+++ /dev/null
-/* SmoothWall helper program - setdmzhole\r
- *\r
- * This program is distributed under the terms of the GNU General Public\r
- * Licence. See the file COPYING for details.\r
- *\r
- * (c) Daniel Goscomb, 2001\r
- * \r
- * Modifications and improvements by Lawrence Manning.\r
- *\r
- * 10/04/01 Aslak added protocol support\r
- * This program reads the list of ports to forward and setups iptables\r
- * and rules in ipmasqadm to enable them.\r
- * \r
- * $Id: setdmzholes.c,v 1.5.2.3 2005/10/18 17:05:27 franck78 Exp $\r
- * \r
- */\r
-#include "libsmooth.h"\r
-#include <stdio.h>\r
-#include <string.h>\r
-#include <stdlib.h>\r
-#include "setuid.h"\r
-\r
-FILE *fwdfile = NULL;\r
-\r
-void exithandler(void)\r
-{\r
- if (fwdfile)\r
- fclose(fwdfile);\r
-}\r
-\r
-int main(void)\r
-{\r
- int count;\r
- char *protocol;\r
- char *locip;\r
- char *remip;\r
- char *remport;\r
- char *enabled;\r
- char *src_net;\r
- char *dst_net;\r
- char s[STRING_SIZE];\r
- char *result;\r
- struct keyvalue *kv = NULL;\r
- char orange_dev[STRING_SIZE] = "";\r
- char blue_dev[STRING_SIZE] = "";\r
- char green_dev[STRING_SIZE] = "";\r
- char *idev;\r
- char *odev;\r
- char command[STRING_SIZE];\r
-\r
- if (!(initsetuid()))\r
- exit(1);\r
-\r
- atexit(exithandler);\r
-\r
- kv=initkeyvalues();\r
- if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))\r
- {\r
- fprintf(stderr, "Cannot read ethernet settings\n");\r
- exit(1);\r
- }\r
-\r
- if (!findkey(kv, "GREEN_DEV", green_dev))\r
- {\r
- fprintf(stderr, "Cannot read GREEN_DEV\n");\r
- exit(1);\r
- }\r
- findkey(kv, "BLUE_DEV", blue_dev);\r
- findkey(kv, "ORANGE_DEV", orange_dev);\r
-\r
- if (!(fwdfile = fopen(CONFIG_ROOT "/dmzholes/config", "r")))\r
- {\r
- fprintf(stderr, "Couldn't open dmzholes settings file\n");\r
- exit(1);\r
- }\r
-\r
- safe_system("/sbin/iptables -F DMZHOLES");\r
-\r
- while (fgets(s, STRING_SIZE, fwdfile) != NULL)\r
- {\r
- if (s[strlen(s) - 1] == '\n')\r
- s[strlen(s) - 1] = '\0';\r
- result = strtok(s, ",");\r
- \r
- count = 0;\r
- protocol = NULL;\r
- locip = NULL; remip = NULL;\r
- remport = NULL;\r
- enabled = NULL;\r
- src_net = NULL;\r
- dst_net = NULL;\r
- idev = NULL;\r
- odev = NULL;\r
- \r
- while (result)\r
- {\r
- if (count == 0)\r
- protocol = result;\r
- else if (count == 1)\r
- locip = result;\r
- else if (count == 2)\r
- remip = result;\r
- else if (count == 3)\r
- remport = result;\r
- else if (count == 4)\r
- enabled = result;\r
- else if (count == 5)\r
- src_net = result;\r
- else if (count == 6)\r
- dst_net = result;\r
- count++;\r
- result = strtok(NULL, ",");\r
- }\r
-\r
- if (!(protocol && locip && remip && remport && enabled))\r
- {\r
- fprintf(stderr, "Bad line:\n");\r
- break;\r
- }\r
-\r
- if (!VALID_PROTOCOL(protocol))\r
- {\r
- fprintf(stderr, "Bad protocol: %s\n", protocol);\r
- exit(1);\r
- }\r
- if (!VALID_IP_AND_MASK(locip))\r
- {\r
- fprintf(stderr, "Bad local IP: %s\n", locip);\r
- exit(1);\r
- }\r
- if (!VALID_IP_AND_MASK(remip))\r
- {\r
- fprintf(stderr, "Bad remote IP: %s\n", remip);\r
- exit(1);\r
- }\r
- if (!VALID_PORT_RANGE(remport))\r
- {\r
- fprintf(stderr, "Bad remote port: %s\n", remport);\r
- exit(1);\r
- }\r
- \r
- if (!src_net) { src_net = strdup ("orange");}\r
- if (!dst_net) { dst_net = strdup ("green");}\r
- \r
- if (!strcmp(src_net, "blue")) { idev = blue_dev; }\r
- if (!strcmp(src_net, "orange")) { idev = orange_dev; }\r
- if (!strcmp(dst_net, "blue")) { odev = blue_dev; }\r
- if (!strcmp(dst_net, "green")) { odev = green_dev; }\r
- \r
- if (!strcmp(enabled, "on") && strlen(idev) && strlen (odev))\r
- {\r
- char *ctr;\r
- /* If remport contains a - we need to change it to a : */\r
- if ((ctr = strchr(remport,'-')) != NULL){*ctr = ':';}\r
- memset(command, 0, STRING_SIZE);\r
- snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A DMZHOLES -p %s -i %s -o %s -s %s -d %s --dport %s -j ACCEPT", protocol, idev, odev, locip, remip, remport);\r
- safe_system(command);\r
- }\r
- }\r
-\r
- return 0;\r
-}\r