X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Foutgoingfw.cgi;h=a7260d81f6c340bb8fe23ab8bb625e425f6360ba;hb=5aae218d5886edbecce580ac40520525e8945e2c;hp=e8cef70030e829727598066b37ea39e203cb6d17;hpb=f2fdd0c1e9a3ccf539cd477a6111281eadc200a7;p=people%2Fteissler%2Fipfire-2.x.git diff --git a/html/cgi-bin/outgoingfw.cgi b/html/cgi-bin/outgoingfw.cgi index e8cef7003..a7260d81f 100644 --- a/html/cgi-bin/outgoingfw.cgi +++ b/html/cgi-bin/outgoingfw.cgi @@ -1,16 +1,28 @@ #!/usr/bin/perl -# -# IPFire CGIs -# -# This code is distributed under the terms of the GPL -# -# (c) The IPFire Team -# +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### use strict; # enable only the following on debugging purpose -use warnings; -use CGI::Carp 'fatalsToBrowser'; +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; @@ -59,10 +71,15 @@ $outfwsettings{'DISPLAY_DPORT'} = ''; $outfwsettings{'DISPLAY_SMAC'} = ''; $outfwsettings{'DISPLAY_SIP'} = ''; $outfwsettings{'POLICY'} = 'MODE0'; +$outfwsettings{'MODE1LOG'} = 'off'; &General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings); &Header::getcgihash(\%outfwsettings); +$checked{'MODE1LOG'}{'off'} = ''; +$checked{'MODE1LOG'}{'on'} = ''; +$checked{'MODE1LOG'}{$outfwsettings{'MODE1LOG'}} = "checked='checked'"; + if ($outfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; } if ($outfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; } if ($outfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; } @@ -78,11 +95,20 @@ if ($outfwsettings{'ACTION'} eq $Lang::tr{'reset'}) $outfwsettings{'POLICY'}='MODE0'; unlink $configfile; system("/usr/bin/touch $configfile"); + my $MODE = $outfwsettings{'POLICY'}; + %outfwsettings = (); + $outfwsettings{'POLICY'} = "$MODE"; &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings); } if ($outfwsettings{'ACTION'} eq $Lang::tr{'save'}) { + my $MODE = $outfwsettings{'POLICY'}; + my $MODE1LOG = $outfwsettings{'MODE1LOG'}; + %outfwsettings = (); + $outfwsettings{'POLICY'} = "$MODE"; + $outfwsettings{'MODE1LOG'} = "$MODE1LOG"; &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings); + system("/usr/local/bin/outgoingfwctrl"); } if ($outfwsettings{'ACTION'} eq 'enable') { @@ -100,6 +126,7 @@ if ($outfwsettings{'ACTION'} eq 'enable') } } close FILE; + system("/usr/local/bin/outgoingfwctrl"); } if ($outfwsettings{'ACTION'} eq 'disable') { @@ -117,6 +144,7 @@ if ($outfwsettings{'ACTION'} eq 'disable') } } close FILE; + system("/usr/local/bin/outgoingfwctrl"); } if ($outfwsettings{'ACTION'} eq $Lang::tr{'edit'}) { @@ -134,7 +162,8 @@ if ($outfwsettings{'ACTION'} eq $Lang::tr{'edit'}) ($configline[4] eq $outfwsettings{'NAME'}) && ($configline[5] eq $outfwsettings{'SIP'}) && ($configline[6] eq $outfwsettings{'SMAC'}) && - ($configline[7] eq $outfwsettings{'DIP'}) && + ($configline[7] eq $outfwsettings{'DIP'}) && + ($configline[9] eq $outfwsettings{'LOG'}) && ($configline[8] eq $outfwsettings{'DPORT'})) { print FILE $configentry; @@ -143,10 +172,12 @@ if ($outfwsettings{'ACTION'} eq $Lang::tr{'edit'}) close FILE; $selected{'SNET'}{"$outfwsettings{'SNET'}"} = 'selected'; $selected{'PROT'}{"$outfwsettings{'PROT'}"} = 'selected'; + $selected{'LOG'}{"$outfwsettings{'LOG'}"} = 'selected'; &addrule(); &Header::closebigbox(); &Header::closepage(); - exit + exit + system("/usr/local/bin/outgoingfwctrl"); } if ($outfwsettings{'ACTION'} eq $Lang::tr{'delete'}) { @@ -165,22 +196,25 @@ if ($outfwsettings{'ACTION'} eq $Lang::tr{'delete'}) ($configline[5] eq $outfwsettings{'SIP'}) && ($configline[6] eq $outfwsettings{'SMAC'}) && ($configline[7] eq $outfwsettings{'DIP'}) && + ($configline[9] eq $outfwsettings{'LOG'}) && ($configline[8] eq $outfwsettings{'DPORT'})) { print FILE $configentry; } } close FILE; + system("/usr/local/bin/outgoingfwctrl"); } if ($outfwsettings{'ACTION'} eq $Lang::tr{'add'}) { if ( $outfwsettings{'VALID'} eq 'yes' ) { open( FILE, ">> $configfile" ) or die "Unable to write $configfile"; print FILE < - + + + + + + END ; foreach $configentry (sort @configs) @@ -239,10 +274,11 @@ END $outfwsettings{'SMAC'} = $configline[6]; $outfwsettings{'DIP'} = $configline[7]; $outfwsettings{'DPORT'} = $configline[8]; + $outfwsettings{'LOG'} = $configline[9]; if ($outfwsettings{'DIP'} eq ''){ $outfwsettings{'DISPLAY_DIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DIP'} = $outfwsettings{'DIP'}; } if ($outfwsettings{'DPORT'} eq ''){ $outfwsettings{'DISPLAY_DPORT'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DPORT'} = $outfwsettings{'DPORT'}; } - if ($outfwsettings{'STATE'} eq 'DENY'){ $outfwsettings{'DISPLAY_STATE'} = "DENY"; } - if ($outfwsettings{'STATE'} eq 'ALLOW'){ $outfwsettings{'DISPLAY_STATE'} = "ALLOW"; } + if ($outfwsettings{'STATE'} eq 'DENY'){ $outfwsettings{'DISPLAY_STATE'} = "DENY"; } + if ($outfwsettings{'STATE'} eq 'ALLOW'){ $outfwsettings{'DISPLAY_STATE'} = "ALLOW"; } if ((($outfwsettings{'POLICY'} eq 'MODE1') && ($outfwsettings{'STATE'} eq 'ALLOW')) || (($outfwsettings{'POLICY'} eq 'MODE2') && ($outfwsettings{'STATE'} eq 'DENY'))){ print < @@ -251,33 +287,36 @@ END +
Protokoll - Netzwerk - Ziel - Anmerkung - Politik - Aktionen + $Lang::tr{'protocol'}$Lang::tr{'network'}$Lang::tr{'destination'}$Lang::tr{'description'}$Lang::tr{'policy'}$Lang::tr{'logging'}$Lang::tr{'action'}$outfwsettings{'DISPLAY_DIP'}:$outfwsettings{'DISPLAY_DPORT'} $outfwsettings{'NAME'} $outfwsettings{'DISPLAY_STATE'} - + $outfwsettings{'LOG'} +
- - - - - - - - - - - + + + + + + + + + + + +
- - - - - - - - - - - + + + + + + + + + + + +
END ; @@ -285,10 +324,8 @@ END unless ($outfwsettings{'SIP'}) { $outfwsettings{'DISPLAY_SIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_SIP'} = $outfwsettings{'SIP'}; } unless ($outfwsettings{'SMAC'}) { $outfwsettings{'DISPLAY_SMAC'} = 'ALL'; } else { $outfwsettings{'DISPLAY_SMAC'} = $outfwsettings{'SMAC'}; } print <		Quell-IP-Adresse: +
$Lang::tr{'source ip'}: $outfwsettings{'DISPLAY_SIP'} - Quell-MAC-Adresse: - $outfwsettings{'DISPLAY_SMAC'} END ; @@ -299,6 +336,22 @@ END ; } } +if ($outfwsettings{'POLICY'} eq 'MODE1'){ +print <
+
tcp&udp + all + ALL + drop + DENY + on off +
+
+
+END +; +} print < END @@ -308,15 +361,15 @@ END &Header::closebox(); } -if ($outfwsettings{'POLICY'} eq 'MODE2'){ +if ($outfwsettings{'POLICY'} ne 'MODE0'){ open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile"; @p2ps = ; close FILE; &Header::openbox('100%', 'center', 'P2P-Block'); print < - Protokoll - Status + $Lang::tr{'protocol'} + $Lang::tr{'status'} END ; my $id = 1; @@ -327,22 +380,22 @@ END
END ; - print "\t\t\t\n"; + print "\t\t\t\n"; print <$p2pline[0]: - + END ; if ($p2pline[2] eq 'on') { print < - + + END ; } else { print < - + + END ; } @@ -352,8 +405,8 @@ END ; } print <Klicken Sie auf die Symbole um das entsprechende P2P-Netz zu (de-)aktivieren. +
$Lang::tr{'outgoingfw p2p description'} END ; &Header::closebox(); @@ -363,18 +416,18 @@ END print < - + + + +
Modus 0:In diesem Modus ist es allen Rechnern im Netzwerk uneingeschraenkt moeglich Verbindungen ins Internet aufzubauen. -
Modus 1:In diesem Modus werden nur Verbindungen nach den oben definierten Regeln zugelassen. -
Modus 2:In diesem Modus werden saemtliche Verbindungen erlaubt, bis auf die oben definierten Block-Regeln.
Hier ist eine Besonderheit der P2P-Filter. -
-
+
$Lang::tr{'mode'} 0:$Lang::tr{'outgoingfw mode0'}
$Lang::tr{'mode'} 1:$Lang::tr{'outgoingfw mode1'}
$Lang::tr{'mode'} 2:$Lang::tr{'outgoingfw mode2'}
END ; if ($outfwsettings{'POLICY'} ne 'MODE0') { print < + $Lang::tr{'outgoingfw reset'}: END ; } @@ -398,26 +451,26 @@ sub addrule print < - "; +} +else{ + print ""; +} +print < +
Anmerkung: - - Aktiviert: - -
Protokoll: +
$Lang::tr{'description'}: + + $Lang::tr{'active'}: + +
$Lang::tr{'protocol'}: - Sicherheitspolitik: + $Lang::tr{'policy'}: END ; if ($outfwsettings{'POLICY'} eq 'MODE1'){ - print "\t\t\tALLOW\n"; + print "\t\t\tALLOW\n"; } elsif ($outfwsettings{'POLICY'} eq 'MODE2'){ - print "\t\t\tDENY\n"; + print "\t\t\tDENY\n"; } print <Quellnetz: +
$Lang::tr{'source net'}: Quell-IP-Adresse: - -
  - Quell-MAC-Adresse: - -
Ziel-IP-Adresse: - - Ziel-Port: - + $Lang::tr{'source ip'}: + +
$Lang::tr{'logging'}: +END +; +if ($outfwsettings{'POLICY'} eq 'MODE1'){ + print " +
$Lang::tr{'destination ip'}: + + $Lang::tr{'destination port'}: +
-
$Lang::tr{'this field may be blank'} - +
$Lang::tr{'this field may be blank'} +
END ; &Header::closebox(); -if ($outfwsettings{'POLICY'} eq 'MODE1') +if ($outfwsettings{'POLICY'} eq 'MODE1' || $outfwsettings{'POLICY'} eq 'MODE2') { &Header::openbox('100%', 'center', 'Quick Add'); @@ -454,7 +516,7 @@ if ($outfwsettings{'POLICY'} eq 'MODE1') my @defservices = ; close FILE; -print ""; +print "
$Lang::tr{'service'}$Lang::tr{'description'}$Lang::tr{'port'}$Lang::tr{'protocol'}$Lang::tr{'source net'}
"; foreach my $serviceline(@defservices) { my @service = split(/,/,$serviceline); @@ -474,19 +536,17 @@ END print ""; } print < + END ; + if ($outfwsettings{'POLICY'} eq 'MODE1'){ print "";} + elsif ($outfwsettings{'POLICY'} eq 'MODE2'){print "";} } -print "
$Lang::tr{'service'}$Lang::tr{'description'}$Lang::tr{'port'}$Lang::tr{'protocol'}$Lang::tr{'source net'}$Lang::tr{'logging'}$Lang::tr{'action'}
+ - -
"; - + print "
"; &Header::closebox(); + } } - -} -