b68e7e17917e4bcc25e9bd5a6dcef2bfc5f2910f
[ipfire-2.x.git] / html / cgi-bin / outgoingfw.cgi
1 #!/usr/bin/perl
2 #
3 # IPFire CGIs
4 #
5 # This code is distributed under the terms of the GPL
6 #
7 # (c) The IPFire Team
8 #
9
10 use strict;
11 # enable only the following on debugging purpose
12 use warnings;
13 use CGI::Carp 'fatalsToBrowser';
14
15 require '/var/ipfire/general-functions.pl';
16 require "${General::swroot}/lang.pl";
17 require "${General::swroot}/header.pl";
18
19 my %outfwsettings = ();
20 my %checked = ();
21 my %selected= () ;
22 my %netsettings = ();
23 my $errormessage = "";
24 my $configentry = "";
25 my @configs = ();
26 my @configline = ();
27 my $p2pentry = "";
28 my @p2ps = ();
29 my @p2pline = ();
30
31 my $configfile = "/var/ipfire/outgoing/rules";
32 my $p2pfile = "/var/ipfire/outgoing/p2protocols";
33
34 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
35
36 &Header::showhttpheaders();
37
38 ### Values that have to be initialized
39 $outfwsettings{'ACTION'} = '';
40 $outfwsettings{'VALID'} = 'yes';
41 $outfwsettings{'EDIT'} = 'no';
42 $outfwsettings{'NAME'} = '';
43 $outfwsettings{'SNET'} = '';
44 $outfwsettings{'SIP'} = '';
45 $outfwsettings{'SPORT'} = '';
46 $outfwsettings{'SMAC'} = '';
47 $outfwsettings{'DIP'} = '';
48 $outfwsettings{'DPORT'} = '';
49 $outfwsettings{'PROT'} = '';
50 $outfwsettings{'STATE'} = '';
51 $outfwsettings{'DISPLAY_DIP'} = '';
52 $outfwsettings{'DISPLAY_DPORT'} = '';
53 $outfwsettings{'DISPLAY_SMAC'} = '';
54 $outfwsettings{'DISPLAY_SIP'} = '';
55
56 &General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
57 &Header::getcgihash(\%outfwsettings);
58
59 if ($outfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; }
60 if ($outfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; }
61 if ($outfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; }
62
63 &Header::openpage('Ausgehende Firewall', 1, '');
64
65 print <<END
66 <script type="text/javascript">
67 <!--
68 function BorderOn (id) { id.className='btnOn' }
69 function BorderOff(id) { id.className='btnOff' }
70 //-->
71 </script>
72 <style type=text/css>
73 .btnOn {
74 border-right: #D5F0FF 2px Inset;
75 border-top: #D5F0FF 2px Inset;
76 border-left: #D5F0FF 2px Inset;
77 border-bottom: #D5F0FF 2px Inset;
78 text-align: Center;
79 text-decoration: None;
80 background-color: #FFFFFF;
81 }
82 .btnOff {
83 border-right: #D5F0FF 2px Outset;
84 border-top: #D5F0FF 2px Outset;
85 border-left: #D5F0FF 2px Outset;
86 border-bottom: #D5F0FF 2px Outset;
87 text-align: Center;
88 text-decoration: None;
89 background-color: #FFFFFF;
90 }
91 </style>
92 END
93 ;
94
95 &Header::openbigbox('100%', 'left', '', $errormessage);
96
97 ############################################################################################################################
98 ############################################################################################################################
99
100 if ($outfwsettings{'ACTION'} eq $Lang::tr{'reset'})
101 {
102 $outfwsettings{'POLICY'}='MODE0';
103 unlink $configfile;
104 system("/bin/touch $configfile");
105 &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings);
106 }
107 if ($outfwsettings{'ACTION'} eq $Lang::tr{'save'})
108 {
109 &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings);
110 }
111 if ($outfwsettings{'ACTION'} eq 'enable')
112 {
113 open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
114 @p2ps = <FILE>;
115 close FILE;
116 open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile";
117 foreach $p2pentry (sort @p2ps)
118 {
119 @p2pline = split( /\;/, $p2pentry );
120 if ($p2pline[1] eq $outfwsettings{'P2PROT'}) {
121 print FILE "$p2pline[0];$p2pline[1];on;\n";
122 } else {
123 print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
124 }
125 }
126 close FILE;
127 }
128 if ($outfwsettings{'ACTION'} eq 'disable')
129 {
130 open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
131 @p2ps = <FILE>;
132 close FILE;
133 open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile";
134 foreach $p2pentry (sort @p2ps)
135 {
136 @p2pline = split( /\;/, $p2pentry );
137 if ($p2pline[1] eq $outfwsettings{'P2PROT'}) {
138 print FILE "$p2pline[0];$p2pline[1];off;\n";
139 } else {
140 print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
141 }
142 }
143 close FILE;
144 }
145 if ($outfwsettings{'ACTION'} eq $Lang::tr{'edit'})
146 {
147 open( FILE, "< $configfile" ) or die "Unable to read $configfile";
148 @configs = <FILE>;
149 close FILE;
150 open( FILE, "> $configfile" ) or die "Unable to write $configfile";
151 foreach $configentry (sort @configs)
152 {
153 @configline = split( /\;/, $configentry );
154 unless (($configline[0] eq $outfwsettings{'STATE'}) &&
155 ($configline[1] eq $outfwsettings{'ENABLED'}) &&
156 ($configline[2] eq $outfwsettings{'SNET'}) &&
157 ($configline[3] eq $outfwsettings{'PROT'}) &&
158 ($configline[4] eq $outfwsettings{'NAME'}) &&
159 ($configline[5] eq $outfwsettings{'SIP'}) &&
160 ($configline[6] eq $outfwsettings{'SMAC'}) &&
161 ($configline[7] eq $outfwsettings{'DIP'}) &&
162 ($configline[8] eq $outfwsettings{'DPORT'}))
163 {
164 print FILE $configentry;
165 }
166 }
167 close FILE;
168 &addrule();
169 &Header::closebigbox();
170 &Header::closepage();
171 exit
172 }
173 if ($outfwsettings{'ACTION'} eq $Lang::tr{'delete'})
174 {
175 open( FILE, "< $configfile" ) or die "Unable to read $configfile";
176 @configs = <FILE>;
177 close FILE;
178 open( FILE, "> $configfile" ) or die "Unable to write $configfile";
179 foreach $configentry (sort @configs)
180 {
181 @configline = split( /\;/, $configentry );
182 unless (($configline[0] eq $outfwsettings{'STATE'}) &&
183 ($configline[1] eq $outfwsettings{'ENABLED'}) &&
184 ($configline[2] eq $outfwsettings{'SNET'}) &&
185 ($configline[3] eq $outfwsettings{'PROT'}) &&
186 ($configline[4] eq $outfwsettings{'NAME'}) &&
187 ($configline[5] eq $outfwsettings{'SIP'}) &&
188 ($configline[6] eq $outfwsettings{'SMAC'}) &&
189 ($configline[7] eq $outfwsettings{'DIP'}) &&
190 ($configline[8] eq $outfwsettings{'DPORT'}))
191 {
192 print FILE $configentry;
193 }
194 }
195 close FILE;
196 }
197 if ($outfwsettings{'ACTION'} eq $Lang::tr{'add'})
198 {
199 if ( $outfwsettings{'VALID'} eq 'yes' ) {
200 open( FILE, ">> $configfile" ) or die "Unable to write $configfile";
201 print FILE <<END
202 $outfwsettings{'STATE'};$outfwsettings{'ENABLED'};$outfwsettings{'SNET'};$outfwsettings{'PROT'};$outfwsettings{'NAME'};$outfwsettings{'SIP'};$outfwsettings{'SMAC'};$outfwsettings{'DIP'};$outfwsettings{'DPORT'};
203 END
204 ;
205 close FILE;
206 } else {
207 $outfwsettings{'ACTION'} = 'Regel hinzufuegen';
208 }
209 }
210 if ($outfwsettings{'ACTION'} eq 'Regel hinzufuegen')
211 {
212 &addrule();
213 exit
214 }
215
216 &General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
217
218 if ($errormessage) {
219 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
220 print "<class name='base'>$errormessage\n";
221 print "&nbsp;</class>\n";
222 &Header::closebox();
223 }
224
225 ############################################################################################################################
226 ############################################################################################################################
227
228 if ($outfwsettings{'POLICY'} ne 'MODE0'){
229 &Header::openbox('100%', 'center', 'Rules');
230 print <<END
231 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
232 <input type='submit' name='ACTION' class='btnOff' onmouseover='BorderOn(this)' onmouseout='BorderOff(this)' value='Regel hinzufuegen'>
233 END
234 ;
235 open( FILE, "< $configfile" ) or die "Unable to read $configfile";
236 @configs = <FILE>;
237 close FILE;
238 if (@configs) {
239 print <<END
240 <hr>
241 <table border='0' width='100%' cellspacing='0'>
242 <tr><td bgcolor='lightgrey' width='14%'>Protokoll
243 <td bgcolor='lightgrey' width='14%'>Netzwerk
244 <td bgcolor='lightgrey' width='14%'>Ziel
245 <td bgcolor='lightgrey' width='14%'>Anmerkung
246 <td bgcolor='lightgrey' width='14%'>Politik
247 <td bgcolor='lightgrey' width='30%'>Aktionen
248 END
249 ;
250 foreach $configentry (sort @configs)
251 {
252 @configline = split( /\;/, $configentry );
253 $outfwsettings{'STATE'} = $configline[0];
254 $outfwsettings{'ENABLED'} = $configline[1];
255 $outfwsettings{'SNET'} = $configline[2];
256 $outfwsettings{'PROT'} = $configline[3];
257 $outfwsettings{'NAME'} = $configline[4];
258 $outfwsettings{'SIP'} = $configline[5];
259 $outfwsettings{'SMAC'} = $configline[6];
260 $outfwsettings{'DIP'} = $configline[7];
261 $outfwsettings{'DPORT'} = $configline[8];
262 if ($outfwsettings{'DIP'} eq ''){ $outfwsettings{'DISPLAY_DIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DIP'} = $outfwsettings{'DIP'}; }
263 if ($outfwsettings{'DPORT'} eq ''){ $outfwsettings{'DISPLAY_DPORT'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DPORT'} = $outfwsettings{'DPORT'}; }
264 if ($outfwsettings{'STATE'} eq 'DENY'){ $outfwsettings{'DISPLAY_STATE'} = "<img src='/images/stock_stop.png' alt='DENY'>"; }
265 if ($outfwsettings{'STATE'} eq 'ALLOW'){ $outfwsettings{'DISPLAY_STATE'} = "<img src='/images/stock_ok.png' alt='ALLOW'>"; }
266 if ((($outfwsettings{'POLICY'} eq 'MODE1') && ($outfwsettings{'STATE'} eq 'ALLOW')) || (($outfwsettings{'POLICY'} eq 'MODE2') && ($outfwsettings{'STATE'} eq 'DENY'))){
267 print <<END
268 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
269 <input type='hidden' name='PROT' value=$outfwsettings{'PROT'}>
270 <input type='hidden' name='STATE' value=$outfwsettings{'STATE'}>
271 <input type='hidden' name='SNET' value=$outfwsettings{'SNET'}>
272 <input type='hidden' name='DPORT' value=$outfwsettings{'DPORT'}>
273 <input type='hidden' name='DIP' value=$outfwsettings{'DIP'}>
274 <input type='hidden' name='SIP' value=$outfwsettings{'SIP'}>
275 <input type='hidden' name='NAME' value=$outfwsettings{'NAME'}>
276 <input type='hidden' name='SMAC' value=$outfwsettings{'SMAC'}>
277 <input type='hidden' name='ENABLED' value=$outfwsettings{'ENABLED'}>
278 <tr><td align='center' bgcolor='#EAEAEA'>$outfwsettings{'PROT'}
279 <td align='center' bgcolor='#EAEAEA'>$outfwsettings{'SNET'}
280 <td align='center' bgcolor='#EAEAEA'>$outfwsettings{'DISPLAY_DIP'}:$outfwsettings{'DISPLAY_DPORT'}
281 <td align='center' bgcolor='#EAEAEA'>$outfwsettings{'NAME'}
282 <td align='center' bgcolor='#EAEAEA'>$outfwsettings{'DISPLAY_STATE'}
283 <td align='right' bgcolor='#EAEAEA'>
284 <button type='submit' name='ACTION' value=$Lang::tr{'edit'} class='btnOff' onmouseover='BorderOn(this)' onmouseout='BorderOff(this)'><img src='/images/edit.gif' width="20" height="20" alt=$Lang::tr{'edit'}></button>&nbsp;
285 <button type='submit' name='ACTION' value=$Lang::tr{'delete'} class='btnOff' onmouseover='BorderOn(this)' onmouseout='BorderOff(this)'><img src='/images/delete.gif' width="20" height="20" alt=$Lang::tr{'delete'}></button>
286 END
287 ;
288 if (($outfwsettings{'SIP'}) || ($outfwsettings{'SMAC'})) {
289 unless ($outfwsettings{'SIP'}) { $outfwsettings{'DISPLAY_SIP'} = '---'; } else { $outfwsettings{'DISPLAY_SIP'} = $outfwsettings{'SIP'}; }
290 unless ($outfwsettings{'SMAC'}) { $outfwsettings{'DISPLAY_SMAC'} = '---'; } else { $outfwsettings{'DISPLAY_SMAC'} = $outfwsettings{'SMAC'}; }
291 print <<END
292 <tr><td width='14%' align='right' bgcolor='#FAFAFA'>Quell-IP-Adresse:
293 <td width='14%' align='left' bgcolor='#FAFAFA'>$outfwsettings{'DISPLAY_SIP'}
294 <td width='14%' align='right' bgcolor='#FAFAFA'>Quell-MAC-Adresse:
295 <td width='14%' align='left' bgcolor='#FAFAFA'>$outfwsettings{'DISPLAY_SMAC'}
296 <td width='44%' colspan='2' align='center' bgcolor='#FAFAFA'>
297 END
298 ;
299 }
300 print <<END
301 </form>
302 END
303 ;
304 }
305 }
306 print <<END
307 </table>
308 END
309 ;
310
311 }
312 print <<END
313 </form>
314 END
315 ;
316 &Header::closebox();
317 }
318
319 if ($outfwsettings{'POLICY'} eq 'MODE2'){
320 open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
321 @p2ps = <FILE>;
322 close FILE;
323 &Header::openbox('100%', 'center', 'P2P-Block');
324 print <<END
325 <table width='40%'>
326 <tr><td bgcolor='lightgrey' width='66%'>Protokoll
327 <td bgcolor='lightgrey' width='33%'>Status
328 END
329 ;
330 foreach $p2pentry (sort @p2ps)
331 {
332 @p2pline = split( /\;/, $p2pentry );
333 print <<END
334 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
335 <tr><td width='66%' align='center'>$p2pline[0]:
336 <td width='33%' align='center'><input type='hidden' name='P2PROT' value=$p2pline[1]>
337 END
338 ;
339 if ($p2pline[2] eq 'on') {
340 print <<END
341 <input type='hidden' name='ACTION' value='disable'>
342 <input type='image' name='submit' src='/images/stock_ok.png' alt=''>
343 END
344 ;
345 } else {
346 print <<END
347 <input type='hidden' name='ACTION' value='enable'>
348 <input type='image' name='submit' src='/images/stock_stop.png' alt=''>
349 END
350 ;
351 }
352 print <<END
353 </form>
354 END
355 ;
356 }
357 print <<END
358 <tr><td colspan='2' align='center'>Klicken Sie auf die Symbole um das entsprechende P2P-Netz zu (de-)aktivieren.
359 </table>
360 END
361 ;
362 &Header::closebox();
363 }
364
365 &Header::openbox('100%', 'center', 'Policy');
366 print <<END
367 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
368 <table width='100%'>
369 <tr><td width='10%' align='right'><b>Modus 0:</b><td width='90%' align='left' colspan='2'>In diesem Modus ist es allen Rechnern im Netzwerk uneingeschraenkt moeglich Verbindungen ins Internet aufzubauen.
370 <tr><td width='10%' align='right'><b>Modus 1:</b><td width='90%' align='left' colspan='2'>In diesem Modus werden nur Verbindungen nach den oben definierten Regeln zugelassen.
371 <tr><td width='10%' align='right'><b>Modus 2:</b><td width='90%' align='left' colspan='2'>In diesem Modus werden saemtliche Verbindungen erlaubt, bis auf die oben definierten Block-Regeln.<br>Hier ist eine Besonderheit der P2P-Filter.
372 <tr><td colspan='3'><hr>
373 <tr><td width='10%' align='right'> <select name='POLICY'><option value='MODE0' $selected{'POLICY'}{'MODE0'}>Modus 0</option><option value='MODE1' $selected{'POLICY'}{'MODE1'}>Modus 1</option><option value='MODE2' $selected{'POLICY'}{'MODE2'}>Modus 2</option></select>
374 <td width='45%' align='left'><input type='submit' name='ACTION' value=$Lang::tr{'save'}>
375 <td width='45%' align='right'>
376 END
377 ;
378 if ($outfwsettings{'POLICY'} ne 'MODE0') {
379 print <<END
380 Alle Regeln loeschen: <input type='submit' name='ACTION' value=$Lang::tr{'reset'}>
381 END
382 ;
383 }
384 print <<END
385 </table>
386 </form>
387 END
388 ;
389 &Header::closebox();
390
391 &Header::closebigbox();
392 &Header::closepage();
393
394 ############################################################################################################################
395 ############################################################################################################################
396
397 sub addrule
398 {
399 &Header::openbox('100%', 'center', 'Rules hinzufuegen');
400 if ($outfwsettings{'EDIT'} eq 'no') { $selected{'ENABLED'} = 'checked'; }
401 print <<END
402 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
403 <table width='80%'>
404 <tr><td width='20%' align='right'>Anmerkung: <img src='/blob.gif'>
405 <td width='30%' align='left'><input type='text' name='NAME' maxlength='30' value='$outfwsettings{'NAME'}'>
406 <td width='20%' align='right'>Aktiviert:
407 <td width='30%' align='left'><input type='checkbox' name='ENABLED' $selected{'ENABLED'}>
408 <tr><td width='20%' align='right'>Protokoll:
409 <td width='30%' align='left'><select name='PROT'><option value='tcp' $selected{'PROT'}{'TCP'}>TCP</option><option value='udp' $selected{'PROT'}{'UDP'}>UDP</option></select>
410 <td width='20%' align='right'>Sicherheitspolitik:
411 <td width='30%' align='left'>
412 END
413 ;
414 if ($outfwsettings{'POLICY'} eq 'MODE1'){
415 print "\t\t\tALLOW<input type='hidden' name='STATE' value='ALLOW'>\n";
416 } elsif ($outfwsettings{'POLICY'} eq 'MODE2'){
417 print "\t\t\tDENY<input type='hidden' name='STATE' value='DENY'>\n";
418 }
419 print <<END
420 <tr><td width='20%' align='right'>Quellnetz:
421 <td width='30%' align='left'><select name='SNET'>
422 <option value='all' $selected{'SNET'}{'ALL'}>alle</option>
423 <option value='green' $selected{'SNET'}{'GREEN'}>Gruen</option>
424 END
425 ;
426 if (&Header::blue_used()){
427 print "\t\t\t<option value='blue' $selected{'SNET'}{'BLUE'}>Blau</option>\n";
428 }
429 if (&Header::orange_used()){
430 print "\t\t\t<option value='orange' $selected{'SNET'}{'ORANGE'}>Orange</option>\n";
431 }
432 print <<END
433 </select>
434 <td width='20%' align='right'>Quell-IP-Adresse: <img src='/blob.gif'>
435 <td width='30%' align='left'><input type='text' name='SIP' maxlength='15' value='$outfwsettings{'SIP'}'>
436 <tr><td width='50%' colspan='2'>&nbsp;
437 <td width='20%' align='right'>Quell-MAC-Adresse: <img src='/blob.gif'>
438 <td width='30%' align='left'><input type='text' name='SMAC' maxlength='23' value='$outfwsettings{'SMAC'}'>
439 <tr><td width='20%' align='right'>Ziel-IP-Adresse: <img src='/blob.gif'>
440 <td width='30%' align='left'><input type='text' name='DIP' maxlength='15' value='$outfwsettings{'DIP'}'>
441 <td width='20%' align='right'>Ziel-Port: <img src='/blob.gif'>
442 <td width='30%' align='left'><input type='text' name='DPORT' maxlength='5' value='$outfwsettings{'DPORT'}'>
443 <tr><td colspan='4'>
444 <tr><td width='40%' align='right' colspan='2'><img src='/blob.gif'> $Lang::tr{'this field may be blank'}
445 <td width='60%' align='left' colspan='2'><input type='submit' name='ACTION' value=$Lang::tr{'add'}>
446 </table></form>
447 END
448 ;
449 &Header::closebox();
450 }
451