From 1ddefbbdc868e2ac0e650cbc480dbf86a8d355ae Mon Sep 17 00:00:00 2001 From: Christian Schmidt Date: Thu, 11 Mar 2010 20:46:37 +0100 Subject: [PATCH] Rewritten the iptables cgi, fixes bug #578 --- config/cfgroot/header.pl | 26 +++ html/cgi-bin/iptables.cgi | 410 +++++++++++++++++++++++++++++++++----- 2 files changed, 388 insertions(+), 48 deletions(-) diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl index 3a2c932e32..bbb0eca79c 100644 --- a/config/cfgroot/header.pl +++ b/config/cfgroot/header.pl @@ -494,3 +494,29 @@ sub leasesort { } } } + +sub colorize { + my $string = $_[0]; + my @array = split(/\//,$string); + my $string2 = $array[0]; + + if ( $string eq "*" or $string eq "" ){ + return $string; + } elsif ( $string =~ "ipsec" ){ + return "".$string.""; + } elsif ( $string =~ "tun" ){ + return "".$string.""; + } elsif ( $string =~ "lo" or $string =~ "127.0.0.0" ){ + return "".$string.""; + } elsif ( $string =~ $ethsettings{'GREEN_DEV'} or &IpInSubnet($string2,$ethsettings{'GREEN_NETADDRESS'},$ethsettings{'GREEN_NETMASK'}) ){ + return "".$string.""; + } elsif ( $string =~ "ppp0" or $string =~ $ethsettings{'RED_DEV'} or $string =~ "0.0.0.0" or $string =~ $ethsettings{'RED_ADDRESS'} ){ + return "".$string.""; + } elsif ( $ethsettings{'CONFIG_TYPE'}>1 and ( $string =~ $ethsettings{'BLUE_DEV'} or &IpInSubnet($string2,$ethsettings{'BLUE_NETADDRESS'},$ethsettings{'BLUE_NETMASK'}) )){ + return "".$string.""; + } elsif ( $ethsettings{'CONFIG_TYPE'}>2 and ( $string =~ $ethsettings{'ORANGE_DEV'} or &IpInSubnet($string2,$ethsettings{'ORANGE_NETADDRESS'},$ethsettings{'ORANGE_NETMASK'}) )){ + return "".$string.""; + } else { + return $string; + } +} diff --git a/html/cgi-bin/iptables.cgi b/html/cgi-bin/iptables.cgi index 7f29365a89..080371b375 100644 --- a/html/cgi-bin/iptables.cgi +++ b/html/cgi-bin/iptables.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2010 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -23,100 +23,414 @@ require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +my $debug = 0; my @iplines; +my $string = ""; my $lines = 0; my @ipmanlines; my $manlines = 0; my @ipnatlines; my $natlines = 0; +my %chains; +my %chainsman; +my %chainsnat; +my $chainname; +my $selectedchain; +my %netsettings = (); +my %cgiparams=(); + +&Header::getcgihash(\%cgiparams); system('/usr/local/bin/getipstat'); &Header::showhttpheaders(); &Header::openpage($Lang::tr{'ipts'}, 1, ''); &Header::openbigbox('100%', 'LEFT'); + +# This debug is used to see what inputs are done via the cgi and +# what parameters are to be executed + +if ( $debug ){ + &Header::openbox('100%', 'center', 'DEBUG'); + my $debugCount = 0; + foreach my $line (sort keys %cgiparams) { + print "$line = '$cgiparams{$line}'
\n"; + $debugCount++; + } + print " Count: $debugCount\n"; + &Header::closebox(); +} + &Header::openbox('100%', 'LEFT', $Lang::tr{'ipts'}.':'); + +# If the cgi is called the first time the default chain is +# used, otherwise if user selected a chains in the selectboxes +# those one are displayed, it is possible to change all 3 at +# the same time + +if ( $cgiparams{'selectedchain'} ne "" ){ + my @multi = split(/\|/,$cgiparams{'selectedchain'}); + $selectedchain = $multi[0]; +} else { + $selectedchain = "INPUT"; +} + print < - 
+

 END
 ;
+
+# We´ll open the txt files and extract each line, if the line
+# start with an Chain the the name, start- and endline of the
+# chain is extracted into a hash
+
 	open (FILE, '/srv/web/ipfire/html/iptables.txt');
-	while ()
-       {
-         	$iplines[$lines] = $_;
+	while (){
+
+		$iplines[$lines] = $_;
+
+		if ( $_ =~ /^Chain/  ){
+
+			my @chainstring = split(/ /,$_);
+
+			if ( $chainname ne "" ){
+				$chains{$chainname."end"} = $lines-2;
+			}
+
+			$chainname = $chainstring[1];
+			$chains{$chainname."start"} = $lines; 
+		}
+
 		$lines++;
-       }
+	   
+	}
 	close (FILE);
-	foreach $_ (@iplines) {
-		print "$_"; }
 
-print <
-    

-    
 
+# now the chain hash is extracted to get the correct name of the chain
+# all chains are displayed as a select box and can be choosen for display
+# after this all corresponding lines for the chain are extraced and seperated
+# into table rows, sometimes we need to handle leading blank so the offset is
+# needed, some lines need to chomp trailing seperators. The interfaces and
+# network addresses should be colorized by an extra function to make a nice
+# colored gui
 
-END
-;
+	print "
\n

\n\n";
+
+	$string = $iplines[$chains{$selectedchain."start"}];
+	$string =~ s/\s$//gi;
+
+	print "".$string."
\n\n";
+	print "\n\n";
+	foreach (split(/ +/,$iplines[$chains{$selectedchain."start"}+1])){
+		if ( $_  =~ /[^a-zA-Z]/ ){chomp($_);}
+		print "   \n";
+	}
+
+	print "\n";
+
+	print "\n";
+	print "   \n   \n   \n";
+	print "   \n   \n";
+	print "   \n   \n";
+	print "   \n   \n";
+	print "   \n   \n";
+	print "\n";
+
+
+	for(my $i = $chains{$selectedchain."start"}+2; $i <= $chains{$selectedchain."end"}; $i++) {
+		print "\n";
+
+		my @iptablesline = split(/ +/,$iplines[$i]);
+		my $offset=0;
+
+		 if ( $iptablesline[0] eq "" ){
+			$offset=1;
+		 }
+
+		print "   \n   \n   \n";
+		print "   \n   \n";
+		print "   \n   \n";
+		print "   \n";
+		print "   \n";
+		print "   \n   \n\n";
+	}
+print "
".$_."
".$iptablesline[0+$offset]."".$iptablesline[1+$offset]."".$iptablesline[2+$offset]."".$iptablesline[3+$offset]."".$iptablesline[4+$offset]."".&Header::colorize($iptablesline[5+$offset])."".&Header::colorize($iptablesline[6+$offset])."".&Header::colorize($iptablesline[7+$offset])."".&Header::colorize($iptablesline[8+$offset])."";
+
+		for (my $i=9+$offset; $i <= $#iptablesline; $i++){
+			$string = $iptablesline[$i];
+			$string =~ s/\s$//gi;
+			print " ".$string;
+		}
+		print "

";
 &Header::closebox();
 
 ## MANGLE
 &Header::openbox('100%', 'LEFT', $Lang::tr{'iptmangles'}.':');
+
+# If the cgi is called the first time the default chain is
+# used, otherwise if user selected a chains in the selectboxes
+# those one are displayed, it is possible to change all 3 at
+# the same time
+
+if ( $cgiparams{'selectedchain'} ne "" ){
+	my @multi = split(/\|/,$cgiparams{'selectedchain'});
+	$selectedchain = $multi[1];
+} else {
+	$selectedchain = "PREROUTING";
+}
+
 print <
-    
+

 END
 ;
-	open (FILEMAN, '/srv/web/ipfire/html/iptablesmangle.txt');
-	while ()
-       {
-         	$ipmanlines[$manlines] = $_;
+
+# We´ll open the txt files and extract each line, if the line
+# start with an Chain the the name, start- and endline of the
+# chain is extracted into a hash
+
+	open (FILE, '/srv/web/ipfire/html/iptablesmangle.txt');
+	while (){
+
+		$ipmlines[$manlines] = $_;
+
+		if ( $_ =~ /^Chain/  ){
+
+			my @chainstring = split(/ /,$_);
+
+			if ( $chainname ne "" ){
+				$chainsman{$chainname."end"} = $manlines-2;
+			}
+
+			$chainname = $chainstring[1];
+			$chainsman{$chainname."start"} = $manlines; 
+		}
+
 		$manlines++;
-       }
-	close (FILEMAN);
-	foreach $_ (@ipmanlines) {
-		print "$_"; }
+	   
+	}
+	close (FILE);
 
-print <
-    

-    
 
+# now the chain hash is extracted to get the correct name of the chain
+# all chains are displayed as a select box and can be choosen for display
+# after this all corresponding lines for the chain are extraced and seperated
+# into table rows, sometimes we need to handle leading blank so the offset is
+# needed, some lines need to chomp trailing seperators. The interfaces and
+# network addresses should be colorized by an extra function to make a nice
+# colored gui
 
-END
-;
+	print "\n

\n\n";
+
+	$string = $ipmanlines[$chainsman{$selectedchain."start"}];
+	$string =~ s/\s$//gi;
+
+	print "".$string."
\n\n";
+	print "\n\n";
+	foreach (split(/ +/,$ipmlines[$chainsman{$selectedchain."start"}+1])){
+		if ( $_  =~ /[^a-zA-Z]/ ){chomp($_);}
+		print "   \n";
+	}
+
+	print "\n";
+
+	print "\n";
+	print "   \n   \n   \n";
+	print "   \n   \n";
+	print "   \n   \n";
+	print "   \n   \n";
+	print "   \n   \n";
+	print "\n";
+
+	for(my $i = $chainsman{$selectedchain."start"}+2; $i <= $chainsman{$selectedchain."end"}; $i++) {
+		print "\n";
+		my @iptablesline = split(/ +/,$ipmlines[$i]);
+		my $offset=0;
+
+		 if ( $iptablesline[0] eq "" ){
+			$offset=1;
+		}
+
+		print "   \n   \n   \n";
+		print "   \n   \n";
+		print "   \n   \n";
+		print "   \n";
+		print "   \n";
+		print "   \n   \n\n";
+	}
+print "
".$_."
".$iptablesline[0+$offset]."".$iptablesline[1+$offset]."".$iptablesline[2+$offset]."".$iptablesline[3+$offset]."".$iptablesline[4+$offset]."".&Header::colorize($iptablesline[5+$offset])."".&Header::colorize($iptablesline[6+$offset])."".&Header::colorize($iptablesline[7+$offset])."".&Header::colorize($iptablesline[8+$offset])."";
+
+		for (my $i=9+$offset; $i <= $#iptablesline; $i++){
+			$string = $iptablesline[$i];
+			$string =~ s/\s$//gi;
+
+# mangles with marks need to be converted from hex to number to show the correct qos class
+
+			if ( $string =~ /^0x/){
+				$string = hex($string);
+			}
+
+			print " ".$string;
+		}
+		print "

";
 &Header::closebox();
 
 ## NAT
 &Header::openbox('100%', 'LEFT', $Lang::tr{'iptnats'}.':');
+
+# If the cgi is called the first time the default chain is
+# used, otherwise if user selected a chains in the selectboxes
+# those one are displayed, it is possible to change all 3 at
+# the same time
+
+if ( $cgiparams{'selectedchain'} ne "" ){
+	my @multi = split(/\|/,$cgiparams{'selectedchain'});
+	$selectedchain = $multi[2];
+} else {
+	$selectedchain = "PREROUTING";
+}
+
 print <
-    
+

 END
 ;
-	open (FILENAT, '/srv/web/ipfire/html/iptablesnat.txt');
-	while ()
-       {
-         	$ipnatlines[$natlines] = $_;
+
+# We´ll open the txt files and extract each line, if the line
+# start with an Chain the the name, start- and endline of the
+# chain is extracted into a hash
+
+	open (FILE, '/srv/web/ipfire/html/iptablesnat.txt');
+	while (){
+
+		$ipnatlines[$natlines] = $_;
+
+		if ( $_ =~ /^Chain/  ){
+
+			my @chainstring = split(/ /,$_);
+
+			if ( $chainname ne "" ){
+				$chainsnat{$chainname."end"} = $natlines-2;
+			}
+
+			$chainname = $chainstring[1];
+			$chainsnat{$chainname."start"} = $natlines; 
+		}
+
 		$natlines++;
-       }
-	close (FILENAT);
-	foreach $_ (@ipnatlines) {
-		print "$_"; }
+	   
+	}
+	close (FILE);
 
-print <
-    

-    
 
+# now the chain hash is extracted to get the correct name of the chain
+# all chains are displayed as a select box and can be choosen for display
+# after this all corresponding lines for the chain are extraced and seperated
+# into table rows, sometimes we need to handle leading blank so the offset is
+# needed, some lines need to chomp trailing seperators. The interfaces and
+# network addresses should be colorized by an extra function to make a nice
+# colored gui
 
-END
-;
+	print "\n

\n\n";
+
+	$string = $ipnatlines[$chainsnat{$selectedchain."start"}];
+	$string =~ s/\s$//gi;
+
+	print "".$string."
\n\n";
+	print "\n\n";
+	foreach (split(/ +/,$ipnatlines[$chainsnat{$selectedchain."start"}+1])){
+		if ( $_  =~ /[^a-zA-Z]/ ){chomp($_);}
+		print "\n";
+	}
+
+	print "\n";
+
+	print "\n";
+	print "   \n   \n   \n";
+	print "   \n   \n";
+	print "   \n   \n";
+	print "   \n   \n";
+	print "   \n   \n";
+	print "\n";
+
+	for(my $i = $chainsnat{$selectedchain."start"}+2; $i <= $chainsnat{$selectedchain."end"}; $i++) {
+		print "\n";
+		my @iptablesline = split(/ +/,$ipnatlines[$i]);
+		my $offset=0;
+
+		 if ( $iptablesline[0] eq "" ){
+			$offset=1;
+		}
+
+		print "   \n\n   \n";
+		print "   \n   \n";
+		print "   \n   \n";
+		print "   \n";
+		print "   \n";
+		print "   \n   \n\n";
+	}
+print "
".$_."
".$iptablesline[0+$offset]."".$iptablesline[1+$offset]."".$iptablesline[2+$offset]."".$iptablesline[3+$offset]."".$iptablesline[4+$offset]."".&Header::colorize($iptablesline[5+$offset])."".&Header::colorize($iptablesline[6+$offset])."".&Header::colorize($iptablesline[7+$offset])."".&Header::colorize($iptablesline[8+$offset])."";
+
+		for (my $i=9+$offset; $i <= $#iptablesline; $i++){
+			$string = $iptablesline[$i];
+			$string =~ s/\s$//gi;
+			print " ".$string;
+		}
+		print "

";
 &Header::closebox();
 &Header::closebigbox();
 &Header::closepage();
 
 system(rm -f "/srv/web/ipfire/html/iptables.txt");
 system(rm -f "/srv/web/ipfire/html/iptablesmangle.txt");
-system(rm -f "/srv/web/ipfire/html/iptablesnat.txt");
+system(rm -f "/srv/web/ipfire/html/iptablesnat.txt");
\ No newline at end of file
-- 
2.39.2