e-smith-portforwarding/sme8/e-smith-portforwarding-2.2.0-AllowHosts.patch

diff -Naur e-smith-portforwarding-2.2.0-old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding e-smith-portforwarding-2.2.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding
--- e-smith-portforwarding-2.2.0-old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding     2008-10-07 19:36:51.000000000 +0200
+++ e-smith-portforwarding-2.2.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding 2009-10-19 19:21:16.000000000 +0200
@@ -85,6 +85,14 @@
         <base>LABEL_DESTINATION_HOST</base>
         <trans>Destination Host IP Address</trans>
     </entry>
+        <base>LABEL_RULE_COMMENT</base>
+        <trans>Rule Comment</trans>
+    </entry>
+    <entry>
+        <base>LABEL_ALLOW_HOSTS</base>
+        <trans>Allow Hosts</trans>
+    </entry>
+    <entry>
     <entry>
         <base>Port forwarding</base>
         <trans>Port forwarding</trans>
@@ -96,6 +104,14 @@
         </trans>
     </entry>
     <entry>
+        <base>RULE_COMMENT</base>
+        <trans>Rule Comment</trans>
+    </entry>
+    <entry>
+        <base>ALLOW_HOSTS</base>
+        <trans>Allow Hosts</trans>
+    </entry>
+    <entry>
         <base>ERR_NO_MASQ_RECORD</base>
         <trans>Cannot retrieve masq record from the configuration
         database.</trans>
@@ -136,6 +152,13 @@
         </trans>
     </entry>
     <entry>
+        <base>ERR_BADAHOST</base>
+        <trans>
+            This does not appear to be a valid IP address list.
+            ie: 192.168.0.1,192.168.1.1/24
+        </trans>
+    </entry>
+    <entry>
         <base>IN_SERVERONLY</base>
         <trans>
             This server is currently in serveronly mode and portforwarding
diff -Naur e-smith-portforwarding-2.2.0-old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward
--- e-smith-portforwarding-2.2.0-old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward        2008-10-07 19:36:51.000000000 +0200
+++ e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward    2009-10-19 19:21:16.000000000 +0200
@@ -38,10 +38,24 @@
             # If this rule is forwarding to localhost, ExternalIP or LocalIP,
             # then we must allow it on the INPUT chain instead of the FORWARD
             # chain.
-            $OUT .= "    adjust_${protocol}_in $port ACCEPT " .
-                       (($ip eq '$OUTERNET') ?
-                           "Inbound${uproto}_\$\$\n" :
-                           "Forwarded${uproto}_\$\$ $ip/32\n");
+
+            my $target_chain = (($ip eq '$OUTERNET') ?
+                "Inbound${uproto}_\$\$" : "Forwarded${uproto}_\$\$");
+
+            foreach my $access_type (("Allow", "Deny")) {
+                my $jump_target = (($access_type eq "Allow") ? "ACCEPT" : "denylog");
+                my $host_list = $entry->prop("${access_type}Hosts") || "";
+
+                $host_list = "0.0.0.0/0"
+                    if (($host_list eq "") and ($access_type eq "Allow"));
+
+                foreach my $host (split(',', $host_list)) {
+                    $OUT .= "    /sbin/iptables -A $target_chain";
+                    $OUT .= " --proto $protocol --dport $port \\\n        ";
+                    $OUT .= " --destination $ip" if ($ip ne '$OUTERNET');
+                    $OUT .= " --src $host --jump $jump_target\n";
+                }
+            }
         }
     }
 
diff -Naur e-smith-portforwarding-2.2.0-old/root/etc/e-smith/web/functions/portforwarding e-smith-portforwarding-2.2.0/root/etc/e-smith/web/functions/portforwarding
--- e-smith-portforwarding-2.2.0-old/root/etc/e-smith/web/functions/portforwarding      2008-10-07 19:36:51.000000000 +0200
+++ e-smith-portforwarding-2.2.0/root/etc/e-smith/web/functions/portforwarding  2009-10-19 19:21:16.000000000 +0200
@@ -82,6 +82,17 @@
             validation="validate_destination_port()">
             <label>LABEL_DESTINATION_PORT</label>
         </field>
+        <field
+            id="rule_comment"
+            type="text">
+            <label>LABEL_RULE_COMMENT</label>
+        </field>
+        <field
+            id="allow_hosts"
+            type="text"
+            validation="validate_allowed_hosts()">
+            <label>LABEL_ALLOW_HOSTS</label>
+        </field>
 
         <subroutine src="print_button('NEXT')" />
 
diff -Naur e-smith-portforwarding-2.2.0-old/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/portforwarding.pm e-smith-portforwarding-2.2.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/portforwarding.pm
--- e-smith-portforwarding-2.2.0-old/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/portforwarding.pm     2008-10-07 19:36:51.000000000 +0200
+++ e-smith-portforwarding-2.2.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/portforwarding.pm 2009-10-19 19:21:16.000000000 +0200
@@ -162,8 +162,16 @@
             ), "        ",
             esmith::cgi::genSmallCell(
                 $q,
-                $self->localise('ACTION'),
+                $self->localise('ALLOW_HOSTS'),
                 "header",
+            ), "        ",
+            esmith::cgi::genSmallCell(
+                $q,
+                $self->localise('RULE_COMMENT'),
+                 "header",
+            ), "        ",
+            $q->th({-class => "sme-border", -colspan => 2},
+                $self->localise('ACTION')
             ), "\n        ",
         );
         foreach my $proto (sort keys %forwards) {
@@ -172,6 +180,8 @@
                     my $sport = $entry->key;
                     my $dhost = $entry->prop('DestHost');
                     my $dport = $entry->prop('DestPort') || '';
+                    my $cmmnt  = $entry->prop('Comment') || '';
+                    my $allow  = $entry->prop('AllowHosts') || '';
                     print $q->Tr(
                         esmith::cgi::genSmallCell($q, $proto),
                             "        ",
@@ -181,13 +191,19 @@
                             "        ",
                         esmith::cgi::genSmallCell($q, $dport || '&nbsp'),
                             "        ",
+                        esmith::cgi::genSmallCell($q, $allow || '&nbsp'),
+                            "        ",
+                        esmith::cgi::genSmallCell($q, $cmmnt || '&nbsp'),
+                            "        ",
                         esmith::cgi::genSmallCell(
                             $q,
                             $q->a({href => $q->url(-absolute => 1)
                                     . "?page=3&Next=Next&protocol=$proto&"
                                     . "source_port=$sport&"
                                     . "destination_host=$dhost&"
-                                    . "destination_port=$dport"},
+                                    . "destination_port=$dport&"
+                                    . "rule_comment=".CGI::escape($cmmnt)."&"
+                                    . "allow_hosts=$allow"},
                                 $self->localise("REMOVE"))
                         ),
                             "\n        ",
@@ -429,6 +445,27 @@
     }
 }
 
+=head2 validate_allowed_hosts
+
+=cut
+
+sub validate_allowed_hosts {
+    my $self = shift;
+    my $ahost = $self->{cgi}->param('allow_hosts');
+    $ahost =~ s/^\s+|\s+$//g;
+
+    my $valid_ahost_list = "OK";
+
+    foreach (split(/[\s,]+/, $ahost)) {
+        my $valid_ipnet = 0;
+        $valid_ipnet = 1 if ($_ =~ m/^\d+\.\d+\.\d+\.\d+$/);
+        $valid_ipnet = 1 if ($_ =~ m/^\d+\.\d+\.\d+\.\d+\/\d+$/);
+        $valid_ahost_list = "ERR_BADAHOST" if ($valid_ipnet != 1);
+    }
+
+    return $valid_ahost_list;
+}
+
 =head2 display_summary_create
 
 This is a wrapper for the display_summary method, to call it in create mode. 
@@ -494,6 +531,10 @@
                 => $q->param('destination_port') || '&nbsp;'],
             [$self->localise('LABEL_DESTINATION_HOST')
                 => $dhost],
+            [$self->localise('RULE_COMMENT')
+                => $q->param('rule_comment')],
+            [$self->localise('ALLOW_HOSTS')
+                => $q->param('allow_hosts')],
         )
     {
         print $q->Tr(
@@ -575,6 +616,9 @@
         my $sport = $q->param("source_port");
         my $dport = $q->param("destination_port");
         my $dhost = $self->get_destination_host();
+        my $cmmnt = $q->param("rule_comment") || "";
+        my $allow = $q->param("allow_hosts") || "";
+        my $deny = (($q->param("allow_hosts")) ? "0.0.0.0/0" : "");
         $proto =~ s/^\s+|\s+$//g;
         $sport =~ s/^\s+|\s+$//g;
         $dport =~ s/^\s+|\s+$//g;
@@ -599,6 +643,9 @@
             my $entry = $fdb->get($sport) || $fdb->new_record($sport, { type => 'forward' });
             $entry->set_prop('DestHost', $dhost);
             $entry->set_prop('DestPort', $dport) if $dport;
+            $entry->set_prop('Comment', $cmmnt);
+            $entry->set_prop('AllowHosts', $allow);
+            $entry->set_prop('DenyHosts', $deny);
         }
         elsif ($mode eq 'remove') {
             $self->debug_msg("we are in remove mode");
1	diff -Naur e-smith-portforwarding-2.2.0-old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding e-smith-portforwarding-2.2.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding
2	--- e-smith-portforwarding-2.2.0-old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding 2008-10-07 19:36:51.000000000 +0200
3	+++ e-smith-portforwarding-2.2.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding 2009-10-19 19:21:16.000000000 +0200
4	@@ -85,6 +85,14 @@
5	<base>LABEL_DESTINATION_HOST</base>
6	<trans>Destination Host IP Address</trans>
7	</entry>
8	+ <base>LABEL_RULE_COMMENT</base>
9	+ <trans>Rule Comment</trans>
10	+ </entry>
11	+ <entry>
12	+ <base>LABEL_ALLOW_HOSTS</base>
13	+ <trans>Allow Hosts</trans>
14	+ </entry>
15	+ <entry>
16	<entry>
17	<base>Port forwarding</base>
18	<trans>Port forwarding</trans>
19	@@ -96,6 +104,14 @@
20	</trans>
21	</entry>
22	<entry>
23	+ <base>RULE_COMMENT</base>
24	+ <trans>Rule Comment</trans>
25	+ </entry>
26	+ <entry>
27	+ <base>ALLOW_HOSTS</base>
28	+ <trans>Allow Hosts</trans>
29	+ </entry>
30	+ <entry>
31	<base>ERR_NO_MASQ_RECORD</base>
32	<trans>Cannot retrieve masq record from the configuration
33	database.</trans>
34	@@ -136,6 +152,13 @@
35	</trans>
36	</entry>
37	<entry>
38	+ <base>ERR_BADAHOST</base>
39	+ <trans>
40	+ This does not appear to be a valid IP address list.
41	+ ie: 192.168.0.1,192.168.1.1/24
42	+ </trans>
43	+ </entry>
44	+ <entry>
45	<base>IN_SERVERONLY</base>
46	<trans>
47	This server is currently in serveronly mode and portforwarding
48	diff -Naur e-smith-portforwarding-2.2.0-old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward
49	--- e-smith-portforwarding-2.2.0-old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward 2008-10-07 19:36:51.000000000 +0200
50	+++ e-smith-portforwarding-2.2.0/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward 2009-10-19 19:21:16.000000000 +0200
51	@@ -38,10 +38,24 @@
52	# If this rule is forwarding to localhost, ExternalIP or LocalIP,
53	# then we must allow it on the INPUT chain instead of the FORWARD
54	# chain.
55	- $OUT .= " adjust_${protocol}_in $port ACCEPT " .
56	- (($ip eq '$OUTERNET') ?
57	- "Inbound${uproto}_\$\$\n" :
58	- "Forwarded${uproto}_\$\$ $ip/32\n");
59	+
60	+ my $target_chain = (($ip eq '$OUTERNET') ?
61	+ "Inbound${uproto}_\$\$" : "Forwarded${uproto}_\$\$");
62	+
63	+ foreach my $access_type (("Allow", "Deny")) {
64	+ my $jump_target = (($access_type eq "Allow") ? "ACCEPT" : "denylog");
65	+ my $host_list = $entry->prop("${access_type}Hosts") \|\| "";
66	+
67	+ $host_list = "0.0.0.0/0"
68	+ if (($host_list eq "") and ($access_type eq "Allow"));
69	+
70	+ foreach my $host (split(',', $host_list)) {
71	+ $OUT .= " /sbin/iptables -A $target_chain";
72	+ $OUT .= " --proto $protocol --dport $port \\\n ";
73	+ $OUT .= " --destination $ip" if ($ip ne '$OUTERNET');
74	+ $OUT .= " --src $host --jump $jump_target\n";
75	+ }
76	+ }
77	}
78	}
79
80	diff -Naur e-smith-portforwarding-2.2.0-old/root/etc/e-smith/web/functions/portforwarding e-smith-portforwarding-2.2.0/root/etc/e-smith/web/functions/portforwarding
81	--- e-smith-portforwarding-2.2.0-old/root/etc/e-smith/web/functions/portforwarding 2008-10-07 19:36:51.000000000 +0200
82	+++ e-smith-portforwarding-2.2.0/root/etc/e-smith/web/functions/portforwarding 2009-10-19 19:21:16.000000000 +0200
83	@@ -82,6 +82,17 @@
84	validation="validate_destination_port()">
85	<label>LABEL_DESTINATION_PORT</label>
86	</field>
87	+ <field
88	+ id="rule_comment"
89	+ type="text">
90	+ <label>LABEL_RULE_COMMENT</label>
91	+ </field>
92	+ <field
93	+ id="allow_hosts"
94	+ type="text"
95	+ validation="validate_allowed_hosts()">
96	+ <label>LABEL_ALLOW_HOSTS</label>
97	+ </field>
98
99	<subroutine src="print_button('NEXT')" />
100
101	diff -Naur e-smith-portforwarding-2.2.0-old/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/portforwarding.pm e-smith-portforwarding-2.2.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/portforwarding.pm
102	--- e-smith-portforwarding-2.2.0-old/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/portforwarding.pm 2008-10-07 19:36:51.000000000 +0200
103	+++ e-smith-portforwarding-2.2.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/portforwarding.pm 2009-10-19 19:21:16.000000000 +0200
104	@@ -162,8 +162,16 @@
105	), " ",
106	esmith::cgi::genSmallCell(
107	$q,
108	- $self->localise('ACTION'),
109	+ $self->localise('ALLOW_HOSTS'),
110	"header",
111	+ ), " ",
112	+ esmith::cgi::genSmallCell(
113	+ $q,
114	+ $self->localise('RULE_COMMENT'),
115	+ "header",
116	+ ), " ",
117	+ $q->th({-class => "sme-border", -colspan => 2},
118	+ $self->localise('ACTION')
119	), "\n ",
120	);
121	foreach my $proto (sort keys %forwards) {
122	@@ -172,6 +180,8 @@
123	my $sport = $entry->key;
124	my $dhost = $entry->prop('DestHost');
125	my $dport = $entry->prop('DestPort') \|\| '';
126	+ my $cmmnt = $entry->prop('Comment') \|\| '';
127	+ my $allow = $entry->prop('AllowHosts') \|\| '';
128	print $q->Tr(
129	esmith::cgi::genSmallCell($q, $proto),
130	" ",
131	@@ -181,13 +191,19 @@
132	" ",
133	esmith::cgi::genSmallCell($q, $dport \|\| '&nbsp'),
134	" ",
135	+ esmith::cgi::genSmallCell($q, $allow \|\| '&nbsp'),
136	+ " ",
137	+ esmith::cgi::genSmallCell($q, $cmmnt \|\| '&nbsp'),
138	+ " ",
139	esmith::cgi::genSmallCell(
140	$q,
141	$q->a({href => $q->url(-absolute => 1)
142	. "?page=3&Next=Next&protocol=$proto&"
143	. "source_port=$sport&"
144	. "destination_host=$dhost&"
145	- . "destination_port=$dport"},
146	+ . "destination_port=$dport&"
147	+ . "rule_comment=".CGI::escape($cmmnt)."&"
148	+ . "allow_hosts=$allow"},
149	$self->localise("REMOVE"))
150	),
151	"\n ",
152	@@ -429,6 +445,27 @@
153	}
154	}
155
156	+=head2 validate_allowed_hosts
157	+
158	+=cut
159	+
160	+sub validate_allowed_hosts {
161	+ my $self = shift;
162	+ my $ahost = $self->{cgi}->param('allow_hosts');
163	+ $ahost =~ s/^\s+\|\s+$//g;
164	+
165	+ my $valid_ahost_list = "OK";
166	+
167	+ foreach (split(/[\s,]+/, $ahost)) {
168	+ my $valid_ipnet = 0;
169	+ $valid_ipnet = 1 if ($_ =~ m/^\d+\.\d+\.\d+\.\d+$/);
170	+ $valid_ipnet = 1 if ($_ =~ m/^\d+\.\d+\.\d+\.\d+\/\d+$/);
171	+ $valid_ahost_list = "ERR_BADAHOST" if ($valid_ipnet != 1);
172	+ }
173	+
174	+ return $valid_ahost_list;
175	+}
176	+
177	=head2 display_summary_create
178
179	This is a wrapper for the display_summary method, to call it in create mode.
180	@@ -494,6 +531,10 @@
181	=> $q->param('destination_port') \|\| ' '],
182	[$self->localise('LABEL_DESTINATION_HOST')
183	=> $dhost],
184	+ [$self->localise('RULE_COMMENT')
185	+ => $q->param('rule_comment')],
186	+ [$self->localise('ALLOW_HOSTS')
187	+ => $q->param('allow_hosts')],
188	)
189	{
190	print $q->Tr(
191	@@ -575,6 +616,9 @@
192	my $sport = $q->param("source_port");
193	my $dport = $q->param("destination_port");
194	my $dhost = $self->get_destination_host();
195	+ my $cmmnt = $q->param("rule_comment") \|\| "";
196	+ my $allow = $q->param("allow_hosts") \|\| "";
197	+ my $deny = (($q->param("allow_hosts")) ? "0.0.0.0/0" : "");
198	$proto =~ s/^\s+\|\s+$//g;
199	$sport =~ s/^\s+\|\s+$//g;
200	$dport =~ s/^\s+\|\s+$//g;
201	@@ -599,6 +643,9 @@
202	my $entry = $fdb->get($sport) \|\| $fdb->new_record($sport, { type => 'forward' });
203	$entry->set_prop('DestHost', $dhost);
204	$entry->set_prop('DestPort', $dport) if $dport;
205	+ $entry->set_prop('Comment', $cmmnt);
206	+ $entry->set_prop('AllowHosts', $allow);
207	+ $entry->set_prop('DenyHosts', $deny);
208	}
209	elsif ($mode eq 'remove') {
210	$self->debug_msg("we are in remove mode");