3 # Change the default policy for some chain
5 require './firewall-lib.pl';
7 @tables = &get_iptables_save();
8 $table = $tables[$in{'table'}];
9 &can_edit_table($table->{'name'}) || &error($text{'etable'});
10 @d = split(/\0/, $in{'d'});
13 # Redirect to the rule page for adding a rule
14 &redirect("edit_rule.cgi?table=".&urlize($in{'table'}).
15 "&chain=".&urlize($in{'chain'})."&new=1");
17 elsif ($in{'delete'} && $in{'confirm'}) {
18 # Delete this entire chain and all rules in it
19 &lock_file($iptables_save_file);
20 $access{'delchain'} || &error($text{'delete_ecannot'});
21 $table->{'rules'} = [ grep { $_->{'chain'} ne $in{'chain'} }
22 @{$table->{'rules'}} ];
23 delete($table->{'defaults'}->{$in{'chain'}});
24 &run_before_command();
28 &unlock_file($iptables_save_file);
29 &webmin_log("delete", "chain", undef, { 'chain' => $in{'chain'},
30 'table' => $table->{'name'} });
31 &redirect("index.cgi?table=".&urlize($in{'table'}));
33 elsif ($in{'clear'} && $in{'confirm'}) {
34 # Delete all rules from this chain
35 $access{'delchain'} || &error($text{'clear_ecannot'});
36 &lock_file($iptables_save_file);
37 $table->{'rules'} = [ grep { $_->{'chain'} ne $in{'chain'} }
38 @{$table->{'rules'}} ];
39 &run_before_command();
43 &unlock_file($iptables_save_file);
44 &webmin_log("clear", "chain", undef, { 'chain' => $in{'chain'},
45 'table' => $table->{'name'} });
46 &redirect("index.cgi?table=".&urlize($in{'table'}));
48 elsif ($in{'delete'} || $in{'clear'}) {
49 # Ask for confirmation on deleting the chain
50 $mode = $in{'delete'} ? "delete" : "clear";
51 $access{'delchain'} || &error($text{$mode.'_ecannot'});
52 &ui_print_header(undef, $text{$mode.'_title'}, "");
54 @rules = grep { $_->{'chain'} eq $in{'chain'} } @{$table->{'rules'}};
55 print &ui_form_start("save_policy.cgi");
56 print &ui_hidden("table", $in{'table'});
57 print &ui_hidden("chain", $in{'chain'});
58 print &ui_hidden($mode, 1);
59 print "<center><b>",&text($mode.'_rusure', "<tt>$in{'chain'}</tt>",
60 scalar(@rules)),"</b><p>\n";
61 print &ui_submit($text{'delete_ok'}, 'confirm');
65 &ui_print_footer("index.cgi?table=".&urlize($in{'table'}),
66 $text{'index_return'});
68 elsif ($in{'rename'} && $in{'newname'}) {
70 &lock_file($iptables_save_file);
71 $access{'delchain'} || &error($text{'rename_ecannot'});
72 $in{'newname'} =~ /^\S+$/ || &error($text{'new_ename'});
74 # Change the chain on each rule
75 foreach $r (@{$table->{'rules'}}) {
76 if ($r->{'chain'} eq $in{'chain'}) {
77 $r->{'chain'} = $in{'newname'};
82 $table->{'defaults'}->{$in{'newname'}} =
83 $table->{'defaults'}->{$in{'chain'}};
84 delete($table->{'defaults'}->{$in{'chain'}});
86 # Adjust any other rules
88 foreach $r (@{$table->{'rules'}}) {
89 if ($r->{'j'} && $r->{'j'}->[1] eq $in{'chain'}) {
90 $r->{'j'}->[1] = $in{'newname'};
95 &run_before_command();
99 &unlock_file($iptables_save_file);
100 &webmin_log("rename", "chain", undef, { 'chain' => $in{'chain'},
101 'table' => $table->{'name'} });
102 &redirect("index.cgi?table=".&urlize($in{'table'}));
104 elsif ($in{'rename'}) {
105 # Show chain rename form
106 &ui_print_header(undef, $text{'rename_title'}, "");
108 print &ui_form_start("save_policy.cgi");
109 print &ui_hidden("table", $in{'table'});
110 print &ui_hidden("chain", $in{'chain'});
111 print &ui_hidden("rename", 1);
112 print &ui_table_start($text{'rename_header'}, undef, 2);
114 # Number of rules and old name
115 @rules = grep { $_->{'chain'} eq $in{'chain'} } @{$table->{'rules'}};
116 print &ui_table_row($text{'rename_chain'}, $in{'chain'});
117 print &ui_table_row($text{'rename_count'},
118 scalar(@rules) || $text{'rename_none'});
121 print &ui_table_row($text{'rename_name'},
122 &ui_textbox("newname", undef, 20));
124 # Adjust other rules?
125 print &ui_table_row(" ",
126 &ui_checkbox("adjust", 1, $text{'rename_adjust'}, 1));
128 print &ui_table_end();
129 print &ui_form_end([ [ undef, $text{'rename_ok'} ] ]);
131 &ui_print_footer("index.cgi?table=".&urlize($in{'table'}),
132 $text{'index_return'});
134 elsif ($in{'delsel'}) {
135 # Just delete selected rules
136 %idxs = map { $_, 1 } @d;
137 &lock_file($iptables_save_file);
138 $table->{'rules'} = [ grep { $_->{'chain'} ne $in{'chain'} ||
139 !$idxs{$_->{'index'}} }
140 @{$table->{'rules'}} ];
141 &run_before_command();
143 &run_after_command();
145 &unlock_file($iptables_save_file);
146 &webmin_log("delsel", "chain", undef, { 'chain' => $in{'chain'},
147 'table' => $table->{'name'},
148 'count' => scalar(@d)});
149 &redirect("index.cgi?table=".&urlize($in{'table'}));
151 elsif ($in{'movesel'} && $in{'dest'}) {
152 # Move selected rules to new chain
153 %idxs = map { $_, 1 } @d;
154 &lock_file($iptables_save_file);
156 # Change the chain on each rule
157 foreach $r (@{$table->{'rules'}}) {
158 if ($r->{'chain'} eq $in{'chain'} && $idxs{$r->{'index'}}) {
159 $r->{'chain'} = $in{'dest'};
163 &run_before_command();
165 &run_after_command();
167 &unlock_file($iptables_save_file);
168 &webmin_log("movesel", "chain", undef, { 'chain' => $in{'chain'},
169 'table' => $table->{'name'},
170 'count' => scalar(@d)});
171 &redirect("index.cgi?table=".&urlize($in{'table'}));
173 elsif ($in{'movesel'}) {
174 # Show rule move form
175 &ui_print_header(undef, $text{'move_title'}, "");
177 print &ui_form_start("save_policy.cgi");
178 print &ui_hidden("table", $in{'table'});
179 print &ui_hidden("chain", $in{'chain'});
180 print &ui_hidden("movesel", 1);
182 print &ui_hidden("d", $d);
184 print &ui_table_start($text{'move_header'}, undef, 2);
186 # Number of rules and source
187 print &ui_table_row($text{'move_count'}, scalar(@d));
188 print &ui_table_row($text{'move_chain'}, $in{'chain'});
191 print &ui_table_row($text{'move_dest'},
192 &ui_select("dest", $in{'chain'},
193 [ grep { $_ ne $in{'chain'} }
194 sort by_string_for_iptables
195 (keys %{$table->{'defaults'}}) ]));
197 print &ui_table_end();
198 print &ui_form_end([ [ undef, $text{'move_ok'} ] ]);
200 &ui_print_footer("index.cgi?table=".&urlize($in{'table'}),
201 $text{'index_return'});
204 # Change the default for this chain
205 $access{'policy'} || &error($text{'policy_ecannot'});
206 &lock_file($iptables_save_file);
207 $table->{'defaults'}->{$in{'chain'}} = $in{'policy'};
208 &run_before_command();
210 &run_after_command();
212 &unlock_file($iptables_save_file);
213 &webmin_log("modify", "chain", undef, { 'chain' => $in{'chain'},
214 'table' => $table->{'name'} });
215 &redirect("index.cgi?table=".&urlize($in{'table'}));