[IPFire-SCM] [git.ipfire.org] IPFire 2.x development tree branch, master, updated. fdeaa057c2f60b80890e24885db7b3b81bdd8ff2
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via fdeaa057c2f60b80890e24885db7b3b81bdd8ff2 (commit) from ed0a0ba8a16fd3411a545dc53934ea08b620b35a (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit fdeaa057c2f60b80890e24885db7b3b81bdd8ff2 Author: Christian Schmidt maniacikarus@ipfire.org Date: Fri Apr 16 08:40:01 2010 +0200
Did some final steps for the outgoing fw, this should be working now. This fixes bug #0000577
-----------------------------------------------------------------------
Summary of changes: config/menu/50-firewall.menu | 6 + config/outgoingfw/outgoingfw.pl | 132 +++++++++++++---------- config/rootfiles/common/apache2 | 1 + config/rootfiles/common/configroot | 2 + html/cgi-bin/outgoingfw.cgi | 176 +++++++++++++++++++----------- html/cgi-bin/outgoinggrp.cgi | 213 ++++++++++++++++++++++++++++++++++++ langs/de/cgi-bin/de.pl | 4 + langs/en/cgi-bin/en.pl | 6 +- langs/fr/cgi-bin/fr.pl | 10 +- lfs/configroot | 7 +- 10 files changed, 429 insertions(+), 128 deletions(-) create mode 100644 html/cgi-bin/outgoinggrp.cgi
Difference in files: diff --git a/config/menu/50-firewall.menu b/config/menu/50-firewall.menu index d8a4908..de28f8e 100644 --- a/config/menu/50-firewall.menu +++ b/config/menu/50-firewall.menu @@ -28,6 +28,12 @@ 'title' => "$Lang::tr{'outgoing firewall'}", 'enabled' => 1, }; + $subfirewall->{'51.outgoinggrp'} = { + 'caption' => $Lang::tr{'outgoing firewall groups'}, + 'uri' => '/cgi-bin/outgoinggrp.cgi', + 'title' => "$Lang::tr{'outgoing firewall groups'}", + 'enabled' => 1, + }; $subfirewall->{'60.upnp'} = { 'caption' => 'UPnP', 'uri' => '/cgi-bin/upnp.cgi', diff --git a/config/outgoingfw/outgoingfw.pl b/config/outgoingfw/outgoingfw.pl index ac27a58..dd42415 100644 --- a/config/outgoingfw/outgoingfw.pl +++ b/config/outgoingfw/outgoingfw.pl @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2009 Michael Tremer & Christian Schmidt # +# Copyright (C) 2005-2010 IPTifre Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -37,7 +37,6 @@ my @configline = (); my $p2pentry = ""; my @p2ps = (); my @p2pline = (); -my @proto = (); my $CMD = ""; my $P2PSTRING = "";
@@ -65,8 +64,10 @@ $outfwsettings{'DISPLAY_SMAC'} = ''; $outfwsettings{'DISPLAY_SIP'} = ''; $outfwsettings{'POLICY'} = 'MODE0';
+my @SOURCE = ""; my $SOURCE = ""; my $DESTINATION = ""; +my @PROTO = ""; my $PROTO = ""; my $DPORT = ""; my $DEV = ""; @@ -114,93 +115,112 @@ if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
foreach $configentry (sort @configs) { - $SOURCE = ""; + @SOURCE = ""; $DESTINATION = ""; $PROTO = ""; $DPORT = ""; $DEV = ""; $MAC = ""; @configline = split( /;/, $configentry ); + if ($outfwsettings{'STATE'} eq $configline[0]) { if ($configline[2] eq 'green') { - $SOURCE = "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"; + @SOURCE = ("$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"); $DEV = $netsettings{'GREEN_DEV'}; } elsif ($configline[2] eq 'red') { - $SOURCE = "$netsettings{'RED_IP'}"; + @SOURCE = ("$netsettings{'RED_IP'}"); $DEV = ""; } elsif ($configline[2] eq 'blue') { - $SOURCE = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"; + @SOURCE = ("$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"); $DEV = $netsettings{'BLUE_DEV'}; } elsif ($configline[2] eq 'orange') { - $SOURCE = "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}"; + @SOURCE = ("$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}"); $DEV = $netsettings{'ORANGE_DEV'}; + } elsif ($configline[2] eq 'ipsec') { + @SOURCE = ""; + $DEV = "ipsec+"; + } elsif ($configline[2] eq 'ovpn') { + @SOURCE = ""; + $DEV = "tun+"; } elsif ($configline[2] eq 'ip') { - $SOURCE = "$configline[5]"; + @SOURCE = ("$configline[5]"); + $DEV = ""; + } + } elsif ($configline[2] eq 'all') { + @SOURCE = ("0/0"); $DEV = ""; - } else { - $SOURCE = "0/0"; + } else { + if ( -e "/var/ipfire/outgoing/groups/ipgroups/$configline[2]" ) + { + @SOURCE = `cat /var/ipfire/outgoing/groups/ipgroups/$configline[2]`; + } $DEV = ""; }
if ($configline[7]) { $DESTINATION = "$configline[7]"; } else { $DESTINATION = "0/0"; } if ($configline[3] eq 'tcp') { - @proto = ("tcp"); + @PROTO = ("tcp"); } elsif ($configline[3] eq 'udp') { - @proto = ("udp"); + @PROTO = ("udp"); } elsif ($configline[3] eq 'esp') { - @proto = ("esp"); + @PROTO = ("esp"); } elsif ($configline[3] eq 'gre') { - @proto = ("gre"); + @PROTO = ("gre"); } else { - @proto = ("tcp","udp"); + @PROTO = ("tcp","udp"); } - - - foreach $PROTO (@proto) { - $CMD = "/sbin/iptables -A OUTGOINGFW -s $SOURCE -d $DESTINATION -p $PROTO"; - - if ($configline[8] && $configline[3] ne 'esp' && $configline[3] ne 'gre') { - $DPORT = "$configline[8]"; - $CMD = "$CMD --dport $DPORT"; - } - - if ($DEV) { - $CMD = "$CMD -i $DEV"; - } - - if ($configline[6]) { - $MAC = "$configline[6]"; - $CMD = "$CMD -m mac --mac-source $MAC"; - } - - if ($configline[17] && $configline[18]) { - if ($configline[10]){$DAY = "Mon,"} - if ($configline[11]){$DAY .= "Tue,"} - if ($configline[12]){$DAY .= "Wed,"} - if ($configline[13]){$DAY .= "Thu,"} - if ($configline[14]){$DAY .= "Fri,"} - if ($configline[15]){$DAY .= "Sat,"} - if ($configline[16]){$DAY .= "Sun"} - $CMD = "$CMD -m time --timestart $configline[17] --timestop $configline[18] --weekdays $DAY"; - } - - $CMD = "$CMD -o $netsettings{'RED_DEV'}";
- if ($configline[9] eq "aktiv") { + foreach $PROTO (@PROTO){ + foreach $SOURCE (@SOURCE) { + $SOURCE =~ s/\s//gi; + + if ( $SOURCE eq "" ){next;} + + $CMD = "/sbin/iptables -A OUTGOINGFW -s $SOURCE -d $DESTINATION -p $PROTO"; + + if ($configline[8] && ( $configline[3] ne 'esp' || $configline[3] ne 'gre') ) { + $DPORT = "$configline[8]"; + $CMD = "$CMD -m multiport --destination-port $DPORT"; + } + + if ($DEV) { + $CMD = "$CMD -i $DEV"; + } + + if ($configline[6]) { + $MAC = "$configline[6]"; + $CMD = "$CMD -m mac --mac-source $MAC"; + } + + if ($configline[17] && $configline[18]) { + if ($configline[10]){$DAY = "Mon,"} + if ($configline[11]){$DAY .= "Tue,"} + if ($configline[12]){$DAY .= "Wed,"} + if ($configline[13]){$DAY .= "Thu,"} + if ($configline[14]){$DAY .= "Fri,"} + if ($configline[15]){$DAY .= "Sat,"} + if ($configline[16]){$DAY .= "Sun"} + $CMD = "$CMD -m time --timestart $configline[17] --timestop $configline[18] --weekdays $DAY"; + } + + $CMD = "$CMD -o $netsettings{'RED_DEV'}"; + + if ($configline[9] eq "aktiv") { + if ($DEBUG) { + print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW'\n"; + } else { + system("$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW'"); + } + } + if ($DEBUG) { - print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW'\n"; + print "$CMD -j $DO\n"; } else { - system("$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW'"); + system("$CMD -j $DO"); } } - - if ($DEBUG) { - print "$CMD -j $DO\n"; - } else { - system("$CMD -j $DO"); - } - } + } } }
diff --git a/config/rootfiles/common/apache2 b/config/rootfiles/common/apache2 index e6abdc2..a67a44f 100644 --- a/config/rootfiles/common/apache2 +++ b/config/rootfiles/common/apache2 @@ -1339,6 +1339,7 @@ srv/web/ipfire/cgi-bin/netexternal.cgi srv/web/ipfire/cgi-bin/netinternal.cgi srv/web/ipfire/cgi-bin/netother.cgi srv/web/ipfire/cgi-bin/outgoingfw.cgi +srv/web/ipfire/cgi-bin/outgoinggrp.cgi srv/web/ipfire/cgi-bin/optionsfw.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/pakfire.cgi diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index efbc5fe..38b8dff 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -96,6 +96,8 @@ var/ipfire/outgoing #var/ipfire/outgoing/bin #var/ipfire/outgoing/bin/outgoingfw.pl var/ipfire/outgoing/defaultservices +#var/ipfire/outgoing/groups +#var/ipfire/outgoing/ipgroups #var/ipfire/outgoing/p2protocols #var/ipfire/outgoing/rules #var/ipfire/outgoing/settings diff --git a/html/cgi-bin/outgoingfw.cgi b/html/cgi-bin/outgoingfw.cgi index c5db16b..e2bfcfd 100644 --- a/html/cgi-bin/outgoingfw.cgi +++ b/html/cgi-bin/outgoingfw.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# Copyright (C) 2005-2010 IPTifre Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -41,6 +41,7 @@ my @p2ps = (); my @p2pline = ();
my $configfile = "/var/ipfire/outgoing/rules"; +my $configpath = "/var/ipfire/outgoing/groups/"; my $p2pfile = "/var/ipfire/outgoing/p2protocols"; my $servicefile = "/var/ipfire/outgoing/defaultservices";
@@ -145,7 +146,7 @@ if ( $outfwsettings{'TIME_MON'} eq "" && $outfwsettings{'TIME_SUN'} = "on"; }
-&Header::openpage('Ausgehende Firewall', 1, ''); +&Header::openpage($Lang::tr{'outgoing firewall'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage);
############################################################################################################################ @@ -607,88 +608,124 @@ END ; &Header::closebox();
-&Header::closebigbox(); -&Header::closepage(); - ############################################################################################################################ ############################################################################################################################
sub addrule { - &Header::openbox('100%', 'center', 'Rules hinzufuegen'); + &Header::openbox('100%', 'center', $Lang::tr{'Add Rule'}); if ($outfwsettings{'EDIT'} eq 'no') { $selected{'ENABLED'} = 'checked'; } $selected{'TIME_FROM'}{$outfwsettings{'TIME_FROM'}} = "selected='selected'"; $selected{'TIME_TO'}{$outfwsettings{'TIME_TO'}} = "selected='selected'"; - print <<END +print <<END <form method='post' action='$ENV{'SCRIPT_NAME'}'> <table width='80%'> - <tr><td width='20%' align='right'>$Lang::tr{'description'}: <img src='/blob.gif' /> - <td width='30%' align='left'><input type='text' name='NAME' maxlength='30' value='$outfwsettings{'NAME'}' /> - <td width='20%' align='right' colspan='2'>$Lang::tr{'active'}: - <td width='30%' align='left' colspan='2'><input type='checkbox' name='ENABLED' $selected{'ENABLED'} /> - <tr><td width='20%' align='right'>$Lang::tr{'protocol'}: - <td width='30%' align='left'> - <select name='PROT'> - <option value='all' $selected{'PROT'}{'all'}>All</option> - <option value='tcp' $selected{'PROT'}{'tcp'}>TCP</option> - <option value='udp' $selected{'PROT'}{'udp'}>UDP</option> - <option value='gre' $selected{'PROT'}{'gre'}>GRE</option> - <option value='esp' $selected{'PROT'}{'esp'}>ESP</option> - </select> - <td width='20%' align='right' colspan='2'>$Lang::tr{'policy'}: - <td width='30%' align='left' colspan='2'> + <tr> + <td width='20%' align='right'>$Lang::tr{'description'}: <img src='/blob.gif' /></td> + <td width='30%' align='left'><input type='text' name='NAME' maxlength='30' value='$outfwsettings{'NAME'}' /></td> + <td width='20%' align='right' colspan='2'>$Lang::tr{'active'}:</td> + <td width='30%' align='left' colspan='2'><input type='checkbox' name='ENABLED' $selected{'ENABLED'} /></td> + </tr> + <tr> + <td width='20%' align='right'>$Lang::tr{'protocol'}:</td> + <td width='30%' align='left'> + <select name='PROT'> + <option value='all' $selected{'PROT'}{'all'}>All</option> + <option value='tcp' $selected{'PROT'}{'tcp'}>TCP</option> + <option value='udp' $selected{'PROT'}{'udp'}>UDP</option> + <option value='gre' $selected{'PROT'}{'gre'}>GRE</option> + <option value='esp' $selected{'PROT'}{'esp'}>ESP</option> + </select> + </td> + <td width='20%' align='right' colspan='2'>$Lang::tr{'policy'}:</td> + <td width='30%' align='left' colspan='2'> END ; if ($outfwsettings{'POLICY'} eq 'MODE1'){ - print "\t\t\tALLOW<input type='hidden' name='STATE' value='ALLOW' />\n"; + print "\t\t\t\tALLOW<input type='hidden' name='STATE' value='ALLOW' />\n"; } elsif ($outfwsettings{'POLICY'} eq 'MODE2'){ - print "\t\t\tDENY<input type='hidden' name='STATE' value='DENY' />\n"; + print "\t\t\t\tDENY<input type='hidden' name='STATE' value='DENY' />\n"; } print <<END - <tr><td width='20%' align='right'>$Lang::tr{'source net'}: - <td width='30%' align='left'><select name='SNET'> - <option value='all' $selected{'SNET'}{'ALL'}>$Lang::tr{'all'}</option> - <option value='ip' $selected{'SNET'}{'ip'}>$Lang::tr{'source ip'}</option> - <option value='red' $selected{'SNET'}{'red'}>$Lang::tr{'red'} IP</option> - <option value='green' $selected{'SNET'}{'green'}>$Lang::tr{'green'}</option> + </td> + </tr> + <tr> + <td width='20%' align='right'>$Lang::tr{'source'}:</td> + <td width='30%' align='left'> + <select name='SNET'> + <optgroup label='---'> + <option value='all' $selected{'SNET'}{'ALL'}>$Lang::tr{'all'}</option> + <optgroup label='$Lang::tr{'ip address'}'> + <option value='ip' $selected{'SNET'}{'ip'}>IPSEC $Lang::tr{'interface'}</option> + <option value='red' $selected{'SNET'}{'red'}>OpenVPN $Lang::tr{'interface'}</option> + </optgroup> + </optgroup> + <option value='ipsec' $selected{'SNET'}{'ipsec'}>$Lang::tr{'source ip'}</option> + <option value='ovpn' $selected{'SNET'}{'ovpn'}>$Lang::tr{'red'} IP</option> + <optgroup label='$Lang::tr{'network'}'> + <optgroup label='$Lang::tr{'network'}'> + <option value='green' $selected{'SNET'}{'green'}>$Lang::tr{'green'}</option> END ; if (&Header::blue_used()){ - print "\t\t\t<option value='blue' $selected{'SNET'}{'blue'}>$Lang::tr{'wireless'}</option>\n"; + print "\t\t\t\t\t<option value='blue' $selected{'SNET'}{'blue'}>$Lang::tr{'wireless'}</option>\n"; } if (&Header::orange_used()){ - print "\t\t\t<option value='orange' $selected{'SNET'}{'orange'}>$Lang::tr{'dmz'}</option>\n"; + print "\t\t\t\t\t<option value='orange' $selected{'SNET'}{'orange'}>$Lang::tr{'dmz'}</option>\n"; + } + print <<END + </optgroup> + <optgroup label='$Lang::tr{'advproxy NCSA group'}'> +END +; + my @ipgroups = qx(ls $configpath/ipgroups/); + foreach (sort @ipgroups){ + print "\t\t\t\t\t<option value='$_' $selected{'SNET'}{'$_'}>$_</option>\n"; } print <<END - </select> - <td width='20%' align='right' colspan='2'>$Lang::tr{'source ip'}: <img src='/blob.gif' /> - <td width='30%' align='left' colspan='2'><input type='text' name='SIP' maxlength='15' value='$outfwsettings{'SIP'}' /> - <tr><td width='20%' align='right'>$Lang::tr{'logging'}: - <td width='30%' align='left'><select name='LOG'> - <option value='$Lang::tr{'active'}' $selected{'LOG'}{$Lang::tr{'active'}}>$Lang::tr{'active'}</option> - <option value='$Lang::tr{'inactive'}' $selected{'LOG'}{$Lang::tr{'inactive'}}>$Lang::tr{'inactive'}</option> - </select></td> - <td width='20%' align='right' colspan='2' /> - <td width='30%' align='left' colspan='2' /> - <tr><td width='20%' align='right'>$Lang::tr{'destination ip'}: <img src='/blob.gif' /> - <td width='30%' align='left'><input type='text' name='DIP' maxlength='15' value='$outfwsettings{'DIP'}' /> - <td width='20%' align='right' colspan='2'>$Lang::tr{'destination port'}: <img src='/blob.gif' /> - <td width='30%' align='left' colspan='2'><input type='text' name='DPORT' maxlength='11' value='$outfwsettings{'DPORT'}' /> - <tr><td width='20%' align='right'>$Lang::tr{'time'}:</td> + </optgroup> + </select> + </td> + <td width='20%' align='right' colspan='2'>$Lang::tr{'source ip'}: <img src='/blob.gif' /></td> + <td width='30%' align='left' colspan='2'><input type='text' name='SIP' maxlength='15' value='$outfwsettings{'SIP'}' /></td> + </tr> + <tr> + <td width='20%' align='right'>$Lang::tr{'logging'}:</td> + <td width='30%' align='left'> + <select name='LOG'> + <option value='$Lang::tr{'active'}' $selected{'LOG'}{$Lang::tr{'active'}}>$Lang::tr{'active'}</option> + <option value='$Lang::tr{'inactive'}' $selected{'LOG'}{$Lang::tr{'inactive'}}>$Lang::tr{'inactive'}</option> + </select> + </td> + <td width='20%' align='right' colspan='2' /> + <td width='30%' align='left' colspan='2' /> + <tr> + <td width='20%' align='right'>$Lang::tr{'destination ip'}: <img src='/blob.gif' /></td> + <td width='30%' align='left'><input type='text' name='DIP' maxlength='15' value='$outfwsettings{'DIP'}' /></td> + <td width='20%' align='right' colspan='2'>$Lang::tr{'destination port'}: <img src='/blob.gif' /></td> + <td width='30%' align='left' colspan='2'><input type='text' name='DPORT' maxlength='11' value='$outfwsettings{'DPORT'}' /></td> + </tr> + <tr> + <td width='20%' align='right'>$Lang::tr{'time'}:</td> <td width='30%' align='left'>$Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'}</td> <td width='20%' align='right' colspan='2' /> <td width='15%' align='left'>$Lang::tr{'advproxy from'}</td> - <td width='15%' align='left'>$Lang::tr{'advproxy to'}</td></tr> - <tr><td width='20%' align='right'></td> - <td width='30%' align='left'><input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} /> - <input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} /> - <input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} /> - <input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} /> - <input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} /> - <input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} /> - <input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} /></td> + <td width='15%' align='left'>$Lang::tr{'advproxy to'}</td> + </tr> + <tr> + <td width='20%' align='right'></td> + <td width='30%' align='left'> + <input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} /> + <input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} /> + <input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} /> + <input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} /> + <input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} /> + <input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} /> + <input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} /> + </td> <td width='20%' align='right' colspan='2' /> - <td width='15%' align='left'><select name='TIME_FROM'> + <td width='15%' align='left'> + <select name='TIME_FROM'> END ; for (my $i=0;$i<=23;$i++) { @@ -696,11 +733,12 @@ for (my $i=0;$i<=23;$i++) { for (my $j=0;$j<=45;$j+=15) { $j = sprintf("%02s",$j); my $time = $i.":".$j; - print "<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n"; + print "\t\t\t\t\t<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n"; } } print <<END - </select></td> + </select> + </td> <td width='15%' align='left'><select name='TIME_TO'> END ; @@ -709,14 +747,19 @@ for (my $i=0;$i<=23;$i++) { for (my $j=0;$j<=45;$j+=15) { $j = sprintf("%02s",$j); my $time = $i.":".$j; - print "<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n"; + print "\t\t\t\t\t<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n"; } } print <<END - </select></td></tr> - <tr><td colspan='6'> - <tr><td width='40%' align='right' colspan='2'><img src='/blob.gif' />$Lang::tr{'this field may be blank'} - <td width='60%' align='left' colspan='4'><input type='submit' name='ACTION' value=$Lang::tr{'add'} /> + </select> + </td> + </tr> + <tr> + <td colspan='6' /> + <tr> + <tr> + <td width='40%' align='right' colspan='2'><img src='/blob.gif' />$Lang::tr{'this field may be blank'}</td> + <td width='60%' align='left' colspan='4'><input type='submit' name='ACTION' value=$Lang::tr{'add'} /></td> </table></form> END ; @@ -763,4 +806,7 @@ END print "</table>"; &Header::closebox(); } -} \ No newline at end of file +} + +&Header::closebigbox(); +&Header::closepage(); \ No newline at end of file diff --git a/html/cgi-bin/outgoinggrp.cgi b/html/cgi-bin/outgoinggrp.cgi new file mode 100644 index 0000000..b277339 --- /dev/null +++ b/html/cgi-bin/outgoinggrp.cgi @@ -0,0 +1,213 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2005-2010 IPTifre Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +use strict; +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +my %outgrpsettings = (); +my %netsettings = (); +my %selected= () ; +my $errormessage = ""; + +my $configpath = "/var/ipfire/outgoing/groups/"; +my $servicefile = "/var/ipfire/outgoing/defaultservices"; + +my %color = (); +my %mainsettings = (); +&General::readhash("${General::swroot}/main/settings", %mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", %color); + +&General::readhash("${General::swroot}/ethernet/settings", %netsettings); + +&Header::showhttpheaders(); + +### Values that have to be initialized +$outgrpsettings{'ACTION'} = ''; +$outgrpsettings{'ipgroup'} = 'none'; +$outgrpsettings{'portgroup'} = 'none'; + +&Header::getcgihash(%outgrpsettings); +delete $outgrpsettings{'__CGI__'};delete $outgrpsettings{'x'};delete $outgrpsettings{'y'}; + +$selected{'ipgroup'}{$outgrpsettings{'ipgroup'}} = "selected='selected'"; +$selected{'portgroup'}{$outgrpsettings{'portgroup'}} = "selected='selected'"; + +&Header::openpage($Lang::tr{'outgoing firewall groups'}, 1, ''); +&Header::openbigbox('100%', 'left', '', $errormessage); + +############### +# DEBUG DEBUG +# &Header::openbox('100%', 'left', 'DEBUG'); +# my $debugCount = 0; +# foreach my $line (sort keys %outgrpsettings) { +# print "$line = $outgrpsettings{$line}<br />\n"; + # $debugCount++; +# } +# print " Count: $debugCount\n"; +# &Header::closebox(); +# DEBUG DEBUG +############### + +############################################################################################################################ +############################################################################################################################ + +if ($errormessage) +{ + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "<class name='base'>$errormessage\n"; + print " </class>\n"; + &Header::closebox(); +} + +if ($outgrpsettings{'ACTION'} eq 'newipgroup') +{ + &newipgroup(); +} elsif ($outgrpsettings{'ACTION'} eq 'deleteipgroup' ) { + unlink("$configpath/ipgroups/$outgrpsettings{'ipgroup'}"); +} elsif ($outgrpsettings{'ACTION'} eq 'addipgroup') { + open (FILE, ">$configpath/ipgroups/$outgrpsettings{'ipgroup'}") or die "Can't save $outgrpsettings{'ipgroup'} settings $!"; + flock (FILE, 2); + print FILE $outgrpsettings{'ipgroupcontent'}."\n"; + close FILE; +} + +############################################################################################################################ +############################################################################################################################ + +my @ipgroups = qx(ls $configpath/ipgroups/); +if ($outgrpsettings{'ipgroup'} eq "none" and $#ipgroups >= 0 ){ $outgrpsettings{'ipgroup'} = $ipgroups[0];} + +my $ipgroupcontent = `cat $configpath/ipgroups/$outgrpsettings{'ipgroup'} 2>/dev/null`; +$ipgroupcontent =~ s/\n/<br />/g; + +&Header::openbox('100%', 'center', $Lang::tr{'outgoing firewall ip groups'}); + +print <<END +<a name="outgoing showipgroup"</a> +<br /> +<form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showipgroup'> +<table width='95%' cellspacing='0'> + <tr> + <td bgcolor='$color{'color20'}' colspan='3' align='left'><b>$Lang::tr{'outgoing firewall ip groups'}</b></td> + </tr> + <tr> + <td colspan='3' align='left'><br /></td> + </tr> + <tr> + <td align='left' colspan='2'><select name='ipgroup' style="width: 200px"> +END +; +foreach my $member (@ipgroups) {chomp $member;print" <option value='$member' $selected{'ipgroup'}{$member}>$member</option>\n";} +print <<END + </select></td> + <td align='left'> + <input type='hidden' name='ACTION' value='showipgroup' /> + <input type='image' alt='$Lang::tr{'outgoing firewall view group'}' title='$Lang::tr{'outgoing firewall view group'}' src='/images/format-justify-fill.png' /> + </td> + </tr> + <tr> + <td colspan='3' align='left'><br /></td> + </tr> + <tr> + <td colspan='3' align='left'><font size=1>$ipgroupcontent</font></td> + </tr> + <tr> + <td colspan='3' align='left'><br /></td> + </tr> + <tr> + <td colspan='3' align='center'><font size=1>$Lang::tr{'outgoing firewall ip groups'} - $outgrpsettings{'ipgroup'}</font></td> + </tr> +</table> +</form> +<table width='10%' cellspacing='0'> +<tr> + <td align='center'> + <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showipgroup'> + <input type='hidden' name='ACTION' value='newipgroup' /> + <input type='image' alt='$Lang::tr{'new'}' title='$Lang::tr{'new'}' src='/images/list-add.png' /> + </form> + </td> + <td align='center'> + <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showipgroup'> + <input type='hidden' name='ACTION' value='saveipgroup' /> + <input type='hidden' name='ipgroup' value='$outgrpsettings{'ipgroup'}' /> + <input type='image' alt='$Lang::tr{'save'}' title='$Lang::tr{'save'}' src='/images/media-floppy.png' /> + </form> + </td> + <td align='center'> + <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showipgroup'> + <input type='hidden' name='ACTION' value='deleteipgroup' /> + <input type='hidden' name='ipgroup' value='$outgrpsettings{'ipgroup'}' /> + <input type='image' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' src='/images/user-trash.png' /> + </form> + </td> +</tr> +</table> + +END +; +&Header::closebox(); + +&Header::closebigbox(); +&Header::closepage(); + +sub newipgroup +{ + &Header::openbox('100%', 'center', $Lang::tr{'outgoing firewall add ip group'}); + +print <<END + <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showipgroup'> + <table width='95%' cellspacing='0'> + <tr> + <td bgcolor='$color{'color20'}' colspan='3' align='left'><b>$Lang::tr{'outgoing firewall add ip group'}</b></td> + </tr> + <tr> + <td colspan='3' align='left'><br /></td> + </tr> + <tr> + <td align='left' colspan='2'> + <input type='text' name='ipgroup' value='newgroup' size="30" /> + </td> + <td align='left'> + <input type='hidden' name='ACTION' value='addipgroup' /> + <input type='image' alt='$Lang::tr{'save'}' title='$Lang::tr{'save'}' src='/images/media-floppy.png' /> + </td> + </tr> + <tr> + <td align='left' colspan='3'> + <textarea name="ipgroupcontent" cols="20" rows="5" Wrap="off">192.168.1.0/14\n192.168.0.1\n192.168.0.2\n</textarea> + </td> + </tr> + </table> + </form> +END +; + &Header::closebox(); + &Header::closebigbox(); + &Header::closepage(); + exit 0; +} \ No newline at end of file diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 4e59541..9a6a613 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1269,6 +1269,10 @@ 'out' => 'Aus', 'outgoing' => 'ausgehend', 'outgoing firewall' => 'Ausgehende Firewall', +'outgoing firewall groups' => 'Ausgehende Firewall Gruppen', +'outgoing firewall add ip group' => 'IP Adressgruppen hinzufügen', +'outgoing firewall ip groups' => 'Ausgehende Firewall IP Adressgruppen', +'outgoing firewall view group' => 'Gruppe anzeigen', 'outgoing traffic in bytes per second' => 'Abgehender Verkehr', 'outgoingfw mode0' => 'In diesem Modus ist es allen Rechnern im Netzwerk uneingeschränkt möglich Verbindungen ins Internet aufzubauen.', 'outgoingfw mode1' => 'In diesem Modus werden nur Verbindungen nach den oben definierten Regeln zugelassen.', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 1336a4f..8906f21 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1014,7 +1014,7 @@ 'invalid vpi vpci' => 'Invalid VPI/VPCI settings', 'invalid wins address' => 'Invalid WINS server address.', 'invert' => 'Invert', -'ip address' => 'IP address:', +'ip address' => 'IP address', 'ip address in use' => 'IP address already in use', 'ip address outside subnets' => 'IP Address outside subnets', 'ip alias added' => 'External IP alias added', @@ -1298,6 +1298,10 @@ 'out' => 'Out', 'outgoing' => 'outgoing', 'outgoing firewall' => 'Outgoing Firewall', +'outgoing firewall groups' => 'Outgoing Firewall Groups', +'outgoing firewall add ip group' => 'Add IP Address Group', +'outgoing firewall ip groups' => 'Outgoing Firewall IP Adress Groups', +'outgoing firewall view group' => 'View group', 'outgoing traffic in bytes per second' => 'Outgoing Traffic', 'outgoingfw mode0' => 'Using this mode, all clients are able to access the internet without any restrictions.', 'outgoingfw mode1' => 'Using this mode, only connections based on the defined rules are allowed.', diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index e9fe7e5..0addee7 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -1014,7 +1014,7 @@ 'invalid vpi vpci' => 'Invalid VPI/VPCI settings', 'invalid wins address' => 'Invalid WINS server address.', 'invert' => 'Invert', -'ip address' => 'IP address:', +'ip address' => 'IP address', 'ip address in use' => 'IP address already in use', 'ip address outside subnets' => 'IP Address outside subnets', 'ip alias added' => 'External IP alias added', @@ -1296,8 +1296,12 @@ 'otherip' => 'other IP', 'otherport' => 'other Port', 'out' => 'Out', -'outgoing' => 'outgoing', -'outgoing firewall' => 'Outgoing Firewall', +'outgoing' => 'sortant', +'outgoing firewall' => 'Sortant Firewall', +'outgoing firewall groups' => 'Sortant Firewall Groupe', +'outgoing firewall add ip group' => 'Ajouter IP Address Group', +'outgoing firewall ip groups' => 'Sortant Firewall IP Groupe', +'outgoing firewall view group' => 'Montrer groupe', 'outgoing traffic in bytes per second' => 'Outgoing Traffic', 'outgoingfw mode0' => 'Using this mode, all clients are able to access the internet without any restrictions.', 'outgoingfw mode1' => 'Using this mode, only connections based on the defined rules are allowed.', diff --git a/lfs/configroot b/lfs/configroot index 8345e16..6b6b798 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -52,9 +52,10 @@ $(TARGET) : # Create all directories for i in addon-lang auth backup ca certs connscheduler crls ddns dhcp dhcpc dmzholes dns \ ethernet extrahd/bin fwlogs isdn key langs logging mac main menu.d modem net-traffic \ - net-traffic/templates nfs optionsfw outgoing/bin patches pakfire portfw \ - ppp private proxy/advanced/cre proxy/calamaris/bin qos/bin red remote sensors snort time tripwire/report \ - updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin upnp vpn \ + net-traffic/templates nfs optionsfw outgoing/bin outgoing/groups outgoing/groups/ipgroups \ + patches pakfire portfw ppp private proxy/advanced/cre proxy/calamaris/bin qos/bin red \ + remote sensors snort time tripwire/report updatexlrator/bin updatexlrator/autocheck \ + urlfilter/autoupdate urlfilter/bin upnp vpn \ wakeonlan wireless xtaccess ; do \ mkdir -p $(CONFIG_ROOT)/$$i; \ done
hooks/post-receive -- IPFire 2.x development tree
-
git@ipfire.org