From d9b7aa3334dbe9bcb73f8e2394cac9e1f05dc0eb Mon Sep 17 00:00:00 2001 From: ms Date: Fri, 7 Jul 2006 15:53:12 +0000 Subject: [PATCH 1/1] =?utf8?q?Hinzugef=C3=BCgt:=20=20=20*=20WebGUI=20f?= =?utf8?q?=C3=BCr=20die=20ausgehende=20Firewall.?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@204 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 --- html/cgi-bin/outgoingfw.cgi | 451 ++++++++++++++++++++++++++++++++++++ langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + lfs/configroot | 5 +- src/ROOTFILES.i386 | 1 + 5 files changed, 457 insertions(+), 2 deletions(-) create mode 100644 html/cgi-bin/outgoingfw.cgi diff --git a/html/cgi-bin/outgoingfw.cgi b/html/cgi-bin/outgoingfw.cgi new file mode 100644 index 0000000000..b68e7e1791 --- /dev/null +++ b/html/cgi-bin/outgoingfw.cgi @@ -0,0 +1,451 @@ +#!/usr/bin/perl +# +# IPFire CGIs +# +# This code is distributed under the terms of the GPL +# +# (c) The IPFire Team +# + +use strict; +# enable only the following on debugging purpose +use warnings; +use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +my %outfwsettings = (); +my %checked = (); +my %selected= () ; +my %netsettings = (); +my $errormessage = ""; +my $configentry = ""; +my @configs = (); +my @configline = (); +my $p2pentry = ""; +my @p2ps = (); +my @p2pline = (); + +my $configfile = "/var/ipfire/outgoing/rules"; +my $p2pfile = "/var/ipfire/outgoing/p2protocols"; + +&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); + +&Header::showhttpheaders(); + +### Values that have to be initialized +$outfwsettings{'ACTION'} = ''; +$outfwsettings{'VALID'} = 'yes'; +$outfwsettings{'EDIT'} = 'no'; +$outfwsettings{'NAME'} = ''; +$outfwsettings{'SNET'} = ''; +$outfwsettings{'SIP'} = ''; +$outfwsettings{'SPORT'} = ''; +$outfwsettings{'SMAC'} = ''; +$outfwsettings{'DIP'} = ''; +$outfwsettings{'DPORT'} = ''; +$outfwsettings{'PROT'} = ''; +$outfwsettings{'STATE'} = ''; +$outfwsettings{'DISPLAY_DIP'} = ''; +$outfwsettings{'DISPLAY_DPORT'} = ''; +$outfwsettings{'DISPLAY_SMAC'} = ''; +$outfwsettings{'DISPLAY_SIP'} = ''; + +&General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings); +&Header::getcgihash(\%outfwsettings); + +if ($outfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; } +if ($outfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; } +if ($outfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; } + +&Header::openpage('Ausgehende Firewall', 1, ''); + +print < + + + +END +; + +&Header::openbigbox('100%', 'left', '', $errormessage); + +############################################################################################################################ +############################################################################################################################ + +if ($outfwsettings{'ACTION'} eq $Lang::tr{'reset'}) +{ + $outfwsettings{'POLICY'}='MODE0'; + unlink $configfile; + system("/bin/touch $configfile"); + &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings); +} +if ($outfwsettings{'ACTION'} eq $Lang::tr{'save'}) +{ + &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings); +} +if ($outfwsettings{'ACTION'} eq 'enable') +{ + open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile"; + @p2ps = ; + close FILE; + open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile"; + foreach $p2pentry (sort @p2ps) + { + @p2pline = split( /\;/, $p2pentry ); + if ($p2pline[1] eq $outfwsettings{'P2PROT'}) { + print FILE "$p2pline[0];$p2pline[1];on;\n"; + } else { + print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n"; + } + } + close FILE; +} +if ($outfwsettings{'ACTION'} eq 'disable') +{ + open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile"; + @p2ps = ; + close FILE; + open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile"; + foreach $p2pentry (sort @p2ps) + { + @p2pline = split( /\;/, $p2pentry ); + if ($p2pline[1] eq $outfwsettings{'P2PROT'}) { + print FILE "$p2pline[0];$p2pline[1];off;\n"; + } else { + print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n"; + } + } + close FILE; +} +if ($outfwsettings{'ACTION'} eq $Lang::tr{'edit'}) +{ + open( FILE, "< $configfile" ) or die "Unable to read $configfile"; + @configs = ; + close FILE; + open( FILE, "> $configfile" ) or die "Unable to write $configfile"; + foreach $configentry (sort @configs) + { + @configline = split( /\;/, $configentry ); + unless (($configline[0] eq $outfwsettings{'STATE'}) && + ($configline[1] eq $outfwsettings{'ENABLED'}) && + ($configline[2] eq $outfwsettings{'SNET'}) && + ($configline[3] eq $outfwsettings{'PROT'}) && + ($configline[4] eq $outfwsettings{'NAME'}) && + ($configline[5] eq $outfwsettings{'SIP'}) && + ($configline[6] eq $outfwsettings{'SMAC'}) && + ($configline[7] eq $outfwsettings{'DIP'}) && + ($configline[8] eq $outfwsettings{'DPORT'})) + { + print FILE $configentry; + } + } + close FILE; + &addrule(); + &Header::closebigbox(); + &Header::closepage(); + exit +} +if ($outfwsettings{'ACTION'} eq $Lang::tr{'delete'}) +{ + open( FILE, "< $configfile" ) or die "Unable to read $configfile"; + @configs = ; + close FILE; + open( FILE, "> $configfile" ) or die "Unable to write $configfile"; + foreach $configentry (sort @configs) + { + @configline = split( /\;/, $configentry ); + unless (($configline[0] eq $outfwsettings{'STATE'}) && + ($configline[1] eq $outfwsettings{'ENABLED'}) && + ($configline[2] eq $outfwsettings{'SNET'}) && + ($configline[3] eq $outfwsettings{'PROT'}) && + ($configline[4] eq $outfwsettings{'NAME'}) && + ($configline[5] eq $outfwsettings{'SIP'}) && + ($configline[6] eq $outfwsettings{'SMAC'}) && + ($configline[7] eq $outfwsettings{'DIP'}) && + ($configline[8] eq $outfwsettings{'DPORT'})) + { + print FILE $configentry; + } + } + close FILE; +} +if ($outfwsettings{'ACTION'} eq $Lang::tr{'add'}) +{ + if ( $outfwsettings{'VALID'} eq 'yes' ) { + open( FILE, ">> $configfile" ) or die "Unable to write $configfile"; + print FILE <$errormessage\n"; + print " \n"; + &Header::closebox(); +} + +############################################################################################################################ +############################################################################################################################ + +if ($outfwsettings{'POLICY'} ne 'MODE0'){ + &Header::openbox('100%', 'center', 'Rules'); + print < + +END +; + open( FILE, "< $configfile" ) or die "Unable to read $configfile"; + @configs = ; + close FILE; + if (@configs) { + print < + +
Protokoll + Netzwerk + Ziel + Anmerkung + Politik + Aktionen +END +; + foreach $configentry (sort @configs) + { + @configline = split( /\;/, $configentry ); + $outfwsettings{'STATE'} = $configline[0]; + $outfwsettings{'ENABLED'} = $configline[1]; + $outfwsettings{'SNET'} = $configline[2]; + $outfwsettings{'PROT'} = $configline[3]; + $outfwsettings{'NAME'} = $configline[4]; + $outfwsettings{'SIP'} = $configline[5]; + $outfwsettings{'SMAC'} = $configline[6]; + $outfwsettings{'DIP'} = $configline[7]; + $outfwsettings{'DPORT'} = $configline[8]; + if ($outfwsettings{'DIP'} eq ''){ $outfwsettings{'DISPLAY_DIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DIP'} = $outfwsettings{'DIP'}; } + if ($outfwsettings{'DPORT'} eq ''){ $outfwsettings{'DISPLAY_DPORT'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DPORT'} = $outfwsettings{'DPORT'}; } + if ($outfwsettings{'STATE'} eq 'DENY'){ $outfwsettings{'DISPLAY_STATE'} = "DENY"; } + if ($outfwsettings{'STATE'} eq 'ALLOW'){ $outfwsettings{'DISPLAY_STATE'} = "ALLOW"; } + if ((($outfwsettings{'POLICY'} eq 'MODE1') && ($outfwsettings{'STATE'} eq 'ALLOW')) || (($outfwsettings{'POLICY'} eq 'MODE2') && ($outfwsettings{'STATE'} eq 'DENY'))){ + print < + + + + + + + + + +
$outfwsettings{'PROT'} + $outfwsettings{'SNET'} + $outfwsettings{'DISPLAY_DIP'}:$outfwsettings{'DISPLAY_DPORT'} + $outfwsettings{'NAME'} + $outfwsettings{'DISPLAY_STATE'} + +   + +END +; + if (($outfwsettings{'SIP'}) || ($outfwsettings{'SMAC'})) { + unless ($outfwsettings{'SIP'}) { $outfwsettings{'DISPLAY_SIP'} = '---'; } else { $outfwsettings{'DISPLAY_SIP'} = $outfwsettings{'SIP'}; } + unless ($outfwsettings{'SMAC'}) { $outfwsettings{'DISPLAY_SMAC'} = '---'; } else { $outfwsettings{'DISPLAY_SMAC'} = $outfwsettings{'SMAC'}; } + print <Quell-IP-Adresse: + $outfwsettings{'DISPLAY_SIP'} + Quell-MAC-Adresse: + $outfwsettings{'DISPLAY_SMAC'} + +END +; + } + print < +END +; + } + } + print < +END +; + + } + print < +END +; + &Header::closebox(); +} + +if ($outfwsettings{'POLICY'} eq 'MODE2'){ + open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile"; + @p2ps = ; + close FILE; + &Header::openbox('100%', 'center', 'P2P-Block'); + print < +
Protokoll + Status +END +; + foreach $p2pentry (sort @p2ps) + { + @p2pline = split( /\;/, $p2pentry ); + print < +
$p2pline[0]: + +END +; + if ($p2pline[2] eq 'on') { + print < + +END +; + } else { + print < + +END +; + } + print < +END +; + } + print <Klicken Sie auf die Symbole um das entsprechende P2P-Netz zu (de-)aktivieren. +
+END +; + &Header::closebox(); +} + +&Header::openbox('100%', 'center', 'Policy'); +print < + +
Modus 0:In diesem Modus ist es allen Rechnern im Netzwerk uneingeschraenkt moeglich Verbindungen ins Internet aufzubauen. +
Modus 1:In diesem Modus werden nur Verbindungen nach den oben definierten Regeln zugelassen. +
Modus 2:In diesem Modus werden saemtliche Verbindungen erlaubt, bis auf die oben definierten Block-Regeln.
Hier ist eine Besonderheit der P2P-Filter. +
+
+ + +END +; + if ($outfwsettings{'POLICY'} ne 'MODE0') { + print < +END +; + } +print < + +END +; +&Header::closebox(); + +&Header::closebigbox(); +&Header::closepage(); + +############################################################################################################################ +############################################################################################################################ + +sub addrule +{ + &Header::openbox('100%', 'center', 'Rules hinzufuegen'); + if ($outfwsettings{'EDIT'} eq 'no') { $selected{'ENABLED'} = 'checked'; } + print < + +
Anmerkung: + + Aktiviert: + +
Protokoll: + + Sicherheitspolitik: + +END +; + if ($outfwsettings{'POLICY'} eq 'MODE1'){ + print "\t\t\tALLOW\n"; + } elsif ($outfwsettings{'POLICY'} eq 'MODE2'){ + print "\t\t\tDENY\n"; + } + print <Quellnetz: + Quell-IP-Adresse: + +
  + Quell-MAC-Adresse: + +
Ziel-IP-Adresse: + + Ziel-Port: + +
+
$Lang::tr{'this field may be blank'} + +
+END +; + &Header::closebox(); +} + diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 74636dc546..e127c395e5 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1475,6 +1475,7 @@ 'urlfilter update notification' => 'Update-Benachrichtigung!', 'urlfilter update information' => 'Eine aktualisierte Version steht zum Download bereit. Besuchen Sie http://www.urlfilter.net für weitere Informationen.', 'display webinterface effects' => 'Überblendeffekte einschalten', +'outgoing firewall' => 'Ausgehende Firewall', ); diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index d740d95c39..ae7f14a9e8 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1508,5 +1508,6 @@ 'urlfilter update notification' => 'Update notification!', 'urlfilter update information' => 'There is an updated version available for download. Visit http://www.urlfilter.net for more information.', 'display webinterface effects' => 'Activate effects', +'outgoing firewall' => 'Outgoing Firewall', ); diff --git a/lfs/configroot b/lfs/configroot index 5daaa14198..ac117420da 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -51,7 +51,7 @@ $(TARGET) : # Create all directories for i in addon-lang alcatelusb auth backup backup/sets ca certs cnx_pci crls ddns dhcp dhcpc dmzholes \ - eagle-usb eciadsl ethernet isdn key langs logging main modem net-traffic nfs optionsfw patches pakfire portfw \ + eagle-usb eciadsl ethernet isdn key langs logging main modem net-traffic nfs optionsfw outgoing patches pakfire portfw \ ppp private proxy/advanced qos/bin red remote snort time urlfilter/autoupdate urlfilter/bin vpn wireless xtaccess ; do \ mkdir -p $(CONFIG_ROOT)/$$i; \ done @@ -60,7 +60,7 @@ $(TARGET) : for i in auth/users backup/include.user backup/exclude.user \ certs/index.txt ddns/config ddns/noipsettings ddns/settings ddns/ipcache dhcp/settings \ dhcp/fixleases dhcp/advoptions dmzholes/config ethernet/aliases ethernet/settings \ - isdn/settings main/hosts main/settings optionsfw/settings pakfire/settings patches/available patches/installed \ + isdn/settings main/hosts main/settings optionsfw/settings outgoing/settings outgoing/rules pakfire/settings patches/available patches/installed \ portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \ ppp/settings-5 ppp/settings proxy/settings remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \ snort/settings vpn/config vpn/settings vpn/ipsec.conf \ @@ -81,6 +81,7 @@ $(TARGET) : cp $(DIR_SRC)/config/cfgroot/modem-settings $(CONFIG_ROOT)/modem/settings cp $(DIR_SRC)/config/cfgroot/net-traffic-lib.pl $(CONFIG_ROOT)/net-traffic/net-traffic-lib.pl cp $(DIR_SRC)/config/cfgroot/nfs-server $(CONFIG_ROOT)/nfs/nfs-server + cp $(DIR_SRC)/config/cfgroot/p2protocols $(CONFIG_ROOT)/outgoing/p2protocols cp $(DIR_SRC)/config/cfgroot/proxy-acl $(CONFIG_ROOT)/proxy/acl-1.4 cp $(DIR_SRC)/config/qos/makeqosscripts.pl $(CONFIG_ROOT)/qos/bin/makeqosscripts.pl cp $(DIR_SRC)/config/cfgroot/ssh-settings $(CONFIG_ROOT)/remote/settings diff --git a/src/ROOTFILES.i386 b/src/ROOTFILES.i386 index 919d181574..45ad3a253e 100644 --- a/src/ROOTFILES.i386 +++ b/src/ROOTFILES.i386 @@ -21054,6 +21054,7 @@ home/httpd/cgi-bin/modem.cgi home/httpd/cgi-bin/netstatus.cgi #home/httpd/cgi-bin/networks.cgi home/httpd/cgi-bin/optionsfw.cgi +home/httpd/cgi-bin/outgoingfw.cgi home/httpd/cgi-bin/portfw.cgi home/httpd/cgi-bin/pppsetup.cgi #home/httpd/cgi-bin/printenv -- 2.39.2