#!/usr/bin/perl ############################################################################### # # # IPFire.org - A linux based firewall # # Copyright (C) 2005-2010 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation, either version 3 of the License, or # # (at your option) any later version. # # # # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # # GNU General Public License for more details. # # # # You should have received a copy of the GNU General Public License # # along with this program. If not, see . # # # ############################################################################### use strict; # enable only the following on debugging purpose #use warnings; #use CGI::Carp 'fatalsToBrowser'; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; my %outfwsettings = (); my %checked = (); my %selected= () ; my %netsettings = (); my $errormessage = ""; my $configentry = ""; my @configs = (); my @configline = (); my $p2pentry = ""; my @p2ps = (); my @p2pline = (); my $configfile = "/var/ipfire/outgoing/rules"; my $configpath = "/var/ipfire/outgoing/groups/"; my $p2pfile = "/var/ipfire/outgoing/p2protocols"; my $servicefile = "/var/ipfire/outgoing/defaultservices"; my %color = (); my %mainsettings = (); &General::readhash("${General::swroot}/main/settings", \%mainsettings); &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); &Header::showhttpheaders(); ### Values that have to be initialized $outfwsettings{'ACTION'} = ''; $outfwsettings{'VALID'} = 'yes'; $outfwsettings{'EDIT'} = 'no'; $outfwsettings{'NAME'} = ''; $outfwsettings{'SNET'} = ''; $outfwsettings{'SIP'} = ''; $outfwsettings{'SPORT'} = ''; $outfwsettings{'SMAC'} = ''; $outfwsettings{'DIP'} = ''; $outfwsettings{'DPORT'} = ''; $outfwsettings{'PROT'} = ''; $outfwsettings{'STATE'} = ''; $outfwsettings{'DISPLAY_DIP'} = ''; $outfwsettings{'DISPLAY_DPORT'} = ''; $outfwsettings{'DISPLAY_SMAC'} = ''; $outfwsettings{'DISPLAY_SIP'} = ''; $outfwsettings{'POLICY'} = 'MODE0'; $outfwsettings{'MODE1LOG'} = 'off'; $outfwsettings{'TIME_FROM'} = '00:00'; $outfwsettings{'TIME_TO'} = '00:00'; &General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings); &Header::getcgihash(\%outfwsettings); ############### # DEBUG DEBUG #&Header::openbox('100%', 'left', 'DEBUG'); #my $debugCount = 0; #foreach my $line (sort keys %outfwsettings) { #print "$line = $outfwsettings{$line}
\n"; # $debugCount++; #} #print " Count: $debugCount\n"; #&Header::closebox(); # DEBUG DEBUG ############### $selected{'TIME_FROM'}{$outfwsettings{'TIME_FROM'}} = "selected='selected'"; $selected{'TIME_TO'}{$outfwsettings{'TIME_TO'}} = "selected='selected'"; $checked{'MODE1LOG'}{'off'} = ''; $checked{'MODE1LOG'}{'on'} = ''; $checked{'MODE1LOG'}{$outfwsettings{'MODE1LOG'}} = "checked='checked'"; $checked{'TIME_MON'}{'off'} = ''; $checked{'TIME_MON'}{'on'} = ''; $checked{'TIME_MON'}{$outfwsettings{'TIME_MON'}} = "checked='checked'"; $checked{'TIME_TUE'}{'off'} = ''; $checked{'TIME_TUE'}{'on'} = ''; $checked{'TIME_TUE'}{$outfwsettings{'TIME_TUE'}} = "checked='checked'"; $checked{'TIME_WED'}{'off'} = ''; $checked{'TIME_WED'}{'on'} = ''; $checked{'TIME_WED'}{$outfwsettings{'TIME_WED'}} = "checked='checked'"; $checked{'TIME_THU'}{'off'} = ''; $checked{'TIME_THU'}{'on'} = ''; $checked{'TIME_THU'}{$outfwsettings{'TIME_THU'}} = "checked='checked'"; $checked{'TIME_FRI'}{'off'} = ''; $checked{'TIME_FRI'}{'on'} = ''; $checked{'TIME_FRI'}{$outfwsettings{'TIME_FRI'}} = "checked='checked'"; $checked{'TIME_SAT'}{'off'} = ''; $checked{'TIME_SAT'}{'on'} = ''; $checked{'TIME_SAT'}{$outfwsettings{'TIME_SAT'}} = "checked='checked'"; $checked{'TIME_SUN'}{'off'} = ''; $checked{'TIME_SUN'}{'on'} = ''; $checked{'TIME_SUN'}{$outfwsettings{'TIME_SUN'}} = "checked='checked'"; if ($outfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; } if ($outfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; } if ($outfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; } # This is a little hack if poeple donīt mark any date then all will be selected, because they might have forgotten to select # a valid day. A Rule without any matching day will never work, because the timeranges are new feature people might not notice # that they have to select a day for the rule. if ( $outfwsettings{'TIME_MON'} eq "" && $outfwsettings{'TIME_TUE'} eq "" && $outfwsettings{'TIME_WED'} eq "" && $outfwsettings{'TIME_THU'} eq "" && $outfwsettings{'TIME_FRI'} eq "" && $outfwsettings{'TIME_SAT'} eq "" && $outfwsettings{'TIME_SUN'} eq "" ) { $outfwsettings{'TIME_MON'} = "on"; $outfwsettings{'TIME_TUE'} = "on"; $outfwsettings{'TIME_WED'} = "on"; $outfwsettings{'TIME_THU'} = "on"; $outfwsettings{'TIME_FRI'} = "on"; $outfwsettings{'TIME_SAT'} = "on"; $outfwsettings{'TIME_SUN'} = "on"; } &Header::openpage($Lang::tr{'outgoing firewall'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); ############################################################################################################################ ############################################################################################################################ if ($outfwsettings{'ACTION'} eq $Lang::tr{'reset'}) { $outfwsettings{'POLICY'}='MODE0'; unlink $configfile; system("/usr/bin/touch $configfile"); my $MODE = $outfwsettings{'POLICY'}; %outfwsettings = (); $outfwsettings{'POLICY'} = "$MODE"; &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings); } if ($outfwsettings{'ACTION'} eq $Lang::tr{'save'}) { my $MODE = $outfwsettings{'POLICY'}; my $MODE1LOG = $outfwsettings{'MODE1LOG'}; %outfwsettings = (); $outfwsettings{'POLICY'} = "$MODE"; $outfwsettings{'MODE1LOG'} = "$MODE1LOG"; &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings); system("/usr/local/bin/outgoingfwctrl"); } if ($outfwsettings{'ACTION'} eq 'enable') { open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile"; @p2ps = ; close FILE; open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile"; foreach $p2pentry (sort @p2ps) { @p2pline = split( /\;/, $p2pentry ); if ($p2pline[1] eq $outfwsettings{'P2PROT'}) { print FILE "$p2pline[0];$p2pline[1];on;\n"; } else { print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n"; } } close FILE; system("/usr/local/bin/outgoingfwctrl"); } if ($outfwsettings{'ACTION'} eq 'disable') { open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile"; @p2ps = ; close FILE; open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile"; foreach $p2pentry (sort @p2ps) { @p2pline = split( /\;/, $p2pentry ); if ($p2pline[1] eq $outfwsettings{'P2PROT'}) { print FILE "$p2pline[0];$p2pline[1];off;\n"; } else { print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n"; } } close FILE; system("/usr/local/bin/outgoingfwctrl"); } if ($outfwsettings{'ACTION'} eq $Lang::tr{'edit'}) { open( FILE, "< $configfile" ) or die "Unable to read $configfile"; @configs = ; close FILE; open( FILE, "> $configfile" ) or die "Unable to write $configfile"; foreach $configentry (sort @configs) { @configline = split( /\;/, $configentry ); $configline[10] = "on" if not exists $configline[11]; $configline[11] = "on" if not exists $configline[11]; $configline[12] = "on" if not exists $configline[12]; $configline[13] = "on" if not exists $configline[13]; $configline[14] = "on" if not exists $configline[14]; $configline[15] = "on" if not exists $configline[15]; $configline[16] = "on" if not exists $configline[16]; $configline[17] = "00:00" if not exists $configline[17]; $configline[18] = "00:00" if not exists $configline[18]; unless (($configline[0] eq $outfwsettings{'STATE'}) && ($configline[1] eq $outfwsettings{'ENABLED'}) && ($configline[2] eq $outfwsettings{'SNET'}) && ($configline[3] eq $outfwsettings{'PROT'}) && ($configline[4] eq $outfwsettings{'NAME'}) && ($configline[5] eq $outfwsettings{'SIP'}) && ($configline[6] eq $outfwsettings{'SMAC'}) && ($configline[7] eq $outfwsettings{'DIP'}) && ($configline[9] eq $outfwsettings{'LOG'}) && ($configline[8] eq $outfwsettings{'DPORT'}) && ($configline[10] eq $outfwsettings{'TIME_MON'}) && ($configline[11] eq $outfwsettings{'TIME_TUE'}) && ($configline[12] eq $outfwsettings{'TIME_WED'}) && ($configline[13] eq $outfwsettings{'TIME_THU'}) && ($configline[14] eq $outfwsettings{'TIME_FRI'}) && ($configline[15] eq $outfwsettings{'TIME_SAT'}) && ($configline[16] eq $outfwsettings{'TIME_SUN'}) && ($configline[17] eq $outfwsettings{'TIME_FROM'}) && ($configline[18] eq $outfwsettings{'TIME_TO'})) { print FILE $configentry; } } close FILE; $selected{'SNET'}{"$outfwsettings{'SNET'}"} = 'selected'; $selected{'PROT'}{"$outfwsettings{'PROT'}"} = 'selected'; $selected{'LOG'}{"$outfwsettings{'LOG'}"} = 'selected'; &addrule(); &Header::closebigbox(); &Header::closepage(); exit system("/usr/local/bin/outgoingfwctrl"); } if ($outfwsettings{'ACTION'} eq $Lang::tr{'delete'}) { open( FILE, "< $configfile" ) or die "Unable to read $configfile"; @configs = ; close FILE; open( FILE, "> $configfile" ) or die "Unable to write $configfile"; foreach $configentry (sort @configs) { @configline = split( /\;/, $configentry ); $configline[10] = "on" if not exists $configline[11]; $configline[11] = "on" if not exists $configline[11]; $configline[12] = "on" if not exists $configline[12]; $configline[13] = "on" if not exists $configline[13]; $configline[14] = "on" if not exists $configline[14]; $configline[15] = "on" if not exists $configline[15]; $configline[16] = "on" if not exists $configline[16]; $configline[17] = "00:00" if not exists $configline[17]; $configline[18] = "00:00" if not exists $configline[18]; unless (($configline[0] eq $outfwsettings{'STATE'}) && ($configline[1] eq $outfwsettings{'ENABLED'}) && ($configline[2] eq $outfwsettings{'SNET'}) && ($configline[3] eq $outfwsettings{'PROT'}) && ($configline[4] eq $outfwsettings{'NAME'}) && ($configline[5] eq $outfwsettings{'SIP'}) && ($configline[6] eq $outfwsettings{'SMAC'}) && ($configline[7] eq $outfwsettings{'DIP'}) && ($configline[9] eq $outfwsettings{'LOG'}) && ($configline[8] eq $outfwsettings{'DPORT'}) && ($configline[10] eq $outfwsettings{'TIME_MON'}) && ($configline[11] eq $outfwsettings{'TIME_TUE'}) && ($configline[12] eq $outfwsettings{'TIME_WED'}) && ($configline[13] eq $outfwsettings{'TIME_THU'}) && ($configline[14] eq $outfwsettings{'TIME_FRI'}) && ($configline[15] eq $outfwsettings{'TIME_SAT'}) && ($configline[16] eq $outfwsettings{'TIME_SUN'}) && ($configline[17] eq $outfwsettings{'TIME_FROM'}) && ($configline[18] eq $outfwsettings{'TIME_TO'})) { print FILE $configentry; } } close FILE; system("/usr/local/bin/outgoingfwctrl"); } if ($outfwsettings{'ACTION'} eq $Lang::tr{'add'}) { if ( $outfwsettings{'VALID'} eq 'yes' ) { if ( $outfwsettings{'SNET'} eq "all" ) { $outfwsettings{'SIP'} =""; $outfwsettings{'SMAC'}=""; } open( FILE, ">> $configfile" ) or die "Unable to write $configfile"; print FILE <$errormessage\n"; print " \n"; &Header::closebox(); } ############################################################################################################################ ############################################################################################################################ if ($outfwsettings{'POLICY'} ne 'MODE0'){ &Header::openbox('100%', 'center', 'Rules'); print < END ; open( FILE, "< $configfile" ) or die "Unable to read $configfile"; @configs = ; close FILE; if (@configs) { print < END ; foreach $configentry (sort @configs) { @configline = split( /\;/, $configentry ); $outfwsettings{'STATE'} = $configline[0]; $outfwsettings{'ENABLED'} = $configline[1]; $outfwsettings{'SNET'} = $configline[2]; $outfwsettings{'PROT'} = $configline[3]; $outfwsettings{'NAME'} = $configline[4]; $outfwsettings{'SIP'} = $configline[5]; $outfwsettings{'SMAC'} = $configline[6]; $outfwsettings{'DIP'} = $configline[7]; $outfwsettings{'DPORT'} = $configline[8]; $outfwsettings{'LOG'} = $configline[9]; $configline[10] = "on" if not exists $configline[11]; $configline[11] = "on" if not exists $configline[11]; $configline[12] = "on" if not exists $configline[12]; $configline[13] = "on" if not exists $configline[13]; $configline[14] = "on" if not exists $configline[14]; $configline[15] = "on" if not exists $configline[15]; $configline[16] = "on" if not exists $configline[16]; $configline[17] = "00:00" if not exists $configline[17]; $configline[18] = "00:00" if not exists $configline[18]; $outfwsettings{'TIME_MON'} = $configline[10]; $outfwsettings{'TIME_TUE'} = $configline[11]; $outfwsettings{'TIME_WED'} = $configline[12]; $outfwsettings{'TIME_THU'} = $configline[13]; $outfwsettings{'TIME_FRI'} = $configline[14]; $outfwsettings{'TIME_SAT'} = $configline[15]; $outfwsettings{'TIME_SUN'} = $configline[16]; $outfwsettings{'TIME_FROM'} = $configline[17]; $outfwsettings{'TIME_TO'} = $configline[18]; if ($outfwsettings{'DIP'} eq ''){ $outfwsettings{'DISPLAY_DIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DIP'} = $outfwsettings{'DIP'}; } if ($outfwsettings{'DPORT'} eq ''){ $outfwsettings{'DISPLAY_DPORT'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DPORT'} = $outfwsettings{'DPORT'}; } if ($outfwsettings{'STATE'} eq 'DENY'){ $outfwsettings{'DISPLAY_STATE'} = "DENY"; } if ($outfwsettings{'STATE'} eq 'ALLOW'){ $outfwsettings{'DISPLAY_STATE'} = "ALLOW"; } if ((($outfwsettings{'POLICY'} eq 'MODE1') && ($outfwsettings{'STATE'} eq 'ALLOW')) || (($outfwsettings{'POLICY'} eq 'MODE2') && ($outfwsettings{'STATE'} eq 'DENY'))){ if ( $outfwsettings{'ENABLED'} eq "on" ){ print ""; } else { print ""; } print <$outfwsettings{'PROT'} "; print ""; } else { $outfwsettings{'DISPLAY_SMAC'} = $outfwsettings{'SMAC'}; print ""; print ""; } } print < END ; } } if ($outfwsettings{'POLICY'} eq 'MODE1'){ print <
$Lang::tr{'protocol'} $Lang::tr{'network'} $Lang::tr{'destination'} $Lang::tr{'description'} $Lang::tr{'policy'} $Lang::tr{'logging'} $Lang::tr{'action'}
$outfwsettings{'SNET'} $outfwsettings{'DISPLAY_DIP'}:$outfwsettings{'DISPLAY_DPORT'} $outfwsettings{'NAME'} $outfwsettings{'DISPLAY_STATE'} $outfwsettings{'LOG'}
END ; if (($outfwsettings{'SIP'}) || ($outfwsettings{'SMAC'})) { unless ($outfwsettings{'SIP'}) { $outfwsettings{'DISPLAY_SIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_SIP'} = $outfwsettings{'SIP'}; } unless ($outfwsettings{'SMAC'}) { $outfwsettings{'DISPLAY_SMAC'} = 'ALL'; print "
$Lang::tr{'source ip or net'}: $outfwsettings{'DISPLAY_SIP'}
$Lang::tr{'source'} $Lang::tr{'mac address'}: $outfwsettings{'DISPLAY_SMAC'}$Lang::tr{'time'} - END ; if ($outfwsettings{'TIME_MON'} eq 'on') { print "";} else { print "";} print "$Lang::tr{'advproxy monday'},"; if ($outfwsettings{'TIME_TUE'} eq 'on') { print "";} else { print "";} print "$Lang::tr{'advproxy tuesday'},"; if ($outfwsettings{'TIME_WED'} eq 'on') { print "";} else { print "";} print "$Lang::tr{'advproxy wednesday'},"; if ($outfwsettings{'TIME_THU'} eq 'on') { print "";} else { print "";} print "$Lang::tr{'advproxy thursday'},"; if ($outfwsettings{'TIME_FRI'} eq 'on') { print "";} else { print "";} print "$Lang::tr{'advproxy friday'},"; if ($outfwsettings{'TIME_SAT'} eq 'on') { print "";} else { print "";} print "$Lang::tr{'advproxy saturday'},"; if ($outfwsettings{'TIME_SUN'} eq 'on') { print "";} else { print "";} print "$Lang::tr{'advproxy sunday'}"; print < $Lang::tr{'advproxy from'} $outfwsettings{'TIME_FROM'} $Lang::tr{'advproxy to'} $outfwsettings{'TIME_TO'} all all ALL drop DENY on off
END ; } print < END ; } &Header::closebox(); } if ($outfwsettings{'POLICY'} ne 'MODE0'){ open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile"; @p2ps = ; close FILE; &Header::openbox('100%', 'center', 'P2P-Block'); print < $Lang::tr{'protocol'} $Lang::tr{'status'} END ; my $id = 1; foreach $p2pentry (sort @p2ps) { @p2pline = split( /\;/, $p2pentry ); print < END ; print "\t\t\t\n"; print <$p2pline[0]: END ; if ($p2pline[2] eq 'on') { print < END ; } else { print < END ; } print < END ; } print <
$Lang::tr{'outgoing firewall p2p description 1'} $Lang::tr{ $Lang::tr{'outgoing firewall p2p description 2'} $Lang::tr{ $Lang::tr{'outgoing firewall p2p description 3'} END ; &Header::closebox(); } &Header::openbox('100%', 'center', 'Policy'); print <
$Lang::tr{'mode'} 0:$Lang::tr{'outgoing firewall mode0'}
$Lang::tr{'mode'} 1:$Lang::tr{'outgoing firewall mode1'}
$Lang::tr{'mode'} 2:$Lang::tr{'outgoing firewall mode2'}
END ; if ($outfwsettings{'POLICY'} ne 'MODE0') { print < END ; } print < END ; &Header::closebox(); ############################################################################################################################ ############################################################################################################################ sub addrule { &Header::openbox('100%', 'center', $Lang::tr{'Add Rule'}); if ($outfwsettings{'ENABLED'} eq 'on') { $selected{'ENABLED'} = 'checked'; } $selected{'TIME_FROM'}{$outfwsettings{'TIME_FROM'}} = "selected='selected'"; $selected{'TIME_TO'}{$outfwsettings{'TIME_TO'}} = "selected='selected'"; print <
$Lang::tr{'description'}: $Lang::tr{'active'}:
$Lang::tr{'protocol'} $Lang::tr{'policy'}: END ; if ($outfwsettings{'POLICY'} eq 'MODE1'){ print "\t\t\t\tALLOW\n"; } elsif ($outfwsettings{'POLICY'} eq 'MODE2'){ print "\t\t\t\tDENY\n"; } print <
$Lang::tr{'source'}: $Lang::tr{'outgoing firewall warning'}
$Lang::tr{'source ip or net'}
$Lang::tr{'source'} $Lang::tr{'mac address'}:
$Lang::tr{'logging'}:
$Lang::tr{'destination ip or net'}: $Lang::tr{'destination port'}(s)
$Lang::tr{'time'}: $Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'} $Lang::tr{'advproxy from'} $Lang::tr{'advproxy to'}
$Lang::tr{'this field may be blank'}
END ; &Header::closebox(); if ($outfwsettings{'POLICY'} eq 'MODE1' || $outfwsettings{'POLICY'} eq 'MODE2') { &Header::openbox('100%', 'center', 'Quick Add'); open( FILE, "< /var/ipfire/outgoing/defaultservices" ) or die "Unable to read default services"; my @defservices = ; close FILE; print ""; foreach my $serviceline(@defservices) { my @service = split(/,/,$serviceline); print <
";} elsif ($outfwsettings{'POLICY'} eq 'MODE2'){print "";} } print "
$Lang::tr{'service'}$Lang::tr{'description'}$Lang::tr{'port'}$Lang::tr{'protocol'}$Lang::tr{'source net'}$Lang::tr{'logging'}$Lang::tr{'action'}
$service[0] $service[3] $service[1] $service[2] END ; if ($outfwsettings{'POLICY'} eq 'MODE1'){ print "
"; &Header::closebox(); } } &Header::closebigbox(); &Header::closepage();