#!/usr/bin/perl # # IPFire CGIs # # This code is distributed under the terms of the GPL # # (c) The IPFire Team # use strict; # enable only the following on debugging purpose use warnings; use CGI::Carp 'fatalsToBrowser'; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; my %outfwsettings = (); my %checked = (); my %selected= () ; my %netsettings = (); my $errormessage = ""; my $configentry = ""; my @configs = (); my @configline = (); my $p2pentry = ""; my @p2ps = (); my @p2pline = (); my $configfile = "/var/ipfire/outgoing/rules"; my $p2pfile = "/var/ipfire/outgoing/p2protocols"; &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); &Header::showhttpheaders(); ### Values that have to be initialized $outfwsettings{'ACTION'} = ''; $outfwsettings{'VALID'} = 'yes'; $outfwsettings{'EDIT'} = 'no'; $outfwsettings{'NAME'} = ''; $outfwsettings{'SNET'} = ''; $outfwsettings{'SIP'} = ''; $outfwsettings{'SPORT'} = ''; $outfwsettings{'SMAC'} = ''; $outfwsettings{'DIP'} = ''; $outfwsettings{'DPORT'} = ''; $outfwsettings{'PROT'} = ''; $outfwsettings{'STATE'} = ''; $outfwsettings{'DISPLAY_DIP'} = ''; $outfwsettings{'DISPLAY_DPORT'} = ''; $outfwsettings{'DISPLAY_SMAC'} = ''; $outfwsettings{'DISPLAY_SIP'} = ''; $outfwsettings{'POLICY'} = 'MODE0'; &General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings); &Header::getcgihash(\%outfwsettings); if ($outfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; } if ($outfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; } if ($outfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; } &Header::openpage('Ausgehende Firewall', 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); ############################################################################################################################ ############################################################################################################################ if ($outfwsettings{'ACTION'} eq $Lang::tr{'reset'}) { $outfwsettings{'POLICY'}='MODE0'; unlink $configfile; system("/bin/touch $configfile"); &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings); } if ($outfwsettings{'ACTION'} eq $Lang::tr{'save'}) { &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings); } if ($outfwsettings{'ACTION'} eq 'enable') { open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile"; @p2ps = ; close FILE; open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile"; foreach $p2pentry (sort @p2ps) { @p2pline = split( /\;/, $p2pentry ); if ($p2pline[1] eq $outfwsettings{'P2PROT'}) { print FILE "$p2pline[0];$p2pline[1];on;\n"; } else { print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n"; } } close FILE; } if ($outfwsettings{'ACTION'} eq 'disable') { open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile"; @p2ps = ; close FILE; open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile"; foreach $p2pentry (sort @p2ps) { @p2pline = split( /\;/, $p2pentry ); if ($p2pline[1] eq $outfwsettings{'P2PROT'}) { print FILE "$p2pline[0];$p2pline[1];off;\n"; } else { print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n"; } } close FILE; } if ($outfwsettings{'ACTION'} eq $Lang::tr{'edit'}) { open( FILE, "< $configfile" ) or die "Unable to read $configfile"; @configs = ; close FILE; open( FILE, "> $configfile" ) or die "Unable to write $configfile"; foreach $configentry (sort @configs) { @configline = split( /\;/, $configentry ); unless (($configline[0] eq $outfwsettings{'STATE'}) && ($configline[1] eq $outfwsettings{'ENABLED'}) && ($configline[2] eq $outfwsettings{'SNET'}) && ($configline[3] eq $outfwsettings{'PROT'}) && ($configline[4] eq $outfwsettings{'NAME'}) && ($configline[5] eq $outfwsettings{'SIP'}) && ($configline[6] eq $outfwsettings{'SMAC'}) && ($configline[7] eq $outfwsettings{'DIP'}) && ($configline[8] eq $outfwsettings{'DPORT'})) { print FILE $configentry; } } close FILE; $selected{'SNET'}{"$outfwsettings{'SNET'}"} = 'selected'; $selected{'PROT'}{"$outfwsettings{'PROT'}"} = 'selected'; &addrule(); &Header::closebigbox(); &Header::closepage(); exit } if ($outfwsettings{'ACTION'} eq $Lang::tr{'delete'}) { open( FILE, "< $configfile" ) or die "Unable to read $configfile"; @configs = ; close FILE; open( FILE, "> $configfile" ) or die "Unable to write $configfile"; foreach $configentry (sort @configs) { @configline = split( /\;/, $configentry ); unless (($configline[0] eq $outfwsettings{'STATE'}) && ($configline[1] eq $outfwsettings{'ENABLED'}) && ($configline[2] eq $outfwsettings{'SNET'}) && ($configline[3] eq $outfwsettings{'PROT'}) && ($configline[4] eq $outfwsettings{'NAME'}) && ($configline[5] eq $outfwsettings{'SIP'}) && ($configline[6] eq $outfwsettings{'SMAC'}) && ($configline[7] eq $outfwsettings{'DIP'}) && ($configline[8] eq $outfwsettings{'DPORT'})) { print FILE $configentry; } } close FILE; } if ($outfwsettings{'ACTION'} eq $Lang::tr{'add'}) { if ( $outfwsettings{'VALID'} eq 'yes' ) { open( FILE, ">> $configfile" ) or die "Unable to write $configfile"; print FILE <$errormessage\n"; print " \n"; &Header::closebox(); } ############################################################################################################################ ############################################################################################################################ if ($outfwsettings{'POLICY'} ne 'MODE0'){ &Header::openbox('100%', 'center', 'Rules'); print < END ; open( FILE, "< $configfile" ) or die "Unable to read $configfile"; @configs = ; close FILE; if (@configs) { print < \n"; } else { print "\t\t\t\n"; } $id++; print <$p2pline[0]:

Protokoll

Netzwerk

Ziel

Anmerkung

Politik

Aktionen END ; foreach $configentry (sort @configs) { @configline = split( /\;/, $configentry ); $outfwsettings{'STATE'} = $configline[0]; $outfwsettings{'ENABLED'} = $configline[1]; $outfwsettings{'SNET'} = $configline[2]; $outfwsettings{'PROT'} = $configline[3]; $outfwsettings{'NAME'} = $configline[4]; $outfwsettings{'SIP'} = $configline[5]; $outfwsettings{'SMAC'} = $configline[6]; $outfwsettings{'DIP'} = $configline[7]; $outfwsettings{'DPORT'} = $configline[8]; if ($outfwsettings{'DIP'} eq ''){ $outfwsettings{'DISPLAY_DIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DIP'} = $outfwsettings{'DIP'}; } if ($outfwsettings{'DPORT'} eq ''){ $outfwsettings{'DISPLAY_DPORT'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DPORT'} = $outfwsettings{'DPORT'}; } if ($outfwsettings{'STATE'} eq 'DENY'){ $outfwsettings{'DISPLAY_STATE'} = " DENY

"; } if ($outfwsettings{'STATE'} eq 'ALLOW'){ $outfwsettings{'DISPLAY_STATE'} = " ALLOW

"; } if ((($outfwsettings{'POLICY'} eq 'MODE1') && ($outfwsettings{'STATE'} eq 'ALLOW')) || (($outfwsettings{'POLICY'} eq 'MODE2') && ($outfwsettings{'STATE'} eq 'DENY'))){ print <

$outfwsettings{'PROT'}

$outfwsettings{'SNET'}

$outfwsettings{'DISPLAY_DIP'}:$outfwsettings{'DISPLAY_DPORT'}

$outfwsettings{'NAME'}

$outfwsettings{'DISPLAY_STATE'}

END ; if (($outfwsettings{'SIP'}) || ($outfwsettings{'SMAC'})) { unless ($outfwsettings{'SIP'}) { $outfwsettings{'DISPLAY_SIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_SIP'} = $outfwsettings{'SIP'}; } unless ($outfwsettings{'SMAC'}) { $outfwsettings{'DISPLAY_SMAC'} = 'ALL'; } else { $outfwsettings{'DISPLAY_SMAC'} = $outfwsettings{'SMAC'}; } print <

Quell-IP-Adresse:

$outfwsettings{'DISPLAY_SIP'}

Quell-MAC-Adresse:

$outfwsettings{'DISPLAY_SMAC'}

END ; } print < END ; } } print < END ; } &Header::closebox(); } if ($outfwsettings{'POLICY'} eq 'MODE2'){ open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile"; @p2ps = ; close FILE; &Header::openbox('100%', 'center', 'P2P-Block'); print <

Protokoll

Status END ; my $id = 1; foreach $p2pentry (sort @p2ps) { @p2pline = split( /\;/, $p2pentry ); print < END ; if ($id % 2) { print "\t\t\t

END ; if ($p2pline[2] eq 'on') { print < END ; } else { print < END ; } print < END ; } print <

Klicken Sie auf die Symbole um das entsprechende P2P-Netz zu (de-)aktivieren.

END ; &Header::closebox(); } &Header::openbox('100%', 'center', 'Policy'); print <

Modus 0:

In diesem Modus ist es allen Rechnern im Netzwerk uneingeschraenkt moeglich Verbindungen ins Internet aufzubauen.

Modus 1:

In diesem Modus werden nur Verbindungen nach den oben definierten Regeln zugelassen.

Modus 2:

In diesem Modus werden saemtliche Verbindungen erlaubt, bis auf die oben definierten Block-Regeln.
Hier ist eine Besonderheit der P2P-Filter.

END ; if ($outfwsettings{'POLICY'} ne 'MODE0') { print < END ; } print < END ; &Header::closebox(); &Header::closebigbox(); &Header::closepage(); ############################################################################################################################ ############################################################################################################################ sub addrule { &Header::openbox('100%', 'center', 'Rules hinzufuegen'); if ($outfwsettings{'EDIT'} eq 'no') { $selected{'ENABLED'} = 'checked'; } print <

Anmerkung:	Aktiviert:
Protokoll:	Sicherheitspolitik:	END ; if ($outfwsettings{'POLICY'} eq 'MODE1'){ print "\t\t\tALLOW\n"; } elsif ($outfwsettings{'POLICY'} eq 'MODE2'){ print "\t\t\tDENY\n"; } print <	Quellnetz:	Quell-IP-Adresse:
	Quell-MAC-Adresse:
Ziel-IP-Adresse:	Ziel-Port:

$Lang::tr{'this field may be blank'}

END ; &Header::closebox(); }