+++ /dev/null
-#!/usr/bin/webif-page
-<?
-. /usr/lib/webif/webif.sh
-
-mkdir -p /tmp/.webif
-exists /tmp/.webif/file-firewall && FW_FILE=/tmp/.webif/file-firewall || FW_FILE=/etc/config/firewall
-exists "$FW_FILE" || touch "$FW_FILE" >&- 2>&-
-FW_FILE_NEW="/tmp/.webif/file-firewall-new"
-
-empty "$FORM_cancel" || {
- empty "$FORM_delete_on_cancel" || {
- awk \
- -f - "$FW_FILE" > "$FW_FILE_NEW" <<EOF
-BEGIN {
- first=1
-}
-{
- if (first != 1) print old
- old = \$0
- first = 0
-}
-EOF
- mv "$FW_FILE_NEW" "$FW_FILE"
- }
- FORM_save=""
- FORM_edit=""
- FORM_cancel=""
-}
-
-empty "$FORM_save" || {
- SAVED=1
- case "$FORM_proto" in
- tcp|udp|"") proto_valid=1;;
- *) proto_valid=invalid;;
- esac
- validate <<EOF
-int|proto_valid|@TR<<Protocol>>||$proto_valid
-string|FORM_target|@TR<<Target>>|required|$FORM_target
-string|FORM_proto|@TR<<Protocol>>||$FORM_proto
-ip|FORM_src|@TR<<Source IP>>||$FORM_src
-ip|FORM_dest|@TR<<Destination IP>>||$FORM_dest
-ports|FORM_sport|@TR<<Source Ports>>||$FORM_sport
-ports|FORM_dport|@TR<<Destination Ports>>||$FORM_dport
-ip|FORM_target_ip|@TR<<Forward to>>||$FORM_target_ip
-port|FORM_target_port|@TR<<Port>>||$FORM_target_port
-EOF
- equal "$?" 0 || {
- unset FORM_save
- }
- equal "$FORM_target" "forward" && empty "$FORM_target_ip$FORM_target_port" && {
- ERROR="${ERROR}@TR<<No_Target_IP_Port|Target IP and Port cannot both be empty>><br />"
- FORM_save=""
- }
-}
-
-empty "$FORM_up$FORM_down$FORM_save$FORM_delete$FORM_new" || {
- empty "$FORM_up" || equal "$FORM_up" 1 || {
- FORM_down="$(($FORM_up - 1))"
- }
- awk \
- -v down="$FORM_down" \
- -v save="$FORM_save" \
- -v del="$FORM_delete" \
- -v edit="$FORM_edit" \
- -v proto="$FORM_proto" \
- -v src="$FORM_src" \
- -v sport="$FORM_sport" \
- -v dest="$FORM_dest" \
- -v dport="$FORM_dport" \
- -v layer7="$FORM_layer7" \
- -v target="$FORM_target" \
- -v target_ip="$FORM_target_ip" \
- -v target_port="$FORM_target_port" \
- -v new="$FORM_new" \
- -v new_target="$FORM_new_target" \
- -f - "$FW_FILE" > "$FW_FILE_NEW" <<EOF
-BEGIN {
- FS=":"
-}
-
-function addnew(new) {
- new = target ":";
- if (proto != "") new = new "proto=" proto " "
- if (src != "") new = new "src=" src " "
- if (dest != "") new = new "dest=" dest " "
- if (sport != "") new = new "sport=" sport " "
- if (dport != "") new = new "dport=" dport " "
- if (layer7 != "") new = new "layer7=" layer7 " "
- gsub(/ $/, "", new);
- if (target == "forward") {
- new = new ":" target_ip
- if (target_port != "") new = new ":" target_port
- }
- print new
-}
-
-(\$1 == "drop") || (\$1 == "accept") || (\$1 == "forward" ) {
- n++
- if (noprint == 1) {
- noprint = 0
- }
- if (down == n) {
- line_down = \$0
- noprint = 1
- }
- if (del == n) {
- noprint = 1
- }
- if (edit == n) {
- if ((target == "forward") && (target == \$1)) {
- noprint = 1
- }
- if ((\$1 != "forward") && ((target == "accept") || (target == "drop"))) {
- noprint = 1
- }
- if (noprint == 1) {
- addnew()
- }
- }
-}
-
-{
- if ((\$1 == "drop") || (\$1 == "accept") || (\$1 == "forward" )) {
- if (noprint != 1) print \$0
- } else {
- print \$0
- }
-}
-
-(line_down != "") && (n > down) {
- print line_down
- line_down = ""
-}
-
-END {
- if (line_down != "") print line_down
- if (new_target == "forward") new_target = new_target "::192.168.1.1"
- if ((new != "") && (new_target != "")) print new_target
-}
-EOF
- FW_FILE=/tmp/.webif/file-firewall
- mv "$FW_FILE_NEW" "$FW_FILE"
- empty "$FORM_new" && FORM_edit=""
-}
-
-header "Network" "Firewall" "@TR<<Firewall Configuration>>" ''
-
-?>
-<style>
-td.edit_title {
- font-weight: bold;
- text-align: right;
- padding-top: 0.8em;
- padding-right: 0.5em;
- padding-bottom: auto;
-}
-td.match_title {
- width: 10em;
- text-align: right;
- padding-top: 0.8em;
- padding-right: 0.5em;
- padding-bottom: auto;
-}
-</style>
-<?
-
-awk \
- -v edit="$FORM_edit" \
- -v save="$FORM_save" \
- -v proto="$FORM_proto" \
- -v src="$FORM_src" \
- -v sport="$FORM_sport" \
- -v dest="$FORM_dest" \
- -v dport="$FORM_dport" \
- -v layer7="$FORM_layer7" \
- -v target="$FORM_target" \
- -v target_ip="$FORM_target_ip" \
- -v target_port="$FORM_target_port" \
- -v del_proto="$FORM_del_proto" \
- -v del_src="$FORM_del_src" \
- -v del_sport="$FORM_del_sport" \
- -v del_dest="$FORM_del_dest" \
- -v del_dport="$FORM_del_dport" \
- -v del_layer7="$FORM_del_layer7" \
- -v data_submit="$FORM_data_submit" \
- -v new_match="$FORM_new_match" \
- -v delete_on_cancel="$FORM_delete_on_cancel" \
- -f /usr/lib/webif/common.awk \
- -f /usr/lib/common.awk \
- -f - "$FW_FILE" <<EOF
-function set_data() {
- _l["proto"] = proto
- _l["src"] = src
- _l["sport"] = sport
- _l["dest"] = dest
- _l["dport"] = dport
- _l["layer7"] = layer7
-
- if (del_proto != "") _l["proto"] = ""
- if (del_src != "") _l["src"] = ""
- if (del_sport != "") _l["sport"] = ""
- if (del_dest != "") _l["dest"] = ""
- if (del_dport != "") _l["dport"] = ""
- if (del_layer7 != "") _l["layer7"] = ""
-}
-function iptstr2web(str, ret) {
- ret = ""
- str2data(str);
- if (_l["proto"] != "") ret = ret "@TR<<Protocol>>: " _l["proto"] "<br />"
- if (_l["src"] != "") ret = ret "@TR<<Source IP>>: " _l["src"] "<br />"
- if (_l["sport"] != "") ret = ret "@TR<<Source Ports>>: " _l["sport"] "<br />"
- if (_l["dest"] != "") ret = ret "@TR<<Destination IP>>: " _l["dest"] "<br />"
- if (_l["dport"] != "") ret = ret "@TR<<Destination Ports>>: " _l["dport"] "<br />"
-# if (_l["layer7"] != "") ret = ret "@TR<<Application Protocol>>: " _l["layer7"] "<br />"
- if (ret == "") ret = ret "@TR<<Everything>>"
- return ret
-}
-function delbutton(name) {
- return button("del_" name, "Delete")
-}
-function input_line(caption, name, value) {
- return "<tr><td class=\\"match_title\\">@TR<<" caption ">>: </td><td>" textinput(name, value) delbutton(name) "</td></tr>"
-}
-function iptstr2edit(str, edit) {
- edit = ""
- str2data(str);
- if (int(data_submit) == 1) set_data()
- if (new_match == "proto") _l["proto"] = "tcp"
- if ((new_match == "src") || (new_match == "dest")) _l[new_match] = "0.0.0.0"
- if ((new_match == "sport") || (new_match == "dport")) _l[new_match] = "0"
- if ((new_match != "") && (_l[new_match] == "")) _l[new_match] = " "
-
- if (_l["proto"] != "") {
- edit = edit "<tr><td class=\\"match_title\\">@TR<<Protocol>>: </td><td>"
- edit = edit "<select name=\\"proto\\">"
- edit = edit sel_option("tcp", "TCP", _l["proto"])
- edit = edit sel_option("udp", "UDP", _l["proto"])
- edit = edit "</select>" delbutton("proto")
- edit = edit "</td></tr>"
- }
- if (_l["src"] != "") edit = edit input_line("Source IP", "src", _l["src"])
- if (_l["sport"] != "") edit = edit input_line("Source Ports", "sport", _l["sport"])
- if (_l["dest"] != "") edit = edit input_line("Destination IP", "dest", _l["dest"])
- if (_l["dport"] != "") edit = edit input_line("Destination Ports", "dport", _l["dport"])
- if (_l["layer7"] != "") edit = edit input_line("Application Protocol", "layer7", _l["layer7"])
-
- edit = edit "<tr><td class=\\"match_title\\"> </td><td><select name=\\"new_match\\">"
- edit = edit sel_option("none", "---")
- if (_l["proto"] == "") edit = edit sel_option("proto", "Protocol")
- if (_l["src"] == "") edit = edit sel_option("src", "Source IP")
- if (_l["dest"] == "") edit = edit sel_option("dest", "Destination IP")
- if ((_l["proto"] == "tcp") || (_l["proto"] == "udp") || (_l["proto"] == "")) {
- if (_l["sport"] == "") edit = edit sel_option("sport", "Source Ports")
- if (_l["dport"] == "") edit = edit sel_option("dport", "Destination Ports")
-# if (_l["layer7"] == "") edit = edit sel_option("layer7", "Application Protocol")
- }
- edit = edit "</select>"
- edit = edit button("add_match", "Add") "</td></tr>"
-
- return edit
-}
-
-BEGIN {
- print start_form("@TR<<Firewall Rules>>");
- print "<table width=\\"100%\\">"
- print "<tr><th>@TR<<Match>></th><th>@TR<<Target>></th><th>@TR<<Port>></th><th> </th></tr>"
- FS=":"
- n = 0
-}
-
-(\$1 == "drop") || (\$1 == "accept") || (\$1 == "forward" ) {
- n++
- print "<tr><td colspan=\\"5\\"><hr class=\\"separator\\" /></td></tr>"
- if (n == edit) {
- print "<form enctype=\\"multipart/form-data\\" method=\\"post\\" action=\\"$SCRIPT_NAME\\">"
- print hidden("data_submit", "1") hidden("edit", edit)
- print "<tr><td colspan=\\"5\\">"
- print "<table width=\\"100%\\">"
- print iptstr2edit(\$2)
- print "<tr><td><hr class=\\"separator\\" /></td><td> </td></tr>"
- } else {
- printf "<tr><td>" iptstr2web(\$2) "</td>"
- }
-}
-
-(\$1 == "drop") || (\$1 == "accept") {
- if (n == edit) {
- if (int(data_submit) == 1) \$1 = target
- printf "<tr>"
- printf "<td class=\\"edit_title\\">@TR<<Target>>:</td><td>"
- printf "<select name=\\"target\\">"
- printf sel_option("accept", "Accept", \$1)
- printf sel_option("drop", "Drop", \$1)
- printf "</td>"
- printf "</tr>"
- } else {
- printf "<td colspan=\\"2\\">" \$1 "</td>"
- }
-}
-
-\$1 == "forward" {
- if (n == edit) {
- if (target_ip == "") target_ip = \$3
- if (target_port == "") target_port = \$4
- print "<tr><td class=\\"edit_title\\">@TR<<Forward to>>:</b></td><td>" textinput("target_ip", target_ip) hidden("target", "forward") "</td></tr>"
- print "<tr><td class=\\"edit_title\\">@TR<<Port>>:</b></td><td>" textinput("target_port", target_port) "</td></tr>"
- } else {
- if (\$3 \$4 == "") \$3 = "forward"
- printf "<td>" \$3 "</td><td>" \$4 "</td>"
- }
-}
-
-(\$1 == "drop") || (\$1 == "accept") || (\$1 == "forward" ) {
- if (n == edit) {
- printf "<tr><td> </td><td>" button("save", "Save")
- if( delete_on_cancel != "" ) print hidden("delete_on_cancel", 1);
- print button("cancel", "Cancel")
- print "</td></tr>"
- print "</table>"
- print "</td></tr>"
- print "</form>"
- } else {
- printf "<td style=\\"text-align: right; padding-right: 0.5em\\">"
- printf "<a href=\\"$SCRIPT_NAME?up=" n "\\">@TR<<Up>></a><br />"
- printf "<a href=\\"$SCRIPT_NAME?down=" n "\\">@TR<<Down>></a>"
- printf "</td><td>"
- printf "<a href=\\"$SCRIPT_NAME?edit=" n "\\">@TR<<Edit>></a><br />"
- printf "<a href=\\"$SCRIPT_NAME?delete=" n "\\">@TR<<Delete>></a>"
- print "</td></tr>"
- }
-}
-
-END {
- print "<tr><td colspan=\\"5\\"><hr class=\\"separator\\" /></td></tr>"
- print "<tr><td class=\\"edit_title\\">@TR<<New Rule>>: </td><td colspan=\\"4\\">"
- print "<form method=\\"POST\\" action=\\"$SCRIPT_NAME\\" enctype=\\"multipart/form-data\\">"
- print hidden("edit", n + 1);
- print hidden("delete_on_cancel", 1);
- print "<select name=\\"new_target\\">"
- print sel_option("forward", "Forward")
- print sel_option("accept", "Accept")
- print sel_option("drop", "Drop")
- print "</select>" button("new", "Add") "</form></td></tr>"
- print "</table>"
- print end_form("...");
-}
-EOF
-
-footer ?>
-<!--
-##WEBIF:name:Network:9:Firewall
--->
projects / openwrt / svn-archive / archive.git / commitdiff