/[smeserver]/rpms/e-smith-portforwarding/sme7/e-smith-portforwarding-2.2.0-AllowHosts.patch
ViewVC logotype

Annotation of /rpms/e-smith-portforwarding/sme7/e-smith-portforwarding-2.2.0-AllowHosts.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Thu Feb 4 17:07:02 2010 UTC (14 years, 9 months ago) by filippocarletti
Branch: MAIN
CVS Tags: e-smith-portforwarding-2_0_0-3_el4_sme, e-smith-portforwarding-2_0_0-2_el4_sme, HEAD
* Thu Feb 4 2010 Filippo Carletti <filippo.carletti@gmail.com> 2.0.0-2.sme
- Enable port forwards to localhost if mode is serveronly [SME: 1003]

1 filippocarletti 1.1 diff -Naur e-smith-portforwarding-2.2.0-old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding e-smith-portforwarding-2.2.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding
2     --- e-smith-portforwarding-2.2.0-old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding 2008-10-07 19:36:51.000000000 +0200
3     +++ e-smith-portforwarding-2.2.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding 2009-10-19 19:21:16.000000000 +0200
4     @@ -85,6 +85,14 @@
5     <base>LABEL_DESTINATION_HOST</base>
6     <trans>Destination Host IP Address</trans>
7     </entry>
8     + <base>LABEL_RULE_COMMENT</base>
9     + <trans>Rule Comment</trans>
10     + </entry>
11     + <entry>
12     + <base>LABEL_ALLOW_HOSTS</base>
13     + <trans>Allow Hosts</trans>
14     + </entry>
15     + <entry>
16     <entry>
17     <base>Port forwarding</base>
18     <trans>Port forwarding</trans>
19     @@ -96,6 +104,14 @@
20     </trans>
21     </entry>
22     <entry>
23     + <base>RULE_COMMENT</base>
24     + <trans>Rule Comment</trans>
25     + </entry>
26     + <entry>
27     + <base>ALLOW_HOSTS</base>
28     + <trans>Allow Hosts</trans>
29     + </entry>
30     + <entry>
31     <base>ERR_NO_MASQ_RECORD</base>
32     <trans>Cannot retrieve masq record from the configuration
33     database.</trans>
34     @@ -136,6 +152,13 @@
35     </trans>
36     </entry>
37     <entry>
38     + <base>ERR_BADAHOST</base>
39     + <trans>
40     + This does not appear to be a valid IP address list.
41     + ie: 192.168.0.1,192.168.1.1/24
42     + </trans>
43     + </entry>
44     + <entry>
45     <base>IN_SERVERONLY</base>
46     <trans>
47     This server is currently in serveronly mode and portforwarding
48     diff -Naur e-smith-portforwarding-2.2.0-old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward
49     --- e-smith-portforwarding-2.2.0-old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward 2008-10-07 19:36:51.000000000 +0200
50     +++ e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward 2009-10-19 19:21:16.000000000 +0200
51     @@ -38,10 +38,24 @@
52     # If this rule is forwarding to localhost, ExternalIP or LocalIP,
53     # then we must allow it on the INPUT chain instead of the FORWARD
54     # chain.
55     - $OUT .= " adjust_${protocol}_in $port ACCEPT " .
56     - (($ip eq '$OUTERNET') ?
57     - "Inbound${uproto}_\$\$\n" :
58     - "Forwarded${uproto}_\$\$ $ip/32\n");
59     +
60     + my $target_chain = (($ip eq '$OUTERNET') ?
61     + "Inbound${uproto}_\$\$" : "Forwarded${uproto}_\$\$");
62     +
63     + foreach my $access_type (("Allow", "Deny")) {
64     + my $jump_target = (($access_type eq "Allow") ? "ACCEPT" : "denylog");
65     + my $host_list = $entry->prop("${access_type}Hosts") || "";
66     +
67     + $host_list = "0.0.0.0/0"
68     + if (($host_list eq "") and ($access_type eq "Allow"));
69     +
70     + foreach my $host (split(',', $host_list)) {
71     + $OUT .= " /sbin/iptables -A $target_chain";
72     + $OUT .= " --proto $protocol --dport $port \\\n ";
73     + $OUT .= " --destination $ip" if ($ip ne '$OUTERNET');
74     + $OUT .= " --src $host --jump $jump_target\n";
75     + }
76     + }
77     }
78     }
79    
80     diff -Naur e-smith-portforwarding-2.2.0-old/root/etc/e-smith/web/functions/portforwarding e-smith-portforwarding-2.2.0/root/etc/e-smith/web/functions/portforwarding
81     --- e-smith-portforwarding-2.2.0-old/root/etc/e-smith/web/functions/portforwarding 2008-10-07 19:36:51.000000000 +0200
82     +++ e-smith-portforwarding-2.2.0/root/etc/e-smith/web/functions/portforwarding 2009-10-19 19:21:16.000000000 +0200
83     @@ -82,6 +82,17 @@
84     validation="validate_destination_port()">
85     <label>LABEL_DESTINATION_PORT</label>
86     </field>
87     + <field
88     + id="rule_comment"
89     + type="text">
90     + <label>LABEL_RULE_COMMENT</label>
91     + </field>
92     + <field
93     + id="allow_hosts"
94     + type="text"
95     + validation="validate_allowed_hosts()">
96     + <label>LABEL_ALLOW_HOSTS</label>
97     + </field>
98    
99     <subroutine src="print_button('NEXT')" />
100    
101     diff -Naur e-smith-portforwarding-2.2.0-old/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/portforwarding.pm e-smith-portforwarding-2.2.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/portforwarding.pm
102     --- e-smith-portforwarding-2.2.0-old/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/portforwarding.pm 2008-10-07 19:36:51.000000000 +0200
103     +++ e-smith-portforwarding-2.2.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/portforwarding.pm 2009-10-19 19:21:16.000000000 +0200
104     @@ -162,8 +162,16 @@
105     ), " ",
106     esmith::cgi::genSmallCell(
107     $q,
108     - $self->localise('ACTION'),
109     + $self->localise('ALLOW_HOSTS'),
110     "header",
111     + ), " ",
112     + esmith::cgi::genSmallCell(
113     + $q,
114     + $self->localise('RULE_COMMENT'),
115     + "header",
116     + ), " ",
117     + $q->th({-class => "sme-border", -colspan => 2},
118     + $self->localise('ACTION')
119     ), "\n ",
120     );
121     foreach my $proto (sort keys %forwards) {
122     @@ -172,6 +180,8 @@
123     my $sport = $entry->key;
124     my $dhost = $entry->prop('DestHost');
125     my $dport = $entry->prop('DestPort') || '';
126     + my $cmmnt = $entry->prop('Comment') || '';
127     + my $allow = $entry->prop('AllowHosts') || '';
128     print $q->Tr(
129     esmith::cgi::genSmallCell($q, $proto),
130     " ",
131     @@ -181,13 +191,19 @@
132     " ",
133     esmith::cgi::genSmallCell($q, $dport || '&nbsp'),
134     " ",
135     + esmith::cgi::genSmallCell($q, $allow || '&nbsp'),
136     + " ",
137     + esmith::cgi::genSmallCell($q, $cmmnt || '&nbsp'),
138     + " ",
139     esmith::cgi::genSmallCell(
140     $q,
141     $q->a({href => $q->url(-absolute => 1)
142     . "?page=3&Next=Next&protocol=$proto&"
143     . "source_port=$sport&"
144     . "destination_host=$dhost&"
145     - . "destination_port=$dport"},
146     + . "destination_port=$dport&"
147     + . "rule_comment=".CGI::escape($cmmnt)."&"
148     + . "allow_hosts=$allow"},
149     $self->localise("REMOVE"))
150     ),
151     "\n ",
152     @@ -429,6 +445,27 @@
153     }
154     }
155    
156     +=head2 validate_allowed_hosts
157     +
158     +=cut
159     +
160     +sub validate_allowed_hosts {
161     + my $self = shift;
162     + my $ahost = $self->{cgi}->param('allow_hosts');
163     + $ahost =~ s/^\s+|\s+$//g;
164     +
165     + my $valid_ahost_list = "OK";
166     +
167     + foreach (split(/[\s,]+/, $ahost)) {
168     + my $valid_ipnet = 0;
169     + $valid_ipnet = 1 if ($_ =~ m/^\d+\.\d+\.\d+\.\d+$/);
170     + $valid_ipnet = 1 if ($_ =~ m/^\d+\.\d+\.\d+\.\d+\/\d+$/);
171     + $valid_ahost_list = "ERR_BADAHOST" if ($valid_ipnet != 1);
172     + }
173     +
174     + return $valid_ahost_list;
175     +}
176     +
177     =head2 display_summary_create
178    
179     This is a wrapper for the display_summary method, to call it in create mode.
180     @@ -494,6 +531,10 @@
181     => $q->param('destination_port') || '&nbsp;'],
182     [$self->localise('LABEL_DESTINATION_HOST')
183     => $dhost],
184     + [$self->localise('RULE_COMMENT')
185     + => $q->param('rule_comment')],
186     + [$self->localise('ALLOW_HOSTS')
187     + => $q->param('allow_hosts')],
188     )
189     {
190     print $q->Tr(
191     @@ -575,6 +616,9 @@
192     my $sport = $q->param("source_port");
193     my $dport = $q->param("destination_port");
194     my $dhost = $self->get_destination_host();
195     + my $cmmnt = $q->param("rule_comment") || "";
196     + my $allow = $q->param("allow_hosts") || "";
197     + my $deny = (($q->param("allow_hosts")) ? "0.0.0.0/0" : "");
198     $proto =~ s/^\s+|\s+$//g;
199     $sport =~ s/^\s+|\s+$//g;
200     $dport =~ s/^\s+|\s+$//g;
201     @@ -599,6 +643,9 @@
202     my $entry = $fdb->get($sport) || $fdb->new_record($sport, { type => 'forward' });
203     $entry->set_prop('DestHost', $dhost);
204     $entry->set_prop('DestPort', $dport) if $dport;
205     + $entry->set_prop('Comment', $cmmnt);
206     + $entry->set_prop('AllowHosts', $allow);
207     + $entry->set_prop('DenyHosts', $deny);
208     }
209     elsif ($mode eq 'remove') {
210     $self->debug_msg("we are in remove mode");

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed