#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see . #
# #
###############################################################################
use strict;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::colouryellow} );
undef (@dummy);
my %cgiparams=();
my %checked=();
my %selected=();
my $errormessage = '';
my $filename = "${General::swroot}/xtaccess/config";
my $aliasfile = "${General::swroot}/ethernet/aliases";
my $changed = 'no';
my %color = ();
my %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
&Header::showhttpheaders();
$cgiparams{'ENABLED'} = 'off';
$cgiparams{'ACTION'} = '';
$cgiparams{'SRC'} = '';
$cgiparams{'DEST_PORT'} = '';
$cgiparams{'REMARK'} ='';
&Header::getcgihash(\%cgiparams);
open(FILE, $filename) or die 'Unable to open config file.';
my @current = ;
close(FILE);
if ($cgiparams{'ACTION'} eq $Lang::tr{'add'})
{
unless($cgiparams{'PROTOCOL'} =~ /^(tcp|udp)$/) { $errormessage = $Lang::tr{'invalid input'}; }
unless(&General::validipormask($cgiparams{'SRC'}))
{
if ($cgiparams{'SRC'} ne '') {
$errormessage = $Lang::tr{'source ip bad'}; }
else {
$cgiparams{'SRC'} = '0.0.0.0/0'; }
}
unless($errormessage){ $errormessage = &General::validportrange($cgiparams{'DEST_PORT'},'dst'); }
if ( ! $errormessage)
{
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
if($cgiparams{'EDITING'} eq 'no') {
open(FILE,">>$filename") or die 'Unable to open config file.';
flock FILE, 2;
print FILE "$cgiparams{'PROTOCOL'},$cgiparams{'SRC'},$cgiparams{'DEST_PORT'},$cgiparams{'ENABLED'},$cgiparams{'DEST'},$cgiparams{'REMARK'}\n";
} else {
open(FILE, ">$filename") or die 'Unable to open config file.';
flock FILE, 2;
my $id = 0;
foreach my $line (@current)
{
$id++;
if ($cgiparams{'EDITING'} eq $id) {
print FILE "$cgiparams{'PROTOCOL'},$cgiparams{'SRC'},$cgiparams{'DEST_PORT'},$cgiparams{'ENABLED'},$cgiparams{'DEST'},$cgiparams{'REMARK'}\n";
} else { print FILE "$line"; }
}
}
close(FILE);
undef %cgiparams;
$changed = 'yes';
&General::log($Lang::tr{'external access rule added'});
system('/usr/local/bin/setxtaccess');
} else {
# stay on edit mode if an error occur
if ($cgiparams{'EDITING'} ne 'no')
{
$cgiparams{'ACTION'} = $Lang::tr{'edit'};
$cgiparams{'ID'} = $cgiparams{'EDITING'};
}
}
}
if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'})
{
my $id = 0;
open(FILE, ">$filename") or die 'Unable to open config file.';
flock FILE, 2;
foreach my $line (@current)
{
$id++;
unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
}
close(FILE);
system('/usr/local/bin/setxtaccess');
&General::log($Lang::tr{'external access rule removed'});
}
if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'})
{
open(FILE, ">$filename") or die 'Unable to open config file.';
flock FILE, 2;
my $id = 0;
foreach my $line (@current)
{
$id++;
unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
else
{
chomp($line);
my @temp = split(/\,/,$line);
print FILE "$temp[0],$temp[1],$temp[2],$cgiparams{'ENABLE'},$temp[4],$temp[5]\n";
}
}
close(FILE);
system('/usr/local/bin/setxtaccess');
}
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'})
{
my $id = 0;
foreach my $line (@current)
{
$id++;
if ($cgiparams{'ID'} eq $id)
{
chomp($line);
my @temp = split(/\,/,$line);
$cgiparams{'PROTOCOL'} = $temp[0];
$cgiparams{'SRC'} = $temp[1];
$cgiparams{'DEST_PORT'} = $temp[2];
$cgiparams{'ENABLED'} = $temp[3];
$cgiparams{'DEST'} = $temp[4];
$cgiparams{'REMARK'} = $temp[5];
}
}
}
if ($cgiparams{'ACTION'} eq '')
{
$cgiparams{'PROTOCOL'} = 'tcp';
$cgiparams{'DEST'} = '0.0.0.0';
$cgiparams{'ENABLED'} = 'on';
}
$selected{'PROTOCOL'}{'udp'} = '';
$selected{'PROTOCOL'}{'tcp'} = '';
$selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = "selected='selected'";
$selected{'DEST'}{$cgiparams{'DEST'}} = "selected='selected'";
$checked{'ENABLED'}{'off'} = '';
$checked{'ENABLED'}{'on'} = '';
$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'";
&Header::openpage($Lang::tr{'external access configuration'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "$errormessage\n";
print " \n";
&Header::closebox();
}
print "\n";
&Header::openbox('100%', 'left', $Lang::tr{'current rules'});
print <
$Lang::tr{'proto'}
$Lang::tr{'source ip'}
$Lang::tr{'destination ip'}
$Lang::tr{'destination port'}
$Lang::tr{'remark'}
$Lang::tr{'action'}
END
;
# If something has happened re-read config
if($cgiparams{'ACTION'} ne '' or $changed ne 'no')
{
open(FILE, $filename) or die 'Unable to open config file.';
@current = ;
close(FILE);
}
my $id = 0;
foreach my $line (@current)
{
$id++;
chomp($line);
my @temp = split(/\,/,$line);
my $protocol = '';
my $gif = '';
my $gdesc = '';
my $toggle = '';
if ($temp[0] eq 'udp') {
$protocol = 'UDP'; }
else {
$protocol = 'TCP' }
if($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) {
print "
\n"; }
elsif ($id % 2) {
print "
\n"; }
else {
print "
\n"; }
if ($temp[3] eq 'on') { $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};}
else { $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; }
if ($temp[1] eq '0.0.0.0/0') {
$temp[1] = $Lang::tr{'caps all'}; }
# catch for 'old-style' rules file - assume default ip if
# none exists
if (!&General::validip($temp[4]) || $temp[4] eq '0.0.0.0') {
$temp[4] = 'DEFAULT IP'; }
$temp[5] = '' unless defined $temp[5];
print <$protocol
$temp[1]
$temp[4]
$temp[2]
$temp[5]
END
;
}
print "\n";
# If the xt access file contains entries, print Key to action icons
if ( ! -z "$filename") {
print <
$Lang::tr{'legend'}:
$Lang::tr{'click to disable'}
$Lang::tr{'click to enable'}
$Lang::tr{'edit'}
$Lang::tr{'remove'}
END
;
}
&Header::closebox();
&Header::closebigbox();
&Header::closepage();