This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".

The branch, next has been updated via 1ddefbbdc868e2ac0e650cbc480dbf86a8d355ae (commit) from a8e4c65724fb2796fe81242180664da32625d478 (commit)

Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.

- Log ----------------------------------------------------------------- commit 1ddefbbdc868e2ac0e650cbc480dbf86a8d355ae Author: Christian Schmidt maniacikarus@ipfire.org Date: Thu Mar 11 20:46:37 2010 +0100

Rewritten the iptables cgi, fixes bug #578

-----------------------------------------------------------------------

Summary of changes: config/cfgroot/header.pl | 26 +++ html/cgi-bin/iptables.cgi | 410 +++++++++++++++++++++++++++++++++++++++------ 2 files changed, 388 insertions(+), 48 deletions(-)

Difference in files: diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl index 3a2c932..bbb0eca 100644 --- a/config/cfgroot/header.pl +++ b/config/cfgroot/header.pl @@ -494,3 +494,29 @@ sub leasesort { } } } + +sub colorize { + my $string = $_[0]; + my @array = split(///,$string); + my $string2 = $array[0]; + + if ( $string eq "*" or $string eq "" ){ + return $string; + } elsif ( $string =~ "ipsec" ){ + return "<font color='".${Header::colourvpn}."'>".$string."</font>"; + } elsif ( $string =~ "tun" ){ + return "<font color='".${Header::colourovpn}."'>".$string."</font>"; + } elsif ( $string =~ "lo" or $string =~ "127.0.0.0" ){ + return "<font color='".${Header::colourfw}."'>".$string."</font>"; + } elsif ( $string =~ $ethsettings{'GREEN_DEV'} or &IpInSubnet($string2,$ethsettings{'GREEN_NETADDRESS'},$ethsettings{'GREEN_NETMASK'}) ){ + return "<font color='".${Header::colourgreen}."'>".$string."</font>"; + } elsif ( $string =~ "ppp0" or $string =~ $ethsettings{'RED_DEV'} or $string =~ "0.0.0.0" or $string =~ $ethsettings{'RED_ADDRESS'} ){ + return "<font color='".${Header::colourred}."'>".$string."</font>"; + } elsif ( $ethsettings{'CONFIG_TYPE'}>1 and ( $string =~ $ethsettings{'BLUE_DEV'} or &IpInSubnet($string2,$ethsettings{'BLUE_NETADDRESS'},$ethsettings{'BLUE_NETMASK'}) )){ + return "<font color='".${Header::colourblue}."'>".$string."</font>"; + } elsif ( $ethsettings{'CONFIG_TYPE'}>2 and ( $string =~ $ethsettings{'ORANGE_DEV'} or &IpInSubnet($string2,$ethsettings{'ORANGE_NETADDRESS'},$ethsettings{'ORANGE_NETMASK'}) )){ + return "<font color='".${Header::colourorange}."'>".$string."</font>"; + } else { + return $string; + } +} diff --git a/html/cgi-bin/iptables.cgi b/html/cgi-bin/iptables.cgi index 7f29365..080371b 100644 --- a/html/cgi-bin/iptables.cgi +++ b/html/cgi-bin/iptables.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2010 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -23,100 +23,414 @@ require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl";

+#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +my $debug = 0; my @iplines; +my $string = ""; my $lines = 0; my @ipmanlines; my $manlines = 0; my @ipnatlines; my $natlines = 0; +my %chains; +my %chainsman; +my %chainsnat; +my $chainname; +my $selectedchain; +my %netsettings = (); +my %cgiparams=(); + +&Header::getcgihash(%cgiparams);

system('/usr/local/bin/getipstat');

&Header::showhttpheaders(); &Header::openpage($Lang::tr{'ipts'}, 1, ''); &Header::openbigbox('100%', 'LEFT'); + +# This debug is used to see what inputs are done via the cgi and +# what parameters are to be executed + +if ( $debug ){ + &Header::openbox('100%', 'center', 'DEBUG'); + my $debugCount = 0; + foreach my $line (sort keys %cgiparams) { + print "$line = '$cgiparams{$line}'<br />\n"; + $debugCount++; + } + print "&nbsp;Count: $debugCount\n"; + &Header::closebox(); +} + &Header::openbox('100%', 'LEFT', $Lang::tr{'ipts'}.':'); + +# If the cgi is called the first time the default chain is +# used, otherwise if user selected a chains in the selectboxes +# those one are displayed, it is possible to change all 3 at +# the same time + +if ( $cgiparams{'selectedchain'} ne "" ){ + my @multi = split(/|/,$cgiparams{'selectedchain'}); + $selectedchain = $multi[0]; +} else { + $selectedchain = "INPUT"; +} + print <<END

- <DIV align='left'> - <PRE> +<DIV align='left'> END ; + +# We´ll open the txt files and extract each line, if the line +# start with an Chain the the name, start- and endline of the +# chain is extracted into a hash + open (FILE, '/srv/web/ipfire/html/iptables.txt'); - while (<FILE>) - { - $iplines[$lines] = $_; + while (<FILE>){ + + $iplines[$lines] = $_; + + if ( $_ =~ /^Chain/ ){ + + my @chainstring = split(/ /,$_); + + if ( $chainname ne "" ){ + $chains{$chainname."end"} = $lines-2; + } + + $chainname = $chainstring[1]; + $chains{$chainname."start"} = $lines; + } + $lines++; - } + + } close (FILE); - foreach $_ (@iplines) { - print "$_"; }

-print <<END - </PRE> - </DIV> - <BR> +# now the chain hash is extracted to get the correct name of the chain +# all chains are displayed as a select box and can be choosen for display +# after this all corresponding lines for the chain are extraced and seperated +# into table rows, sometimes we need to handle leading blank so the offset is +# needed, some lines need to chomp trailing seperators. The interfaces and +# network addresses should be colorized by an extra function to make a nice +# colored gui

-END -; + print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n<select name='selectedchain' style='width: 250px'>\n"; + foreach (keys(%chains)){ + + if ( $_ =~ /end$/ ){ + next; + } else { + $_ =~ s/start$//gi; + } + + print " <option value='".$_; + if ( $_ eq $selectedchain ){ + print "' selected='selected' >".$_."</option>\n"; + } else { + print "'>".$_."</option>\n"; + } + } + print "</select><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /><form><br /><br />\n\n"; + + $string = $iplines[$chains{$selectedchain."start"}]; + $string =~ s/\s$//gi; + + print "<strong>".$string."</strong><br />\n\n"; + print "<table width='100%' cellspacing='1'>\n<tr>\n"; + foreach (split(/ +/,$iplines[$chains{$selectedchain."start"}+1])){ + if ( $_ =~ /[^a-zA-Z]/ ){chomp($_);} + print " <th align='left'><strong>".$_."</strong></th>\n"; + } + + print "</tr>\n"; + + print "<tr>\n"; + print " <td width='0'></td>\n <td width='35'></td>\n <td width='35'></td>\n"; + print " <td width='130'></td>\n <td width='30'></td>\n"; + print " <td width='30'></td>\n <td width='40'></td>\n"; + print " <td width='40'></td>\n <td width='95'></td>\n"; + print " <td width='95'></td>\n <td width='260'></td>\n"; + print "</tr>\n"; + + + for(my $i = $chains{$selectedchain."start"}+2; $i <= $chains{$selectedchain."end"}; $i++) { + print "<tr>\n"; + + my @iptablesline = split(/ +/,$iplines[$i]); + my $offset=0; + + if ( $iptablesline[0] eq "" ){ + $offset=1; + } + + print " <td></td>\n <td>".$iptablesline[0+$offset]."</td>\n <td>".$iptablesline[1+$offset]."</td>\n"; + print " <td>".$iptablesline[2+$offset]."</td>\n <td>".$iptablesline[3+$offset]."</td>\n"; + print " <td>".$iptablesline[4+$offset]."</td>\n <td>".&Header::colorize($iptablesline[5+$offset])."</td>\n"; + print " <td>".&Header::colorize($iptablesline[6+$offset])."</td>\n"; + print " <td>".&Header::colorize($iptablesline[7+$offset])."</td>\n"; + print " <td>".&Header::colorize($iptablesline[8+$offset])."</td>\n <td>"; + + for (my $i=9+$offset; $i <= $#iptablesline; $i++){ + $string = $iptablesline[$i]; + $string =~ s/\s$//gi; + print " ".$string; + } + print "</td>\n</tr>\n"; + } +print "</table></DIV><br />"; &Header::closebox();

## MANGLE &Header::openbox('100%', 'LEFT', $Lang::tr{'iptmangles'}.':'); + +# If the cgi is called the first time the default chain is +# used, otherwise if user selected a chains in the selectboxes +# those one are displayed, it is possible to change all 3 at +# the same time + +if ( $cgiparams{'selectedchain'} ne "" ){ + my @multi = split(/|/,$cgiparams{'selectedchain'}); + $selectedchain = $multi[1]; +} else { + $selectedchain = "PREROUTING"; +} + print <<END

- <DIV align='left'> - <PRE> +<DIV align='left'> END ; - open (FILEMAN, '/srv/web/ipfire/html/iptablesmangle.txt'); - while (<FILEMAN>) - { - $ipmanlines[$manlines] = $_; + +# We´ll open the txt files and extract each line, if the line +# start with an Chain the the name, start- and endline of the +# chain is extracted into a hash + + open (FILE, '/srv/web/ipfire/html/iptablesmangle.txt'); + while (<FILE>){ + + $ipmlines[$manlines] = $_; + + if ( $_ =~ /^Chain/ ){ + + my @chainstring = split(/ /,$_); + + if ( $chainname ne "" ){ + $chainsman{$chainname."end"} = $manlines-2; + } + + $chainname = $chainstring[1]; + $chainsman{$chainname."start"} = $manlines; + } + $manlines++; - } - close (FILEMAN); - foreach $_ (@ipmanlines) { - print "$_"; } + + } + close (FILE);

-print <<END - </PRE> - </DIV> - <BR> +# now the chain hash is extracted to get the correct name of the chain +# all chains are displayed as a select box and can be choosen for display +# after this all corresponding lines for the chain are extraced and seperated +# into table rows, sometimes we need to handle leading blank so the offset is +# needed, some lines need to chomp trailing seperators. The interfaces and +# network addresses should be colorized by an extra function to make a nice +# colored gui

-END -; + print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n<select name='selectedchain' style='width: 250px'>\n"; + foreach (keys(%chainsman)){ + + if ( $_ =~ /end$/ ){ + next; + } else { + $_ =~ s/start$//gi; + } + + print " <option value='".$_; + if ( $_ eq $selectedchain ){ + print "' selected='selected' >".$_."</option>\n"; + } else { + print "'>".$_."</option>\n"; + } + } + print "</select><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /><form><br /><br />\n\n"; + + $string = $ipmanlines[$chainsman{$selectedchain."start"}]; + $string =~ s/\s$//gi; + + print "<strong>".$string."</strong><br />\n\n"; + print "<table width='100%' cellspacing='1'>\n<tr>\n"; + foreach (split(/ +/,$ipmlines[$chainsman{$selectedchain."start"}+1])){ + if ( $_ =~ /[^a-zA-Z]/ ){chomp($_);} + print " <th align='left'><strong>".$_."</strong></th>\n"; + } + + print "</tr>\n"; + + print "<tr>\n"; + print " <td width='0'></td>\n <td width='35'></td>\n <td width='35'></td>\n"; + print " <td width='130'></td>\n <td width='30'></td>\n"; + print " <td width='30'></td>\n <td width='40'></td>\n"; + print " <td width='40'></td>\n <td width='95'></td>\n"; + print " <td width='95'></td>\n <td width='260'></td>\n"; + print "</tr>\n"; + + for(my $i = $chainsman{$selectedchain."start"}+2; $i <= $chainsman{$selectedchain."end"}; $i++) { + print "<tr>\n"; + my @iptablesline = split(/ +/,$ipmlines[$i]); + my $offset=0; + + if ( $iptablesline[0] eq "" ){ + $offset=1; + } + + print " <td></td>\n <td>".$iptablesline[0+$offset]."</td>\n <td>".$iptablesline[1+$offset]."</td>\n"; + print " <td>".$iptablesline[2+$offset]."</td>\n <td>".$iptablesline[3+$offset]."</td>\n"; + print " <td>".$iptablesline[4+$offset]."</td>\n <td>".&Header::colorize($iptablesline[5+$offset])."</td>\n"; + print " <td>".&Header::colorize($iptablesline[6+$offset])."</td>\n"; + print " <td>".&Header::colorize($iptablesline[7+$offset])."</td>\n"; + print " <td>".&Header::colorize($iptablesline[8+$offset])."</td>\n <td>"; + + for (my $i=9+$offset; $i <= $#iptablesline; $i++){ + $string = $iptablesline[$i]; + $string =~ s/\s$//gi; + +# mangles with marks need to be converted from hex to number to show the correct qos class + + if ( $string =~ /^0x/){ + $string = hex($string); + } + + print " ".$string; + } + print "</td>\n</tr>\n"; + } +print "</table></DIV><br />"; &Header::closebox();

## NAT &Header::openbox('100%', 'LEFT', $Lang::tr{'iptnats'}.':'); + +# If the cgi is called the first time the default chain is +# used, otherwise if user selected a chains in the selectboxes +# those one are displayed, it is possible to change all 3 at +# the same time + +if ( $cgiparams{'selectedchain'} ne "" ){ + my @multi = split(/|/,$cgiparams{'selectedchain'}); + $selectedchain = $multi[2]; +} else { + $selectedchain = "PREROUTING"; +} + print <<END

- <DIV align='left'> - <PRE> +<DIV align='left'> END ; - open (FILENAT, '/srv/web/ipfire/html/iptablesnat.txt'); - while (<FILENAT>) - { - $ipnatlines[$natlines] = $_; + +# We´ll open the txt files and extract each line, if the line +# start with an Chain the the name, start- and endline of the +# chain is extracted into a hash + + open (FILE, '/srv/web/ipfire/html/iptablesnat.txt'); + while (<FILE>){ + + $ipnatlines[$natlines] = $_; + + if ( $_ =~ /^Chain/ ){ + + my @chainstring = split(/ /,$_); + + if ( $chainname ne "" ){ + $chainsnat{$chainname."end"} = $natlines-2; + } + + $chainname = $chainstring[1]; + $chainsnat{$chainname."start"} = $natlines; + } + $natlines++; - } - close (FILENAT); - foreach $_ (@ipnatlines) { - print "$_"; } + + } + close (FILE);

-print <<END - </PRE> - </DIV> - <BR> +# now the chain hash is extracted to get the correct name of the chain +# all chains are displayed as a select box and can be choosen for display +# after this all corresponding lines for the chain are extraced and seperated +# into table rows, sometimes we need to handle leading blank so the offset is +# needed, some lines need to chomp trailing seperators. The interfaces and +# network addresses should be colorized by an extra function to make a nice +# colored gui

-END -; + print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n<select name='selectedchain' style='width: 250px'>\n"; + foreach (keys(%chainsnat)){ + + if ( $_ =~ /end$/ ){ + next; + } else { + $_ =~ s/start$//gi; + } + + print " <option value='".$_; + if ( $_ eq $selectedchain ){ + print "' selected='selected' >".$_."</option>\n"; + } else { + print "'>".$_."</option>\n"; + } + } + print "</select><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /><form><br /><br />\n\n"; + + $string = $ipnatlines[$chainsnat{$selectedchain."start"}]; + $string =~ s/\s$//gi; + + print "<strong>".$string."</strong><br />\n\n"; + print "<table width='100%' cellspacing='1'>\n<tr>\n"; + foreach (split(/ +/,$ipnatlines[$chainsnat{$selectedchain."start"}+1])){ + if ( $_ =~ /[^a-zA-Z]/ ){chomp($_);} + print "<th align='left'><strong>".$_."</strong></th>\n"; + } + + print "</tr>\n"; + + print "<tr>\n"; + print " <td width='0'></td>\n <td width='35'></td>\n <td width='35'></td>\n"; + print " <td width='130'></td>\n <td width='30'></td>\n"; + print " <td width='30'></td>\n <td width='40'></td>\n"; + print " <td width='40'></td>\n <td width='95'></td>\n"; + print " <td width='95'></td>\n <td width='260'></td>\n"; + print "</tr>\n"; + + for(my $i = $chainsnat{$selectedchain."start"}+2; $i <= $chainsnat{$selectedchain."end"}; $i++) { + print "<tr>\n"; + my @iptablesline = split(/ +/,$ipnatlines[$i]); + my $offset=0; + + if ( $iptablesline[0] eq "" ){ + $offset=1; + } + + print " <td></td>\n<td>".$iptablesline[0+$offset]."</td>\n <td>".$iptablesline[1+$offset]."</td>\n"; + print " <td>".$iptablesline[2+$offset]."</td>\n <td>".$iptablesline[3+$offset]."</td>\n"; + print " <td>".$iptablesline[4+$offset]."</td>\n <td>".&Header::colorize($iptablesline[5+$offset])."</td>\n"; + print " <td>".&Header::colorize($iptablesline[6+$offset])."</td>\n"; + print " <td>".&Header::colorize($iptablesline[7+$offset])."</td>\n"; + print " <td>".&Header::colorize($iptablesline[8+$offset])."</td>\n <td>"; + + for (my $i=9+$offset; $i <= $#iptablesline; $i++){ + $string = $iptablesline[$i]; + $string =~ s/\s$//gi; + print " ".$string; + } + print "</td>\n</tr>\n"; + } +print "</table></DIV><br />"; &Header::closebox(); &Header::closebigbox(); &Header::closepage();

system(rm -f "/srv/web/ipfire/html/iptables.txt"); system(rm -f "/srv/web/ipfire/html/iptablesmangle.txt"); -system(rm -f "/srv/web/ipfire/html/iptablesnat.txt"); +system(rm -f "/srv/web/ipfire/html/iptablesnat.txt"); \ No newline at end of file

hooks/post-receive -- IPFire 2.x development tree