2017-07-01 15:41:18 +02:00
|
|
|
#!/usr/bin/perl
|
2007-04-12 20:24:50 +00:00
|
|
|
# index.cgi
|
|
|
|
|
# Display current iptables firewall configuration from save file
|
2017-06-21 12:44:17 +02:00
|
|
|
# unified for IPV4 and IPV6
|
2007-04-12 20:24:50 +00:00
|
|
|
|
2017-06-22 16:43:01 +02:00
|
|
|
require './firewall-lib.pl';
|
2007-04-12 20:24:50 +00:00
|
|
|
&ReadParse();
|
2017-10-22 21:56:58 -07:00
|
|
|
|
|
|
|
|
# Load the correct library
|
|
|
|
|
$ipvx_version = &get_ipvx_version();
|
|
|
|
|
if ($ipvx_version == 6) {
|
|
|
|
|
require './firewall6-lib.pl';
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
require './firewall4-lib.pl';
|
|
|
|
|
}
|
2017-06-22 16:43:01 +02:00
|
|
|
|
2021-07-02 20:39:33 -07:00
|
|
|
$subhead = $text{"index_title_v${ipvx}"};
|
2017-06-21 12:44:17 +02:00
|
|
|
if ($ipvx_save) {
|
2021-07-02 20:39:33 -07:00
|
|
|
$subhead .= ", ".&text('index_editing', "<tt>$ipvx_save</tt>");
|
2007-10-25 17:39:05 +00:00
|
|
|
}
|
2021-07-02 20:39:33 -07:00
|
|
|
&ui_print_header($subhead, $text{'index_title'}, undef,
|
2017-10-22 21:56:58 -07:00
|
|
|
"intro", 1, 1, 0,
|
|
|
|
|
&help_search_link("ip${ipvx}tables", "man", "doc"));
|
2017-06-21 12:44:17 +02:00
|
|
|
|
2007-04-12 20:24:50 +00:00
|
|
|
# Check for iptables and iptables-restore commands
|
|
|
|
|
if ($c = &missing_firewall_commands()) {
|
|
|
|
|
print "<p>",&text('index_ecommand', "<tt>$c</tt>"),"<p>\n";
|
|
|
|
|
&ui_print_footer("/", $text{'index'});
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Check if the kernel supports iptables
|
2017-06-21 12:44:17 +02:00
|
|
|
$out = &backquote_command("ip${ipvx}tables -n -t filter -L OUTPUT 2>&1");
|
2007-04-12 20:24:50 +00:00
|
|
|
if ($?) {
|
|
|
|
|
print "<p>",&text('index_ekernel', "<pre>$out</pre>"),"<p>\n";
|
|
|
|
|
&ui_print_footer("/", $text{'index'});
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Check if the distro supports iptables
|
2017-07-01 15:41:18 +02:00
|
|
|
if (!$config{"direct${ipvx}"} && defined(&check_iptables) &&
|
2007-04-12 20:24:50 +00:00
|
|
|
($err = &check_iptables())) {
|
|
|
|
|
print "<p>$err</p>\n";
|
|
|
|
|
&ui_print_footer("/", $text{'index'});
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Check if firewall is being started at boot
|
2017-07-01 15:41:18 +02:00
|
|
|
if (!$config{"direct${ipvx}"} && &foreign_check("init")) {
|
2007-04-12 20:24:50 +00:00
|
|
|
$init_support++;
|
|
|
|
|
if (defined(&started_at_boot)) {
|
|
|
|
|
$atboot = &started_at_boot();
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
&foreign_require("init", "init-lib.pl");
|
2017-06-22 13:57:18 +02:00
|
|
|
$atboot = &init::action_status("webmin-ip${ipvx}tables") == 2;
|
2007-04-12 20:24:50 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Check if the save file exists. If not, check for any existing firewall
|
|
|
|
|
# rules, and offer to create a save file from them
|
2017-06-21 12:44:17 +02:00
|
|
|
@livetables = &get_iptables_save("ip${ipvx}tables-save 2>/dev/null |");
|
2017-05-10 17:39:42 +02:00
|
|
|
|
2017-05-12 17:10:15 -07:00
|
|
|
# Display warnings about active external firewalls!
|
2017-05-10 17:39:42 +02:00
|
|
|
&external_firewall_message(\@livetables);
|
2017-07-01 15:41:18 +02:00
|
|
|
if (!$config{"direct${ipvx}"} && $in{'reset'} && $access{'setup'}) {
|
2007-04-12 20:24:50 +00:00
|
|
|
@tables = @livetables;
|
|
|
|
|
foreach $t (@tables) {
|
|
|
|
|
$rules++ if (@{$t->{'rules'}});
|
|
|
|
|
foreach $c (keys %{$t->{'defaults'}}) {
|
|
|
|
|
$chains++ if ($t->{'defaults'}->{$c} ne 'ACCEPT');
|
|
|
|
|
}
|
|
|
|
|
$hastable{$t->{'name'}}++;
|
|
|
|
|
}
|
|
|
|
|
foreach $t (@known_tables) {
|
2017-06-21 12:44:17 +02:00
|
|
|
system("ip${ipvx}tables -t $t -n -L >/dev/null") if (!$hastable{$t});
|
2007-04-12 20:24:50 +00:00
|
|
|
}
|
|
|
|
|
if (!$in{'reset'} && ($rules || $chains)) {
|
|
|
|
|
# Offer to save the current rules
|
2013-07-11 10:56:13 +08:00
|
|
|
print &ui_confirmation_form("convert.cgi",
|
|
|
|
|
&text('index_existing', $rules,
|
2017-06-21 12:44:17 +02:00
|
|
|
"<tt>$ipvx_save</tt>"),
|
2017-06-28 12:07:42 +02:00
|
|
|
( ['version'], [${ipvx_arg}] ),
|
2013-07-11 10:56:13 +08:00
|
|
|
[ [ undef, $text{'index_saveex'} ] ],
|
|
|
|
|
$init_support && !$atboot ?
|
|
|
|
|
&ui_checkbox("atboot", 1, $text{'index_atboot'}, 0) :
|
|
|
|
|
"",
|
|
|
|
|
);
|
2007-04-12 20:24:50 +00:00
|
|
|
|
2013-07-10 19:27:15 -07:00
|
|
|
print &ui_table_start($text{'index_headerex'}, "width=100%", 2);
|
2017-06-21 12:44:17 +02:00
|
|
|
$out = &backquote_command("ip${ipvx}tables-save 2>/dev/null");
|
2013-07-11 10:56:13 +08:00
|
|
|
print &ui_table_row(undef,
|
|
|
|
|
"<pre>".&html_escape($out)."</pre>", 2);
|
2013-07-10 19:27:15 -07:00
|
|
|
print &ui_table_end();
|
2007-04-12 20:24:50 +00:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
# Offer to set up a firewall
|
|
|
|
|
print &text($in{'reset'} ? 'index_rsetup' : 'index_setup',
|
2017-06-21 12:44:17 +02:00
|
|
|
"<tt>$ipvx_save</tt>"),"<p>\n";
|
2017-06-28 13:21:33 +02:00
|
|
|
print &ui_form_start("setup${ipvx}.cgi");
|
2017-06-28 12:07:42 +02:00
|
|
|
print &ui_hidden("version", ${ipvx_arg});
|
2008-02-24 21:58:33 +00:00
|
|
|
print &ui_hidden("reset", $in{'reset'});
|
2007-04-12 20:24:50 +00:00
|
|
|
print "<center><table><tr><td>\n";
|
2013-07-11 10:56:13 +08:00
|
|
|
print &ui_oneradio("auto", 0, $text{'index_auto0'}, 1),"<p>\n";
|
2007-06-22 17:59:01 +00:00
|
|
|
foreach $a (1 .. 5) {
|
2013-07-11 10:56:13 +08:00
|
|
|
print &ui_oneradio("auto", $a,
|
|
|
|
|
$text{'index_auto'.$a}, 0)." ";
|
|
|
|
|
print &interface_choice("iface".$a),"<p>\n";
|
2007-04-12 20:24:50 +00:00
|
|
|
}
|
|
|
|
|
print "</td></tr></table>\n";
|
2013-07-11 10:56:13 +08:00
|
|
|
print &ui_submit($text{'index_auto'}),"<p>\n";
|
2007-04-12 20:24:50 +00:00
|
|
|
if ($init_support && !$atboot) {
|
2013-07-11 10:56:13 +08:00
|
|
|
print &ui_checkbox("atboot", 1,
|
|
|
|
|
$text{'index_atboot'}, 0);
|
2007-04-12 20:24:50 +00:00
|
|
|
}
|
2013-07-11 10:56:13 +08:00
|
|
|
print "</center>\n";
|
|
|
|
|
print &ui_form_end();
|
2007-04-12 20:24:50 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$form = 0;
|
|
|
|
|
@tables = &get_iptables_save();
|
2017-07-01 15:41:18 +02:00
|
|
|
if (!$config{"direct${ipvx}"}) {
|
2007-04-12 20:24:50 +00:00
|
|
|
# Verify that all known tables exist, and if not add them to the
|
|
|
|
|
# save file
|
|
|
|
|
foreach $t (@tables) {
|
|
|
|
|
$hastable{$t->{'name'}}++;
|
|
|
|
|
}
|
|
|
|
|
foreach $t (@known_tables) {
|
|
|
|
|
if (!$hastable{$t}) {
|
|
|
|
|
local ($missing) = &get_iptables_save(
|
2017-06-21 12:44:17 +02:00
|
|
|
"ip${ipvx}tables-save --table $t 2>/dev/null |");
|
2007-04-12 20:24:50 +00:00
|
|
|
if ($missing) {
|
|
|
|
|
delete($missing->{'line'});
|
|
|
|
|
&save_table($missing);
|
|
|
|
|
}
|
|
|
|
|
$need_reload++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
@tables = &get_iptables_save() if ($need_reload);
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-12 17:10:15 -07:00
|
|
|
# Check if the current config is valid
|
2017-07-01 15:41:18 +02:00
|
|
|
if (!$config{"direct${ipvx}"}) {
|
2017-05-12 17:10:15 -07:00
|
|
|
my $err = &validate_iptables_config();
|
|
|
|
|
if ($err) {
|
|
|
|
|
print "<b>",&text('index_evalid',
|
|
|
|
|
&html_escape($err)),"</b><p>\n";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2007-04-12 20:24:50 +00:00
|
|
|
# Work out the default table
|
|
|
|
|
if (!defined($in{'table'})) {
|
|
|
|
|
foreach $t (@tables) {
|
|
|
|
|
if (@{$t->{'rules'}} && &can_edit_table($t->{'name'})) {
|
|
|
|
|
$in{'table'} = $t->{'index'};
|
|
|
|
|
last;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!defined($in{'table'})) {
|
|
|
|
|
foreach $t (@tables) {
|
|
|
|
|
if (&can_edit_table($t->{'name'})) {
|
|
|
|
|
$in{'table'} = $t->{'index'};
|
|
|
|
|
last;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$table = $tables[$in{'table'}];
|
|
|
|
|
|
|
|
|
|
# Allow selection of a table
|
|
|
|
|
print "<table width=100%><tr>\n";
|
2017-12-04 11:00:02 -08:00
|
|
|
print "<td>\n";
|
2007-04-12 20:24:50 +00:00
|
|
|
print "<form action=index.cgi>\n";
|
2017-12-04 11:00:02 -08:00
|
|
|
print "<input type=submit value='$text{'index_change'}'>\n";
|
2017-06-28 12:07:42 +02:00
|
|
|
print &ui_hidden("version", ${ipvx_arg});
|
2008-02-28 18:16:11 +00:00
|
|
|
print "<select name=table onChange='form.submit()'>\n";
|
2007-04-12 20:24:50 +00:00
|
|
|
foreach $t (@tables) {
|
|
|
|
|
if (&can_edit_table($t->{'name'})) {
|
2013-11-08 22:29:09 +08:00
|
|
|
printf "<option value=%s %s>%s</option>\n",
|
2007-04-12 20:24:50 +00:00
|
|
|
$t->{'index'}, $t eq $table ? "selected" : "",
|
|
|
|
|
&text('index_table_'.$t->{'name'}) || $t->{'name'};
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-12-04 11:00:02 -08:00
|
|
|
print "</select></form>\n";
|
|
|
|
|
print "</td>\n";
|
2007-04-12 20:24:50 +00:00
|
|
|
$form++;
|
|
|
|
|
|
|
|
|
|
if ($access{'newchain'}) {
|
|
|
|
|
# Show form to create a chain
|
2017-12-04 11:00:02 -08:00
|
|
|
print "<td align=right>\n";
|
2007-04-12 20:24:50 +00:00
|
|
|
print "<form action=newchain.cgi>\n";
|
2017-12-04 11:00:02 -08:00
|
|
|
print &ui_hidden("table", $in{'table'});
|
2017-06-28 12:07:42 +02:00
|
|
|
print &ui_hidden("version", ${ipvx_arg});
|
2007-04-12 20:24:50 +00:00
|
|
|
print "<input type=submit value='$text{'index_cadd'}'>\n";
|
2017-12-04 11:00:02 -08:00
|
|
|
print "<input name=chain size=20></form>\n";
|
|
|
|
|
print "</td>\n";
|
2007-04-12 20:24:50 +00:00
|
|
|
$form++;
|
|
|
|
|
}
|
2017-12-04 11:00:02 -08:00
|
|
|
print "</tr></table>\n";
|
2007-04-12 20:24:50 +00:00
|
|
|
|
2017-05-10 11:54:46 +02:00
|
|
|
# Display a table of rules for each chain
|
|
|
|
|
CHAIN:
|
|
|
|
|
foreach $c (sort by_string_for_iptables keys %{$table->{'defaults'}}) {
|
|
|
|
|
print &ui_hr();
|
|
|
|
|
@rules = grep { lc($_->{'chain'}) eq lc($c) }
|
|
|
|
|
@{$table->{'rules'}};
|
|
|
|
|
print "<b>",$text{"index_chain_".lc($c)} ||
|
|
|
|
|
&text('index_chain', "<tt>$c</tt>"),"</b><br>\n";
|
|
|
|
|
|
|
|
|
|
# check if chain is filtered out
|
|
|
|
|
if ($config{'filter_chain'}) {
|
|
|
|
|
foreach $filter (split(',', $config{'filter_chain'})) {
|
|
|
|
|
if($c =~ /^$filter$/) {
|
|
|
|
|
# not managed by firewall, do not dispaly or modify
|
2017-05-10 17:39:42 +02:00
|
|
|
print "<em>".$text{'index_filter_chain'}."</em><br>\n";
|
2017-05-10 11:54:46 +02:00
|
|
|
next CHAIN;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
print "<form action=save_policy.cgi>\n";
|
2017-06-28 12:07:42 +02:00
|
|
|
print &ui_hidden("version", ${ipvx_arg});
|
2017-05-10 11:54:46 +02:00
|
|
|
print &ui_hidden("table", $in{'table'});
|
|
|
|
|
print &ui_hidden("chain", $c);
|
|
|
|
|
|
2017-06-22 13:57:18 +02:00
|
|
|
if (@rules > $config{'perpage'}) {
|
|
|
|
|
# Need to show arrows
|
|
|
|
|
print "<center>\n";
|
|
|
|
|
$s = int($in{'start'});
|
|
|
|
|
$e = $in{'start'} + $config{'perpage'} - 1;
|
|
|
|
|
$e = @rules-1 if ($e >= @rules);
|
|
|
|
|
if ($s) {
|
|
|
|
|
print &ui_link("?start=".
|
|
|
|
|
($s - $config{'perpage'}),
|
|
|
|
|
"<img src=/images/left.gif border=0 align=middle>");
|
|
|
|
|
}
|
|
|
|
|
print "<font size=+1>",&text('index_position', $s+1, $e+1,
|
|
|
|
|
scalar(@rules)),"</font>\n";
|
|
|
|
|
if ($e < @rules-1) {
|
|
|
|
|
print &ui_link("?start=".
|
|
|
|
|
($s + $config{'perpage'}),
|
|
|
|
|
"<img src=/images/right.gif border=0 align=middle>");
|
|
|
|
|
}
|
|
|
|
|
print "</center>\n";
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
# Can show them all
|
|
|
|
|
$s = 0;
|
|
|
|
|
$e = @rules - 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@rules = @rules[$s..$e];
|
|
|
|
|
|
2007-04-12 20:24:50 +00:00
|
|
|
if (@rules) {
|
|
|
|
|
@links = ( &select_all_link("d", $form),
|
|
|
|
|
&select_invert_link("d", $form) );
|
|
|
|
|
print &ui_links_row(\@links);
|
|
|
|
|
|
|
|
|
|
# Generate the header
|
|
|
|
|
local (@hcols, @tds);
|
|
|
|
|
push(@hcols, "", $text{'index_action'});
|
2017-06-28 12:07:42 +02:00
|
|
|
push(@tds, "width=5", "width=30% nowrap");
|
2007-04-12 20:24:50 +00:00
|
|
|
if ($config{'view_condition'}) {
|
|
|
|
|
push(@hcols, $text{'index_desc'});
|
2017-05-24 09:43:11 +02:00
|
|
|
push(@tds, "nowrap");
|
2007-04-12 20:24:50 +00:00
|
|
|
}
|
|
|
|
|
if ($config{'view_comment'}) {
|
|
|
|
|
push(@hcols, $text{'index_comm'});
|
|
|
|
|
push(@tds, "");
|
|
|
|
|
}
|
|
|
|
|
push(@hcols, $text{'index_move'}, $text{'index_add'});
|
|
|
|
|
push(@tds, "width=32", "width=32");
|
|
|
|
|
print &ui_columns_start(\@hcols, 100, 0, \@tds);
|
|
|
|
|
|
|
|
|
|
# Generate a row for each rule
|
|
|
|
|
foreach $r (@rules) {
|
|
|
|
|
$edit = &can_jump($r);
|
|
|
|
|
local @cols;
|
|
|
|
|
local $act =
|
|
|
|
|
$text{"index_jump_".lc($r->{'j'}->[1])} ||
|
|
|
|
|
&text('index_jump', $r->{'j'}->[1]);
|
2017-05-10 17:39:42 +02:00
|
|
|
|
|
|
|
|
# check if chain jump TO is filtered out
|
|
|
|
|
local $chain_filtered;
|
|
|
|
|
if ($config{'filter_chain'}) {
|
|
|
|
|
foreach $filter (split(',', $config{'filter_chain'})) {
|
|
|
|
|
if($r->{'j'}->[1] =~ /^$filter$/) {
|
|
|
|
|
$chain_filtered=&text('index_filter_chain');
|
|
|
|
|
$act=$act."<br><em>$chain_filtered</em>";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
# chain to jump to is filtered, switch of edit
|
2017-05-12 17:10:15 -07:00
|
|
|
if ($edit && !$chain_filtered) {
|
2017-06-28 14:18:33 +02:00
|
|
|
push(@cols, &ui_link("edit_rule.cgi?version=${ipvx_arg}&table=".&urlize($in{'table'})."&idx=$r->{'index'}",$act));
|
2007-04-12 20:24:50 +00:00
|
|
|
}
|
|
|
|
|
else {
|
2017-05-24 09:43:11 +02:00
|
|
|
# add col for not visible checkmark
|
|
|
|
|
push(@cols, "", $act);
|
2007-04-12 20:24:50 +00:00
|
|
|
}
|
|
|
|
|
if ($config{'view_condition'}) {
|
2017-05-24 09:47:31 +02:00
|
|
|
push(@cols, &describe_rule($r));
|
2007-04-12 20:24:50 +00:00
|
|
|
}
|
|
|
|
|
if ($config{'view_comment'}) {
|
2010-06-25 12:01:36 -07:00
|
|
|
$cmt = $config{'comment_mod'} ||
|
|
|
|
|
$r->{'comment'} ?
|
2007-04-12 20:24:50 +00:00
|
|
|
$r->{'comment'}->[1] : $r->{'cmt'};
|
|
|
|
|
push(@cols, $cmt);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Up/down mover
|
|
|
|
|
local $mover;
|
|
|
|
|
if ($r eq $rules[@rules-1]) {
|
|
|
|
|
$mover .= "<img src=images/gap.gif>";
|
|
|
|
|
}
|
|
|
|
|
else {
|
2017-06-28 12:39:58 +02:00
|
|
|
$mover .= "<a href='move.cgi?version=${ipvx_arg}&table=".
|
2008-02-24 21:58:33 +00:00
|
|
|
&urlize($in{'table'}).
|
|
|
|
|
"&idx=$r->{'index'}&".
|
2007-04-12 20:24:50 +00:00
|
|
|
"down=1'><img src=".
|
|
|
|
|
"images/down.gif border=0></a>";
|
|
|
|
|
}
|
|
|
|
|
if ($r eq $rules[0]) {
|
|
|
|
|
$mover .= "<img src=images/gap.gif>";
|
|
|
|
|
}
|
|
|
|
|
else {
|
2017-06-28 12:39:58 +02:00
|
|
|
$mover .= "<a href='move.cgi?version=${ipvx_arg}&table=".
|
2008-02-24 21:58:33 +00:00
|
|
|
&urlize($in{'table'}).
|
|
|
|
|
"&idx=$r->{'index'}&".
|
2007-04-12 20:24:50 +00:00
|
|
|
"up=1'><img src=images/up.gif ".
|
|
|
|
|
"border=0></a>";
|
|
|
|
|
}
|
|
|
|
|
push(@cols, $mover);
|
|
|
|
|
|
|
|
|
|
# Before / after adder
|
|
|
|
|
local $adder;
|
2017-06-28 14:18:33 +02:00
|
|
|
$adder .= "<a href='edit_rule.cgi?version=${ipvx_arg}&table=".
|
2008-02-24 21:58:33 +00:00
|
|
|
&urlize($in{'table'}).
|
2010-06-10 11:22:30 -07:00
|
|
|
"&chain=".&urlize($c)."&new=1&".
|
2007-04-12 20:24:50 +00:00
|
|
|
"after=$r->{'index'}'><img src=".
|
|
|
|
|
"images/after.gif border=0></a>";
|
2017-06-28 14:18:33 +02:00
|
|
|
$adder .= "<a href='edit_rule.cgi?version=${ipvx_arg}&table=".
|
2008-02-24 21:58:33 +00:00
|
|
|
&urlize($in{'table'}).
|
2010-06-10 11:22:30 -07:00
|
|
|
"&chain=".&urlize($c)."&new=1&".
|
2007-04-12 20:24:50 +00:00
|
|
|
"before=$r->{'index'}'><img src=".
|
|
|
|
|
"images/before.gif border=0></a>";
|
2017-05-10 17:39:42 +02:00
|
|
|
push(@cols, $adder);
|
|
|
|
|
# chain to jump to is filtered, switch of edit
|
|
|
|
|
if ($edit && !$chain_filtered) {
|
|
|
|
|
print &ui_checked_columns_row(
|
|
|
|
|
\@cols, \@tds, "d", $r->{'index'});
|
|
|
|
|
}
|
|
|
|
|
else {
|
2017-05-24 09:43:11 +02:00
|
|
|
print &ui_columns_row(\@cols, \@tds);
|
2017-05-10 17:39:42 +02:00
|
|
|
}
|
|
|
|
|
}
|
2007-04-12 20:24:50 +00:00
|
|
|
print &ui_columns_end();
|
|
|
|
|
print &ui_links_row(\@links);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
print "<b>$text{'index_none'}</b><br>\n";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Show policy changing button for chains that support it,
|
|
|
|
|
# and rule-adding button
|
|
|
|
|
print "<table width=100%><tr>\n";
|
|
|
|
|
local $d = $table->{'defaults'}->{$c};
|
|
|
|
|
if ($d ne '-') {
|
2010-02-25 15:49:01 -08:00
|
|
|
# Built-in chain
|
2007-04-12 20:24:50 +00:00
|
|
|
if ($access{'policy'}) {
|
|
|
|
|
# Change default button
|
|
|
|
|
print "<td width=33% nowrap>",
|
|
|
|
|
&ui_submit($text{'index_policy'}),"\n";
|
|
|
|
|
print "<select name=policy>\n";
|
|
|
|
|
foreach $t ('ACCEPT','DROP','QUEUE','RETURN') {
|
2013-11-08 22:29:09 +08:00
|
|
|
printf "<option value=%s %s>%s</option>\n",
|
2007-04-12 20:24:50 +00:00
|
|
|
$t, $d eq $t ? "selected" : "",
|
|
|
|
|
$text{"index_policy_".lc($t)};
|
|
|
|
|
}
|
|
|
|
|
print "</select></td>\n";
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
print "<td width=33%></td>\n";
|
|
|
|
|
}
|
|
|
|
|
print "<td align=center width=33%>\n";
|
|
|
|
|
if (@rules) {
|
|
|
|
|
# Delete selected button
|
|
|
|
|
print &ui_submit($text{'index_cdeletesel'},
|
|
|
|
|
"delsel"),"\n";
|
2010-02-25 14:55:14 -08:00
|
|
|
|
|
|
|
|
# Move selected button
|
|
|
|
|
print &ui_submit($text{'index_cmovesel'},
|
|
|
|
|
"movesel"),"\n";
|
2007-04-12 20:24:50 +00:00
|
|
|
}
|
|
|
|
|
print "</td>\n";
|
|
|
|
|
}
|
|
|
|
|
else {
|
2010-02-25 15:49:01 -08:00
|
|
|
# Custom chain
|
2007-04-12 20:24:50 +00:00
|
|
|
if ($access{'delchain'}) {
|
2010-02-25 15:49:01 -08:00
|
|
|
# Delete and rename chain buttons
|
2007-04-12 20:24:50 +00:00
|
|
|
print "<td width=33%>",
|
|
|
|
|
&ui_submit($text{'index_cdelete'}, "delete"),
|
2010-02-25 15:49:01 -08:00
|
|
|
"\n",
|
|
|
|
|
&ui_submit($text{'index_crename'}, "rename"),
|
2007-04-12 20:24:50 +00:00
|
|
|
"</td>\n";
|
|
|
|
|
}
|
|
|
|
|
print "<td align=center width=33%>\n";
|
|
|
|
|
if (@rules) {
|
2010-02-25 15:49:01 -08:00
|
|
|
# Clear chain button
|
2007-04-12 20:24:50 +00:00
|
|
|
if ($access{'delchain'}) {
|
|
|
|
|
print &ui_submit($text{'index_cclear'},
|
|
|
|
|
"clear"),"\n";
|
|
|
|
|
}
|
2010-02-25 14:55:14 -08:00
|
|
|
|
|
|
|
|
# Delete rules button
|
2007-04-12 20:24:50 +00:00
|
|
|
print &ui_submit($text{'index_cdeletesel'},
|
|
|
|
|
"delsel"),"\n";
|
2010-02-25 14:55:14 -08:00
|
|
|
|
|
|
|
|
# Move selected button
|
|
|
|
|
print &ui_submit($text{'index_cmovesel'},
|
|
|
|
|
"movesel"),"\n";
|
2007-04-12 20:24:50 +00:00
|
|
|
}
|
|
|
|
|
print "</td>\n";
|
|
|
|
|
}
|
|
|
|
|
print "<td align=right width=33%>",
|
|
|
|
|
&ui_submit($text{'index_radd'}, "add"),"</td>\n";
|
|
|
|
|
print "</tr></table></form>\n";
|
|
|
|
|
$form++;
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-17 19:58:01 +02:00
|
|
|
|
2017-06-17 20:22:08 +02:00
|
|
|
# Show ipset overview if ipsets are availibe
|
|
|
|
|
# may need to check if they are used by firewall rules
|
|
|
|
|
@ipsets = &get_ipsets_active();
|
2017-06-17 19:58:01 +02:00
|
|
|
if (@ipsets) {
|
|
|
|
|
print &ui_hr();
|
2017-06-17 20:22:08 +02:00
|
|
|
print "<b>$text{'index_ipset_title'}</b>";
|
2017-06-17 19:58:01 +02:00
|
|
|
# Generate the header
|
|
|
|
|
local (@hcols, @tds);
|
2017-06-20 15:26:49 +02:00
|
|
|
push(@hcols, $text{'index_ipset'}, "<b>$text{'index_ipset_name'}</b> ", $text{'index_ipset_type'},
|
|
|
|
|
$text{'index_ipset_elem'}, $text{'index_ipset_maxe'}, $text{'index_ipset_size'});
|
2017-06-17 19:58:01 +02:00
|
|
|
push(@tds, "", "", "", "", "");
|
|
|
|
|
print &ui_columns_start(\@hcols, 100, 0, \@tds);
|
|
|
|
|
# Generate a row for each rule
|
|
|
|
|
foreach $s (@ipsets) {
|
|
|
|
|
local @cols;
|
2017-06-20 15:26:49 +02:00
|
|
|
local @h= split(/ /, $s->{'Header'});
|
2017-06-22 16:43:01 +02:00
|
|
|
# print matching pínet version
|
|
|
|
|
if ($h[1] =~ /inet${ipvx}$/) {
|
|
|
|
|
push(@cols, " $h[0] $h[1]", " <b>$s->{'Name'}</b>",
|
|
|
|
|
$s->{'Type'}, $s->{'Number'}, $h[5], $s->{'Size'});
|
|
|
|
|
print &ui_columns_row(\@cols, \@tds);
|
|
|
|
|
}
|
2017-06-17 19:58:01 +02:00
|
|
|
}
|
|
|
|
|
print &ui_columns_end();
|
|
|
|
|
}
|
|
|
|
|
|
2007-04-12 20:24:50 +00:00
|
|
|
# Display buttons for applying and un-applying the configuration,
|
|
|
|
|
# and for creating an init script if possible
|
2008-05-10 03:09:08 +00:00
|
|
|
print &ui_hr();
|
2013-07-08 08:50:20 +08:00
|
|
|
print &ui_buttons_start();
|
2007-04-12 20:24:50 +00:00
|
|
|
|
2017-07-01 15:41:18 +02:00
|
|
|
if (!$config{"direct${ipvx}"}) {
|
2014-12-14 10:16:48 -08:00
|
|
|
# Buttons to apply and reset the config
|
2007-04-12 20:24:50 +00:00
|
|
|
if (&foreign_check("servers")) {
|
|
|
|
|
@servers = &list_cluster_servers();
|
|
|
|
|
}
|
|
|
|
|
if ($access{'apply'}) {
|
2013-07-08 08:50:20 +08:00
|
|
|
print &ui_buttons_row("apply.cgi",
|
|
|
|
|
$text{'index_apply'},
|
|
|
|
|
@servers ? $text{'index_applydesc2'}
|
|
|
|
|
: $text{'index_applydesc'},
|
|
|
|
|
[ [ "table", $in{'table'} ] ]);
|
2007-04-12 20:24:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($access{'unapply'}) {
|
2013-07-08 08:50:20 +08:00
|
|
|
print &ui_buttons_row("unapply.cgi",
|
|
|
|
|
$text{'index_unapply'},
|
|
|
|
|
$text{'index_unapplydesc'},
|
|
|
|
|
[ [ "table", $in{'table'} ] ]);
|
2007-04-12 20:24:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($init_support && $access{'bootup'}) {
|
2013-07-08 08:50:20 +08:00
|
|
|
print &ui_buttons_row("bootup.cgi",
|
|
|
|
|
$text{'index_bootup'},
|
|
|
|
|
$text{'index_bootupdesc'},
|
|
|
|
|
[ [ "table", $in{'table'} ] ],
|
|
|
|
|
&ui_yesno_radio("boot", $atboot));
|
2007-04-12 20:24:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($access{'setup'}) {
|
2013-07-08 08:50:20 +08:00
|
|
|
print &ui_buttons_row("index.cgi",
|
|
|
|
|
$text{'index_reset'}, $text{'index_resetdesc'},
|
|
|
|
|
[ [ "reset", 1 ] ]);
|
2007-04-12 20:24:50 +00:00
|
|
|
}
|
|
|
|
|
}
|
2014-12-14 10:16:48 -08:00
|
|
|
else {
|
|
|
|
|
# Button to save the live config in a file
|
|
|
|
|
if ($access{'unapply'}) {
|
|
|
|
|
print &ui_buttons_row("unapply.cgi",
|
|
|
|
|
$text{'index_unapply2'},
|
|
|
|
|
$text{'index_unapply2desc'},
|
|
|
|
|
[ [ "table", $in{'table'} ] ]);
|
|
|
|
|
}
|
|
|
|
|
}
|
2007-04-12 20:24:50 +00:00
|
|
|
|
|
|
|
|
# Show button for cluster page
|
|
|
|
|
if (&foreign_check("servers")) {
|
|
|
|
|
&foreign_require("servers", "servers-lib.pl");
|
|
|
|
|
@allservers = grep { $_->{'user'} }
|
|
|
|
|
&servers::list_servers();
|
|
|
|
|
}
|
|
|
|
|
if ($access{'cluster'} && @allservers) {
|
2013-07-08 08:50:20 +08:00
|
|
|
print &ui_buttons_row(
|
|
|
|
|
"cluster.cgi", $text{'index_cluster'},
|
|
|
|
|
$text{'index_clusterdesc'});
|
2007-04-12 20:24:50 +00:00
|
|
|
}
|
|
|
|
|
|
2013-07-08 08:50:20 +08:00
|
|
|
print &ui_buttons_end();
|
2007-04-12 20:24:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
&ui_print_footer("/", $text{'index'});
|
|
|
|
|
|
2017-05-10 17:39:42 +02:00
|
|
|
sub external_firewall_message
|
|
|
|
|
{
|
|
|
|
|
local $fwname="";
|
2021-09-28 16:30:05 +03:00
|
|
|
local $fwconfig="@{[&get_webprefix()]}/config.cgi?firewall";
|
2017-05-10 17:39:42 +02:00
|
|
|
|
|
|
|
|
# detect external firewalls
|
|
|
|
|
local ($filter) = grep { $_->{'name'} eq 'filter' } @{$_[0]};
|
|
|
|
|
if ($filter->{'defaults'}->{'shorewall'}) {
|
2017-06-22 13:57:18 +02:00
|
|
|
$fwname.='shorewall ';
|
2017-05-10 17:39:42 +02:00
|
|
|
}
|
|
|
|
|
if ($filter->{'defaults'}->{'INPUT_ZONES'}) {
|
2017-06-22 13:57:18 +02:00
|
|
|
$fwname.='firewalld ';
|
2017-05-10 17:39:42 +02:00
|
|
|
}
|
2017-10-21 17:50:57 -07:00
|
|
|
if ($filter->{'defaults'} =~ /^f2b-|^fail2ban-/ && !$config{'filter_chain'} ) {
|
2017-06-22 13:57:18 +02:00
|
|
|
$fwname.='fail2ban ';
|
2017-05-10 17:39:42 +02:00
|
|
|
}
|
|
|
|
|
# warning about not using direct
|
2017-07-01 15:41:18 +02:00
|
|
|
if($fwname && !$config{"direct${ipvx}"}) {
|
2017-05-10 17:39:42 +02:00
|
|
|
print "<b><center>",
|
|
|
|
|
&text('index_filter_nodirect', $fwconfig),
|
2017-05-10 11:51:10 +02:00
|
|
|
"</b></center><p>\n";
|
2017-05-10 17:39:42 +02:00
|
|
|
}
|
2017-11-04 18:55:32 +01:00
|
|
|
# alert about the detected firewall modules
|
|
|
|
|
foreach my $word (split ' ', $fwname) {
|
2021-09-28 16:30:05 +03:00
|
|
|
print ui_alert_box(&text("index_$word", "@{[&get_webprefix()]}/$word/", $fwconfig), 'warn');
|
2017-11-04 18:55:32 +01:00
|
|
|
}
|
2017-05-10 17:39:42 +02:00
|
|
|
}
|
