From mboxrd@z Thu Jan 1 00:00:00 1970
From: Matthias Fischer <matthias.fischer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 1/3] optionsfw.cgi: Modified for 'forcing dns on green/blue'
Date: Sat, 28 Nov 2020 15:03:51 +0100
Message-ID: <20201128140353.3168-1-matthias.fischer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2984525851891210891=="
List-Id: <development.lists.ipfire.org>
--===============2984525851891210891==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
I'm sending this through patchwork now, since I've found that the last patches
wouldn't apply (they contained *local* paths, sorry for that).
Short background of this patch:
- It adds [DNS/NTP]_FORCED_ON_[INTERFACE] options to '/var/ipfire/optionsfw/s=
ettings'.
- The corresponding options should only be visible if the respective interfac=
e is
actually available. If BLUE interface doesn't exist, there shouldn't be any=
visible ON/OFF
switches for 'DNS/NTP on BLUE' or BLUE logging options.
- Language strings were altered accordingly, they come in a later patch of th=
is series.
- Screenshots:
=3D> https://community.ipfire.org/t/forcing-all-dns-traffic-from-the-lan-to=
-the-firewall/3512/91
['Masquerading on BLUE' is not shown because screenshots were made on a tes=
tmachine.]
- One thing that DOESN'T work:
For changes to take effect without a complete reboot, it is necessary to re=
start the
firewall rules through '/etc/init.d/firewall restart'. I tried to implement=
this by
adding a 'Save and Restart'-button.
But whatever I tried, this won't work through the Web-GUI. Neither by calli=
ng the init-file,
nor with a newly written 'optionsfwctrl.c' program. The save function is wo=
rking, but I
wasn't able to trigger a restart of the firewall rules.
No seen errors, it just won't work.
Calling the new 'optionsfwctrl.c' through console or restarting the rules w=
ith
'/etc/init.d/firewall restart' was ok, though (e.g.).
This has been marked in the patch (line 29).
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
html/cgi-bin/optionsfw.cgi | 101 ++++++++++++++++++++++++++++++++-----
1 file changed, 87 insertions(+), 14 deletions(-)
diff --git a/html/cgi-bin/optionsfw.cgi b/html/cgi-bin/optionsfw.cgi
index 47aba59cb..bec90b731 100644
--- a/html/cgi-bin/optionsfw.cgi
+++ b/html/cgi-bin/optionsfw.cgi
@@ -69,6 +69,31 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
&General::readhash($filename, \%settings); # Load good settings
}
=20
+if ($settings{'ACTION'} eq $Lang::tr{'fw settings save and restart'}) {
+ if ($settings{'defpol'} ne '1'){
+ $errormessage .=3D $Lang::tr{'new optionsfw later'};
+ &General::writehash($filename, \%settings); # Save good settin=
gs
+ system("/usr/local/bin/firewallctrl");
+ }else{
+ if ($settings{'POLICY'} ne ''){
+ $fwdfwsettings{'POLICY'} =3D $settings{'POLICY'};
+ }
+ if ($settings{'POLICY1'} ne ''){
+ $fwdfwsettings{'POLICY1'} =3D $settings{'POLICY1'};
+ }
+ my $MODE =3D $fwdfwsettings{'POLICY'};
+ my $MODE1 =3D $fwdfwsettings{'POLICY1'};
+ %fwdfwsettings =3D ();
+ $fwdfwsettings{'POLICY'} =3D "$MODE";
+ $fwdfwsettings{'POLICY1'} =3D "$MODE1";
+ &General::writehash("${General::swroot}/firewall/settings", \%fwdfwsetting=
s);
+ &General::readhash("${General::swroot}/firewall/settings", \%fwdfwsettings=
);
+ system("/usr/local/bin/firewallctrl");
+ system("/etc/rc.d/init.d/firewall restart >/dev/null 2>&1 "); # <--- !THI=
S DOESN'T WORK!
+ }
+ &General::readhash($filename, \%settings); # Load good settings
+}
+
&Header::openpage($Lang::tr{'options fw'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
&General::readhash($filename, \%settings);
@@ -158,6 +183,18 @@ $selected{'MASQUERADE_ORANGE'}{$settings{'MASQUERADE_ORA=
NGE'}} =3D 'selected=3D"sele
$selected{'MASQUERADE_BLUE'}{'off'} =3D '';
$selected{'MASQUERADE_BLUE'}{'on'} =3D '';
$selected{'MASQUERADE_BLUE'}{$settings{'MASQUERADE_BLUE'}} =3D 'selected=3D"=
selected"';
+$checked{'DNS_FORCE_ON_GREEN'}{'off'} =3D '';
+$checked{'DNS_FORCE_ON_GREEN'}{'on'} =3D '';
+$checked{'DNS_FORCE_ON_GREEN'}{$settings{'DNS_FORCE_ON_GREEN'}} =3D "checked=
=3D'checked'";
+$checked{'DNS_FORCE_ON_BLUE'}{'off'} =3D '';
+$checked{'DNS_FORCE_ON_BLUE'}{'on'} =3D '';
+$checked{'DNS_FORCE_ON_BLUE'}{$settings{'DNS_FORCE_ON_BLUE'}} =3D "checked=
=3D'checked'";
+$checked{'NTP_FORCE_ON_GREEN'}{'off'} =3D '';
+$checked{'NTP_FORCE_ON_GREEN'}{'on'} =3D '';
+$checked{'NTP_FORCE_ON_GREEN'}{$settings{'NTP_FORCE_ON_GREEN'}} =3D "checked=
=3D'checked'";
+$checked{'NTP_FORCE_ON_BLUE'}{'off'} =3D '';
+$checked{'NTP_FORCE_ON_BLUE'}{'on'} =3D '';
+$checked{'NTP_FORCE_ON_BLUE'}{$settings{'NTP_FORCE_ON_BLUE'}} =3D "checked=
=3D'checked'";
=20
&Header::openbox('100%', 'center',);
print "<form method=3D'post' action=3D'$ENV{'SCRIPT_NAME'}'>";
@@ -207,7 +244,38 @@ END
END
}
=20
- print <<END
+print <<END;
+ <table width=3D'95%' cellspacing=3D'0'>
+ <tr bgcolor=3D'$color{'color20'}'></tr>
+ <tr> </tr>
+ <td colspan=3D'2' align=3D'left'><b>$Lang::tr{'fw green'}</b></td>
+ </tr>
+ <tr><td align=3D'left' width=3D'60%'>$Lang::tr{'dns force on green'}</td><=
td align=3D'left'>$Lang::tr{'on'} <input type=3D'radio' name=3D'DNS_FORCE_ON_=
GREEN' value=3D'on' $checked{'DNS_FORCE_ON_GREEN'}{'on'} />/
+ <input type=3D'radio' name=3D'DNS_FORCE_ON_GREEN' valu=
e=3D'off' $checked{'DNS_FORCE_ON_GREEN'}{'off'} /> $Lang::tr{'off'}</td></tr>
+ <tr><td align=3D'left' width=3D'60%'>$Lang::tr{'ntp force on green'}</td><=
td align=3D'left'>$Lang::tr{'on'} <input type=3D'radio' name=3D'NTP_FORCE_ON_=
GREEN' value=3D'on' $checked{'NTP_FORCE_ON_GREEN'}{'on'} />/
+ <input type=3D'radio' name=3D'NTP_FORCE_ON_GREEN' valu=
e=3D'off' $checked{'NTP_FORCE_ON_GREEN'}{'off'} /> $Lang::tr{'off'}</td></tr>
+END
+
+ if (&Header::blue_used()) {
+ print <<END;
+ <table width=3D'95%' cellspacing=3D'0'>
+ <tr bgcolor=3D'$color{'color20'}'><td colspan=3D'2' align=3D'left'><b>$Lan=
g::tr{'fw blue'}</b></td></tr>
+ <tr> </tr>
+ <tr>
+ <tr><td align=3D'left' width=3D'60%'>$Lang::tr{'dns force on blue'}</td><=
td align=3D'left'>$Lang::tr{'on'} <input type=3D'radio' name=3D'DNS_FORCE_ON_=
BLUE' value=3D'on' $checked{'DNS_FORCE_ON_BLUE'}{'on'} />/
+ <input type=3D'radio' name=3D'DNS_FORCE_ON_BLUE' value=
=3D'off' $checked{'DNS_FORCE_ON_BLUE'}{'off'} /> $Lang::tr{'off'}</td></tr>
+ <tr><td align=3D'left' width=3D'60%'>$Lang::tr{'ntp force on blue'}</td><=
td align=3D'left'>$Lang::tr{'on'} <input type=3D'radio' name=3D'NTP_FORCE_ON_=
BLUE' value=3D'on' $checked{'NTP_FORCE_ON_BLUE'}{'on'} />/
+ <input type=3D'radio' name=3D'NTP_FORCE_ON_BLUE' value=
=3D'off' $checked{'NTP_FORCE_ON_BLUE'}{'off'} /> $Lang::tr{'off'}</td></tr>
+ <tr><td align=3D'left' width=3D'60%'>$Lang::tr{'drop proxy'}</td><td alig=
n=3D'left'>$Lang::tr{'on'} <input type=3D'radio' name=3D'DROPPROXY' value=3D'=
on' $checked{'DROPPROXY'}{'on'} />/
+ <input type=3D'radio' name=3D'DROPPROXY' value=3D'off'=
$checked{'DROPPROXY'}{'off'} /> $Lang::tr{'off'}</td></tr>
+ <tr><td align=3D'left' width=3D'60%'>$Lang::tr{'drop samba'}</td><td alig=
n=3D'left'>$Lang::tr{'on'} <input type=3D'radio' name=3D'DROPSAMBA' value=3D'=
on' $checked{'DROPSAMBA'}{'on'} />/
+ <input type=3D'radio' name=3D'DROPSAMBA' value=3D'off'=
$checked{'DROPSAMBA'}{'off'} /> $Lang::tr{'off'}</td></tr>
+ </td>
+ </tr>
+END
+ }
+
+ print <<END;
</table>
=20
<br>
@@ -224,21 +292,25 @@ END
<input type=3D'radio' name=3D'DROPOUTGOING' value=3D'o=
ff' $checked{'DROPOUTGOING'}{'off'} /> $Lang::tr{'off'}</td></tr>
<tr><td align=3D'left' width=3D'60%'>$Lang::tr{'drop portscan'}</td><td alig=
n=3D'left'>$Lang::tr{'on'} <input type=3D'radio' name=3D'DROPPORTSCAN' value=
=3D'on' $checked{'DROPPORTSCAN'}{'on'} />/
<input type=3D'radio' name=3D'DROPPORTSCAN' value=3D'o=
ff' $checked{'DROPPORTSCAN'}{'off'} /> $Lang::tr{'off'}</td></tr>
-<tr><td align=3D'left' width=3D'60%'>$Lang::tr{'drop wirelessinput'}</td><td=
align=3D'left'>$Lang::tr{'on'} <input type=3D'radio' name=3D'DROPWIRELESSINP=
UT' value=3D'on' $checked{'DROPWIRELESSINPUT'}{'on'} />/
+END
+
+ if (&Header::blue_used()) {
+ print <<END;
+ <table width=3D'95%' cellspacing=3D'0'>
+ <tr>
+ <tr><td align=3D'left' width=3D'60%'>$Lang::tr{'drop wirelessinput'}</td>=
<td align=3D'left'>$Lang::tr{'on'} <input type=3D'radio' name=3D'DROPWIRELESS=
INPUT' value=3D'on' $checked{'DROPWIRELESSINPUT'}{'on'} />/
<input type=3D'radio' name=3D'DROPWIRELESSINPUT' value=
=3D'off' $checked{'DROPWIRELESSINPUT'}{'off'} /> $Lang::tr{'off'}</td></tr>
-<tr><td align=3D'left' width=3D'60%'>$Lang::tr{'drop wirelessforward'}</td><=
td align=3D'left'>$Lang::tr{'on'} <input type=3D'radio' name=3D'DROPWIRELESSF=
ORWARD' value=3D'on' $checked{'DROPWIRELESSFORWARD'}{'on'} />/
+ <tr><td align=3D'left' width=3D'60%'>$Lang::tr{'drop wirelessforward'}</t=
d><td align=3D'left'>$Lang::tr{'on'} <input type=3D'radio' name=3D'DROPWIRELE=
SSFORWARD' value=3D'on' $checked{'DROPWIRELESSFORWARD'}{'on'} />/
<input type=3D'radio' name=3D'DROPWIRELESSFORWARD' val=
ue=3D'off' $checked{'DROPWIRELESSFORWARD'}{'off'} /> $Lang::tr{'off'}</td></t=
r>
-</table>
-<br/>
+ </tr>
+END
+ }
+
+ print <<END;
+ </table>
+
+ <br/>
=20
-<table width=3D'95%' cellspacing=3D'0'>
-<tr bgcolor=3D'$color{'color20'}'><td colspan=3D'2' align=3D'left'><b>$Lang:=
:tr{'fw blue'}</b></td></tr>
-<tr><td align=3D'left' width=3D'60%'>$Lang::tr{'drop proxy'}</td><td align=
=3D'left'>$Lang::tr{'on'} <input type=3D'radio' name=3D'DROPPROXY' value=3D'o=
n' $checked{'DROPPROXY'}{'on'} />/
- <input type=3D'radio' name=3D'DROPPROXY' value=3D'off'=
$checked{'DROPPROXY'}{'off'} /> $Lang::tr{'off'}</td></tr>
-<tr><td align=3D'left' width=3D'60%'>$Lang::tr{'drop samba'}</td><td align=
=3D'left'>$Lang::tr{'on'} <input type=3D'radio' name=3D'DROPSAMBA' value=3D'o=
n' $checked{'DROPSAMBA'}{'on'} />/
- <input type=3D'radio' name=3D'DROPSAMBA' value=3D'off'=
$checked{'DROPSAMBA'}{'off'} /> $Lang::tr{'off'}</td></tr>
-</table>
-<br>
<table width=3D'95%' cellspacing=3D'0'>
<tr bgcolor=3D'$color{'color20'}'><td colspan=3D'2' align=3D'left'><b>$Lang:=
:tr{'fw settings'}</b></td></tr>
<tr><td align=3D'left' width=3D'60%'>$Lang::tr{'fw settings color'}</td><td =
align=3D'left'>$Lang::tr{'on'} <input type=3D'radio' name=3D'SHOWCOLORS' valu=
e=3D'on' $checked{'SHOWCOLORS'}{'on'} />/
@@ -323,7 +395,8 @@ END
<br />
<table width=3D'100%' cellspacing=3D'0'>
<tr><td align=3D'right'><form method=3D'post' action=3D'$ENV{'SCRIPT_NAME'}'>
-<input type=3D'submit' name=3D'ACTION' value=3D$Lang::tr{'save'} />
+<input type=3D'submit' name=3D'ACTION' value=3D'$Lang::tr{'save'}' />
+<input type=3D'submit' name=3D'ACTION' value=3D'$Lang::tr{'fw settings save =
and restart'}' />
</form></td></tr>
</table>
</form>
--=20
2.18.0
--===============2984525851891210891==--