3 # Create, update or delete a firewall rule
5 require './itsecur-lib.pl';
6 &can_edit_error("rules");
8 @rules = &list_rules();
9 @groups = &list_groups();
11 $rule = $rules[$in{'idx'}];
13 &lock_itsecur_files();
15 if ($config{'rusure'} && !$in{'confirm'} && !$in{'new'}) {
16 # Ask for confirmation before making this change
17 &header($text{'rule_title2'}, "",
18 undef, undef, undef, undef, &apply_button());
19 $rule = $rules[$in{'idx'}];
22 print "<form action=save_rule.cgi>\n";
23 print "<center>",&text($in{'delete'} ? 'rule_rusured'
24 : 'rule_rusures'),"<p>\n";
25 foreach $i (keys %in) {
26 foreach $v (split(/\0/, $in{$i})) {
27 print "<input type=hidden name=$i value='",
28 &html_escape($v),"'>\n";
31 print "<input type=submit name=confirm value='$text{'rule_goahead'}'>\n";
32 print "</center></form>\n";
35 &footer("list_rules.cgi", $text{'rules_return'});
41 splice(@rules, $in{'idx'}, 1);
44 # Validate and store inputs
45 &error_setup($text{'rule_err'});
46 $rule->{'desc'} = $in{'desc'} || "*";
47 foreach $s ('source', 'dest') {
48 if ($in{"${s}_mode"} == 0) {
51 elsif ($in{"${s}_mode"} == 1) {
52 &valid_host($in{"${s}_host"}) ||
53 &error($text{"rule_e${s}"});
54 if ($in{"${s}_resolv"}) {
55 local $rs = &to_ipaddress($in{"${s}_host"});
56 $in{"${s}_host"} = $rs if ($rs);
58 if ($in{"${s}_name"}) {
59 # Add a group for this network/host
60 $in{"${s}_name"} =~ /^\S+$/ ||
61 &error($text{'rule_ename'});
62 $rule->{$s} = "@".$in{"${s}_name"};
63 local @mems = ( $in{"${s}_host"} );
64 push(@groups, { 'name' => $in{"${s}_name"},
65 'members' => \@mems });
68 $rule->{$s} = $in{"${s}_host"};
71 elsif ($in{"${s}_mode"} == 2) {
72 $rule->{$s} = join(" ", map { '@'.$_ }
73 split(/\0/, $in{"${s}_group"}));
74 $rule->{$s} || &error($text{'rule_egroups'});
76 elsif ($in{"${s}_mode"} == 3) {
77 $rule->{$s} = '%'.$in{"${s}_iface"};
79 $rule->{$s} = "!".$rule->{$s} if ($in{"${s}_not"});
81 if ($in{"service_mode"} == 0) {
82 $rule->{'service'} = "*";
85 $rule->{'service'} = join(",", split(/\0/, $in{"service"}));
86 $rule->{'service'} || &error($text{'rule_eservices'});
88 $rule->{'service'} = "!".$rule->{'service'} if ($in{'snot'});
89 $rule->{'action'} = $in{'action'};
90 $rule->{'log'} = int($in{'log'});
91 $rule->{'time'} = $in{'time_def'} ? "*" : $in{'time'};
92 $rule->{'enabled'} = $in{'enabled'};
95 # Add to list at chosen position
96 if ($in{'pos'} == -1) {
100 splice(@rules, $in{'pos'}, 0, $rule);
104 # Maybe change position
105 foreach $r (grep { $_ ne $rule } @rules) {
106 if ($r->{'index'} == $in{'pos'}) {
107 push(@newrules, $rule);
111 push(@newrules, $rule) if ($in{'pos'} == -1);
119 &save_groups(@groups);
120 &unlock_itsecur_files();
121 &remote_webmin_log($in{'delete'} ? "delete" : $in{'new'} ? "create" : "update",
122 "rule", $rule->{'index'}+1, $rule);
123 &redirect("list_rules.cgi");