Added hosting mode setup option

author Jamie Cameron <jcameron@webmin.com>

Fri, 22 Jun 2007 17:59:01 +0000 (17:59 +0000)

committer Jamie Cameron <jcameron@webmin.com>

Fri, 22 Jun 2007 17:59:01 +0000 (17:59 +0000)
author Jamie Cameron <jcameron@webmin.com>
Fri, 22 Jun 2007 17:59:01 +0000 (17:59 +0000)
committer Jamie Cameron <jcameron@webmin.com>
Fri, 22 Jun 2007 17:59:01 +0000 (17:59 +0000)
diff --git a/firewall/CHANGELOG b/firewall/CHANGELOG

index bceef8a..b5901c9 100644 (file)
--- a/firewall/CHANGELOG
+++ b/firewall/CHANGELOG
@@ -15,3 +15,5 @@ Added a Module Config option to have rule comments stored used the --comment IPt
  The ICMP rejection type is now settable in all valid chains.
  ---- Changes since 1.290 ----
  On Debian 3.1 systems, IPtables rules are saved in /etc/iptables.up.rules and activated through /etc/network/interfaces, rather than using an init.d script.
+---- Changes since 1.350 ----
+Added a setup option to configure a firewall for a typical hosting server.
diff --git a/firewall/index.cgi b/firewall/index.cgi

index ab3dbba..799539e 100755 (executable)
--- a/firewall/index.cgi
+++ b/firewall/index.cgi
@@ -91,7 +91,7 @@ if (!$config{'direct'} &&
                 print "<center><table><tr><td>\n";
                 print "<input type=radio name=auto value=0 checked> ",
                       "$text{'index_auto0'}<p>\n";
-               foreach $a (1 .. 4) {
+               foreach $a (1 .. 5) {
                         print "<input type=radio name=auto value=$a> ",
                               "$text{'index_auto'.$a} ",
                               &interface_choice("iface".$a),"<p>\n";
diff --git a/firewall/lang/en b/firewall/lang/en

index a72f82a..9ce4482 100644 (file)
--- a/firewall/lang/en
+++ b/firewall/lang/en
@@ -59,6 +59,7 @@ index_auto1=Do network address translation on external interface:
  index_auto2=Block all incoming connections on external interface:
  index_auto3=Block all except SSH and IDENT on external interface:
  index_auto4=Block all except SSH, IDENT, ping and high ports on interface:
+index_auto5=Block all except ports used for virtual hosting, on interface:
  index_auto=Setup Firewall
  index_add=Add
  index_shorewall=Warning! It appears that Shorewall is being used to generate your system's firewall. Maybe you should use the <a href='$1'>Shorewall Firewall module</a> instead.
diff --git a/firewall/setup.cgi b/firewall/setup.cgi

index 9f01c67..7ee3823 100755 (executable)
--- a/firewall/setup.cgi
+++ b/firewall/setup.cgi
@@ -126,15 +126,19 @@ if ($in{'auto'}) {
                                'cmt' => 'Allow connections to our IDENT server'}
                                 );
                         }
-               if ($in{'auto'} == 4) {
-                       # Allow pings and most high ports
+               if ($in{'auto'} >= 4) {
+                       # Allow pings
                         push(@{$table->{'rules'}},
                              { 'chain' => 'INPUT',
                                'm' => [ [ "", "icmp" ] ],
                                'p' => [ [ "", "icmp" ] ],
                                'icmp-type' => [ "", "echo-request" ],
                                'j' => [ "", 'ACCEPT' ],
-                              'cmt' => 'Respond to pings' },
+                              'cmt' => 'Respond to pings' }, );
+                       }
+               if ($in{'auto'} == 4) {
+                       # Allow pings and most high ports
+                       push(@{$table->{'rules'}},
                              { 'chain' => 'INPUT',
                                'm' => [ [ "", "tcp" ] ],
                                'p' => [ "", "tcp" ],
@@ -161,6 +165,59 @@ if ($in{'auto'}) {
                                'cmt' => 'Allow connections to unprivileged ports' },
                                 );
                         }
+               if ($in{'auto'} == 5) {
+                       # Allow typical hosting server ports
+                       push(@{$table->{'rules'}},
+                            { 'chain' => 'INPUT',
+                              'm' => [ [ "", "tcp" ] ],
+                              'p' => [ "", "tcp" ],
+                              'dport' => [ "", "80" ],
+                              'j' => [ "", 'ACCEPT' ],
+                              'cmt' => 'Allow connections to webserver' },
+                            { 'chain' => 'INPUT',
+                              'm' => [ [ "", "tcp" ] ],
+                              'p' => [ "", "tcp" ],
+                              'dport' => [ "", "443" ],
+                              'j' => [ "", 'ACCEPT' ],
+                              'cmt' => 'Allow SSL connections to webserver' },
+                            { 'chain' => 'INPUT',
+                              'm' => [ [ "", "tcp" ] ],
+                              'p' => [ "", "tcp" ],
+                              'dport' => [ "", "25" ],
+                              'j' => [ "", 'ACCEPT' ],
+                              'cmt' => 'Allow connections to mail server' },
+                            { 'chain' => 'INPUT',
+                              'm' => [ [ "", "tcp" ] ],
+                              'p' => [ "", "tcp" ],
+                              'dport' => [ "", "20:21" ],
+                              'j' => [ "", 'ACCEPT' ],
+                              'cmt' => 'Allow connections to FTP server' },
+                            { 'chain' => 'INPUT',
+                              'm' => [ [ "", "tcp" ] ],
+                              'p' => [ "", "tcp" ],
+                              'dport' => [ "", "110" ],
+                              'j' => [ "", 'ACCEPT' ],
+                              'cmt' => 'Allow connections to POP3 server' },
+                            { 'chain' => 'INPUT',
+                              'm' => [ [ "", "tcp" ] ],
+                              'p' => [ "", "tcp" ],
+                              'dport' => [ "", "143" ],
+                              'j' => [ "", 'ACCEPT' ],
+                              'cmt' => 'Allow connections to IMAP server' },
+                            { 'chain' => 'INPUT',
+                              'm' => [ [ "", "tcp" ] ],
+                              'p' => [ "", "tcp" ],
+                              'dport' => [ "", "10000:10010" ],
+                              'j' => [ "", 'ACCEPT' ],
+                              'cmt' => 'Allow connections to Webmin' },
+                            { 'chain' => 'INPUT',
+                              'm' => [ [ "", "tcp" ] ],
+                              'p' => [ "", "tcp" ],
+                              'dport' => [ "", "20000" ],
+                              'j' => [ "", 'ACCEPT' ],
+                              'cmt' => 'Allow connections to Usermin' },
+                               );
+                       }
                 }
         &run_before_command();
         &save_table($table);
author	Jamie Cameron <jcameron@webmin.com>
	Fri, 22 Jun 2007 17:59:01 +0000 (17:59 +0000)
committer	Jamie Cameron <jcameron@webmin.com>
	Fri, 22 Jun 2007 17:59:01 +0000 (17:59 +0000)
firewall/CHANGELOG		patch \| blob \| history
firewall/index.cgi		patch \| blob \| history
firewall/lang/en		patch \| blob \| history
firewall/setup.cgi		patch \| blob \| history