--- /dev/null
+/* SmoothWall helper program - setdmzhole\r
+ *\r
+ * This program is distributed under the terms of the GNU General Public\r
+ * Licence. See the file COPYING for details.\r
+ *\r
+ * (c) Daniel Goscomb, 2001\r
+ * \r
+ * Modifications and improvements by Lawrence Manning.\r
+ *\r
+ * 10/04/01 Aslak added protocol support\r
+ * This program reads the list of ports to forward and setups iptables\r
+ * and rules in ipmasqadm to enable them.\r
+ * \r
+ * $Id: setdmzholes.c,v 1.5.2.3 2005/10/18 17:05:27 franck78 Exp $\r
+ * \r
+ */\r
+#include "libsmooth.h"\r
+#include <stdio.h>\r
+#include <string.h>\r
+#include <stdlib.h>\r
+#include "setuid.h"\r
+\r
+FILE *fwdfile = NULL;\r
+\r
+void exithandler(void)\r
+{\r
+ if (fwdfile)\r
+ fclose(fwdfile);\r
+}\r
+\r
+int main(void)\r
+{\r
+ int count;\r
+ char *protocol;\r
+ char *locip;\r
+ char *remip;\r
+ char *remport;\r
+ char *enabled;\r
+ char *src_net;\r
+ char *dst_net;\r
+ char s[STRING_SIZE];\r
+ char *result;\r
+ struct keyvalue *kv = NULL;\r
+ char orange_dev[STRING_SIZE] = "";\r
+ char blue_dev[STRING_SIZE] = "";\r
+ char green_dev[STRING_SIZE] = "";\r
+ char *idev;\r
+ char *odev;\r
+ char command[STRING_SIZE];\r
+\r
+ if (!(initsetuid()))\r
+ exit(1);\r
+\r
+ atexit(exithandler);\r
+\r
+ kv=initkeyvalues();\r
+ if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))\r
+ {\r
+ fprintf(stderr, "Cannot read ethernet settings\n");\r
+ exit(1);\r
+ }\r
+\r
+ if (!findkey(kv, "GREEN_DEV", green_dev))\r
+ {\r
+ fprintf(stderr, "Cannot read GREEN_DEV\n");\r
+ exit(1);\r
+ }\r
+ findkey(kv, "BLUE_DEV", blue_dev);\r
+ findkey(kv, "ORANGE_DEV", orange_dev);\r
+\r
+ if (!(fwdfile = fopen(CONFIG_ROOT "/dmzholes/config", "r")))\r
+ {\r
+ fprintf(stderr, "Couldn't open dmzholes settings file\n");\r
+ exit(1);\r
+ }\r
+\r
+ safe_system("/sbin/iptables -F DMZHOLES");\r
+\r
+ while (fgets(s, STRING_SIZE, fwdfile) != NULL)\r
+ {\r
+ if (s[strlen(s) - 1] == '\n')\r
+ s[strlen(s) - 1] = '\0';\r
+ result = strtok(s, ",");\r
+ \r
+ count = 0;\r
+ protocol = NULL;\r
+ locip = NULL; remip = NULL;\r
+ remport = NULL;\r
+ enabled = NULL;\r
+ src_net = NULL;\r
+ dst_net = NULL;\r
+ idev = NULL;\r
+ odev = NULL;\r
+ \r
+ while (result)\r
+ {\r
+ if (count == 0)\r
+ protocol = result;\r
+ else if (count == 1)\r
+ locip = result;\r
+ else if (count == 2)\r
+ remip = result;\r
+ else if (count == 3)\r
+ remport = result;\r
+ else if (count == 4)\r
+ enabled = result;\r
+ else if (count == 5)\r
+ src_net = result;\r
+ else if (count == 6)\r
+ dst_net = result;\r
+ count++;\r
+ result = strtok(NULL, ",");\r
+ }\r
+\r
+ if (!(protocol && locip && remip && remport && enabled))\r
+ {\r
+ fprintf(stderr, "Bad line:\n");\r
+ break;\r
+ }\r
+\r
+ if (!VALID_PROTOCOL(protocol))\r
+ {\r
+ fprintf(stderr, "Bad protocol: %s\n", protocol);\r
+ exit(1);\r
+ }\r
+ if (!VALID_IP_AND_MASK(locip))\r
+ {\r
+ fprintf(stderr, "Bad local IP: %s\n", locip);\r
+ exit(1);\r
+ }\r
+ if (!VALID_IP_AND_MASK(remip))\r
+ {\r
+ fprintf(stderr, "Bad remote IP: %s\n", remip);\r
+ exit(1);\r
+ }\r
+ if (!VALID_PORT_RANGE(remport))\r
+ {\r
+ fprintf(stderr, "Bad remote port: %s\n", remport);\r
+ exit(1);\r
+ }\r
+ \r
+ if (!src_net) { src_net = strdup ("orange");}\r
+ if (!dst_net) { dst_net = strdup ("green");}\r
+ \r
+ if (!strcmp(src_net, "blue")) { idev = blue_dev; }\r
+ if (!strcmp(src_net, "orange")) { idev = orange_dev; }\r
+ if (!strcmp(dst_net, "blue")) { odev = blue_dev; }\r
+ if (!strcmp(dst_net, "green")) { odev = green_dev; }\r
+ \r
+ if (!strcmp(enabled, "on") && strlen(idev) && strlen (odev))\r
+ {\r
+ char *ctr;\r
+ /* If remport contains a - we need to change it to a : */\r
+ if ((ctr = strchr(remport,'-')) != NULL){*ctr = ':';}\r
+ memset(command, 0, STRING_SIZE);\r
+ snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A DMZHOLES -p %s -i %s -o %s -s %s -d %s --dport %s -j ACCEPT", protocol, idev, odev, locip, remip, remport);\r
+ safe_system(command);\r
+ }\r
+ }\r
+\r
+ return 0;\r
+}\r