Hinzugefügt:
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / outgoingfw.cgi
1 #!/usr/bin/perl
2 #
3 # IPFire CGIs
4 #
5 # This code is distributed under the terms of the GPL
6 #
7 # (c) The IPFire Team
8 #
9
10 use strict;
11 # enable only the following on debugging purpose
12 use warnings;
13 use CGI::Carp 'fatalsToBrowser';
14
15 require '/var/ipfire/general-functions.pl';
16 require "${General::swroot}/lang.pl";
17 require "${General::swroot}/header.pl";
18
19 my %outfwsettings = ();
20 my %checked = ();
21 my %selected= () ;
22 my %netsettings = ();
23 my $errormessage = "";
24 my $configentry = "";
25 my @configs = ();
26 my @configline = ();
27 my $p2pentry = "";
28 my @p2ps = ();
29 my @p2pline = ();
30
31 my $configfile = "/var/ipfire/outgoing/rules";
32 my $p2pfile = "/var/ipfire/outgoing/p2protocols";
33
34 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
35
36 &Header::showhttpheaders();
37
38 ### Values that have to be initialized
39 $outfwsettings{'ACTION'} = '';
40 $outfwsettings{'VALID'} = 'yes';
41 $outfwsettings{'EDIT'} = 'no';
42 $outfwsettings{'NAME'} = '';
43 $outfwsettings{'SNET'} = '';
44 $outfwsettings{'SIP'} = '';
45 $outfwsettings{'SPORT'} = '';
46 $outfwsettings{'SMAC'} = '';
47 $outfwsettings{'DIP'} = '';
48 $outfwsettings{'DPORT'} = '';
49 $outfwsettings{'PROT'} = '';
50 $outfwsettings{'STATE'} = '';
51 $outfwsettings{'DISPLAY_DIP'} = '';
52 $outfwsettings{'DISPLAY_DPORT'} = '';
53 $outfwsettings{'DISPLAY_SMAC'} = '';
54 $outfwsettings{'DISPLAY_SIP'} = '';
55
56 &General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
57 &Header::getcgihash(\%outfwsettings);
58
59 if ($outfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; }
60 if ($outfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; }
61 if ($outfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; }
62
63 &Header::openpage('Ausgehende Firewall', 1, '');
64
65 print <<END
66 <script type="text/javascript">
67 <!--
68 function BorderOn (id) { id.className='btnOn'  }
69 function BorderOff(id) { id.className='btnOff' }
70 //-->
71 </script>
72 <style type=text/css>
73 .btnOn {
74         border-right: #D5F0FF 2px Inset;
75         border-top: #D5F0FF 2px Inset;
76         border-left: #D5F0FF 2px Inset;
77         border-bottom: #D5F0FF 2px Inset;
78        text-align: Center;
79        text-decoration: None;
80         background-color: #FFFFFF;
81 }
82 .btnOff {
83         border-right: #D5F0FF 2px Outset;
84         border-top: #D5F0FF 2px Outset;
85         border-left: #D5F0FF 2px Outset;
86         border-bottom: #D5F0FF 2px Outset;
87         text-align: Center;
88         text-decoration: None;
89         background-color: #FFFFFF;
90 }
91 </style>
92 END
93 ;
94
95 &Header::openbigbox('100%', 'left', '', $errormessage);
96
97 ############################################################################################################################
98 ############################################################################################################################
99
100 if ($outfwsettings{'ACTION'} eq $Lang::tr{'reset'})
101 {
102         $outfwsettings{'POLICY'}='MODE0';
103         unlink $configfile;
104         system("/bin/touch $configfile");
105         &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings);
106 }
107 if ($outfwsettings{'ACTION'} eq $Lang::tr{'save'})
108 {
109         &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings);
110 }
111 if ($outfwsettings{'ACTION'} eq 'enable')
112 {
113         open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
114         @p2ps = <FILE>;
115         close FILE;
116         open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile";
117         foreach $p2pentry (sort @p2ps)
118         {
119                 @p2pline = split( /\;/, $p2pentry );
120                 if ($p2pline[1] eq $outfwsettings{'P2PROT'}) {
121                         print FILE "$p2pline[0];$p2pline[1];on;\n";
122                 } else {
123                         print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
124                 }
125         }
126         close FILE;
127 }
128 if ($outfwsettings{'ACTION'} eq 'disable')
129 {
130         open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
131         @p2ps = <FILE>;
132         close FILE;
133         open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile";
134         foreach $p2pentry (sort @p2ps)
135         {
136                 @p2pline = split( /\;/, $p2pentry );
137                 if ($p2pline[1] eq $outfwsettings{'P2PROT'}) {
138                         print FILE "$p2pline[0];$p2pline[1];off;\n";
139                 } else {
140                         print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
141                 }
142         }
143         close FILE;
144 }
145 if ($outfwsettings{'ACTION'} eq $Lang::tr{'edit'})
146 {
147         open( FILE, "< $configfile" ) or die "Unable to read $configfile";
148         @configs = <FILE>;
149         close FILE;
150         open( FILE, "> $configfile" ) or die "Unable to write $configfile";
151         foreach $configentry (sort @configs)
152         {
153                 @configline = split( /\;/, $configentry );
154                 unless  (($configline[0] eq $outfwsettings{'STATE'}) && 
155                         ($configline[1] eq $outfwsettings{'ENABLED'}) && 
156                         ($configline[2] eq $outfwsettings{'SNET'}) && 
157                         ($configline[3] eq $outfwsettings{'PROT'}) && 
158                         ($configline[4] eq $outfwsettings{'NAME'}) && 
159                         ($configline[5] eq $outfwsettings{'SIP'}) && 
160                         ($configline[6] eq $outfwsettings{'SMAC'}) && 
161                         ($configline[7] eq $outfwsettings{'DIP'}) && 
162                         ($configline[8] eq $outfwsettings{'DPORT'}))
163                 {
164                         print FILE $configentry;
165                 }
166         }
167         close FILE;
168         &addrule();
169         &Header::closebigbox();
170         &Header::closepage();
171         exit    
172 }
173 if ($outfwsettings{'ACTION'} eq $Lang::tr{'delete'})
174 {
175         open( FILE, "< $configfile" ) or die "Unable to read $configfile";
176         @configs = <FILE>;
177         close FILE;
178         open( FILE, "> $configfile" ) or die "Unable to write $configfile";
179         foreach $configentry (sort @configs)
180         {
181                 @configline = split( /\;/, $configentry );
182                 unless  (($configline[0] eq $outfwsettings{'STATE'}) && 
183                         ($configline[1] eq $outfwsettings{'ENABLED'}) && 
184                         ($configline[2] eq $outfwsettings{'SNET'}) && 
185                         ($configline[3] eq $outfwsettings{'PROT'}) && 
186                         ($configline[4] eq $outfwsettings{'NAME'}) && 
187                         ($configline[5] eq $outfwsettings{'SIP'}) && 
188                         ($configline[6] eq $outfwsettings{'SMAC'}) && 
189                         ($configline[7] eq $outfwsettings{'DIP'}) && 
190                         ($configline[8] eq $outfwsettings{'DPORT'}))
191                 {
192                         print FILE $configentry;
193                 }
194         }
195         close FILE;
196 }
197 if ($outfwsettings{'ACTION'} eq $Lang::tr{'add'})
198 {
199         if ( $outfwsettings{'VALID'} eq 'yes' ) {
200                 open( FILE, ">> $configfile" ) or die "Unable to write $configfile";
201                 print FILE <<END
202 $outfwsettings{'STATE'};$outfwsettings{'ENABLED'};$outfwsettings{'SNET'};$outfwsettings{'PROT'};$outfwsettings{'NAME'};$outfwsettings{'SIP'};$outfwsettings{'SMAC'};$outfwsettings{'DIP'};$outfwsettings{'DPORT'};
203 END
204 ;
205                 close FILE;
206         } else {
207                 $outfwsettings{'ACTION'} = 'Regel hinzufuegen';
208         }
209 }
210 if ($outfwsettings{'ACTION'} eq 'Regel hinzufuegen')
211 {
212         &addrule();
213         exit
214 }
215
216 &General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
217
218 if ($errormessage) {
219         &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
220         print "<class name='base'>$errormessage\n";
221         print "&nbsp;</class>\n";
222         &Header::closebox();
223 }
224
225 ############################################################################################################################
226 ############################################################################################################################
227
228 if ($outfwsettings{'POLICY'} ne 'MODE0'){
229         &Header::openbox('100%', 'center', 'Rules');
230                 print <<END
231         <form method='post' action='$ENV{'SCRIPT_NAME'}'>
232         <input type='submit' name='ACTION' class='btnOff' onmouseover='BorderOn(this)' onmouseout='BorderOff(this)' value='Regel hinzufuegen'>
233 END
234 ;
235         open( FILE, "< $configfile" ) or die "Unable to read $configfile";
236         @configs = <FILE>;
237         close FILE;
238         if (@configs) {
239                 print <<END
240                 <hr>
241                 <table border='0' width='100%' cellspacing='0'>
242                 <tr><td bgcolor='lightgrey' width='14%'>Protokoll
243                     <td bgcolor='lightgrey' width='14%'>Netzwerk
244                     <td bgcolor='lightgrey' width='14%'>Ziel
245                     <td bgcolor='lightgrey' width='14%'>Anmerkung
246                     <td bgcolor='lightgrey' width='14%'>Politik
247                     <td bgcolor='lightgrey' width='30%'>Aktionen
248 END
249 ;
250                 foreach $configentry (sort @configs)
251                         {
252                                 @configline = split( /\;/, $configentry );
253                                 $outfwsettings{'STATE'} = $configline[0];
254                                 $outfwsettings{'ENABLED'} = $configline[1];
255                                 $outfwsettings{'SNET'} = $configline[2];
256                                 $outfwsettings{'PROT'} = $configline[3];
257                                 $outfwsettings{'NAME'} = $configline[4];
258                                 $outfwsettings{'SIP'} = $configline[5];
259                                 $outfwsettings{'SMAC'} = $configline[6];
260                                 $outfwsettings{'DIP'} = $configline[7];
261                                 $outfwsettings{'DPORT'} = $configline[8];
262                                 if ($outfwsettings{'DIP'} eq ''){ $outfwsettings{'DISPLAY_DIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DIP'} = $outfwsettings{'DIP'}; }
263                                 if ($outfwsettings{'DPORT'} eq ''){ $outfwsettings{'DISPLAY_DPORT'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DPORT'} = $outfwsettings{'DPORT'}; }
264                                 if ($outfwsettings{'STATE'} eq 'DENY'){ $outfwsettings{'DISPLAY_STATE'} = "<img src='/images/stock_stop.png' alt='DENY'>"; }
265                                 if ($outfwsettings{'STATE'} eq 'ALLOW'){ $outfwsettings{'DISPLAY_STATE'} = "<img src='/images/stock_ok.png' alt='ALLOW'>"; }
266                                 if ((($outfwsettings{'POLICY'} eq 'MODE1') && ($outfwsettings{'STATE'} eq 'ALLOW')) || (($outfwsettings{'POLICY'} eq 'MODE2') && ($outfwsettings{'STATE'} eq 'DENY'))){
267                                         print <<END
268                                         <form method='post' action='$ENV{'SCRIPT_NAME'}'>
269                                         <input type='hidden' name='PROT' value=$outfwsettings{'PROT'}>
270                                         <input type='hidden' name='STATE' value=$outfwsettings{'STATE'}>
271                                         <input type='hidden' name='SNET' value=$outfwsettings{'SNET'}>
272                                         <input type='hidden' name='DPORT' value=$outfwsettings{'DPORT'}>
273                                         <input type='hidden' name='DIP' value=$outfwsettings{'DIP'}>
274                                         <input type='hidden' name='SIP' value=$outfwsettings{'SIP'}>
275                                         <input type='hidden' name='NAME' value=$outfwsettings{'NAME'}>
276                                         <input type='hidden' name='SMAC' value=$outfwsettings{'SMAC'}>
277                                         <input type='hidden' name='ENABLED' value=$outfwsettings{'ENABLED'}>
278                                         <tr><td align='center' bgcolor='#EAEAEA'>$outfwsettings{'PROT'}
279                                             <td align='center' bgcolor='#EAEAEA'>$outfwsettings{'SNET'}
280                                             <td align='center' bgcolor='#EAEAEA'>$outfwsettings{'DISPLAY_DIP'}:$outfwsettings{'DISPLAY_DPORT'}
281                                             <td align='center' bgcolor='#EAEAEA'>$outfwsettings{'NAME'}
282                                             <td align='center' bgcolor='#EAEAEA'>$outfwsettings{'DISPLAY_STATE'}
283                                             <td align='right'  bgcolor='#EAEAEA'>
284                                                 <button type='submit' name='ACTION' value=$Lang::tr{'edit'} class='btnOff' onmouseover='BorderOn(this)' onmouseout='BorderOff(this)'><img src='/images/edit.gif' width="20" height="20" alt=$Lang::tr{'edit'}></button>&nbsp;
285                                                 <button type='submit' name='ACTION' value=$Lang::tr{'delete'} class='btnOff' onmouseover='BorderOn(this)' onmouseout='BorderOff(this)'><img src='/images/delete.gif' width="20" height="20" alt=$Lang::tr{'delete'}></button>
286 END
287 ;
288                                         if (($outfwsettings{'SIP'}) || ($outfwsettings{'SMAC'})) {
289                                                 unless ($outfwsettings{'SIP'}) { $outfwsettings{'DISPLAY_SIP'} = '---'; } else { $outfwsettings{'DISPLAY_SIP'} = $outfwsettings{'SIP'}; }
290                                                 unless ($outfwsettings{'SMAC'}) { $outfwsettings{'DISPLAY_SMAC'} = '---'; } else { $outfwsettings{'DISPLAY_SMAC'} = $outfwsettings{'SMAC'}; }
291                                                 print <<END
292                                                 <tr><td width='14%' align='right' bgcolor='#FAFAFA'>Quell-IP-Adresse: 
293                                                     <td width='14%' align='left' bgcolor='#FAFAFA'>$outfwsettings{'DISPLAY_SIP'}
294                                                     <td width='14%' align='right' bgcolor='#FAFAFA'>Quell-MAC-Adresse:
295                                                     <td width='14%' align='left' bgcolor='#FAFAFA'>$outfwsettings{'DISPLAY_SMAC'}
296                                                     <td width='44%' colspan='2' align='center' bgcolor='#FAFAFA'>
297 END
298 ;
299                                         }
300                                         print <<END
301                                         </form>
302 END
303 ;
304                                 }
305                         }
306                 print <<END
307                 </table>
308 END
309 ;
310
311         }
312         print <<END
313         </form>
314 END
315 ;
316         &Header::closebox();
317 }
318
319 if ($outfwsettings{'POLICY'} eq 'MODE2'){
320         open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
321         @p2ps = <FILE>;
322         close FILE;
323         &Header::openbox('100%', 'center', 'P2P-Block');
324         print <<END
325         <table width='40%'>
326                 <tr><td bgcolor='lightgrey' width='66%'>Protokoll
327                     <td bgcolor='lightgrey' width='33%'>Status
328 END
329 ;
330         foreach $p2pentry (sort @p2ps)
331         {
332                 @p2pline = split( /\;/, $p2pentry );
333                 print <<END
334                         <form method='post' action='$ENV{'SCRIPT_NAME'}'>
335                         <tr><td width='66%' align='center'>$p2pline[0]: 
336                             <td width='33%' align='center'><input type='hidden' name='P2PROT' value=$p2pline[1]>
337 END
338 ;
339                 if ($p2pline[2] eq 'on') {
340                         print <<END
341                                 <input type='hidden' name='ACTION' value='disable'>
342                                 <input type='image' name='submit' src='/images/stock_ok.png' alt=''>
343 END
344 ;
345                 } else {
346                         print <<END
347                                 <input type='hidden' name='ACTION' value='enable'>
348                                 <input type='image' name='submit' src='/images/stock_stop.png' alt=''>
349 END
350 ;
351                 }
352                 print <<END
353                         </form>
354 END
355 ;
356         }
357         print <<END
358         <tr><td colspan='2' align='center'>Klicken Sie auf die Symbole um das entsprechende P2P-Netz zu (de-)aktivieren.
359         </table>
360 END
361 ;
362         &Header::closebox();
363 }
364
365 &Header::openbox('100%', 'center', 'Policy');
366 print <<END
367         <form method='post' action='$ENV{'SCRIPT_NAME'}'>
368         <table width='100%'>
369                 <tr><td width='10%' align='right'><b>Modus 0:</b><td width='90%' align='left' colspan='2'>In diesem Modus ist es allen Rechnern im Netzwerk uneingeschraenkt moeglich Verbindungen ins Internet aufzubauen.
370                 <tr><td width='10%' align='right'><b>Modus 1:</b><td width='90%' align='left' colspan='2'>In diesem Modus werden nur Verbindungen nach den oben definierten Regeln zugelassen.
371                 <tr><td width='10%' align='right'><b>Modus 2:</b><td width='90%' align='left' colspan='2'>In diesem Modus werden saemtliche Verbindungen erlaubt, bis auf die oben definierten Block-Regeln.<br>Hier ist eine Besonderheit der P2P-Filter.
372                 <tr><td colspan='3'><hr>
373                 <tr><td width='10%' align='right'>      <select name='POLICY'><option value='MODE0' $selected{'POLICY'}{'MODE0'}>Modus 0</option><option value='MODE1' $selected{'POLICY'}{'MODE1'}>Modus 1</option><option value='MODE2' $selected{'POLICY'}{'MODE2'}>Modus 2</option></select>
374                     <td width='45%' align='left'><input type='submit' name='ACTION' value=$Lang::tr{'save'}>
375                     <td width='45%' align='right'>
376 END
377 ;
378         if ($outfwsettings{'POLICY'} ne 'MODE0') {
379                 print <<END
380                     Alle Regeln loeschen: <input type='submit' name='ACTION' value=$Lang::tr{'reset'}>
381 END
382 ;
383         }
384 print <<END
385         </table>
386         </form>
387 END
388 ;
389 &Header::closebox();
390
391 &Header::closebigbox();
392 &Header::closepage();
393
394 ############################################################################################################################
395 ############################################################################################################################
396
397 sub addrule
398 {
399         &Header::openbox('100%', 'center', 'Rules hinzufuegen');
400         if ($outfwsettings{'EDIT'} eq 'no') { $selected{'ENABLED'} = 'checked'; }
401         print <<END
402         <form method='post' action='$ENV{'SCRIPT_NAME'}'>
403         <table width='80%'>
404                 <tr><td width='20%' align='right'>Anmerkung: <img src='/blob.gif'>
405                     <td width='30%' align='left'><input type='text' name='NAME' maxlength='30' value='$outfwsettings{'NAME'}'>
406                     <td width='20%' align='right'>Aktiviert:
407                     <td width='30%' align='left'><input type='checkbox' name='ENABLED' $selected{'ENABLED'}>
408                 <tr><td width='20%' align='right'>Protokoll:
409                     <td width='30%' align='left'><select name='PROT'><option value='tcp' $selected{'PROT'}{'TCP'}>TCP</option><option value='udp' $selected{'PROT'}{'UDP'}>UDP</option></select>
410                     <td width='20%' align='right'>Sicherheitspolitik:
411                     <td width='30%' align='left'>
412 END
413 ;
414         if ($outfwsettings{'POLICY'} eq 'MODE1'){
415                 print "\t\t\tALLOW<input type='hidden' name='STATE' value='ALLOW'>\n";
416         } elsif ($outfwsettings{'POLICY'} eq 'MODE2'){
417                 print "\t\t\tDENY<input type='hidden' name='STATE' value='DENY'>\n";
418         }
419         print <<END
420                 <tr><td width='20%' align='right'>Quellnetz:
421                     <td width='30%' align='left'><select name='SNET'>
422                         <option value='all' $selected{'SNET'}{'ALL'}>alle</option>
423                         <option value='green' $selected{'SNET'}{'GREEN'}>Gruen</option>
424 END
425 ;
426         if (&Header::blue_used()){
427                 print "\t\t\t<option value='blue' $selected{'SNET'}{'BLUE'}>Blau</option>\n";
428         }
429         if (&Header::orange_used()){
430                 print "\t\t\t<option value='orange' $selected{'SNET'}{'ORANGE'}>Orange</option>\n";
431         }
432         print <<END
433                         </select>
434                     <td width='20%' align='right'>Quell-IP-Adresse: <img src='/blob.gif'>
435                     <td width='30%' align='left'><input type='text' name='SIP' maxlength='15' value='$outfwsettings{'SIP'}'>
436                 <tr><td width='50%' colspan='2'>&nbsp;
437                     <td width='20%' align='right'>Quell-MAC-Adresse: <img src='/blob.gif'>
438                     <td width='30%' align='left'><input type='text' name='SMAC' maxlength='23' value='$outfwsettings{'SMAC'}'>
439                 <tr><td width='20%' align='right'>Ziel-IP-Adresse: <img src='/blob.gif'>
440                     <td width='30%' align='left'><input type='text' name='DIP' maxlength='15' value='$outfwsettings{'DIP'}'>
441                     <td width='20%' align='right'>Ziel-Port: <img src='/blob.gif'>
442                     <td width='30%' align='left'><input type='text' name='DPORT' maxlength='5' value='$outfwsettings{'DPORT'}'>
443                 <tr><td colspan='4'>
444                 <tr><td width='40%' align='right' colspan='2'><img src='/blob.gif'> $Lang::tr{'this field may be blank'}
445                     <td width='60%' align='left' colspan='2'><input type='submit' name='ACTION' value=$Lang::tr{'add'}>
446         </table></form>
447 END
448 ;
449         &Header::closebox();
450 }
451