]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blame - html/cgi-bin/iptables.cgi
projects / people / pmueller / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
suricata: Change midstream policy to "pass-flow"
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / iptables.cgi
CommitLineData
a68fedca 1#!/usr/bin/perl
70df8302
MT		 2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
1ddefbbd 5# Copyright (C) 2010 IPFire Team #
70df8302
MT		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
a68fedca
MT		 21
22require '/var/ipfire/general-functions.pl';
23require "${General::swroot}/lang.pl";
24require "${General::swroot}/header.pl";
25
1ddefbbd
CS		 26#use warnings;
27#use CGI::Carp 'fatalsToBrowser';
28
29my $debug = 0;
a68fedca 30my @iplines;
1ddefbbd 31my $string = "";
a68fedca
MT		 32my $lines = 0;
33my @ipmanlines;
34my $manlines = 0;
35my @ipnatlines;
36my $natlines = 0;
1ddefbbd
CS		 37my %chains;
38my %chainsman;
39my %chainsnat;
40my $chainname;
41my $selectedchain;
42my %netsettings = ();
43my %cgiparams=();
44
45&Header::getcgihash(\%cgiparams);
a68fedca 46
a68fedca
MT		 47&Header::showhttpheaders();
48&Header::openpage($Lang::tr{'ipts'}, 1, '');
49&Header::openbigbox('100%', 'LEFT');
1ddefbbd
CS		 50
51# This debug is used to see what inputs are done via the cgi and
52# what parameters are to be executed
53
54if ( $debug ){
55 &Header::openbox('100%', 'center', 'DEBUG');
56 my $debugCount = 0;
57 foreach my $line (sort keys %cgiparams) {
58 print "$line = '$cgiparams{$line}'<br />\n";
59 $debugCount++;
60 }
61 print "&nbsp;Count: $debugCount\n";
62 &Header::closebox();
63}
64
a68fedca 65&Header::openbox('100%', 'LEFT', $Lang::tr{'ipts'}.':');
1ddefbbd
CS		 66
67# If the cgi is called the first time the default chain is
68# used, otherwise if user selected a chains in the selectboxes
69# those one are displayed, it is possible to change all 3 at
70# the same time
71
72if ( $cgiparams{'selectedchain'} ne "" ){
73 my @multi = split(/\|/,$cgiparams{'selectedchain'});
74 $selectedchain = $multi[0];
75} else {
76 $selectedchain = "INPUT";
77}
78
a68fedca
MT		 79print <<END
80
52ee27b2 81<div align='left'>
a68fedca
MT		 82END
83;
1ddefbbd 84
8b68ed12 85# We´ll get iptables output and examine each line, if the line
1ddefbbd
CS		 86# start with an Chain the the name, start- and endline of the
87# chain is extracted into a hash
88
8b68ed12 89 open (FILE, '/usr/local/bin/getipstat | ');
1ddefbbd
CS		 90 while (<FILE>){
91
92 $iplines[$lines] = $_;
93
94 if ( $_ =~ /^Chain/ ){
95
96 my @chainstring = split(/ /,$_);
97
98 if ( $chainname ne "" ){
99 $chains{$chainname."end"} = $lines-2;
100 }
101
102 $chainname = $chainstring[1];
66c36198 103 $chains{$chainname."start"} = $lines;
1ddefbbd
CS		 104 }
105
a68fedca 106 $lines++;
51d002bd 107
1ddefbbd 108 }
51d002bd 109 $chains{$chainname."end"} = $lines-1;
a68fedca 110 close (FILE);
a68fedca 111
1ddefbbd
CS		 112# now the chain hash is extracted to get the correct name of the chain
113# all chains are displayed as a select box and can be choosen for display
114# after this all corresponding lines for the chain are extraced and seperated
115# into table rows, sometimes we need to handle leading blank so the offset is
116# needed, some lines need to chomp trailing seperators. The interfaces and
117# network addresses should be colorized by an extra function to make a nice
118# colored gui
a68fedca 119
1ddefbbd 120 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n<select name='selectedchain' style='width: 250px'>\n";
51d002bd 121 foreach (sort(keys(%chains))){
1ddefbbd
CS		 122
123 if ( $_ =~ /end$/ ){
124 next;
125 } else {
126 $_ =~ s/start$//gi;
127 }
128
129 print " <option value='".$_;
130 if ( $_ eq $selectedchain ){
131 print "' selected='selected' >".$_."</option>\n";
132 } else {
133 print "'>".$_."</option>\n";
134 }
135 }
136 print "</select><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /><form><br /><br />\n\n";
137
138 $string = $iplines[$chains{$selectedchain."start"}];
139 $string =~ s/\s$//gi;
140
141 print "<strong>".$string."</strong><br />\n\n";
142 print "<table width='100%' cellspacing='1'>\n<tr>\n";
143 foreach (split(/ +/,$iplines[$chains{$selectedchain."start"}+1])){
144 if ( $_ =~ /[^a-zA-Z]/ ){chomp($_);}
145 print " <th align='left'><strong>".$_."</strong></th>\n";
146 }
147
148 print "</tr>\n";
149
150 print "<tr>\n";
58c2333b
MF		 151 print " <td width='0'></td>\n <td width='60'></td>\n <td width='60'></td>\n";
152 print " <td width='150'></td>\n <td width='30'></td>\n";
1ddefbbd
CS		 153 print " <td width='30'></td>\n <td width='40'></td>\n";
154 print " <td width='40'></td>\n <td width='95'></td>\n";
155 print " <td width='95'></td>\n <td width='260'></td>\n";
156 print "</tr>\n";
157
158
159 for(my $i = $chains{$selectedchain."start"}+2; $i <= $chains{$selectedchain."end"}; $i++) {
160 print "<tr>\n";
161
162 my @iptablesline = split(/ +/,$iplines[$i]);
163 my $offset=0;
164
165 if ( $iptablesline[0] eq "" ){
166 $offset=1;
167 }
168
169 print " <td></td>\n <td>".$iptablesline[0+$offset]."</td>\n <td>".$iptablesline[1+$offset]."</td>\n";
170 print " <td>".$iptablesline[2+$offset]."</td>\n <td>".$iptablesline[3+$offset]."</td>\n";
171 print " <td>".$iptablesline[4+$offset]."</td>\n <td>".&Header::colorize($iptablesline[5+$offset])."</td>\n";
172 print " <td>".&Header::colorize($iptablesline[6+$offset])."</td>\n";
173 print " <td>".&Header::colorize($iptablesline[7+$offset])."</td>\n";
174 print " <td>".&Header::colorize($iptablesline[8+$offset])."</td>\n <td>";
175
176 for (my $i=9+$offset; $i <= $#iptablesline; $i++){
177 $string = $iptablesline[$i];
178 $string =~ s/\s$//gi;
179 print " ".$string;
180 }
181 print "</td>\n</tr>\n";
182 }
52ee27b2 183print "</table></div><br />";
a68fedca
MT		 184&Header::closebox();
185
186## MANGLE
187&Header::openbox('100%', 'LEFT', $Lang::tr{'iptmangles'}.':');
1ddefbbd
CS		 188
189# If the cgi is called the first time the default chain is
190# used, otherwise if user selected a chains in the selectboxes
191# those one are displayed, it is possible to change all 3 at
192# the same time
193
194if ( $cgiparams{'selectedchain'} ne "" ){
195 my @multi = split(/\|/,$cgiparams{'selectedchain'});
196 $selectedchain = $multi[1];
197} else {
198 $selectedchain = "PREROUTING";
199}
200
a68fedca
MT		 201print <<END
202
52ee27b2 203<div align='left'>
a68fedca
MT		 204END
205;
1ddefbbd 206
8b68ed12 207# We´ll get iptables output and examine each line, if the line
1ddefbbd
CS		 208# start with an Chain the the name, start- and endline of the
209# chain is extracted into a hash
210
8b68ed12 211 open (FILE, '/usr/local/bin/getipstat -m | ');
1ddefbbd
CS		 212 while (<FILE>){
213
214 $ipmlines[$manlines] = $_;
215
216 if ( $_ =~ /^Chain/ ){
217
218 my @chainstring = split(/ /,$_);
219
220 if ( $chainname ne "" ){
221 $chainsman{$chainname."end"} = $manlines-2;
222 }
223
224 $chainname = $chainstring[1];
66c36198 225 $chainsman{$chainname."start"} = $manlines;
1ddefbbd
CS		 226 }
227
a68fedca 228 $manlines++;
66c36198 229
1ddefbbd 230 }
51d002bd 231 $chainsman{$chainname."end"} = $manlines-1;
1ddefbbd 232 close (FILE);
a68fedca 233
1ddefbbd
CS		 234# now the chain hash is extracted to get the correct name of the chain
235# all chains are displayed as a select box and can be choosen for display
236# after this all corresponding lines for the chain are extraced and seperated
237# into table rows, sometimes we need to handle leading blank so the offset is
238# needed, some lines need to chomp trailing seperators. The interfaces and
239# network addresses should be colorized by an extra function to make a nice
240# colored gui
a68fedca 241
1ddefbbd 242 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n<select name='selectedchain' style='width: 250px'>\n";
51d002bd 243 foreach (sort(keys(%chainsman))){
1ddefbbd
CS		 244
245 if ( $_ =~ /end$/ ){
246 next;
247 } else {
248 $_ =~ s/start$//gi;
249 }
250
251 print " <option value='".$_;
252 if ( $_ eq $selectedchain ){
253 print "' selected='selected' >".$_."</option>\n";
254 } else {
255 print "'>".$_."</option>\n";
256 }
257 }
258 print "</select><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /><form><br /><br />\n\n";
259
260 $string = $ipmanlines[$chainsman{$selectedchain."start"}];
261 $string =~ s/\s$//gi;
262
263 print "<strong>".$string."</strong><br />\n\n";
264 print "<table width='100%' cellspacing='1'>\n<tr>\n";
265 foreach (split(/ +/,$ipmlines[$chainsman{$selectedchain."start"}+1])){
266 if ( $_ =~ /[^a-zA-Z]/ ){chomp($_);}
267 print " <th align='left'><strong>".$_."</strong></th>\n";
268 }
269
270 print "</tr>\n";
271
272 print "<tr>\n";
58c2333b
MF		 273 print " <td width='0'></td>\n <td width='60'></td>\n <td width='60'></td>\n";
274 print " <td width='150'></td>\n <td width='30'></td>\n";
1ddefbbd
CS		 275 print " <td width='30'></td>\n <td width='40'></td>\n";
276 print " <td width='40'></td>\n <td width='95'></td>\n";
277 print " <td width='95'></td>\n <td width='260'></td>\n";
278 print "</tr>\n";
279
280 for(my $i = $chainsman{$selectedchain."start"}+2; $i <= $chainsman{$selectedchain."end"}; $i++) {
281 print "<tr>\n";
282 my @iptablesline = split(/ +/,$ipmlines[$i]);
283 my $offset=0;
284
285 if ( $iptablesline[0] eq "" ){
286 $offset=1;
287 }
288
289 print " <td></td>\n <td>".$iptablesline[0+$offset]."</td>\n <td>".$iptablesline[1+$offset]."</td>\n";
290 print " <td>".$iptablesline[2+$offset]."</td>\n <td>".$iptablesline[3+$offset]."</td>\n";
291 print " <td>".$iptablesline[4+$offset]."</td>\n <td>".&Header::colorize($iptablesline[5+$offset])."</td>\n";
292 print " <td>".&Header::colorize($iptablesline[6+$offset])."</td>\n";
293 print " <td>".&Header::colorize($iptablesline[7+$offset])."</td>\n";
294 print " <td>".&Header::colorize($iptablesline[8+$offset])."</td>\n <td>";
295
296 for (my $i=9+$offset; $i <= $#iptablesline; $i++){
297 $string = $iptablesline[$i];
298 $string =~ s/\s$//gi;
299
300# mangles with marks need to be converted from hex to number to show the correct qos class
301
302 if ( $string =~ /^0x/){
303 $string = hex($string);
304 }
305
306 print " ".$string;
307 }
308 print "</td>\n</tr>\n";
309 }
52ee27b2 310print "</table></div><br />";
a68fedca
MT		 311&Header::closebox();
312
313## NAT
314&Header::openbox('100%', 'LEFT', $Lang::tr{'iptnats'}.':');
1ddefbbd
CS		 315
316# If the cgi is called the first time the default chain is
317# used, otherwise if user selected a chains in the selectboxes
318# those one are displayed, it is possible to change all 3 at
319# the same time
320
321if ( $cgiparams{'selectedchain'} ne "" ){
322 my @multi = split(/\|/,$cgiparams{'selectedchain'});
323 $selectedchain = $multi[2];
324} else {
325 $selectedchain = "PREROUTING";
326}
327
a68fedca
MT		 328print <<END
329
52ee27b2 330<div align='left'>
a68fedca
MT		 331END
332;
1ddefbbd 333
8b68ed12 334# We´ll get iptables output and examine each line, if the line
1ddefbbd
CS		 335# start with an Chain the the name, start- and endline of the
336# chain is extracted into a hash
337
8b68ed12 338 open (FILE, '/usr/local/bin/getipstat -n | ');
1ddefbbd
CS		 339 while (<FILE>){
340
341 $ipnatlines[$natlines] = $_;
342
343 if ( $_ =~ /^Chain/ ){
344
345 my @chainstring = split(/ /,$_);
346
347 if ( $chainname ne "" ){
348 $chainsnat{$chainname."end"} = $natlines-2;
349 }
350
351 $chainname = $chainstring[1];
66c36198 352 $chainsnat{$chainname."start"} = $natlines;
1ddefbbd
CS		 353 }
354
a68fedca 355 $natlines++;
66c36198 356
1ddefbbd 357 }
51d002bd 358 $chainsnat{$chainname."end"} = $natlines-1;
1ddefbbd 359 close (FILE);
a68fedca 360
1ddefbbd
CS		 361# now the chain hash is extracted to get the correct name of the chain
362# all chains are displayed as a select box and can be choosen for display
363# after this all corresponding lines for the chain are extraced and seperated
364# into table rows, sometimes we need to handle leading blank so the offset is
365# needed, some lines need to chomp trailing seperators. The interfaces and
366# network addresses should be colorized by an extra function to make a nice
367# colored gui
a68fedca 368
1ddefbbd 369 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n<select name='selectedchain' style='width: 250px'>\n";
51d002bd 370 foreach (sort(keys(%chainsnat))){
1ddefbbd
CS		 371
372 if ( $_ =~ /end$/ ){
373 next;
374 } else {
375 $_ =~ s/start$//gi;
376 }
377
378 print " <option value='".$_;
379 if ( $_ eq $selectedchain ){
380 print "' selected='selected' >".$_."</option>\n";
381 } else {
382 print "'>".$_."</option>\n";
383 }
384 }
385 print "</select><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /><form><br /><br />\n\n";
386
387 $string = $ipnatlines[$chainsnat{$selectedchain."start"}];
388 $string =~ s/\s$//gi;
389
390 print "<strong>".$string."</strong><br />\n\n";
391 print "<table width='100%' cellspacing='1'>\n<tr>\n";
392 foreach (split(/ +/,$ipnatlines[$chainsnat{$selectedchain."start"}+1])){
393 if ( $_ =~ /[^a-zA-Z]/ ){chomp($_);}
394 print "<th align='left'><strong>".$_."</strong></th>\n";
395 }
396
397 print "</tr>\n";
398
399 print "<tr>\n";
58c2333b
MF		 400 print " <td width='0'></td>\n <td width='60'></td>\n <td width='60'></td>\n";
401 print " <td width='150'></td>\n <td width='30'></td>\n";
1ddefbbd
CS		 402 print " <td width='30'></td>\n <td width='40'></td>\n";
403 print " <td width='40'></td>\n <td width='95'></td>\n";
404 print " <td width='95'></td>\n <td width='260'></td>\n";
405 print "</tr>\n";
406
407 for(my $i = $chainsnat{$selectedchain."start"}+2; $i <= $chainsnat{$selectedchain."end"}; $i++) {
408 print "<tr>\n";
409 my @iptablesline = split(/ +/,$ipnatlines[$i]);
410 my $offset=0;
411
412 if ( $iptablesline[0] eq "" ){
413 $offset=1;
414 }
415
416 print " <td></td>\n<td>".$iptablesline[0+$offset]."</td>\n <td>".$iptablesline[1+$offset]."</td>\n";
417 print " <td>".$iptablesline[2+$offset]."</td>\n <td>".$iptablesline[3+$offset]."</td>\n";
418 print " <td>".$iptablesline[4+$offset]."</td>\n <td>".&Header::colorize($iptablesline[5+$offset])."</td>\n";
419 print " <td>".&Header::colorize($iptablesline[6+$offset])."</td>\n";
420 print " <td>".&Header::colorize($iptablesline[7+$offset])."</td>\n";
421 print " <td>".&Header::colorize($iptablesline[8+$offset])."</td>\n <td>";
422
423 for (my $i=9+$offset; $i <= $#iptablesline; $i++){
424 $string = $iptablesline[$i];
425 $string =~ s/\s$//gi;
426 print " ".$string;
427 }
428 print "</td>\n</tr>\n";
429 }
52ee27b2 430print "</table></div><br />";
a68fedca
MT		 431&Header::closebox();
432&Header::closebigbox();
433&Header::closepage();
Peter's tree of IPFire 2.x