[people/pmueller/ipfire-2.x.git] / html / cgi-bin / webaccess.cgi

#!/usr/bin/perl
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

use CGI;

my $swroot = "/var/ipfire";
my $apdir  = "$swroot/proxy/advanced";
my $group_def_file = "$apdir/cre/classrooms";
my $svhosts_file = "$apdir/cre/supervisors";
my $acl_src_noaccess_ips = "$apdir/acls/src_noaccess_ip.acl";
my $acl_src_noaccess_mac = "$apdir/acls/src_noaccess_mac.acl";

my $banner = "A D V A N C E D &nbsp; P R O X Y &nbsp; - &nbsp; W E B &nbsp; A C C E S S &nbsp; M A N A G E R";
my %cgiparams;
my %proxysettings;

my %acl=();
my @group_defs=();
my @groups=();

### Initialize environment
&readhash("${swroot}/proxy/advanced/settings", \%proxysettings);

### Initialize language
require "${swroot}/lang.pl";

&getcgihash(\%cgiparams);

&read_all_groups;
&read_acl_groups;

foreach (@groups)
{
	if ($cgiparams{$_} eq $tr{'advproxy mode deny'})  { $acl{$_}='on'; }
	if ($cgiparams{$_} eq $tr{'advproxy mode allow'}) { $acl{$_}='off'; }
}

&read_all_groups;

my $is_supervisor=0;

if ((-e $svhosts_file) && (!-z $svhosts_file))
{
	open (FILE, $svhosts_file);
	while (<FILE>)
	{
		chomp;
		if ($ENV{'REMOTE_ADDR'} eq $_) { $is_supervisor=1; }
	}
	close (FILE);

} else { $is_supervisor=1; }

if (($cgiparams{'ACTION'} eq 'submit') && ($is_supervisor))
{
	if (	($cgiparams{'PASSWORD'} eq $proxysettings{'SUPERVISOR_PASSWORD'}) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')) || 
		((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && ($proxysettings{'SUPERVISOR_PASSWORD'} eq '')))
	{
		&write_acl;
		system("/usr/local/bin/squidctrl restart >/dev/null 2>&1");
	}
}

&read_acl_groups;

#undef(%cgiparams);

# -------------------------------------------------------------------

print <<END
Pragma: no-cache
Cache-control: no-cache
Connection: close
Content-type: text/html

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'>
<html>
<head>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<title>Advanced Proxy - Web Access Manager</title>
<style type='text/css'>
	a:link    { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
	a:visited { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
	a:hover   { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; }
	a:active  { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; }
	a:focus   { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
</style>
</head>
<body bgcolor='#FFFFFF'>

<center>

<form method='post' action='$ENV{'SCRIPT_NAME'}'>

<table width='720' cellspacing='10' cellpadding='5' border='0'>

<tr>
   <td bgcolor='#C0C0C0' height='20'></td>
</tr>

<tr>
   <td bgcolor='#F4F4F4' align='center'>
      <table width='100%' cellspacing='10' cellpadding='10' border='0'>

         <tr>
            <td nowrap bgcolor='#FFFFFF' align='center'>
                <font face='verdana,arial,helvetica' color='#000000' size='3'>$banner</font>
            </td>
         </tr>

END
;
if ($proxysettings{'CLASSROOM_EXT'} eq 'on')
{
if (@groups)
{
print <<END
         <tr>
            <td>
               <table width='70%' cellspacing='2' cellpadding='2' border='0' align='center'>
	<tr><td><input type='hidden' name='ACTION' value='submit'></td></tr>
               <tr>
END
;
if (($is_supervisor) && ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq ''))))
{
print <<END
                  <td align='center'>
                     <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy supervisor password'}:</font>
                  </td>
                  <td align='center'><input type='password' name='PASSWORD' size='15'></td>
END
;
}
print <<END
               </tr>

               </table>

               <p>

END
;
	foreach (@groups) {
		if ($is_supervisor)
		{
			print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center' rules='groups'>";
		} else {
			print"<table width='50%' cellspacing='2' cellpadding='6' border='0' align='center' rules='groups'>";
		}
		print "<tr>\n";
		if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
		{
			print " <td bgcolor='#D00000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>";
		} else { print " <td bgcolor='#00A000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>"; }
		if ($is_supervisor)
		{
			if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
			{
			print "</td><td width='120' align='center'>";
				print "<input type='submit' name='$_' value=' $tr{'advproxy mode allow'} '>";
			print "</td><td width='16' bgcolor='#D00000'>&nbsp;</td>\n";
			} else {
			print "</td><td width='120' align='center'>";
				print "<input type='submit' name='$_' value=' $tr{'advproxy mode deny'} '>";
			print "</td><td width='16' bgcolor='#00A000'>&nbsp;</td>\n";
			}
		}
		print "</tr>\n";
		print "</table>\n";
		print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center'>";
		print "<tr><td></td></tr>\n";
		print "</table>\n";
	}

print <<END
            </td>
         </tr>
END
;
} else {
            print "      <tr>\n";
            print "         <td align='center'>\n";
            print "            <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy no cre groups'}</font>\n";
            print "         </td>\n";
            print "      </tr>\n";
}
} else {
            print "      <tr>\n";
            print "         <td align='center'>\n";
            print "            <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy cre disabled'}</font>\n";
            print "         </td>\n";
            print "      </tr>\n";
}

print <<END

      </table>
   </td>
</tr>


<tr>
   <td bgcolor='#C0C0C0' align='right'>
      <font face='verdana,arial,helvetica' color='#FFFFFF' size='1'>
      <a href='http://www.advproxy.net' target='_blank'>Advanced Proxy</a> running on
      <a href='http://www.ipfire.org' target='_blank'>IPFire</a>
      </font>
   </td>
</tr>

</table>

</form>

</center>

</body>

</html>
END
;

# -------------------------------------------------------------------

sub readhash
{
	my $filename = $_[0];
	my $hash = $_[1];
	my ($var, $val);

	if (-e $filename)
	{
		open(FILE, $filename) or die "Unable to read file $filename";
		while (<FILE>)
		{
			chop;
			($var, $val) = split /=/, $_, 2;
			if ($var)
			{
				$val =~ s/^\'//g;
				$val =~ s/\'$//g;
	
				# Untaint variables read from hash
				$var =~ /([A-Za-z0-9_-]*)/;        $var = $1;
				$val =~ /([\w\W]*)/; $val = $1;
				$hash->{$var} = $val;
			}
		}
		close FILE;
	}
}

# -------------------------------------------------------------------

sub getcgihash
{
	my ($hash, $params) = @_;
	my $cgi = CGI->new ();
	return if ($ENV{'REQUEST_METHOD'} ne 'POST');
	if (!$params->{'wantfile'}) {
		$CGI::DISABLE_UPLOADS = 1;
		$CGI::POST_MAX        = 512 * 1024;
	} else {
		$CGI::POST_MAX = 10 * 1024 * 1024;
	}

	$cgi->referer() =~ m/^https?\:\/\/([^\/]+)/;
	my $referer = $1;
	$cgi->url() =~ m/^https?\:\/\/([^\/]+)/;
	my $servername = $1;
	return if ($referer ne $servername);

	### Modified for getting multi-vars, split by |
	%temp = $cgi->Vars();
	foreach my $key (keys %temp) {
		$hash->{$key} = $temp{$key};
		$hash->{$key} =~ s/\0/|/g;
		$hash->{$key} =~ s/^\s*(.*?)\s*$/$1/;
	}

	if (($params->{'wantfile'})&&($params->{'filevar'})) {
		$hash->{$params->{'filevar'}} = $cgi->upload
					($params->{'filevar'});
	}
	return;
}

# -------------------------------------------------------------------

sub read_acl_groups
{
	undef(%acl);
	open (FILE,"$acl_src_noaccess_ips");
	my @aclgroups = <FILE>;
	close (FILE);
	foreach (@aclgroups)
	{
		chomp;
		if (/^\#/)
		{
			s/^\# //;
			$acl{$_}='on';
		}
	}
}

# -------------------------------------------------------------------

sub read_all_groups
{
	my $grpstr;

	open (FILE,"$group_def_file");
	@group_defs = <FILE>;
	close (FILE);

	undef(@groups);
	foreach (@group_defs)
	{
		chomp;
		if (/^\s*\[.*\]\s*$/)
		{
			$grpstr=$_;
			$grpstr =~ s/^\s*\[\s*//;
			$grpstr =~ s/\s*\]\s*$//;
			push(@groups,$grpstr);
		}
	}
}

# -------------------------------------------------------------------

sub write_acl
{
	my $is_blocked=0;

	open (FILE_IPS,">$acl_src_noaccess_ips");
	open (FILE_MAC,">$acl_src_noaccess_mac");
	flock (FILE_IPS, 2);
	flock (FILE_MAC, 2);
	foreach (@group_defs)
	{
		if (/^\s*\[.*\]\s*$/)
		{
			s/^\s*\[\s*//;
			s/\s*\]\s*$//;
			if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
			{
				print FILE_IPS "# $_\n";
				print FILE_MAC "# $_\n";
				$is_blocked=1;
			} else { $is_blocked=0; }
		} elsif (($is_blocked) && ($_))
		{
			s/^\s+//g; s/\s+$//g;
			/^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$/i ? print FILE_MAC "$_\n" : print FILE_IPS "$_\n";
		}
	}

	close (FILE_IPS);
	close (FILE_MAC);
}

# -------------------------------------------------------------------
Commit	Line	Data
ed38f89d	1	#!/usr/bin/perl
70df8302 MT	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
ed38f89d MT	21
	22	use CGI;
	23
c980f4d2	24	my $swroot = "/var/ipfire";
ed38f89d MT	25	my $apdir = "$swroot/proxy/advanced";
	26	my $group_def_file = "$apdir/cre/classrooms";
	27	my $svhosts_file = "$apdir/cre/supervisors";
	28	my $acl_src_noaccess_ips = "$apdir/acls/src_noaccess_ip.acl";
	29	my $acl_src_noaccess_mac = "$apdir/acls/src_noaccess_mac.acl";
	30
	31	my $banner = "A D V A N C E D   P R O X Y   -   W E B   A C C E S S   M A N A G E R";
	32	my %cgiparams;
ed38f89d MT	33	my %proxysettings;
	34
	35	my %acl=();
	36	my @group_defs=();
	37	my @groups=();
	38
	39	### Initialize environment
ed38f89d	40	&readhash("${swroot}/proxy/advanced/settings", \%proxysettings);
ed38f89d MT	41
ed38f89d MT	42	### Initialize language
1f15cc09	43	require "${swroot}/lang.pl";
ed38f89d MT	44
	45	&getcgihash(\%cgiparams);
	46
	47	&read_all_groups;
	48	&read_acl_groups;
	49
	50	foreach (@groups)
	51	{
	52	if ($cgiparams{$_} eq $tr{'advproxy mode deny'}) { $acl{$_}='on'; }
	53	if ($cgiparams{$_} eq $tr{'advproxy mode allow'}) { $acl{$_}='off'; }
	54	}
	55
	56	&read_all_groups;
	57
	58	my $is_supervisor=0;
	59
	60	if ((-e $svhosts_file) && (!-z $svhosts_file))
	61	{
	62	open (FILE, $svhosts_file);
	63	while (<FILE>)
	64	{
	65	chomp;
	66	if ($ENV{'REMOTE_ADDR'} eq $_) { $is_supervisor=1; }
	67	}
	68	close (FILE);
	69
	70	} else { $is_supervisor=1; }
	71
	72	if (($cgiparams{'ACTION'} eq 'submit') && ($is_supervisor))
	73	{
	74	if ( ($cgiparams{'PASSWORD'} eq $proxysettings{'SUPERVISOR_PASSWORD'}) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')) \|\|
	75	((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && ($proxysettings{'SUPERVISOR_PASSWORD'} eq '')))
	76	{
	77	&write_acl;
c3df33af	78	system("/usr/local/bin/squidctrl restart >/dev/null 2>&1");
ed38f89d MT	79	}
	80	}
	81
	82	&read_acl_groups;
	83
	84	#undef(%cgiparams);
	85
	86	# -------------------------------------------------------------------
	87
	88	print <<END
	89	Pragma: no-cache
	90	Cache-control: no-cache
	91	Connection: close
	92	Content-type: text/html
	93
	94	<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'>
	95	<html>
	96	<head>
	97	<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
	98	<title>Advanced Proxy - Web Access Manager</title>
	99	<style type='text/css'>
	100	a:link { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
	101	a:visited { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
	102	a:hover { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; }
	103	a:active { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; }
	104	a:focus { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
	105	</style>
	106	</head>
	107	<body bgcolor='#FFFFFF'>
	108
	109	<center>
	110
	111	<form method='post' action='$ENV{'SCRIPT_NAME'}'>
	112
	113	<table width='720' cellspacing='10' cellpadding='5' border='0'>
	114
	115	<tr>
	116	<td bgcolor='#C0C0C0' height='20'></td>
	117	</tr>
	118
	119	<tr>
	120	<td bgcolor='#F4F4F4' align='center'>
	121	<table width='100%' cellspacing='10' cellpadding='10' border='0'>
	122
	123	<tr>
	124	<td nowrap bgcolor='#FFFFFF' align='center'>
	125	<font face='verdana,arial,helvetica' color='#000000' size='3'>$banner</font>
	126	</td>
	127	</tr>
	128
	129	END
	130	;
	131	if ($proxysettings{'CLASSROOM_EXT'} eq 'on')
	132	{
	133	if (@groups)
	134	{
	135	print <<END
	136	<tr>
	137	<td>
	138	<table width='70%' cellspacing='2' cellpadding='2' border='0' align='center'>
	139	<tr><td><input type='hidden' name='ACTION' value='submit'></td></tr>
	140	<tr>
	141	END
	142	;
143	if (($is_supervisor) && ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq ''))))
144	{
145	print <<END
146	<td align='center'>
147	<font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy supervisor password'}:</font>
148	</td>
149	<td align='center'><input type='password' name='PASSWORD' size='15'></td>
150	END
151	;
152	}
153	print <<END
154	</tr>
155
156	</table>
157
158	<p>
159
160	END
161	;
162	foreach (@groups) {
163	if ($is_supervisor)
164	{
165	print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center' rules='groups'>";
166	} else {
167	print"<table width='50%' cellspacing='2' cellpadding='6' border='0' align='center' rules='groups'>";
168	}
169	print "<tr>\n";
170	if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
171	{
172	print " <td bgcolor='#D00000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>";
173	} else { print " <td bgcolor='#00A000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>"; }
174	if ($is_supervisor)
175	{
176	if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
177	{
178	print "</td><td width='120' align='center'>";
179	print "<input type='submit' name='$_' value=' $tr{'advproxy mode allow'} '>";
180	print "</td><td width='16' bgcolor='#D00000'> </td>\n";
181	} else {
182	print "</td><td width='120' align='center'>";
183	print "<input type='submit' name='$_' value=' $tr{'advproxy mode deny'} '>";
184	print "</td><td width='16' bgcolor='#00A000'> </td>\n";
185	}
186	}
187	print "</tr>\n";
188	print "</table>\n";
189	print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center'>";
190	print "<tr><td></td></tr>\n";
191	print "</table>\n";
192	}
193
194	print <<END
195	</td>
196	</tr>
197	END
198	;
199	} else {
200	print " <tr>\n";
201	print " <td align='center'>\n";
202	print " <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy no cre groups'}</font>\n";
203	print " </td>\n";
204	print " </tr>\n";
205	}
206	} else {
207	print " <tr>\n";
208	print " <td align='center'>\n";
209	print " <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy cre disabled'}</font>\n";
210	print " </td>\n";
211	print " </tr>\n";
212	}
213
214	print <<END
215
216	</table>
217	</td>
218	</tr>
219
220
221	<tr>
222	<td bgcolor='#C0C0C0' align='right'>
223	<font face='verdana,arial,helvetica' color='#FFFFFF' size='1'>
224	<a href='http://www.advproxy.net' target='_blank'>Advanced Proxy</a> running on
b3b232f1	225	<a href='http://www.ipfire.org' target='_blank'>IPFire</a>
ed38f89d MT	226	</font>
	227	</td>
	228	</tr>
	229
	230	</table>
	231
	232	</form>
	233
	234	</center>
	235
	236	</body>
	237
	238	</html>
	239	END
	240	;
	241
	242	# -------------------------------------------------------------------
	243
	244	sub readhash
	245	{
	246	my $filename = $_[0];
	247	my $hash = $_[1];
	248	my ($var, $val);
	249
	250	if (-e $filename)
	251	{
	252	open(FILE, $filename) or die "Unable to read file $filename";
	253	while (<FILE>)
	254	{
	255	chop;
	256	($var, $val) = split /=/, $_, 2;
	257	if ($var)
	258	{
	259	$val =~ s/^\'//g;
	260	$val =~ s/\'$//g;
	261
	262	# Untaint variables read from hash
	263	$var =~ /([A-Za-z0-9_-]*)/; $var = $1;
	264	$val =~ /([\w\W]*)/; $val = $1;
	265	$hash->{$var} = $val;
	266	}
	267	}
	268	close FILE;
	269	}
	270	}
	271
	272	# -------------------------------------------------------------------
	273
	274	sub getcgihash
	275	{
	276	my ($hash, $params) = @_;
	277	my $cgi = CGI->new ();
	278	return if ($ENV{'REQUEST_METHOD'} ne 'POST');
	279	if (!$params->{'wantfile'}) {
	280	$CGI::DISABLE_UPLOADS = 1;
	281	$CGI::POST_MAX = 512 * 1024;
	282	} else {
	283	$CGI::POST_MAX = 10 * 1024 * 1024;
	284	}
	285
	286	$cgi->referer() =~ m/^https?\:\/\/([^\/]+)/;
	287	my $referer = $1;
	288	$cgi->url() =~ m/^https?\:\/\/([^\/]+)/;
	289	my $servername = $1;
290	return if ($referer ne $servername);
291
292	### Modified for getting multi-vars, split by \|
293	%temp = $cgi->Vars();
294	foreach my $key (keys %temp) {
295	$hash->{$key} = $temp{$key};
296	$hash->{$key} =~ s/\0/\|/g;
297	$hash->{$key} =~ s/^\s(.?)\s*$/$1/;
298	}
299
300	if (($params->{'wantfile'})&&($params->{'filevar'})) {
301	$hash->{$params->{'filevar'}} = $cgi->upload
302	($params->{'filevar'});
303	}
304	return;
305	}
306
307	# -------------------------------------------------------------------
308
309	sub read_acl_groups
310	{
311	undef(%acl);
312	open (FILE,"$acl_src_noaccess_ips");
313	my @aclgroups = <FILE>;
314	close (FILE);
315	foreach (@aclgroups)
316	{
317	chomp;
318	if (/^\#/)
319	{
320	s/^\# //;
321	$acl{$_}='on';
322	}
323	}
324	}
325
326	# -------------------------------------------------------------------
327
328	sub read_all_groups
329	{
330	my $grpstr;
331
332	open (FILE,"$group_def_file");
333	@group_defs = <FILE>;
334	close (FILE);
335
336	undef(@groups);
337	foreach (@group_defs)
338	{
339	chomp;
340	if (/^\s\[.\]\s*$/)
341	{
342	$grpstr=$_;
343	$grpstr =~ s/^\s\[\s//;
344	$grpstr =~ s/\s\]\s$//;
345	push(@groups,$grpstr);
346	}
347	}
348	}
349
350	# -------------------------------------------------------------------
351
352	sub write_acl
353	{
354	my $is_blocked=0;
355
356	open (FILE_IPS,">$acl_src_noaccess_ips");
357	open (FILE_MAC,">$acl_src_noaccess_mac");
358	flock (FILE_IPS, 2);
359	flock (FILE_MAC, 2);
360	foreach (@group_defs)
361	{
362	if (/^\s\[.\]\s*$/)
363	{
364	s/^\s\[\s//;
365	s/\s\]\s$//;
366	if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
367	{
368	print FILE_IPS "# $_\n";
369	print FILE_MAC "# $_\n";
370	$is_blocked=1;
371	} else { $is_blocked=0; }
372	} elsif (($is_blocked) && ($_))
373	{
374	s/^\s+//g; s/\s+$//g;
375	/^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$/i ? print FILE_MAC "$_\n" : print FILE_IPS "$_\n";
376	}
377	}
378
379	close (FILE_IPS);
380	close (FILE_MAC);
381	}
382
383	# -------------------------------------------------------------------