#!/usr/local/bin/perl # save_policy.cgi # Change the default policy for some chain require './firewall-lib.pl'; &ReadParse(); @tables = &get_iptables_save(); $table = $tables[$in{'table'}]; &can_edit_table($table->{'name'}) || &error($text{'etable'}); @d = split(/\0/, $in{'d'}); if ($in{'add'}) { # Redirect to the rule page for adding a rule &redirect("edit_rule.cgi?table=".&urlize($in{'table'}). "&chain=".&urlize($in{'chain'})."&new=1"); } elsif ($in{'delete'} && $in{'confirm'}) { # Delete this entire chain and all rules in it &lock_file($iptables_save_file); $access{'delchain'} || &error($text{'delete_ecannot'}); $table->{'rules'} = [ grep { $_->{'chain'} ne $in{'chain'} } @{$table->{'rules'}} ]; delete($table->{'defaults'}->{$in{'chain'}}); &run_before_command(); &save_table($table); &run_after_command(); ©_to_cluster(); &unlock_file($iptables_save_file); &webmin_log("delete", "chain", undef, { 'chain' => $in{'chain'}, 'table' => $table->{'name'} }); &redirect("index.cgi?table=".&urlize($in{'table'})); } elsif ($in{'clear'} && $in{'confirm'}) { # Delete all rules from this chain $access{'delchain'} || &error($text{'clear_ecannot'}); &lock_file($iptables_save_file); $table->{'rules'} = [ grep { $_->{'chain'} ne $in{'chain'} } @{$table->{'rules'}} ]; &run_before_command(); &save_table($table); &run_after_command(); ©_to_cluster(); &unlock_file($iptables_save_file); &webmin_log("clear", "chain", undef, { 'chain' => $in{'chain'}, 'table' => $table->{'name'} }); &redirect("index.cgi?table=".&urlize($in{'table'})); } elsif ($in{'delete'} || $in{'clear'}) { # Ask for confirmation on deleting the chain $mode = $in{'delete'} ? "delete" : "clear"; $access{'delchain'} || &error($text{$mode.'_ecannot'}); &ui_print_header(undef, $text{$mode.'_title'}, ""); @rules = grep { $_->{'chain'} eq $in{'chain'} } @{$table->{'rules'}}; print &ui_form_start("save_policy.cgi"); print &ui_hidden("table", $in{'table'}); print &ui_hidden("chain", $in{'chain'}); print &ui_hidden($mode, 1); print "
",&text($mode.'_rusure', "$in{'chain'}", scalar(@rules)),"

\n"; print &ui_submit($text{'delete_ok'}, 'confirm'); print "

\n"; print &ui_form_end(); &ui_print_footer("index.cgi?table=".&urlize($in{'table'}), $text{'index_return'}); } elsif ($in{'rename'} && $in{'newname'}) { # Rename a chain &lock_file($iptables_save_file); $access{'delchain'} || &error($text{'rename_ecannot'}); $in{'newname'} =~ /^\S+$/ || &error($text{'new_ename'}); # Change the chain on each rule foreach $r (@{$table->{'rules'}}) { if ($r->{'chain'} eq $in{'chain'}) { $r->{'chain'} = $in{'newname'}; } } # Rename the default $table->{'defaults'}->{$in{'newname'}} = $table->{'defaults'}->{$in{'chain'}}; delete($table->{'defaults'}->{$in{'chain'}}); # Adjust any other rules if ($in{'adjust'}) { foreach $r (@{$table->{'rules'}}) { if ($r->{'j'} && $r->{'j'}->[1] eq $in{'chain'}) { $r->{'j'}->[1] = $in{'newname'}; } } } &run_before_command(); &save_table($table); &run_after_command(); ©_to_cluster(); &unlock_file($iptables_save_file); &webmin_log("rename", "chain", undef, { 'chain' => $in{'chain'}, 'table' => $table->{'name'} }); &redirect("index.cgi?table=".&urlize($in{'table'})); } elsif ($in{'rename'}) { # Show chain rename form &ui_print_header(undef, $text{'rename_title'}, ""); print &ui_form_start("save_policy.cgi"); print &ui_hidden("table", $in{'table'}); print &ui_hidden("chain", $in{'chain'}); print &ui_hidden("rename", 1); print &ui_table_start($text{'rename_header'}, undef, 2); # Number of rules and old name @rules = grep { $_->{'chain'} eq $in{'chain'} } @{$table->{'rules'}}; print &ui_table_row($text{'rename_chain'}, $in{'chain'}); print &ui_table_row($text{'rename_count'}, scalar(@rules) || $text{'rename_none'}); # Destination chain print &ui_table_row($text{'rename_name'}, &ui_textbox("newname", undef, 20)); # Adjust other rules? print &ui_table_row(" ", &ui_checkbox("adjust", 1, $text{'rename_adjust'}, 1)); print &ui_table_end(); print &ui_form_end([ [ undef, $text{'rename_ok'} ] ]); &ui_print_footer("index.cgi?table=".&urlize($in{'table'}), $text{'index_return'}); } elsif ($in{'delsel'}) { # Just delete selected rules %idxs = map { $_, 1 } @d; &lock_file($iptables_save_file); $table->{'rules'} = [ grep { $_->{'chain'} ne $in{'chain'} || !$idxs{$_->{'index'}} } @{$table->{'rules'}} ]; &run_before_command(); &save_table($table); &run_after_command(); ©_to_cluster(); &unlock_file($iptables_save_file); &webmin_log("delsel", "chain", undef, { 'chain' => $in{'chain'}, 'table' => $table->{'name'}, 'count' => scalar(@d)}); &redirect("index.cgi?table=".&urlize($in{'table'})); } elsif ($in{'movesel'} && $in{'dest'}) { # Move selected rules to new chain %idxs = map { $_, 1 } @d; &lock_file($iptables_save_file); # Change the chain on each rule foreach $r (@{$table->{'rules'}}) { if ($r->{'chain'} eq $in{'chain'} && $idxs{$r->{'index'}}) { $r->{'chain'} = $in{'dest'}; } } &run_before_command(); &save_table($table); &run_after_command(); ©_to_cluster(); &unlock_file($iptables_save_file); &webmin_log("movesel", "chain", undef, { 'chain' => $in{'chain'}, 'table' => $table->{'name'}, 'count' => scalar(@d)}); &redirect("index.cgi?table=".&urlize($in{'table'})); } elsif ($in{'movesel'}) { # Show rule move form &ui_print_header(undef, $text{'move_title'}, ""); print &ui_form_start("save_policy.cgi"); print &ui_hidden("table", $in{'table'}); print &ui_hidden("chain", $in{'chain'}); print &ui_hidden("movesel", 1); foreach $d (@d) { print &ui_hidden("d", $d); } print &ui_table_start($text{'move_header'}, undef, 2); # Number of rules and source print &ui_table_row($text{'move_count'}, scalar(@d)); print &ui_table_row($text{'move_chain'}, $in{'chain'}); # Destination chain print &ui_table_row($text{'move_dest'}, &ui_select("dest", $in{'chain'}, [ grep { $_ ne $in{'chain'} } sort by_string_for_iptables (keys %{$table->{'defaults'}}) ])); print &ui_table_end(); print &ui_form_end([ [ undef, $text{'move_ok'} ] ]); &ui_print_footer("index.cgi?table=".&urlize($in{'table'}), $text{'index_return'}); } else { # Change the default for this chain $access{'policy'} || &error($text{'policy_ecannot'}); &lock_file($iptables_save_file); $table->{'defaults'}->{$in{'chain'}} = $in{'policy'}; &run_before_command(); &save_table($table); &run_after_command(); ©_to_cluster(); &unlock_file($iptables_save_file); &webmin_log("modify", "chain", undef, { 'chain' => $in{'chain'}, 'table' => $table->{'name'} }); &redirect("index.cgi?table=".&urlize($in{'table'})); }