lgaetz · March 28, 2024 15:33
diff --git a/DTMF 2 Trusted Zone b/DTMF 2 Trusted Zone
 [from-internal-custom]

 ; Dialplan for a feature code to add ; an IP address to the FreePBX trusted zone
 ; Dial F-I-R-E-W-A-L-L from an internal extension and enter an IPv4 address using
 ; DTMF with * as the dot character.
 ; 
 ; License: GNU GPL3+
 ; latest version: https://gist.github.com/lgaetz/8a043b7aa39484f622f0f7c138909558
 ;
 ; version history   2023-01-21  First commit working
 ;                   2024-03-28  Added firewall restart shell command and email confirmation

 exten => 34739255,1,Noop(Entering user defined context from-internal-custom in extensions_custom.conf)
 exten => 34739255,n,Read(address,please-enter-your&address&followed_pound)      ; use dtmf to enter IPv4 address, accept * for the .
 exten => 34739255,n,Noop(${address})

 ; Was thinking to add a regex to validate dtmf input here
 ; but the fwconsole will validate the address anyway

 ; there is no easy way to read back an IP address, so slice up into octets
 exten => 34739255,n,Set(address1=${CUT(address,*,1)})
 exten => 34739255,n,Set(address2=${CUT(address,*,2)})
 exten => 34739255,n,Set(address3=${CUT(address,*,3)})
 exten => 34739255,n,Set(address4=${CUT(address,*,4)})

 ; read back in octets 
 exten => 34739255,n,ExecIf($["${address1}"!=""]?SayDigits(${address1}))
 exten => 34739255,n,ExecIf($["${address2}"!=""]?Playback(point))
 exten => 34739255,n,ExecIf($["${address2}"!=""]?SayDigits(${address2}))
 exten => 34739255,n,ExecIf($["${address3}"!=""]?Playback(point))
 exten => 34739255,n,ExecIf($["${address3}"!=""]?SayDigits(${address3}))
 exten => 34739255,n,ExecIf($["${address4}"!=""]?Playback(point))
 exten => 34739255,n,ExecIf($["${address4}"!=""]?SayDigits(${address4}))

 ; fix up address, replace *'s with dots
 exten => 34739255,n,Set(address=${STRREPLACE(address,*,.)})

 ; use fwconsole to add address to firewall as trusted
 exten => 34739255,n,Set(foo=${SHELL(fwconsole firewall trust ${address})})

 ; when adding IPs via bash, you must restart firewall for iptables rules to be written
 ; it takes a while for the command to finish, so SHELL may timeout here
 exten => 34739255,n,Set(bar=${SHELL(fwconsole firewall restart)})

 // check if bash reports Success! then send confirmation email
 exten => 34739255,n,GotoIf($[${REGEX("Success" ${foo})}]?pass:fail)
 exten => 34739255,n(pass),Set(foo=${SHELL(echo "${foo}" | mail -s "${address} added to Firewall Trusted List using feature code" [email protected])})
 exten => 34739255,n,Goto(end)
 exten => 34739255,n(fail),Set(foo=${SHELL(echo "${foo}" | mail -s "${address} NOT added to Firewall Trusted List using feature code" [email protected])})

 exten => 34739255,n(end),hangup
	[from-internal-custom]

	; Dialplan for a feature code to add ; an IP address to the FreePBX trusted zone
	; Dial F-I-R-E-W-A-L-L from an internal extension and enter an IPv4 address using
	; DTMF with * as the dot character.
	;
	; License: GNU GPL3+
	; latest version: https://gist.github.com/lgaetz/8a043b7aa39484f622f0f7c138909558
	;
	; version history 2023-01-21 First commit working
	; 2024-03-28 Added firewall restart shell command and email confirmation

	exten => 34739255,1,Noop(Entering user defined context from-internal-custom in extensions_custom.conf)
	exten => 34739255,n,Read(address,please-enter-your&address&followed_pound) ; use dtmf to enter IPv4 address, accept * for the .
	exten => 34739255,n,Noop(${address})

	; Was thinking to add a regex to validate dtmf input here
	; but the fwconsole will validate the address anyway

	; there is no easy way to read back an IP address, so slice up into octets
	exten => 34739255,n,Set(address1=${CUT(address,*,1)})
	exten => 34739255,n,Set(address2=${CUT(address,*,2)})
	exten => 34739255,n,Set(address3=${CUT(address,*,3)})
	exten => 34739255,n,Set(address4=${CUT(address,*,4)})

	; read back in octets
	exten => 34739255,n,ExecIf($["${address1}"!=""]?SayDigits(${address1}))
	exten => 34739255,n,ExecIf($["${address2}"!=""]?Playback(point))
	exten => 34739255,n,ExecIf($["${address2}"!=""]?SayDigits(${address2}))
	exten => 34739255,n,ExecIf($["${address3}"!=""]?Playback(point))
	exten => 34739255,n,ExecIf($["${address3}"!=""]?SayDigits(${address3}))
	exten => 34739255,n,ExecIf($["${address4}"!=""]?Playback(point))
	exten => 34739255,n,ExecIf($["${address4}"!=""]?SayDigits(${address4}))

	; fix up address, replace *'s with dots
	exten => 34739255,n,Set(address=${STRREPLACE(address,*,.)})

	; use fwconsole to add address to firewall as trusted
	exten => 34739255,n,Set(foo=${SHELL(fwconsole firewall trust ${address})})

	; when adding IPs via bash, you must restart firewall for iptables rules to be written
	; it takes a while for the command to finish, so SHELL may timeout here
	exten => 34739255,n,Set(bar=${SHELL(fwconsole firewall restart)})

	// check if bash reports Success! then send confirmation email
	exten => 34739255,n,GotoIf($[${REGEX("Success" ${foo})}]?pass:fail)
	exten => 34739255,n(pass),Set(foo=${SHELL(echo "${foo}" \| mail -s "${address} added to Firewall Trusted List using feature code" [email protected])})
	exten => 34739255,n,Goto(end)
	exten => 34739255,n(fail),Set(foo=${SHELL(echo "${foo}" \| mail -s "${address} NOT added to Firewall Trusted List using feature code" [email protected])})

	exten => 34739255,n(end),hangup