]> git.ipfire.org Git - ipfire-2.x.git/blob - src/misc-progs/setdmzholes.c
Connections.cgi neu geschrieben.
[ipfire-2.x.git] / src / misc-progs / setdmzholes.c
1 /* SmoothWall helper program - setdmzhole
2 *
3 * This program is distributed under the terms of the GNU General Public
4 * Licence. See the file COPYING for details.
5 *
6 * (c) Daniel Goscomb, 2001
7 *
8 * Modifications and improvements by Lawrence Manning.
9 *
10 * 10/04/01 Aslak added protocol support
11 * This program reads the list of ports to forward and setups iptables
12 * and rules in ipmasqadm to enable them.
13 *
14 * $Id: setdmzholes.c,v 1.5.2.3 2005/10/18 17:05:27 franck78 Exp $
15 *
16 */
17 #include "libsmooth.h"
18 #include <stdio.h>
19 #include <string.h>
20 #include <stdlib.h>
21 #include "setuid.h"
22
23 FILE *fwdfile = NULL;
24
25 void exithandler(void)
26 {
27 if (fwdfile)
28 fclose(fwdfile);
29 }
30
31 int main(void)
32 {
33 int count;
34 char *protocol;
35 char *locip;
36 char *remip;
37 char *remport;
38 char *enabled;
39 char *src_net;
40 char *dst_net;
41 char s[STRING_SIZE];
42 char *result;
43 struct keyvalue *kv = NULL;
44 char orange_dev[STRING_SIZE] = "";
45 char blue_dev[STRING_SIZE] = "";
46 char green_dev[STRING_SIZE] = "";
47 char *idev;
48 char *odev;
49 char command[STRING_SIZE];
50
51 if (!(initsetuid()))
52 exit(1);
53
54 atexit(exithandler);
55
56 kv=initkeyvalues();
57 if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))
58 {
59 fprintf(stderr, "Cannot read ethernet settings\n");
60 exit(1);
61 }
62
63 if (!findkey(kv, "GREEN_DEV", green_dev))
64 {
65 fprintf(stderr, "Cannot read GREEN_DEV\n");
66 exit(1);
67 }
68 findkey(kv, "BLUE_DEV", blue_dev);
69 findkey(kv, "ORANGE_DEV", orange_dev);
70
71 if (!(fwdfile = fopen(CONFIG_ROOT "/dmzholes/config", "r")))
72 {
73 fprintf(stderr, "Couldn't open dmzholes settings file\n");
74 exit(1);
75 }
76
77 safe_system("/sbin/iptables -F DMZHOLES");
78
79 while (fgets(s, STRING_SIZE, fwdfile) != NULL)
80 {
81 if (s[strlen(s) - 1] == '\n')
82 s[strlen(s) - 1] = '\0';
83 result = strtok(s, ",");
84
85 count = 0;
86 protocol = NULL;
87 locip = NULL; remip = NULL;
88 remport = NULL;
89 enabled = NULL;
90 src_net = NULL;
91 dst_net = NULL;
92 idev = NULL;
93 odev = NULL;
94
95 while (result)
96 {
97 if (count == 0)
98 protocol = result;
99 else if (count == 1)
100 locip = result;
101 else if (count == 2)
102 remip = result;
103 else if (count == 3)
104 remport = result;
105 else if (count == 4)
106 enabled = result;
107 else if (count == 5)
108 src_net = result;
109 else if (count == 6)
110 dst_net = result;
111 count++;
112 result = strtok(NULL, ",");
113 }
114
115 if (!(protocol && locip && remip && remport && enabled))
116 {
117 fprintf(stderr, "Bad line:\n");
118 break;
119 }
120
121 if (!VALID_PROTOCOL(protocol))
122 {
123 fprintf(stderr, "Bad protocol: %s\n", protocol);
124 exit(1);
125 }
126 if (!VALID_IP_AND_MASK(locip))
127 {
128 fprintf(stderr, "Bad local IP: %s\n", locip);
129 exit(1);
130 }
131 if (!VALID_IP_AND_MASK(remip))
132 {
133 fprintf(stderr, "Bad remote IP: %s\n", remip);
134 exit(1);
135 }
136 if (!VALID_PORT_RANGE(remport))
137 {
138 fprintf(stderr, "Bad remote port: %s\n", remport);
139 exit(1);
140 }
141
142 if (!src_net) { src_net = strdup ("orange");}
143 if (!dst_net) { dst_net = strdup ("green");}
144
145 if (!strcmp(src_net, "blue")) { idev = blue_dev; }
146 if (!strcmp(src_net, "orange")) { idev = orange_dev; }
147 if (!strcmp(dst_net, "blue")) { odev = blue_dev; }
148 if (!strcmp(dst_net, "green")) { odev = green_dev; }
149
150 if (!strcmp(enabled, "on") && strlen(idev) && strlen (odev))
151 {
152 char *ctr;
153 /* If remport contains a - we need to change it to a : */
154 if ((ctr = strchr(remport,'-')) != NULL){*ctr = ':';}
155 memset(command, 0, STRING_SIZE);
156 snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A DMZHOLES -p %s -i %s -o %s -s %s -d %s --dport %s -j ACCEPT", protocol, idev, odev, locip, remip, remport);
157 safe_system(command);
158 }
159 }
160
161 return 0;
162 }