]>
git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - html/cgi-bin/outgoingfw.cgi
5 # This code is distributed under the terms of the GPL
11 # enable only the following on debugging purpose
13 use CGI
:: Carp
'fatalsToBrowser' ;
15 require '/var/ipfire/general-functions.pl' ;
16 require "${General::swroot}/lang.pl" ;
17 require "${General::swroot}/header.pl" ;
19 my %outfwsettings = ();
23 my $errormessage = "" ;
31 my $configfile = "/var/ipfire/outgoing/rules" ;
32 my $p2pfile = "/var/ipfire/outgoing/p2protocols" ;
33 my $servicefile = "/var/ipfire/outgoing/defaultservices" ;
36 my %mainsettings = ();
37 & General
:: readhash
( "${General::swroot}/main/settings" , \
%mainsettings );
38 & General
:: readhash
( "/srv/web/ipfire/html/themes/" . $mainsettings { 'THEME' }. "/include/colors.txt" , \
%color );
40 & General
:: readhash
( "${General::swroot}/ethernet/settings" , \
%netsettings );
42 & Header
:: showhttpheaders
();
44 ### Values that have to be initialized
45 $outfwsettings { 'ACTION' } = '' ;
46 $outfwsettings { 'VALID' } = 'yes' ;
47 $outfwsettings { 'EDIT' } = 'no' ;
48 $outfwsettings { 'NAME' } = '' ;
49 $outfwsettings { 'SNET' } = '' ;
50 $outfwsettings { 'SIP' } = '' ;
51 $outfwsettings { 'SPORT' } = '' ;
52 $outfwsettings { 'SMAC' } = '' ;
53 $outfwsettings { 'DIP' } = '' ;
54 $outfwsettings { 'DPORT' } = '' ;
55 $outfwsettings { 'PROT' } = '' ;
56 $outfwsettings { 'STATE' } = '' ;
57 $outfwsettings { 'DISPLAY_DIP' } = '' ;
58 $outfwsettings { 'DISPLAY_DPORT' } = '' ;
59 $outfwsettings { 'DISPLAY_SMAC' } = '' ;
60 $outfwsettings { 'DISPLAY_SIP' } = '' ;
61 $outfwsettings { 'POLICY' } = 'MODE0' ;
63 & General
:: readhash
( "${General::swroot}/outgoing/settings" , \
%outfwsettings );
64 & Header
:: getcgihash
( \
%outfwsettings );
66 if ( $outfwsettings { 'POLICY' } eq 'MODE0' ){ $selected { 'POLICY' }{ 'MODE0' } = 'selected' ; } else { $selected { 'POLICY' }{ 'MODE0' } = '' ; }
67 if ( $outfwsettings { 'POLICY' } eq 'MODE1' ){ $selected { 'POLICY' }{ 'MODE1' } = 'selected' ; } else { $selected { 'POLICY' }{ 'MODE1' } = '' ; }
68 if ( $outfwsettings { 'POLICY' } eq 'MODE2' ){ $selected { 'POLICY' }{ 'MODE2' } = 'selected' ; } else { $selected { 'POLICY' }{ 'MODE2' } = '' ; }
70 & Header
:: openpage
( 'Ausgehende Firewall' , 1 , '' );
71 & Header
:: openbigbox
( '100%' , 'left' , '' , $errormessage );
73 ############################################################################################################################
74 ############################################################################################################################
76 if ( $outfwsettings { 'ACTION' } eq $Lang :: tr
{ 'reset' })
78 $outfwsettings { 'POLICY' }= 'MODE0' ;
80 system ( "/usr/bin/touch $configfile " );
81 & General
:: writehash
( "${General::swroot}/outgoing/settings" , \
%outfwsettings );
83 if ( $outfwsettings { 'ACTION' } eq $Lang :: tr
{ 'save' })
85 & General
:: writehash
( "${General::swroot}/outgoing/settings" , \
%outfwsettings );
87 if ( $outfwsettings { 'ACTION' } eq 'enable' )
89 open ( FILE
, "< $p2pfile " ) or die "Unable to read $p2pfile " ;
92 open ( FILE
, "> $p2pfile " ) or die "Unable to write $p2pfile " ;
93 foreach $p2pentry ( sort @p2ps )
95 @p2pline = split ( /\;/ , $p2pentry );
96 if ( $p2pline [ 1 ] eq $outfwsettings { 'P2PROT' }) {
97 print FILE
" $p2pline [0]; $p2pline [1];on; \n " ;
99 print FILE
" $p2pline [0]; $p2pline [1]; $p2pline [2]; \n " ;
104 if ( $outfwsettings { 'ACTION' } eq 'disable' )
106 open ( FILE
, "< $p2pfile " ) or die "Unable to read $p2pfile " ;
109 open ( FILE
, "> $p2pfile " ) or die "Unable to write $p2pfile " ;
110 foreach $p2pentry ( sort @p2ps )
112 @p2pline = split ( /\;/ , $p2pentry );
113 if ( $p2pline [ 1 ] eq $outfwsettings { 'P2PROT' }) {
114 print FILE
" $p2pline [0]; $p2pline [1];off; \n " ;
116 print FILE
" $p2pline [0]; $p2pline [1]; $p2pline [2]; \n " ;
121 if ( $outfwsettings { 'ACTION' } eq $Lang :: tr
{ 'edit' })
123 open ( FILE
, "< $configfile " ) or die "Unable to read $configfile " ;
126 open ( FILE
, "> $configfile " ) or die "Unable to write $configfile " ;
127 foreach $configentry ( sort @configs )
129 @configline = split ( /\;/ , $configentry );
130 unless (( $configline [ 0 ] eq $outfwsettings { 'STATE' }) &&
131 ( $configline [ 1 ] eq $outfwsettings { 'ENABLED' }) &&
132 ( $configline [ 2 ] eq $outfwsettings { 'SNET' }) &&
133 ( $configline [ 3 ] eq $outfwsettings { 'PROT' }) &&
134 ( $configline [ 4 ] eq $outfwsettings { 'NAME' }) &&
135 ( $configline [ 5 ] eq $outfwsettings { 'SIP' }) &&
136 ( $configline [ 6 ] eq $outfwsettings { 'SMAC' }) &&
137 ( $configline [ 7 ] eq $outfwsettings { 'DIP' }) &&
138 ( $configline [ 8 ] eq $outfwsettings { 'DPORT' }))
140 print FILE
$configentry ;
144 $selected { 'SNET' }{ " $outfwsettings {'SNET'}" } = 'selected' ;
145 $selected { 'PROT' }{ " $outfwsettings {'PROT'}" } = 'selected' ;
147 & Header
:: closebigbox
();
148 & Header
:: closepage
();
151 if ( $outfwsettings { 'ACTION' } eq $Lang :: tr
{ 'delete' })
153 open ( FILE
, "< $configfile " ) or die "Unable to read $configfile " ;
156 open ( FILE
, "> $configfile " ) or die "Unable to write $configfile " ;
157 foreach $configentry ( sort @configs )
159 @configline = split ( /\;/ , $configentry );
160 unless (( $configline [ 0 ] eq $outfwsettings { 'STATE' }) &&
161 ( $configline [ 1 ] eq $outfwsettings { 'ENABLED' }) &&
162 ( $configline [ 2 ] eq $outfwsettings { 'SNET' }) &&
163 ( $configline [ 3 ] eq $outfwsettings { 'PROT' }) &&
164 ( $configline [ 4 ] eq $outfwsettings { 'NAME' }) &&
165 ( $configline [ 5 ] eq $outfwsettings { 'SIP' }) &&
166 ( $configline [ 6 ] eq $outfwsettings { 'SMAC' }) &&
167 ( $configline [ 7 ] eq $outfwsettings { 'DIP' }) &&
168 ( $configline [ 8 ] eq $outfwsettings { 'DPORT' }))
170 print FILE
$configentry ;
175 if ( $outfwsettings { 'ACTION' } eq $Lang :: tr
{ 'add' })
177 if ( $outfwsettings { 'VALID' } eq 'yes' ) {
178 open ( FILE
, ">> $configfile " ) or die "Unable to write $configfile " ;
180 $outfwsettings {'STATE'}; $outfwsettings {'ENABLED'}; $outfwsettings {'SNET'}; $outfwsettings {'PROT'}; $outfwsettings {'NAME'}; $outfwsettings {'SIP'}; $outfwsettings {'SMAC'}; $outfwsettings {'DIP'}; $outfwsettings {'DPORT'};
185 $outfwsettings { 'ACTION' } = 'Add rule' ;
188 if ( $outfwsettings { 'ACTION' } eq 'Add rule' )
194 & General
:: readhash
( "${General::swroot}/outgoing/settings" , \
%outfwsettings );
197 & Header
:: openbox
( '100%' , 'left' , $Lang :: tr
{ 'error messages' });
198 print "<class name='base'> $errormessage \n " ;
199 print " </class> \n " ;
203 ############################################################################################################################
204 ############################################################################################################################
206 if ( $outfwsettings { 'POLICY' } ne 'MODE0' ){
207 & Header
:: openbox
( '100%' , 'center' , 'Rules' );
209 <form method='post' action=' $ENV {'SCRIPT_NAME'}'>
210 <input type='submit' name='ACTION' value='Add rule' />
214 open ( FILE
, "< $configfile " ) or die "Unable to read $configfile " ;
220 <table border='0' width='100%' cellspacing='0'>
221 <tr bgcolor=' $color {'color22'}'>
222 <td width='14%' align='center'><b>Protokoll</b>
223 <td width='14%' align='center'><b>Netzwerk</b>
224 <td width='14%' align='center'><b>Ziel</b>
225 <td width='14%' align='center'><b>Anmerkung</b>
226 <td width='14%' align='center'><b>Politik</b>
227 <td width='30%' align='center'><b>Aktionen</b>
230 foreach $configentry ( sort @configs )
232 @configline = split ( /\;/ , $configentry );
233 $outfwsettings { 'STATE' } = $configline [ 0 ];
234 $outfwsettings { 'ENABLED' } = $configline [ 1 ];
235 $outfwsettings { 'SNET' } = $configline [ 2 ];
236 $outfwsettings { 'PROT' } = $configline [ 3 ];
237 $outfwsettings { 'NAME' } = $configline [ 4 ];
238 $outfwsettings { 'SIP' } = $configline [ 5 ];
239 $outfwsettings { 'SMAC' } = $configline [ 6 ];
240 $outfwsettings { 'DIP' } = $configline [ 7 ];
241 $outfwsettings { 'DPORT' } = $configline [ 8 ];
242 if ( $outfwsettings { 'DIP' } eq '' ){ $outfwsettings { 'DISPLAY_DIP' } = 'ALL' ; } else { $outfwsettings { 'DISPLAY_DIP' } = $outfwsettings { 'DIP' }; }
243 if ( $outfwsettings { 'DPORT' } eq '' ){ $outfwsettings { 'DISPLAY_DPORT' } = 'ALL' ; } else { $outfwsettings { 'DISPLAY_DPORT' } = $outfwsettings { 'DPORT' }; }
244 if ( $outfwsettings { 'STATE' } eq 'DENY' ){ $outfwsettings { 'DISPLAY_STATE' } = "<img src='/images/stock_stop.png' alt='DENY'>" ; }
245 if ( $outfwsettings { 'STATE' } eq 'ALLOW' ){ $outfwsettings { 'DISPLAY_STATE' } = "<img src='/images/stock_ok.png' alt='ALLOW'>" ; }
246 if ((( $outfwsettings { 'POLICY' } eq 'MODE1' ) && ( $outfwsettings { 'STATE' } eq 'ALLOW' )) || (( $outfwsettings { 'POLICY' } eq 'MODE2' ) && ( $outfwsettings { 'STATE' } eq 'DENY' ))){
248 <tr bgcolor=' $color {'color20'}'>
249 <td align='center'> $outfwsettings {'PROT'}
250 <td align='center'> $outfwsettings {'SNET'}
251 <td align='center'> $outfwsettings {'DISPLAY_DIP'}: $outfwsettings {'DISPLAY_DPORT'}
252 <td align='center'> $outfwsettings {'NAME'}
253 <td align='center'> $outfwsettings {'DISPLAY_STATE'}
255 <table border='0' cellpadding='0' cellspacing='0'><tr>
256 <td><form method='post' action=' $ENV {'SCRIPT_NAME'}'>
257 <input type='hidden' name='PROT' value= $outfwsettings {'PROT'}>
258 <input type='hidden' name='STATE' value= $outfwsettings {'STATE'}>
259 <input type='hidden' name='SNET' value= $outfwsettings {'SNET'}>
260 <input type='hidden' name='DPORT' value= $outfwsettings {'DPORT'}>
261 <input type='hidden' name='DIP' value= $outfwsettings {'DIP'}>
262 <input type='hidden' name='SIP' value= $outfwsettings {'SIP'}>
263 <input type='hidden' name='NAME' value= $outfwsettings {'NAME'}>
264 <input type='hidden' name='SMAC' value= $outfwsettings {'SMAC'}>
265 <input type='hidden' name='ENABLED' value= $outfwsettings {'ENABLED'}>
266 <input type='hidden' name='ACTION' value= $Lang ::tr{'edit'}>
267 <input type='image' src='/images/edit.gif' width="20" height="20" alt= $Lang ::tr{'edit'}>
269 <td><form method='post' action=' $ENV {'SCRIPT_NAME'}'>
270 <input type='hidden' name='PROT' value= $outfwsettings {'PROT'}>
271 <input type='hidden' name='STATE' value= $outfwsettings {'STATE'}>
272 <input type='hidden' name='SNET' value= $outfwsettings {'SNET'}>
273 <input type='hidden' name='DPORT' value= $outfwsettings {'DPORT'}>
274 <input type='hidden' name='DIP' value= $outfwsettings {'DIP'}>
275 <input type='hidden' name='SIP' value= $outfwsettings {'SIP'}>
276 <input type='hidden' name='NAME' value= $outfwsettings {'NAME'}>
277 <input type='hidden' name='SMAC' value= $outfwsettings {'SMAC'}>
278 <input type='hidden' name='ENABLED' value= $outfwsettings {'ENABLED'}>
279 <input type='hidden' name='ACTION' value= $Lang ::tr{'delete'}>
280 <input type='image' src='/images/delete.gif' width="20" height="20" alt= $Lang ::tr{'delete'}>
284 if (( $outfwsettings { 'SIP' }) || ( $outfwsettings { 'SMAC' })) {
285 unless ( $outfwsettings { 'SIP' }) { $outfwsettings { 'DISPLAY_SIP' } = 'ALL' ; } else { $outfwsettings { 'DISPLAY_SIP' } = $outfwsettings { 'SIP' }; }
286 unless ( $outfwsettings { 'SMAC' }) { $outfwsettings { 'DISPLAY_SMAC' } = 'ALL' ; } else { $outfwsettings { 'DISPLAY_SMAC' } = $outfwsettings { 'SMAC' }; }
288 <tr><td width='14%' align='right'>Quell-IP-Adresse:
289 <td width='14%' align='left'> $outfwsettings {'DISPLAY_SIP'}
290 <td width='14%' align='right'>Quell-MAC-Adresse:
291 <td width='14%' align='left'> $outfwsettings {'DISPLAY_SMAC'}
292 <td width='44%' colspan='2' align='center'>
311 if ( $outfwsettings { 'POLICY' } eq 'MODE2' ){
312 open ( FILE
, "< $p2pfile " ) or die "Unable to read $p2pfile " ;
315 & Header
:: openbox
( '100%' , 'center' , 'P2P-Block' );
318 <tr bgcolor=' $color {'color20'}'><td width='66%'><b>Protokoll</b>
319 <td width='33%'><b>Status</b>
323 foreach $p2pentry ( sort @p2ps )
325 @p2pline = split ( /\;/ , $p2pentry );
327 <form method='post' action=' $ENV {'SCRIPT_NAME'}'>
330 print " \t\t\t <tr bgcolor=' $color {'color22'}'> \n " ;
332 <td width='66%' align='center'> $p2pline [0]:
333 <td width='33%' align='center'><input type='hidden' name='P2PROT' value= $p2pline [1]>
336 if ( $p2pline [ 2 ] eq 'on' ) {
338 <input type='hidden' name='ACTION' value='disable'>
339 <input type='image' name='submit' src='/images/stock_ok.png' alt=''>
344 <input type='hidden' name='ACTION' value='enable'>
345 <input type='image' name='submit' src='/images/stock_stop.png' alt=''>
355 <tr><td colspan='2' align='center'>Klicken Sie auf die Symbole um das entsprechende P2P-Netz zu (de-)aktivieren.
362 & Header
:: openbox
( '100%' , 'center' , 'Policy' );
364 <form method='post' action=' $ENV {'SCRIPT_NAME'}'>
366 <tr><td width='10%' align='left'><b>Modus 0:</b><td width='90%' align='left' colspan='2'>In diesem Modus ist es allen Rechnern im Netzwerk uneingeschraenkt moeglich Verbindungen ins Internet aufzubauen.
367 <tr><td width='10%' align='left'><b>Modus 1:</b><td width='90%' align='left' colspan='2'>In diesem Modus werden nur Verbindungen nach den oben definierten Regeln zugelassen.
368 <tr><td width='10%' align='left'><b>Modus 2:</b><td width='90%' align='left' colspan='2'>In diesem Modus werden saemtliche Verbindungen erlaubt, bis auf die oben definierten Block-Regeln.<br />Hier ist eine Besonderheit der P2P-Filter.
369 <tr><td colspan='3'><hr />
370 <tr><td width='10%' align='left'> <select name='POLICY' style="width: 85px"><option value='MODE0' $selected {'POLICY'}{'MODE0'}>Modus 0</option><option value='MODE1' $selected {'POLICY'}{'MODE1'}>Modus 1</option><option value='MODE2' $selected {'POLICY'}{'MODE2'}>Modus 2</option></select>
371 <td width='45%' align='left'><input type='submit' name='ACTION' value= $Lang ::tr{'save'} />
372 <td width='45%' align='left'>
375 if ( $outfwsettings { 'POLICY' } ne 'MODE0' ) {
377 Alle Regeln loeschen: <input type='submit' name='ACTION' value= $Lang ::tr{'reset'} />
388 & Header
:: closebigbox
();
389 & Header
:: closepage
();
391 ############################################################################################################################
392 ############################################################################################################################
396 & Header
:: openbox
( '100%' , 'center' , 'Rules hinzufuegen' );
397 if ( $outfwsettings { 'EDIT' } eq 'no' ) { $selected { 'ENABLED' } = 'checked' ; }
399 <form method='post' action=' $ENV {'SCRIPT_NAME'}'>
401 <tr><td width='20%' align='right'>Anmerkung: <img src='/blob.gif'>
402 <td width='30%' align='left'><input type='text' name='NAME' maxlength='30' value=' $outfwsettings {'NAME'}'>
403 <td width='20%' align='right'>Aktiviert:
404 <td width='30%' align='left'><input type='checkbox' name='ENABLED' $selected {'ENABLED'}>
405 <tr><td width='20%' align='right'>Protokoll:
406 <td width='30%' align='left'><select name='PROT'><option value='tcp' $selected {'PROT'}{'tcp'}>TCP</option><option value='tcp&udp' $selected {'PROT'}{'tcp&udp'}>TCP & UDP</option><option value='udp' $selected {'PROT'}{'udp'}>UDP</option></select>
407 <td width='20%' align='right'>Sicherheitspolitik:
408 <td width='30%' align='left'>
411 if ( $outfwsettings { 'POLICY' } eq 'MODE1' ){
412 print " \t\t\t ALLOW<input type='hidden' name='STATE' value='ALLOW'> \n " ;
413 } elsif ( $outfwsettings { 'POLICY' } eq 'MODE2' ){
414 print " \t\t\t DENY<input type='hidden' name='STATE' value='DENY'> \n " ;
417 <tr><td width='20%' align='right'>Quellnetz:
418 <td width='30%' align='left'><select name='SNET'>
419 <option value='all' $selected {'SNET'}{'ALL'}>alle</option>
420 <option value='ip' $selected {'SNET'}{'ip'}>Quell-IP/MAC benutzen</option>
421 <option value='green' $selected {'SNET'}{'green'}> $Lang ::tr{'green'}</option>
424 if (& Header
:: blue_used
()){
425 print " \t\t\t <option value='blue' $selected {'SNET'}{'blue'}> $Lang ::tr{'wireless'}</option> \n " ;
427 if (& Header
:: orange_used
()){
428 print " \t\t\t <option value='orange' $selected {'SNET'}{'orange'}> $Lang ::tr{'dmz'}</option> \n " ;
432 <td width='20%' align='right'>Quell-IP-Adresse: <img src='/blob.gif'>
433 <td width='30%' align='left'><input type='text' name='SIP' maxlength='15' value=' $outfwsettings {'SIP'}'>
434 <tr><td width='50%' colspan='2'>
435 <td width='20%' align='right'>Quell-MAC-Adresse: <img src='/blob.gif'>
436 <td width='30%' align='left'><input type='text' name='SMAC' maxlength='23' value=' $outfwsettings {'SMAC'}'>
437 <tr><td width='20%' align='right'>Ziel-IP-Adresse: <img src='/blob.gif'>
438 <td width='30%' align='left'><input type='text' name='DIP' maxlength='15' value=' $outfwsettings {'DIP'}'>
439 <td width='20%' align='right'>Ziel-Port: <img src='/blob.gif'>
440 <td width='30%' align='left'><input type='text' name='DPORT' maxlength='11' value=' $outfwsettings {'DPORT'}'>
442 <tr><td width='40%' align='right' colspan='2'><img src='/blob.gif'> $Lang ::tr{'this field may be blank'}
443 <td width='60%' align='left' colspan='2'><input type='submit' name='ACTION' value= $Lang ::tr{'add'}>
449 if ( $outfwsettings { 'POLICY' } eq 'MODE1' || $outfwsettings { 'POLICY' } eq 'MODE2' )
451 & Header
:: openbox
( '100%' , 'center' , 'Quick Add' );
453 open ( FILE
, "< /var/ipfire/outgoing/defaultservices" ) or die "Unable to read default services" ;
454 my @defservices = < FILE
>;
457 print "<table width='100%'><tr bgcolor=' $color {'color20'}'><td><b> $Lang ::tr{'service'}</b></td><td><b> $Lang ::tr{'description'}</b></td><td><b> $Lang ::tr{'port'}</b></td><td><b> $Lang ::tr{'protocol'}</b></td><td><b> $Lang ::tr{'source net'}</b></td><td></td></tr>" ;
458 foreach my $serviceline ( @defservices )
460 my @service = split ( /,/ , $serviceline );
462 <tr><form method='post' action=' $ENV {'SCRIPT_NAME'}'>
463 <td> $service [0]<input type='hidden' name='NAME' value=' @service [0]' /></td>
465 <td><a href='http://isc.sans.org/port_details.php?port= $service [1]' target='top'> $service [1]</a><input type='hidden' name='DPORT' value=' @service [1]' /></td>
466 <td> $service [2]<input type='hidden' name='PROT' value=' @service [2]' /></td>
467 <td><select name='SNET'><option value='all' $selected {'SNET'}{'ALL'}> $Lang ::tr{'all'}</option><option value='green' $selected{'SNET'}{'green'}> $Lang ::tr{'green'}</option>
470 if (& Header
:: blue_used
()){
471 print "<option value='blue' $selected {'SNET'}{'blue'}> $Lang ::tr{'wireless'}</option>" ;
473 if (& Header
:: orange_used
()){
474 print "<option value='orange' $selected {'SNET'}{'orange'}> $Lang ::tr{'dmz'}</option>" ;
478 <input type='hidden' name='ACTION' value= $Lang ::tr{'add'} />
479 <input type='image' alt=' $Lang ::tr{'add'}' src='/images/add.gif' />
480 <input type='hidden' name='ENABLED' value='on' />
481 <input type='hidden' name='STATE' value='ALLOW' />