squid/save_iptables.cgi

   1 #!/usr/local/bin/perl
   2 # Enable or disable the iptables rule
   3
   4 require './squid-lib.pl';
   5 &foreign_require("firewall", "firewall-lib.pl");
   6 $conf = &get_config();
   7 $port = &get_squid_port();
   8 &error_setup($text{'iptables_err'});
   9 &ReadParse();
  10
  11 # Validate inputs
  12 if ($in{'enabled'} == 1) {
  13         &to_ipaddress($in{'net'}) ||
  14             ($in{'net'} =~ /^([0-9\.]+)\/(\d+)$/ &&
  15             &check_ipaddress($1) && $2 > 0 && $2 <= 32) ||
  16                 &error($text{'iptables_enet'});
  17         }
  18 elsif ($in{'enabled'} == 2) {
  19         $iface = $in{'iface'} eq 'other' ? $in{'iface_other'} : $in{'iface'};
  20         $iface =~ /^\S+$/ || &error($text{'iptables_eiface'});
  21         }
  22
  23 # Get the old rule
  24 @tables = &firewall::get_iptables_save();
  25 ($nat) = grep { $_->{'name'} eq 'nat'} @tables;
  26 if ($in{'rule'} ne "") {
  27         ($rule) = $nat->{'rules'}->[$in{'rule'}];
  28         }
  29
  30 if ($in{'enabled'} && !$rule) {
  31         # Need to create
  32         $rule = { 'chain' => 'PREROUTING',
  33                   'j' => [ '', 'REDIRECT' ],
  34                   'p' => [ '', 'tcp' ],
  35                   'm' => [ '', 'tcp' ],
  36                   'dport' => [ '', 80 ],
  37                   'to-ports' => [ '', $port ],
  38                   ( $iface ? ( 'i' => [ '', $iface ] )
  39                            : ( 's' => [ '', $in{'net'} ] ) ),
  40                   'cmt' => 'Forward HTTP connections to Squid proxy' };
  41         push(@{$nat->{'rules'}}, $rule);
  42         $apply = 1;
  43         }
  44 elsif ($in{'enabled'} && $rule) {
  45         # Need to update
  46         if ($iface) {
  47                 delete($rule->{'s'});
  48                 $rule->{'i'} = [ '', $iface ];
  49                 }
  50         else {
  51                 delete($rule->{'i'});
  52                 $rule->{'s'} = [ '', $in{'net'} ];
  53                 }
  54         $apply = 1;
  55         }
  56 elsif (!$in{'enabled'} && $rule) {
  57         # Need to delete
  58         splice(@{$nat->{'rules'}}, $in{'rule'}, 1);
  59         $apply = 2;
  60         }
  61 else {
  62         $apply = 0;
  63         }
  64
  65 if ($in{'enabled'}) {
  66         # Add appropriate httpd_accel directives
  67         &lock_file($config{'squid_conf'});
  68         if ($squid_version < 2.6) {
  69                 # Old directives
  70                 &save_directive($conf, "httpd_accel_port",
  71                                 [ { 'name' => 'httpd_accel_port',
  72                                     'values' => [ 80 ] } ]);
  73                 &save_directive($conf, "httpd_accel_host",
  74                                 [ { 'name' => 'httpd_accel_host',
  75                                     'values' => [ 'virtual' ] } ]);
  76                 }
  77         else {
  78                 # In Squid 2.6+, acceleration is a port option
  79                 @ports = &find_config("http_port", $conf);
  80                 foreach my $p (@ports) {
  81                         local $trans = 0;
  82                         foreach $v (@{$p->{'values'}}) {
  83                                 $trans++ if ($v eq "transparent");
  84                                 }
  85                         if (!$trans) {
  86                                 push(@{$p->{'values'}}, "transparent");
  87                                 }
  88                         }
  89                 &save_directive($conf, "http_port", \@ports);
  90                 }
  91         &flush_file_lines();
  92         &unlock_file($config{'squid_conf'});
  93         }
  94
  95 if ($apply && $in{'apply'}) {
  96         # Save and apply firewall
  97         &lock_file($firewall::iptables_save_file);
  98         &firewall::save_table($nat);
  99         &unlock_file($firewall::iptables_save_file);
 100         $err = &firewall::apply_configuration();
 101         &error(&text('iptables_eapply', $err)) if ($err);
 102
 103         # And Squid
 104         $err = &apply_configuration();
 105         &error(&text('iptables_eapply2', $err)) if ($err);
 106
 107         &webmin_log("iptables", $apply);
 108         }
 109
 110 &redirect("");
 111
 112