#!/usr/bin/perl
-
#
-# $Id: autoupdate.pl,v 1.0 2005/06/15 00:00:00 marco Exp $
+# This code is distributed under the terms of the GPL
+#
+# (c) 2004-2007 marco.s - http://www.urlfilter.net
+#
+# $Id: autoupdate.pl,v 1.1 2007/03/14 00:00:00 marco.s Exp $
#
use strict;
my $swroot = "/var/ipfire";
my $target = "$swroot/urlfilter/download";
+my $tempdb = "$target/blacklists";
my $dbdir = "$swroot/urlfilter/blacklists";
my $sourceurlfile = "$swroot/urlfilter/autoupdate/autoupdate.urls";
my $source_name;
my @source_urllist;
+my @categories;
my $blacklist;
my $category;
if (-e $blacklist)
{
system("/bin/tar --no-same-owner -xzf $blacklist -C $target");
- if (-d "$target/blacklists")
+ if (-d "$target/BL") { system ("mv $target/BL $target/blacklists"); }
+ if (-d "$tempdb")
{
+ undef(@categories);
+ &getblockcategory ($tempdb);
+ foreach (@categories) { $_ = substr($_,length($tempdb)+1); }
+
open(FILE, ">$target/update.conf");
flock FILE, 2;
print FILE "logdir $target\n";
- print FILE "dbhome $target/blacklists\n\n";
-
- foreach (<$target/blacklists/*>)
- {
- if ((-d $_) && ((-s "$_/domains") || (-s "$_/urls")))
- {
- $category=substr($_,rindex($_,"/")+1);
- print FILE "dest $category {\n";
- if (-s "$_/domains") { print FILE " domainlist $category/domains\n"; }
- if (-s "$_/urls") { print FILE " urllist $category/urls\n"; }
- print FILE "}\n\n";
+ print FILE "dbhome $tempdb\n\n";
+
+ foreach $category (@categories) {
+ $blacklist = $category;
+ $category =~ s/\//_/g;
+ print FILE "dest $category {\n";
+ if (-s "$tempdb/$blacklist/domains") {
+ print FILE " domainlist $blacklist\/domains\n";
}
+ if (-s "$tempdb/$blacklist/urls") {
+ print FILE " urllist $blacklist\/urls\n";
+ }
+ print FILE "}\n\n";
+ $category = $blacklist;
}
+
print FILE "acl {\n";
print FILE " default {\n";
print FILE " pass none\n";
system("chown -R nobody.nobody $dbdir");
- foreach $category (<$dbdir/*>)
- {
- if (-d $category)
- {
- system("chmod 755 $category &> /dev/null");
- foreach $blacklist (<$category/*>)
- {
- if (-f $blacklist){ system("chmod 644 $blacklist &> /dev/null"); }
- if (-d $blacklist){ system("chmod 755 $blacklist &> /dev/null"); }
- }
- system("chmod 666 $category/*.db &> /dev/null");
- }
- }
+ &setpermissions ($dbdir);
system("touch $updflagfile");
system("chown nobody.nobody $updflagfile");
}
# -------------------------------------------------------------------
+
+sub getblockcategory
+{
+ foreach $category (<$_[0]/*>)
+ {
+ if (-d $category)
+ {
+ if ((-s "$category/domains") || (-s "$category/urls"))
+ {
+ unless ($category =~ /\bcustom\b/) { push(@categories,$category); }
+ }
+ &getblockcategory ($category);
+ }
+ }
+}
+
+# -------------------------------------------------------------------
+
+sub setpermissions
+{
+ my $bldir = $_[0];
+
+ foreach $category (<$bldir/*>)
+ {
+ if (-d $category){
+ system("chmod 755 $category &> /dev/null");
+ foreach $blacklist (<$category/*>)
+ {
+ if (-f $blacklist) { system("chmod 644 $blacklist &> /dev/null"); }
+ if (-d $blacklist) { system("chmod 755 $blacklist &> /dev/null"); }
+ }
+ system("chmod 666 $category/*.db &> /dev/null");
+ &setpermissions ($category);
+ }
+ }
+}
+
+# -------------------------------------------------------------------
-squidGuard,http://ftp.teledanmark.no/pub/www/proxy/squidGuard/contrib/blacklists.tar.gz
+Shalla Secure Services,http://squidguard.shalla.de/Downloads/shallalist.tar.gz
MESD,http://squidguard.mesd.k12.or.us/blacklists.tgz
Univ. Toulouse,ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz
#
# (c) written from scratch
#
-# $Id: prebuild.pl,v 0.3 2005/04/16 00:00:00 marco Exp $
-#
$dbdir="/var/ipfire/urlfilter/blacklists";
system("chown -R nobody.nobody $dbdir");
-foreach $category (<$dbdir/*>)
+&setpermissions ($dbdir);
+
+# -------------------------------------------------------------------
+
+sub setpermissions
{
- if (-d $category){
- system("chmod 755 $category &> /dev/null");
- foreach $blacklist (<$category/*>)
- {
- if (-f $blacklist){ system("chmod 644 $blacklist &> /dev/null"); }
- if (-d $blacklist){ system("chmod 755 $blacklist &> /dev/null"); }
+ my $bldir = $_[0];
+
+ foreach $category (<$bldir/*>)
+ {
+ if (-d $category){
+ system("chmod 755 $category &> /dev/null");
+ foreach $blacklist (<$category/*>)
+ {
+ if (-f $blacklist) { system("chmod 644 $blacklist &> /dev/null"); }
+ if (-d $blacklist) { system("chmod 755 $blacklist &> /dev/null"); }
+ }
+ system("chmod 666 $category/*.db &> /dev/null");
+ &setpermissions ($category);
}
- system("chmod 666 $category/*.db &> /dev/null");
}
}
+
+# -------------------------------------------------------------------
logdir /var/log/squidGuard
-dbhome /var/ipfire/urlfilter/blacklists
+dbhome /var/ipcop/urlfilter/blacklists
acl {
default {
WARNING: translation string unused: upstream proxy host:port
WARNING: translation string unused: upstream username
WARNING: translation string unused: uptime and users
-WARNING: translation string unused: urlfilter background text
WARNING: translation string unused: urlfilter update information
WARNING: translation string unused: urlfilter update notification
WARNING: translation string unused: urlfilter update results
-WARNING: translation string unused: urlfilter upload background
WARNING: translation string unused: use
WARNING: translation string unused: used memory
WARNING: translation string unused: used swap
WARNING: untranslated string: trafficsum
WARNING: untranslated string: trafficto
WARNING: untranslated string: up
+WARNING: untranslated string: urlfilter background image
WARNING: untranslated string: urlfilter log
WARNING: untranslated string: user log
WARNING: untranslated string: user proxy logs
WARNING: translation string unused: upstream proxy host:port
WARNING: translation string unused: upstream username
WARNING: translation string unused: uptime and users
-WARNING: translation string unused: urlfilter background text
WARNING: translation string unused: urlfilter update information
WARNING: translation string unused: urlfilter update notification
WARNING: translation string unused: urlfilter update results
-WARNING: translation string unused: urlfilter upload background
WARNING: translation string unused: use
WARNING: translation string unused: used memory
WARNING: translation string unused: used swap
WARNING: untranslated string: settingsc
WARNING: untranslated string: smbrestart
WARNING: untranslated string: up
+WARNING: untranslated string: urlfilter background image
WARNING: untranslated string: urlfilter log
WARNING: untranslated string: user log
WARNING: untranslated string: user proxy logs
use strict;
# enable only the following on debugging purpose
-use warnings;
+#use warnings;
use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
my %netsettings=();
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
-open (ACTIVE, "/proc/net/ip_conntrack") or die 'Unable to open ip_conntrack';
+open (ACTIVE, 'iptstate -1rbt |') or die 'Unable to open ip_conntrack';
my @active = <ACTIVE>;
close (ACTIVE);
my @vpn = ('none');
-open (ACTIVE, "/proc/net/ipsec_eroute") and @vpn = <ACTIVE>;
-close (ACTIVE);
+#open (ACTIVE, "/proc/net/ipsec_eroute") and @vpn = <ACTIVE>;
+#close (ACTIVE);
my $aliasfile = "${General::swroot}/ethernet/aliases";
open(ALIASES, $aliasfile) or die 'Unable to open aliases file.';
my $unknownlines = ''; # should be empty all the time...
my $index = 0; # just a counter to make unique entryies in entries
-foreach my $line (@active) {
- my $protocol='';
- my $expires='';
- my $status='';
- my $orgsip='';
- my $orgdip='';
- my $orgsp='';
- my $orgdp='';
- my $exsip='';
- my $exdip='';
- my $exsp='';
- my $exdp='';
- my $marked='';
- my $use='';
-
- chomp($line);
- my @temp = split(' ',$line);
-
- if ($temp[0] eq 'icmp') {
- $protocol = $temp[0];
- $status = $Lang::tr{'all'};
- $orgsip = substr $temp[3], 4;
- $orgdip = substr $temp[4], 4;
- $marked = $temp[8] eq '[UNREPLIED]' ? '[UNREPLIED]' : ' ';
- }
- if ($temp[0] eq 'udp') {
- $protocol = $temp[0];
- $status = $Lang::tr{'all'};
- $orgsip = substr $temp[3], 4;
- $orgdip = substr $temp[4], 4;
- $marked = $temp[7] eq '[UNREPLIED]' ? '[UNREPLIED]' : defined ($temp[12]) ? $temp[11] : ' ';
- }
- if ($temp[0] eq 'tcp') {
- $protocol = $temp[0];
- $status = $temp[3];
- $orgsip = substr $temp[4], 4;
- $orgdip = substr $temp[5], 4;
- $marked = $temp[8] eq '[UNREPLIED]' ? '[UNREPLIED]' : defined ($temp[13]) ? $temp[12] : ' ';
- }
-
- # filter the line if we found a known proto
- next if( !(
- (($cgiparams{'SEE_PROTO'} eq $Lang::tr{'all'}) || ($protocol eq $cgiparams{'SEE_PROTO'} ))
- && (($cgiparams{'SEE_STATE'} eq $Lang::tr{'all'}) || ($status eq $cgiparams{'SEE_STATE'} ))
- && (($cgiparams{'SEE_MARK'} eq $Lang::tr{'all'}) || ($marked eq $cgiparams{'SEE_MARK'} ))
- && (($cgiparams{'SEE_SRC'} eq "*.*.*.*") || ($orgsip eq $cgiparams{'SEE_SRC'} ))
- && (($cgiparams{'SEE_DEST'} eq "*.*.*.*") || ($orgdip eq $cgiparams{'SEE_DEST'} ))
- ));
-
- if ($temp[0] eq 'icmp') {
- my $offset = 0;
- $protocol = $temp[0] . " (" . $temp[1] . ")";
- $expires = $temp[2];
- $status = ' ';
- if ($temp[8] eq '[UNREPLIED]' ) {
- $offset = +1;
- }
- $orgsip = substr $temp[3], 4;
- $orgdip = substr $temp[4], 4;
- $orgsp = &General::GetIcmpDescription(substr( $temp[5], 5)) . "/" . substr( $temp[6], 5);;
- $orgdp = 'id=' . substr( $temp[7], 3);
- $exsip = substr $temp[8 + $offset], 4;
- $exdip = substr $temp[9 + $offset], 4;
- $exsp = &General::GetIcmpDescription(substr( $temp[10 + $offset], 5)). "/" . substr( $temp[11 + $offset], 5);
- $exdp = 'id=' . substr( $temp[11 + $offset], 5);
- $marked = $temp[8] eq '[UNREPLIED]' ? '[UNREPLIED]' : ' ';
- $use = substr( $temp[13 + $offset], 4 );
- }
- if ($temp[0] eq 'udp') {
- my $offset = 0;
- $marked = '';
- $protocol = $temp[0] . " (" . $temp[1] . ")";
- $expires = $temp[2];
- $status = ' ';
- $orgsip = substr $temp[3], 4;
- $orgdip = substr $temp[4], 4;
- $orgsp = substr $temp[5], 6;
- $orgdp = substr $temp[6], 6;
- if ($temp[7] eq '[UNREPLIED]') {
- $offset = 1;
- $marked = $temp[7];
- $use = substr $temp[12], 4;
- } else {
- if ((substr $temp[11], 0, 3) eq 'use' ) {
- $marked = '';
- $use = substr $temp[11], 4;
- } else {
- $marked = $temp[11];
- $use = substr $temp[12], 4;
- }
- }
- $exsip = substr $temp[7 + $offset], 4;
- $exdip = substr $temp[8 + $offset], 4;
- $exsp = substr $temp[9 + $offset], 6;
- $exdp = substr $temp[10 + $offset], 6;
- }
- if ($temp[0] eq 'tcp') {
- my $offset = 0;
- $protocol = $temp[0] . " (" . $temp[1] . ")";
- $expires = $temp[2];
- $status = $temp[3];
- $orgsip = substr $temp[4], 4;
- $orgdip = substr $temp[5], 4;
- $orgsp = substr $temp[6], 6;
- $orgdp = substr $temp[7], 6;
- if ($temp[8] eq '[UNREPLIED]') {
- $marked = $temp[8];
- $offset = 1;
- } else {
- $marked = $temp[16];
- }
- $exsip = substr $temp[10 + $offset], 4;
- $exdip = substr $temp[11 + $offset], 4;
- $exsp = substr $temp[12 + $offset], 6;
- $exdp = substr $temp[13 + $offset], 6;
- $use = substr $temp[18], 4;
- }
- if ($temp[0] eq 'unknown') {
- my $offset = 0;
- $protocol = "??? (" . $temp[1] . ")";
- $protocol = "esp (" . $temp[1] . ")" if ($temp[1] == 50);
- $protocol = "ah (" . $temp[1] . ")" if ($temp[1] == 51);
- $expires = $temp[2];
- $status = ' ';
- $orgsip = substr $temp[3], 4;
- $orgdip = substr $temp[4], 4;
- $orgsp = ' ';
- $orgdp = ' ';
- $exsip = substr $temp[5], 4;
- $exdip = substr $temp[6], 4;
- $exsp = ' ';
- $exdp = ' ';
- $marked = ' ';
- $use = ' ';
- }
- if ($temp[0] eq 'gre') {
- my $offset = 0;
- $protocol = $temp[0] . " (" . $temp[1] . ")";
- $expires = $temp[2];
- $orgsip = substr $temp[5], 4;
- $orgdip = substr $temp[6], 4;
- $orgsp = ' ';
- $orgdp = ' ';
- $exsip = substr $temp[11], 4;
- $exdip = substr $temp[12], 4;
- $exsp = ' ';
- $exdp = ' ';
- $marked = $temp[17];
- $use = $temp[18];
- }
- # Only from this point, lines have the same known format/field
- # The floating fields [UNREPLIED] [ASSURED] etc are ok.
-
- # Store the line in a hash array for sorting
- if ( $protocol ) { # line is decoded ?
- my @record = ( 'index', $index++,
- 'protocol', $protocol,
- 'expires', $expires,
- 'status', $status,
- 'orgsip', $orgsip,
- 'orgdip', $orgdip,
- 'orgsp', $orgsp,
- 'orgdp', $orgdp,
- 'exsip', $exsip,
- 'exdip', $exdip,
- 'exsp', $exsp,
- 'exdp', $exdp,
- 'marked', $marked,
- 'use', $use);
- my $record = {}; # create a reference to empty hash
- %{$record} = @record; # populate that hash with @record
- $entries{$record->{index}} = $record; # add this to a hash of hashes
- } else { # it was not a known line
- $unknownlines .= "<tr bgcolor='${Header::table1colour}'>";
- $unknownlines .= "<td colspan='9'> unknown:$line></td></tr>";
- }
-}
-
-# Build listbox objects
-my $menu_proto = &make_select ('SEE_PROTO', $cgiparams{'SEE_PROTO'}, @list_proto);
-my $menu_state = &make_select ('SEE_STATE', $cgiparams{'SEE_STATE'}, @list_state);
-my $menu_src = &make_select ('SEE_SRC', $cgiparams{'SEE_SRC'}, &get_known_ips('orgsip'));
-my $menu_dest = &make_select ('SEE_DEST', $cgiparams{'SEE_DEST'}, &get_known_ips('orgdip'));
-my $menu_mark = &make_select ('SEE_MARK', $cgiparams{'SEE_MARK'}, @list_mark);
-my $menu_sort = &make_select ('SEE_SORT', $cgiparams{'SEE_SORT'}, @list_sort);
-
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'connections'}, 1, '');
&Header::openbigbox('100%', 'left');
&Header::openbox('100%', 'left', $Lang::tr{'connection tracking'});
+# Build listbox objects
+my $menu_proto = &make_select ('SEE_PROTO', $cgiparams{'SEE_PROTO'}, @list_proto);
+my $menu_state = &make_select ('SEE_STATE', $cgiparams{'SEE_STATE'}, @list_state);
+
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%'>
<td align='center' bgcolor='${Header::colourovpn}'><b><font color='#FFFFFF'>$Lang::tr{'OpenVPN'}</font></b></td>
</tr>
</table>
-<br></br>
+<br />
<table width='100%'>
-<tr><td align='center'><font size=2>$Lang::tr{'protocol'}</font></td>
+<tr><td align='center'><font size=2>$Lang::tr{'source ip and port'}</font></td>
+ <td> </td>
+ <td align='center'><font size=2>$Lang::tr{'dest ip and port'}</font></td>
+ <td> </td>
+ <td align='center'><font size=2>$Lang::tr{'protocol'}</font></td>
+ <td align='center'><font size=2>$Lang::tr{'connection'}<br></br>$Lang::tr{'status'}</font></td>
<td align='center'><font size=2>$Lang::tr{'expires'}<br></br>($Lang::tr{'seconds'})</font></td>
- <td align='center'><font size=2>$Lang::tr{'connection'}<br></br>$Lang::tr{'status'}</font></td>
- <td align='center'><font size=2>$Lang::tr{'original'}<br></br>$Lang::tr{'source ip and port'}</font></td>
- <td align='center'><font size=2>$Lang::tr{'original'}<br></br>$Lang::tr{'dest ip and port'}</font></td>
- <td align='center'><font size=2>$Lang::tr{'expected'}<br></br>$Lang::tr{'source ip and port'}</font></td>
- <td align='center'><font size=2>$Lang::tr{'expected'}<br></br>$Lang::tr{'dest ip and port'}</font></td>
- <td align='center'><font size=2>$Lang::tr{'marked'}</font></td>
+
</tr>
-<tr>
- <td align='center'>$menu_proto</td>
- <td> </td>
+<tr><td colspan='4'> </td>
+ <td align='center'>$menu_proto</td>
<td align='center'>$menu_state</td>
- <td align='center'>$menu_src</td>
- <td align='center'>$menu_dest</td>
- <td align='center' colspan='2'></td>
- <td align='center'>$menu_mark</td>
+ <td> </td>
</tr>
<tr>
- <td align='center' colspan='8'></td>
+ <td align='center' colspan='7'></td>
</tr>
<tr>
- <td align='center' colspan='8'><input type='submit' value='Aktualisieren' /></td>
+ <td align='center' colspan='7'><input type='submit' value="$Lang::tr{'update'}" /></td>
</tr>
END
;
-foreach my $entry (sort sort_entries keys %entries) {
- my $orgsipcolour = &ipcolour( $entries{$entry}->{orgsip} );
- my $orgdipcolour = &ipcolour( $entries{$entry}->{orgdip} );
- my $exsipcolour = &ipcolour( $entries{$entry}->{exsip} );
- my $exdipcolour = &ipcolour( $entries{$entry}->{exdip} );
- print <<END
- <tr bgcolor='${Header::table1colour}'>
- <td align='center'><font size=2>$entries{$entry}->{protocol}</font></td>
- <td align='center'><font size=2>$entries{$entry}->{expires}</font></td>
- <td align='center'><font size=2>$entries{$entry}->{status}</font></td>
- <td align='center' bgcolor='$orgsipcolour'>
- <a href='/cgi-bin/ipinfo.cgi?ip=$entries{$entry}->{orgsip}'>
- <font color='#FFFFFF' size=2>$entries{$entry}->{orgsip}</font>
- </a><font color='#FFFFFF' size=2>:$entries{$entry}->{orgsp}</font></td>
- <td align='center' bgcolor='$orgdipcolour'>
- <a href='/cgi-bin/ipinfo.cgi?ip=$entries{$entry}->{orgdip}'>
- <font color='#FFFFFF' size=2>$entries{$entry}->{orgdip}</font>
- </a><font color='#FFFFFF' size=2>:$entries{$entry}->{orgdp}</font></td>
- <td align='center' bgcolor='$exsipcolour'>
- <a href='/cgi-bin/ipinfo.cgi?ip=$entries{$entry}->{exsip}'>
- <font color='#FFFFFF' size=2>$entries{$entry}->{exsip}</font>
- </a><font color='#FFFFFF' size=2>:$entries{$entry}->{exsp}</font></td>
- <td align='center' bgcolor='$exdipcolour'>
- <a href='/cgi-bin/ipinfo.cgi?ip=$entries{$entry}->{exdip}'>
- <font color='#FFFFFF' size=2>$entries{$entry}->{exdip}</font>
- </a><font color='#FFFFFF' size=2>:$entries{$entry}->{exdp}</font></td>
- <td align='center'><font size=2>$entries{$entry}->{marked}</font></td>
- </tr>
+my $i=0;
+foreach my $line (@active) {
+ $i++;
+ if ($i < 3) {
+ next;
+ }
+ chomp($line);
+ my @temp = split(' ',$line);
+
+ my ($sip, $sport) = split(':', $temp[0]);
+ my ($dip, $dport) = split(':', $temp[1]);
+ my $proto = $temp[2];
+ my $state = $temp[3];
+ my $ttl = $temp[4];
+
+ next if( !(
+ (($cgiparams{'SEE_PROTO'} eq $Lang::tr{'all'}) || ($proto eq $cgiparams{'SEE_PROTO'} ))
+ && (($cgiparams{'SEE_STATE'} eq $Lang::tr{'all'}) || ($state eq $cgiparams{'SEE_STATE'} ))
+ && (($cgiparams{'SEE_SRC'} eq "*.*.*.*") || ($sip eq $cgiparams{'SEE_SRC'} ))
+ && (($cgiparams{'SEE_DEST'} eq "*.*.*.*") || ($dip eq $cgiparams{'SEE_DEST'} ))
+ ));
+
+ if (($proto eq 'udp') && ($ttl eq '')) {
+ $ttl = $state;
+ $state = ' ';
+ }
+
+ my $sipcol = ipcolour($sip);
+ my $dipcol = ipcolour($dip);
+
+ my $sserv = '';
+ if ($sport < 1024) {
+ $sserv = uc(getservbyport($sport, lc($proto)));
+ if ($sserv ne '') {
+ $sserv = " ($sserv)";
+ }
+ }
+
+ my $dserv = '';
+ if ($dport < 1024) {
+ $dserv = uc(getservbyport($dport, lc($proto)));
+ if ($dserv ne '') {
+ $dserv = " ($dserv)";
+ }
+ }
+
+ print <<END
+ <tr >
+ <td align='center' bgcolor='$sipcol'>
+ <a href='/cgi-bin/ipinfo.cgi?ip=$sip'>
+ <font color='#FFFFFF'>$sip</font>
+ </a>
+ </td>
+ <td align='center' bgcolor='$sipcol'>
+ <a href='http://isc.sans.org/port_details.php?port=$sport' target='top'>
+ <font color='#FFFFFF'>$sport$sserv</font>
+ </a>
+ </td>
+ <td align='center' bgcolor='$dipcol'>
+ <a href='/cgi-bin/ipinfo.cgi?ip=$dip'>
+ <font color='#FFFFFF'>$dip</font>
+ </a>
+ </td>
+ <td align='center' bgcolor='$dipcol'>
+ <a href='http://isc.sans.org/port_details.php?port=$dport' target='top'>
+ <font color='#FFFFFF'>$dport$dserv</font>
+ </a>
+ </td>
+ <td align='center'>$proto</td>
+ <td align='center' bgcolor="${Header::table1colour}">$state</td>
+ <td align='center'>$ttl</td>
+ </tr>
END
;
}
-print "$unknownlines</table></form>";
+print "</table></form>";
&Header::closebox();
&Header::closebigbox();
my ($ip) = $_[0];
my $found = 0;
foreach $line (@network) {
- if ($network[$id] eq '') {
- $id++;
- } else {
- if (!$found && ipv4_in_network( $network[$id] , $masklen[$id], $ip) ) {
- $found = 1;
- $colour = $colour[$id];
- }
- $id++;
- }
+ if ($network[$id] eq '') {
+ $id++;
+ } else {
+ if (!$found && ipv4_in_network( $network[$id] , $masklen[$id], $ip) ) {
+ $found = 1;
+ $colour = $colour[$id];
+ }
+ $id++;
+ }
}
return $colour
}
#!/usr/bin/perl
#
-# SmoothWall CGIs
-#
# This code is distributed under the terms of the GPL
#
-# (c) written from scratch
+# (c) 2004-2007 marco.s - http://www.urlfilter.net
#
-# $Id: urlfilter.cgi,v 1.7 2006/05/08 00:00:00 marco Exp $
+# $Id: urlfilter.cgi,v 1.9.1 2007/03/22 00:00:00 marco.s Exp $
#
use strict;
# enable only the following on debugging purpose
-#use warnings;
-#use CGI::Carp 'fatalsToBrowser';
+use warnings;
+use CGI::Carp 'fatalsToBrowser';
use File::Copy;
use IO::Socket;
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
+my $http_port='81';
my %netsettings=();
my %mainsettings=();
my %proxysettings=();
my @tclist=();
my @uqlist=();
my @source_urllist=();
+my @clients=();
my @temp=();
my $lastslashpos=0;
($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter save and restart'}) ||
($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter upload file'}) ||
($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter remove file'}) ||
+ ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter upload background'}) ||
($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter upload blacklist'}) ||
($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter backup'}) ||
($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter restore'}))
-{
+{
+
+ @clients = split(/\n/,$filtersettings{'UNFILTERED_CLIENTS'});
+ foreach (@clients)
+ {
+ s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g;
+ if (/.*-.*-.*/) { $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'}; }
+ @temp = split(/-/);
+ foreach (@temp) { unless ((&General::validipormask($_)) || (&General::validipandmask($_))) { $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'}; } }
+ }
+ @clients = split(/\n/,$filtersettings{'BANNED_CLIENTS'});
+ foreach (@clients)
+ {
+ s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g;
+ if (/.*-.*-.*/) { $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'}; }
+ @temp = split(/-/);
+ foreach (@temp) { unless ((&General::validipormask($_)) || (&General::validipandmask($_))) { $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'}; } }
+ }
+ if ($errormessage) { goto ERROR; }
+
if (!($filtersettings{'CHILDREN'} =~ /^\d+$/) || ($filtersettings{'CHILDREN'} < 1))
{
$errormessage = $Lang::tr{'urlfilter invalid num of children'};
}
+ if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter upload background'})
+ {
+ &Header::getcgihash(\%filtersettings, {'wantfile' => 1, 'filevar' => 'BACKGROUND'});
+
+ if (copy($filtersettings{'BACKGROUND'}, "/home/httpd/html/images/urlfilter/background.jpg") != 1)
+ {
+ $errormessage = $!;
+ goto ERROR;
+ }
+ }
+
if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter upload blacklist'})
{
&Header::getcgihash(\%filtersettings, {'wantfile' => 1, 'filevar' => 'UPDATEFILE'});
$errormessage = $Lang::tr{'urlfilter tar error'};
} else {
+ if (-d "${General::swroot}/urlfilter/update/BL")
+ {
+ system("mv ${General::swroot}/urlfilter/update/BL ${General::swroot}/urlfilter/update/blacklists");
+ }
+
if (-d "${General::swroot}/urlfilter/update/category")
{
system("mv ${General::swroot}/urlfilter/update/category ${General::swroot}/urlfilter/update/blacklists");
if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter save and restart'})
{
- if (!(-e "${General::swroot}/proxy/enable"))
+ if ((!(-e "${General::swroot}/proxy/enable")) && (!(-e "${General::swroot}/proxy/enable_blue")))
{
$errormessage = $Lang::tr{'urlfilter web proxy service required'};
goto ERROR;
if (-e "$dbdir/custom/blocked/domains.db") { unlink("$dbdir/custom/blocked/domains.db"); }
if (-e "$dbdir/custom/blocked/urls.db") { unlink("$dbdir/custom/blocked/urls.db"); }
- foreach (<$dbdir/*>)
- {
- if (-d $_){ system("chmod 644 $_/*"); }
- if (-d $_){ system("chmod 666 $_/*.db"); }
- }
- if (-d "$dbdir/custom/allowed")
- {
- system("chmod 755 $dbdir/custom/allowed");
- system("chmod 644 $dbdir/custom/allowed/*");
- }
- if (-d "$dbdir/custom/blocked")
- {
- system("chmod 755 $dbdir/custom/blocked");
- system("chmod 644 $dbdir/custom/blocked/*");
- }
+ &setpermissions ($dbdir);
system('/usr/local/bin/restartsquid');
}
-
-ERROR:
-
- if ($errormessage) { $filtersettings{'VALID'} = 'no'; }
-
}
if ($tcsettings{'ACTION'} eq $Lang::tr{'urlfilter set time constraints'}) { $tcsettings{'TCMODE'} = 'on'}
if (!$errormessage)
{
+ # transform to pre1.8 client definitions
+ @clients = split(/\n/,$tcsettings{'SRC'});
+ undef $tcsettings{'SRC'};
+ foreach(@clients)
+ {
+ s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g;
+ $tcsettings{'SRC'} .= "$_ ";
+ }
+ $tcsettings{'SRC'} =~ s/\s+$//;
+
if ($tcsettings{'DST'} =~ /^any/) { $tcsettings{'DST'} = 'any'; }
if ($tcsettings{'ENABLERULE'} eq 'on') { $tcsettings{'ACTIVE'} = $tcsettings{'ENABLERULE'}; } else { $tcsettings{'ACTIVE'} = 'off'}
}
}
+if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang::tr{'urlfilter copy rule'}) && (!$errormessage))
+{
+ $id = 0;
+ foreach $line (@tclist)
+ {
+ $id++;
+ if ($tcsettings{'ID'} eq $id)
+ {
+ chomp($line);
+ @temp = split(/\,/,$line);
+ $tcsettings{'DEFINITION'} = $temp[0];
+ $tcsettings{'MON'} = $temp[1];
+ $tcsettings{'TUE'} = $temp[2];
+ $tcsettings{'WED'} = $temp[3];
+ $tcsettings{'THU'} = $temp[4];
+ $tcsettings{'FRI'} = $temp[5];
+ $tcsettings{'SAT'} = $temp[6];
+ $tcsettings{'SUN'} = $temp[7];
+ $tcsettings{'FROM_HOUR'} = $temp[8];
+ $tcsettings{'FROM_MINUTE'} = $temp[9];
+ $tcsettings{'TO_HOUR'} = $temp[10];
+ $tcsettings{'TO_MINUTE'} = $temp[11];
+ $tcsettings{'SRC'} = $temp[12];
+ $tcsettings{'DST'} = $temp[13];
+ $tcsettings{'ACCESS'} = $temp[14];
+ $tcsettings{'ENABLERULE'} = $temp[15];
+ $tcsettings{'COMMENT'} = $temp[16];
+ }
+ }
+ $tcsettings{'TCMODE'}='on';
+}
+
if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang::tr{'remove'}))
{
$id = 0;
{
$errormessage = $Lang::tr{'urlfilter not enabled'};
}
- if (!(-e "${General::swroot}/proxy/enable"))
+ if ((!(-e "${General::swroot}/proxy/enable")) && (!(-e "${General::swroot}/proxy/enable_blue")))
{
$errormessage = $Lang::tr{'urlfilter web proxy service required'};
}
$tcsettings{'TCMODE'}='on';
}
-if (!$errormessage) {
- $tcsettings{'ENABLERULE'}='on';
- $tcsettings{'TO_HOUR'}='24';
-}
-
if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang::tr{'edit'}) && (!$errormessage))
{
$id = 0;
$tcsettings{'TCMODE'}='on';
}
+if ((!$errormessage) && (!($tcsettings{'ACTION'} eq $Lang::tr{'urlfilter copy rule'})) && (!($tcsettings{'ACTION'} eq $Lang::tr{'edit'}))) {
+ $tcsettings{'ENABLERULE'}='on';
+ $tcsettings{'TO_HOUR'}='24';
+}
+
if ($uqsettings{'ACTION'} eq $Lang::tr{'urlfilter set user quota'}) { $uqsettings{'UQMODE'} = 'on'}
if (($uqsettings{'MODE'} eq 'USERQUOTA') && ($uqsettings{'ACTION'} eq $Lang::tr{'add'}))
{
$errormessage = $Lang::tr{'urlfilter not enabled'};
}
- if (!(-e "${General::swroot}/proxy/enable"))
+ if ((!(-e "${General::swroot}/proxy/enable")) && (!(-e "${General::swroot}/proxy/enable_blue")))
{
$errormessage = $Lang::tr{'urlfilter web proxy service required'};
}
&readcustomlists;
+ERROR:
+
+if ($errormessage) { $filtersettings{'VALID'} = 'no'; }
+
$checked{'ENABLE_CUSTOM_BLACKLIST'}{'off'} = '';
$checked{'ENABLE_CUSTOM_BLACKLIST'}{'on'} = '';
$checked{'ENABLE_CUSTOM_BLACKLIST'}{$filtersettings{'ENABLE_CUSTOM_BLACKLIST'}} = "checked='checked'";
<td> </td>
</tr>
<tr>
- <td class='base'>$Lang::tr{'urlfilter unfiltered clients'}: <img src='/blob.gif' alt='*' /></td>
- <td><input type='text' name='UNFILTERED_CLIENTS' value='$filtersettings{'UNFILTERED_CLIENTS'}' size='30' /></td>
- <td class='base'>$Lang::tr{'urlfilter banned clients'}: <img src='/blob.gif' alt='*' /></td>
- <td><input type='text' name='BANNED_CLIENTS' value='$filtersettings{'BANNED_CLIENTS'}' size='30' /></td>
+ <td colspan='2'>$Lang::tr{'urlfilter unfiltered clients'} <img src='/blob.gif' alt='*' /></td>
+ <td colspan='2'>$Lang::tr{'urlfilter banned clients'} <img src='/blob.gif' alt='*' /></td>
+</tr>
+<tr>
+ <td colspan='2' width='50%'><textarea name='UNFILTERED_CLIENTS' cols='32' rows='6' wrap='off'>
+END
+;
+
+# transform from pre1.8 client definitions
+$filtersettings{'UNFILTERED_CLIENTS'} =~ s/^\s+//g;
+$filtersettings{'UNFILTERED_CLIENTS'} =~ s/\s+$//g;
+$filtersettings{'UNFILTERED_CLIENTS'} =~ s/\s+-\s+/-/g;
+$filtersettings{'UNFILTERED_CLIENTS'} =~ s/\s+/ /g;
+
+@clients = split(/ /,$filtersettings{'UNFILTERED_CLIENTS'});
+undef $filtersettings{'UNFILTERED_CLIENTS'};
+foreach (@clients) { $filtersettings{'UNFILTERED_CLIENTS'} .= "$_\n"; }
+
+print $filtersettings{'UNFILTERED_CLIENTS'};
+
+print <<END
+</textarea></td>
+ <td colspan='2' width='50%'><textarea name='BANNED_CLIENTS' cols='32' rows='6' wrap='off'>
+END
+;
+
+# transform from pre1.8 client definitions
+$filtersettings{'BANNED_CLIENTS'} =~ s/^\s+//g;
+$filtersettings{'BANNED_CLIENTS'} =~ s/\s+$//g;
+$filtersettings{'BANNED_CLIENTS'} =~ s/\s+-\s+/-/g;
+$filtersettings{'BANNED_CLIENTS'} =~ s/\s+/ /g;
+
+@clients = split(/ /,$filtersettings{'BANNED_CLIENTS'});
+undef $filtersettings{'BANNED_CLIENTS'};
+foreach (@clients) { $filtersettings{'BANNED_CLIENTS'} .= "$_\n"; }
+
+print $filtersettings{'BANNED_CLIENTS'};
+
+print <<END
+</textarea></td>
</tr>
</table>
<hr size='1'>
<td> </td>
</tr>
</table>
+<table width='100%'>
+<tr>
+ <td class='base'><b>$Lang::tr{'urlfilter background image'}</b></td>
+</tr>
+<tr>
+ <td><br>$Lang::tr{'urlfilter background text'}:</td>
+</tr>
+<tr>
+ <td><input type='file' name='BACKGROUND' size='40' /> <input type='submit' name='ACTION' value='$Lang::tr{'urlfilter upload background'}' /></td>
+</tr>
+</table>
<hr size='1'>
<table width='100%'>
<tr>
<font class='base'>$Lang::tr{'this field may be blank'}</font>
</td>
<td align='right'>
-</td>
+ </td>
</tr>
</table>
<table width='100%'>
<td> </td>
</tr>
<tr>
- <td valign='top'><input type='text' name='SRC' value='$tcsettings{'SRC'}' size='32' /></td>
+ <td rowspan='2'><textarea name='SRC' cols='28' rows='5' wrap='off'>
+END
+;
+
+# transform from pre1.8 client definitions
+$tcsettings{'SRC'} =~ s/^\s+//g;
+$tcsettings{'SRC'} =~ s/\s+$//g;
+$tcsettings{'SRC'} =~ s/\s+-\s+/-/g;
+$tcsettings{'SRC'} =~ s/\s+/ /g;
+
+@clients = split(/ /,$tcsettings{'SRC'});
+undef $tcsettings{'SRC'};
+foreach (@clients) { $tcsettings{'SRC'} .= "$_\n"; }
+
+print $tcsettings{'SRC'};
+
+print <<END
+</textarea></td>
+
<td> </td>
- <td class='base' rowspan='3' valign='top'>
- <select name='DST' size='4' multiple>
+ <td class='base' rowspan='2' valign='top'>
+ <select name='DST' size='6' multiple>
<option value='any' $selected{'DST'}{'any'} = "selected='selected'">$Lang::tr{'urlfilter category all'}</option>
<option value='in-addr' $selected{'DST'}{'in-addr'} = "selected='selected'">in-addr</option>
END
</td>
<td> </td>
</tr>
+ <tr>
+ <td> </td>
+ <td> </td>
+ <td> </td>
+ <td> </td>
+ </tr>
<tr>
<td>$Lang::tr{'remark'} <img src='/blob.gif' alt='*'></td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
+ <td> </td>
</tr>
<tr>
<td><input type='text' name='COMMENT' value='$tcsettings{'COMMENT'}' size='32' /></td>
<td> </td>
<td> </td>
<td> </td>
+ <td> </td>
</tr>
</table>
<td width='10%' class='boldbase' align='center'><b>$Lang::tr{'urlfilter time space'}</b></td>
<td width='15%' class='boldbase' align='center'><b>$Lang::tr{'urlfilter src'}</b></td>
<td width='5%' class='boldbase' align='center'><b>$Lang::tr{'urlfilter dst'}</b></td>
- <td width='10%' class='boldbase' colspan='4' align='center'> </td>
+ <td width='10%' class='boldbase' colspan='5' align='center'> </td>
</tr>
END
;
<td align='center'>
<form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='image' name='$Lang::tr{'urlfilter copy rule'}' src='/images/urlfilter/copy.gif' title='$Lang::tr{'urlfilter copy rule'}' alt='$Lang::tr{'urlfilter copy rule'}' />
+ <input type='hidden' name='MODE' value='TIMECONSTRAINT' />
+ <input type='hidden' name='ID' value='$id' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'urlfilter copy rule'}' />
+ </form>
+ </td>
+
+ <td align='center'>
+ <form method='post' name='frmd$id' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
<input type='hidden' name='MODE' value='TIMECONSTRAINT' />
<input type='hidden' name='ID' value='$id' />
print <<END
<td align='center' colspan='4'>$temp[16]
</td>
- <td align='center' colspan='4'>
+ <td align='center' colspan='5'>
</td>
</tr>
END
<td class='base'>$Lang::tr{'click to enable'}</td>
<td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
<td class='base'>$Lang::tr{'edit'}</td>
+ <td> <img src='/images/urlfilter/copy.gif' alt='$Lang::tr{'urlfilter copy rule'}' /></td>
+ <td class='base'>$Lang::tr{'urlfilter copy rule'}</td>
<td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
<td class='base'>$Lang::tr{'remove'}</td>
</tr>
sub savesettings
{
+ # transform to pre1.8 client definitions
+ @clients = split(/\n/,$filtersettings{'UNFILTERED_CLIENTS'});
+ undef $filtersettings{'UNFILTERED_CLIENTS'};
+ foreach(@clients)
+ {
+ s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g;
+ $filtersettings{'UNFILTERED_CLIENTS'} .= "$_ ";
+ }
+ $filtersettings{'UNFILTERED_CLIENTS'} =~ s/\s+$//;
+
+ # transform to pre1.8 client definitions
+ @clients = split(/\n/,$filtersettings{'BANNED_CLIENTS'});
+ undef $filtersettings{'BANNED_CLIENTS'};
+ foreach(@clients)
+ {
+ s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g;
+ $filtersettings{'BANNED_CLIENTS'} .= "$_ ";
+ }
+ $filtersettings{'BANNED_CLIENTS'} =~ s/\s+$//;
+
&writeconfigfile;
delete $filtersettings{'CUSTOM_BLACK_DOMAINS'};
sub readblockcategories
{
undef(@categories);
- foreach $blacklist (<$dbdir/*>) {
- if (-d $blacklist) {
- $lastslashpos = rindex($blacklist,"/");
- if ($lastslashpos > -1) {
- $section = substr($blacklist,$lastslashpos+1);
- } else {
- $section = $blacklist;
- }
- if (!($section eq 'custom')) { push(@categories,$section) };
- }
- }
+
+ &getblockcategory ($dbdir);
+
+ foreach (@categories) { $_ = substr($_,length($dbdir)+1); }
@filtergroups = @categories;
+
foreach (@filtergroups) {
+ s/\//_SLASH_/g;
tr/a-z/A-Z/;
$_ = "FILTER_".$_;
}
# -------------------------------------------------------------------
+sub getblockcategory
+{
+ foreach $category (<$_[0]/*>)
+ {
+ if (-d $category)
+ {
+ if ((-e "$category/domains") || (-e "$category/urls"))
+ {
+ unless ($category =~ /\bcustom\b/) { push(@categories,$category); }
+ }
+ &getblockcategory ($category);
+ }
+ }
+}
+
+# -------------------------------------------------------------------
+
sub readcustomlists
{
if (-e "$dbdir/custom/blocked/domains") {
foreach (@new)
{
@tmp2 = split(/\,/);
- if ($tmp2[15] eq 'on')
+ if (($tmp1[15] eq 'on') && ($tmp2[15] eq 'on'))
{
if (($tmp1[0] eq $tmp2[0]) && ($tmp1[12] eq $tmp2[12]) && ($tmp1[13] eq $tmp2[13]) && ($tmp1[14] eq $tmp2[14]))
{
# -------------------------------------------------------------------
+sub setpermissions
+{
+ my $bldir = $_[0];
+
+ foreach $category (<$bldir/*>)
+ {
+ if (-d $category){
+ system("chmod 755 $category &> /dev/null");
+ foreach $blacklist (<$category/*>)
+ {
+ if (-f $blacklist) { system("chmod 644 $blacklist &> /dev/null"); }
+ if (-d $blacklist) { system("chmod 755 $blacklist &> /dev/null"); }
+ }
+ system("chmod 666 $category/*.db &> /dev/null");
+ &setpermissions ($category);
+ }
+ }
+}
+
+# -------------------------------------------------------------------
+
sub writeconfigfile
{
my $executables = "\\.\(ade|adp|asx|bas|bat|chm|com|cmd|cpl|crt|dll|eml|exe|hiv|hlp|hta|inc|inf|ins|isp|jse|jtd|lnk|msc|msh|msi|msp|mst|nws|ocx|oft|ops|pcd|pif|plx|reg|scr|sct|sha|shb|shm|shs|sys|tlb|tsp|url|vbe|vbs|vxd|wsc|wsf|wsh\)\$";
- my $audiovideo = "\\.\(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wmf|wmv\)\$";
+ my $audiovideo = "\\.\(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wma|wmf|wmv\)\$";
my $archives = "\\.\(bin|bz2|cab|cdr|dmg|gz|hqx|rar|smi|sit|sea|tar|tgz|zip\)\$";
my $ident = " anonymous";
if ($filtersettings{'SHOW_URL'} eq 'on') { $redirect .= "&url=%u"; }
if ($filtersettings{'SHOW_IP'} eq 'on') { $redirect .= "&ip=%a"; }
$redirect =~ s/^&/?/;
- $redirect = "http:\/\/$netsettings{'GREEN_ADDRESS'}:81\/redirect.cgi".$redirect;
+ $redirect = "http:\/\/$netsettings{'GREEN_ADDRESS'}:$http_port\/redirect.cgi".$redirect;
} else {
- $redirect="http:\/\/$netsettings{'GREEN_ADDRESS'}:81\/redirect.cgi";
+ $redirect="http:\/\/$netsettings{'GREEN_ADDRESS'}:$http_port\/redirect.cgi";
}
} else { $redirect=$filtersettings{'REDIRECT_PAGE'}; }
$defaultrule .= "any";
}
+ $defaultrule =~ s/\//_/g;
+
open(FILE, ">${General::swroot}/urlfilter/squidGuard.conf") or die "Unable to write squidGuard.conf file";
flock(FILE, 2);
if ((($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) || ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on'))
{
- print FILE "rewrite rew-rule-0 {\n";
+ print FILE "rewrite rew-rule-1 {\n";
if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles))
{
print FILE " # rewrite localfiles\n";
foreach (@repositoryfiles)
{
- print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:81/repository/$_\@i\n";
+ print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:$http_port/repository/$_\@i\n";
}
}
print FILE "}\n\n";
if ((!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) && ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')) {
- print FILE "rewrite rew-rule-1 {\n";
+ print FILE "rewrite rew-rule-2 {\n";
if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles))
{
print FILE " # rewrite localfiles\n";
foreach (@repositoryfiles)
{
- print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:81/repository/$_\@i\n";
+ print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:$http_port/repository/$_\@i\n";
}
} else {
print FILE " # rewrite nothing\n";
}
}
+ if (!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) {
+ print FILE "src unfiltered {\n";
+ print FILE " ip $filtersettings{'UNFILTERED_CLIENTS'}\n";
+ print FILE "}\n\n";
+ }
+ if (!($filtersettings{'BANNED_CLIENTS'} eq '')) {
+ print FILE "src banned {\n";
+ print FILE " ip $filtersettings{'BANNED_CLIENTS'}\n";
+ if ($filtersettings{'ENABLE_LOG'} eq 'on')
+ {
+ if ($filtersettings{'ENABLE_CATEGORY_LOG'} eq 'on')
+ {
+ print FILE " logfile ".$ident." banned.log\n";
+ } else {
+ print FILE " logfile ".$ident." urlfilter.log\n";
+ }
+ }
+ print FILE "}\n\n";
+ }
+
if (-e $uqfile)
{
open(UQ, $uqfile);
{
$idx++;
print FILE "src network-$idx {\n";
- print FILE " ip $tc[12]\n";
+ @clients = split(/ /,$tc[12]);
+ @temp = split(/-/,$clients[0]);
+ if ( (&General::validipormask($temp[0])) || (&General::validipandmask($temp[0])))
+ {
+ print FILE " ip $tc[12]\n";
+ } else {
+ print FILE " user";
+ @clients = split(/ /,$tc[12]);
+ foreach $line (@clients)
+ {
+ $line =~ s/(^\w+)\\(\w+$)/$1%5c$2/;
+ print FILE " $line";
+ }
+ print FILE "\n";
+ }
+ if (($filtersettings{'ENABLE_LOG'} eq 'on') && ($tc[14] eq 'block') && ($tc[13] eq 'any'))
+ {
+ if ($filtersettings{'ENABLE_CATEGORY_LOG'} eq 'on')
+ {
+ print FILE " logfile ".$ident." timeconst.log\n";
+ } else {
+ print FILE " logfile ".$ident." urlfilter.log\n";
+ }
+ }
print FILE "}\n\n";
}
}
}
}
- if (!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) {
- print FILE "src unfiltered {\n";
- print FILE " ip $filtersettings{'UNFILTERED_CLIENTS'}\n";
- print FILE "}\n\n";
- }
- if (!($filtersettings{'BANNED_CLIENTS'} eq '')) {
- print FILE "src banned {\n";
- print FILE " ip $filtersettings{'BANNED_CLIENTS'}\n";
- print FILE "}\n\n";
- }
-
foreach $category (@categories) {
+ $blacklist = $category;
+ $category =~ s/\//_/g;
print FILE "dest $category {\n";
- if (-e "$dbdir/$category/domains") {
- print FILE " domainlist $category\/domains\n";
+ if (-e "$dbdir/$blacklist/domains") {
+ print FILE " domainlist $blacklist\/domains\n";
}
- if (-e "$dbdir/$category/urls") {
- print FILE " urllist $category\/urls\n";
+ if (-e "$dbdir/$blacklist/urls") {
+ print FILE " urllist $blacklist\/urls\n";
}
- if ((-e "$dbdir/$category/expressions") && ($filtersettings{'ENABLE_EXPR_LISTS'} eq 'on')) {
- print FILE " expressionlist $category\/expressions\n";
+ if ((-e "$dbdir/$blacklist/expressions") && ($filtersettings{'ENABLE_EXPR_LISTS'} eq 'on')) {
+ print FILE " expressionlist $blacklist\/expressions\n";
}
- if (($category eq 'ads') && ($filtersettings{'ENABLE_EMPTY_ADS'} eq 'on'))
+ if ((($category eq 'ads') || ($category eq 'adv')) && ($filtersettings{'ENABLE_EMPTY_ADS'} eq 'on'))
{
- print FILE " redirect http:\/\/$netsettings{'GREEN_ADDRESS'}:81\/images/urlfilter/1x1.gif\n";
+ print FILE " redirect http:\/\/$netsettings{'GREEN_ADDRESS'}:$http_port\/images/urlfilter/1x1.gif\n";
}
if ($filtersettings{'ENABLE_LOG'} eq 'on')
{
}
}
print FILE "}\n\n";
+ $category = $blacklist;
}
print FILE "dest files {\n";
print FILE " pass all\n";
if ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')
{
- print FILE " rewrite rew-rule-1\n";
+ print FILE " rewrite rew-rule-2\n";
}
print FILE " }\n\n";
}
chomp;
@tc = split(/\,/);
@ec = split(/\|/,$tc[13]);
+ foreach (@ec) { s/\//_/g; }
if ($tc[15] eq 'on')
{
$idx++;
print FILE $tcrule unless ((@ec == 1) && ($ec[0] eq 'any'));
} else {
$tcrule = $defaultrule;
- foreach (@ec)
+ if ((@ec == 1) && ($ec[0] eq 'any'))
{
- $tcrule =~ s/!$_ //;
- print FILE "$_ " if ($_ eq 'any');
+ print FILE "any";
+ } else {
+ foreach (@ec)
+ {
+ $tcrule = "$_ ".$tcrule unless (index($defaultrule,"!".$_." ") ge 0);
+ $tcrule =~ s/!$_ //;
+ }
+ print FILE $tcrule;
}
- print FILE $tcrule unless ((@ec == 1) && ($ec[0] eq 'any'));
}
}
}
if ((($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) || ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on'))
{
- print FILE " rewrite rew-rule-0\n";
+ print FILE " rewrite rew-rule-1\n";
}
print FILE " redirect $redirect\n";
print FILE " }\n";
'updxlrtr source checkup schedule' => 'Zeitplanung der Quellenprüfung',
'updxlrtr unknown' => 'Unbekannt',
'updxlrtr update accelerator' => 'Update-Accelerator',
-'updxlrtr update information' => 'Eine aktualisierte Version steht zum Download bereit. Besuchen Sie <a href="http://www.advproxy.net/update-accelerator" target="_blank">http://www.advproxy.net/update-accelerator</a> für weitere Informationen.',
-'updxlrtr update notification' => 'Update-Benachrichtigung!',
'updxlrtr web proxy service required' => 'Der Web-Proxy muss aktiviert sein um den Update-Accelerator zu verwenden',
'updxlrtr week' => 'einer Woche',
'updxlrtr weekly' => 'wöchentlich',
'urlfilter constraint definition' => 'Definition',
'urlfilter constraint outside' => 'ausserhalb',
'urlfilter constraint within' => 'innerhalb',
+'urlfilter copy rule' => 'Kopieren',
'urlfilter current files' => 'Aktuelle Dateien in der lokalen Dateiablage',
'urlfilter custom blacklist' => 'Angepasste Blacklist',
'urlfilter custom expression list' => 'Angepasste Ausdrucksliste',
'urlfilter install information' => 'Die neue Blacklist wird automatisch in vorgefertigte Datenbanken übersetzt. Abhängig von der Größe der Blacklist kann dies einige Minuten dauern.',
'urlfilter invalid content' => 'Datei ist keine squidGuard-kompatible Blacklist',
'urlfilter invalid import file' => 'Datei ist keine gültige URL-Filter Blacklist-Editor Datei',
+'urlfilter invalid ip or mask error' => 'Ungültige IP-Adresse oder Subnetzmaske',
'urlfilter invalid num of children' => 'Ungültige Anzahl Filterprozesse',
'urlfilter invalid restore file' => 'Datei ist keine gültige URL-Filter Sicherungsdatei',
'urlfilter invalid user error' => 'Ungültiger Benutzername',
'updxlrtr source checkup schedule' => 'Source checkup schedule',
'updxlrtr unknown' => 'Unknown',
'updxlrtr update accelerator' => 'Update Accelerator',
-'updxlrtr update information' => 'There is an updated version available for download. Visit <a href="http://www.advproxy.net" target="_blank">http://www.advproxy.net</a> for more information.',
-'updxlrtr update notification' => 'Update notification!',
'updxlrtr web proxy service required' => 'Web proxy service must be enabled to use Update Accelerator',
'updxlrtr week' => 'one week',
'updxlrtr weekly' => 'weekly',
'urlfilter constraint definition' => 'Definition',
'urlfilter constraint outside' => 'outside',
'urlfilter constraint within' => 'within',
+'urlfilter copy rule' => 'Copy',
'urlfilter current files' => 'Current files in local repository',
'urlfilter custom blacklist' => 'Custom blacklist',
'urlfilter custom expression list' => 'Custom expression list',
'urlfilter install information' => 'The new blacklist will be automatically compiled to prebuilt databases. Depending on the size of the blacklist, this may take several minutes.',
'urlfilter invalid content' => 'File is not a squidGuard compatible blacklist',
'urlfilter invalid import file' => 'File is not a valid URL filter blacklist editor file',
+'urlfilter invalid ip or mask error' => 'Invalid IP address or network mask',
'urlfilter invalid num of children' => 'Invalid number of filter processes',
'urlfilter invalid restore file' => 'File is not a valid URL filter backup file',
'urlfilter invalid user error' => 'Invalid username',
if (strcmp(argv[1], "generatereport")==0)
{
- safe_system("/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol");
+ safe_system("/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol >/dev/null 2>&1");
+ return 0;
+ }
+
+ if (strcmp(argv[1], "deletereport")==0)
+ {
+ sprintf(command, "rm -f /var/ipfire/tripwire/report/%s", argv[2]);
+ safe_system(command);
return 0;
}
if (strcmp(argv[1], "updatedatabase")==0)
{
- snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --update --accept-all --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s --twrfile %s", argv[2], argv[3]);
+ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --update --accept-all --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s --twrfile %s >/dev/null 2>&1", argv[2], argv[3]);
safe_system(command);
return 0;
}
if (strcmp(argv[1], "keys")==0)
{
- printf("\nGenerating Site-Key");
- snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s && chmod 640 /var/ipfire/tripwire/site.key", argv[2]);
+ printf("Generating Site Key<br />");
+ snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s && chmod 640 /var/ipfire/tripwire/site.key >/dev/null 2>&1", argv[2]);
safe_system(command);
- printf("\nGenerating Local-Key");
- snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/local.key --local-passphrase %s && chmod 640 /var/ipfire/tripwire/local.key", argv[3]);
+ printf("Generating Local Key<br />");
+ snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/local.key --local-passphrase %s && chmod 640 /var/ipfire/tripwire/local.key >/dev/null 2>&1", argv[3]);
safe_system(command);
- printf("\nGenerating Config File");
- snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg", argv[2]);
+ printf("Generating Config File<br />");
+ snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg >/dev/null 2>&1", argv[2]);
safe_system(command);
- printf("\nGenerating Policy File");
- snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol", argv[2]);
+ printf("Generating Policy File<br />");
+ snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol >/dev/null 2>&1", argv[2]);
safe_system(command);
- printf("\nInitialising - This may take a while depending on your Policy");
- snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]);
+ printf("Initialising - This may take a while depending on your Policy<br />");
+ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s >/dev/null 2>&1", argv[3]);
safe_system(command);
return 0;
}
if (strcmp(argv[1], "generatepolicy")==0)
{
- printf("\nGenerating Policy File");
- snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.txt", argv[2]);
+ printf("Generating Policy File<br />");
+ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.txt >/dev/null 2>&1", argv[2]);
safe_system(command);
- printf("\nInitialising - This may take a while depending on your Policy");
- snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init -c /var/ipfire/tripwire/tw.cfg -p /var/ipfire/tripwire/tw.cfg --local-passphrase %s", argv[3]);
+ printf("Initialising - This may take a while depending on your Policy<br />");
+ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.cfg --local-passphrase %s >/dev/null 2>&1", argv[3]);
safe_system(command);
return 0;
}
if (strcmp(argv[1], "resetpolicy")==0)
{
- printf("\nGenerating Policy File");
- snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.default", argv[2]);
+ printf("Generating Policy File<br />");
+ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.default >/dev/null 2>&1", argv[2]);
safe_system(command);
- printf("\nInitialising - This may take a while depending on your Policy");
- snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init -c /var/ipfire/tripwire/tw.cfg -p /var/ipfire/tripwire/tw.cfg --local-passphrase %s", argv[3]);
+ printf("Initialising - This may take a while depending on your Policy");
+ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.cfg --local-passphrase %s >/dev/null 2>&1", argv[3]);
safe_system(command);
return 0;
}
return 0;
}
return 0;
-}
\ No newline at end of file
+}
case "$1" in
ide)
- /sbin/kudzu -qps -c HD | egrep "desc|device" | awk -F': ' '{print $2}' | sed -e '/"$/a\\' -e "s/$/\;/g" | tr "\n" "XX" | sed -e "s/XX/\n/g" -e "s/\;X/\;/g" > /var/ipfire/extrahd/scan
+ /sbin/kudzu -qps -c HD | egrep "desc|device:" | awk -F': ' '{print $2}' | sed -e '/"$/a\\' -e "s/$/\;/g" | tr "\n" "XX" | sed -e "s/XX/\n/g" -e "s/\;X/\;/g" > /var/ipfire/extrahd/scan
;;
partitions)
cat /proc/partitions | awk '{print $4 ";" $3 ";"}' | grep -v name | grep -v "^;;$" > /var/ipfire/extrahd/partitions