firewall/save_policy.cgi

   1 #!/usr/local/bin/perl
   2 # save_policy.cgi
   3 # Change the default policy for some chain
   4
   5 require './firewall-lib.pl';
   6 &ReadParse();
   7 @tables = &get_iptables_save();
   8 $table = $tables[$in{'table'}];
   9 &can_edit_table($table->{'name'}) || &error($text{'etable'});
  10 @d = split(/\0/, $in{'d'});
  11
  12 if ($in{'add'}) {
  13         # Redirect to the rule page for adding a rule
  14         &redirect("edit_rule.cgi?table=".&urlize($in{'table'}).
  15                   "&chain=".&urlize($in{'chain'})."&new=1");
  16         }
  17 elsif ($in{'delete'} && $in{'confirm'}) {
  18         # Delete this entire chain and all rules in it
  19         &lock_file($iptables_save_file);
  20         $access{'delchain'} || &error($text{'delete_ecannot'});
  21         $table->{'rules'} = [ grep { $_->{'chain'} ne $in{'chain'} }
  22                                    @{$table->{'rules'}} ];
  23         delete($table->{'defaults'}->{$in{'chain'}});
  24         &run_before_command();
  25         &save_table($table);
  26         &run_after_command();
  27         &copy_to_cluster();
  28         &unlock_file($iptables_save_file);
  29         &webmin_log("delete", "chain", undef, { 'chain' => $in{'chain'},
  30                                                 'table' => $table->{'name'} });
  31         &redirect("index.cgi?table=".&urlize($in{'table'}));
  32         }
  33 elsif ($in{'clear'} && $in{'confirm'}) {
  34         # Delete all rules from this chain
  35         $access{'delchain'} || &error($text{'clear_ecannot'});
  36         &lock_file($iptables_save_file);
  37         $table->{'rules'} = [ grep { $_->{'chain'} ne $in{'chain'} }
  38                                    @{$table->{'rules'}} ];
  39         &run_before_command();
  40         &save_table($table);
  41         &run_after_command();
  42         &copy_to_cluster();
  43         &unlock_file($iptables_save_file);
  44         &webmin_log("clear", "chain", undef, { 'chain' => $in{'chain'},
  45                                                'table' => $table->{'name'} });
  46         &redirect("index.cgi?table=".&urlize($in{'table'}));
  47         }
  48 elsif ($in{'delete'} || $in{'clear'}) {
  49         # Ask for confirmation on deleting the chain
  50         $mode = $in{'delete'} ? "delete" : "clear";
  51         $access{'delchain'} || &error($text{$mode.'_ecannot'});
  52         &ui_print_header(undef, $text{$mode.'_title'}, "");
  53
  54         @rules = grep { $_->{'chain'} eq $in{'chain'} } @{$table->{'rules'}};
  55         print &ui_form_start("save_policy.cgi");
  56         print &ui_hidden("table", $in{'table'});
  57         print &ui_hidden("chain", $in{'chain'});
  58         print &ui_hidden($mode, 1);
  59         print "<center><b>",&text($mode.'_rusure', "<tt>$in{'chain'}</tt>",
  60                                   scalar(@rules)),"</b><p>\n";
  61         print &ui_submit($text{'delete_ok'}, 'confirm');
  62         print "</center>\n";
  63         print &ui_form_end();
  64
  65         &ui_print_footer("index.cgi?table=".&urlize($in{'table'}),
  66                          $text{'index_return'});
  67         }
  68 elsif ($in{'rename'} && $in{'newname'}) {
  69         # Rename a chain
  70         &lock_file($iptables_save_file);
  71         $access{'delchain'} || &error($text{'rename_ecannot'});
  72         $in{'newname'} =~ /^\S+$/ || &error($text{'new_ename'});
  73
  74         # Change the chain on each rule
  75         foreach $r (@{$table->{'rules'}}) {
  76                 if ($r->{'chain'} eq $in{'chain'}) {
  77                         $r->{'chain'} = $in{'newname'};
  78                         }
  79                 }
  80
  81         # Rename the default
  82         $table->{'defaults'}->{$in{'newname'}} =
  83                 $table->{'defaults'}->{$in{'chain'}};
  84         delete($table->{'defaults'}->{$in{'chain'}});
  85
  86         # Adjust any other rules
  87         if ($in{'adjust'}) {
  88                 foreach $r (@{$table->{'rules'}}) {
  89                         if ($r->{'j'} && $r->{'j'}->[1] eq $in{'chain'}) {
  90                                 $r->{'j'}->[1] = $in{'newname'};
  91                                 }
  92                         }
  93                 }
  94
  95         &run_before_command();
  96         &save_table($table);
  97         &run_after_command();
  98         &copy_to_cluster();
  99         &unlock_file($iptables_save_file);
 100         &webmin_log("rename", "chain", undef, { 'chain' => $in{'chain'},
 101                                                 'table' => $table->{'name'} });
 102         &redirect("index.cgi?table=".&urlize($in{'table'}));
 103         }
 104 elsif ($in{'rename'}) {
 105         # Show chain rename form
 106         &ui_print_header(undef, $text{'rename_title'}, "");
 107
 108         print &ui_form_start("save_policy.cgi");
 109         print &ui_hidden("table", $in{'table'});
 110         print &ui_hidden("chain", $in{'chain'});
 111         print &ui_hidden("rename", 1);
 112         print &ui_table_start($text{'rename_header'}, undef, 2);
 113
 114         # Number of rules and old name
 115         @rules = grep { $_->{'chain'} eq $in{'chain'} } @{$table->{'rules'}};
 116         print &ui_table_row($text{'rename_chain'}, $in{'chain'});
 117         print &ui_table_row($text{'rename_count'},
 118                 scalar(@rules) || $text{'rename_none'});
 119
 120         # Destination chain
 121         print &ui_table_row($text{'rename_name'},
 122                 &ui_textbox("newname", undef, 20));
 123
 124         # Adjust other rules?
 125         print &ui_table_row(" ",
 126                 &ui_checkbox("adjust", 1, $text{'rename_adjust'}, 1));
 127
 128         print &ui_table_end();
 129         print &ui_form_end([ [ undef, $text{'rename_ok'} ] ]);
 130
 131         &ui_print_footer("index.cgi?table=".&urlize($in{'table'}),
 132                          $text{'index_return'});
 133         }
 134 elsif ($in{'delsel'}) {
 135         # Just delete selected rules
 136         %idxs = map { $_, 1 } @d;
 137         &lock_file($iptables_save_file);
 138         $table->{'rules'} = [ grep { $_->{'chain'} ne $in{'chain'} ||
 139                                      !$idxs{$_->{'index'}} }
 140                                    @{$table->{'rules'}} ];
 141         &run_before_command();
 142         &save_table($table);
 143         &run_after_command();
 144         &copy_to_cluster();
 145         &unlock_file($iptables_save_file);
 146         &webmin_log("delsel", "chain", undef, { 'chain' => $in{'chain'},
 147                                                 'table' => $table->{'name'},
 148                                                 'count' => scalar(@d)});
 149         &redirect("index.cgi?table=".&urlize($in{'table'}));
 150         }
 151 elsif ($in{'movesel'} && $in{'dest'}) {
 152         # Move selected rules to new chain
 153         %idxs = map { $_, 1 } @d;
 154         &lock_file($iptables_save_file);
 155
 156         # Change the chain on each rule
 157         foreach $r (@{$table->{'rules'}}) {
 158                 if ($r->{'chain'} eq $in{'chain'} && $idxs{$r->{'index'}}) {
 159                         $r->{'chain'} = $in{'dest'};
 160                         }
 161                 }
 162
 163         &run_before_command();
 164         &save_table($table);
 165         &run_after_command();
 166         &copy_to_cluster();
 167         &unlock_file($iptables_save_file);
 168         &webmin_log("movesel", "chain", undef, { 'chain' => $in{'chain'},
 169                                                  'table' => $table->{'name'},
 170                                                  'count' => scalar(@d)});
 171         &redirect("index.cgi?table=".&urlize($in{'table'}));
 172         }
 173 elsif ($in{'movesel'}) {
 174         # Show rule move form
 175         &ui_print_header(undef, $text{'move_title'}, "");
 176
 177         print &ui_form_start("save_policy.cgi");
 178         print &ui_hidden("table", $in{'table'});
 179         print &ui_hidden("chain", $in{'chain'});
 180         print &ui_hidden("movesel", 1);
 181         foreach $d (@d) {
 182                 print &ui_hidden("d", $d);
 183                 }
 184         print &ui_table_start($text{'move_header'}, undef, 2);
 185
 186         # Number of rules and source
 187         print &ui_table_row($text{'move_count'}, scalar(@d));
 188         print &ui_table_row($text{'move_chain'}, $in{'chain'});
 189
 190         # Destination chain
 191         print &ui_table_row($text{'move_dest'},
 192                 &ui_select("dest", $in{'chain'},
 193                    [ grep { $_ ne $in{'chain'} }
 194                           sort by_string_for_iptables
 195                                (keys %{$table->{'defaults'}}) ]));
 196
 197         print &ui_table_end();
 198         print &ui_form_end([ [ undef, $text{'move_ok'} ] ]);
 199
 200         &ui_print_footer("index.cgi?table=".&urlize($in{'table'}),
 201                          $text{'index_return'});
 202         }
 203 else {
 204         # Change the default for this chain
 205         $access{'policy'} || &error($text{'policy_ecannot'});
 206         &lock_file($iptables_save_file);
 207         $table->{'defaults'}->{$in{'chain'}} = $in{'policy'};
 208         &run_before_command();
 209         &save_table($table);
 210         &run_after_command();
 211         &copy_to_cluster();
 212         &unlock_file($iptables_save_file);
 213         &webmin_log("modify", "chain", undef, { 'chain' => $in{'chain'},
 214                                                 'table' => $table->{'name'} });
 215         &redirect("index.cgi?table=".&urlize($in{'table'}));
 216         }
 217