#!/usr/local/bin/perl # Display a form for editing or creating a firewall rule require './ipfilter-lib.pl'; &ReadParse(); $rules = &get_config(); if ($in{'delsel'}) { # Special case - deleting selected rules @nums = sort { $b cmp $a } split(/\0/, $in{'d'}); if (@nums) { &lock_file($rules->[$nums[0]]->{'file'}); foreach $n (@nums) { &delete_rule($rules->[$n]); } &flush_file_lines(); &unlock_file($rules->[$nums[0]]->{'file'}); &webmin_log("delsel", "rule", undef, { 'count' => scalar(@nums) }); } &redirect(""); exit; } if ($in{'new'}) { &ui_print_header(undef, $text{'edit_title1'}, ""); $rule = { 'action' => 'pass', 'all' => 1, 'active' => 1, 'dir' => 'in', 'quick' => 1 }; } else { $rule = $rules->[$in{'idx'}]; &ui_print_header(undef, $text{'edit_title2'}, ""); } # Javascript for disabling fields print < function all_change(dis) { var f = document.forms[0]; for(i=0; i EOF print &ui_form_start("save_rule.cgi", "post"); print &ui_hidden("new", $in{'new'}),"\n"; print &ui_hidden("idx", $in{'idx'}),"\n"; print &ui_hidden("before", $in{'before'}),"\n"; print &ui_hidden("after", $in{'after'}),"\n"; @tds = ( "width=20%", undef ); print &ui_table_start($text{'edit_header1'}, "width=100%", 2); # Comment print &ui_table_row($text{'edit_cmt'}, $rule->{'cmt'} =~ /\n/ ? &ui_textarea("cmt", $rule->{'cmt'}, 3, 50) : &ui_textbox("cmt", $rule->{'cmt'}, 50), undef, \@tds); # Enabled print &ui_table_row($text{'edit_active'}, &ui_radio("active", $rule->{'active'} ? 1 : 0, [ [ 1, $text{'edit_active1'} ], [ 0, $text{'edit_active0'} ] ])); # Rule action and argument $ra = $rule->{'action'}; push(@action, $ra) if ($ra && &indexof($ra, @actions) < 0); $acts = "\n"; $i = 0; %action_fields = ( 'block' => [ 'block_return', 'block_return_dest' ], 'log' => [ 'log_pri', 'log_fac', 'log_body', 'log_first', 'log_orblock' ], 'skip' => [ 'skip' ], 'call' => [ 'call', 'call_now' ] ); foreach $a (@actions) { $acts .= ""; } $acts .= "

"; local $ma = $rule->{'action'} eq $a; @myfields = @{$action_fields{$a}}; @notfields = map { @{$action_fields{$_}} } grep { $_ ne $a } (keys %action_fields); $acts .= &ui_oneradio("action", $a, $text{"laction_".$a} || $text{"action_".$a} || uc($a), $ma, &js_disable_inputs(\@notfields, \@myfields, "onClick")); if ($a eq "block") { # Show ICMP block options local @codes = ( [ "", $text{'edit_none'} ], [ "rst", $text{'edit_rst'} ] ); push(@codes, map { [ $_ ] } @icmp_codes); push(@codes, [ $rule->{'block-return'} ]) if ($rule->{'block-return'} && $rule->{'block-return'} ne "rst" && &indexof($rule->{'block-return'}, @icmp_codes) < 0); $acts .= &ui_select("block_return", $rule->{'block-return'}, \@codes, 0, 0, 1, !$ma)."\n"; $acts .= &ui_checkbox("block_return_dest", 1, $text{'edit_return_dest'}, $rule->{'block-return-dest'}, undef, !$ma); } elsif ($a eq "log") { # Show logging options $acts .= &logging_options("log", 1, !$ma); } elsif ($a eq "skip") { # Show rule to skip to $acts .= &ui_textbox("skip", $rule->{'skip'}, 10, !$ma); } elsif ($a eq "call") { # Show function name $acts .= &ui_textbox("call", $rule->{'call'}, 20, !$ma)."\n". &ui_checkbox("call_now", 1, $text{'edit_callnow'}, $rule->{'call-now'}, undef, !$ma); } $acts .= "

\n"; print &ui_table_row($text{'edit_action'}, $acts, undef, \@tds); print &ui_table_end(),"
\n"; # Show section for source and destination print &ui_table_start($text{'edit_header2'}, "width=100%", 2); print &ui_table_row($text{'edit_all'}, &ui_radio("all", $rule->{'all'} || 0, [ [ 1, $text{'edit_all1'}, "onClick='all_change(true)'" ], [ 0, $text{'edit_all0'}, "onClick='all_change(false)'" ] ])); foreach $f ("from", "to") { print &ui_table_hr(); ($ft, $pt) = &object_input($rule, $f); print &ui_table_row($text{'edit_'.$f}, $ft); print &ui_table_row($text{'edit_port'.$f}, $pt); } print &ui_table_end(),"
\n"; # Show section for protocol, ttl, tos print &ui_table_start($text{'edit_header3'}, "width=100%", 4); print &ui_table_row($text{'edit_dir'}, &ui_radio("dir", $rule->{'dir'}, [ [ "in", $text{'dir_in'} ], [ "out", $text{'dir_out'} ] ])); print &ui_table_row($text{'edit_proto'}, &protocol_input("proto", $rule->{'proto'}, 1, 0)); print &ui_table_row($text{'edit_tos'}, &ui_opt_textbox("tos", $rule->{'tos'}, 8, $text{'edit_tosany'})); print &ui_table_row($text{'edit_ttl'}, &ui_opt_textbox("ttl", $rule->{'ttl'}, 8, $text{'edit_tosany'})); print &ui_table_row($text{'edit_on'}, &interface_choice("on", $rule->{'on'})); print &ui_table_row($text{'edit_flags'}, &ui_opt_textbox("flags1", $rule->{'flags1'}, 8, $text{'edit_flagsany'}, undef, 0, [ "flags2" ]). " $text{'edit_flags2'} ". &ui_textbox("flags2", $rule->{'flags2'}, 8, !$rule->{'flags1'})); print &ui_table_row($text{'edit_icmp'}, &ui_select("icmptype", $rule->{'icmp-type'}, [ [ "", $text{'edit_icmpany'} ], map { [ $_ ] } @icmp_types ], 0, 0, $rule->{'icmp-type'} ? 1 : 0). " $text{'edit_icmpcode'} ". &ui_select("icmpcode", $rule->{'icmp-type-code'}, [ [ "", $text{'edit_codeany'} ], map { [ $_ ] } @icmp_codes ], 0, 0, $rule->{'icmp-code'} ? 1 : 0), 3); print &ui_table_end(),"
\n"; # Show section for other options print &ui_table_start($text{'edit_header4'}, "width=100%", 2); print "\n"; print "\n"; # Show logging options as action print "\n"; print "\n"; # Show tagging ID print "\n"; print "\n"; # Show duplicate destination print "\n"; ($iface, $ip) = split(/:/, $rule->{'dup-to'}); print "\n"; # Show fast routing destination print "\n"; print "\n"; # Show reply destination print "\n"; print "\n"; # Show state keeping options print "\n"; print "\n"; print &ui_table_end(); if ($in{'new'}) { print &ui_form_end([ [ 'create', $text{'create'} ] ], "100%"); } else { print &ui_form_end([ [ 'save', $text{'save'} ], [ 'delete', $text{'delete'} ] ], "100%"); } $dis = $rule->{'all'} ? "true" : "false"; print "\n"; &ui_print_footer("", $text{'index_return'}); # yes_no_ignored_input(name) sub yes_no_ignored_input { local $mode = $rule->{$_[0]} && $rule->{$_[0]."_not"} ? 2 : $rule->{$_[0]} ? 1 : 0; return &ui_radio($_[0], $mode, [ [ 1, $text{'yes'} ], [ 0, $text{'no'} ] ]); } # logging_options(prefix, split, disable?) sub logging_options { local ($pfx, $split, $dis) = @_; local $rv; local $ll = $rule->{$pfx."-level"}; local ($f, $p); if ($ll =~ /^(\S+)\.(\S+)$/) { $p = $2; $f = $1; } elsif ($ll =~ /\S/) { $p = $ll; } $rv .= &ui_select($pfx."_pri", $p, [ [ "", $text{'default'} ], map { [ $_ ] } @log_priorities ], 0, 0, 1, $dis); $rv .= " $text{'edit_fac'} "; $rv .= &ui_select($pfx."_fac", $f, [ [ "", $text{'default'} ], map { [ $_ ] } @log_facilities ], 0, 0, 1, $dis)."\n"; $rv .= "
\n" if ($_[1]); $rv .= &ui_checkbox($pfx."_body", 1, $text{'edit_log_body'}, $rule->{$pfx.'-body'}, undef, $dis)."\n"; $rv .= &ui_checkbox($pfx."_first", 1, $text{'edit_log_first'}, $rule->{$pfx.'-first'}, undef, $dis)."\n"; $rv .= &ui_checkbox($pfx."_orblock", 1, $text{'edit_log_orblock'}, $rule->{$pfx.'-or-block'}, undef, $dis)."\n"; return $rv; }

",&ui_checkbox("quick", 1, $text{'edit_quick'}, $rule->{'quick'}),"
",&ui_checkbox("olog", 1, $text{'edit_olog'}, $rule->{'olog'}, &js_checkbox_disable("olog", [ ], [ "olog_pri", "olog_fac", "olog_body", "olog_first", "olog_block" ], "onClick")),"	",&logging_options("olog", 1, !$rule->{'olog'}),"
",&ui_checkbox("tag", 1, $text{'edit_tag'}, $rule->{'tag'}, &js_checkbox_disable("tag", [ ], [ "tagid" ], "onClick")),"	",&ui_textbox("tagid", $rule->{'tag'}, 10, !$rule->{'tag'}), "
",&ui_checkbox("dup_to", 1, $text{'edit_dupto'}, $rule->{'dup-to'}, &js_checkbox_disable("dup_to", [ ], [ "dup_toiface", "dup_toiface_other", "dup_toip" ], "onClick")),"	",&interface_choice("dup_toiface", $iface, 1, !$rule->{'dup-to'}),"\n"; print "$text{'edit_duptoip'}\n"; print &ui_textbox("dup_toip", $ip, 13, !$rule->{'dup-to'})," $text{'edit_opt'}
",&ui_checkbox("fastroute", 1, $text{'edit_fastroute'}, $rule->{'fastroute'}, &js_checkbox_disable("fastroute", [ ], [ "fastrouteiface", "fastrouteiface_other", "fastrouteip" ], "onClick")),"	",&interface_choice("fastrouteiface", $rule->{'fastroute'}, 1, !$rule->{'fastroute'}),"\n"; print "$text{'edit_fastrouteip'}\n"; print &ui_textbox("fastrouteip", $rule->{'fastroute-ip'}, 13, !$rule->{'fastroute'})," $text{'edit_opt'}
",&ui_checkbox("reply_to", 1, $text{'edit_replyto'}, $rule->{'reply-to'}, &js_checkbox_disable("reply_to", [ ], [ "reply_toiface", "reply_toiface_other", "reply_toip" ], "onClick")),"	",&interface_choice("reply_toiface", $rule->{'reply-to'}, 1, !$rule->{'reply-to'}),"\n"; print "$text{'edit_fastrouteip'}\n"; print &ui_textbox("reply_toip", $rule->{'reply-to-ip'}, 13, !$rule->{'reply-to'})," $text{'edit_opt'}
",&ui_checkbox("keep", 1, $text{'edit_keep'}, $rule->{'keep'}, &js_checkbox_disable("keep", [ ] , [ "keepmode" ], "onClick")),"	",&ui_select("keepmode", $rule->{'keep'} \|\| "state", [ [ "state", $text{'edit_keepstate'} ], [ "frags", $text{'edit_keepfrags'} ] ], 1, 0, 0, !$rule->{'keep'}),"