#!/usr/local/bin/perl # index.cgi # Display current iptables firewall configuration from save file require './firewall-lib.pl'; &ReadParse(); if ($iptables_save_file) { $desc = &text('index_editing', "$iptables_save_file"); } &ui_print_header(undef, $text{'index_title'}, undef, "intro", 1, 1, 0, &help_search_link("iptables", "man", "doc"), undef, undef, $desc); # Check for iptables and iptables-restore commands if ($c = &missing_firewall_commands()) { print "
",&text('index_ecommand', "$c"),"
\n"; &ui_print_footer("/", $text{'index'}); exit; } # Check if the kernel supports iptables $out = `iptables -n -t filter -L OUTPUT 2>&1`; if ($?) { print "
",&text('index_ekernel', "
$out"),"
\n"; &ui_print_footer("/", $text{'index'}); exit; } # Check if the distro supports iptables if (!$config{'direct'} && defined(&check_iptables) && ($err = &check_iptables())) { print "
$err
\n"; &ui_print_footer("/", $text{'index'}); exit; } # Check if firewall is being started at boot if (!$config{'direct'} && &foreign_check("init")) { $init_support++; if (defined(&started_at_boot)) { $atboot = &started_at_boot(); } else { &foreign_require("init", "init-lib.pl"); $atboot = &init::action_status("webmin-iptables") == 2; } } # Check if the save file exists. If not, check for any existing firewall # rules, and offer to create a save file from them @livetables = &get_iptables_save("iptables-save 2>/dev/null |"); &shorewall_message(\@livetables); if (!$config{'direct'} && (!-s $iptables_save_file || $in{'reset'}) && $access{'setup'}) { @tables = @livetables; foreach $t (@tables) { $rules++ if (@{$t->{'rules'}}); foreach $c (keys %{$t->{'defaults'}}) { $chains++ if ($t->{'defaults'}->{$c} ne 'ACCEPT'); } $hastable{$t->{'name'}}++; } foreach $t (@known_tables) { system("iptables -t $t -n -L >/dev/null") if (!$hastable{$t}); } if (!$in{'reset'} && ($rules || $chains)) { # Offer to save the current rules print &text('index_existing', $rules, "$iptables_save_file"),"\n"; print "
\n"; print "
$text{'index_headerex'} |
"; open(OUT, "iptables-save 2>/dev/null |"); while( |
\n"; print "
\n"; } } else { $form = 0; @tables = &get_iptables_save(); if (!$config{'direct'}) { # Verify that all known tables exist, and if not add them to the # save file foreach $t (@tables) { $hastable{$t->{'name'}}++; } foreach $t (@known_tables) { if (!$hastable{$t}) { local ($missing) = &get_iptables_save( "iptables-save --table $t 2>/dev/null |"); if ($missing) { delete($missing->{'line'}); &save_table($missing); } $need_reload++; } } @tables = &get_iptables_save() if ($need_reload); } # Work out the default table if (!defined($in{'table'})) { foreach $t (@tables) { if (@{$t->{'rules'}} && &can_edit_table($t->{'name'})) { $in{'table'} = $t->{'index'}; last; } } } if (!defined($in{'table'})) { foreach $t (@tables) { if (&can_edit_table($t->{'name'})) { $in{'table'} = $t->{'index'}; last; } } } $table = $tables[$in{'table'}]; # Allow selection of a table print "\n"; } }