]>
Commit | Line | Data |
---|---|---|
ac1cfefa | 1 | #!/usr/bin/perl |
70df8302 MT |
2 | ############################################################################### |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2007 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
ac1cfefa MT |
21 | |
22 | use strict; | |
23 | ||
24 | # enable only the following on debugging purpose | |
25 | #use warnings; | |
26 | #use CGI::Carp 'fatalsToBrowser'; | |
27 | ||
986e08d9 | 28 | require '/var/ipfire/general-functions.pl'; |
ac1cfefa MT |
29 | require "${General::swroot}/lang.pl"; |
30 | require "${General::swroot}/header.pl"; | |
31 | ||
32 | #workaround to suppress a warning when a variable is used only once | |
33 | my @dummy = ( ${Header::colouryellow} ); | |
34 | undef (@dummy); | |
35 | ||
36 | my %cgiparams=(); | |
37 | my %checked=(); | |
38 | my %selected=(); | |
39 | my $errormessage = ''; | |
40 | my $filename = "${General::swroot}/xtaccess/config"; | |
41 | my $aliasfile = "${General::swroot}/ethernet/aliases"; | |
42 | my $changed = 'no'; | |
43 | ||
f2fdd0c1 CS |
44 | my %color = (); |
45 | my %mainsettings = (); | |
46 | &General::readhash("${General::swroot}/main/settings", \%mainsettings); | |
47 | &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); | |
48 | ||
ac1cfefa MT |
49 | &Header::showhttpheaders(); |
50 | ||
51 | $cgiparams{'ENABLED'} = 'off'; | |
52 | $cgiparams{'ACTION'} = ''; | |
53 | $cgiparams{'SRC'} = ''; | |
54 | $cgiparams{'DEST_PORT'} = ''; | |
55 | $cgiparams{'REMARK'} =''; | |
56 | &Header::getcgihash(\%cgiparams); | |
57 | open(FILE, $filename) or die 'Unable to open config file.'; | |
58 | my @current = <FILE>; | |
59 | close(FILE); | |
60 | ||
61 | if ($cgiparams{'ACTION'} eq $Lang::tr{'add'}) | |
62 | { | |
63 | unless($cgiparams{'PROTOCOL'} =~ /^(tcp|udp)$/) { $errormessage = $Lang::tr{'invalid input'}; } | |
64 | unless(&General::validipormask($cgiparams{'SRC'})) | |
65 | { | |
66 | if ($cgiparams{'SRC'} ne '') { | |
67 | $errormessage = $Lang::tr{'source ip bad'}; } | |
68 | else { | |
69 | $cgiparams{'SRC'} = '0.0.0.0/0'; } | |
70 | } | |
71 | unless($errormessage){ $errormessage = &General::validportrange($cgiparams{'DEST_PORT'},'dst'); } | |
72 | if ( ! $errormessage) | |
73 | { | |
74 | $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); | |
75 | ||
76 | if($cgiparams{'EDITING'} eq 'no') { | |
77 | open(FILE,">>$filename") or die 'Unable to open config file.'; | |
78 | flock FILE, 2; | |
79 | print FILE "$cgiparams{'PROTOCOL'},$cgiparams{'SRC'},$cgiparams{'DEST_PORT'},$cgiparams{'ENABLED'},$cgiparams{'DEST'},$cgiparams{'REMARK'}\n"; | |
80 | } else { | |
81 | open(FILE, ">$filename") or die 'Unable to open config file.'; | |
82 | flock FILE, 2; | |
83 | my $id = 0; | |
84 | foreach my $line (@current) | |
85 | { | |
86 | $id++; | |
87 | if ($cgiparams{'EDITING'} eq $id) { | |
88 | print FILE "$cgiparams{'PROTOCOL'},$cgiparams{'SRC'},$cgiparams{'DEST_PORT'},$cgiparams{'ENABLED'},$cgiparams{'DEST'},$cgiparams{'REMARK'}\n"; | |
89 | } else { print FILE "$line"; } | |
90 | } | |
91 | } | |
92 | close(FILE); | |
93 | undef %cgiparams; | |
94 | $changed = 'yes'; | |
95 | &General::log($Lang::tr{'external access rule added'}); | |
96 | system('/usr/local/bin/setxtaccess'); | |
97 | } else { | |
98 | # stay on edit mode if an error occur | |
99 | if ($cgiparams{'EDITING'} ne 'no') | |
100 | { | |
101 | $cgiparams{'ACTION'} = $Lang::tr{'edit'}; | |
102 | $cgiparams{'ID'} = $cgiparams{'EDITING'}; | |
103 | } | |
104 | } | |
105 | } | |
106 | if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) | |
107 | { | |
108 | my $id = 0; | |
109 | open(FILE, ">$filename") or die 'Unable to open config file.'; | |
110 | flock FILE, 2; | |
111 | foreach my $line (@current) | |
112 | { | |
113 | $id++; | |
114 | unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; } | |
115 | } | |
116 | close(FILE); | |
117 | system('/usr/local/bin/setxtaccess'); | |
118 | &General::log($Lang::tr{'external access rule removed'}); | |
119 | } | |
120 | if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) | |
121 | { | |
122 | open(FILE, ">$filename") or die 'Unable to open config file.'; | |
123 | flock FILE, 2; | |
124 | my $id = 0; | |
125 | foreach my $line (@current) | |
126 | { | |
127 | $id++; | |
128 | unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; } | |
129 | else | |
130 | { | |
131 | chomp($line); | |
132 | my @temp = split(/\,/,$line); | |
133 | print FILE "$temp[0],$temp[1],$temp[2],$cgiparams{'ENABLE'},$temp[4],$temp[5]\n"; | |
134 | } | |
135 | } | |
136 | close(FILE); | |
137 | system('/usr/local/bin/setxtaccess'); | |
138 | } | |
139 | if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) | |
140 | { | |
141 | my $id = 0; | |
142 | foreach my $line (@current) | |
143 | { | |
144 | $id++; | |
145 | if ($cgiparams{'ID'} eq $id) | |
146 | { | |
147 | chomp($line); | |
148 | my @temp = split(/\,/,$line); | |
149 | $cgiparams{'PROTOCOL'} = $temp[0]; | |
150 | $cgiparams{'SRC'} = $temp[1]; | |
151 | $cgiparams{'DEST_PORT'} = $temp[2]; | |
152 | $cgiparams{'ENABLED'} = $temp[3]; | |
153 | $cgiparams{'DEST'} = $temp[4]; | |
154 | $cgiparams{'REMARK'} = $temp[5]; | |
155 | } | |
156 | } | |
157 | } | |
158 | ||
159 | if ($cgiparams{'ACTION'} eq '') | |
160 | { | |
161 | $cgiparams{'PROTOCOL'} = 'tcp'; | |
162 | $cgiparams{'DEST'} = '0.0.0.0'; | |
163 | $cgiparams{'ENABLED'} = 'on'; | |
164 | } | |
165 | ||
166 | $selected{'PROTOCOL'}{'udp'} = ''; | |
167 | $selected{'PROTOCOL'}{'tcp'} = ''; | |
168 | $selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = "selected='selected'"; | |
169 | ||
170 | $selected{'DEST'}{$cgiparams{'DEST'}} = "selected='selected'"; | |
171 | ||
172 | $checked{'ENABLED'}{'off'} = ''; | |
173 | $checked{'ENABLED'}{'on'} = ''; | |
174 | $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'"; | |
175 | ||
176 | &Header::openpage($Lang::tr{'external access configuration'}, 1, ''); | |
177 | ||
178 | &Header::openbigbox('100%', 'left', '', $errormessage); | |
179 | ||
180 | if ($errormessage) { | |
181 | &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); | |
182 | print "<class name='base'>$errormessage\n"; | |
183 | print " </class>\n"; | |
184 | &Header::closebox(); | |
185 | } | |
186 | ||
187 | print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n"; | |
188 | ||
189 | my $buttontext = $Lang::tr{'add'}; | |
190 | if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { | |
191 | &Header::openbox('100%', 'left', $Lang::tr{'edit a rule'}); | |
192 | $buttontext = $Lang::tr{'update'}; | |
193 | } else { | |
194 | &Header::openbox('100%', 'left', $Lang::tr{'add a new rule'}); | |
195 | } | |
196 | print <<END | |
197 | <table width='100%'> | |
198 | <tr> | |
199 | <td width='10%'> | |
200 | <select name='PROTOCOL'> | |
201 | <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option> | |
202 | <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option> | |
203 | </select> | |
204 | </td> | |
205 | <td class='base'><font color='${Header::colourred}'>$Lang::tr{'source network'}</font></td> | |
206 | <td><input type='text' name='SRC' value='$cgiparams{'SRC'}' size='32' /></td> | |
207 | <td class='base'><font color='${Header::colourred}'>$Lang::tr{'destination port'}:</font></td> | |
208 | <td><input type='text' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td> | |
209 | </tr> | |
210 | </table> | |
211 | <table width='100%'> | |
212 | <tr> | |
213 | <td width='10%' class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td> | |
214 | <td class='base'><font color='${Header::colourred}'>$Lang::tr{'destination ip'}: </font> | |
215 | <select name='DEST'> | |
216 | <option value='0.0.0.0' $selected{'DEST'}{'0.0.0.0'}>DEFAULT IP</option> | |
217 | END | |
218 | ; | |
219 | ||
220 | open(ALIASES, "$aliasfile") or die 'Unable to open aliases file.'; | |
221 | while (<ALIASES>) | |
222 | { | |
223 | chomp($_); | |
224 | my @temp = split(/\,/,$_); | |
225 | if ($temp[1] eq 'on') { | |
226 | print "<option value='$temp[0]' $selected{'DEST'}{$temp[0]}>$temp[0]"; | |
227 | if (defined $temp[2] and ($temp[2] ne '')) { print " ($temp[2])"; } | |
228 | print "</option>\n"; | |
229 | } | |
230 | } | |
231 | close(ALIASES); | |
232 | print <<END | |
233 | </select> | |
234 | </td> | |
235 | </tr> | |
236 | </table> | |
237 | <table width='100%'> | |
238 | <tr> | |
239 | <td width ='10%' class='base'> | |
240 | <font class='boldbase'>$Lang::tr{'remark'}:</font> <img src='/blob.gif' alt='*' /> | |
241 | </td> | |
242 | <td width='65%'> | |
243 | <input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /> | |
244 | </td> | |
245 | <td width='25%' align='center'> | |
246 | <input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /> | |
247 | <input type='submit' name='SUBMIT' value='$buttontext' /> | |
248 | </td> | |
249 | </tr> | |
250 | </table> | |
251 | <table width='100%'> | |
252 | <tr> | |
253 | <td class='base' width='30%'><img src='/blob.gif' alt ='*' align='top' /> <font class='base'>$Lang::tr{'this field may be blank'}</font> | |
254 | </td> | |
255 | </tr> | |
256 | </table> | |
257 | END | |
258 | ; | |
259 | if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { | |
260 | print "<input type='hidden' name='EDITING' value='$cgiparams{'ID'}' />\n"; | |
261 | } else { | |
262 | print "<input type='hidden' name='EDITING' value='no' />\n"; | |
263 | } | |
264 | ||
265 | &Header::closebox(); | |
266 | print "</form>\n"; | |
267 | ||
268 | &Header::openbox('100%', 'left', $Lang::tr{'current rules'}); | |
269 | print <<END | |
270 | <table width='100%'> | |
271 | <tr> | |
272 | <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'proto'}</b></td> | |
273 | <td width='20%' class='boldbase' align='center'><b>$Lang::tr{'source ip'}</b></td> | |
274 | <td width='20%' class='boldbase' align='center'><b>$Lang::tr{'destination ip'}</b></td> | |
275 | <td width='15%' class='boldbase' align='center'><b>$Lang::tr{'destination port'}</b></td> | |
276 | <td width='30%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td> | |
277 | <td width='5%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td> | |
278 | </tr> | |
279 | END | |
280 | ; | |
281 | ||
282 | # If something has happened re-read config | |
283 | if($cgiparams{'ACTION'} ne '' or $changed ne 'no') | |
284 | { | |
285 | open(FILE, $filename) or die 'Unable to open config file.'; | |
286 | @current = <FILE>; | |
287 | close(FILE); | |
288 | } | |
289 | my $id = 0; | |
290 | foreach my $line (@current) | |
291 | { | |
292 | $id++; | |
293 | chomp($line); | |
294 | my @temp = split(/\,/,$line); | |
295 | my $protocol = ''; | |
296 | my $gif = ''; | |
297 | my $gdesc = ''; | |
298 | my $toggle = ''; | |
299 | if ($temp[0] eq 'udp') { | |
300 | $protocol = 'UDP'; } | |
301 | else { | |
302 | $protocol = 'TCP' } | |
303 | if($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) { | |
304 | print "<tr bgcolor='${Header::colouryellow}'>\n"; } | |
305 | elsif ($id % 2) { | |
f2fdd0c1 | 306 | print "<tr bgcolor='$color{'color22'}'>\n"; } |
ac1cfefa | 307 | else { |
f2fdd0c1 | 308 | print "<tr bgcolor='$color{'color20'}'>\n"; } |
ac1cfefa MT |
309 | if ($temp[3] eq 'on') { $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};} |
310 | else { $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; } | |
311 | if ($temp[1] eq '0.0.0.0/0') { | |
312 | $temp[1] = $Lang::tr{'caps all'}; } | |
313 | # catch for 'old-style' rules file - assume default ip if | |
314 | # none exists | |
315 | if (!&General::validip($temp[4]) || $temp[4] eq '0.0.0.0') { | |
316 | $temp[4] = 'DEFAULT IP'; } | |
317 | $temp[5] = '' unless defined $temp[5]; | |
318 | print <<END | |
319 | <td align='center'>$protocol</td> | |
320 | <td align='center'>$temp[1]</td> | |
321 | <td align='center'>$temp[4]</td> | |
322 | <td align='center'>$temp[2]</td> | |
323 | <td align='left'> $temp[5]</td> | |
324 | <td align='center'> | |
325 | <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'> | |
326 | <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' title='$gdesc' alt='$gdesc' /> | |
327 | <input type='hidden' name='ID' value='$id' /> | |
328 | <input type='hidden' name='ENABLE' value='$toggle' /> | |
329 | <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' /> | |
330 | </form> | |
331 | </td> | |
332 | <td align='center'> | |
333 | <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'> | |
334 | <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' /> | |
335 | <input type='hidden' name='ID' value='$id' /> | |
336 | <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' /> | |
337 | </form> | |
338 | </td> | |
339 | <td align='center'> | |
340 | <form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'> | |
341 | <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' /> | |
342 | <input type='hidden' name='ID' value='$id' /> | |
343 | <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' /> | |
344 | </form> | |
345 | </td> | |
346 | ||
347 | </tr> | |
348 | END | |
349 | ; | |
350 | } | |
351 | print "</table>\n"; | |
352 | ||
353 | # If the xt access file contains entries, print Key to action icons | |
354 | if ( ! -z "$filename") { | |
355 | print <<END | |
356 | <table> | |
357 | <tr> | |
358 | <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td> | |
359 | <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td> | |
360 | <td class='base'>$Lang::tr{'click to disable'}</td> | |
361 | <td> <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td> | |
362 | <td class='base'>$Lang::tr{'click to enable'}</td> | |
363 | <td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td> | |
364 | <td class='base'>$Lang::tr{'edit'}</td> | |
365 | <td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td> | |
366 | <td class='base'>$Lang::tr{'remove'}</td> | |
367 | </tr> | |
368 | </table> | |
369 | END | |
370 | ; | |
371 | } | |
372 | ||
373 | &Header::closebox(); | |
374 | ||
375 | &Header::closebigbox(); | |
376 | ||
377 | &Header::closepage(); |