| 1 |
filippocarletti |
1.1 |
diff -Naur e-smith-portforwarding-2.2.0-old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding e-smith-portforwarding-2.2.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding |
| 2 |
|
|
--- e-smith-portforwarding-2.2.0-old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding 2008-10-07 19:36:51.000000000 +0200 |
| 3 |
|
|
+++ e-smith-portforwarding-2.2.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding 2009-10-19 19:21:16.000000000 +0200 |
| 4 |
|
|
@@ -85,6 +85,14 @@ |
| 5 |
|
|
<base>LABEL_DESTINATION_HOST</base> |
| 6 |
|
|
<trans>Destination Host IP Address</trans> |
| 7 |
|
|
</entry> |
| 8 |
|
|
+ <base>LABEL_RULE_COMMENT</base> |
| 9 |
|
|
+ <trans>Rule Comment</trans> |
| 10 |
|
|
+ </entry> |
| 11 |
|
|
+ <entry> |
| 12 |
|
|
+ <base>LABEL_ALLOW_HOSTS</base> |
| 13 |
|
|
+ <trans>Allow Hosts</trans> |
| 14 |
|
|
+ </entry> |
| 15 |
|
|
+ <entry> |
| 16 |
|
|
<entry> |
| 17 |
|
|
<base>Port forwarding</base> |
| 18 |
|
|
<trans>Port forwarding</trans> |
| 19 |
|
|
@@ -96,6 +104,14 @@ |
| 20 |
|
|
</trans> |
| 21 |
|
|
</entry> |
| 22 |
|
|
<entry> |
| 23 |
|
|
+ <base>RULE_COMMENT</base> |
| 24 |
|
|
+ <trans>Rule Comment</trans> |
| 25 |
|
|
+ </entry> |
| 26 |
|
|
+ <entry> |
| 27 |
|
|
+ <base>ALLOW_HOSTS</base> |
| 28 |
|
|
+ <trans>Allow Hosts</trans> |
| 29 |
|
|
+ </entry> |
| 30 |
|
|
+ <entry> |
| 31 |
|
|
<base>ERR_NO_MASQ_RECORD</base> |
| 32 |
|
|
<trans>Cannot retrieve masq record from the configuration |
| 33 |
|
|
database.</trans> |
| 34 |
|
|
@@ -136,6 +152,13 @@ |
| 35 |
|
|
</trans> |
| 36 |
|
|
</entry> |
| 37 |
|
|
<entry> |
| 38 |
|
|
+ <base>ERR_BADAHOST</base> |
| 39 |
|
|
+ <trans> |
| 40 |
|
|
+ This does not appear to be a valid IP address list. |
| 41 |
|
|
+ ie: 192.168.0.1,192.168.1.1/24 |
| 42 |
|
|
+ </trans> |
| 43 |
|
|
+ </entry> |
| 44 |
|
|
+ <entry> |
| 45 |
|
|
<base>IN_SERVERONLY</base> |
| 46 |
|
|
<trans> |
| 47 |
|
|
This server is currently in serveronly mode and portforwarding |
| 48 |
|
|
diff -Naur e-smith-portforwarding-2.2.0-old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward |
| 49 |
|
|
--- e-smith-portforwarding-2.2.0-old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward 2008-10-07 19:36:51.000000000 +0200 |
| 50 |
|
|
+++ e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward 2009-10-19 19:21:16.000000000 +0200 |
| 51 |
|
|
@@ -38,10 +38,24 @@ |
| 52 |
|
|
# If this rule is forwarding to localhost, ExternalIP or LocalIP, |
| 53 |
|
|
# then we must allow it on the INPUT chain instead of the FORWARD |
| 54 |
|
|
# chain. |
| 55 |
|
|
- $OUT .= " adjust_${protocol}_in $port ACCEPT " . |
| 56 |
|
|
- (($ip eq '$OUTERNET') ? |
| 57 |
|
|
- "Inbound${uproto}_\$\$\n" : |
| 58 |
|
|
- "Forwarded${uproto}_\$\$ $ip/32\n"); |
| 59 |
|
|
+ |
| 60 |
|
|
+ my $target_chain = (($ip eq '$OUTERNET') ? |
| 61 |
|
|
+ "Inbound${uproto}_\$\$" : "Forwarded${uproto}_\$\$"); |
| 62 |
|
|
+ |
| 63 |
|
|
+ foreach my $access_type (("Allow", "Deny")) { |
| 64 |
|
|
+ my $jump_target = (($access_type eq "Allow") ? "ACCEPT" : "denylog"); |
| 65 |
|
|
+ my $host_list = $entry->prop("${access_type}Hosts") || ""; |
| 66 |
|
|
+ |
| 67 |
|
|
+ $host_list = "0.0.0.0/0" |
| 68 |
|
|
+ if (($host_list eq "") and ($access_type eq "Allow")); |
| 69 |
|
|
+ |
| 70 |
|
|
+ foreach my $host (split(',', $host_list)) { |
| 71 |
|
|
+ $OUT .= " /sbin/iptables -A $target_chain"; |
| 72 |
|
|
+ $OUT .= " --proto $protocol --dport $port \\\n "; |
| 73 |
|
|
+ $OUT .= " --destination $ip" if ($ip ne '$OUTERNET'); |
| 74 |
|
|
+ $OUT .= " --src $host --jump $jump_target\n"; |
| 75 |
|
|
+ } |
| 76 |
|
|
+ } |
| 77 |
|
|
} |
| 78 |
|
|
} |
| 79 |
|
|
|
| 80 |
|
|
diff -Naur e-smith-portforwarding-2.2.0-old/root/etc/e-smith/web/functions/portforwarding e-smith-portforwarding-2.2.0/root/etc/e-smith/web/functions/portforwarding |
| 81 |
|
|
--- e-smith-portforwarding-2.2.0-old/root/etc/e-smith/web/functions/portforwarding 2008-10-07 19:36:51.000000000 +0200 |
| 82 |
|
|
+++ e-smith-portforwarding-2.2.0/root/etc/e-smith/web/functions/portforwarding 2009-10-19 19:21:16.000000000 +0200 |
| 83 |
|
|
@@ -82,6 +82,17 @@ |
| 84 |
|
|
validation="validate_destination_port()"> |
| 85 |
|
|
<label>LABEL_DESTINATION_PORT</label> |
| 86 |
|
|
</field> |
| 87 |
|
|
+ <field |
| 88 |
|
|
+ id="rule_comment" |
| 89 |
|
|
+ type="text"> |
| 90 |
|
|
+ <label>LABEL_RULE_COMMENT</label> |
| 91 |
|
|
+ </field> |
| 92 |
|
|
+ <field |
| 93 |
|
|
+ id="allow_hosts" |
| 94 |
|
|
+ type="text" |
| 95 |
|
|
+ validation="validate_allowed_hosts()"> |
| 96 |
|
|
+ <label>LABEL_ALLOW_HOSTS</label> |
| 97 |
|
|
+ </field> |
| 98 |
|
|
|
| 99 |
|
|
<subroutine src="print_button('NEXT')" /> |
| 100 |
|
|
|
| 101 |
|
|
diff -Naur e-smith-portforwarding-2.2.0-old/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/portforwarding.pm e-smith-portforwarding-2.2.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/portforwarding.pm |
| 102 |
|
|
--- e-smith-portforwarding-2.2.0-old/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/portforwarding.pm 2008-10-07 19:36:51.000000000 +0200 |
| 103 |
|
|
+++ e-smith-portforwarding-2.2.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/portforwarding.pm 2009-10-19 19:21:16.000000000 +0200 |
| 104 |
|
|
@@ -162,8 +162,16 @@ |
| 105 |
|
|
), " ", |
| 106 |
|
|
esmith::cgi::genSmallCell( |
| 107 |
|
|
$q, |
| 108 |
|
|
- $self->localise('ACTION'), |
| 109 |
|
|
+ $self->localise('ALLOW_HOSTS'), |
| 110 |
|
|
"header", |
| 111 |
|
|
+ ), " ", |
| 112 |
|
|
+ esmith::cgi::genSmallCell( |
| 113 |
|
|
+ $q, |
| 114 |
|
|
+ $self->localise('RULE_COMMENT'), |
| 115 |
|
|
+ "header", |
| 116 |
|
|
+ ), " ", |
| 117 |
|
|
+ $q->th({-class => "sme-border", -colspan => 2}, |
| 118 |
|
|
+ $self->localise('ACTION') |
| 119 |
|
|
), "\n ", |
| 120 |
|
|
); |
| 121 |
|
|
foreach my $proto (sort keys %forwards) { |
| 122 |
|
|
@@ -172,6 +180,8 @@ |
| 123 |
|
|
my $sport = $entry->key; |
| 124 |
|
|
my $dhost = $entry->prop('DestHost'); |
| 125 |
|
|
my $dport = $entry->prop('DestPort') || ''; |
| 126 |
|
|
+ my $cmmnt = $entry->prop('Comment') || ''; |
| 127 |
|
|
+ my $allow = $entry->prop('AllowHosts') || ''; |
| 128 |
|
|
print $q->Tr( |
| 129 |
|
|
esmith::cgi::genSmallCell($q, $proto), |
| 130 |
|
|
" ", |
| 131 |
|
|
@@ -181,13 +191,19 @@ |
| 132 |
|
|
" ", |
| 133 |
|
|
esmith::cgi::genSmallCell($q, $dport || ' '), |
| 134 |
|
|
" ", |
| 135 |
|
|
+ esmith::cgi::genSmallCell($q, $allow || ' '), |
| 136 |
|
|
+ " ", |
| 137 |
|
|
+ esmith::cgi::genSmallCell($q, $cmmnt || ' '), |
| 138 |
|
|
+ " ", |
| 139 |
|
|
esmith::cgi::genSmallCell( |
| 140 |
|
|
$q, |
| 141 |
|
|
$q->a({href => $q->url(-absolute => 1) |
| 142 |
|
|
. "?page=3&Next=Next&protocol=$proto&" |
| 143 |
|
|
. "source_port=$sport&" |
| 144 |
|
|
. "destination_host=$dhost&" |
| 145 |
|
|
- . "destination_port=$dport"}, |
| 146 |
|
|
+ . "destination_port=$dport&" |
| 147 |
|
|
+ . "rule_comment=".CGI::escape($cmmnt)."&" |
| 148 |
|
|
+ . "allow_hosts=$allow"}, |
| 149 |
|
|
$self->localise("REMOVE")) |
| 150 |
|
|
), |
| 151 |
|
|
"\n ", |
| 152 |
|
|
@@ -429,6 +445,27 @@ |
| 153 |
|
|
} |
| 154 |
|
|
} |
| 155 |
|
|
|
| 156 |
|
|
+=head2 validate_allowed_hosts |
| 157 |
|
|
+ |
| 158 |
|
|
+=cut |
| 159 |
|
|
+ |
| 160 |
|
|
+sub validate_allowed_hosts { |
| 161 |
|
|
+ my $self = shift; |
| 162 |
|
|
+ my $ahost = $self->{cgi}->param('allow_hosts'); |
| 163 |
|
|
+ $ahost =~ s/^\s+|\s+$//g; |
| 164 |
|
|
+ |
| 165 |
|
|
+ my $valid_ahost_list = "OK"; |
| 166 |
|
|
+ |
| 167 |
|
|
+ foreach (split(/[\s,]+/, $ahost)) { |
| 168 |
|
|
+ my $valid_ipnet = 0; |
| 169 |
|
|
+ $valid_ipnet = 1 if ($_ =~ m/^\d+\.\d+\.\d+\.\d+$/); |
| 170 |
|
|
+ $valid_ipnet = 1 if ($_ =~ m/^\d+\.\d+\.\d+\.\d+\/\d+$/); |
| 171 |
|
|
+ $valid_ahost_list = "ERR_BADAHOST" if ($valid_ipnet != 1); |
| 172 |
|
|
+ } |
| 173 |
|
|
+ |
| 174 |
|
|
+ return $valid_ahost_list; |
| 175 |
|
|
+} |
| 176 |
|
|
+ |
| 177 |
|
|
=head2 display_summary_create |
| 178 |
|
|
|
| 179 |
|
|
This is a wrapper for the display_summary method, to call it in create mode. |
| 180 |
|
|
@@ -494,6 +531,10 @@ |
| 181 |
|
|
=> $q->param('destination_port') || ' '], |
| 182 |
|
|
[$self->localise('LABEL_DESTINATION_HOST') |
| 183 |
|
|
=> $dhost], |
| 184 |
|
|
+ [$self->localise('RULE_COMMENT') |
| 185 |
|
|
+ => $q->param('rule_comment')], |
| 186 |
|
|
+ [$self->localise('ALLOW_HOSTS') |
| 187 |
|
|
+ => $q->param('allow_hosts')], |
| 188 |
|
|
) |
| 189 |
|
|
{ |
| 190 |
|
|
print $q->Tr( |
| 191 |
|
|
@@ -575,6 +616,9 @@ |
| 192 |
|
|
my $sport = $q->param("source_port"); |
| 193 |
|
|
my $dport = $q->param("destination_port"); |
| 194 |
|
|
my $dhost = $self->get_destination_host(); |
| 195 |
|
|
+ my $cmmnt = $q->param("rule_comment") || ""; |
| 196 |
|
|
+ my $allow = $q->param("allow_hosts") || ""; |
| 197 |
|
|
+ my $deny = (($q->param("allow_hosts")) ? "0.0.0.0/0" : ""); |
| 198 |
|
|
$proto =~ s/^\s+|\s+$//g; |
| 199 |
|
|
$sport =~ s/^\s+|\s+$//g; |
| 200 |
|
|
$dport =~ s/^\s+|\s+$//g; |
| 201 |
|
|
@@ -599,6 +643,9 @@ |
| 202 |
|
|
my $entry = $fdb->get($sport) || $fdb->new_record($sport, { type => 'forward' }); |
| 203 |
|
|
$entry->set_prop('DestHost', $dhost); |
| 204 |
|
|
$entry->set_prop('DestPort', $dport) if $dport; |
| 205 |
|
|
+ $entry->set_prop('Comment', $cmmnt); |
| 206 |
|
|
+ $entry->set_prop('AllowHosts', $allow); |
| 207 |
|
|
+ $entry->set_prop('DenyHosts', $deny); |
| 208 |
|
|
} |
| 209 |
|
|
elsif ($mode eq 'remove') { |
| 210 |
|
|
$self->debug_msg("we are in remove mode"); |
Parent Directory
| 
Revision Log
| 
Revision Graph
