X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Foutgoingfw.cgi;h=ed87e0d8a3ff813787d220b69350b69056ff731e;hp=1a6bdb51d347ad1a9c345925e1abf6df9fa3b3af;hb=2229c89ea8df40e8ad610fce7d144d0554b3430a;hpb=cb5e9c6c64d5281eba5c790f14c2e5f3066becbf diff --git a/html/cgi-bin/outgoingfw.cgi b/html/cgi-bin/outgoingfw.cgi index 1a6bdb51d3..ed87e0d8a3 100644 --- a/html/cgi-bin/outgoingfw.cgi +++ b/html/cgi-bin/outgoingfw.cgi @@ -1,11 +1,23 @@ #!/usr/bin/perl -# -# IPFire CGIs -# -# This code is distributed under the terms of the GPL -# -# (c) The IPFire Team -# +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### use strict; # enable only the following on debugging purpose @@ -59,14 +71,80 @@ $outfwsettings{'DISPLAY_DPORT'} = ''; $outfwsettings{'DISPLAY_SMAC'} = ''; $outfwsettings{'DISPLAY_SIP'} = ''; $outfwsettings{'POLICY'} = 'MODE0'; +$outfwsettings{'MODE1LOG'} = 'off'; + +$outfwsettings{'TIME_FROM'} = '00:00'; +$outfwsettings{'TIME_TO'} = '00:00'; &General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings); &Header::getcgihash(\%outfwsettings); +############### +# DEBUG DEBUG +#&Header::openbox('100%', 'left', 'DEBUG'); +#my $debugCount = 0; +#foreach my $line (sort keys %outfwsettings) { +#print "$line = $outfwsettings{$line}
\n"; +# $debugCount++; +#} +#print " Count: $debugCount\n"; +#&Header::closebox(); +# DEBUG DEBUG +############### + +$selected{'TIME_FROM'}{$outfwsettings{'TIME_FROM'}} = "selected='selected'"; +$selected{'TIME_TO'}{$outfwsettings{'TIME_TO'}} = "selected='selected'"; + +$checked{'MODE1LOG'}{'off'} = ''; +$checked{'MODE1LOG'}{'on'} = ''; +$checked{'MODE1LOG'}{$outfwsettings{'MODE1LOG'}} = "checked='checked'"; +$checked{'TIME_MON'}{'off'} = ''; +$checked{'TIME_MON'}{'on'} = ''; +$checked{'TIME_MON'}{$outfwsettings{'TIME_MON'}} = "checked='checked'"; +$checked{'TIME_TUE'}{'off'} = ''; +$checked{'TIME_TUE'}{'on'} = ''; +$checked{'TIME_TUE'}{$outfwsettings{'TIME_TUE'}} = "checked='checked'"; +$checked{'TIME_WED'}{'off'} = ''; +$checked{'TIME_WED'}{'on'} = ''; +$checked{'TIME_WED'}{$outfwsettings{'TIME_WED'}} = "checked='checked'"; +$checked{'TIME_THU'}{'off'} = ''; +$checked{'TIME_THU'}{'on'} = ''; +$checked{'TIME_THU'}{$outfwsettings{'TIME_THU'}} = "checked='checked'"; +$checked{'TIME_FRI'}{'off'} = ''; +$checked{'TIME_FRI'}{'on'} = ''; +$checked{'TIME_FRI'}{$outfwsettings{'TIME_FRI'}} = "checked='checked'"; +$checked{'TIME_SAT'}{'off'} = ''; +$checked{'TIME_SAT'}{'on'} = ''; +$checked{'TIME_SAT'}{$outfwsettings{'TIME_SAT'}} = "checked='checked'"; +$checked{'TIME_SUN'}{'off'} = ''; +$checked{'TIME_SUN'}{'on'} = ''; +$checked{'TIME_SUN'}{$outfwsettings{'TIME_SUN'}} = "checked='checked'"; + if ($outfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; } if ($outfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; } if ($outfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; } +# This is a little hack if poeple donĀ“t mark any date then all will be selected, because they might have forgotten to select +# a valid day. A Rule without any matching day will never work, because the timeranges are new feature people might not notice +# that they have to select a day for the rule. + +if ( $outfwsettings{'TIME_MON'} eq "" && + $outfwsettings{'TIME_TUE'} eq "" && + $outfwsettings{'TIME_WED'} eq "" && + $outfwsettings{'TIME_THU'} eq "" && + $outfwsettings{'TIME_FRI'} eq "" && + $outfwsettings{'TIME_SAT'} eq "" && + $outfwsettings{'TIME_SUN'} eq "" ) + { + $outfwsettings{'TIME_MON'} = "on"; + $outfwsettings{'TIME_TUE'} = "on"; + $outfwsettings{'TIME_WED'} = "on"; + $outfwsettings{'TIME_THU'} = "on"; + $outfwsettings{'TIME_FRI'} = "on"; + $outfwsettings{'TIME_SAT'} = "on"; + $outfwsettings{'TIME_SUN'} = "on"; + } + &Header::openpage('Ausgehende Firewall', 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); @@ -86,8 +164,10 @@ if ($outfwsettings{'ACTION'} eq $Lang::tr{'reset'}) if ($outfwsettings{'ACTION'} eq $Lang::tr{'save'}) { my $MODE = $outfwsettings{'POLICY'}; + my $MODE1LOG = $outfwsettings{'MODE1LOG'}; %outfwsettings = (); $outfwsettings{'POLICY'} = "$MODE"; + $outfwsettings{'MODE1LOG'} = "$MODE1LOG"; &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings); system("/usr/local/bin/outgoingfwctrl"); } @@ -136,6 +216,17 @@ if ($outfwsettings{'ACTION'} eq $Lang::tr{'edit'}) foreach $configentry (sort @configs) { @configline = split( /\;/, $configentry ); + + $configline[10] = "on" if not exists $configline[11]; + $configline[11] = "on" if not exists $configline[11]; + $configline[12] = "on" if not exists $configline[12]; + $configline[13] = "on" if not exists $configline[13]; + $configline[14] = "on" if not exists $configline[14]; + $configline[15] = "on" if not exists $configline[15]; + $configline[16] = "on" if not exists $configline[16]; + $configline[17] = "00:00" if not exists $configline[17]; + $configline[18] = "00:00" if not exists $configline[18]; + unless (($configline[0] eq $outfwsettings{'STATE'}) && ($configline[1] eq $outfwsettings{'ENABLED'}) && ($configline[2] eq $outfwsettings{'SNET'}) && @@ -145,7 +236,16 @@ if ($outfwsettings{'ACTION'} eq $Lang::tr{'edit'}) ($configline[6] eq $outfwsettings{'SMAC'}) && ($configline[7] eq $outfwsettings{'DIP'}) && ($configline[9] eq $outfwsettings{'LOG'}) && - ($configline[8] eq $outfwsettings{'DPORT'})) + ($configline[8] eq $outfwsettings{'DPORT'}) && + ($configline[10] eq $outfwsettings{'TIME_MON'}) && + ($configline[11] eq $outfwsettings{'TIME_TUE'}) && + ($configline[12] eq $outfwsettings{'TIME_WED'}) && + ($configline[13] eq $outfwsettings{'TIME_THU'}) && + ($configline[14] eq $outfwsettings{'TIME_FRI'}) && + ($configline[15] eq $outfwsettings{'TIME_SAT'}) && + ($configline[16] eq $outfwsettings{'TIME_SUN'}) && + ($configline[17] eq $outfwsettings{'TIME_FROM'}) && + ($configline[18] eq $outfwsettings{'TIME_TO'})) { print FILE $configentry; } @@ -169,6 +269,17 @@ if ($outfwsettings{'ACTION'} eq $Lang::tr{'delete'}) foreach $configentry (sort @configs) { @configline = split( /\;/, $configentry ); + + $configline[10] = "on" if not exists $configline[11]; + $configline[11] = "on" if not exists $configline[11]; + $configline[12] = "on" if not exists $configline[12]; + $configline[13] = "on" if not exists $configline[13]; + $configline[14] = "on" if not exists $configline[14]; + $configline[15] = "on" if not exists $configline[15]; + $configline[16] = "on" if not exists $configline[16]; + $configline[17] = "00:00" if not exists $configline[17]; + $configline[18] = "00:00" if not exists $configline[18]; + unless (($configline[0] eq $outfwsettings{'STATE'}) && ($configline[1] eq $outfwsettings{'ENABLED'}) && ($configline[2] eq $outfwsettings{'SNET'}) && @@ -178,7 +289,16 @@ if ($outfwsettings{'ACTION'} eq $Lang::tr{'delete'}) ($configline[6] eq $outfwsettings{'SMAC'}) && ($configline[7] eq $outfwsettings{'DIP'}) && ($configline[9] eq $outfwsettings{'LOG'}) && - ($configline[8] eq $outfwsettings{'DPORT'})) + ($configline[8] eq $outfwsettings{'DPORT'}) && + ($configline[10] eq $outfwsettings{'TIME_MON'}) && + ($configline[11] eq $outfwsettings{'TIME_TUE'}) && + ($configline[12] eq $outfwsettings{'TIME_WED'}) && + ($configline[13] eq $outfwsettings{'TIME_THU'}) && + ($configline[14] eq $outfwsettings{'TIME_FRI'}) && + ($configline[15] eq $outfwsettings{'TIME_SAT'}) && + ($configline[16] eq $outfwsettings{'TIME_SUN'}) && + ($configline[17] eq $outfwsettings{'TIME_FROM'}) && + ($configline[18] eq $outfwsettings{'TIME_TO'})) { print FILE $configentry; } @@ -191,7 +311,7 @@ if ($outfwsettings{'ACTION'} eq $Lang::tr{'add'}) if ( $outfwsettings{'VALID'} eq 'yes' ) { open( FILE, ">> $configfile" ) or die "Unable to write $configfile"; print FILE < - + + + + + + END ; foreach $configentry (sort @configs) @@ -256,6 +376,27 @@ END $outfwsettings{'DIP'} = $configline[7]; $outfwsettings{'DPORT'} = $configline[8]; $outfwsettings{'LOG'} = $configline[9]; + + $configline[10] = "on" if not exists $configline[11]; + $configline[11] = "on" if not exists $configline[11]; + $configline[12] = "on" if not exists $configline[12]; + $configline[13] = "on" if not exists $configline[13]; + $configline[14] = "on" if not exists $configline[14]; + $configline[15] = "on" if not exists $configline[15]; + $configline[16] = "on" if not exists $configline[16]; + $configline[17] = "00:00" if not exists $configline[17]; + $configline[18] = "00:00" if not exists $configline[18]; + + $outfwsettings{'TIME_MON'} = $configline[10]; + $outfwsettings{'TIME_TUE'} = $configline[11]; + $outfwsettings{'TIME_WED'} = $configline[12]; + $outfwsettings{'TIME_THU'} = $configline[13]; + $outfwsettings{'TIME_FRI'} = $configline[14]; + $outfwsettings{'TIME_SAT'} = $configline[15]; + $outfwsettings{'TIME_SUN'} = $configline[16]; + $outfwsettings{'TIME_FROM'} = $configline[17]; + $outfwsettings{'TIME_TO'} = $configline[18]; + if ($outfwsettings{'DIP'} eq ''){ $outfwsettings{'DISPLAY_DIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DIP'} = $outfwsettings{'DIP'}; } if ($outfwsettings{'DPORT'} eq ''){ $outfwsettings{'DISPLAY_DPORT'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DPORT'} = $outfwsettings{'DPORT'}; } if ($outfwsettings{'STATE'} eq 'DENY'){ $outfwsettings{'DISPLAY_STATE'} = "DENY"; } @@ -282,6 +423,15 @@ END + + + + + + + + + @@ -296,6 +446,15 @@ END + + + + + + + + +
Protokoll - Netzwerk - Ziel - Anmerkung - Politik - Logging - Aktionen + $Lang::tr{'protocol'}$Lang::tr{'network'}$Lang::tr{'destination'}$Lang::tr{'description'}$Lang::tr{'policy'}$Lang::tr{'logging'}$Lang::tr{'action'}
@@ -305,20 +464,63 @@ END unless ($outfwsettings{'SIP'}) { $outfwsettings{'DISPLAY_SIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_SIP'} = $outfwsettings{'SIP'}; } unless ($outfwsettings{'SMAC'}) { $outfwsettings{'DISPLAY_SMAC'} = 'ALL'; } else { $outfwsettings{'DISPLAY_SMAC'} = $outfwsettings{'SMAC'}; } print <Quell-IP-Adresse: + $Lang::tr{'source ip'}: $outfwsettings{'DISPLAY_SIP'} - Quell-MAC-Adresse: - $outfwsettings{'DISPLAY_SMAC'} END ; } - print <$Lang::tr{'time'} - + +END +; + if ($outfwsettings{'TIME_MON'} eq 'on') { print "";} + else { print "";} + print "$Lang::tr{'advproxy monday'},"; + if ($outfwsettings{'TIME_TUE'} eq 'on') { print "";} + else { print "";} + print "$Lang::tr{'advproxy tuesday'},"; + if ($outfwsettings{'TIME_WED'} eq 'on') { print "";} + else { print "";} + print "$Lang::tr{'advproxy wednesday'},"; + if ($outfwsettings{'TIME_THU'} eq 'on') { print "";} + else { print "";} + print "$Lang::tr{'advproxy thursday'},"; + if ($outfwsettings{'TIME_FRI'} eq 'on') { print "";} + else { print "";} + print "$Lang::tr{'advproxy friday'},"; + if ($outfwsettings{'TIME_SAT'} eq 'on') { print "";} + else { print "";} + print "$Lang::tr{'advproxy saturday'},"; + if ($outfwsettings{'TIME_SUN'} eq 'on') { print "";} + else { print "";} + print "$Lang::tr{'advproxy sunday'}"; + print < + $Lang::tr{'advproxy from'} $outfwsettings{'TIME_FROM'} + $Lang::tr{'advproxy to'} $outfwsettings{'TIME_TO'} END ; } } +if ($outfwsettings{'POLICY'} eq 'MODE1'){ +print <
+ all + all + ALL + drop + DENY + on off +
+ +
+
+END +; +} print < END @@ -335,8 +537,8 @@ if ($outfwsettings{'POLICY'} ne 'MODE0'){ &Header::openbox('100%', 'center', 'P2P-Block'); print < - Protokoll - Status + $Lang::tr{'protocol'} + $Lang::tr{'status'} END ; my $id = 1; @@ -373,7 +575,7 @@ END } print < -
Klicken Sie auf die Symbole um das entsprechende iptables P2P-Blockmodul zu (de-)aktivieren. +
$Lang::tr{'outgoingfw p2p description'} END ; &Header::closebox(); @@ -383,18 +585,18 @@ END print < - - - + + + -
Modus 0:In diesem Modus ist es allen Rechnern im Netzwerk uneingeschraenkt moeglich Verbindungen ins Internet aufzubauen.
Modus 1:In diesem Modus werden nur Verbindungen nach den oben definierten Regeln zugelassen.
Modus 2:In diesem Modus werden saemtliche Verbindungen erlaubt, bis auf die oben definierten Block-Regeln.
$Lang::tr{'mode'} 0:$Lang::tr{'outgoingfw mode0'}
$Lang::tr{'mode'} 1:$Lang::tr{'outgoingfw mode1'}
$Lang::tr{'mode'} 2:$Lang::tr{'outgoingfw mode2'}
+
END ; if ($outfwsettings{'POLICY'} ne 'MODE0') { print < + $Lang::tr{'outgoingfw reset'}: END ; } @@ -415,17 +617,27 @@ sub addrule { &Header::openbox('100%', 'center', 'Rules hinzufuegen'); if ($outfwsettings{'EDIT'} eq 'no') { $selected{'ENABLED'} = 'checked'; } + $selected{'TIME_FROM'}{$outfwsettings{'TIME_FROM'}} = "selected='selected'"; + $selected{'TIME_TO'}{$outfwsettings{'TIME_TO'}} = "selected='selected'"; print < - - "; + + + + + + + + +
Anmerkung: +
$Lang::tr{'description'}: - Aktiviert: - -
Protokoll: - - Sicherheitspolitik: - + $Lang::tr{'active'}: + +
$Lang::tr{'protocol'}: + + + $Lang::tr{'policy'}: + END ; if ($outfwsettings{'POLICY'} eq 'MODE1'){ @@ -434,10 +646,11 @@ END print "\t\t\tDENY\n"; } print <Quellnetz: +
$Lang::tr{'source net'}: Quell-IP-Adresse: - -
Logging: - Quell-MAC-Adresse: - -
Ziel-IP-Adresse: + $Lang::tr{'source ip'}: + +
$Lang::tr{'logging'}: + + +
$Lang::tr{'destination ip'}: - Ziel-Port: - -
+ $Lang::tr{'destination port'}: + +
$Lang::tr{'time'}:$Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'} + $Lang::tr{'advproxy from'}$Lang::tr{'advproxy to'}
+ + + + + + +
$Lang::tr{'this field may be blank'} - +
END ; @@ -475,7 +731,7 @@ if ($outfwsettings{'POLICY'} eq 'MODE1' || $outfwsettings{'POLICY'} eq 'MODE2') my @defservices = ; close FILE; -print ""; +print "
$Lang::tr{'service'}$Lang::tr{'description'}$Lang::tr{'port'}$Lang::tr{'protocol'}$Lang::tr{'source net'}$Lang::tr{'logging'}
"; foreach my $serviceline(@defservices) { my @service = split(/,/,$serviceline); @@ -508,4 +764,4 @@ END print "
$Lang::tr{'service'}$Lang::tr{'description'}$Lang::tr{'port'}$Lang::tr{'protocol'}$Lang::tr{'source net'}$Lang::tr{'logging'}$Lang::tr{'action'}
"; &Header::closebox(); } -} +} \ No newline at end of file