itsecur-firewall/save_rule.cgi

   1 #!/usr/bin/perl
   2 # save_rule.cgi
   3 # Create, update or delete a firewall rule
   4
   5 require './itsecur-lib.pl';
   6 &can_edit_error("rules");
   7 &ReadParse();
   8 @rules = &list_rules();
   9 @groups = &list_groups();
  10 if (!$in{'new'}) {
  11         $rule = $rules[$in{'idx'}];
  12         }
  13 &lock_itsecur_files();
  14
  15 if ($config{'rusure'} && !$in{'confirm'} && !$in{'new'}) {
  16         # Ask for confirmation before making this change
  17         &header($text{'rule_title2'}, "",
  18                 undef, undef, undef, undef, &apply_button());
  19         $rule = $rules[$in{'idx'}];
  20         print "<hr>\n";
  21
  22         print "<form action=save_rule.cgi>\n";
  23         print "<center>",&text($in{'delete'} ? 'rule_rusured'
  24                                              : 'rule_rusures'),"<p>\n";
  25         foreach $i (keys %in) {
  26                 foreach $v (split(/\0/, $in{$i})) {
  27                         print "<input type=hidden name=$i value='",
  28                                 &html_escape($v),"'>\n";
  29                         }
  30                 }
  31         print "<input type=submit name=confirm value='$text{'rule_goahead'}'>\n";
  32         print "</center></form>\n";
  33
  34         print "<hr>\n";
  35         &footer("list_rules.cgi", $text{'rules_return'});
  36         exit;
  37         }
  38
  39 if ($in{'delete'}) {
  40         # Just take out rule
  41         splice(@rules, $in{'idx'}, 1);
  42         }
  43 else {
  44         # Validate and store inputs
  45         &error_setup($text{'rule_err'});
  46         $rule->{'desc'} = $in{'desc'} || "*";
  47         foreach $s ('source', 'dest') {
  48                 if ($in{"${s}_mode"} == 0) {
  49                         $rule->{$s} = "*";
  50                         }
  51                 elsif ($in{"${s}_mode"} == 1) {
  52                         &valid_host($in{"${s}_host"}) ||
  53                             &error($text{"rule_e${s}"});
  54                         if ($in{"${s}_resolv"}) {
  55                                 local $rs = &to_ipaddress($in{"${s}_host"});
  56                                 $in{"${s}_host"} = $rs if ($rs);
  57                                 }
  58                         if ($in{"${s}_name"}) {
  59                                 # Add a group for this network/host
  60                                 $in{"${s}_name"} =~ /^\S+$/ ||
  61                                         &error($text{'rule_ename'});
  62                                 $rule->{$s} = "@".$in{"${s}_name"};
  63                                 local @mems = ( $in{"${s}_host"} );
  64                                 push(@groups, { 'name' => $in{"${s}_name"},
  65                                                 'members' => \@mems });
  66                                 }
  67                         else {
  68                                 $rule->{$s} = $in{"${s}_host"};
  69                                 }
  70                         }
  71                 elsif ($in{"${s}_mode"} == 2) {
  72                         $rule->{$s} = join(" ", map { '@'.$_ }
  73                                            split(/\0/, $in{"${s}_group"}));
  74                         $rule->{$s} || &error($text{'rule_egroups'});
  75                         }
  76                 elsif ($in{"${s}_mode"} == 3) {
  77                         $rule->{$s} = '%'.$in{"${s}_iface"};
  78                         }
  79                 $rule->{$s} = "!".$rule->{$s} if ($in{"${s}_not"});
  80                 }
  81         if ($in{"service_mode"} == 0) {
  82                 $rule->{'service'} = "*";
  83                 }
  84         else {
  85                 $rule->{'service'} = join(",", split(/\0/, $in{"service"}));
  86                 $rule->{'service'} || &error($text{'rule_eservices'});
  87                 }
  88         $rule->{'service'} = "!".$rule->{'service'} if ($in{'snot'});
  89         $rule->{'action'} = $in{'action'};
  90         $rule->{'log'} = int($in{'log'});
  91         $rule->{'time'} = $in{'time_def'} ? "*" : $in{'time'};
  92         $rule->{'enabled'} = $in{'enabled'};
  93
  94         if ($in{'new'}) {
  95                 # Add to list at chosen position
  96                 if ($in{'pos'} == -1) {
  97                         push(@rules, $rule);
  98                         }
  99                 else {
 100                         splice(@rules, $in{'pos'}, 0, $rule);
 101                         }
 102                 }
 103         else {
 104                 # Maybe change position
 105                 foreach $r (grep { $_ ne $rule } @rules) {
 106                         if ($r->{'index'} == $in{'pos'}) {
 107                                 push(@newrules, $rule);
 108                                 }
 109                         push(@newrules, $r);
 110                         }
 111                 push(@newrules, $rule) if ($in{'pos'} == -1);
 112                 @rules = @newrules;
 113                 }
 114         }
 115
 116 # Save rules list
 117 &automatic_backup();
 118 &save_rules(@rules);
 119 &save_groups(@groups);
 120 &unlock_itsecur_files();
 121 &remote_webmin_log($in{'delete'} ? "delete" : $in{'new'} ? "create" : "update",
 122             "rule", $rule->{'index'}+1, $rule);
 123 &redirect("list_rules.cgi");
 124