]>
Commit | Line | Data |
---|---|---|
ac1cfefa | 1 | #!/usr/bin/perl |
70df8302 MT |
2 | ############################################################################### |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2007 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
ac1cfefa MT |
21 | |
22 | use strict; | |
23 | ||
24 | # enable only the following on debugging purpose | |
25 | #use warnings; | |
26 | #use CGI::Carp 'fatalsToBrowser'; | |
27 | ||
986e08d9 | 28 | require '/var/ipfire/general-functions.pl'; |
ac1cfefa MT |
29 | require "${General::swroot}/lang.pl"; |
30 | require "${General::swroot}/header.pl"; | |
31 | ||
32 | #workaround to suppress a warning when a variable is used only once | |
33 | my @dummy = ( ${Header::table2colour}, ${Header::colouryellow} ); | |
34 | undef (@dummy); | |
35 | ||
36 | my %cgiparams=(); | |
37 | my %checked=(); | |
38 | my %selected=(); | |
39 | my %netsettings=(); | |
40 | my $errormessage = ''; | |
41 | my $filename = "${General::swroot}/dmzholes/config"; | |
42 | ||
43 | &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); | |
44 | ||
45 | &Header::showhttpheaders(); | |
46 | ||
47 | $cgiparams{'ENABLED'} = 'off'; | |
48 | $cgiparams{'REMARK'} = ''; | |
49 | $cgiparams{'ACTION'} = ''; | |
50 | $cgiparams{'SRC_IP'} = ''; | |
51 | $cgiparams{'DEST_IP'} =''; | |
52 | $cgiparams{'DEST_PORT'} = ''; | |
53 | &Header::getcgihash(\%cgiparams); | |
54 | ||
55 | open(FILE, $filename) or die 'Unable to open config file.'; | |
56 | my @current = <FILE>; | |
57 | close(FILE); | |
58 | ||
59 | if ($cgiparams{'ACTION'} eq $Lang::tr{'add'}) | |
60 | { | |
61 | unless($cgiparams{'PROTOCOL'} =~ /^(tcp|udp)$/) { $errormessage = $Lang::tr{'invalid input'}; } | |
62 | unless(&General::validipormask($cgiparams{'SRC_IP'})) { $errormessage = $Lang::tr{'source ip bad'}; } | |
63 | unless($errormessage){$errormessage = &General::validportrange($cgiparams{'DEST_PORT'},'dst');} | |
64 | unless(&General::validipormask($cgiparams{'DEST_IP'})) { $errormessage = $Lang::tr{'destination ip bad'}; } | |
65 | unless ($errormessage) { | |
66 | $errormessage = &validNet($cgiparams{'SRC_NET'},$cgiparams{'DEST_NET'}); } | |
67 | # Darren Critchley - Remove commas from remarks | |
68 | $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); | |
69 | ||
70 | unless ($errormessage) | |
71 | { | |
72 | if($cgiparams{'EDITING'} eq 'no') { | |
73 | open(FILE,">>$filename") or die 'Unable to open config file.'; | |
74 | flock FILE, 2; | |
75 | print FILE "$cgiparams{'PROTOCOL'},"; # [0] | |
76 | print FILE "$cgiparams{'SRC_IP'},"; # [1] | |
77 | print FILE "$cgiparams{'DEST_IP'},"; # [2] | |
78 | print FILE "$cgiparams{'DEST_PORT'},"; # [3] | |
79 | print FILE "$cgiparams{'ENABLED'},"; # [4] | |
80 | print FILE "$cgiparams{'SRC_NET'},"; # [5] | |
81 | print FILE "$cgiparams{'DEST_NET'},"; # [6] | |
82 | print FILE "$cgiparams{'REMARK'}\n"; # [7] | |
83 | } else { | |
84 | open(FILE,">$filename") or die 'Unable to open config file.'; | |
85 | flock FILE, 2; | |
86 | my $id = 0; | |
87 | foreach my $line (@current) | |
88 | { | |
89 | $id++; | |
90 | if ($cgiparams{'EDITING'} eq $id) { | |
91 | print FILE "$cgiparams{'PROTOCOL'},"; # [0] | |
92 | print FILE "$cgiparams{'SRC_IP'},"; # [1] | |
93 | print FILE "$cgiparams{'DEST_IP'},"; # [2] | |
94 | print FILE "$cgiparams{'DEST_PORT'},"; # [3] | |
95 | print FILE "$cgiparams{'ENABLED'},"; # [4] | |
96 | print FILE "$cgiparams{'SRC_NET'},"; # [5] | |
97 | print FILE "$cgiparams{'DEST_NET'},"; # [6] | |
98 | print FILE "$cgiparams{'REMARK'}\n"; # [7] | |
99 | } else { print FILE "$line"; } | |
100 | } | |
101 | } | |
102 | close(FILE); | |
103 | undef %cgiparams; | |
104 | &General::log($Lang::tr{'dmz pinhole rule added'}); | |
105 | system('/usr/local/bin/setdmzholes'); | |
106 | } | |
107 | } | |
108 | if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) | |
109 | { | |
110 | my $id = 0; | |
111 | open(FILE, ">$filename") or die 'Unable to open config file.'; | |
112 | flock FILE, 2; | |
113 | foreach my $line (@current) | |
114 | { | |
115 | $id++; | |
116 | unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; } | |
117 | } | |
118 | close(FILE); | |
119 | system('/usr/local/bin/setdmzholes'); | |
120 | &General::log($Lang::tr{'dmz pinhole rule removed'}); | |
121 | } | |
122 | if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) | |
123 | { | |
124 | my $id = 0; | |
125 | open(FILE, ">$filename") or die 'Unable to open config file.'; | |
126 | flock FILE, 2; | |
127 | foreach my $line (@current) | |
128 | { | |
129 | $id++; | |
130 | unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; } | |
131 | else | |
132 | { | |
133 | chomp($line); | |
134 | my @temp = split(/\,/,$line); | |
135 | print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$cgiparams{'ENABLE'},$temp[5],$temp[6],$temp[7]\n"; | |
136 | } | |
137 | } | |
138 | close(FILE); | |
139 | system('/usr/local/bin/setdmzholes'); | |
140 | } | |
141 | if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) | |
142 | { | |
143 | my $id = 0; | |
144 | foreach my $line (@current) | |
145 | { | |
146 | $id++; | |
147 | if ($cgiparams{'ID'} eq $id) | |
148 | { | |
149 | chomp($line); | |
150 | my @temp = split(/\,/,$line); | |
151 | $cgiparams{'PROTOCOL'} = $temp[0]; | |
152 | $cgiparams{'SRC_IP'} = $temp[1]; | |
153 | $cgiparams{'DEST_IP'} = $temp[2]; | |
154 | $cgiparams{'DEST_PORT'} = $temp[3]; | |
155 | $cgiparams{'ENABLED'} = $temp[4]; | |
156 | $cgiparams{'SRC_NET'} = $temp[5]; | |
157 | $cgiparams{'DEST_NET'} = $temp[6]; | |
158 | $cgiparams{'REMARK'} = $temp[7]; | |
159 | } | |
160 | } | |
161 | } | |
162 | ||
163 | if ($cgiparams{'ACTION'} eq '') | |
164 | { | |
165 | $cgiparams{'PROTOCOL'} = 'tcp'; | |
166 | $cgiparams{'ENABLED'} = 'on'; | |
167 | $cgiparams{'SRC_NET'} = 'orange'; | |
168 | $cgiparams{'DEST_NET'} = 'blue'; | |
169 | } | |
170 | ||
171 | $selected{'PROTOCOL'}{'udp'} = ''; | |
172 | $selected{'PROTOCOL'}{'tcp'} = ''; | |
173 | $selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = "selected='selected'"; | |
174 | ||
175 | $selected{'SRC_NET'}{'orange'} = ''; | |
176 | $selected{'SRC_NET'}{'blue'} = ''; | |
177 | $selected{'SRC_NET'}{$cgiparams{'SRC_NET'}} = "selected='selected'"; | |
178 | ||
179 | $selected{'DEST_NET'}{'blue'} = ''; | |
180 | $selected{'DEST_NET'}{'green'} = ''; | |
181 | $selected{'DEST_NET'}{$cgiparams{'DEST_NET'}} = "selected='selected'"; | |
182 | ||
183 | $checked{'ENABLED'}{'off'} = ''; | |
184 | $checked{'ENABLED'}{'on'} = ''; | |
185 | $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'"; | |
186 | ||
187 | &Header::openpage($Lang::tr{'dmz pinhole configuration'}, 1, ''); | |
188 | ||
189 | &Header::openbigbox('100%', 'left', '', $errormessage); | |
190 | ||
191 | if ($errormessage) { | |
192 | &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); | |
193 | print "<class name='base'>$errormessage\n"; | |
194 | print " </class>\n"; | |
195 | &Header::closebox(); | |
196 | } | |
197 | ||
198 | print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n"; | |
199 | ||
200 | my $buttonText = $Lang::tr{'add'}; | |
201 | if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { | |
202 | &Header::openbox('100%', 'left', $Lang::tr{'edit a rule'}); | |
203 | $buttonText = $Lang::tr{'update'}; | |
204 | } else { | |
205 | &Header::openbox('100%', 'left', $Lang::tr{'add a new rule'}); | |
206 | } | |
207 | print <<END | |
208 | <table width='100%'> | |
209 | <tr> | |
210 | <td> | |
211 | <select name='PROTOCOL'> | |
212 | <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option> | |
213 | <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option> | |
214 | </select> | |
215 | </td> | |
216 | <td> | |
217 | $Lang::tr{'source net'}:</td> | |
218 | <td> | |
219 | <select name='SRC_NET'> | |
220 | END | |
221 | ; | |
222 | if (&haveOrangeNet()) { | |
223 | print "<option value='orange' $selected{'SRC_NET'}{'orange'}>$Lang::tr{'orange'}</option>"; | |
224 | } | |
225 | if (&haveBlueNet()) { | |
226 | print "<option value='blue' $selected{'SRC_NET'}{'blue'}>$Lang::tr{'blue'}</option>"; | |
227 | } | |
228 | print <<END | |
229 | </select> | |
230 | </td> | |
231 | <td class='base'>$Lang::tr{'source ip or net'}:</td> | |
232 | <td><input type='text' name='SRC_IP' value='$cgiparams{'SRC_IP'}' size='15' /></td> | |
233 | </tr> | |
234 | <tr> | |
235 | <td> | |
236 | </td> | |
237 | <td> | |
238 | $Lang::tr{'destination net'}:</td> | |
239 | <td> | |
240 | <select name='DEST_NET'> | |
241 | END | |
242 | ; | |
243 | if (&haveOrangeNet() && &haveBlueNet()) { | |
244 | print "<option value='blue' $selected{'DEST_NET'}{'blue'}>$Lang::tr{'blue'}</option>"; | |
245 | } | |
246 | ||
247 | print <<END | |
248 | <option value='green' $selected{'DEST_NET'}{'green'}>$Lang::tr{'green'}</option> | |
249 | </select> | |
250 | </td> | |
251 | <td class='base'> | |
252 | $Lang::tr{'destination ip or net'}:</td> | |
253 | <td> | |
254 | <input type='text' name='DEST_IP' value='$cgiparams{'DEST_IP'}' size='15' /> | |
255 | </td> | |
256 | <td class='base'> | |
257 | $Lang::tr{'destination port'}: | |
258 | <input type='text' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /> | |
259 | </td> | |
260 | </tr> | |
261 | </table> | |
262 | <table width='100%'> | |
263 | <tr> | |
264 | <td colspan='3' width='50%' class='base'> | |
265 | <font class='boldbase'>$Lang::tr{'remark title'} <img src='/blob.gif' alt='*' /></font> | |
266 | <input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /> | |
267 | </td> | |
268 | </tr> | |
269 | <tr> | |
270 | <td class='base' width='50%'> | |
271 | <img src='/blob.gif' alt ='*' align='top' /> | |
272 | <font class='base'>$Lang::tr{'this field may be blank'}</font> | |
273 | </td> | |
274 | <td class='base' width='25%' align='center'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td> | |
275 | <td width='25%' align='center'> | |
276 | <input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /> | |
277 | <input type='submit' name='SUBMIT' value='$buttonText' /> | |
278 | </td> | |
279 | </tr> | |
280 | </table> | |
281 | END | |
282 | ; | |
283 | if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { | |
284 | print "<input type='hidden' name='EDITING' value='$cgiparams{'ID'}' />\n"; | |
285 | } else { | |
286 | print "<input type='hidden' name='EDITING' value='no' />\n"; | |
287 | } | |
288 | &Header::closebox(); | |
289 | print "</form>\n"; | |
290 | ||
291 | &Header::openbox('100%', 'left', $Lang::tr{'current rules'}); | |
292 | print <<END | |
293 | <table width='100%'> | |
294 | <tr> | |
295 | <td width='7%' class='boldbase' align='center'><b>$Lang::tr{'proto'}</b></td> | |
296 | <td width='3%' class='boldbase' align='center'><b>$Lang::tr{'net'}</b></td> | |
297 | <td width='25%' class='boldbase' align='center'><b>$Lang::tr{'source'}</b></td> | |
298 | <td width='2%' class='boldbase' align='center'> </td> | |
299 | <td width='3%' class='boldbase' align='center'><b>$Lang::tr{'net'}</b></td> | |
300 | <td width='25%' class='boldbase' align='center'><b>$Lang::tr{'destination'}</b></td> | |
301 | <td width='30%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td> | |
302 | <td width='1%' class='boldbase' align='center'> </td> | |
303 | <td width='4%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td> | |
304 | END | |
305 | ; | |
306 | ||
307 | # Achim Weber: if i add a new rule, this rule is not displayed?!? | |
308 | # we re-read always config. | |
309 | # If something has happeened re-read config | |
310 | #if($cgiparams{'ACTION'} ne '') | |
311 | #{ | |
312 | open(FILE, $filename) or die 'Unable to open config file.'; | |
313 | @current = <FILE>; | |
314 | close(FILE); | |
315 | #} | |
316 | my $id = 0; | |
317 | foreach my $line (@current) | |
318 | { | |
319 | my $protocol=''; | |
320 | my $gif=''; | |
321 | my $toggle=''; | |
322 | my $gdesc=''; | |
323 | $id++; | |
324 | chomp($line); | |
325 | my @temp = split(/\,/,$line); | |
326 | if ($temp[0] eq 'udp') { $protocol = 'UDP'; } else { $protocol = 'TCP' } | |
327 | ||
328 | my $srcnetcolor = ($temp[5] eq 'blue')? ${Header::colourblue} : ${Header::colourorange}; | |
329 | my $destnetcolor = ($temp[6] eq 'blue')? ${Header::colourblue} : ${Header::colourgreen}; | |
330 | ||
331 | if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) { | |
332 | print "<tr bgcolor='${Header::colouryellow}'>\n"; } | |
333 | elsif ($id % 2) { | |
334 | print "<tr bgcolor='${Header::table1colour}'>\n"; } | |
335 | else { | |
336 | print "<tr bgcolor='${Header::table2colour}'>\n"; } | |
337 | if ($temp[4] eq 'on') { $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};} | |
338 | else { $gif = 'off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; } | |
339 | ||
340 | # Darren Critchley - Get Port Service Name if we can - code borrowed from firewalllog.dat | |
341 | my $dstprt =$temp[3]; | |
342 | $_=$temp[3]; | |
343 | if (/^\d+$/) { | |
344 | my $servi = uc(getservbyport($temp[3], lc($temp[0]))); | |
345 | if ($servi ne '' && $temp[3] < 1024) { | |
346 | $dstprt = "$dstprt($servi)"; } | |
347 | } | |
348 | # Darren Critchley - If the line is too long, wrap the port numbers | |
349 | my $dstaddr = "$temp[2] : $dstprt"; | |
350 | if (length($dstaddr) > 26) { | |
351 | $dstaddr = "$temp[2] :<br /> $dstprt"; | |
352 | } | |
353 | print <<END | |
354 | <td align='center'>$protocol</td> | |
355 | <td bgcolor='$srcnetcolor'></td> | |
356 | <td align='center'>$temp[1]</td> | |
357 | <td align='center'><img src='/images/forward.gif' /></td> | |
358 | <td bgcolor='$destnetcolor'></td> | |
359 | <td align='center'>$dstaddr</td> | |
360 | <td align='center'>$temp[7]</td> | |
361 | ||
362 | <td align='center'> | |
363 | <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'> | |
364 | <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' /> | |
365 | <input type='hidden' name='ID' value='$id' /> | |
366 | <input type='hidden' name='ENABLE' value='$toggle' /> | |
367 | <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' /> | |
368 | </form> | |
369 | </td> | |
370 | ||
371 | <td align='center'> | |
372 | <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'> | |
373 | <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' /> | |
374 | <input type='hidden' name='ID' value='$id' /> | |
375 | <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' /> | |
376 | </form> | |
377 | </td> | |
378 | ||
379 | <td align='center'> | |
380 | <form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'> | |
381 | <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' /> | |
382 | <input type='hidden' name='ID' value='$id' /> | |
383 | <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' /> | |
384 | </form> | |
385 | </td> | |
386 | ||
387 | </tr> | |
388 | END | |
389 | ; | |
390 | } | |
391 | print "</table>\n"; | |
392 | ||
393 | # If the fixed lease file contains entries, print Key to action icons | |
394 | if ( ! -z "$filename") { | |
395 | print <<END | |
396 | <table> | |
397 | <tr> | |
398 | <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td> | |
399 | <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td> | |
400 | <td class='base'>$Lang::tr{'click to disable'}</td> | |
401 | <td> <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td> | |
402 | <td class='base'>$Lang::tr{'click to enable'}</td> | |
403 | <td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td> | |
404 | <td class='base'>$Lang::tr{'edit'}</td> | |
405 | <td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td> | |
406 | <td class='base'>$Lang::tr{'remove'}</td> | |
407 | </tr> | |
408 | </table> | |
409 | END | |
410 | ; | |
411 | } | |
412 | ||
413 | &Header::closebox(); | |
414 | ||
415 | &Header::closebigbox(); | |
416 | ||
417 | &Header::closepage(); | |
418 | ||
419 | sub validNet | |
420 | { | |
421 | my $srcNet = $_[0]; | |
422 | my $destNet = $_[1]; | |
423 | ||
424 | if ($srcNet eq $destNet) { | |
425 | return $Lang::tr{'dmzpinholes for same net not necessary'}; } | |
426 | unless ($srcNet =~ /^(blue|orange)$/) { | |
427 | return $Lang::tr{'select source net'}; } | |
428 | unless ($destNet =~ /^(blue|green)$/) { | |
429 | return $Lang::tr{'select dest net'}; } | |
430 | ||
431 | return ''; | |
432 | } | |
433 | ||
434 | sub haveOrangeNet | |
435 | { | |
f0ef6853 CS |
436 | if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;} |
437 | if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;} | |
ac1cfefa MT |
438 | return 0; |
439 | } | |
440 | ||
441 | sub haveBlueNet | |
442 | { | |
f0ef6853 | 443 | if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;} |
ac1cfefa | 444 | if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;} |
ac1cfefa MT |
445 | return 0; |
446 | } |