webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 19:23:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Forward Firewall: added P2P Block Option

Browse Source
This commit is contained in:
Alexander Marx
2013-01-15 12:31:09 +01:00
committed by Michael Tremer
parent bc32972572
commit 36196d0d64
2 changed files with 100 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
config/forwardfw/rules.pl
View File

@@ -24,7 +24,6 @@
# This script builds firewallrules from the webinterface # # This script builds firewallrules from the webinterface #
############################################################################### ###############################################################################
use strict; use strict;
no warnings 'uninitialized'; no warnings 'uninitialized';
@@ -45,12 +44,14 @@ my @timeframe=();
my %configinputfw=(); my %configinputfw=();
my %aliases=(); my %aliases=();
my @DPROT=(); my @DPROT=();
my @p2ps=();
require '/var/ipfire/general-functions.pl'; require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl"; require "${General::swroot}/lang.pl";
require "${General::swroot}/forward/bin/firewall-lib.pl"; require "${General::swroot}/forward/bin/firewall-lib.pl";
my $configfwdfw = "${General::swroot}/forward/config"; my $configfwdfw = "${General::swroot}/forward/config";
my $configinput = "${General::swroot}/forward/input"; my $configinput = "${General::swroot}/forward/input";
my $p2pfile = "${General::swroot}/forward/p2protocols";
my $configgrp = "${General::swroot}/fwhosts/customgroups"; my $configgrp = "${General::swroot}/fwhosts/customgroups";
my $errormessage=''; my $errormessage='';
my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT); my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT);
@@ -106,6 +107,7 @@ sub preparerules
{ {
if (! -z "${General::swroot}/forward/config"){ if (! -z "${General::swroot}/forward/config"){
&buildrules(\%configfwdfw); &buildrules(\%configfwdfw);
&p2pblock;
} }
if (! -z "${General::swroot}/forward/input"){ if (! -z "${General::swroot}/forward/input"){
&buildrules(\%configinputfw); &buildrules(\%configinputfw);
@@ -163,7 +165,6 @@ sub buildrules
if ($DPROT eq ''){$DPROT=' ';} if ($DPROT eq ''){$DPROT=' ';}
@DPROT=split(",",$DPROT); @DPROT=split(",",$DPROT);
#get time if defined #get time if defined
if($$hash{$key}[18] eq 'ON'){ if($$hash{$key}[18] eq 'ON'){
if($$hash{$key}[19] ne ''){push (@timeframe,"Mon");} if($$hash{$key}[19] ne ''){push (@timeframe,"Mon");}
@@ -178,7 +179,6 @@ sub buildrules
$TIMETILL="--timestop $$hash{$key}[27] "; $TIMETILL="--timestop $$hash{$key}[27] ";
$TIME="-m time --weekdays $TIME $TIMEFROM $TIMETILL"; $TIME="-m time --weekdays $TIME $TIMEFROM $TIMETILL";
} }
if ($MODE eq '1'){ if ($MODE eq '1'){
print "NR:$key "; print "NR:$key ";
foreach my $i (0 .. $#{$$hash{$key}}){ foreach my $i (0 .. $#{$$hash{$key}}){
@@ -235,6 +235,39 @@ sub buildrules
undef $TIMETILL; undef $TIMETILL;
} }
} }
sub p2pblock
{
my $P2PSTRING;
my $DO;
open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
@p2ps = <FILE>;
close FILE;
my $CMD = "-m ipp2p";
foreach my $p2pentry (sort @p2ps) {
my @p2pline = split( /\;/, $p2pentry );
if ( $fwdfwsettings{'POLICY'} eq 'MODE2' ) {
$DO = "DROP";
if ("$p2pline[2]" eq "off") {
$P2PSTRING = "$P2PSTRING --$p2pline[1]";
}
} else {
$DO = "RETURN";
if ("$p2pline[2]" eq "on") {
$P2PSTRING = "$P2PSTRING --$p2pline[1]";
}
}
}
if ($MODE eq 1){
if($P2PSTRING){
print"/sbin/iptables -A FORWARDFW $CMD $P2PSTRING -j $DO\n";
}
}else{
if($P2PSTRING){
system("/sbin/iptables -A FORWARDFW $CMD $P2PSTRING -j $DO");
}
}
}
sub get_address sub get_address
{ {
my $base=shift; #source of checking ($configfwdfw{$key}[x] or groupkey my $base=shift; #source of checking ($configfwdfw{$key}[x] or groupkey
@@ -336,8 +369,6 @@ sub get_port
elsif($prot eq 'ICMP'){ elsif($prot eq 'ICMP'){
return &fwlib::get_srvgrp_port($$hash{$key}[15],$prot); return &fwlib::get_srvgrp_port($$hash{$key}[15],$prot);
} }
} }
} }
} }

74
html/cgi-bin/forwardfw.cgi
View File

@@ -68,6 +68,7 @@ my %icmptypes=();
my %ovpnsettings=(); my %ovpnsettings=();
my %ipsecsettings=(); my %ipsecsettings=();
my %aliases=(); my %aliases=();
my @p2ps = ();
my $color; my $color;
my $confignet = "${General::swroot}/fwhosts/customnetworks"; my $confignet = "${General::swroot}/fwhosts/customnetworks";
my $confighost = "${General::swroot}/fwhosts/customhosts"; my $confighost = "${General::swroot}/fwhosts/customhosts";
@@ -81,7 +82,7 @@ my $configipsecrw = "${General::swroot}/vpn/settings";
my $configfwdfw = "${General::swroot}/forward/config"; my $configfwdfw = "${General::swroot}/forward/config";
my $configinput = "${General::swroot}/forward/input"; my $configinput = "${General::swroot}/forward/input";
my $configovpn = "${General::swroot}/ovpn/settings"; my $configovpn = "${General::swroot}/ovpn/settings";
my $p2pfile = "${General::swroot}/forward/p2protocols";
my $errormessage=''; my $errormessage='';
my $hint=''; my $hint='';
my $ipgrp="${General::swroot}/outgoing/groups"; my $ipgrp="${General::swroot}/outgoing/groups";
@@ -345,6 +346,29 @@ if ($fwdfwsettings{'ACTION'} eq 'copyrule')
#$fwdfwsettings{'updatefwrule'}='on'; #$fwdfwsettings{'updatefwrule'}='on';
&newrule; &newrule;
} }
if ($fwdfwsettings{'ACTION'} eq 'togglep2p')
{
#$errormessage="Toggle $fwdfwsettings{'P2PROT'}<br>";
open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
@p2ps = <FILE>;
close FILE;
open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile";
foreach my $p2pentry (sort @p2ps)
{
my @p2pline = split( /\;/, $p2pentry );
if ($p2pline[1] eq $fwdfwsettings{'P2PROT'}) {
if($p2pline[2] eq 'on'){
$p2pline[2]='off';
}else{
$p2pline[2]='on';
}
}
print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
}
close FILE;
&rules;
&base;
}
if ($fwdfwsettings{'ACTION'} eq '') if ($fwdfwsettings{'ACTION'} eq '')
{ {
&base; &base;
@@ -481,6 +505,9 @@ sub base
#print"<td bgcolor='$color{$i}'>$_</td>"; #print"<td bgcolor='$color{$i}'>$_</td>";
#} #}
#print"</tr></table>"; #print"</tr></table>";
if ($fwdfwsettings{'POLICY'} eq 'MODE1' || $fwdfwsettings{'POLICY'} eq 'MODE2' ) {
&p2pblock;
}
&Header::openbox('100%', 'center', 'Policy'); &Header::openbox('100%', 'center', 'Policy');
print <<END; print <<END;
<form method='post' action='$ENV{'SCRIPT_NAME'}'> <form method='post' action='$ENV{'SCRIPT_NAME'}'>
@@ -490,13 +517,13 @@ print <<END;
<tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 2:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode2'}</td></tr> <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 2:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode2'}</td></tr>
<tr><td colspan='3'><hr /></td></tr> <tr><td colspan='3'><hr /></td></tr>
<tr><td width='10%' align='left'> <select name='POLICY' style="width: 85px"><option value='MODE0' $selected{'POLICY'}{'MODE0'}>$Lang::tr{'mode'} 0</option><option value='MODE1' $selected{'POLICY'}{'MODE1'}>$Lang::tr{'mode'} 1</option><option value='MODE2' $selected{'POLICY'}{'MODE2'}>$Lang::tr{'mode'} 2</option></select> <tr><td width='10%' align='left'> <select name='POLICY' style="width: 85px"><option value='MODE0' $selected{'POLICY'}{'MODE0'}>$Lang::tr{'mode'} 0</option><option value='MODE1' $selected{'POLICY'}{'MODE1'}>$Lang::tr{'mode'} 1</option><option value='MODE2' $selected{'POLICY'}{'MODE2'}>$Lang::tr{'mode'} 2</option></select>
<td width='45%' align='left'><input type='submit' name='ACTION' value=$Lang::tr{'save'} /> <td width='45%' align='left'><input type='submit' name='ACTION' value=$Lang::tr{'save'} />
<td width='45%' align='left'> <td width='45%' align='left'>
END END
if ($fwdfwsettings{'POLICY'} ne 'MODE0'&& $fwdfwsettings{'POLICY'} ne '' ) { if ($fwdfwsettings{'POLICY'} ne 'MODE0'&& $fwdfwsettings{'POLICY'} ne '' ) {
print "$Lang::tr{'outgoing firewall reset'}: <input type='submit' name='ACTION' value='$Lang::tr{'reset'}' />"; print "$Lang::tr{'outgoing firewall reset'}: <input type='submit' name='ACTION' value='$Lang::tr{'reset'}' />";
} }
print "</table></form>"; print "</table></form>";
&Header::closebox(); &Header::closebox();
} }
sub addrule sub addrule
@@ -564,7 +591,7 @@ sub disable_rule
sub checksource sub checksource
{ {
my ($ip,$subnet); my ($ip,$subnet);
#check ip-address if manual #check ip-address if manual
if ($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} ne ''){ if ($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} ne ''){
#check if ip with subnet #check if ip with subnet
@@ -579,7 +606,7 @@ sub checksource
$subnet = '32'; $subnet = '32';
$fwdfwsettings{'isip'}='on'; $fwdfwsettings{'isip'}='on';
} }
if ($fwdfwsettings{'isip'} ne 'on'){ if ($fwdfwsettings{'isip'} ne 'on'){
if (&General::validmac($fwdfwsettings{'src_addr'})){$fwdfwsettings{'ismac'}='on';} if (&General::validmac($fwdfwsettings{'src_addr'})){$fwdfwsettings{'ismac'}='on';}
} }
@@ -594,7 +621,7 @@ sub checksource
$errormessage=$Lang::tr{'fwhost err hostip'}."<br>"; $errormessage=$Lang::tr{'fwhost err hostip'}."<br>";
} }
$fwdfwsettings{'src_addr'}="$ip/$subnet"; $fwdfwsettings{'src_addr'}="$ip/$subnet";
if(!&General::validipandmask($fwdfwsettings{'src_addr'})){ if(!&General::validipandmask($fwdfwsettings{'src_addr'})){
$errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>"; $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
} }
@@ -671,7 +698,7 @@ sub checktarget
#check and form valid IP #check and form valid IP
$ip=&General::ip2dec($ip); $ip=&General::ip2dec($ip);
$ip=&General::dec2ip($ip); $ip=&General::dec2ip($ip);
#check if net or broadcast #check if net or broadcast
my @tmp= split (/\./,$ip); my @tmp= split (/\./,$ip);
if (($tmp[3] eq "0") || ($tmp[3] eq "255")) if (($tmp[3] eq "0") || ($tmp[3] eq "255"))
@@ -994,11 +1021,9 @@ END
} }
print"</select></td></tr></table><hr>"; print"</select></td></tr></table><hr>";
&Header::closebox(); &Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'}); &Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'});
#------SOURCE------------------------------------------------------- #------SOURCE-------------------------------------------------------
print<<END; print<<END;
<table width='100%' border='0'> <table width='100%' border='0'>
@@ -1806,6 +1831,35 @@ END
&Header::closebox(); &Header::closebox();
} }
} }
sub p2pblock
{
my $gif;
open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
@p2ps = <FILE>;
close FILE;
&Header::openbox('100%', 'center', 'P2P-Block');
print <<END;
<table width='40%' border='0'>
<tr bgcolor='$color{'color22'}'><td align=center colspan='2' width='30%'><b>$Lang::tr{'protocol'}</b><td width='10%' align=center><b>$Lang::tr{'status'}</b>
END
foreach my $p2pentry (sort @p2ps)
{
my @p2pline = split( /\;/, $p2pentry );
if($p2pline[2] eq 'on'){
$gif="/images/on.gif"
}else{
$gif="/images/off.gif"
}
print <<END;
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<tr bgcolor='$color{'color20'}'>
<td width='66%' align='center' colspan='2'>$p2pline[0]:</td><td width='33%' align='center'><input type='hidden' name='P2PROT' value='$p2pline[1]' /><input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' ><input type='hidden' name='ACTION' value='togglep2p'></td></tr></form>
END
}
print"<tr><td width='10%'><input type='image' img src='/images/on.gif'></td><td>$Lang::tr{'outgoing firewall p2p deny'}</td><td></td></tr>";
print"<tr><td width='10%'><input type='image' img src='/images/off.gif'></td><td>$Lang::tr{'outgoing firewall p2p allow'}</td><td></td></tr></table>";
&Header::closebox();
}
sub fillselect sub fillselect
{ {
my %hash=%{(shift)}; my %hash=%{(shift)};