned in the variable at the beginning). EVAL can't save to a STRING, so file it is. Now we query each registered extension in asterisk to get its USERAGENT value
75. #3151 10.1.210.33 Useragent : MicroSIP/3.19.28
76. command="asterisk -rx 'sip show peer "$extensionnumber"' | grep Useragent | grep -v "$alloweddevices" | sed 's/^/"$sipphonesANDip" /' >> "$TempFileNameAndPath""
77.  
78. eval "$command"
79. done <<<"$sipphonesANDip"
80.  
81. #now we take the temp file generated above, parse out the IP address and set it to be blocked in firewall
82. sipphonesANDip="$TempFileNameAndPath"
83. while IFS= read -r line
84. do
85. extensionIP="$(cut -d' ' -f2 <<<"$line")"
86. echo "$extensionIP"
87. FirewallCommand="fwconsole firewall add blacklist "$extensionIP""
88.  
89. #Comment out this next line if you want to test, but not apply any rules to the firewall
90. eval "$FirewallCommand"
91.  
92. done < "$sipphonesANDip"