Revision: 2783
http://ipcop.svn.sourceforge.net/ipcop/?rev=2783&view=rev
Author: dotzball
Date: 2009-05-04 20:11:48 +0000 (Mon, 04 May 2009)
Log Message:
-----------
New code for Portforwarding rules (webgui+puzzleFwRules.pl).
Part 3 (I split this in multiple commits)
->Some other stuff
As I don't have enough spare hardware to test, I can't 100% say
if portforwarding is working (correctly), from my tests it should do
it... So please test this new feature!
In old portforwarding there where created some MANGLE/MARK
iptables rules. In setportfw.c there was this comment:
"Note: if some one remember why the MARK rule ...."
As (in my tests which are not 100% valid!) those rules where not
needed, but please test this in your environment...
There are some TODOs left:
-> More validation checks when creating rules, change custom
addresses, use custom addresses, change custom services,
change custom services...
Those things I will do later/now but wanted to have the portforwarding
in SVN so others can test/use it.
Modified Paths:
--------------
ipcop/trunk/html/cgi-bin/addresses.cgi
ipcop/trunk/html/cgi-bin/services.cgi
ipcop/trunk/src/libs/DataAccess.pl
ipcop/trunk/src/misc-progs/setfwrules.c
Modified: ipcop/trunk/html/cgi-bin/addresses.cgi
===================================================================
--- ipcop/trunk/html/cgi-bin/addresses.cgi 2009-05-04 20:11:02 UTC (rev
2782)
+++ ipcop/trunk/html/cgi-bin/addresses.cgi 2009-05-04 20:11:48 UTC (rev
2783)
@@ -428,6 +428,10 @@
return;
}
+ #
+ # TODO: Check if an address is used in Portforwarding, if yes no subnets
are allowed
+ #
+
if ($cgiparams{'ADDRESS_TYPE'} eq 'ip') {
unless (&General::validip($cgiparams{'ADDRESS_TXT'})) {
$errormessage .= "$Lang::tr{'invalid ip'} <br />";
Modified: ipcop/trunk/html/cgi-bin/services.cgi
===================================================================
--- ipcop/trunk/html/cgi-bin/services.cgi 2009-05-04 20:11:02 UTC (rev
2782)
+++ ipcop/trunk/html/cgi-bin/services.cgi 2009-05-04 20:11:48 UTC (rev
2783)
@@ -657,6 +657,11 @@
return;
}
+ #
+ # TODO: Check if a service is used in Portforwarding, if yes port ranges
are only allowed if
+ # external port range and internal port range are the same
+ #
+
if ( $cgiparams{'PROTOCOL'} eq 'tcp'
|| $cgiparams{'PROTOCOL'} eq 'udp'
|| $cgiparams{'PROTOCOL'} eq 'tcpudp')
Modified: ipcop/trunk/src/libs/DataAccess.pl
===================================================================
--- ipcop/trunk/src/libs/DataAccess.pl 2009-05-04 20:11:02 UTC (rev 2782)
+++ ipcop/trunk/src/libs/DataAccess.pl 2009-05-04 20:11:48 UTC (rev 2783)
@@ -44,7 +44,8 @@
@DATA::ruleKeys_unique = (
'SRC_NET_TYPE', 'SRC_NET', 'INV_SRC_NET', 'SRC_ADR_TYPE',
'SRC_ADR', 'INV_SRC_ADR',
- 'SRC_PORT', 'INV_SRC_PORT', 'DST_NET_TYPE', 'DST_NET',
'INV_DST_NET', 'DST_IP_TYPE',
+ 'SRC_PORT', 'INV_SRC_PORT', 'PORTFW_EXT_ADR',
'PORTFW_SERVICE_TYPE','PORTFW_SERVICE',
+ 'DST_NET_TYPE', 'DST_NET', 'INV_DST_NET', 'DST_IP_TYPE',
'DST_IP', 'INV_DST_IP', 'SERVICE_TYPE', 'SERVICE',
'LOG_ENABLED', 'LIMIT_FOR',
'LIMIT_TYPE', 'MATCH_LIMIT', 'MATCH_STRING_ON', 'MATCH_STRING',
'INV_MATCH_STRING', 'RULEACTION'
);
@@ -741,6 +742,7 @@
$configRef->{'EXTERNAL'} = ();
$configRef->{'FORWARD'} = ();
$configRef->{'DMZHOLES'} = ();
+ $configRef->{'PORTFW'} = ();
foreach my $line (@current) {
chomp($line);
@@ -800,7 +802,7 @@
open(FILE, ">$DATA::configfile") or die 'Unable to open config file.';
flock FILE, 2;
- foreach my $type (("INPUT", "FORWARD", "EXTERNAL", "DMZHOLES")) {
+ foreach my $type (("INPUT", "FORWARD", "EXTERNAL", "DMZHOLES", "PORTFW")) {
my $id = 0;
foreach my $rule (@{$configRef->{$type}}) {
print FILE "RULE,$type,";
Modified: ipcop/trunk/src/misc-progs/setfwrules.c
===================================================================
--- ipcop/trunk/src/misc-progs/setfwrules.c 2009-05-04 20:11:02 UTC (rev
2782)
+++ ipcop/trunk/src/misc-progs/setfwrules.c 2009-05-04 20:11:48 UTC (rev
2783)
@@ -30,11 +30,11 @@
{
printf("Usage: %s [OPTION]\n\n", prg);
printf("Options:\n");
- printf(" -a, --all force update for all user and IPCop
services rules\n");
- printf(" -c, --cron check for timeframe rule changes\n");
- printf(" -f, --force=CHAIN force update for CHAIN\n");
- printf(" -i, --ipcop force update for IPCop services rules\n");
- printf(" -u, --user force update for user rules\n");
+ printf(" -a, --all force update for all user and IPCop
services rules\n");
+ printf(" -c, --cron check for timeframe rule changes\n");
+ printf(" -f, --force=CHAIN force update for CHAIN\n");
+ printf(" -i, --ipcop force update for IPCop services rules\n");
+ printf(" -u, --user force update for user rules\n");
printf(" -w, --wireless force update of BLUE access rules\n");
printf(" -v, --verbose be verbose\n");
printf(" --help display this help and exit\n");
@@ -81,8 +81,9 @@
break;
case 'f':
flag_force = 1;
- if (strcmp(optarg,"INPUT") && strcmp(optarg,"FORWARD") &&
- strcmp(optarg,"EXTERNAL") && strcmp(optarg,"DMZHOLES")) {
+ if (strcmp(optarg,"INPUT") && strcmp(optarg,"FORWARD") &&
+ strcmp(optarg,"EXTERNAL") && strcmp(optarg,"DMZHOLES") &&
+ strcmp(optarg,"PORTFW")) {
fprintf(stderr, "invalid chain (%s)\n", optarg);
exit(2);
@@ -113,7 +114,7 @@
if (flag_cron) {
system("/usr/local/bin/puzzleFwRules.pl -c");
}
-
+
if (flag_all) {
system("/usr/local/bin/puzzleFwRules.pl -a");
}
@@ -122,7 +123,7 @@
snprintf(command, STRING_SIZE, "/usr/local/bin/puzzleFwRules.pl -f
%s", opt_chain);
safe_system(command);
}
-
+
if (flag_ipcop) {
system("/usr/local/bin/puzzleFwRules.pl -i");
}
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations
Conference from O'Reilly Media. Velocity features a full day of
expert-led, hands-on workshops and two days of sessions from industry
leaders in dedicated Performance & Operations tracks. Use code vel09scf
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
Ipcop-svn mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
