]>
git.ipfire.org Git - ipfire-2.x.git/blob - src/misc-progs/setdmzholes.c
1 /* SmoothWall helper program - setdmzhole
3 * This program is distributed under the terms of the GNU General Public
4 * Licence. See the file COPYING for details.
6 * (c) Daniel Goscomb, 2001
8 * Modifications and improvements by Lawrence Manning.
10 * 10/04/01 Aslak added protocol support
11 * This program reads the list of ports to forward and setups iptables
12 * and rules in ipmasqadm to enable them.
14 * $Id: setdmzholes.c,v 1.5.2.3 2005/10/18 17:05:27 franck78 Exp $
17 #include "libsmooth.h"
25 void exithandler(void)
43 struct keyvalue
*kv
= NULL
;
44 char orange_dev
[STRING_SIZE
] = "";
45 char blue_dev
[STRING_SIZE
] = "";
46 char green_dev
[STRING_SIZE
] = "";
49 char command
[STRING_SIZE
];
57 if (!readkeyvalues(kv
, CONFIG_ROOT
"/ethernet/settings"))
59 fprintf(stderr
, "Cannot read ethernet settings\n");
63 if (!findkey(kv
, "GREEN_DEV", green_dev
))
65 fprintf(stderr
, "Cannot read GREEN_DEV\n");
68 findkey(kv
, "BLUE_DEV", blue_dev
);
69 findkey(kv
, "ORANGE_DEV", orange_dev
);
71 if (!(fwdfile
= fopen(CONFIG_ROOT
"/dmzholes/config", "r")))
73 fprintf(stderr
, "Couldn't open dmzholes settings file\n");
77 safe_system("/sbin/iptables -F DMZHOLES");
79 while (fgets(s
, STRING_SIZE
, fwdfile
) != NULL
)
81 if (s
[strlen(s
) - 1] == '\n')
82 s
[strlen(s
) - 1] = '\0';
83 result
= strtok(s
, ",");
87 locip
= NULL
; remip
= NULL
;
112 result
= strtok(NULL
, ",");
115 if (!(protocol
&& locip
&& remip
&& remport
&& enabled
))
117 fprintf(stderr
, "Bad line:\n");
121 if (!VALID_PROTOCOL(protocol
))
123 fprintf(stderr
, "Bad protocol: %s\n", protocol
);
126 if (!VALID_IP_AND_MASK(locip
))
128 fprintf(stderr
, "Bad local IP: %s\n", locip
);
131 if (!VALID_IP_AND_MASK(remip
))
133 fprintf(stderr
, "Bad remote IP: %s\n", remip
);
136 if (!VALID_PORT_RANGE(remport
))
138 fprintf(stderr
, "Bad remote port: %s\n", remport
);
142 if (!src_net
) { src_net
= strdup ("orange");}
143 if (!dst_net
) { dst_net
= strdup ("green");}
145 if (!strcmp(src_net
, "blue")) { idev
= blue_dev
; }
146 if (!strcmp(src_net
, "orange")) { idev
= orange_dev
; }
147 if (!strcmp(dst_net
, "blue")) { odev
= blue_dev
; }
148 if (!strcmp(dst_net
, "green")) { odev
= green_dev
; }
150 if (!strcmp(enabled
, "on") && strlen(idev
) && strlen (odev
))
153 /* If remport contains a - we need to change it to a : */
154 if ((ctr
= strchr(remport
,'-')) != NULL
){*ctr
= ':';}
155 memset(command
, 0, STRING_SIZE
);
156 snprintf(command
, STRING_SIZE
- 1, "/sbin/iptables -A DMZHOLES -p %s -i %s -o %s -s %s -d %s --dport %s -j ACCEPT", protocol
, idev
, odev
, locip
, remip
, remport
);
157 safe_system(command
);