#!/usr/local/bin/perl # index.cgi # Display current iptables firewall configuration from save file require './firewall-lib.pl'; &ReadParse(); if ($iptables_save_file) { $desc = &text('index_editing', "$iptables_save_file"); } &ui_print_header(undef, $text{'index_title'}, undef, "intro", 1, 1, 0, &help_search_link("iptables", "man", "doc"), undef, undef, $desc); # Check for iptables and iptables-restore commands if ($c = &missing_firewall_commands()) { print "

",&text('index_ecommand', "$c"),"

\n"; &ui_print_footer("/", $text{'index'}); exit; } # Check if the kernel supports iptables $out = `iptables -n -t filter -L OUTPUT 2>&1`; if ($?) { print "

",&text('index_ekernel', "

$out

"),"

\n"; &ui_print_footer("/", $text{'index'}); exit; } # Check if the distro supports iptables if (!$config{'direct'} && defined(&check_iptables) && ($err = &check_iptables())) { print "

$err

\n"; &ui_print_footer("/", $text{'index'}); exit; } # Check if firewall is being started at boot if (!$config{'direct'} && &foreign_check("init")) { $init_support++; if (defined(&started_at_boot)) { $atboot = &started_at_boot(); } else { &foreign_require("init", "init-lib.pl"); $atboot = &init::action_status("webmin-iptables") == 2; } } # Check if the save file exists. If not, check for any existing firewall # rules, and offer to create a save file from them @livetables = &get_iptables_save("iptables-save 2>/dev/null |"); &shorewall_message(\@livetables); if (!$config{'direct'} && (!-s $iptables_save_file || $in{'reset'}) && $access{'setup'}) { @tables = @livetables; foreach $t (@tables) { $rules++ if (@{$t->{'rules'}}); foreach $c (keys %{$t->{'defaults'}}) { $chains++ if ($t->{'defaults'}->{$c} ne 'ACCEPT'); } $hastable{$t->{'name'}}++; } foreach $t (@known_tables) { system("iptables -t $t -n -L >/dev/null") if (!$hastable{$t}); } if (!$in{'reset'} && ($rules || $chains)) { # Offer to save the current rules print &text('index_existing', $rules, "$iptables_save_file"),"

\n"; print "

\n"; print "\n"; print "\n"; print "
$text{'index_headerex'}

"; open(OUT, "iptables-save 2>/dev/null |"); while() { print &html_escape($_); } close(OUT); print "

\n"; } else { # Offer to set up a firewall print &text($in{'reset'} ? 'index_rsetup' : 'index_setup', "$iptables_save_file"),"

\n"; print "

\n"; } } else { $form = 0; @tables = &get_iptables_save(); if (!$config{'direct'}) { # Verify that all known tables exist, and if not add them to the # save file foreach $t (@tables) { $hastable{$t->{'name'}}++; } foreach $t (@known_tables) { if (!$hastable{$t}) { local ($missing) = &get_iptables_save( "iptables-save --table $t 2>/dev/null |"); if ($missing) { delete($missing->{'line'}); &save_table($missing); } $need_reload++; } } @tables = &get_iptables_save() if ($need_reload); } # Work out the default table if (!defined($in{'table'})) { foreach $t (@tables) { if (@{$t->{'rules'}} && &can_edit_table($t->{'name'})) { $in{'table'} = $t->{'index'}; last; } } } if (!defined($in{'table'})) { foreach $t (@tables) { if (&can_edit_table($t->{'name'})) { $in{'table'} = $t->{'index'}; last; } } } $table = $tables[$in{'table'}]; # Allow selection of a table print "\n"; print "\n"; print "\n"; $form++; if ($access{'newchain'}) { # Show form to create a chain print "\n"; print "\n"; print "

\n"; print "

",&ui_hidden("table", $in{'table'}); print "\n"; print "

\n"; $form++; } # Display a table of rules for each chain foreach $c (sort by_string_for_iptables keys %{$table->{'defaults'}}) { print &ui_hr(); @rules = grep { lc($_->{'chain'}) eq lc($c) } @{$table->{'rules'}}; print "",$text{"index_chain_".lc($c)} || &text('index_chain', "$c"),"
\n"; print "

\n"; print &ui_hidden("table", $in{'table'}); print &ui_hidden("chain", $c); if (@rules) { @links = ( &select_all_link("d", $form), &select_invert_link("d", $form) ); print &ui_links_row(\@links); # Generate the header local (@hcols, @tds); push(@hcols, "", $text{'index_action'}); push(@tds, "width=5", "width=10% nowrap"); if ($config{'view_condition'}) { push(@hcols, $text{'index_desc'}); push(@tds, ""); } if ($config{'view_comment'}) { push(@hcols, $text{'index_comm'}); push(@tds, ""); } push(@hcols, $text{'index_move'}, $text{'index_add'}); push(@tds, "width=32", "width=32"); print &ui_columns_start(\@hcols, 100, 0, \@tds); # Generate a row for each rule foreach $r (@rules) { $edit = &can_jump($r); local @cols; local $act = $text{"index_jump_".lc($r->{'j'}->[1])} || &text('index_jump', $r->{'j'}->[1]); if ($edit) { push(@cols, "{'index'}'>$act"); } else { push(@cols, $act); } if ($config{'view_condition'}) { push(@cols, &describe_rule($r)); } if ($config{'view_comment'}) { $cmt = $config{'comment_mod'} || $r->{'comment'} ? $r->{'comment'}->[1] : $r->{'cmt'}; push(@cols, $cmt); } # Up/down mover local $mover; if ($r eq $rules[@rules-1]) { $mover .= "

"; } else { $mover .= "{'index'}&". "down=1'>

"; } if ($r eq $rules[0]) { $mover .= "

"; } else { $mover .= "{'index'}&". "up=1'>

"; } push(@cols, $mover); # Before / after adder local $adder; $adder .= "{'index'}'>

"; $adder .= "{'index'}'>

"; push(@cols, $adder); if ($edit) { print &ui_checked_columns_row( \@cols, \@tds, "d", $r->{'index'}); } else { print &ui_columns_row(\@cols, \@tds); } } print &ui_columns_end(); print &ui_links_row(\@links); } else { print "$text{'index_none'}
\n"; } # Show policy changing button for chains that support it, # and rule-adding button print "\n"; local $d = $table->{'defaults'}->{$c}; if ($d ne '-') { # Built-in chain if ($access{'policy'}) { # Change default button print "\n"; } else { print "\n"; } print "\n"; } else { # Custom chain if ($access{'delchain'}) { # Delete and rename chain buttons print "\n"; } print "\n"; } print "\n"; print "

", &ui_submit($text{'index_policy'}),"\n"; print "

\n"; if (@rules) { # Delete selected button print &ui_submit($text{'index_cdeletesel'}, "delsel"),"\n"; # Move selected button print &ui_submit($text{'index_cmovesel'}, "movesel"),"\n"; } print "

", &ui_submit($text{'index_cdelete'}, "delete"), "\n", &ui_submit($text{'index_crename'}, "rename"), "

\n"; if (@rules) { # Clear chain button if ($access{'delchain'}) { print &ui_submit($text{'index_cclear'}, "clear"),"\n"; } # Delete rules button print &ui_submit($text{'index_cdeletesel'}, "delsel"),"\n"; # Move selected button print &ui_submit($text{'index_cmovesel'}, "movesel"),"\n"; } print "

", &ui_submit($text{'index_radd'}, "add"),"

\n"; $form++; } # Display buttons for applying and un-applying the configuration, # and for creating an init script if possible print &ui_hr(); print "\n"; if (!$config{'direct'}) { if (&foreign_check("servers")) { @servers = &list_cluster_servers(); } if ($access{'apply'}) { print "\n"; print &ui_hidden("table", $in{'table'}); print "\n"; if (@servers) { print "\n"; } else { print "\n"; } print "\n"; } if ($access{'unapply'}) { print "\n"; print &ui_hidden("table", $in{'table'}); print "\n"; print "\n"; print "\n"; } if ($init_support && $access{'bootup'}) { print "\n"; print &ui_hidden("table", $in{'table'}); print "\n"; print "\n"; } if ($access{'setup'}) { print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; } } # Show button for cluster page if (&foreign_check("servers")) { &foreign_require("servers", "servers-lib.pl"); @allservers = grep { $_->{'user'} } &servers::list_servers(); } if ($access{'cluster'} && @allservers) { print "\n"; print "\n"; print "\n"; print "\n"; } print "

	$text{'index_applydesc2'}	$text{'index_applydesc'}
	$text{'index_unapplydesc'}
\n"; printf " %s\n", $atboot ? "checked" : "", $text{'yes'}; printf " %s\n", $atboot ? "" : "checked", $text{'no'}; print "	$text{'index_bootupdesc'}
	$text{'index_resetdesc'}
	$text{'index_clusterdesc'}

\n"; } &ui_print_footer("/", $text{'index'}); sub shorewall_message { local ($filter) = grep { $_->{'name'} eq 'filter' } @{$_[0]}; if ($filter->{'defaults'}->{'shorewall'}) { print "", &text('index_shorewall', "$gconfig{'webprefix'}/shorewall/"), "

\n"; } }