#!/usr/bin/perl ############################################################################### # # # IPFire.org - A linux based firewall # # Copyright (C) 2007 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation, either version 3 of the License, or # # (at your option) any later version. # # # # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # # GNU General Public License for more details. # # # # You should have received a copy of the GNU General Public License # # along with this program. If not, see . # # # ############################################################################### use strict; # enable only the following on debugging purpose #use warnings; #use CGI::Carp 'fatalsToBrowser'; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; #workaround to suppress a warning when a variable is used only once my @dummy = ( ${Header::table2colour}, ${Header::colouryellow} ); undef (@dummy); my %cgiparams=(); my %checked=(); my %selected=(); my %netsettings=(); my $errormessage = ''; my $filename = "${General::swroot}/dmzholes/config"; &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); &Header::showhttpheaders(); $cgiparams{'ENABLED'} = 'off'; $cgiparams{'REMARK'} = ''; $cgiparams{'ACTION'} = ''; $cgiparams{'SRC_IP'} = ''; $cgiparams{'DEST_IP'} =''; $cgiparams{'DEST_PORT'} = ''; &Header::getcgihash(\%cgiparams); open(FILE, $filename) or die 'Unable to open config file.'; my @current = ; close(FILE); if ($cgiparams{'ACTION'} eq $Lang::tr{'add'}) { unless($cgiparams{'PROTOCOL'} =~ /^(tcp|udp)$/) { $errormessage = $Lang::tr{'invalid input'}; } unless(&General::validipormask($cgiparams{'SRC_IP'})) { $errormessage = $Lang::tr{'source ip bad'}; } unless($errormessage){$errormessage = &General::validportrange($cgiparams{'DEST_PORT'},'dst');} unless(&General::validipormask($cgiparams{'DEST_IP'})) { $errormessage = $Lang::tr{'destination ip bad'}; } unless ($errormessage) { $errormessage = &validNet($cgiparams{'SRC_NET'},$cgiparams{'DEST_NET'}); } # Darren Critchley - Remove commas from remarks $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); unless ($errormessage) { if($cgiparams{'EDITING'} eq 'no') { open(FILE,">>$filename") or die 'Unable to open config file.'; flock FILE, 2; print FILE "$cgiparams{'PROTOCOL'},"; # [0] print FILE "$cgiparams{'SRC_IP'},"; # [1] print FILE "$cgiparams{'DEST_IP'},"; # [2] print FILE "$cgiparams{'DEST_PORT'},"; # [3] print FILE "$cgiparams{'ENABLED'},"; # [4] print FILE "$cgiparams{'SRC_NET'},"; # [5] print FILE "$cgiparams{'DEST_NET'},"; # [6] print FILE "$cgiparams{'REMARK'}\n"; # [7] } else { open(FILE,">$filename") or die 'Unable to open config file.'; flock FILE, 2; my $id = 0; foreach my $line (@current) { $id++; if ($cgiparams{'EDITING'} eq $id) { print FILE "$cgiparams{'PROTOCOL'},"; # [0] print FILE "$cgiparams{'SRC_IP'},"; # [1] print FILE "$cgiparams{'DEST_IP'},"; # [2] print FILE "$cgiparams{'DEST_PORT'},"; # [3] print FILE "$cgiparams{'ENABLED'},"; # [4] print FILE "$cgiparams{'SRC_NET'},"; # [5] print FILE "$cgiparams{'DEST_NET'},"; # [6] print FILE "$cgiparams{'REMARK'}\n"; # [7] } else { print FILE "$line"; } } } close(FILE); undef %cgiparams; &General::log($Lang::tr{'dmz pinhole rule added'}); system('/usr/local/bin/setdmzholes'); } } if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) { my $id = 0; open(FILE, ">$filename") or die 'Unable to open config file.'; flock FILE, 2; foreach my $line (@current) { $id++; unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; } } close(FILE); system('/usr/local/bin/setdmzholes'); &General::log($Lang::tr{'dmz pinhole rule removed'}); } if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { my $id = 0; open(FILE, ">$filename") or die 'Unable to open config file.'; flock FILE, 2; foreach my $line (@current) { $id++; unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; } else { chomp($line); my @temp = split(/\,/,$line); print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$cgiparams{'ENABLE'},$temp[5],$temp[6],$temp[7]\n"; } } close(FILE); system('/usr/local/bin/setdmzholes'); } if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { my $id = 0; foreach my $line (@current) { $id++; if ($cgiparams{'ID'} eq $id) { chomp($line); my @temp = split(/\,/,$line); $cgiparams{'PROTOCOL'} = $temp[0]; $cgiparams{'SRC_IP'} = $temp[1]; $cgiparams{'DEST_IP'} = $temp[2]; $cgiparams{'DEST_PORT'} = $temp[3]; $cgiparams{'ENABLED'} = $temp[4]; $cgiparams{'SRC_NET'} = $temp[5]; $cgiparams{'DEST_NET'} = $temp[6]; $cgiparams{'REMARK'} = $temp[7]; } } } if ($cgiparams{'ACTION'} eq '') { $cgiparams{'PROTOCOL'} = 'tcp'; $cgiparams{'ENABLED'} = 'on'; $cgiparams{'SRC_NET'} = 'orange'; $cgiparams{'DEST_NET'} = 'blue'; } $selected{'PROTOCOL'}{'udp'} = ''; $selected{'PROTOCOL'}{'tcp'} = ''; $selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = "selected='selected'"; $selected{'SRC_NET'}{'orange'} = ''; $selected{'SRC_NET'}{'blue'} = ''; $selected{'SRC_NET'}{$cgiparams{'SRC_NET'}} = "selected='selected'"; $selected{'DEST_NET'}{'blue'} = ''; $selected{'DEST_NET'}{'green'} = ''; $selected{'DEST_NET'}{$cgiparams{'DEST_NET'}} = "selected='selected'"; $checked{'ENABLED'}{'off'} = ''; $checked{'ENABLED'}{'on'} = ''; $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'"; &Header::openpage($Lang::tr{'dmz pinhole configuration'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); if ($errormessage) { &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); print "$errormessage\n"; print " \n"; &Header::closebox(); } print "

\n"; my $buttonText = $Lang::tr{'add'}; if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { &Header::openbox('100%', 'left', $Lang::tr{'edit a rule'}); $buttonText = $Lang::tr{'update'}; } else { &Header::openbox('100%', 'left', $Lang::tr{'add a new rule'}); } print < $Lang::tr{'source net'}: $Lang::tr{'destination net'}: $Lang::tr{'destination ip or net'}: $Lang::tr{'destination port'}:

$Lang::tr{'remark title'}
$Lang::tr{'this field may be blank'}	$Lang::tr{'enabled'}

END ; if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { print "\n"; } else { print "\n"; } &Header::closebox(); print "\n"; &Header::openbox('100%', 'left', $Lang::tr{'current rules'}); print < $Lang::tr{'proto'} $Lang::tr{'net'} $Lang::tr{'source'} $Lang::tr{'net'} $Lang::tr{'destination'} $Lang::tr{'remark'} $Lang::tr{'action'} END ; # Achim Weber: if i add a new rule, this rule is not displayed?!? # we re-read always config. # If something has happeened re-read config #if($cgiparams{'ACTION'} ne '') #{ open(FILE, $filename) or die 'Unable to open config file.'; @current = ; close(FILE); #} my $id = 0; foreach my $line (@current) { my $protocol=''; my $gif=''; my $toggle=''; my $gdesc=''; $id++; chomp($line); my @temp = split(/\,/,$line); if ($temp[0] eq 'udp') { $protocol = 'UDP'; } else { $protocol = 'TCP' } my $srcnetcolor = ($temp[5] eq 'blue')? ${Header::colourblue} : ${Header::colourorange}; my $destnetcolor = ($temp[6] eq 'blue')? ${Header::colourblue} : ${Header::colourgreen}; if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) { print "\n"; } elsif ($id % 2) { print "\n"; } else { print "\n"; } if ($temp[4] eq 'on') { $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};} else { $gif = 'off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; } # Darren Critchley - Get Port Service Name if we can - code borrowed from firewalllog.dat my $dstprt =$temp[3]; $_=$temp[3]; if (/^\d+$/) { my $servi = uc(getservbyport($temp[3], lc($temp[0]))); if ($servi ne '' && $temp[3] < 1024) { $dstprt = "$dstprt($servi)"; } } # Darren Critchley - If the line is too long, wrap the port numbers my $dstaddr = "$temp[2] : $dstprt"; if (length($dstaddr) > 26) { $dstaddr = "$temp[2] :
$dstprt"; } print <$protocol $temp[1]

$dstaddr $temp[7] END ; } print "\n"; # If the fixed lease file contains entries, print Key to action icons if ( ! -z "$filename") { print < $Lang::tr{'legend'}:

$Lang::tr{'click to disable'}

$Lang::tr{'click to enable'}

$Lang::tr{'edit'}

$Lang::tr{'remove'} END ; } &Header::closebox(); &Header::closebigbox(); &Header::closepage(); sub validNet { my $srcNet = $_[0]; my $destNet = $_[1]; if ($srcNet eq $destNet) { return $Lang::tr{'dmzpinholes for same net not necessary'}; } unless ($srcNet =~ /^(blue|orange)$/) { return $Lang::tr{'select source net'}; } unless ($destNet =~ /^(blue|green)$/) { return $Lang::tr{'select dest net'}; } return ''; } sub haveOrangeNet { if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;} if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;} return 0; } sub haveBlueNet { if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;} if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;} return 0; }