]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blame - html/cgi-bin/dmzholes.cgi
projects / people / teissler / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
immernoch das alte Problem...
[people/teissler/ipfire-2.x.git] / html / cgi-bin / dmzholes.cgi
CommitLineData
cd1a2927
MT		 1#!/usr/bin/perl\r
2#\r
3# SmoothWall CGIs\r
4#\r
5# This code is distributed under the terms of the GPL\r
6#\r
7# (c) The SmoothWall Team\r
8#\r
9# $Id: dmzholes.cgi,v 1.9.2.16 2005/10/18 17:05:27 franck78 Exp $\r
10#\r
11\r
12use strict;\r
13\r
14# enable only the following on debugging purpose\r
15#use warnings;\r
16#use CGI::Carp 'fatalsToBrowser';\r
17\r
18require 'CONFIG_ROOT/general-functions.pl';\r
19require "${General::swroot}/lang.pl";\r
20require "${General::swroot}/header.pl";\r
21\r
22#workaround to suppress a warning when a variable is used only once\r
23my @dummy = ( ${Header::table2colour}, ${Header::colouryellow} );\r
24undef (@dummy);\r
25\r
26my %cgiparams=();\r
27my %checked=();\r
28my %selected=();\r
29my %netsettings=();\r
30my $errormessage = '';\r
31my $filename = "${General::swroot}/dmzholes/config";\r
32\r
33&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);\r
34\r
35&Header::showhttpheaders();\r
36\r
37$cgiparams{'ENABLED'} = 'off';\r
38$cgiparams{'REMARK'} = '';\r
39$cgiparams{'ACTION'} = '';\r
40$cgiparams{'SRC_IP'} = '';\r
41$cgiparams{'DEST_IP'} ='';\r
42$cgiparams{'DEST_PORT'} = '';\r
43&Header::getcgihash(\%cgiparams);\r
44\r
45open(FILE, $filename) or die 'Unable to open config file.';\r
46my @current = <FILE>;\r
47close(FILE);\r
48\r
49if ($cgiparams{'ACTION'} eq $Lang::tr{'add'})\r
50{\r
51 unless($cgiparams{'PROTOCOL'} =~ /^(tcp|udp)$/) { $errormessage = $Lang::tr{'invalid input'}; }\r
52 unless(&General::validipormask($cgiparams{'SRC_IP'})) { $errormessage = $Lang::tr{'source ip bad'}; }\r
53 unless($errormessage){$errormessage = &General::validportrange($cgiparams{'DEST_PORT'},'dst');}\r
54 unless(&General::validipormask($cgiparams{'DEST_IP'})) { $errormessage = $Lang::tr{'destination ip bad'}; }\r
55 unless ($errormessage) {\r
56 $errormessage = &validNet($cgiparams{'SRC_NET'},$cgiparams{'DEST_NET'}); }\r
57 # Darren Critchley - Remove commas from remarks\r
58 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});\r
59\r
60 unless ($errormessage)\r
61 {\r
62 if($cgiparams{'EDITING'} eq 'no') {\r
63 open(FILE,">>$filename") or die 'Unable to open config file.';\r
64 flock FILE, 2;\r
65 print FILE "$cgiparams{'PROTOCOL'},"; # [0]\r
66 print FILE "$cgiparams{'SRC_IP'},"; # [1]\r
67 print FILE "$cgiparams{'DEST_IP'},"; # [2]\r
68 print FILE "$cgiparams{'DEST_PORT'},"; # [3]\r
69 print FILE "$cgiparams{'ENABLED'},"; # [4]\r
70 print FILE "$cgiparams{'SRC_NET'},"; # [5]\r
71 print FILE "$cgiparams{'DEST_NET'},"; # [6]\r
72 print FILE "$cgiparams{'REMARK'}\n"; # [7]\r
73 } else {\r
74 open(FILE,">$filename") or die 'Unable to open config file.';\r
75 flock FILE, 2;\r
76 my $id = 0;\r
77 foreach my $line (@current)\r
78 {\r
79 $id++;\r
80 if ($cgiparams{'EDITING'} eq $id) {\r
81 print FILE "$cgiparams{'PROTOCOL'},"; # [0]\r
82 print FILE "$cgiparams{'SRC_IP'},"; # [1]\r
83 print FILE "$cgiparams{'DEST_IP'},"; # [2]\r
84 print FILE "$cgiparams{'DEST_PORT'},"; # [3]\r
85 print FILE "$cgiparams{'ENABLED'},"; # [4]\r
86 print FILE "$cgiparams{'SRC_NET'},"; # [5]\r
87 print FILE "$cgiparams{'DEST_NET'},"; # [6]\r
88 print FILE "$cgiparams{'REMARK'}\n"; # [7]\r
89 } else { print FILE "$line"; }\r
90 }\r
91 }\r
92 close(FILE);\r
93 undef %cgiparams;\r
94 &General::log($Lang::tr{'dmz pinhole rule added'});\r
95 system('/usr/local/bin/setdmzholes');\r
96 }\r
97}\r
98if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'})\r
99{\r
100 my $id = 0;\r
101 open(FILE, ">$filename") or die 'Unable to open config file.';\r
102 flock FILE, 2;\r
103 foreach my $line (@current)\r
104 {\r
105 $id++;\r
106 unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }\r
107 }\r
108 close(FILE);\r
109 system('/usr/local/bin/setdmzholes');\r
110 &General::log($Lang::tr{'dmz pinhole rule removed'});\r
111}\r
112if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'})\r
113{\r
114 my $id = 0;\r
115 open(FILE, ">$filename") or die 'Unable to open config file.';\r
116 flock FILE, 2;\r
117 foreach my $line (@current)\r
118 {\r
119 $id++;\r
120 unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }\r
121 else\r
122 {\r
123 chomp($line);\r
124 my @temp = split(/\,/,$line);\r
125 print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$cgiparams{'ENABLE'},$temp[5],$temp[6],$temp[7]\n";\r
126 }\r
127 }\r
128 close(FILE);\r
129 system('/usr/local/bin/setdmzholes');\r
130}\r
131if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'})\r
132{\r
133 my $id = 0;\r
134 foreach my $line (@current)\r
135 {\r
136 $id++;\r
137 if ($cgiparams{'ID'} eq $id)\r
138 {\r
139 chomp($line);\r
140 my @temp = split(/\,/,$line);\r
141 $cgiparams{'PROTOCOL'} = $temp[0];\r
142 $cgiparams{'SRC_IP'} = $temp[1];\r
143 $cgiparams{'DEST_IP'} = $temp[2];\r
144 $cgiparams{'DEST_PORT'} = $temp[3];\r
145 $cgiparams{'ENABLED'} = $temp[4];\r
146 $cgiparams{'SRC_NET'} = $temp[5];\r
147 $cgiparams{'DEST_NET'} = $temp[6];\r
148 $cgiparams{'REMARK'} = $temp[7];\r
149 }\r
150 }\r
151}\r
152\r
153if ($cgiparams{'ACTION'} eq '')\r
154{\r
155 $cgiparams{'PROTOCOL'} = 'tcp';\r
156 $cgiparams{'ENABLED'} = 'on';\r
157 $cgiparams{'SRC_NET'} = 'orange';\r
158 $cgiparams{'DEST_NET'} = 'blue';\r
159}\r
160\r
161$selected{'PROTOCOL'}{'udp'} = '';\r
162$selected{'PROTOCOL'}{'tcp'} = '';\r
163$selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = "selected='selected'";\r
164\r
165$selected{'SRC_NET'}{'orange'} = '';\r
166$selected{'SRC_NET'}{'blue'} = '';\r
167$selected{'SRC_NET'}{$cgiparams{'SRC_NET'}} = "selected='selected'";\r
168\r
169$selected{'DEST_NET'}{'blue'} = '';\r
170$selected{'DEST_NET'}{'green'} = '';\r
171$selected{'DEST_NET'}{$cgiparams{'DEST_NET'}} = "selected='selected'";\r
172\r
173$checked{'ENABLED'}{'off'} = '';\r
174$checked{'ENABLED'}{'on'} = '';\r
175$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'";\r
176\r
177&Header::openpage($Lang::tr{'dmz pinhole configuration'}, 1, '');\r
178\r
179&Header::openbigbox('100%', 'left', '', $errormessage);\r
180\r
181if ($errormessage) {\r
182 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});\r
183 print "<class name='base'>$errormessage\n";\r
184 print "&nbsp;</class>\n";\r
185 &Header::closebox();\r
186}\r
187\r
188print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";\r
189\r
190my $buttonText = $Lang::tr{'add'};\r
191if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {\r
192 &Header::openbox('100%', 'left', $Lang::tr{'edit a rule'});\r
193 $buttonText = $Lang::tr{'update'};\r
194} else {\r
195 &Header::openbox('100%', 'left', $Lang::tr{'add a new rule'});\r
196}\r
197print <<END\r
198<table width='100%'>\r
199<tr>\r
200<td>\r
201 <select name='PROTOCOL'>\r
202 <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>\r
203 <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option>\r
204 </select>\r
205</td>\r
206<td>\r
207 $Lang::tr{'source net'}:</td>\r
208<td>\r
209 <select name='SRC_NET'>\r
210END\r
211;\r
212 if (&haveOrangeNet()) {\r
213 print "<option value='orange' $selected{'SRC_NET'}{'orange'}>$Lang::tr{'orange'}</option>";\r
214 }\r
215 if (&haveBlueNet()) {\r
216 print "<option value='blue' $selected{'SRC_NET'}{'blue'}>$Lang::tr{'blue'}</option>";\r
217 }\r
218print <<END\r
219 </select>\r
220</td>\r
221<td class='base'>$Lang::tr{'source ip or net'}:</td>\r
222<td><input type='text' name='SRC_IP' value='$cgiparams{'SRC_IP'}' size='15' /></td>\r
223</tr>\r
224<tr>\r
225<td>\r
226 &nbsp;</td>\r
227<td>\r
228 $Lang::tr{'destination net'}:</td>\r
229<td>\r
230 <select name='DEST_NET'>\r
231END\r
232;\r
233 if (&haveOrangeNet() && &haveBlueNet()) {\r
234 print "<option value='blue' $selected{'DEST_NET'}{'blue'}>$Lang::tr{'blue'}</option>";\r
235 }\r
236\r
237print <<END\r
238 <option value='green' $selected{'DEST_NET'}{'green'}>$Lang::tr{'green'}</option>\r
239 </select>\r
240</td>\r
241<td class='base'>\r
242 $Lang::tr{'destination ip or net'}:</td>\r
243<td>\r
244 <input type='text' name='DEST_IP' value='$cgiparams{'DEST_IP'}' size='15' />\r
245</td>\r
246<td class='base'>\r
247 $Lang::tr{'destination port'}:&nbsp;\r
248 <input type='text' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' />\r
249</td>\r
250</tr>\r
251</table>\r
252<table width='100%'>\r
253 <tr>\r
254 <td colspan='3' width='50%' class='base'>\r
255 <font class='boldbase'>$Lang::tr{'remark title'}&nbsp;<img src='/blob.gif' alt='*' /></font>\r
256 <input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' />\r
257 </td>\r
258 </tr>\r
259 <tr>\r
260 <td class='base' width='50%'>\r
261 <img src='/blob.gif' alt ='*' align='top' />&nbsp;\r
262 <font class='base'>$Lang::tr{'this field may be blank'}</font>\r
263 </td>\r
264 <td class='base' width='25%' align='center'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>\r
265 <td width='25%' align='center'>\r
266 <input type='hidden' name='ACTION' value='$Lang::tr{'add'}' />\r
267 <input type='submit' name='SUBMIT' value='$buttonText' />\r
268 </td>\r
269 </tr>\r
270</table>\r
271END\r
272;\r
273if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {\r
274 print "<input type='hidden' name='EDITING' value='$cgiparams{'ID'}' />\n";\r
275} else {\r
276 print "<input type='hidden' name='EDITING' value='no' />\n";\r
277}\r
278&Header::closebox();\r
279print "</form>\n";\r
280\r
281&Header::openbox('100%', 'left', $Lang::tr{'current rules'});\r
282print <<END\r
283<table width='100%'>\r
284<tr>\r
285<td width='7%' class='boldbase' align='center'><b>$Lang::tr{'proto'}</b></td>\r
286<td width='3%' class='boldbase' align='center'><b>$Lang::tr{'net'}</b></td>\r
287<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'source'}</b></td>\r
288<td width='2%' class='boldbase' align='center'>&nbsp;</td>\r
289<td width='3%' class='boldbase' align='center'><b>$Lang::tr{'net'}</b></td>\r
290<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'destination'}</b></td>\r
291<td width='30%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td>\r
292<td width='1%' class='boldbase' align='center'>&nbsp;</td>\r
293<td width='4%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td>\r
294END\r
295;\r
296\r
297# Achim Weber: if i add a new rule, this rule is not displayed?!?\r
298# we re-read always config.\r
299# If something has happeened re-read config\r
300#if($cgiparams{'ACTION'} ne '')\r
301#{\r
302 open(FILE, $filename) or die 'Unable to open config file.';\r
303 @current = <FILE>;\r
304 close(FILE);\r
305#}\r
306my $id = 0;\r
307foreach my $line (@current)\r
308{\r
309 my $protocol='';\r
310 my $gif='';\r
311 my $toggle='';\r
312 my $gdesc='';\r
313 $id++;\r
314 chomp($line);\r
315 my @temp = split(/\,/,$line);\r
316 if ($temp[0] eq 'udp') { $protocol = 'UDP'; } else { $protocol = 'TCP' }\r
317\r
318 my $srcnetcolor = ($temp[5] eq 'blue')? ${Header::colourblue} : ${Header::colourorange};\r
319 my $destnetcolor = ($temp[6] eq 'blue')? ${Header::colourblue} : ${Header::colourgreen};\r
320\r
321 if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) {\r
322 print "<tr bgcolor='${Header::colouryellow}'>\n"; }\r
323 elsif ($id % 2) {\r
324 print "<tr bgcolor='${Header::table1colour}'>\n"; }\r
325 else {\r
326 print "<tr bgcolor='${Header::table2colour}'>\n"; }\r
327 if ($temp[4] eq 'on') { $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};}\r
328 else { $gif = 'off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; }\r
329\r
330 # Darren Critchley - Get Port Service Name if we can - code borrowed from firewalllog.dat\r
331 my $dstprt =$temp[3];\r
332 $_=$temp[3];\r
333 if (/^\d+$/) {\r
334 my $servi = uc(getservbyport($temp[3], lc($temp[0])));\r
335 if ($servi ne '' && $temp[3] < 1024) {\r
336 $dstprt = "$dstprt($servi)"; }\r
337 }\r
338 # Darren Critchley - If the line is too long, wrap the port numbers\r
339 my $dstaddr = "$temp[2] : $dstprt";\r
340 if (length($dstaddr) > 26) {\r
341 $dstaddr = "$temp[2] :<br /> $dstprt";\r
342 }\r
343print <<END\r
344<td align='center'>$protocol</td>\r
345<td bgcolor='$srcnetcolor'></td>\r
346<td align='center'>$temp[1]</td>\r
347<td align='center'><img src='/images/forward.gif' /></td>\r
348<td bgcolor='$destnetcolor'></td>\r
349<td align='center'>$dstaddr</td>\r
350<td align='center'>$temp[7]</td>\r
351\r
352<td align='center'>\r
353<form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>\r
354<input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' />\r
355<input type='hidden' name='ID' value='$id' />\r
356<input type='hidden' name='ENABLE' value='$toggle' />\r
357<input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />\r
358</form>\r
359</td>\r
360\r
361<td align='center'>\r
362<form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>\r
363<input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' />\r
364<input type='hidden' name='ID' value='$id' />\r
365<input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />\r
366</form>\r
367</td>\r
368\r
369<td align='center'>\r
370<form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>\r
371<input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' />\r
372<input type='hidden' name='ID' value='$id' />\r
373<input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />\r
374</form>\r
375</td>\r
376\r
377</tr>\r
378END\r
379 ;\r
380}\r
381print "</table>\n";\r
382\r
383# If the fixed lease file contains entries, print Key to action icons\r
384if ( ! -z "$filename") {\r
385print <<END\r
386<table>\r
387<tr>\r
388 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>\r
389 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>\r
390 <td class='base'>$Lang::tr{'click to disable'}</td>\r
391 <td>&nbsp; &nbsp; <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>\r
392 <td class='base'>$Lang::tr{'click to enable'}</td>\r
393 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>\r
394 <td class='base'>$Lang::tr{'edit'}</td>\r
395 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>\r
396 <td class='base'>$Lang::tr{'remove'}</td>\r
397</tr>\r
398</table>\r
399END\r
400;\r
401}\r
402\r
403&Header::closebox();\r
404\r
405&Header::closebigbox();\r
406\r
407&Header::closepage();\r
408\r
409sub validNet\r
410{\r
411 my $srcNet = $_[0];\r
412 my $destNet = $_[1];\r
413\r
414 if ($srcNet eq $destNet) {\r
415 return $Lang::tr{'dmzpinholes for same net not necessary'}; }\r
416 unless ($srcNet =~ /^(blue|orange)$/) {\r
417 return $Lang::tr{'select source net'}; }\r
418 unless ($destNet =~ /^(blue|green)$/) {\r
419 return $Lang::tr{'select dest net'}; }\r
420 \r
421 return '';\r
422}\r
423\r
424sub haveOrangeNet\r
425{\r
426 if ($netsettings{'CONFIG_TYPE'} == 1) {return 1;}\r
427 if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}\r
428 if ($netsettings{'CONFIG_TYPE'} == 5) {return 1;}\r
429 if ($netsettings{'CONFIG_TYPE'} == 7) {return 1;}\r
430 return 0;\r
431}\r
432\r
433sub haveBlueNet\r
434{\r
435 if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}\r
436 if ($netsettings{'CONFIG_TYPE'} == 5) {return 1;}\r
437 if ($netsettings{'CONFIG_TYPE'} == 6) {return 1;}\r
438 if ($netsettings{'CONFIG_TYPE'} == 7) {return 1;}\r
439 return 0;\r
440}\r
Timo's tree of IPFire 2.x