X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Foutgoingfw.cgi;h=0730ba2d3d9145f17de42ff457a700153a39dbbe;hp=ab7c2fa08d484f80bc8b44547b8cae695fa83aab;hb=29423370faa5b9e7e048cdada0c4ab44ba424c22;hpb=9833e7d8fb019c603664d5a246773f501c97a974 diff --git a/html/cgi-bin/outgoingfw.cgi b/html/cgi-bin/outgoingfw.cgi index ab7c2fa08d..0730ba2d3d 100644 --- a/html/cgi-bin/outgoingfw.cgi +++ b/html/cgi-bin/outgoingfw.cgi @@ -1,16 +1,28 @@ #!/usr/bin/perl -# -# IPFire CGIs -# -# This code is distributed under the terms of the GPL -# -# (c) The IPFire Team -# +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### use strict; # enable only the following on debugging purpose -use warnings; -use CGI::Carp 'fatalsToBrowser'; +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; @@ -30,6 +42,12 @@ my @p2pline = (); my $configfile = "/var/ipfire/outgoing/rules"; my $p2pfile = "/var/ipfire/outgoing/p2protocols"; +my $servicefile = "/var/ipfire/outgoing/defaultservices"; + +my %color = (); +my %mainsettings = (); +&General::readhash("${General::swroot}/main/settings", \%mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); @@ -53,10 +71,15 @@ $outfwsettings{'DISPLAY_DPORT'} = ''; $outfwsettings{'DISPLAY_SMAC'} = ''; $outfwsettings{'DISPLAY_SIP'} = ''; $outfwsettings{'POLICY'} = 'MODE0'; +$outfwsettings{'MODE1LOG'} = 'off'; &General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings); &Header::getcgihash(\%outfwsettings); +$checked{'MODE1LOG'}{'off'} = ''; +$checked{'MODE1LOG'}{'on'} = ''; +$checked{'MODE1LOG'}{$outfwsettings{'MODE1LOG'}} = "checked='checked'"; + if ($outfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; } if ($outfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; } if ($outfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; } @@ -72,11 +95,20 @@ if ($outfwsettings{'ACTION'} eq $Lang::tr{'reset'}) $outfwsettings{'POLICY'}='MODE0'; unlink $configfile; system("/usr/bin/touch $configfile"); + my $MODE = $outfwsettings{'POLICY'}; + %outfwsettings = (); + $outfwsettings{'POLICY'} = "$MODE"; &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings); } if ($outfwsettings{'ACTION'} eq $Lang::tr{'save'}) { + my $MODE = $outfwsettings{'POLICY'}; + my $MODE1LOG = $outfwsettings{'MODE1LOG'}; + %outfwsettings = (); + $outfwsettings{'POLICY'} = "$MODE"; + $outfwsettings{'MODE1LOG'} = "$MODE1LOG"; &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings); + system("/usr/local/bin/outgoingfwctrl"); } if ($outfwsettings{'ACTION'} eq 'enable') { @@ -94,6 +126,7 @@ if ($outfwsettings{'ACTION'} eq 'enable') } } close FILE; + system("/usr/local/bin/outgoingfwctrl"); } if ($outfwsettings{'ACTION'} eq 'disable') { @@ -111,6 +144,7 @@ if ($outfwsettings{'ACTION'} eq 'disable') } } close FILE; + system("/usr/local/bin/outgoingfwctrl"); } if ($outfwsettings{'ACTION'} eq $Lang::tr{'edit'}) { @@ -128,7 +162,8 @@ if ($outfwsettings{'ACTION'} eq $Lang::tr{'edit'}) ($configline[4] eq $outfwsettings{'NAME'}) && ($configline[5] eq $outfwsettings{'SIP'}) && ($configline[6] eq $outfwsettings{'SMAC'}) && - ($configline[7] eq $outfwsettings{'DIP'}) && + ($configline[7] eq $outfwsettings{'DIP'}) && + ($configline[9] eq $outfwsettings{'LOG'}) && ($configline[8] eq $outfwsettings{'DPORT'})) { print FILE $configentry; @@ -137,10 +172,12 @@ if ($outfwsettings{'ACTION'} eq $Lang::tr{'edit'}) close FILE; $selected{'SNET'}{"$outfwsettings{'SNET'}"} = 'selected'; $selected{'PROT'}{"$outfwsettings{'PROT'}"} = 'selected'; + $selected{'LOG'}{"$outfwsettings{'LOG'}"} = 'selected'; &addrule(); &Header::closebigbox(); &Header::closepage(); - exit + exit + system("/usr/local/bin/outgoingfwctrl"); } if ($outfwsettings{'ACTION'} eq $Lang::tr{'delete'}) { @@ -159,22 +196,25 @@ if ($outfwsettings{'ACTION'} eq $Lang::tr{'delete'}) ($configline[5] eq $outfwsettings{'SIP'}) && ($configline[6] eq $outfwsettings{'SMAC'}) && ($configline[7] eq $outfwsettings{'DIP'}) && + ($configline[9] eq $outfwsettings{'LOG'}) && ($configline[8] eq $outfwsettings{'DPORT'})) { print FILE $configentry; } } close FILE; + system("/usr/local/bin/outgoingfwctrl"); } if ($outfwsettings{'ACTION'} eq $Lang::tr{'add'}) { if ( $outfwsettings{'VALID'} eq 'yes' ) { open( FILE, ">> $configfile" ) or die "Unable to write $configfile"; print FILE < - + END ; @@ -210,15 +250,16 @@ END close FILE; if (@configs) { print < +
- - + + + + + + + END ; foreach $configentry (sort @configs) @@ -233,45 +274,49 @@ END $outfwsettings{'SMAC'} = $configline[6]; $outfwsettings{'DIP'} = $configline[7]; $outfwsettings{'DPORT'} = $configline[8]; + $outfwsettings{'LOG'} = $configline[9]; if ($outfwsettings{'DIP'} eq ''){ $outfwsettings{'DISPLAY_DIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DIP'} = $outfwsettings{'DIP'}; } if ($outfwsettings{'DPORT'} eq ''){ $outfwsettings{'DISPLAY_DPORT'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DPORT'} = $outfwsettings{'DPORT'}; } - if ($outfwsettings{'STATE'} eq 'DENY'){ $outfwsettings{'DISPLAY_STATE'} = "DENY"; } - if ($outfwsettings{'STATE'} eq 'ALLOW'){ $outfwsettings{'DISPLAY_STATE'} = "ALLOW"; } + if ($outfwsettings{'STATE'} eq 'DENY'){ $outfwsettings{'DISPLAY_STATE'} = "DENY"; } + if ($outfwsettings{'STATE'} eq 'ALLOW'){ $outfwsettings{'DISPLAY_STATE'} = "ALLOW"; } if ((($outfwsettings{'POLICY'} eq 'MODE1') && ($outfwsettings{'STATE'} eq 'ALLOW')) || (($outfwsettings{'POLICY'} eq 'MODE2') && ($outfwsettings{'STATE'} eq 'DENY'))){ print < + +
Protokoll - Netzwerk - Ziel - Anmerkung - Politik - Aktionen +
$Lang::tr{'protocol'}$Lang::tr{'network'}$Lang::tr{'destination'}$Lang::tr{'description'}$Lang::tr{'policy'}$Lang::tr{'logging'}$Lang::tr{'action'}
$outfwsettings{'PROT'} $outfwsettings{'SNET'} $outfwsettings{'DISPLAY_DIP'}:$outfwsettings{'DISPLAY_DPORT'} $outfwsettings{'NAME'} $outfwsettings{'DISPLAY_STATE'} - + $outfwsettings{'LOG'} +
- - - - - - - - - - - + + + + + + + + + + + +
- - - - - - - - - - - + + + + + + + + + + + +
END ; @@ -279,10 +324,8 @@ END unless ($outfwsettings{'SIP'}) { $outfwsettings{'DISPLAY_SIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_SIP'} = $outfwsettings{'SIP'}; } unless ($outfwsettings{'SMAC'}) { $outfwsettings{'DISPLAY_SMAC'} = 'ALL'; } else { $outfwsettings{'DISPLAY_SMAC'} = $outfwsettings{'SMAC'}; } print <		Quell-IP-Adresse: +
$Lang::tr{'source ip'}: $outfwsettings{'DISPLAY_SIP'} - Quell-MAC-Adresse: - $outfwsettings{'DISPLAY_SMAC'} END ; @@ -293,6 +336,22 @@ END ; } } +if ($outfwsettings{'POLICY'} eq 'MODE1'){ +print <
+
tcp&udp + all + ALL + drop + DENY + on off +
+
+
+END +; +} print < END @@ -302,15 +361,15 @@ END &Header::closebox(); } -if ($outfwsettings{'POLICY'} eq 'MODE2'){ +if ($outfwsettings{'POLICY'} ne 'MODE0'){ open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile"; @p2ps = ; close FILE; &Header::openbox('100%', 'center', 'P2P-Block'); print < - Protokoll - Status + $Lang::tr{'protocol'} + $Lang::tr{'status'} END ; my $id = 1; @@ -321,28 +380,22 @@ END
END ; - if ($id % 2) { - print "\t\t\t\n"; - } - else { - print "\t\t\t\n"; - } - $id++; - print <\n"; + print <$p2pline[0]: - + END ; if ($p2pline[2] eq 'on') { print < - + + END ; } else { print < - + + END ; } @@ -352,8 +405,8 @@ END ; } print <Klicken Sie auf die Symbole um das entsprechende P2P-Netz zu (de-)aktivieren. +
$Lang::tr{'outgoingfw p2p description'} END ; &Header::closebox(); @@ -363,18 +416,18 @@ END print < - + + + +
Modus 0:In diesem Modus ist es allen Rechnern im Netzwerk uneingeschraenkt moeglich Verbindungen ins Internet aufzubauen. -
Modus 1:In diesem Modus werden nur Verbindungen nach den oben definierten Regeln zugelassen. -
Modus 2:In diesem Modus werden saemtliche Verbindungen erlaubt, bis auf die oben definierten Block-Regeln.
Hier ist eine Besonderheit der P2P-Filter. -
-
- - +
$Lang::tr{'mode'} 0:$Lang::tr{'outgoingfw mode0'}
$Lang::tr{'mode'} 1:$Lang::tr{'outgoingfw mode1'}
$Lang::tr{'mode'} 2:$Lang::tr{'outgoingfw mode2'}
+ + END ; if ($outfwsettings{'POLICY'} ne 'MODE0') { print < + $Lang::tr{'outgoingfw reset'}: END ; } @@ -398,52 +451,102 @@ sub addrule print < - "; +} +else{ + print ""; +} +print < +
Anmerkung: - - Aktiviert: - -
Protokoll: - - Sicherheitspolitik: +
$Lang::tr{'description'}: + + $Lang::tr{'active'}: + +
$Lang::tr{'protocol'}: + + $Lang::tr{'policy'}: END ; if ($outfwsettings{'POLICY'} eq 'MODE1'){ - print "\t\t\tALLOW\n"; + print "\t\t\tALLOW\n"; } elsif ($outfwsettings{'POLICY'} eq 'MODE2'){ - print "\t\t\tDENY\n"; + print "\t\t\tDENY\n"; } print <Quellnetz: +
$Lang::tr{'source net'}: Quell-IP-Adresse: - -
  - Quell-MAC-Adresse: - -
Ziel-IP-Adresse: - - Ziel-Port: - + $Lang::tr{'source ip'}: + +
$Lang::tr{'logging'}: +END +; +if ($outfwsettings{'POLICY'} eq 'MODE1'){ + print " +
$Lang::tr{'destination ip'}: + + $Lang::tr{'destination port'}: +
-
$Lang::tr{'this field may be blank'} - +
$Lang::tr{'this field may be blank'} +
END ; &Header::closebox(); -} +if ($outfwsettings{'POLICY'} eq 'MODE1' || $outfwsettings{'POLICY'} eq 'MODE2') +{ +&Header::openbox('100%', 'center', 'Quick Add'); + + open( FILE, "< /var/ipfire/outgoing/defaultservices" ) or die "Unable to read default services"; + my @defservices = ; + close FILE; + +print ""; +foreach my $serviceline(@defservices) + { + my @service = split(/,/,$serviceline); + print <
+ + + + + + ";} + elsif ($outfwsettings{'POLICY'} eq 'MODE2'){print "";} + } + print "
$Lang::tr{'service'}$Lang::tr{'description'}$Lang::tr{'port'}$Lang::tr{'protocol'}$Lang::tr{'source net'}$Lang::tr{'logging'}$Lang::tr{'action'}
$service[0]$service[3]$service[1]$service[2] + + + +END +; + if ($outfwsettings{'POLICY'} eq 'MODE1'){ print "
"; + &Header::closebox(); + } +}