From 0046f6fa284ff04bb3176677bec98c7a37b8c425 Mon Sep 17 00:00:00 2001 From: netcons Date: Sat, 19 Oct 2024 12:26:07 +0200 Subject: [PATCH 001/113] Feature : Add ipset support. --- CHANGELOG | 1 + README.md | 1 + src/turtlefirewall/edit_connmark.cgi | 1 + src/turtlefirewall/edit_connmarkpreroute.cgi | 2 + src/turtlefirewall/edit_conntrack.cgi | 1 + src/turtlefirewall/edit_conntrackpreroute.cgi | 2 + src/turtlefirewall/edit_group.cgi | 2 +- src/turtlefirewall/edit_ipset.cgi | 77 ++++++ src/turtlefirewall/edit_rule.cgi | 1 + src/turtlefirewall/edit_timegroup.cgi | 2 +- src/turtlefirewall/lang/de | 16 ++ src/turtlefirewall/lang/en | 16 ++ src/turtlefirewall/lang/fr | 16 ++ src/turtlefirewall/lang/it | 16 ++ src/turtlefirewall/lang/nl | 16 ++ src/turtlefirewall/list_blacklists.cgi | 2 +- src/turtlefirewall/list_items.cgi | 43 ++++ src/turtlefirewall/list_manglerules.cgi | 4 + src/turtlefirewall/list_rawrules.cgi | 2 + src/turtlefirewall/list_rules.cgi | 2 + src/turtlefirewall/save_ipset.cgi | 59 +++++ src/turtlefirewall/setup/TurtleFirewall.pm | 225 ++++++++++++------ 22 files changed, 425 insertions(+), 82 deletions(-) create mode 100644 src/turtlefirewall/edit_ipset.cgi create mode 100644 src/turtlefirewall/save_ipset.cgi diff --git a/CHANGELOG b/CHANGELOG index daa9162..f665026 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -243,5 +243,6 @@ CHANGELOG - Services : Removed depreciated smtps TCP port 465 service. - Services : Added DNS over TLS TCP port 853 service. - Feature : nDPI 4.9.11 support. + - Feature : Add ipset support. - Todo : Translate new features - Todo : Fix backup.cgi restore upload. diff --git a/README.md b/README.md index c530524..cfa1757 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ Turtle Firewall is an Open Source project written using the perl language and re - Risk Detection. - Rate Limiting. - Blacklists. +- IP Sets. - NAT Map to Port. - Logging per rule. - Flow Info logging. diff --git a/src/turtlefirewall/edit_connmark.cgi b/src/turtlefirewall/edit_connmark.cgi index 0e83728..998b4ee 100644 --- a/src/turtlefirewall/edit_connmark.cgi +++ b/src/turtlefirewall/edit_connmark.cgi @@ -53,6 +53,7 @@ push @items, $fw->GetGeoipList(); push @items, $fw->GetNetList(); push @items, $fw->GetHostList(); push @items, $fw->GetGroupList(); +push @items, $fw->GetIPSetList(); @items = sort(@items); if( $hostnameset eq '' ) { $hostnameset = 'any'; } diff --git a/src/turtlefirewall/edit_connmarkpreroute.cgi b/src/turtlefirewall/edit_connmarkpreroute.cgi index deb8d10..3df5b48 100644 --- a/src/turtlefirewall/edit_connmarkpreroute.cgi +++ b/src/turtlefirewall/edit_connmarkpreroute.cgi @@ -50,12 +50,14 @@ push @items_src, grep(!/FIREWALL/, $fw->GetZoneList()); push @items_src, $fw->GetGeoipList(); push @items_src, $fw->GetNetList(); push @items_src, $fw->GetHostList(); +push @items_src, $fw->GetIPSetList(); @items_src = sort(@items_src); my @items_dst = ('*'); push @items_dst, $fw->GetGeoipList(); push @items_dst, $fw->GetNetList(); push @items_dst, $fw->GetHostList(); +push @items_dst, $fw->GetIPSetList(); @items_dst = sort(@items_dst); if( $hostnameset eq '' ) { $hostnameset = 'any'; } diff --git a/src/turtlefirewall/edit_conntrack.cgi b/src/turtlefirewall/edit_conntrack.cgi index 26afe89..10f3bba 100644 --- a/src/turtlefirewall/edit_conntrack.cgi +++ b/src/turtlefirewall/edit_conntrack.cgi @@ -41,6 +41,7 @@ push @items_dst, $fw->GetGeoipList(); push @items_dst, $fw->GetNetList(); push @items_dst, $fw->GetHostList(); push @items_dst, $fw->GetGroupList(); +push @items_dst, $fw->GetIPSetList(); @items_dst = sort(@items_dst); my @services = ('tcp','udp'); diff --git a/src/turtlefirewall/edit_conntrackpreroute.cgi b/src/turtlefirewall/edit_conntrackpreroute.cgi index 23250b6..f55c770 100644 --- a/src/turtlefirewall/edit_conntrackpreroute.cgi +++ b/src/turtlefirewall/edit_conntrackpreroute.cgi @@ -41,12 +41,14 @@ push @items_src, $fw->GetGeoipList(); push @items_src, $fw->GetNetList(); push @items_src, $fw->GetHostList(); push @items_src, $fw->GetGroupList(); +push @items_src, $fw->GetIPSetList(); @items_src = sort(@items_src); my @items_dst = ('*'); push @items_dst, $fw->GetGeoipList(); push @items_dst, $fw->GetNetList(); push @items_dst, $fw->GetHostList(); +push @items_dst, $fw->GetIPSetList(); @items_dst = sort(@items_dst); my @services = ('tcp','udp'); diff --git a/src/turtlefirewall/edit_group.cgi b/src/turtlefirewall/edit_group.cgi index 1d0a74b..09414ff 100644 --- a/src/turtlefirewall/edit_group.cgi +++ b/src/turtlefirewall/edit_group.cgi @@ -41,7 +41,7 @@ if( $new ) { $col .= &ui_hidden("group", $in{'group'}); } print &ui_columns_row([ "$text{'name'}", $col ], \@tds); -$col = &ui_select("items", \@selected_items, \@items, 5, 1); +$col = &ui_select("items", \@selected_items, \@items, 8, 1); print &ui_columns_row([ "$text{'groupitems'}", $col ], \@tds); $col = &ui_textbox("description", $description, 60, 0, 60); print &ui_columns_row([ "$text{'description'}", $col ], \@tds); diff --git a/src/turtlefirewall/edit_ipset.cgi b/src/turtlefirewall/edit_ipset.cgi new file mode 100644 index 0000000..10e595b --- /dev/null +++ b/src/turtlefirewall/edit_ipset.cgi @@ -0,0 +1,77 @@ +#!/usr/bin/perl + +#====================================================================== +# Turtle Firewall webmin module +# +# Copyright (c) Andrea Frigido +# You may distribute under the terms of either the GNU General Public +# License +#====================================================================== + +do 'turtlefirewall-lib.pl'; +&ReadParse(); +use File::Basename; + +$new = $in{'new'}; + +my $heading = ''; +if( $new ) { + $heading = "$text{'edit_ipset_title_create'}"; +} else { + $heading = "$text{'edit_ipset_title_edit'}"; +} +&ui_print_header( $heading, $text{'title'}, "" ); + +my $ipset = $in{'ipset'}; +my $newipset = $in{'newipset'}; +my %n = $fw->GetIPSet($ipset); +my $ip = $n{'IP'}; +my $zone = $n{'ZONE'}; +my $description = $n{'DESCRIPTION'}; + +my $confdir = &confdir(); + +my @items_ipsetlist = (); +my @ipsetlists = glob("$confdir/*.ipset"); +for my $k (@ipsetlists) { + my $ip = basename($k, ".ipset"); + my @opts = ( "$ip", "$ip - $k" ); + push(@items_ipsetlist, \@opts); +} + +my @zones = grep(!/FIREWALL/, $fw->GetZoneList()); + +print &ui_subheading($heading); +print &ui_form_start("save_ipset.cgi", "post"); +my @tds = ( "width=20%", "width=80%" ); +print &ui_columns_start(undef, 100, 0, \@tds); +my $col = ''; +if( $new ) { + $col = &ui_textbox("ipset"); +} else { + $col = &ui_textbox("newipset", $in{'ipset'}); + $col .= &ui_hidden("ipset", $in{'ipset'}); +} +print &ui_columns_row([ "$text{'name'}", $col ], \@tds); +$col = &ui_select("ip", $ip, \@items_ipsetlist); +$col .= "$text{ipset_help}"; +print &ui_columns_row([ "$text{'location'}", $col ], \@tds); +$col = &ui_select("zone", $zone, \@zones); +print &ui_columns_row([ "$text{'zone'}", $col ], \@tds); +$col = &ui_textbox("description", $description, 60, 0, 60); +print &ui_columns_row([ "$text{'description'}", $col ], \@tds); +print &ui_columns_end(); + +print ""; +if( $new ) { + print ''; +} else { + print ''; + print ''; +} +print "
'.&ui_submit( $text{'button_create'}, "new").''.&ui_submit( $text{'button_save'}, "save").''.&ui_submit( $text{'button_delete'}, "delete").'
"; + +print &ui_form_end(); + +print "

"; +&ui_print_footer('list_items.cgi','items list'); diff --git a/src/turtlefirewall/edit_rule.cgi b/src/turtlefirewall/edit_rule.cgi index 3e3f80b..b96146a 100644 --- a/src/turtlefirewall/edit_rule.cgi +++ b/src/turtlefirewall/edit_rule.cgi @@ -59,6 +59,7 @@ push @items, $fw->GetGeoipList(); push @items, $fw->GetNetList(); push @items, $fw->GetHostList(); push @items, $fw->GetGroupList(); +push @items, $fw->GetIPSetList(); @items = sort(@items); if( $hostnameset eq '' ) { $hostnameset = 'any'; } diff --git a/src/turtlefirewall/edit_timegroup.cgi b/src/turtlefirewall/edit_timegroup.cgi index cbcef19..a1c90d2 100644 --- a/src/turtlefirewall/edit_timegroup.cgi +++ b/src/turtlefirewall/edit_timegroup.cgi @@ -41,7 +41,7 @@ if( $new ) { $col .= &ui_hidden("timegroup", $in{'timegroup'}); } print &ui_columns_row([ "$text{'name'}", $col ], \@tds); -$col = &ui_select("items", \@selected_items, \@items, 5, 1); +$col = &ui_select("items", \@selected_items, \@items, 8, 1); print &ui_columns_row([ "$text{'groupitems'}", $col ], \@tds); $col = &ui_textbox("description", $description, 60, 0, 60); print &ui_columns_row([ "$text{'description'}", $col ], \@tds); diff --git a/src/turtlefirewall/lang/de b/src/turtlefirewall/lang/de index 418001b..76e5f71 100644 --- a/src/turtlefirewall/lang/de +++ b/src/turtlefirewall/lang/de @@ -27,6 +27,7 @@ riskset=Risk Set risks=Risks ratelimit=Rate Limit rate=Rate +ipset=IP Set time=Time timeitems=Weekdays name=Name @@ -117,6 +118,7 @@ list_items_create_timegroup=create new timegroup list_items_create_hostnameset=create new hostnameset list_items_create_riskset=create new riskset list_items_create_ratelimit=create new ratelimit +list_items_create_ipset=create new ipset edit_zone_title_create=Neue Zone erstellen edit_zone_title_edit=Zone bearbeiten edit_net_title_create=Netz erstellen @@ -137,6 +139,8 @@ edit_riskset_title_create=Create new RiskSet edit_riskset_title_edit=Edit RiskSet edit_ratelimit_title_create=Create new RateLimit edit_ratelimit_title_edit=Edit RateLimit +edit_ipset_title_create=Create new IPSet +edit_ipset_title_edit=Edit IPSet list_nat_title=NAT und Masquerading list_nat_create_nat=neues NAT erstellen list_nat_create_masq=neues Masquerading erstellen @@ -184,6 +188,7 @@ port_help=Note: range eg. 6000:6010 log_help=Note: target accept logs flow, target drop/reject logs action flowstat_max_help=Note: analysing all flows is resource intensive preroute_help=Note: zone as destination invalid during prerouting +ipset_help=Note: CIDR network address list expected in /etc/turtlefirewall/listname.ipset log_update=Aktualisieren log_title=Action Log flowlog_title=Flow Log @@ -362,6 +367,17 @@ save_ratelimit_error5=ratelimit "$1" can't be renamed to "$2", it already exists save_ratelimit_error6=wrong ratelimit name format. save_ratelimit_error7=the name "none" is reserved. +save_ipset_error_title1=Fail to delete ipset +save_ipset_error_title2=Fail to create new ipset +save_ipset_error_title3=Fail to save ipset +save_ipset_error1=it's used in a group, rule. +save_ipset_error2=Item with same name already present. +save_ipset_error3=ipset name field can't be empty. +save_ipset_error4=wrong zone. +save_ipset_error5=the name "ip_blacklist" is reserved. +save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error7=wrong ipset name format. + save_nat_error_title1=Fail to delete Nat save_nat_error_title2=Fail to create new Nat save_nat_error_title3=Fail to save Nat diff --git a/src/turtlefirewall/lang/en b/src/turtlefirewall/lang/en index 1ec170e..de7abc3 100644 --- a/src/turtlefirewall/lang/en +++ b/src/turtlefirewall/lang/en @@ -27,6 +27,7 @@ riskset=Risk Set risks=Risks ratelimit=Rate Limit rate=Rate +ipset=IP Set time=Time timeitems=Weekdays name=Name @@ -117,6 +118,7 @@ list_items_create_timegroup=create new timegroup list_items_create_hostnameset=create new hostnameset list_items_create_riskset=create new riskset list_items_create_ratelimit=create new ratelimit +list_items_create_ipset=create new ipset edit_zone_title_create=Create new Zone edit_zone_title_edit=Edit Zone edit_net_title_create=Create new Net @@ -137,6 +139,8 @@ edit_riskset_title_create=Create new RiskSet edit_riskset_title_edit=Edit RiskSet edit_ratelimit_title_create=Create new RateLimit edit_ratelimit_title_edit=Edit RateLimit +edit_ipset_title_create=Create new IPSet +edit_ipset_title_edit=Edit IPSet list_nat_title=NAT Rules list_nat_create_nat=create new NAT list_nat_create_masq=create new Masquerade @@ -184,6 +188,7 @@ port_help=Note: range eg. 6000:6010 log_help=Note: target accept logs flow, target drop/reject logs action flowstat_max_help=Note: analysing all flows is resource intensive preroute_help=Note: zone as destination invalid during prerouting +ipset_help=Note: CIDR network address list expected in /etc/turtlefirewall/listname.ipset log_update=Refresh log_title=Action Log flowlog_title=Flow Log @@ -362,6 +367,17 @@ save_ratelimit_error5=ratelimit "$1" can't be renamed to "$2", it already exists save_ratelimit_error6=wrong ratelimit name format. save_ratelimit_error7=the name "none" is reserved. +save_ipset_error_title1=Fail to delete ipset +save_ipset_error_title2=Fail to create new ipset +save_ipset_error_title3=Fail to save ipset +save_ipset_error1=it's used in a group, rule. +save_ipset_error2=Item with same name already present. +save_ipset_error3=ipset name field can't be empty. +save_ipset_error4=wrong zone. +save_ipset_error5=the name "ip_blacklist" is reserved. +save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error7=wrong ipset name format. + save_nat_error_title1=Fail to delete Nat save_nat_error_title2=Fail to create new Nat save_nat_error_title3=Fail to save Nat diff --git a/src/turtlefirewall/lang/fr b/src/turtlefirewall/lang/fr index c0553cf..47c4fa7 100644 --- a/src/turtlefirewall/lang/fr +++ b/src/turtlefirewall/lang/fr @@ -27,6 +27,7 @@ riskset=Risk Set risks=Risks ratelimit=Rate Limit rate=Rate +ipset=IP Set time=Time timeitems=Weekdays name=Nom @@ -117,6 +118,7 @@ list_items_create_timegroup=create new timegroup list_items_create_hostnameset=create new hostnameset list_items_create_riskset=create new riskset list_items_create_ratelimit=create new ratelimit +list_items_create_ipset=create new ipset edit_zone_title_create=Créer une nouvelle zone edit_zone_title_edit=Editer la zone edit_net_title_create=Créer un nouveau réseau @@ -137,6 +139,8 @@ edit_riskset_title_create=Create new RiskSet edit_riskset_title_edit=Edit RiskSet edit_ratelimit_title_create=Create new RateLimit edit_ratelimit_title_edit=Edit RateLimit +edit_ipset_title_create=Create new IPSet +edit_ipset_title_edit=Edit IPSet list_nat_title=NAT et Masquerade list_nat_create_nat=créer un nouveau NAT list_nat_create_masq=créer un nouveau Masquerade @@ -184,6 +188,7 @@ port_help=Note: range eg. 6000:6010 log_help=Note: target accept logs flow, target drop/reject logs action flowstat_max_help=Note: analysing all flows is resource intensive preroute_help=Note: zone as destination invalid during prerouting +ipset_help=Note: CIDR network address list expected in /etc/turtlefirewall/listname.ipset log_update=Refresh log_title=Action Log flowlog_title=Flow Log @@ -362,6 +367,17 @@ save_ratelimit_error5=ratelimit "$1" can't be renamed to "$2", it already exists save_ratelimit_error6=wrong ratelimit name format. save_ratelimit_error7=the name "none" is reserved. +save_ipset_error_title1=Fail to delete ipset +save_ipset_error_title2=Fail to create new ipset +save_ipset_error_title3=Fail to save ipset +save_ipset_error1=it's used in a group, rule. +save_ipset_error2=Item with same name already present. +save_ipset_error3=ipset name field can't be empty. +save_ipset_error4=wrong zone. +save_ipset_error5=the name "ip_blacklist" is reserved. +save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error7=wrong ipset name format. + save_nat_error_title1=Fail to delete Nat save_nat_error_title2=Fail to create new Nat save_nat_error_title3=Fail to save Nat diff --git a/src/turtlefirewall/lang/it b/src/turtlefirewall/lang/it index ff15c50..c390a8d 100644 --- a/src/turtlefirewall/lang/it +++ b/src/turtlefirewall/lang/it @@ -27,6 +27,7 @@ riskset=Risk Set risks=Risks ratelimit=Rate Limit rate=Rate +ipset=IP Set time=Time timeitems=Weekdays name=Nome @@ -117,6 +118,7 @@ list_items_create_timegroup=create new timegroup list_items_create_hostnameset=create new hostnameset list_items_create_riskset=create new riskset list_items_create_ratelimit=create new ratelimit +list_items_create_ipset=create new ipset edit_zone_title_create=Crea nuova Zona edit_zone_title_edit=Modifica Zona edit_net_title_create=Crea una nuova Rete @@ -137,6 +139,8 @@ edit_riskset_title_create=Create new RiskSet edit_riskset_title_edit=Edit RiskSet edit_ratelimit_title_create=Create new RateLimit edit_ratelimit_title_edit=Edit RateLimit +edit_ipset_title_create=Create new IPSet +edit_ipset_title_edit=Edit IPSet list_nat_title=NAT, Mascheramento e Redirezione list_nat_create_nat=crea una nuova regola NAT list_nat_create_masq=crea un nuovo mascheramento @@ -184,6 +188,7 @@ port_help=Note: range eg. 6000:6010 log_help=Note: target accept logs flow, target drop/reject logs action flowstat_max_help=Note: analysing all flows is resource intensive preroute_help=Note: zone as destination invalid during prerouting +ipset_help=Note: CIDR network address list expected in /etc/turtlefirewall/listname.ipset log_update=Aggiorna log_title=Action Log flowlog_title=Flow Log @@ -362,6 +367,17 @@ save_ratelimit_error5=ratelimit "$1" can't be renamed to "$2", it already exists save_ratelimit_error6=wrong ratelimit name format. save_ratelimit_error7=the name "none" is reserved. +save_ipset_error_title1=Fail to delete ipset +save_ipset_error_title2=Fail to create new ipset +save_ipset_error_title3=Fail to save ipset +save_ipset_error1=it's used in a group, rule. +save_ipset_error2=Item with same name already present. +save_ipset_error3=ipset name field can't be empty. +save_ipset_error4=wrong zone. +save_ipset_error5=the name "ip_blacklist" is reserved. +save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error7=wrong ipset name format. + save_nat_error_title1=Errore cancellando la regola Nat save_nat_error_title2=Errore creando la regola Nat save_nat_error_title3=Errore salvando la regola Nat diff --git a/src/turtlefirewall/lang/nl b/src/turtlefirewall/lang/nl index 8439040..55d4690 100644 --- a/src/turtlefirewall/lang/nl +++ b/src/turtlefirewall/lang/nl @@ -27,6 +27,7 @@ riskset=Risk Set risks=Risks ratelimit=Rate Limit rate=Rate +ipset=IP Set time=Time timeitems=Weekdays name=Naam @@ -117,6 +118,7 @@ list_items_create_timegroup=create new timegroup list_items_create_hostnameset=create new hostnameset list_items_create_riskset=create new riskset list_items_create_ratelimit=create new ratelimit +list_items_create_ipset=create new ipset edit_zone_title_create=Toevoegen nieuwe zone edit_zone_title_edit=Zone wijzigen edit_net_title_create=Toevoegen nieuw netwerk @@ -137,6 +139,8 @@ edit_riskset_title_create=Create new RiskSet edit_riskset_title_edit=Edit RiskSet edit_ratelimit_title_create=Create new RateLimit edit_ratelimit_title_edit=Edit RateLimit +edit_ipset_title_create=Create new IPSet +edit_ipset_title_edit=Edit IPSet list_nat_title=NAT en Masquerading list_nat_create_nat=Toevoegen NAT regel list_nat_create_masq=Toevoegen Masquerade regel @@ -184,6 +188,7 @@ port_help=Note: range eg. 6000:6010 log_help=Note: target accept logs flow, target drop/reject logs action flowstat_max_help=Note: analysing all flows is resource intensive preroute_help=Note: zone as destination invalid during prerouting +ipset_help=Note: CIDR network address list expected in /etc/turtlefirewall/listname.ipset log_update=Refresh log_title=Action Log flowlog_title=Flow Log @@ -362,6 +367,17 @@ save_ratelimit_error5=ratelimit "$1" can't be renamed to "$2", it already exists save_ratelimit_error6=wrong ratelimit name format. save_ratelimit_error7=the name "none" is reserved. +save_ipset_error_title1=Fail to delete ipset +save_ipset_error_title2=Fail to create new ipset +save_ipset_error_title3=Fail to save ipset +save_ipset_error1=it's used in a group, rule. +save_ipset_error2=Item with same name already present. +save_ipset_error3=ipset name field can't be empty. +save_ipset_error4=wrong zone. +save_ipset_error5=the name "ip_blacklist" is reserved. +save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error7=wrong ipset name format. + save_nat_error_title1=Fail to delete Nat save_nat_error_title2=Fail to create new Nat save_nat_error_title3=Fail to save Nat diff --git a/src/turtlefirewall/list_blacklists.cgi b/src/turtlefirewall/list_blacklists.cgi index 61a776f..29b8724 100644 --- a/src/turtlefirewall/list_blacklists.cgi +++ b/src/turtlefirewall/list_blacklists.cgi @@ -35,7 +35,7 @@ sub showBlackLists { push(@cols, "$blacklists{$b}{LOCATION}"); my $blacklistcount = qx{wc -l < $blacklists{$b}{LOCATION} 2>/dev/null}; if( $blacklistcount eq '' ) { $blacklistcount = '0'; } - push(@cols, "$blacklistcount"); + push(@cols, $blacklistcount); my $autoupdate = 'NO'; if( -e $blacklists{$b}{CRON} ) { $autoupdate = 'YES'; } my $aimage = $autoupdate eq 'YES' ? '' : ''; diff --git a/src/turtlefirewall/list_items.cgi b/src/turtlefirewall/list_items.cgi index 8b1a75a..9157aae 100644 --- a/src/turtlefirewall/list_items.cgi +++ b/src/turtlefirewall/list_items.cgi @@ -53,6 +53,10 @@ $form++; print "

"; &showRateLimit(); +$form++; +print "

"; +&showIPSet(); + &ui_print_footer('index.cgi',$text{'index'}); #============================================================================ @@ -420,3 +424,42 @@ sub showRateLimit { print ""; print &ui_form_end(); } +sub showIPSet { + print &ui_subheading("",$text{'ipset'}); + print &ui_form_start("save_ipset.cgi", "post"); + @links = ( &select_all_link("d", $form), + &select_invert_link("d", $form), + "$text{'list_items_create_ipset'}" ); + @tds = ( "width=1% style=vertical-align:top", + "style=vertical-align:top", + "style=vertical-align:top", + "style=vertical-align:top", + "style=vertical-align:top" ); + print &ui_columns_start([ + "", + "$text{'name'}", + "$text{'location'}", + "$text{'zone'}", + "$text{'items'}", + "$text{'description'}" ], 100, 0, \@tds); + for my $k ($fw->GetIPSetList()) { + my %ipset = $fw->GetIPSet($k); + my $confdir = &confdir(); + my $listcount = qx{wc -l < $confdir/$ipset{'IP'}.ipset 2>/dev/null}; + if( $listcount eq '' ) { $listcount = '0'; } + local @cols; + my $href = &ui_link("edit_ipset.cgi?ipset=$k",$k); + push(@cols, "$href" ); + push(@cols, "$ipset{'IP'} - $confdir/$ipset{'IP'}.ipset" ); + push(@cols, "$ipset{'ZONE'}" ); + push(@cols, $listcount); + push(@cols, "".($ipset{'DESCRIPTION'} ne '' ? "$ipset{'DESCRIPTION'}" : ' ')."" ); + print &ui_checked_columns_row(\@cols, \@tds, "d", $k); + } + print &ui_columns_end(); + print ""; + print ''; + print ''; + print "
'.&ui_links_row(\@links).''.&ui_submit( $text{'delete_selected'}, "delete").'
"; + print &ui_form_end(); +} diff --git a/src/turtlefirewall/list_manglerules.cgi b/src/turtlefirewall/list_manglerules.cgi index 9499976..f15bbfb 100644 --- a/src/turtlefirewall/list_manglerules.cgi +++ b/src/turtlefirewall/list_manglerules.cgi @@ -90,12 +90,14 @@ sub showConnmarkPreroute { if( $type eq 'NET' ) { $zimage = ''; } elsif( $type eq 'HOST' ) { $zimage = ''; } elsif( $type eq 'GEOIP' ) { $zimage = ''; } + elsif( $type eq 'IPSET' ) { $zimage = ''; } push(@cols, "${zimage}${sb}${bb}$attr{'SRC'}${be}${se}" ); my $zimage = ''; my $type = $fw->GetItemType($attr{'DST'}); if( $type eq 'NET' ) { $zimage = ''; } elsif( $type eq 'HOST' ) { $zimage = ''; } elsif( $type eq 'GEOIP' ) { $zimage = ''; } + elsif( $type eq 'IPSET' ) { $zimage = ''; } push(@cols, "${zimage}${sb}${bb}$attr{'DST'}${be}${se}" ); my $servicelist = ''; my $simage = ''; @@ -250,6 +252,7 @@ sub showConnmark { elsif( $type eq 'HOST' ) { $zimage = ''; } elsif( $type eq 'GEOIP' ) { $zimage = ''; } elsif( $type eq 'GROUP' ) { $zimage = ''; } + elsif( $type eq 'IPSET' ) { $zimage = ''; } } push(@cols, "${zimage}${sb}${bb}$attr{'SRC'}${be}${se}" ); my $zimage = ''; @@ -261,6 +264,7 @@ sub showConnmark { elsif( $type eq 'HOST' ) { $zimage = ''; } elsif( $type eq 'GEOIP' ) { $zimage = ''; } elsif( $type eq 'GROUP' ) { $zimage = ''; } + elsif( $type eq 'IPSET' ) { $zimage = ''; } } push(@cols, "${zimage}${sb}${bb}$attr{'DST'}${be}${se}" ); my $servicelist = ''; diff --git a/src/turtlefirewall/list_rawrules.cgi b/src/turtlefirewall/list_rawrules.cgi index efe02fd..2806336 100644 --- a/src/turtlefirewall/list_rawrules.cgi +++ b/src/turtlefirewall/list_rawrules.cgi @@ -83,12 +83,14 @@ sub showConntrackPreroute { elsif( $type eq 'HOST' ) { $zimage = ''; } elsif( $type eq 'GEOIP' ) { $zimage = ''; } elsif( $type eq 'GROUP' ) { $zimage = ''; } + elsif( $type eq 'IPSET' ) { $zimage = ''; } push(@cols, "${zimage}${sb}${bb}$attr{'SRC'}${be}${se}" ); my $zimage = ''; my $type = $fw->GetItemType($attr{'DST'}); if( $type eq 'NET' ) { $zimage = ''; } elsif( $type eq 'HOST' ) { $zimage = ''; } elsif( $type eq 'GEOIP' ) { $zimage = ''; } + elsif( $type eq 'IPSET' ) { $zimage = ''; } push(@cols, "${zimage}${sb}${bb}$attr{'DST'}${be}${se}" ); $attr{'SERVICE'} =~ s/,/, /g; my $servicelist = ''; diff --git a/src/turtlefirewall/list_rules.cgi b/src/turtlefirewall/list_rules.cgi index ce99ceb..0b43615 100644 --- a/src/turtlefirewall/list_rules.cgi +++ b/src/turtlefirewall/list_rules.cgi @@ -104,6 +104,7 @@ sub showRule { elsif( $type eq 'HOST' ) { $zimage = ''; } elsif( $type eq 'GEOIP' ) { $zimage = ''; } elsif( $type eq 'GROUP' ) { $zimage = ''; } + elsif( $type eq 'IPSET' ) { $zimage = ''; } } $srclist .= "${zimage}${s}
"; } @@ -120,6 +121,7 @@ sub showRule { elsif( $type eq 'HOST' ) { $zimage = ''; } elsif( $type eq 'GEOIP' ) { $zimage = ''; } elsif( $type eq 'GROUP' ) { $zimage = ''; } + elsif( $type eq 'IPSET' ) { $zimage = ''; } } $dstlist .= "${zimage}${d}
"; } diff --git a/src/turtlefirewall/save_ipset.cgi b/src/turtlefirewall/save_ipset.cgi new file mode 100644 index 0000000..5e4feb6 --- /dev/null +++ b/src/turtlefirewall/save_ipset.cgi @@ -0,0 +1,59 @@ +#!/usr/bin/perl + +#====================================================================== +# Turtle Firewall webmin module +# +# Copyright (c) Andrea Frigido +# You may distribute under the terms of either the GNU General Public +# License +#====================================================================== + +do 'turtlefirewall-lib.pl'; +&ReadParse(); + +my $ipset = $in{'ipset'}; +my $newipset = $in{'newipset'}; +my $ip = $in{'ip'}; +my $zone = $in{'zone'}; +my $description = $in{'description'}; + +if( ! $fw->checkName($newipset) ) { &error( $text{save_ipset_error7} ); } + +if( $in{'delete'} ) { + # delete ipset + if( $in{'d'} ) { + @d = split(/\0/, $in{'d'}); + foreach $d (sort { $b <=> $a } @d) { + my $ipset = $d; + $whatfailed = $text{save_ipset_error_title1}; + if( !$fw->DeleteIPSet($ipset) ) { &error( $text{save_ipset_error1} ); } + } + } elsif( $ipset ne '' ) { + $whatfailed = $text{save_ipset_error_title1}; + if( !$fw->DeleteIPSet($ipset) ) { &error( $text{save_ipset_error1} ); } + } +} else { + if( $in{'new'} ) { + $whatfailed = $text{save_ipset_error_title2}; + my @allitems = $fw->GetAllItemsList(); + foreach my $i (@allitems) { + if( $i eq $ipset ) { + &error( $text{save_ipset_error2} ); + } + } + } else { + $whatfailed = $text{save_ipset_error_title3}; + } + if ( $ipset eq '' ) { &error( $text{save_ipset_error3} ); } + if ( ! $fw->GetZone($zone) ) { &error( $text{save_ipset_error4} ); } + if ( $ip eq 'ip_blacklist' ) { &error( $text{save_ipset_error5} ); } + $fw->AddIPSet( $ipset, $ip, $zone, $description ); + if( !$in{'new'} && $newipset ne $ipset ) { + if( !$fw->RenameItem( $ipset, $newipset ) ) { + &error( &text('save_ipset_error6', $ipset, $newipset) ); + } + } +} + +$fw->SaveFirewall(); +&redirect( 'list_items.cgi' ); diff --git a/src/turtlefirewall/setup/TurtleFirewall.pm b/src/turtlefirewall/setup/TurtleFirewall.pm index 1917687..5b4398e 100644 --- a/src/turtlefirewall/setup/TurtleFirewall.pm +++ b/src/turtlefirewall/setup/TurtleFirewall.pm @@ -88,6 +88,11 @@ sub GetRateLimitList { return sort( keys %{ $this->{fw}{RATELIMIT} } ); } +sub GetIPSetList { + my $this = shift; + return sort( keys %{ $this->{fw}{IPSET} } ); +} + sub GetZone { my ($this,$name) = @_; return %{ $this->{fw}{ZONE}{$name} }; @@ -138,6 +143,11 @@ sub GetRateLimit { return %{ $this->{fw}{RATELIMIT}{$name} }; } +sub GetIPSet { + my ($this,$name) = @_; + return %{ $this->{fw}{IPSET}{$name} }; +} + sub GetAllItemsList { my $this = shift; return sort( keys %{ $this->{fwItems} } ); @@ -154,6 +164,7 @@ sub GetItemsAllowToGroup { push @items, @{$this->{fwKeys}{NET}}; push @items, @{$this->{fwKeys}{HOST}}; push @items, @{$this->{fwKeys}{GEOIP}}; + push @items, @{$this->{fwKeys}{IPSET}}; foreach my $g ( @{$this->{fwKeys}{GROUP}} ) { if( $g eq $group ) { last; @@ -304,8 +315,8 @@ sub GetOption { sub GetItemType { my $this = shift; - my $name = shift; - return $type = $this->{fwItems}{$name}; + my $item = shift; + return $type = $this->{fwItems}{$item}; } # AddGroup( $group, $description, @items ) @@ -361,6 +372,14 @@ sub AddRateLimit { $this->{fwItems}{$name} = 'RATELIMIT'; } +# AddIPSet( $name, $ip, $zone, $description ) +sub AddIPSet { + my ($this, $name, $ip, $zone, $description) = @_; + %{ $this->{fw}{IPSET}{$name} } = ('NAME'=>$name, 'IP'=>$ip, 'ZONE'=>$zone, 'DESCRIPTION'=>$description ); + $this->{fwItems}{$name} = 'IPSET'; + return 1; +} + # AddHost( $name, $ip, $mac, $zone, $description ) sub AddHost { my ($this, $name, $ip, $mac, $zone, $description) = @_; @@ -657,6 +676,12 @@ sub DeleteItem { last; } } + for my $k (@{$this->{fwKeys}{IPSET}}) { + if( $this->{fw}{IPSET}{$k}{ZONE} eq $name ) { + $found = 1; + last; + } + } } # Now I check if this item is included in a group @@ -817,6 +842,11 @@ sub RenameItem { $this->{fw}{GEOIP}{$k}{ZONE} = $newname; } } + foreach $k (@{$this->{fwKeys}{IPSET}}) { + if( $this->{fw}{IPSET}{$k}{ZONE} eq $oldname ) { + $this->{fw}{IPSET}{$k}{ZONE} = $newname; + } + } } # change itme name in groups @@ -883,6 +913,11 @@ sub DeleteRateLimit { my ($this, $ratelimit) = @_; return $this->DeleteItem( $ratelimit ); } +# DeleteIPSet( $ipset ); +sub DeleteIPSet { + my ($this, $ipset) = @_; + return $this->DeleteItem( $ipset ); +} # DeleteHost( $host ); sub DeleteHost { @@ -1002,6 +1037,7 @@ sub LoadFirewall { if( $name2 eq 'HOSTNAMESET' ) { $this->_LoadFirewallItem( 'HOSTNAMESET', @{$list[$j+1]} ); } if( $name2 eq 'RISKSET' ) { $this->_LoadFirewallItem( 'RISKSET', @{$list[$j+1]} ); } if( $name2 eq 'RATELIMIT' ) { $this->_LoadFirewallItem( 'RATELIMIT', @{$list[$j+1]} ); } + if( $name2 eq 'IPSET' ) { $this->_LoadFirewallItem( 'IPSET', @{$list[$j+1]} ); } if( $name2 eq 'MASQUERADE' ) { $this->_LoadFirewallNat( 'MASQUERADE', @{$list[$j+1]} ); } if( $name2 eq 'NAT' ) { $this->_LoadFirewallNat( 'NAT', @{$list[$j+1]} ); } if( $name2 eq 'REDIRECT' ) { $this->_LoadFirewallNat( 'REDIRECT', @{$list[$j+1]} ); } @@ -1423,12 +1459,17 @@ sub SaveFirewallAs { $xml .= $this->attr2xml( 'host', %{$fw{'HOST'}{$k}} ); } if( %{$fw{'HOST'}} ) { $xml .= "\n"; } - + foreach my $k (keys %{$fw{'GEOIP'}}) { $xml .= $this->attr2xml( 'geoip', %{$fw{'GEOIP'}{$k}} ); } if( %{$fw{'GEOIP'}} ) { $xml .= "\n"; } - + + foreach my $k (keys %{$fw{'IPSET'}}) { + $xml .= $this->attr2xml( 'ipset', %{$fw{'IPSET'}{$k}} ); + } + if( %{$fw{'IPSET'}} ) { $xml .= "\n"; } + foreach my $k (@{$this->{fwKeys}{GROUP}}) { $xml .= "_clean($fw{'GROUP'}{$k}{DESCRIPTION})."\">\n"; foreach my $item (@{$fw{'GROUP'}{$k}{ITEMS}}) { @@ -1442,7 +1483,7 @@ sub SaveFirewallAs { $xml .= $this->attr2xml( 'time', %{$fw{'TIME'}{$k}} ); } if( %{$fw{'TIME'}} ) { $xml .= "\n"; } - + foreach my $k (@{$this->{fwKeys}{TIMEGROUP}}) { $xml .= "_clean($fw{'TIMEGROUP'}{$k}{DESCRIPTION})."\">\n"; foreach my $item (@{$fw{'TIMEGROUP'}{$k}{ITEMS}}) { @@ -1451,64 +1492,64 @@ sub SaveFirewallAs { $xml .= "\n"; } if( @{$this->{fwKeys}{TIMEGROUP}} ) { $xml .= "\n"; } - + foreach my $k (keys %{$fw{'HOSTNAMESET'}}) { $xml .= $this->attr2xml( 'hostnameset', %{$fw{'HOSTNAMESET'}{$k}} ); } if( %{$fw{'HOSTNAMESET'}} ) { $xml .= "\n"; } - + foreach my $k (keys %{$fw{'RISKSET'}}) { $xml .= $this->attr2xml( 'riskset', %{$fw{'RISKSET'}{$k}} ); } if( %{$fw{'RISKSET'}} ) { $xml .= "\n"; } - + foreach my $k (keys %{$fw{'RATELIMIT'}}) { $xml .= $this->attr2xml( 'ratelimit', %{$fw{'RATELIMIT'}{$k}} ); } if( %{$fw{'RATELIMIT'}} ) { $xml .= "\n"; } - + my @nats = @{$fw{'NAT'}}; for my $i (0..$#nats) { $xml .= $this->attr2xml( 'nat', %{$nats[$i]} ); } if( @{$fw{'NAT'}} ) { $xml .= "\n"; } - + my @masq = @{$fw{'MASQUERADE'}}; for my $i (0..$#masq) { $xml .= $this->attr2xml( 'masquerade', %{$masq[$i]} ); } if( @{$fw{'MASQUERADE'}} ) { $xml .= "\n"; } - + my @redirectlist = @{$fw{'REDIRECT'}}; for my $i (0..$#redirectlist) { $xml .= $this->attr2xml( 'redirect', %{$redirectlist[$i]} ); } if( @{$fw{'REDIRECT'}} ) { $xml .= "\n"; } - + my @conntrackpreroutes = @{$fw{'CONNTRACKPREROUTE'}}; for my $i (0..$#conntrackpreroutes) { $xml .= $this->attr2xml( 'conntrackpreroute', %{$conntrackpreroutes[$i]} ); } if( @{$fw{'CONNTRACKPREROUTE'}} ) { $xml .= "\n"; } - + my @conntracks = @{$fw{'CONNTRACK'}}; for my $i (0..$#conntracks) { $xml .= $this->attr2xml( 'conntrack', %{$conntracks[$i]} ); } if( @{$fw{'CONNTRACK'}} ) { $xml .= "\n"; } - + my @connmarkpreroutes = @{$fw{'CONNMARKPREROUTE'}}; for my $i (0..$#connmarkpreroutes) { $xml .= $this->attr2xml( 'connmarkpreroute', %{$connmarkpreroutes[$i]} ); } if( @{$fw{'CONNMARKPREROUTE'}} ) { $xml .= "\n"; } - + my @connmarks = @{$fw{'CONNMARK'}}; for my $i (0..$#connmarks) { $xml .= $this->attr2xml( 'connmark', %{$connmarks[$i]} ); } if( @{$fw{'CONNMARK'}} ) { $xml .= "\n"; } - + my @rules = @{$fw{'RULE'}}; for my $i (0..$#rules) { $xml .= $this->attr2xml( 'rule', %{$rules[$i]} ); @@ -1649,7 +1690,7 @@ sub startFirewall { $this->command( "for f in /proc/sys/net/ipv4/conf/*/log_martians; do echo $flag > \$f; done" ); } - # I want ever icmp_echo_ignore_all set to off. Turtle Firewall uses iptables + # I want all icmp_echo_ignore_all set to off. Turtle Firewall uses iptables # rules for drop or allow icmp echo packets. Andrea Frigido 2004-07-17 $this->command( 'echo "1"', '/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts' ); $this->command( 'echo "0"', '/proc/sys/net/ipv4/icmp_echo_ignore_all' ); @@ -1698,6 +1739,21 @@ sub startFirewall { $this->command('/usr/lib/turtlefirewall/sha1_blacklist -I', '/dev/null'); } + # Ensure IPsets exist + for my $s ($this->GetIPSetList()) { + my %ipset = $this->GetIPSet($s); + for( my $i=0; $i<=$#{$this->{fw}{RULE}}; $i++ ) { + if( $this->{fw}{RULE}[$i]{SRC} eq $s || $this->{fw}{RULE}[$i]{DST} eq $s && $this->{fw}{RULE}[$i]{ACTIVE} ne 'NO') { + if( ! -e "/etc/turtlefirewall/$ipset{'IP'}.ipset" ) { + open( FILE, ">", "/etc/turtlefirewall/$ipset{'IP'}.ipset" ); + close( FILE ); + } + $this->command( "ipset create $ipset{'IP'} hash:net", "/dev/null 2>&1" ); + last; + } + } + } + my $rules = $this->getIptablesRules(); my $use_iptables_restore = 1; @@ -1729,13 +1785,30 @@ sub startFirewall { if( $this->{fw}{RULE}[$i]{RATELIMIT} eq $r && $this->{fw}{RULE}[$i]{ACTIVE} ne 'NO') { # Convert to bps my $rate = $ratelimit{'RATE'} * 1024000; - print "run ipt_ratelimit $r($ratelimit{'RATE'} Mbps)\n"; + print "run ratelimit-restore $r($ratelimit{'RATE'} Mbps)\n"; $this->command( "echo \@\+0.0.0.0/0 $rate", "/proc/net/ipt_ratelimit/go-$r" ); $this->command( "echo \@\+0.0.0.0/0 $rate", "/proc/net/ipt_ratelimit/back-$r" ); last; } } } + + # Import IPsets + for my $s ($this->GetIPSetList()) { + my %ipset = $this->GetIPSet($s); + for( my $i=0; $i<=$#{$this->{fw}{RULE}}; $i++ ) { + if( $this->{fw}{RULE}[$i]{SRC} eq $s || $this->{fw}{RULE}[$i]{DST} eq $s && $this->{fw}{RULE}[$i]{ACTIVE} ne 'NO') { + print "run ipset-restore $s($ipset{'IP'})\n"; + $this->command( "ipset flush $ipset{'IP'}", "/dev/null 2>&1" ); + my @items = (); + open( FILE, "<", "/etc/turtlefirewall/$ipset{'IP'}.ipset" ); + while( ) { if( $_ =~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/\b([0-9]|[12][0-9]|3[0-2])\b)/ ) { push(@items, $1); } } + close( FILE ); + for my $n (@items) { $this->command( "ipset add $ipset{'IP'} $n", "/dev/null 2>&1" ); } + last; + } + } + } } sub stopFirewall { @@ -1831,7 +1904,7 @@ sub getIptablesRules { $rules_mangle .= "-A PREROUTING -j CONNMARK --restore-mark\n"; $rules_mangle .= "-A POSTROUTING -j CONNMARK --save-mark\n"; - # abilito l'accesso da/verso l'interfaccia lo. + # Enable access from/to the loopback interface. $rules .= "-A INPUT -i lo -j ACCEPT\n"; $rules .= "-A OUTPUT -o lo -j ACCEPT\n"; @@ -2201,7 +2274,7 @@ sub applyNat { my $virtual_if=''; my $real_ip=''; - # service is a list of services? + # Service is a list of services? if( $nmService =~ /,/ ) { my @services = split( /,/, $nmService ); my %newnat = %nat; @@ -2378,12 +2451,12 @@ sub applyMasquerade { } if( $dst eq '' ) { - print STDERR "Error: DST or ZONE attribute missing in MASQUERADE rule."; + print STDERR "Error: DST or ZONE attribute missing in MASQUERADE rule.\n"; return $rules; } #if( $fwItems{$zone} ne 'ZONE' ) { - # print STDERR "Error: invalid ZONE attribute missing in MASQUERADE rule."; + # print STDERR "Error: invalid ZONE attribute missing in MASQUERADE rule.\n"; # return #} @@ -2411,11 +2484,11 @@ sub applyMasquerade { return $rules; } - #I define the SERVICE + # Define the SERVICE my $service = $masq{SERVICE}; my $port = $masq{PORT}; - # service is a list of services? + # Service is a list of services? if( $service =~ /,/ ) { my @services = split( /,/, $service ); my %newmasq = %masq; @@ -2430,10 +2503,10 @@ sub applyMasquerade { $service = 'all'; } - my ($src_zone, $src_peer, $src_mac) = $this->expand_item( $src ); + my ($src_zone, $src_peer, undef, $src_mac) = $this->expand_item( $src ); my %src_zone_attr = $this->GetZone( $src_zone ); $src_if = $src_zone_attr{IF}; - my ($dst_zone, $dst_peer) = $this->expand_item( $dst ); + my ($dst_zone, $dst_peer, undef, undef) = $this->expand_item( $dst ); my %dst_zone_attr = $this->GetZone( $dst_zone ); $dst_if = $dst_zone_attr{IF}; @@ -2466,7 +2539,7 @@ sub _applyServiceMasquerade { my $rules = ''; - # loop on filering rules + # Loop on filering rules my $i; for( $i = 0; $i <= $#{$service{FILTERS}}; $i++ ) { @@ -2492,7 +2565,7 @@ sub _applyServiceMasquerade { next; } - # port set by firewall rule + # Port set by firewall rule if( $sport eq 'PORT' ) { $sport = $port; } @@ -2581,7 +2654,7 @@ sub applyRedirect { my $port = $redirect{PORT}; my $toport = $redirect{TOPORT}; - my ($src_zone, $src_peer, $src_mac) = $this->expand_item( $src ); + my ($src_zone, $src_peer, undef, $src_mac) = $this->expand_item( $src ); my %src_zone_attr = $this->GetZone( $src_zone ); my $src_if = $src_zone_attr{IF}; @@ -2593,7 +2666,7 @@ sub applyRedirect { $dst_peer = '0.0.0.0/0'; $dst_if = ''; } else { - ($dst_zone, $dst_peer) = $this->expand_item( $dst ); + ($dst_zone, $dst_peer, undef, undef) = $this->expand_item( $dst ); my %dst_zone_attr = $this->GetZone( $dst_zone ); $dst_if = $dst_zone_attr{IF}; } @@ -2911,8 +2984,8 @@ sub applyRule { $risk = $riskset_list{'RISKS'}; } - my ($src_zone, $src_peer, $src_mac) = $this->expand_item( $src ); - my ($dst_zone, $dst_peer) = $this->expand_item( $dst ); + my ($src_zone, $src_peer, $src_type, $src_mac) = $this->expand_item( $src ); + my ($dst_zone, $dst_peer, $dst_type, undef) = $this->expand_item( $dst ); if( $src_zone eq 'FIREWALL' && $dst_zone eq 'FIREWALL' ) { # ignore chain FIREWALL-FIREWALL @@ -2977,15 +3050,15 @@ sub applyRule { # Create the Rules if( $mangle ) { # Mangle Rule - $rules .= $this->applyService( \%services, $service, $andata, $ritorno, $src_peer, $src_mac, $dst_peer, + $rules .= $this->applyService( \%services, $service, $andata, $ritorno, $src_peer, $src_type, $src_mac, $dst_peer, $dst_type, $port, $ndpi, $category, $hostname, $risk, '', $t_days, $t_start, $t_stop, '', '', $mark, '' ); } elsif( $raw ) { # Raw Rule - $rules .= $this->applyService( \%services, $service, $andata, $ritorno, $src_peer, $src_mac, $dst_peer, + $rules .= $this->applyService( \%services, $service, $andata, $ritorno, $src_peer, $src_type, $src_mac, $dst_peer, $dst_type, $port, $ndpi, $category, $hostname, $risk, '', $t_days, $t_start, $t_stop, '', '', '', $helper ); } else { # Filter Rule - $rules .= $this->applyService( \%services, $service, $andata, $ritorno, $src_peer, $src_mac, $dst_peer, + $rules .= $this->applyService( \%services, $service, $andata, $ritorno, $src_peer, $src_type, $src_mac, $dst_peer, $dst_type, $port, $ndpi, $category, $hostname, $risk, $ratelimit, $t_days, $t_start, $t_stop, $log, $target, '', '' ); } @@ -3001,7 +3074,7 @@ sub applyService { # Apply a service sub _applyService { my $this = shift; - my( $ref_calledServices, $ref_services, $serviceName, $goChain, $backChain, $src, $src_mac, $dst, + my( $ref_calledServices, $ref_services, $serviceName, $goChain, $backChain, $src, $src_type, $src_mac, $dst, $dst_type, $port, $ndpi, $category, $hostname, $risk, $ratelimit, $t_days, $t_start, $t_stop, $log, $target, $mangle_mark, $helper ) = @_; my %service = %{$ref_services->{$serviceName}}; @@ -3023,7 +3096,7 @@ sub _applyService { if( $filter{SERVICE} ne '' && !$ref_calledServices->{$filter{SERVICE}} ) { # It is a subservice, recursion call to _applyService $rules .= $this->_applyService( $ref_calledServices, $ref_services, $filter{SERVICE}, - $goChain, $backChain, $src, $src_mac, $dst, $port, $ndpi, $category, $hostname, $risk, $ratelimit, + $goChain, $backChain, $src, $src_type, $src_mac, $dst, $dst_type, $port, $ndpi, $category, $hostname, $risk, $ratelimit, $t_days, $t_start, $t_stop, $log, $target, $mangle_mark, $helper ); next; } @@ -3059,41 +3132,31 @@ sub _applyService { if( $direction eq 'go' ) { $cmd = "-A $goChain "; if( $ratelimit ne '' ) { $cmd .= "-m ratelimit --ratelimit-set go-$ratelimit --ratelimit-mode src "; } - if( $dst !~ /^[A-Z1-2]{2}$/ && $src !~ /^[A-Z1-2]{2}$/ ) { - if( $src ne '0.0.0.0/0' && $src ne '' ) { $cmd .= "-s $src "; } - if( $src_mac =~ /^[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}$/ ) { - $cmd .= "-m mac --mac-source $src_mac "; } - if( $dst ne '0.0.0.0/0' && $dst ne '' ) { $cmd .= "-d $dst "; } - } else { - if( $src =~ /^[A-Z1-2]{2}$/ ) { - if( $dst ne '0.0.0.0/0' ) { - $cmd .= "-m geoip --source-country $src -d $dst "; - } else { $cmd .= "-m geoip --source-country $src "; } - } - if( $dst =~ /^[A-Z1-2]{2}$/ ) { - if( $src ne '0.0.0.0/0' ) { - $cmd .= "-m geoip --destination-country $dst -s $src "; - } else { $cmd .= "-m geoip --destination-country $dst "; } - } - } + if( $src_mac =~ /^[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}$/ ) { + $cmd .= "-m mac --mac-source $src_mac "; } + if( $src ne '' ) { + if( $dst_type eq 'GEOIP' ) { $cmd .= "-m geoip --destination-country $dst "; } + if( $dst_type eq 'IPSET' ) { $cmd .= "-m set --match-set $dst dst "; } + if( $src ne '0.0.0.0/0' && $src_type !~ /GEOIP|IPSET/ ) { $cmd .= "-s $src "; } + } + if( $dst ne '' ) { + if( $src_type eq 'GEOIP' ) { $cmd .= "-m geoip --source-country $src "; } + if( $src_type eq 'IPSET' ) { $cmd .= "-m set --match-set $src src "; } + if( $dst ne '0.0.0.0/0' && $dst_type !~ /GEOIP|IPSET/ ) { $cmd .= "-d $dst "; } + } } else { $cmd = "-A $backChain "; if( $ratelimit ne '' ) { $cmd .= "-m ratelimit --ratelimit-set back-$ratelimit --ratelimit-mode dst "; } - if( $src !~ /^[A-Z1-2]{2}$/ && $dst !~ /^[A-Z1-2]{2}$/ ) { - if( $dst ne '0.0.0.0/0' && $dst ne '' ) { $cmd .= "-s $dst "; } - if( $src ne '0.0.0.0/0' && $src ne '' ) { $cmd .= "-d $src "; } - } else { - if( $dst =~ /^[A-Z1-2]{2}$/ ) { - if( $src ne '0.0.0.0/0' ) { - $cmd .= "-m geoip --source-country $dst -d $src "; - } else { $cmd .= "-m geoip --source-country $dst "; } - } - if( $src =~ /^[A-Z1-2]{2}$/ ) { - if( $dst ne '0.0.0.0/0' ) { - $cmd .= "-m geoip --destination-country $src -s $dst "; - } else { $cmd .= "-m geoip --destination-country $src "; } - } - } + if( $dst ne '' ) { + if( $src_type eq 'GEOIP' ) { $cmd .= "-m geoip --destination-country $src "; } + if( $src_type eq 'IPSET' ) { $cmd .= "-m set --match-set $src dst "; } + if( $dst ne '0.0.0.0/0' && $dst_type !~ /GEOIP|IPSET/ ) { $cmd .= "-s $dst "; } + } + if( $src ne '' ) { + if( $dst_type eq 'GEOIP' ) { $cmd .= "-m geoip --source-country $dst "; } + if( $dst_type eq 'IPSET' ) { $cmd .= "-m set --match-set $dst src "; } + if( $src ne '0.0.0.0/0' && $src_type !~ /GEOIP|IPSET/ ) { $cmd .= "-d $src "; } + } } if( $p ne '' ) { $cmd .= "-p $p "; } @@ -3142,8 +3205,10 @@ sub _applyService { $logprefix = "TFW=$category"; } elsif( $ndpi ne '' ) { $logprefix = "TFW=$ndpi"; - } elsif( $src =~ /^[A-Z1-2]{2}$/ || $dst =~ /^[A-Z1-2]{2}$/ ) { - $logprefix = "TFW=GEO-".( $src =~ /^[A-Z1-2]{2}$/ ? $src : $dst ); + } elsif( $src_type eq 'GEOIP' || $dst_type eq 'GEOIP' ) { + $logprefix = "TFW=GEO-".( $src_type eq 'GEOIP' ? $src : $dst ); + } elsif( $src_type eq 'IPSET' || $dst_type eq 'IPSET' ) { + $logprefix = "TFW=SET-".( $src_type eq 'IPSET' ? $src : $dst ); } else { $logprefix = "TFW=$goChain"; } @@ -3211,31 +3276,35 @@ sub expand_item { my %fw = %{$this->{fw}}; my %fwItems = %{$this->{fwItems}}; - my $itemType = $fwItems{$item}; + my $type = $fwItems{$item}; my $zone = ''; my $ip = ''; my $mac = ''; - if( $itemType eq 'ZONE' ) { + if( $type eq 'ZONE' ) { $zone = $item; $ip = '0.0.0.0/0'; } - if( $itemType eq 'GEOIP' ) { + if( $type eq 'GEOIP' ) { $zone = $fw{GEOIP}{$item}{ZONE}; $ip = $fw{GEOIP}{$item}{IP}; } - if( $itemType eq 'NET' ) { + if( $type eq 'IPSET' ) { + $zone = $fw{IPSET}{$item}{ZONE}; + $ip = $fw{IPSET}{$item}{IP}; + } + if( $type eq 'NET' ) { $zone = $fw{NET}{$item}{ZONE}; $ip = $fw{NET}{$item}{IP}.'/'.$fw{NET}{$item}{NETMASK}; } - if( $itemType eq 'HOST' ) { + if( $type eq 'HOST' ) { $zone = $fw{HOST}{$item}{ZONE}; $ip = $fw{HOST}{$item}{IP}; if( $ip ne '' ) {$ip = $ip.'/32';} $mac = $fw{HOST}{$item}{MAC}; } - return ($zone, $ip, $mac ); + return ($zone, $ip, $type, $mac ); } sub expand_time_item { @@ -3244,7 +3313,6 @@ sub expand_time_item { my %fw = %{$this->{fw}}; my %fwItems = %{$this->{fwItems}}; - my $itemType = $fwItems{$item}; my $weekdays = ''; my $timestart = ''; @@ -3263,7 +3331,6 @@ sub expand_hostnameset_item { my %fw = %{$this->{fw}}; my %fwItems = %{$this->{fwItems}}; - my $itemType = $fwItems{$item}; my $hostnames = ''; $hostnames = $fw{HOSTNAMESET}{$item}{HOSTNAMES}; From ec1ede86b2408034d818d5d89f99deea0927a474 Mon Sep 17 00:00:00 2001 From: netcons Date: Sat, 19 Oct 2024 21:48:27 +0200 Subject: [PATCH 002/113] Bug : Check if ipset file exists. --- src/turtlefirewall/edit_ipset.cgi | 1 - src/turtlefirewall/lang/de | 6 +++--- src/turtlefirewall/lang/en | 6 +++--- src/turtlefirewall/lang/fr | 6 +++--- src/turtlefirewall/lang/it | 6 +++--- src/turtlefirewall/lang/nl | 6 +++--- src/turtlefirewall/save_ipset.cgi | 5 +++-- 7 files changed, 18 insertions(+), 18 deletions(-) diff --git a/src/turtlefirewall/edit_ipset.cgi b/src/turtlefirewall/edit_ipset.cgi index 10e595b..a6ab275 100644 --- a/src/turtlefirewall/edit_ipset.cgi +++ b/src/turtlefirewall/edit_ipset.cgi @@ -54,7 +54,6 @@ if( $new ) { } print &ui_columns_row([ "$text{'name'}", $col ], \@tds); $col = &ui_select("ip", $ip, \@items_ipsetlist); -$col .= "$text{ipset_help}"; print &ui_columns_row([ "$text{'location'}", $col ], \@tds); $col = &ui_select("zone", $zone, \@zones); print &ui_columns_row([ "$text{'zone'}", $col ], \@tds); diff --git a/src/turtlefirewall/lang/de b/src/turtlefirewall/lang/de index 76e5f71..d7f1066 100644 --- a/src/turtlefirewall/lang/de +++ b/src/turtlefirewall/lang/de @@ -188,7 +188,6 @@ port_help=Note: range eg. 6000:6010 log_help=Note: target accept logs flow, target drop/reject logs action flowstat_max_help=Note: analysing all flows is resource intensive preroute_help=Note: zone as destination invalid during prerouting -ipset_help=Note: CIDR network address list expected in /etc/turtlefirewall/listname.ipset log_update=Aktualisieren log_title=Action Log flowlog_title=Flow Log @@ -375,8 +374,9 @@ save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. save_ipset_error5=the name "ip_blacklist" is reserved. -save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. -save_ipset_error7=wrong ipset name format. +save_ipset_error6=CIDR network address list expected in /etc/turtlefirewall/listname.ipset +save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error8=wrong ipset name format. save_nat_error_title1=Fail to delete Nat save_nat_error_title2=Fail to create new Nat diff --git a/src/turtlefirewall/lang/en b/src/turtlefirewall/lang/en index de7abc3..796f6ee 100644 --- a/src/turtlefirewall/lang/en +++ b/src/turtlefirewall/lang/en @@ -188,7 +188,6 @@ port_help=Note: range eg. 6000:6010 log_help=Note: target accept logs flow, target drop/reject logs action flowstat_max_help=Note: analysing all flows is resource intensive preroute_help=Note: zone as destination invalid during prerouting -ipset_help=Note: CIDR network address list expected in /etc/turtlefirewall/listname.ipset log_update=Refresh log_title=Action Log flowlog_title=Flow Log @@ -375,8 +374,9 @@ save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. save_ipset_error5=the name "ip_blacklist" is reserved. -save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. -save_ipset_error7=wrong ipset name format. +save_ipset_error6=CIDR network address list expected in /etc/turtlefirewall/listname.ipset +save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error8=wrong ipset name format. save_nat_error_title1=Fail to delete Nat save_nat_error_title2=Fail to create new Nat diff --git a/src/turtlefirewall/lang/fr b/src/turtlefirewall/lang/fr index 47c4fa7..8e8212e 100644 --- a/src/turtlefirewall/lang/fr +++ b/src/turtlefirewall/lang/fr @@ -188,7 +188,6 @@ port_help=Note: range eg. 6000:6010 log_help=Note: target accept logs flow, target drop/reject logs action flowstat_max_help=Note: analysing all flows is resource intensive preroute_help=Note: zone as destination invalid during prerouting -ipset_help=Note: CIDR network address list expected in /etc/turtlefirewall/listname.ipset log_update=Refresh log_title=Action Log flowlog_title=Flow Log @@ -375,8 +374,9 @@ save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. save_ipset_error5=the name "ip_blacklist" is reserved. -save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. -save_ipset_error7=wrong ipset name format. +save_ipset_error6=CIDR network address list expected in /etc/turtlefirewall/listname.ipset +save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error8=wrong ipset name format. save_nat_error_title1=Fail to delete Nat save_nat_error_title2=Fail to create new Nat diff --git a/src/turtlefirewall/lang/it b/src/turtlefirewall/lang/it index c390a8d..f214632 100644 --- a/src/turtlefirewall/lang/it +++ b/src/turtlefirewall/lang/it @@ -188,7 +188,6 @@ port_help=Note: range eg. 6000:6010 log_help=Note: target accept logs flow, target drop/reject logs action flowstat_max_help=Note: analysing all flows is resource intensive preroute_help=Note: zone as destination invalid during prerouting -ipset_help=Note: CIDR network address list expected in /etc/turtlefirewall/listname.ipset log_update=Aggiorna log_title=Action Log flowlog_title=Flow Log @@ -375,8 +374,9 @@ save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. save_ipset_error5=the name "ip_blacklist" is reserved. -save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. -save_ipset_error7=wrong ipset name format. +save_ipset_error6=CIDR network address list expected in /etc/turtlefirewall/listname.ipset +save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error8=wrong ipset name format. save_nat_error_title1=Errore cancellando la regola Nat save_nat_error_title2=Errore creando la regola Nat diff --git a/src/turtlefirewall/lang/nl b/src/turtlefirewall/lang/nl index 55d4690..8e679dd 100644 --- a/src/turtlefirewall/lang/nl +++ b/src/turtlefirewall/lang/nl @@ -188,7 +188,6 @@ port_help=Note: range eg. 6000:6010 log_help=Note: target accept logs flow, target drop/reject logs action flowstat_max_help=Note: analysing all flows is resource intensive preroute_help=Note: zone as destination invalid during prerouting -ipset_help=Note: CIDR network address list expected in /etc/turtlefirewall/listname.ipset log_update=Refresh log_title=Action Log flowlog_title=Flow Log @@ -375,8 +374,9 @@ save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. save_ipset_error5=the name "ip_blacklist" is reserved. -save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. -save_ipset_error7=wrong ipset name format. +save_ipset_error6=CIDR network address list expected in /etc/turtlefirewall/listname.ipset +save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error8=wrong ipset name format. save_nat_error_title1=Fail to delete Nat save_nat_error_title2=Fail to create new Nat diff --git a/src/turtlefirewall/save_ipset.cgi b/src/turtlefirewall/save_ipset.cgi index 5e4feb6..f935156 100644 --- a/src/turtlefirewall/save_ipset.cgi +++ b/src/turtlefirewall/save_ipset.cgi @@ -17,7 +17,7 @@ my $ip = $in{'ip'}; my $zone = $in{'zone'}; my $description = $in{'description'}; -if( ! $fw->checkName($newipset) ) { &error( $text{save_ipset_error7} ); } +if( ! $fw->checkName($newipset) ) { &error( $text{save_ipset_error8} ); } if( $in{'delete'} ) { # delete ipset @@ -47,10 +47,11 @@ if( $in{'delete'} ) { if ( $ipset eq '' ) { &error( $text{save_ipset_error3} ); } if ( ! $fw->GetZone($zone) ) { &error( $text{save_ipset_error4} ); } if ( $ip eq 'ip_blacklist' ) { &error( $text{save_ipset_error5} ); } + if ( $ip eq '' ) { &error( $text{save_ipset_error6} ); } $fw->AddIPSet( $ipset, $ip, $zone, $description ); if( !$in{'new'} && $newipset ne $ipset ) { if( !$fw->RenameItem( $ipset, $newipset ) ) { - &error( &text('save_ipset_error6', $ipset, $newipset) ); + &error( &text('save_ipset_error7', $ipset, $newipset) ); } } } From 627c44e998a7753b725ac24f54888bd9ceb6773d Mon Sep 17 00:00:00 2001 From: netcons Date: Sun, 20 Oct 2024 13:13:15 +0200 Subject: [PATCH 003/113] Rework ipset feature. Keep ipset list management independent of Turtle. Merely provide the option to link an ipset as an item. --- src/turtlefirewall/edit_ipset.cgi | 26 ++++++--------- src/turtlefirewall/lang/de | 2 +- src/turtlefirewall/lang/en | 2 +- src/turtlefirewall/lang/fr | 2 +- src/turtlefirewall/lang/it | 2 +- src/turtlefirewall/lang/nl | 2 +- src/turtlefirewall/list_items.cgi | 12 +++---- src/turtlefirewall/save_ipset.cgi | 3 +- src/turtlefirewall/setup/TurtleFirewall.pm | 39 ++++------------------ 9 files changed, 28 insertions(+), 62 deletions(-) diff --git a/src/turtlefirewall/edit_ipset.cgi b/src/turtlefirewall/edit_ipset.cgi index a6ab275..d1a7b7c 100644 --- a/src/turtlefirewall/edit_ipset.cgi +++ b/src/turtlefirewall/edit_ipset.cgi @@ -10,7 +10,6 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); -use File::Basename; $new = $in{'new'}; @@ -24,20 +23,13 @@ if( $new ) { my $ipset = $in{'ipset'}; my $newipset = $in{'newipset'}; -my %n = $fw->GetIPSet($ipset); -my $ip = $n{'IP'}; -my $zone = $n{'ZONE'}; -my $description = $n{'DESCRIPTION'}; +my %i = $fw->GetIPSet($ipset); +my $ip = $i{'IP'}; +my $type = $i{'TYPE'}; +my $zone = $i{'ZONE'}; +my $description = $i{'DESCRIPTION'}; -my $confdir = &confdir(); - -my @items_ipsetlist = (); -my @ipsetlists = glob("$confdir/*.ipset"); -for my $k (@ipsetlists) { - my $ip = basename($k, ".ipset"); - my @opts = ( "$ip", "$ip - $k" ); - push(@items_ipsetlist, \@opts); -} +my @types = ('hash:ip','hash:net','hash:mac'); my @zones = grep(!/FIREWALL/, $fw->GetZoneList()); @@ -53,8 +45,10 @@ if( $new ) { $col .= &ui_hidden("ipset", $in{'ipset'}); } print &ui_columns_row([ "$text{'name'}", $col ], \@tds); -$col = &ui_select("ip", $ip, \@items_ipsetlist); -print &ui_columns_row([ "$text{'location'}", $col ], \@tds); +$col = &ui_textbox("ip", $ip, 20, 0, 20); +print &ui_columns_row([ "$text{'ipset'}", $col ], \@tds); +$col = &ui_select("type", $type, \@types); +print &ui_columns_row([ "$text{'type'}", $col ], \@tds); $col = &ui_select("zone", $zone, \@zones); print &ui_columns_row([ "$text{'zone'}", $col ], \@tds); $col = &ui_textbox("description", $description, 60, 0, 60); diff --git a/src/turtlefirewall/lang/de b/src/turtlefirewall/lang/de index d7f1066..58feaa0 100644 --- a/src/turtlefirewall/lang/de +++ b/src/turtlefirewall/lang/de @@ -374,7 +374,7 @@ save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. save_ipset_error5=the name "ip_blacklist" is reserved. -save_ipset_error6=CIDR network address list expected in /etc/turtlefirewall/listname.ipset +save_ipset_error6=ipset field can't be empty. save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. save_ipset_error8=wrong ipset name format. diff --git a/src/turtlefirewall/lang/en b/src/turtlefirewall/lang/en index 796f6ee..875e237 100644 --- a/src/turtlefirewall/lang/en +++ b/src/turtlefirewall/lang/en @@ -374,7 +374,7 @@ save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. save_ipset_error5=the name "ip_blacklist" is reserved. -save_ipset_error6=CIDR network address list expected in /etc/turtlefirewall/listname.ipset +save_ipset_error6=ipset field can't be empty. save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. save_ipset_error8=wrong ipset name format. diff --git a/src/turtlefirewall/lang/fr b/src/turtlefirewall/lang/fr index 8e8212e..fec70fe 100644 --- a/src/turtlefirewall/lang/fr +++ b/src/turtlefirewall/lang/fr @@ -374,7 +374,7 @@ save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. save_ipset_error5=the name "ip_blacklist" is reserved. -save_ipset_error6=CIDR network address list expected in /etc/turtlefirewall/listname.ipset +save_ipset_error6=ipset field can't be empty. save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. save_ipset_error8=wrong ipset name format. diff --git a/src/turtlefirewall/lang/it b/src/turtlefirewall/lang/it index f214632..045ebbb 100644 --- a/src/turtlefirewall/lang/it +++ b/src/turtlefirewall/lang/it @@ -374,7 +374,7 @@ save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. save_ipset_error5=the name "ip_blacklist" is reserved. -save_ipset_error6=CIDR network address list expected in /etc/turtlefirewall/listname.ipset +save_ipset_error6=ipset field can't be empty. save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. save_ipset_error8=wrong ipset name format. diff --git a/src/turtlefirewall/lang/nl b/src/turtlefirewall/lang/nl index 8e679dd..deb9bf3 100644 --- a/src/turtlefirewall/lang/nl +++ b/src/turtlefirewall/lang/nl @@ -374,7 +374,7 @@ save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. save_ipset_error5=the name "ip_blacklist" is reserved. -save_ipset_error6=CIDR network address list expected in /etc/turtlefirewall/listname.ipset +save_ipset_error6=ipset field can't be empty. save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. save_ipset_error8=wrong ipset name format. diff --git a/src/turtlefirewall/list_items.cgi b/src/turtlefirewall/list_items.cgi index 9157aae..33b933b 100644 --- a/src/turtlefirewall/list_items.cgi +++ b/src/turtlefirewall/list_items.cgi @@ -434,25 +434,23 @@ sub showIPSet { "style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", + "style=vertical-align:top", "style=vertical-align:top" ); print &ui_columns_start([ "", "$text{'name'}", - "$text{'location'}", + "$text{'ipset'}", + "$text{'type'}", "$text{'zone'}", - "$text{'items'}", "$text{'description'}" ], 100, 0, \@tds); for my $k ($fw->GetIPSetList()) { my %ipset = $fw->GetIPSet($k); - my $confdir = &confdir(); - my $listcount = qx{wc -l < $confdir/$ipset{'IP'}.ipset 2>/dev/null}; - if( $listcount eq '' ) { $listcount = '0'; } local @cols; my $href = &ui_link("edit_ipset.cgi?ipset=$k",$k); push(@cols, "$href" ); - push(@cols, "$ipset{'IP'} - $confdir/$ipset{'IP'}.ipset" ); + push(@cols, "$ipset{'IP'}" ); + push(@cols, "$ipset{'TYPE'}" ); push(@cols, "$ipset{'ZONE'}" ); - push(@cols, $listcount); push(@cols, "".($ipset{'DESCRIPTION'} ne '' ? "$ipset{'DESCRIPTION'}" : ' ')."" ); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } diff --git a/src/turtlefirewall/save_ipset.cgi b/src/turtlefirewall/save_ipset.cgi index f935156..9bea03d 100644 --- a/src/turtlefirewall/save_ipset.cgi +++ b/src/turtlefirewall/save_ipset.cgi @@ -14,6 +14,7 @@ do 'turtlefirewall-lib.pl'; my $ipset = $in{'ipset'}; my $newipset = $in{'newipset'}; my $ip = $in{'ip'}; +my $type = $in{'type'}; my $zone = $in{'zone'}; my $description = $in{'description'}; @@ -48,7 +49,7 @@ if( $in{'delete'} ) { if ( ! $fw->GetZone($zone) ) { &error( $text{save_ipset_error4} ); } if ( $ip eq 'ip_blacklist' ) { &error( $text{save_ipset_error5} ); } if ( $ip eq '' ) { &error( $text{save_ipset_error6} ); } - $fw->AddIPSet( $ipset, $ip, $zone, $description ); + $fw->AddIPSet( $ipset, $ip, $type, $zone, $description ); if( !$in{'new'} && $newipset ne $ipset ) { if( !$fw->RenameItem( $ipset, $newipset ) ) { &error( &text('save_ipset_error7', $ipset, $newipset) ); diff --git a/src/turtlefirewall/setup/TurtleFirewall.pm b/src/turtlefirewall/setup/TurtleFirewall.pm index 5b4398e..eb14c35 100644 --- a/src/turtlefirewall/setup/TurtleFirewall.pm +++ b/src/turtlefirewall/setup/TurtleFirewall.pm @@ -326,13 +326,12 @@ sub AddGroup { my $description = shift; my @items = @_; if( !$this->{fw}{GROUP}{$group} ) { - # Se non e' gia' stato inserito lo aggiungo alla lista ordinata di keys + # If it has not already been inserted, I add it to the ordered list of keys push @{ $this->{fwKeys}{GROUP} }, $group; } %{ $this->{fw}{GROUP}{$group} } = ( 'DESCRIPTION'=>$description ); @{ $this->{fw}{GROUP}{$group}{ITEMS} } = @items; $this->{fwItems}{$group} = 'GROUP'; - return 1; } # AddTimeGroup( $timegroup, $description, @items ) @@ -342,13 +341,12 @@ sub AddTimeGroup { my $description = shift; my @items = @_; if( !$this->{fw}{TIMEGROUP}{$timegroup} ) { - # Se non e' gia' stato inserito lo aggiungo alla lista ordinata di keys + # If it has not already been inserted, I add it to the ordered list of keys push @{ $this->{fwKeys}{TIMEGROUP} }, $timegroup; } %{ $this->{fw}{TIMEGROUP}{$timegroup} } = ( 'DESCRIPTION'=>$description ); @{ $this->{fw}{TIMEGROUP}{$timegroup}{ITEMS} } = @items; $this->{fwItems}{$timegroup} = 'TIMEGROUP'; - return 1; } # AddHostNameSet( $name, $hostnames, $description ) @@ -372,12 +370,11 @@ sub AddRateLimit { $this->{fwItems}{$name} = 'RATELIMIT'; } -# AddIPSet( $name, $ip, $zone, $description ) +# AddIPSet( $name, $ip, $type, $zone, $description ) sub AddIPSet { - my ($this, $name, $ip, $zone, $description) = @_; - %{ $this->{fw}{IPSET}{$name} } = ('NAME'=>$name, 'IP'=>$ip, 'ZONE'=>$zone, 'DESCRIPTION'=>$description ); + my ($this, $name, $ip, $type, $zone, $description) = @_; + %{ $this->{fw}{IPSET}{$name} } = ('NAME'=>$name, 'IP'=>$ip, 'TYPE'=>$type, 'ZONE'=>$zone, 'DESCRIPTION'=>$description ); $this->{fwItems}{$name} = 'IPSET'; - return 1; } # AddHost( $name, $ip, $mac, $zone, $description ) @@ -399,7 +396,6 @@ sub AddGeoip { my ($this, $name, $ip, $zone, $description) = @_; %{ $this->{fw}{GEOIP}{$name} } = ('NAME'=>$name, 'IP'=>$ip, 'ZONE'=>$zone, 'DESCRIPTION'=>$description ); $this->{fwItems}{$name} = 'GEOIP'; - return 1; } # AddNet( $name, $ip, $netmask, $zone, $description ) @@ -407,7 +403,6 @@ sub AddNet { my ($this, $name, $ip, $netmask, $zone, $description) = @_; %{ $this->{fw}{NET}{$name} } = ('NAME'=>$name, 'IP'=>$ip, 'NETMASK'=>$netmask,'ZONE'=>$zone, 'DESCRIPTION'=>$description ); $this->{fwItems}{$name} = 'NET'; - return 1; } # AddZone( $name, $if, $description ) @@ -415,7 +410,6 @@ sub AddZone { my ($this, $name, $if, $description) = @_; %{ $this->{fw}{ZONE}{$name} } = ('NAME'=>$name, 'IF'=>$if, 'DESCRIPTION'=>$description ); $this->{fwItems}{$name} = 'ZONE'; - return 1; } # AddMasquerade( $idx, $zone, $active ) if $idx==0 then add new Masquerade @@ -1744,11 +1738,7 @@ sub startFirewall { my %ipset = $this->GetIPSet($s); for( my $i=0; $i<=$#{$this->{fw}{RULE}}; $i++ ) { if( $this->{fw}{RULE}[$i]{SRC} eq $s || $this->{fw}{RULE}[$i]{DST} eq $s && $this->{fw}{RULE}[$i]{ACTIVE} ne 'NO') { - if( ! -e "/etc/turtlefirewall/$ipset{'IP'}.ipset" ) { - open( FILE, ">", "/etc/turtlefirewall/$ipset{'IP'}.ipset" ); - close( FILE ); - } - $this->command( "ipset create $ipset{'IP'} hash:net", "/dev/null 2>&1" ); + $this->command( "ipset create $ipset{'IP'} $ipset{'TYPE'}", "/dev/null 2>&1" ); last; } } @@ -1792,23 +1782,6 @@ sub startFirewall { } } } - - # Import IPsets - for my $s ($this->GetIPSetList()) { - my %ipset = $this->GetIPSet($s); - for( my $i=0; $i<=$#{$this->{fw}{RULE}}; $i++ ) { - if( $this->{fw}{RULE}[$i]{SRC} eq $s || $this->{fw}{RULE}[$i]{DST} eq $s && $this->{fw}{RULE}[$i]{ACTIVE} ne 'NO') { - print "run ipset-restore $s($ipset{'IP'})\n"; - $this->command( "ipset flush $ipset{'IP'}", "/dev/null 2>&1" ); - my @items = (); - open( FILE, "<", "/etc/turtlefirewall/$ipset{'IP'}.ipset" ); - while( ) { if( $_ =~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/\b([0-9]|[12][0-9]|3[0-2])\b)/ ) { push(@items, $1); } } - close( FILE ); - for my $n (@items) { $this->command( "ipset add $ipset{'IP'} $n", "/dev/null 2>&1" ); } - last; - } - } - } } sub stopFirewall { From de309e0e21e7dde3f9b69f82c5be0023c7185191 Mon Sep 17 00:00:00 2001 From: netcons Date: Sun, 20 Oct 2024 16:49:51 +0200 Subject: [PATCH 004/113] ipset lang updates --- src/turtlefirewall/lang/de | 1 + src/turtlefirewall/lang/en | 1 + src/turtlefirewall/lang/fr | 1 + src/turtlefirewall/lang/it | 1 + src/turtlefirewall/lang/nl | 1 + 5 files changed, 5 insertions(+) diff --git a/src/turtlefirewall/lang/de b/src/turtlefirewall/lang/de index 58feaa0..ea565ef 100644 --- a/src/turtlefirewall/lang/de +++ b/src/turtlefirewall/lang/de @@ -28,6 +28,7 @@ risks=Risks ratelimit=Rate Limit rate=Rate ipset=IP Set +type=Type time=Time timeitems=Weekdays name=Name diff --git a/src/turtlefirewall/lang/en b/src/turtlefirewall/lang/en index 875e237..07f6934 100644 --- a/src/turtlefirewall/lang/en +++ b/src/turtlefirewall/lang/en @@ -28,6 +28,7 @@ risks=Risks ratelimit=Rate Limit rate=Rate ipset=IP Set +type=Type time=Time timeitems=Weekdays name=Name diff --git a/src/turtlefirewall/lang/fr b/src/turtlefirewall/lang/fr index fec70fe..3f75844 100644 --- a/src/turtlefirewall/lang/fr +++ b/src/turtlefirewall/lang/fr @@ -28,6 +28,7 @@ risks=Risks ratelimit=Rate Limit rate=Rate ipset=IP Set +type=Type time=Time timeitems=Weekdays name=Nom diff --git a/src/turtlefirewall/lang/it b/src/turtlefirewall/lang/it index 045ebbb..2ae7c5a 100644 --- a/src/turtlefirewall/lang/it +++ b/src/turtlefirewall/lang/it @@ -28,6 +28,7 @@ risks=Risks ratelimit=Rate Limit rate=Rate ipset=IP Set +type=Type time=Time timeitems=Weekdays name=Nome diff --git a/src/turtlefirewall/lang/nl b/src/turtlefirewall/lang/nl index deb9bf3..eddb184 100644 --- a/src/turtlefirewall/lang/nl +++ b/src/turtlefirewall/lang/nl @@ -28,6 +28,7 @@ risks=Risks ratelimit=Rate Limit rate=Rate ipset=IP Set +type=Type time=Time timeitems=Weekdays name=Naam From 90629d5c5e8b84ac6215ed901f78b975db84e489 Mon Sep 17 00:00:00 2001 From: netcons Date: Mon, 21 Oct 2024 16:33:33 +0200 Subject: [PATCH 005/113] Rework ipset feature again. --- src/turtlefirewall/edit_addresslist.cgi | 65 +++++++++++++++ src/turtlefirewall/edit_ipset.cgi | 9 +-- src/turtlefirewall/images/db.png | Bin 0 -> 360 bytes src/turtlefirewall/lang/de | 18 ++++- src/turtlefirewall/lang/en | 18 ++++- src/turtlefirewall/lang/fr | 18 ++++- src/turtlefirewall/lang/it | 18 ++++- src/turtlefirewall/lang/nl | 18 ++++- src/turtlefirewall/list_items.cgi | 48 ++++++++++-- src/turtlefirewall/save_addresslist.cgi | 60 ++++++++++++++ src/turtlefirewall/save_ipset.cgi | 3 +- src/turtlefirewall/setup/TurtleFirewall.pm | 87 ++++++++++++++++++++- 12 files changed, 340 insertions(+), 22 deletions(-) create mode 100644 src/turtlefirewall/edit_addresslist.cgi create mode 100644 src/turtlefirewall/images/db.png create mode 100644 src/turtlefirewall/save_addresslist.cgi diff --git a/src/turtlefirewall/edit_addresslist.cgi b/src/turtlefirewall/edit_addresslist.cgi new file mode 100644 index 0000000..46041b2 --- /dev/null +++ b/src/turtlefirewall/edit_addresslist.cgi @@ -0,0 +1,65 @@ +#!/usr/bin/perl + +#====================================================================== +# Turtle Firewall webmin module +# +# Copyright (c) Andrea Frigido +# You may distribute under the terms of either the GNU General Public +# License +#====================================================================== + +do 'turtlefirewall-lib.pl'; +&ReadParse(); + +$new = $in{'new'}; + +my $heading = ''; +if( $new ) { + $heading = "$text{'edit_addresslist_title_create'}"; +} else { + $heading = "$text{'edit_addresslist_title_edit'}"; +} +&ui_print_header( $heading, $text{'title'}, "" ); + +my $addresslist = $in{'addresslist'}; +my $newaddresslist = $in{'newaddresslist'}; +my %a = $fw->GetAddressList($addresslist); +my $location = $a{'LOCATION'}; +my $type = $a{'TYPE'}; +my $description = $a{'DESCRIPTION'}; + +my @types = ('hash:ip','hash:net','hash:mac'); + +print &ui_subheading($heading); +print &ui_form_start("save_addresslist.cgi", "post"); +my @tds = ( "width=20%", "width=80%" ); +print &ui_columns_start(undef, 100, 0, \@tds); +my $col = ''; +if( $new ) { + $col = &ui_textbox("addresslist"); +} else { + $col = &ui_textbox("newaddresslist", $in{'addresslist'}); + $col .= &ui_hidden("addresslist", $in{'addresslist'}); +} +print &ui_columns_row([ "$text{'name'}", $col ], \@tds); +$col = &ui_textbox("location", $location, 60, 0, 60); +print &ui_columns_row([ "$text{'location'}", $col ], \@tds); +$col = &ui_select("type", $type, \@types); +print &ui_columns_row([ "$text{'type'}", $col ], \@tds); +$col = &ui_textbox("description", $description, 60, 0, 60); +print &ui_columns_row([ "$text{'description'}", $col ], \@tds); +print &ui_columns_end(); + +print ""; +if( $new ) { + print ''; +} else { + print ''; + print ''; +} +print "
'.&ui_submit( $text{'button_create'}, "new").''.&ui_submit( $text{'button_save'}, "save").''.&ui_submit( $text{'button_delete'}, "delete").'
"; + +print &ui_form_end(); + +print "

"; +&ui_print_footer('list_items.cgi','items list'); diff --git a/src/turtlefirewall/edit_ipset.cgi b/src/turtlefirewall/edit_ipset.cgi index d1a7b7c..59d94f1 100644 --- a/src/turtlefirewall/edit_ipset.cgi +++ b/src/turtlefirewall/edit_ipset.cgi @@ -25,11 +25,10 @@ my $ipset = $in{'ipset'}; my $newipset = $in{'newipset'}; my %i = $fw->GetIPSet($ipset); my $ip = $i{'IP'}; -my $type = $i{'TYPE'}; my $zone = $i{'ZONE'}; my $description = $i{'DESCRIPTION'}; -my @types = ('hash:ip','hash:net','hash:mac'); +my @ips = $fw->GetAddressListList(); my @zones = grep(!/FIREWALL/, $fw->GetZoneList()); @@ -45,10 +44,8 @@ if( $new ) { $col .= &ui_hidden("ipset", $in{'ipset'}); } print &ui_columns_row([ "$text{'name'}", $col ], \@tds); -$col = &ui_textbox("ip", $ip, 20, 0, 20); -print &ui_columns_row([ "$text{'ipset'}", $col ], \@tds); -$col = &ui_select("type", $type, \@types); -print &ui_columns_row([ "$text{'type'}", $col ], \@tds); +$col = &ui_select("ip", $ip, \@ips); +print &ui_columns_row([ "$text{'addresslist'}", $col ], \@tds); $col = &ui_select("zone", $zone, \@zones); print &ui_columns_row([ "$text{'zone'}", $col ], \@tds); $col = &ui_textbox("description", $description, 60, 0, 60); diff --git a/src/turtlefirewall/images/db.png b/src/turtlefirewall/images/db.png new file mode 100644 index 0000000000000000000000000000000000000000..f5e2c90f63e64601c08b6c44999bd66227d0fa05 GIT binary patch literal 360 zcmV-u0hj)XP)77(2Q0<}swDu< zCEZj
"; &showRateLimit(); +$form++; +print "

"; +&showAddressList(); + $form++; print "

"; &showIPSet(); @@ -424,6 +428,43 @@ sub showRateLimit { print ""; print &ui_form_end(); } +sub showAddressList { + print &ui_subheading("",$text{'addresslist'}); + print &ui_form_start("save_addresslist.cgi", "post"); + @links = ( &select_all_link("d", $form), + &select_invert_link("d", $form), + "$text{'list_items_create_addresslist'}" ); + @tds = ( "width=1% style=vertical-align:top", + "style=vertical-align:top", + "style=vertical-align:top", + "style=vertical-align:top", + "style=vertical-align:top", + "style=vertical-align:top" ); + print &ui_columns_start([ + "", + "$text{'name'}", + "$text{'location'}", + "$text{'items'}", + "$text{'type'}", + "$text{'description'}" ], 100, 0, \@tds); + for my $k ($fw->GetAddressListList()) { + my %addresslist = $fw->GetAddressList($k); + local @cols; + my $href = &ui_link("edit_addresslist.cgi?addresslist=$k",$k); + push(@cols, "$href" ); + push(@cols, "$addresslist{'LOCATION'}" ); + push(@cols, qx{wc -l < $addresslist{'LOCATION'} 2>/dev/null} ); + push(@cols, "$addresslist{'TYPE'}" ); + push(@cols, "".($addresslist{'DESCRIPTION'} ne '' ? "$addresslist{'DESCRIPTION'}" : ' ')."" ); + print &ui_checked_columns_row(\@cols, \@tds, "d", $k); + } + print &ui_columns_end(); + print ""; + print ''; + print ''; + print "
'.&ui_links_row(\@links).''.&ui_submit( $text{'delete_selected'}, "delete").'
"; + print &ui_form_end(); +} sub showIPSet { print &ui_subheading("",$text{'ipset'}); print &ui_form_start("save_ipset.cgi", "post"); @@ -434,13 +475,11 @@ sub showIPSet { "style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", - "style=vertical-align:top", "style=vertical-align:top" ); print &ui_columns_start([ "", "$text{'name'}", - "$text{'ipset'}", - "$text{'type'}", + "$text{'addresslist'}", "$text{'zone'}", "$text{'description'}" ], 100, 0, \@tds); for my $k ($fw->GetIPSetList()) { @@ -448,8 +487,7 @@ sub showIPSet { local @cols; my $href = &ui_link("edit_ipset.cgi?ipset=$k",$k); push(@cols, "$href" ); - push(@cols, "$ipset{'IP'}" ); - push(@cols, "$ipset{'TYPE'}" ); + push(@cols, "$ipset{'IP'}" ); push(@cols, "$ipset{'ZONE'}" ); push(@cols, "".($ipset{'DESCRIPTION'} ne '' ? "$ipset{'DESCRIPTION'}" : ' ')."" ); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); diff --git a/src/turtlefirewall/save_addresslist.cgi b/src/turtlefirewall/save_addresslist.cgi new file mode 100644 index 0000000..128c20d --- /dev/null +++ b/src/turtlefirewall/save_addresslist.cgi @@ -0,0 +1,60 @@ +#!/usr/bin/perl + +#====================================================================== +# Turtle Firewall webmin module +# +# Copyright (c) Andrea Frigido +# You may distribute under the terms of either the GNU General Public +# License +#====================================================================== + +do 'turtlefirewall-lib.pl'; +&ReadParse(); + +my $addresslist = $in{'addresslist'}; +my $newaddresslist = $in{'newaddresslist'}; +my $location = $in{'location'}; +my $type = $in{'type'}; +my $description = $in{'description'}; + +if( ! $fw->checkName($newaddresslist) ) { &error( $text{save_addresslist_error8} ); } + +if( $in{'delete'} ) { + # delete addresslist + if( $in{'d'} ) { + @d = split(/\0/, $in{'d'}); + foreach $d (sort { $b <=> $a } @d) { + my $addresslist = $d; + $whatfailed = $text{save_addresslist_error_title1}; + if( !$fw->DeleteIPSet($addresslist) ) { &error( $text{save_addresslist_error1} ); } + } + } elsif( $addresslist ne '' ) { + $whatfailed = $text{save_addresslist_error_title1}; + if( !$fw->DeleteIPSet($addresslist) ) { &error( $text{save_addresslist_error1} ); } + } +} else { + if( $in{'new'} ) { + $whatfailed = $text{save_addresslist_error_title2}; + my @allitems = $fw->GetAllItemsList(); + foreach my $i (@allitems) { + if( $i eq $addresslist ) { + &error( $text{save_addresslist_error2} ); + } + } + } else { + $whatfailed = $text{save_addresslist_error_title3}; + } + if ( $addresslist eq '' ) { &error( $text{save_addresslist_error3} ); } + if ( $addresslist eq 'ip_blacklist' ) { &error( $text{save_addresslist_error4} ); } + if ( $location eq '' ) { &error( $text{save_addresslist_error5} ); } + if ( ! -f $location ) { &error( $text{save_addresslist_error6} ); } + $fw->AddAddressList( $addresslist, $location, $type, $description ); + if( !$in{'new'} && $newaddresslist ne $addresslist ) { + if( !$fw->RenameItem( $addresslist, $newaddresslist ) ) { + &error( &text('save_addresslist_error7', $addresslist, $newaddresslist) ); + } + } +} + +$fw->SaveFirewall(); +&redirect( 'list_items.cgi' ); diff --git a/src/turtlefirewall/save_ipset.cgi b/src/turtlefirewall/save_ipset.cgi index 9bea03d..f935156 100644 --- a/src/turtlefirewall/save_ipset.cgi +++ b/src/turtlefirewall/save_ipset.cgi @@ -14,7 +14,6 @@ do 'turtlefirewall-lib.pl'; my $ipset = $in{'ipset'}; my $newipset = $in{'newipset'}; my $ip = $in{'ip'}; -my $type = $in{'type'}; my $zone = $in{'zone'}; my $description = $in{'description'}; @@ -49,7 +48,7 @@ if( $in{'delete'} ) { if ( ! $fw->GetZone($zone) ) { &error( $text{save_ipset_error4} ); } if ( $ip eq 'ip_blacklist' ) { &error( $text{save_ipset_error5} ); } if ( $ip eq '' ) { &error( $text{save_ipset_error6} ); } - $fw->AddIPSet( $ipset, $ip, $type, $zone, $description ); + $fw->AddIPSet( $ipset, $ip, $zone, $description ); if( !$in{'new'} && $newipset ne $ipset ) { if( !$fw->RenameItem( $ipset, $newipset ) ) { &error( &text('save_ipset_error7', $ipset, $newipset) ); diff --git a/src/turtlefirewall/setup/TurtleFirewall.pm b/src/turtlefirewall/setup/TurtleFirewall.pm index eb14c35..6411c54 100644 --- a/src/turtlefirewall/setup/TurtleFirewall.pm +++ b/src/turtlefirewall/setup/TurtleFirewall.pm @@ -88,6 +88,11 @@ sub GetRateLimitList { return sort( keys %{ $this->{fw}{RATELIMIT} } ); } +sub GetAddressListList { + my $this = shift; + return sort( keys %{ $this->{fw}{ADDRESSLIST} } ); +} + sub GetIPSetList { my $this = shift; return sort( keys %{ $this->{fw}{IPSET} } ); @@ -143,6 +148,11 @@ sub GetRateLimit { return %{ $this->{fw}{RATELIMIT}{$name} }; } +sub GetAddressList { + my ($this,$name) = @_; + return %{ $this->{fw}{ADDRESSLIST}{$name} }; +} + sub GetIPSet { my ($this,$name) = @_; return %{ $this->{fw}{IPSET}{$name} }; @@ -370,10 +380,17 @@ sub AddRateLimit { $this->{fwItems}{$name} = 'RATELIMIT'; } -# AddIPSet( $name, $ip, $type, $zone, $description ) +# AddAddressList( $name, $location, $type, $description ) +sub AddAddressList { + my ($this, $name, $location, $type, $description) = @_; + %{ $this->{fw}{ADDRESSLIST}{$name} } = ('NAME'=>$name, 'LOCATION'=>$location, 'TYPE'=>$type, 'DESCRIPTION'=>$description ); + $this->{fwItems}{$name} = 'ADDRESSLIST'; +} + +# AddIPSet( $name, $ip, $zone, $description ) sub AddIPSet { - my ($this, $name, $ip, $type, $zone, $description) = @_; - %{ $this->{fw}{IPSET}{$name} } = ('NAME'=>$name, 'IP'=>$ip, 'TYPE'=>$type, 'ZONE'=>$zone, 'DESCRIPTION'=>$description ); + my ($this, $name, $ip, $zone, $description) = @_; + %{ $this->{fw}{IPSET}{$name} } = ('NAME'=>$name, 'IP'=>$ip, 'ZONE'=>$zone, 'DESCRIPTION'=>$description ); $this->{fwItems}{$name} = 'IPSET'; } @@ -678,6 +695,16 @@ sub DeleteItem { } } + # If it's an addresslist, I need to check ipset items that use this addresslist. + if( $type eq 'ADDRESSLIST' ) { + for my $k (@{$this->{fwKeys}{IPSET}}) { + if( $this->{fw}{IPSET}{$k}{IP} eq $name ) { + $found = 1; + last; + } + } + } + # Now I check if this item is included in a group for my $g (@{$this->{fwKeys}{GROUP}}) { for my $i (@{$this->{fw}{GROUP}{$g}{ITEMS}}) { @@ -843,6 +870,15 @@ sub RenameItem { } } + # If it's an addresslist, I need to change all ipsets that use this addresslist. + if( $type eq 'ADDRESSLIST' ) { + foreach $k (@{$this->{fwKeys}{IPSET}}) { + if( $this->{fw}{IPSET}{$k}{IP} eq $oldname ) { + $this->{fw}{IPSET}{$k}{IP} = $newname; + } + } + } + # change itme name in groups foreach my $group (@{$this->{fwKeys}{GROUP}}) { for( my $i=0; $i<=$#{$this->{fw}{GROUP}{$group}{ITEMS}}; $i++ ) { @@ -907,6 +943,13 @@ sub DeleteRateLimit { my ($this, $ratelimit) = @_; return $this->DeleteItem( $ratelimit ); } + +# DeleteAddressList( $addresslist ); +sub DeleteAddressList { + my ($this, $addresslist) = @_; + return $this->DeleteItem( $addresslist ); +} + # DeleteIPSet( $ipset ); sub DeleteIPSet { my ($this, $ipset) = @_; @@ -1031,6 +1074,7 @@ sub LoadFirewall { if( $name2 eq 'HOSTNAMESET' ) { $this->_LoadFirewallItem( 'HOSTNAMESET', @{$list[$j+1]} ); } if( $name2 eq 'RISKSET' ) { $this->_LoadFirewallItem( 'RISKSET', @{$list[$j+1]} ); } if( $name2 eq 'RATELIMIT' ) { $this->_LoadFirewallItem( 'RATELIMIT', @{$list[$j+1]} ); } + if( $name2 eq 'ADDRESSLIST' ) { $this->_LoadFirewallItem( 'ADDRESSLIST', @{$list[$j+1]} ); } if( $name2 eq 'IPSET' ) { $this->_LoadFirewallItem( 'IPSET', @{$list[$j+1]} ); } if( $name2 eq 'MASQUERADE' ) { $this->_LoadFirewallNat( 'MASQUERADE', @{$list[$j+1]} ); } if( $name2 eq 'NAT' ) { $this->_LoadFirewallNat( 'NAT', @{$list[$j+1]} ); } @@ -1459,6 +1503,11 @@ sub SaveFirewallAs { } if( %{$fw{'GEOIP'}} ) { $xml .= "\n"; } + foreach my $k (keys %{$fw{'ADDRESSLIST'}}) { + $xml .= $this->attr2xml( 'addresslist', %{$fw{'ADDRESSLIST'}{$k}} ); + } + if( %{$fw{'ADDRESSLIST'}} ) { $xml .= "\n"; } + foreach my $k (keys %{$fw{'IPSET'}}) { $xml .= $this->attr2xml( 'ipset', %{$fw{'IPSET'}{$k}} ); } @@ -1738,7 +1787,8 @@ sub startFirewall { my %ipset = $this->GetIPSet($s); for( my $i=0; $i<=$#{$this->{fw}{RULE}}; $i++ ) { if( $this->{fw}{RULE}[$i]{SRC} eq $s || $this->{fw}{RULE}[$i]{DST} eq $s && $this->{fw}{RULE}[$i]{ACTIVE} ne 'NO') { - $this->command( "ipset create $ipset{'IP'} $ipset{'TYPE'}", "/dev/null 2>&1" ); + my $list_type = $this->{fw}{ADDRESSLIST}{$ipset{'IP'}}{TYPE}; + $this->command( "ipset create $ipset{'IP'} $list_type", "/dev/null 2>&1" ); last; } } @@ -1782,6 +1832,35 @@ sub startFirewall { } } } + + # Import IPSets + for my $s ($this->GetIPSetList()) { + my %ipset = $this->GetIPSet($s); + for( my $i=0; $i<=$#{$this->{fw}{RULE}}; $i++ ) { + if( $this->{fw}{RULE}[$i]{SRC} eq $s || $this->{fw}{RULE}[$i]{DST} eq $s && $this->{fw}{RULE}[$i]{ACTIVE} ne 'NO') { + print "run ipset-restore $s($ipset{'IP'})\n"; + my $list_location = $this->{fw}{ADDRESSLIST}{$ipset{'IP'}}{LOCATION}; + my $list_type = $this->{fw}{ADDRESSLIST}{$ipset{'IP'}}{TYPE}; + $this->command( "ipset flush $ipset{'IP'}", "/dev/null 2>&1" ); + my @items = (); + open( FILE, "<", "$list_location" ); + while( ) { + if( $list_type eq "hash:ip" ) { + if( $_ =~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/ ) { push(@items, $1); } + } + if( $list_type eq "hash:net" ) { + if( $_ =~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/\b([0-9]|[12][0-9]|3[0-2])\b)/ ) { push(@items, $1); } + } + if( $list_type eq "hash:mac" ) { + if( $_ =~ /([0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2})/ ) { push(@items, $1); } + } + } + close( FILE ); + for my $i (@items) { $this->command( "ipset add $ipset{'IP'} $i", "/dev/null 2>&1" ); } + last; + } + } + } } sub stopFirewall { From 49a9bf6e46e7067696fd158c7a0b450b2f72b3e1 Mon Sep 17 00:00:00 2001 From: netcons Date: Tue, 22 Oct 2024 04:53:53 +0200 Subject: [PATCH 006/113] IPSet : Fix multi select items. --- src/turtlefirewall/edit_addresslist.cgi | 6 +-- src/turtlefirewall/images/file.png | Bin 0 -> 172 bytes src/turtlefirewall/lang/de | 4 +- src/turtlefirewall/lang/en | 4 +- src/turtlefirewall/lang/fr | 4 +- src/turtlefirewall/lang/it | 4 +- src/turtlefirewall/lang/nl | 4 +- src/turtlefirewall/list_blacklists.cgi | 6 +-- src/turtlefirewall/list_items.cgi | 6 +-- src/turtlefirewall/save_addresslist.cgi | 8 ++-- src/turtlefirewall/setup/TurtleFirewall.pm | 42 ++++++++++++--------- src/turtlefirewall/turtlefirewall-lib.pl | 8 ++-- 12 files changed, 51 insertions(+), 45 deletions(-) create mode 100644 src/turtlefirewall/images/file.png diff --git a/src/turtlefirewall/edit_addresslist.cgi b/src/turtlefirewall/edit_addresslist.cgi index 46041b2..70e9e8d 100644 --- a/src/turtlefirewall/edit_addresslist.cgi +++ b/src/turtlefirewall/edit_addresslist.cgi @@ -24,7 +24,7 @@ if( $new ) { my $addresslist = $in{'addresslist'}; my $newaddresslist = $in{'newaddresslist'}; my %a = $fw->GetAddressList($addresslist); -my $location = $a{'LOCATION'}; +my $file = $a{'FILE'}; my $type = $a{'TYPE'}; my $description = $a{'DESCRIPTION'}; @@ -42,8 +42,8 @@ if( $new ) { $col .= &ui_hidden("addresslist", $in{'addresslist'}); } print &ui_columns_row([ "$text{'name'}", $col ], \@tds); -$col = &ui_textbox("location", $location, 60, 0, 60); -print &ui_columns_row([ "$text{'location'}", $col ], \@tds); +$col = &ui_textbox("file", $file, 60, 0, 60); +print &ui_columns_row([ "$text{'file'}", $col ], \@tds); $col = &ui_select("type", $type, \@types); print &ui_columns_row([ "$text{'type'}", $col ], \@tds); $col = &ui_textbox("description", $description, 60, 0, 60); diff --git a/src/turtlefirewall/images/file.png b/src/turtlefirewall/images/file.png new file mode 100644 index 0000000000000000000000000000000000000000..1d7edf5b13c69ce2006e7cab7ee01951e6fb5b48 GIT binary patch literal 172 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!61|;P_|4#%`oCO|{#S9GG!XV7ZFl&wkP%zHZ z#WAE}PIAHmwTz4mjpL1zBWRvxnINxwFiRvoHJvBwkH$A<}3ZVViE~+ Qfi^LCy85}Sb4q9e0R9~|P5=M^ literal 0 HcmV?d00001 diff --git a/src/turtlefirewall/lang/de b/src/turtlefirewall/lang/de index 24645c4..e31d45c 100644 --- a/src/turtlefirewall/lang/de +++ b/src/turtlefirewall/lang/de @@ -81,7 +81,7 @@ off=off unchange=unchange description=Beschreibung items=Items -location=Location +file=File autoupdate=Auto Update category=Category index=Turtle Firewall index @@ -378,7 +378,7 @@ save_addresslist_error1=it's used in an ipset save_addresslist_error2=Item with same name already present. save_addresslist_error3=addresslist name field can't be empty. save_addresslist_error4=the name "ip_blacklist" is reserved. -save_addresslist_error5=location field can't be empty. +save_addresslist_error5=file field can't be empty. save_addresslist_error6=file doesn't exist. save_addresslist_error7=addresslist "$1" can't be renamed to "$2", it already exists. save_addresslist_error8=wrong addresslist name format. diff --git a/src/turtlefirewall/lang/en b/src/turtlefirewall/lang/en index 6790a83..f2abf97 100644 --- a/src/turtlefirewall/lang/en +++ b/src/turtlefirewall/lang/en @@ -81,7 +81,7 @@ off=off unchange=unchange description=Description items=Items -location=Location +file=File autoupdate=Auto Update category=Category index=Turtle Firewall index @@ -378,7 +378,7 @@ save_addresslist_error1=it's used in an ipset save_addresslist_error2=Item with same name already present. save_addresslist_error3=addresslist name field can't be empty. save_addresslist_error4=the name "ip_blacklist" is reserved. -save_addresslist_error5=location field can't be empty. +save_addresslist_error5=file field can't be empty. save_addresslist_error6=file doesn't exist. save_addresslist_error7=addresslist "$1" can't be renamed to "$2", it already exists. save_addresslist_error8=wrong addresslist name format. diff --git a/src/turtlefirewall/lang/fr b/src/turtlefirewall/lang/fr index 0b8c886..4a24b44 100644 --- a/src/turtlefirewall/lang/fr +++ b/src/turtlefirewall/lang/fr @@ -81,7 +81,7 @@ off=off unchange=unchange description=Description items=Items -location=Location +file=File autoupdate=Auto Update category=Category index=Turtle Firewall index @@ -378,7 +378,7 @@ save_addresslist_error1=it's used in an ipset save_addresslist_error2=Item with same name already present. save_addresslist_error3=addresslist name field can't be empty. save_addresslist_error4=the name "ip_blacklist" is reserved. -save_addresslist_error5=location field can't be empty. +save_addresslist_error5=file field can't be empty. save_addresslist_error6=file doesn't exist. save_addresslist_error7=addresslist "$1" can't be renamed to "$2", it already exists. save_addresslist_error8=wrong addresslist name format. diff --git a/src/turtlefirewall/lang/it b/src/turtlefirewall/lang/it index 436cc94..0ab9dc3 100644 --- a/src/turtlefirewall/lang/it +++ b/src/turtlefirewall/lang/it @@ -81,7 +81,7 @@ off=off unchange=unchange description=Descrizione items=Items -location=Location +file=File autoupdate=Auto Update category=Category index=Turtle Firewall index @@ -378,7 +378,7 @@ save_addresslist_error1=it's used in an ipset save_addresslist_error2=Item with same name already present. save_addresslist_error3=addresslist name field can't be empty. save_addresslist_error4=the name "ip_blacklist" is reserved. -save_addresslist_error5=location field can't be empty. +save_addresslist_error5=file field can't be empty. save_addresslist_error6=file doesn't exist. save_addresslist_error7=addresslist "$1" can't be renamed to "$2", it already exists. save_addresslist_error8=wrong addresslist name format. diff --git a/src/turtlefirewall/lang/nl b/src/turtlefirewall/lang/nl index f20be5d..b4a08db 100644 --- a/src/turtlefirewall/lang/nl +++ b/src/turtlefirewall/lang/nl @@ -81,7 +81,7 @@ off=off unchange=unchange description=Beschrijving items=Items -location=Location +file=File autoupdate=Auto Update category=Category index=Turtle Firewall index @@ -378,7 +378,7 @@ save_addresslist_error1=it's used in an ipset save_addresslist_error2=Item with same name already present. save_addresslist_error3=addresslist name field can't be empty. save_addresslist_error4=the name "ip_blacklist" is reserved. -save_addresslist_error5=location field can't be empty. +save_addresslist_error5=file field can't be empty. save_addresslist_error6=file doesn't exist. save_addresslist_error7=addresslist "$1" can't be renamed to "$2", it already exists. save_addresslist_error8=wrong addresslist name format. diff --git a/src/turtlefirewall/list_blacklists.cgi b/src/turtlefirewall/list_blacklists.cgi index 29b8724..0f0859f 100644 --- a/src/turtlefirewall/list_blacklists.cgi +++ b/src/turtlefirewall/list_blacklists.cgi @@ -24,7 +24,7 @@ sub showBlackLists { @tds = ( "width=20%", "width=20%", "width=20%", "width=1% style=text-align:center", "width=1% style=text-align:center" ); print &ui_columns_start([ "$text{'name'}", "$text{'description'}", - "$text{'location'}", + "$text{'file'}", "$text{'items'}", "$text{'autoupdate'}" ], 100, 0, \@tds); my @items = (); @@ -32,8 +32,8 @@ sub showBlackLists { local @cols; push(@cols, "$b"); push(@cols, "$blacklists{$b}{DESCRIPTION}"); - push(@cols, "$blacklists{$b}{LOCATION}"); - my $blacklistcount = qx{wc -l < $blacklists{$b}{LOCATION} 2>/dev/null}; + push(@cols, "$blacklists{$b}{FILE}"); + my $blacklistcount = qx{wc -l < $blacklists{$b}{FILE} 2>/dev/null}; if( $blacklistcount eq '' ) { $blacklistcount = '0'; } push(@cols, $blacklistcount); my $autoupdate = 'NO'; diff --git a/src/turtlefirewall/list_items.cgi b/src/turtlefirewall/list_items.cgi index ef53d6b..0fe2312 100644 --- a/src/turtlefirewall/list_items.cgi +++ b/src/turtlefirewall/list_items.cgi @@ -443,7 +443,7 @@ sub showAddressList { print &ui_columns_start([ "", "$text{'name'}", - "$text{'location'}", + "$text{'file'}", "$text{'items'}", "$text{'type'}", "$text{'description'}" ], 100, 0, \@tds); @@ -452,8 +452,8 @@ sub showAddressList { local @cols; my $href = &ui_link("edit_addresslist.cgi?addresslist=$k",$k); push(@cols, "$href" ); - push(@cols, "$addresslist{'LOCATION'}" ); - push(@cols, qx{wc -l < $addresslist{'LOCATION'} 2>/dev/null} ); + push(@cols, "$addresslist{'FILE'}" ); + push(@cols, qx{wc -l < $addresslist{'FILE'} 2>/dev/null} ); push(@cols, "$addresslist{'TYPE'}" ); push(@cols, "".($addresslist{'DESCRIPTION'} ne '' ? "$addresslist{'DESCRIPTION'}" : ' ')."" ); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); diff --git a/src/turtlefirewall/save_addresslist.cgi b/src/turtlefirewall/save_addresslist.cgi index 128c20d..17bc42e 100644 --- a/src/turtlefirewall/save_addresslist.cgi +++ b/src/turtlefirewall/save_addresslist.cgi @@ -13,7 +13,7 @@ do 'turtlefirewall-lib.pl'; my $addresslist = $in{'addresslist'}; my $newaddresslist = $in{'newaddresslist'}; -my $location = $in{'location'}; +my $file = $in{'file'}; my $type = $in{'type'}; my $description = $in{'description'}; @@ -46,9 +46,9 @@ if( $in{'delete'} ) { } if ( $addresslist eq '' ) { &error( $text{save_addresslist_error3} ); } if ( $addresslist eq 'ip_blacklist' ) { &error( $text{save_addresslist_error4} ); } - if ( $location eq '' ) { &error( $text{save_addresslist_error5} ); } - if ( ! -f $location ) { &error( $text{save_addresslist_error6} ); } - $fw->AddAddressList( $addresslist, $location, $type, $description ); + if ( $file eq '' ) { &error( $text{save_addresslist_error5} ); } + if ( ! -f $file ) { &error( $text{save_addresslist_error6} ); } + $fw->AddAddressList( $addresslist, $file, $type, $description ); if( !$in{'new'} && $newaddresslist ne $addresslist ) { if( !$fw->RenameItem( $addresslist, $newaddresslist ) ) { &error( &text('save_addresslist_error7', $addresslist, $newaddresslist) ); diff --git a/src/turtlefirewall/setup/TurtleFirewall.pm b/src/turtlefirewall/setup/TurtleFirewall.pm index 6411c54..73967f2 100644 --- a/src/turtlefirewall/setup/TurtleFirewall.pm +++ b/src/turtlefirewall/setup/TurtleFirewall.pm @@ -380,10 +380,10 @@ sub AddRateLimit { $this->{fwItems}{$name} = 'RATELIMIT'; } -# AddAddressList( $name, $location, $type, $description ) +# AddAddressList( $name, $file, $type, $description ) sub AddAddressList { - my ($this, $name, $location, $type, $description) = @_; - %{ $this->{fw}{ADDRESSLIST}{$name} } = ('NAME'=>$name, 'LOCATION'=>$location, 'TYPE'=>$type, 'DESCRIPTION'=>$description ); + my ($this, $name, $file, $type, $description) = @_; + %{ $this->{fw}{ADDRESSLIST}{$name} } = ('NAME'=>$name, 'FILE'=>$file, 'TYPE'=>$type, 'DESCRIPTION'=>$description ); $this->{fwItems}{$name} = 'ADDRESSLIST'; } @@ -900,11 +900,11 @@ sub RenameItem { # Change item name in all rules foreach my $ruletype ('RULE','CONNMARKPREROUTE','CONNMARK','CONNTRACKPREROUTE','CONNTRACK','NAT','MASQUERADE','REDIRECT') { for( my $i=0; $i<=$#{$this->{fw}{$ruletype}}; $i++ ) { - foreach $field ('SRC','DST','ZONE','VIRTUAL','REAL','TIME','HOSTNAMESET','RISKSET','RATELIMIT') { - my @field_list = split( /,/, $this->{fw}{$ruletype}[$i]{$field} ); - if( grep( /^$oldname$/, @field_list ) ) { - s/^$oldname$/$newname/ for @field_list; - $this->{fw}{$ruletype}[$i]{$field} = join(",", @field_list); + foreach $item ('SRC','DST','ZONE','VIRTUAL','REAL','TIME','HOSTNAMESET','RISKSET','RATELIMIT') { + my @item_list = split( /,/, $this->{fw}{$ruletype}[$i]{$item} ); + if( grep( /^$oldname$/, @item_list ) ) { + s/^$oldname$/$newname/ for @item_list; + $this->{fw}{$ruletype}[$i]{$item} = join(",", @item_list); } } } @@ -1786,9 +1786,12 @@ sub startFirewall { for my $s ($this->GetIPSetList()) { my %ipset = $this->GetIPSet($s); for( my $i=0; $i<=$#{$this->{fw}{RULE}}; $i++ ) { - if( $this->{fw}{RULE}[$i]{SRC} eq $s || $this->{fw}{RULE}[$i]{DST} eq $s && $this->{fw}{RULE}[$i]{ACTIVE} ne 'NO') { - my $list_type = $this->{fw}{ADDRESSLIST}{$ipset{'IP'}}{TYPE}; - $this->command( "ipset create $ipset{'IP'} $list_type", "/dev/null 2>&1" ); + my @item_list = (); + push(@item_list, split( /,/, $this->{fw}{RULE}[$i]{SRC} ) ); + push(@item_list, split( /,/, $this->{fw}{RULE}[$i]{DST} ) ); + if( grep( /^$s$/, @item_list ) && $this->{fw}{RULE}[$i]{ACTIVE} ne 'NO') { + my $addresslist_type = $this->{fw}{ADDRESSLIST}{$ipset{'IP'}}{TYPE}; + $this->command( "ipset create $ipset{'IP'} $addresslist_type", "/dev/null 2>&1" ); last; } } @@ -1837,21 +1840,24 @@ sub startFirewall { for my $s ($this->GetIPSetList()) { my %ipset = $this->GetIPSet($s); for( my $i=0; $i<=$#{$this->{fw}{RULE}}; $i++ ) { - if( $this->{fw}{RULE}[$i]{SRC} eq $s || $this->{fw}{RULE}[$i]{DST} eq $s && $this->{fw}{RULE}[$i]{ACTIVE} ne 'NO') { + my @item_list = (); + push(@item_list, split( /,/, $this->{fw}{RULE}[$i]{SRC} ) ); + push(@item_list, split( /,/, $this->{fw}{RULE}[$i]{DST} ) ); + if( grep( /^$s$/, @item_list ) && $this->{fw}{RULE}[$i]{ACTIVE} ne 'NO') { print "run ipset-restore $s($ipset{'IP'})\n"; - my $list_location = $this->{fw}{ADDRESSLIST}{$ipset{'IP'}}{LOCATION}; - my $list_type = $this->{fw}{ADDRESSLIST}{$ipset{'IP'}}{TYPE}; + my $addresslist_file = $this->{fw}{ADDRESSLIST}{$ipset{'IP'}}{FILE}; + my $addresslist_type = $this->{fw}{ADDRESSLIST}{$ipset{'IP'}}{TYPE}; $this->command( "ipset flush $ipset{'IP'}", "/dev/null 2>&1" ); my @items = (); - open( FILE, "<", "$list_location" ); + open( FILE, "<", "$addresslist_file" ); while( ) { - if( $list_type eq "hash:ip" ) { + if( $addresslist_type eq "hash:ip" ) { if( $_ =~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/ ) { push(@items, $1); } } - if( $list_type eq "hash:net" ) { + if( $addresslist_type eq "hash:net" ) { if( $_ =~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/\b([0-9]|[12][0-9]|3[0-2])\b)/ ) { push(@items, $1); } } - if( $list_type eq "hash:mac" ) { + if( $addresslist_type eq "hash:mac" ) { if( $_ =~ /([0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2})/ ) { push(@items, $1); } } } diff --git a/src/turtlefirewall/turtlefirewall-lib.pl b/src/turtlefirewall/turtlefirewall-lib.pl index 8a4a29f..e7763a8 100644 --- a/src/turtlefirewall/turtlefirewall-lib.pl +++ b/src/turtlefirewall/turtlefirewall-lib.pl @@ -89,10 +89,10 @@ sub confdir { ); %blacklists = ( - 'ip_blacklist' => { LOCATION => '/etc/turtlefirewall/ip_blacklist.dat', CRON => '/etc/cron.daily/ip_blacklist', DESCRIPTION => 'IP Address' }, - 'domain_blacklist' => { LOCATION => '/etc/turtlefirewall/domain_blacklist.dat', CRON => '/etc/cron.daily/domain_blacklist', DESCRIPTION => 'DNS Domain Name' }, - 'ja3_blacklist' => { LOCATION => '/etc/turtlefirewall/ja3_blacklist.dat', CRON => '/etc/cron.daily/ja3_blacklist', DESCRIPTION => 'SSL Handshake Fingerprint' }, - 'sha1_blacklist' => { LOCATION => '/etc/turtlefirewall/sha1_blacklist.dat', CRON => '/etc/cron.daily/sha1_blacklist', DESCRIPTION => 'SSL Certificate Fingerprint' } + 'ip_blacklist' => { FILE => '/etc/turtlefirewall/ip_blacklist.dat', CRON => '/etc/cron.daily/ip_blacklist', DESCRIPTION => 'IP Address' }, + 'domain_blacklist' => { FILE => '/etc/turtlefirewall/domain_blacklist.dat', CRON => '/etc/cron.daily/domain_blacklist', DESCRIPTION => 'DNS Domain Name' }, + 'ja3_blacklist' => { FILE => '/etc/turtlefirewall/ja3_blacklist.dat', CRON => '/etc/cron.daily/ja3_blacklist', DESCRIPTION => 'SSL Handshake Fingerprint' }, + 'sha1_blacklist' => { FILE => '/etc/turtlefirewall/sha1_blacklist.dat', CRON => '/etc/cron.daily/sha1_blacklist', DESCRIPTION => 'SSL Certificate Fingerprint' } ); sub LoadServices { From a4112899204004c38725a703be85f9c53cbe0e21 Mon Sep 17 00:00:00 2001 From: netcons Date: Tue, 22 Oct 2024 06:23:47 +0200 Subject: [PATCH 007/113] Restore check if ipset file exists. --- src/turtlefirewall/setup/TurtleFirewall.pm | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/turtlefirewall/setup/TurtleFirewall.pm b/src/turtlefirewall/setup/TurtleFirewall.pm index 73967f2..319c87d 100644 --- a/src/turtlefirewall/setup/TurtleFirewall.pm +++ b/src/turtlefirewall/setup/TurtleFirewall.pm @@ -1790,7 +1790,13 @@ sub startFirewall { push(@item_list, split( /,/, $this->{fw}{RULE}[$i]{SRC} ) ); push(@item_list, split( /,/, $this->{fw}{RULE}[$i]{DST} ) ); if( grep( /^$s$/, @item_list ) && $this->{fw}{RULE}[$i]{ACTIVE} ne 'NO') { + my $addresslist_file = $this->{fw}{ADDRESSLIST}{$ipset{'IP'}}{FILE}; my $addresslist_type = $this->{fw}{ADDRESSLIST}{$ipset{'IP'}}{TYPE}; + if( ! -e $addresslist_file ) { + umask 0077; + open( FILE, ">", "$addresslist_file" ); + close( FILE ); + } $this->command( "ipset create $ipset{'IP'} $addresslist_type", "/dev/null 2>&1" ); last; } From 17cea06fc0b06e4022e1dd017c0804753571dcfe Mon Sep 17 00:00:00 2001 From: netcons Date: Tue, 22 Oct 2024 13:06:43 +0200 Subject: [PATCH 008/113] Consolidate Address Lists --- src/turtlefirewall/images/blacklists.png | Bin 2674 -> 0 bytes src/turtlefirewall/index.cgi | 5 +-- src/turtlefirewall/lang/de | 12 ++---- src/turtlefirewall/lang/en | 12 ++---- src/turtlefirewall/lang/fr | 12 ++---- src/turtlefirewall/lang/it | 12 ++---- src/turtlefirewall/lang/nl | 12 ++---- src/turtlefirewall/list_blacklists.cgi | 48 ----------------------- src/turtlefirewall/list_items.cgi | 15 ++++++- src/turtlefirewall/save_addresslist.cgi | 4 +- src/turtlefirewall/save_ipset.cgi | 7 ++-- src/turtlefirewall/turtlefirewall-lib.pl | 8 ++-- 12 files changed, 45 insertions(+), 102 deletions(-) delete mode 100644 src/turtlefirewall/images/blacklists.png delete mode 100644 src/turtlefirewall/list_blacklists.cgi diff --git a/src/turtlefirewall/images/blacklists.png b/src/turtlefirewall/images/blacklists.png deleted file mode 100644 index b4fda86befd3a7ab9f7920ff7d0e4610795e7652..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2674 zcmXw5X;f3!7QUC8334+q8f3_o0;1pp1Zfm7xlBR?4Tu=6g#?JAwSrbDD3S>o1Z|A5 zqVgmtDz!X>F0J?;Ly&-B=tC?h*2*Md+i^4@AIAg?IDl1WfR3@ zxd{LOl(5jCD1-D^IwXSO-eEMCV-UE#XaouXw{>6RPrWwi)<=T*N46#JIr5|Mun0gC zljB85*!RM{q9~CtG5t`B$PWNaaA84cblP9>dJJPX@(2K^)p}?_4p5~gr=_QR>gPYU z73Ssbb7nG&J@2kbOiXkPTj;A7TldzB#o4D%uQ7jh!|VCI}f}`zj2bRNQ`K;DF~qKB$l?E-^#B6rooCdAz2bO zJOq3$fnWSIFa(4r@d&&x*YnW}bKQ8u2q*y_*g*ASOqBNV4W--)H+{dlN80^wkILr7 z&C9mZZxI0_QZg*rb*`^&0T?XS_?Wp?i*&86GRF?Ut%NbacoI$MRP&)ujkAYpkE1KW zxC!6@1E)crnex1)JjaJdTUkh%ve2RL`@}+lP`GDy^5sg%-F+D=yZZh!>y0PoneXvCJ@LY{nQ`+*gFi-H#vJvGKd*pfGUYKbc?f*g?)VU>2!{=B z6M)33J9k`ILnswE>E`O{1rdoh{Me8X*cMXv04KfO?n?q*L^EQGT#4u= zUs1nuCZwbrl0DH3=%&6--Y5yQ8uH+g9Cj=e6&>Im)x>;7Chw+|J7f(}a^*Yug_1%$ z+skS`?qbgFu(LK000w!O=jW0ncDOc)`Uur{dr0N%1$VY4gJ<^n!)sSoDOz>1sA`2L zE)ts3&AewzTPA(E38%YY%95?x;d2M#s3n$So`2UZ;NAkfDNr=TWM@jx(L%$wZM!ni zlz*?^ab{}RH-$hLmdDjEO8kwvscJtc>hs+6kA&1ztICI*uqckiMz^=|a{0s(7Sb`` zi7#|LAu9{tGrtW7gq_uv-W^BAab*FPNyw>R1AtA|P9IBk*CDGJQ@LUaUD| z)al@$7to|iN?A6cr9OSyw8)PWMk^gRpzHSoOl*0%a;2%`(8Y!`_)g@ZSU-Cb4G18) zV3hA7e)_}UQY*VXMu-n=%?zo0$!P(G5S|DZFIQ4azr~ihxZ`5n-Q5Yz3gsIn>z#bc zG;|BUaM|vH)|NckFgll&pAQ{ix`b%8IL#Z56lk5*4jIbFfp>O6l%}6`YRsX8NmyS>oxsFZyv?>PkKzKfP2??b^!U+vcY4N!L}lup$DuXZkcQBZB_X zQPBA&Q&aF6v<*Z6ZVYl)4d?&rA-S7R|3vS5ulZ8oI|~A?7UeZ)gY1eLI0qCjQEO{e zYI<6A|3_I(4XgURNn3`xl=urVGtkSGT&)6|sJcnSClrn*N!o#KNO5YC*?SDIG4#Qr zbUbnXQX2HeOiSO^#r*A#T#qE zm3ZFu8>Nn5vW>L$2SsdV=E0=XZPbc(!IfpE15ke8spr_l2GD}8zG`*~X^so<@ByZ)wsD6oCBTRBVwf_-@J)Ck2Og$uc%`-u z5t8Yg9>0l&whQhW-kzpicOD;uExv^<3K9Ld9jkaD(fOy9_pMe( zC#Nx$N>#nj9|}o&4L*Y4(f|JQGY-yb;v6JCs@28~D;h#bKCU&*-d55ipsnC+fF qNoHAe_NLyc&ko^zD3wh4~ diff --git a/src/turtlefirewall/index.cgi b/src/turtlefirewall/index.cgi index fc3eaf3..b6c0094 100644 --- a/src/turtlefirewall/index.cgi +++ b/src/turtlefirewall/index.cgi @@ -19,7 +19,6 @@ my @links = ('list_items.cgi', 'list_ndpiprotocols.cgi', 'list_ndpirisks.cgi', 'list_countrycodes.cgi', - 'list_blacklists.cgi', 'edit_options.cgi', 'backup.cgi'); my @titles = ($text{'index_icon_firewall_items'}, @@ -27,7 +26,6 @@ my @titles = ($text{'index_icon_firewall_items'}, $text{'index_icon_firewall_ndpiprotocols'}, $text{'index_icon_firewall_ndpirisks'}, $text{'index_icon_firewall_countrycodes'}, - $text{'index_icon_firewall_blacklists'}, $text{'index_icon_edit_options'}, $text{'index_icon_backup'}); my @icons = ('images/items.png', @@ -35,10 +33,9 @@ my @icons = ('images/items.png', 'images/ndpiprotocols.png', 'images/ndpirisks.png', 'images/countrycodes.png', - 'images/blacklists.png', 'images/options.png', 'images/backup.png'); -&icons_table(\@links, \@titles, \@icons, 11); +&icons_table(\@links, \@titles, \@icons, 10); print &ui_hr(); my @rlinks = ('list_rules.cgi', diff --git a/src/turtlefirewall/lang/de b/src/turtlefirewall/lang/de index e31d45c..d8c2c1b 100644 --- a/src/turtlefirewall/lang/de +++ b/src/turtlefirewall/lang/de @@ -82,7 +82,6 @@ unchange=unchange description=Beschreibung items=Items file=File -autoupdate=Auto Update category=Category index=Turtle Firewall index index_start=Start @@ -107,7 +106,6 @@ index_icon_edit_options=Optionen index_icon_log=Log index_icon_flowlog=Flow Log index_icon_flowstat=Flow Statistics -index_icon_firewall_blacklists=Blacklists index_icon_backup=Backup list_items_title=Firewall Objekte list_items_create_zone=neue Zone erstellen @@ -245,7 +243,6 @@ options_log_limit_desc=Maximum average matching rate: number of logs per hour. options_log_limit_burst_name=log_limit_burst options_log_limit_burst_desc=Maximum initial number of packets to log: this number gets recharged by one every time the limit specified above is not reached, up to this number. -list_blacklists_title=Blacklists backup_title=Backup backup_backuptitle=Backup @@ -377,7 +374,7 @@ save_addresslist_error_title3=Fail to save addresslist save_addresslist_error1=it's used in an ipset save_addresslist_error2=Item with same name already present. save_addresslist_error3=addresslist name field can't be empty. -save_addresslist_error4=the name "ip_blacklist" is reserved. +save_addresslist_error4=that name is reserved. save_addresslist_error5=file field can't be empty. save_addresslist_error6=file doesn't exist. save_addresslist_error7=addresslist "$1" can't be renamed to "$2", it already exists. @@ -390,10 +387,9 @@ save_ipset_error1=it's used in a group or rule. save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. -save_ipset_error5=the name "ip_blacklist" is reserved. -save_ipset_error6=ipset field can't be empty. -save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. -save_ipset_error8=wrong ipset name format. +save_ipset_error5=ipset field can't be empty. +save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error7=wrong ipset name format. save_nat_error_title1=Fail to delete Nat save_nat_error_title2=Fail to create new Nat diff --git a/src/turtlefirewall/lang/en b/src/turtlefirewall/lang/en index f2abf97..ba9f76a 100644 --- a/src/turtlefirewall/lang/en +++ b/src/turtlefirewall/lang/en @@ -82,7 +82,6 @@ unchange=unchange description=Description items=Items file=File -autoupdate=Auto Update category=Category index=Turtle Firewall index index_start=Start @@ -107,7 +106,6 @@ index_icon_edit_options=Options index_icon_log=Action Log index_icon_flowlog=Flow Log index_icon_flowstat=Flow Statistics -index_icon_firewall_blacklists=Blacklists index_icon_backup=Backup list_items_title=Items list_items_create_zone=create new zone @@ -245,7 +243,6 @@ options_log_limit_desc=Maximum average matching rate: number of logs per hour. options_log_limit_burst_name=log_limit_burst options_log_limit_burst_desc=Maximum initial number of packets to log: this number gets recharged by one every time the limit specified above is not reached, up to this number. -list_blacklists_title=Blacklists backup_title=Backup backup_backuptitle=Backup @@ -377,7 +374,7 @@ save_addresslist_error_title3=Fail to save addresslist save_addresslist_error1=it's used in an ipset save_addresslist_error2=Item with same name already present. save_addresslist_error3=addresslist name field can't be empty. -save_addresslist_error4=the name "ip_blacklist" is reserved. +save_addresslist_error4=that name is reserved. save_addresslist_error5=file field can't be empty. save_addresslist_error6=file doesn't exist. save_addresslist_error7=addresslist "$1" can't be renamed to "$2", it already exists. @@ -390,10 +387,9 @@ save_ipset_error1=it's used in a group or rule. save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. -save_ipset_error5=the name "ip_blacklist" is reserved. -save_ipset_error6=ipset field can't be empty. -save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. -save_ipset_error8=wrong ipset name format. +save_ipset_error5=ipset field can't be empty. +save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error7=wrong ipset name format. save_nat_error_title1=Fail to delete Nat save_nat_error_title2=Fail to create new Nat diff --git a/src/turtlefirewall/lang/fr b/src/turtlefirewall/lang/fr index 4a24b44..abba071 100644 --- a/src/turtlefirewall/lang/fr +++ b/src/turtlefirewall/lang/fr @@ -82,7 +82,6 @@ unchange=unchange description=Description items=Items file=File -autoupdate=Auto Update category=Category index=Turtle Firewall index index_start=Start @@ -107,7 +106,6 @@ index_icon_edit_options=Options index_icon_log=Log index_icon_flowlog=Flow Log index_icon_flowstat=Flow Statistics -index_icon_firewall_blacklists=Blacklists index_icon_backup=Backup list_items_title=Eléments du Firewall list_items_create_zone=créer une nouvelle zone @@ -245,7 +243,6 @@ options_log_limit_desc=Maximum average matching rate: number of logs per hour. options_log_limit_burst_name=log_limit_burst options_log_limit_burst_desc=Maximum initial number of packets to log: this number gets recharged by one every time the limit specified above is not reached, up to this number. -list_blacklists_title=Blacklists backup_title=Backup backup_backuptitle=Backup @@ -377,7 +374,7 @@ save_addresslist_error_title3=Fail to save addresslist save_addresslist_error1=it's used in an ipset save_addresslist_error2=Item with same name already present. save_addresslist_error3=addresslist name field can't be empty. -save_addresslist_error4=the name "ip_blacklist" is reserved. +save_addresslist_error4=that name is reserved. save_addresslist_error5=file field can't be empty. save_addresslist_error6=file doesn't exist. save_addresslist_error7=addresslist "$1" can't be renamed to "$2", it already exists. @@ -390,10 +387,9 @@ save_ipset_error1=it's used in a group or rule. save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. -save_ipset_error5=the name "ip_blacklist" is reserved. -save_ipset_error6=ipset field can't be empty. -save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. -save_ipset_error8=wrong ipset name format. +save_ipset_error5=ipset field can't be empty. +save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error7=wrong ipset name format. save_nat_error_title1=Fail to delete Nat save_nat_error_title2=Fail to create new Nat diff --git a/src/turtlefirewall/lang/it b/src/turtlefirewall/lang/it index 0ab9dc3..02a0c3a 100644 --- a/src/turtlefirewall/lang/it +++ b/src/turtlefirewall/lang/it @@ -82,7 +82,6 @@ unchange=unchange description=Descrizione items=Items file=File -autoupdate=Auto Update category=Category index=Turtle Firewall index index_start=Attiva Firewall @@ -107,7 +106,6 @@ index_icon_edit_options=Opzioni index_icon_log=Log index_icon_flowlog=Flow Log index_icon_flowstat=Flow Statistics -index_icon_firewall_blacklists=Blacklists index_icon_backup=Backup Configurazione list_items_title=Elementi del firewall list_items_create_zone=crea una nuova zona @@ -245,7 +243,6 @@ options_log_limit_desc=Numero medio di log generati in un ora per una singola ca options_log_limit_burst_name=log_limit_burst options_log_limit_burst_desc=Numero di log generati inizialmente. Ogni volta che viene raggiunto il tempo "limit" senza la generazione di log, questo valore viene incrementato di una unità. -list_blacklists_title=Blacklists backup_title=Backup Configurazione backup_backuptitle=Backup @@ -377,7 +374,7 @@ save_addresslist_error_title3=Fail to save addresslist save_addresslist_error1=it's used in an ipset save_addresslist_error2=Item with same name already present. save_addresslist_error3=addresslist name field can't be empty. -save_addresslist_error4=the name "ip_blacklist" is reserved. +save_addresslist_error4=that name is reserved. save_addresslist_error5=file field can't be empty. save_addresslist_error6=file doesn't exist. save_addresslist_error7=addresslist "$1" can't be renamed to "$2", it already exists. @@ -390,10 +387,9 @@ save_ipset_error1=it's used in a group or rule. save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. -save_ipset_error5=the name "ip_blacklist" is reserved. -save_ipset_error6=ipset field can't be empty. -save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. -save_ipset_error8=wrong ipset name format. +save_ipset_error5=ipset field can't be empty. +save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error7=wrong ipset name format. save_nat_error_title1=Errore cancellando la regola Nat save_nat_error_title2=Errore creando la regola Nat diff --git a/src/turtlefirewall/lang/nl b/src/turtlefirewall/lang/nl index b4a08db..b3837d4 100644 --- a/src/turtlefirewall/lang/nl +++ b/src/turtlefirewall/lang/nl @@ -82,7 +82,6 @@ unchange=unchange description=Beschrijving items=Items file=File -autoupdate=Auto Update category=Category index=Turtle Firewall index index_start=Start @@ -107,7 +106,6 @@ index_icon_edit_options=Options index_icon_log=Log index_icon_flowlog=Flow Log index_icon_flowstat=Flow Statistics -index_icon_firewall_blacklists=Blacklists index_icon_backup=Backup list_items_title=Firewall Objecten list_items_create_zone=Toevoegen nieuwe zone @@ -245,7 +243,6 @@ options_log_limit_desc=Maximum average matching rate: number of logs per hour. options_log_limit_burst_name=log_limit_burst options_log_limit_burst_desc=Maximum initial number of packets to log: this number gets recharged by one every time the limit specified above is not reached, up to this number. -list_blacklists_title=Blacklists backup_title=Backup backup_backuptitle=Backup @@ -377,7 +374,7 @@ save_addresslist_error_title3=Fail to save addresslist save_addresslist_error1=it's used in an ipset save_addresslist_error2=Item with same name already present. save_addresslist_error3=addresslist name field can't be empty. -save_addresslist_error4=the name "ip_blacklist" is reserved. +save_addresslist_error4=that name is reserved. save_addresslist_error5=file field can't be empty. save_addresslist_error6=file doesn't exist. save_addresslist_error7=addresslist "$1" can't be renamed to "$2", it already exists. @@ -390,10 +387,9 @@ save_ipset_error1=it's used in a group or rule. save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. -save_ipset_error5=the name "ip_blacklist" is reserved. -save_ipset_error6=ipset field can't be empty. -save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. -save_ipset_error8=wrong ipset name format. +save_ipset_error5=ipset field can't be empty. +save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error7=wrong ipset name format. save_nat_error_title1=Fail to delete Nat save_nat_error_title2=Fail to create new Nat diff --git a/src/turtlefirewall/list_blacklists.cgi b/src/turtlefirewall/list_blacklists.cgi deleted file mode 100644 index 0f0859f..0000000 --- a/src/turtlefirewall/list_blacklists.cgi +++ /dev/null @@ -1,48 +0,0 @@ -#!/usr/bin/perl - -#====================================================================== -# Turtle Firewall webmin module -# -# Copyright (c) Andrea Frigido -# You may distribute under the terms of either the GNU General Public -# License -#====================================================================== - -do 'turtlefirewall-lib.pl'; -&ReadParse(); - -&ui_print_header( "$text{'list_blacklists_title'}", $text{'title'}, "" ); - -&showBlackLists(); -print "

"; - -&ui_print_footer('index.cgi',$text{'index'}); - -#============================================================================ - -sub showBlackLists { - @tds = ( "width=20%", "width=20%", "width=20%", "width=1% style=text-align:center", "width=1% style=text-align:center" ); - print &ui_columns_start([ "$text{'name'}", - "$text{'description'}", - "$text{'file'}", - "$text{'items'}", - "$text{'autoupdate'}" ], 100, 0, \@tds); - my @items = (); - foreach my $b (sort keys %blacklists) { - local @cols; - push(@cols, "$b"); - push(@cols, "$blacklists{$b}{DESCRIPTION}"); - push(@cols, "$blacklists{$b}{FILE}"); - my $blacklistcount = qx{wc -l < $blacklists{$b}{FILE} 2>/dev/null}; - if( $blacklistcount eq '' ) { $blacklistcount = '0'; } - push(@cols, $blacklistcount); - my $autoupdate = 'NO'; - if( -e $blacklists{$b}{CRON} ) { $autoupdate = 'YES'; } - my $aimage = $autoupdate eq 'YES' ? '' : ''; - my $cb = $autoupdate eq 'YES' ? '' : ''; # ColourBegin - my $ce = ''; # ColourEnd - push(@cols, "${aimage}${cb}${autoupdate}${ce}"); - print &ui_columns_row(\@cols, \@tds); - } - print &ui_columns_end(); -} diff --git a/src/turtlefirewall/list_items.cgi b/src/turtlefirewall/list_items.cgi index 0fe2312..80548bb 100644 --- a/src/turtlefirewall/list_items.cgi +++ b/src/turtlefirewall/list_items.cgi @@ -447,13 +447,26 @@ sub showAddressList { "$text{'items'}", "$text{'type'}", "$text{'description'}" ], 100, 0, \@tds); + foreach my $b (sort keys %blacklists) { + local @cols; + push(@cols, "$b"); + push(@cols, "$blacklists{$b}{FILE}"); + my $blacklistcount = qx{wc -l < $blacklists{$b}{FILE} 2>/dev/null}; + if( $blacklistcount eq '' ) { $blacklistcount = '0'; } + push(@cols, $blacklistcount); + push(@cols, "$blacklists{$b}{TYPE}" ); + push(@cols, "$blacklists{$b}{DESCRIPTION}"); + print &ui_checked_columns_row(\@cols, \@tds, "d", $k); + } for my $k ($fw->GetAddressListList()) { my %addresslist = $fw->GetAddressList($k); local @cols; my $href = &ui_link("edit_addresslist.cgi?addresslist=$k",$k); push(@cols, "$href" ); push(@cols, "$addresslist{'FILE'}" ); - push(@cols, qx{wc -l < $addresslist{'FILE'} 2>/dev/null} ); + my $listcount = qx{wc -l < $addresslist{'FILE'} 2>/dev/null}; + if( $listcount eq '' ) { $listcount = '0'; } + push(@cols, $listcount); push(@cols, "$addresslist{'TYPE'}" ); push(@cols, "".($addresslist{'DESCRIPTION'} ne '' ? "$addresslist{'DESCRIPTION'}" : ' ')."" ); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); diff --git a/src/turtlefirewall/save_addresslist.cgi b/src/turtlefirewall/save_addresslist.cgi index 17bc42e..7874070 100644 --- a/src/turtlefirewall/save_addresslist.cgi +++ b/src/turtlefirewall/save_addresslist.cgi @@ -45,7 +45,9 @@ if( $in{'delete'} ) { $whatfailed = $text{save_addresslist_error_title3}; } if ( $addresslist eq '' ) { &error( $text{save_addresslist_error3} ); } - if ( $addresslist eq 'ip_blacklist' ) { &error( $text{save_addresslist_error4} ); } + foreach my $b (sort keys %blacklists) { + if ( $addresslist eq $b ) { &error( $text{save_addresslist_error4} ); } + } if ( $file eq '' ) { &error( $text{save_addresslist_error5} ); } if ( ! -f $file ) { &error( $text{save_addresslist_error6} ); } $fw->AddAddressList( $addresslist, $file, $type, $description ); diff --git a/src/turtlefirewall/save_ipset.cgi b/src/turtlefirewall/save_ipset.cgi index f935156..847b4ce 100644 --- a/src/turtlefirewall/save_ipset.cgi +++ b/src/turtlefirewall/save_ipset.cgi @@ -17,7 +17,7 @@ my $ip = $in{'ip'}; my $zone = $in{'zone'}; my $description = $in{'description'}; -if( ! $fw->checkName($newipset) ) { &error( $text{save_ipset_error8} ); } +if( ! $fw->checkName($newipset) ) { &error( $text{save_ipset_error7} ); } if( $in{'delete'} ) { # delete ipset @@ -46,12 +46,11 @@ if( $in{'delete'} ) { } if ( $ipset eq '' ) { &error( $text{save_ipset_error3} ); } if ( ! $fw->GetZone($zone) ) { &error( $text{save_ipset_error4} ); } - if ( $ip eq 'ip_blacklist' ) { &error( $text{save_ipset_error5} ); } - if ( $ip eq '' ) { &error( $text{save_ipset_error6} ); } + if ( $ip eq '' ) { &error( $text{save_ipset_error5} ); } $fw->AddIPSet( $ipset, $ip, $zone, $description ); if( !$in{'new'} && $newipset ne $ipset ) { if( !$fw->RenameItem( $ipset, $newipset ) ) { - &error( &text('save_ipset_error7', $ipset, $newipset) ); + &error( &text('save_ipset_error6', $ipset, $newipset) ); } } } diff --git a/src/turtlefirewall/turtlefirewall-lib.pl b/src/turtlefirewall/turtlefirewall-lib.pl index e7763a8..7aee2fa 100644 --- a/src/turtlefirewall/turtlefirewall-lib.pl +++ b/src/turtlefirewall/turtlefirewall-lib.pl @@ -89,10 +89,10 @@ sub confdir { ); %blacklists = ( - 'ip_blacklist' => { FILE => '/etc/turtlefirewall/ip_blacklist.dat', CRON => '/etc/cron.daily/ip_blacklist', DESCRIPTION => 'IP Address' }, - 'domain_blacklist' => { FILE => '/etc/turtlefirewall/domain_blacklist.dat', CRON => '/etc/cron.daily/domain_blacklist', DESCRIPTION => 'DNS Domain Name' }, - 'ja3_blacklist' => { FILE => '/etc/turtlefirewall/ja3_blacklist.dat', CRON => '/etc/cron.daily/ja3_blacklist', DESCRIPTION => 'SSL Handshake Fingerprint' }, - 'sha1_blacklist' => { FILE => '/etc/turtlefirewall/sha1_blacklist.dat', CRON => '/etc/cron.daily/sha1_blacklist', DESCRIPTION => 'SSL Certificate Fingerprint' } + 'ip_blacklist' => { FILE => '/etc/turtlefirewall/ip_blacklist.dat', TYPE => 'hash:ip', DESCRIPTION => 'IP Address' }, + 'domain_blacklist' => { FILE => '/etc/turtlefirewall/domain_blacklist.dat', TYPE => 'ndpi:domain', DESCRIPTION => 'DNS Domain Name' }, + 'ja3_blacklist' => { FILE => '/etc/turtlefirewall/ja3_blacklist.dat', TYPE => 'ndpi:ja3', DESCRIPTION => 'SSL Handshake Fingerprint' }, + 'sha1_blacklist' => { FILE => '/etc/turtlefirewall/sha1_blacklist.dat', TYPE => 'ndpi:sha1', DESCRIPTION => 'SSL Certificate Fingerprint' } ); sub LoadServices { From f9bfe78c258c6f8f31caa5b014f47ff407e19af6 Mon Sep 17 00:00:00 2001 From: netcons Date: Tue, 22 Oct 2024 16:40:03 +0200 Subject: [PATCH 009/113] Update README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index cfa1757..c530524 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,6 @@ Turtle Firewall is an Open Source project written using the perl language and re - Risk Detection. - Rate Limiting. - Blacklists. -- IP Sets. - NAT Map to Port. - Logging per rule. - Flow Info logging. From ee571f3dcc92df314820680051a7a6cdecd4e5f0 Mon Sep 17 00:00:00 2001 From: netcons Date: Fri, 25 Oct 2024 14:07:43 +0200 Subject: [PATCH 010/113] Make rule logic human readable --- src/turtlefirewall/setup/TurtleFirewall.pm | 24 +++++++++++----------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/src/turtlefirewall/setup/TurtleFirewall.pm b/src/turtlefirewall/setup/TurtleFirewall.pm index 319c87d..1e787d7 100644 --- a/src/turtlefirewall/setup/TurtleFirewall.pm +++ b/src/turtlefirewall/setup/TurtleFirewall.pm @@ -3199,27 +3199,27 @@ sub _applyService { if( $src_mac =~ /^[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}$/ ) { $cmd .= "-m mac --mac-source $src_mac "; } if( $src ne '' ) { - if( $dst_type eq 'GEOIP' ) { $cmd .= "-m geoip --destination-country $dst "; } - if( $dst_type eq 'IPSET' ) { $cmd .= "-m set --match-set $dst dst "; } - if( $src ne '0.0.0.0/0' && $src_type !~ /GEOIP|IPSET/ ) { $cmd .= "-s $src "; } - } - if( $dst ne '' ) { if( $src_type eq 'GEOIP' ) { $cmd .= "-m geoip --source-country $src "; } if( $src_type eq 'IPSET' ) { $cmd .= "-m set --match-set $src src "; } - if( $dst ne '0.0.0.0/0' && $dst_type !~ /GEOIP|IPSET/ ) { $cmd .= "-d $dst "; } + if( $src_type =~ /HOST|NET/ ) { $cmd .= "-s $src "; } + } + if( $dst ne '' ) { + if( $dst_type eq 'GEOIP' ) { $cmd .= "-m geoip --destination-country $dst "; } + if( $dst_type eq 'IPSET' ) { $cmd .= "-m set --match-set $dst dst "; } + if( $dst_type =~ /HOST|NET/ ) { $cmd .= "-d $dst "; } } } else { $cmd = "-A $backChain "; if( $ratelimit ne '' ) { $cmd .= "-m ratelimit --ratelimit-set back-$ratelimit --ratelimit-mode dst "; } if( $dst ne '' ) { - if( $src_type eq 'GEOIP' ) { $cmd .= "-m geoip --destination-country $src "; } - if( $src_type eq 'IPSET' ) { $cmd .= "-m set --match-set $src dst "; } - if( $dst ne '0.0.0.0/0' && $dst_type !~ /GEOIP|IPSET/ ) { $cmd .= "-s $dst "; } - } - if( $src ne '' ) { if( $dst_type eq 'GEOIP' ) { $cmd .= "-m geoip --source-country $dst "; } if( $dst_type eq 'IPSET' ) { $cmd .= "-m set --match-set $dst src "; } - if( $src ne '0.0.0.0/0' && $src_type !~ /GEOIP|IPSET/ ) { $cmd .= "-d $src "; } + if( $dst_type =~ /HOST|NET/ ) { $cmd .= "-s $dst "; } + } + if( $src ne '' ) { + if( $src_type eq 'GEOIP' ) { $cmd .= "-m geoip --destination-country $src "; } + if( $src_type eq 'IPSET' ) { $cmd .= "-m set --match-set $src dst "; } + if( $src_type =~ /HOST|NET/ ) { $cmd .= "-d $src "; } } } From faa88500fcda7700e80459088ad7bb4c8fcc4149 Mon Sep 17 00:00:00 2001 From: netcons Date: Sat, 26 Oct 2024 06:13:15 +0200 Subject: [PATCH 011/113] Feature : Add prefix support for net items. --- CHANGELOG | 1 + src/turtlefirewall/lang/de | 6 ++---- src/turtlefirewall/lang/en | 6 ++---- src/turtlefirewall/lang/fr | 6 ++---- src/turtlefirewall/lang/it | 6 ++---- src/turtlefirewall/lang/nl | 6 ++---- src/turtlefirewall/list_items.cgi | 18 +++++++++--------- src/turtlefirewall/save_net.cgi | 5 ++++- 8 files changed, 24 insertions(+), 30 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index f665026..e31faaf 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -244,5 +244,6 @@ CHANGELOG - Services : Added DNS over TLS TCP port 853 service. - Feature : nDPI 4.9.11 support. - Feature : Add ipset support. + - Feature : Add prefix support for net items. - Todo : Translate new features - Todo : Fix backup.cgi restore upload. diff --git a/src/turtlefirewall/lang/de b/src/turtlefirewall/lang/de index d8c2c1b..1f4d2eb 100644 --- a/src/turtlefirewall/lang/de +++ b/src/turtlefirewall/lang/de @@ -8,9 +8,7 @@ net=Netz geoip=GeoIP countrycode=Country Code netaddress=Netz-Adresse -netmask=Netmask -netaddress=Netz-Adresse -netmask=Netmask +netmask=Netzmaske / Präfix host=Host hostaddress=IP-Addresse macaddress=MAC-Addresse @@ -309,7 +307,7 @@ save_net_error2=item the same name already present. save_net_error3=net name field can't be empty. save_net_error4=wrong zone. save_net_error5=wrong ip address. -save_net_error6=wrong netmask. +save_net_error6=falsche netzmaske oder falsches präfix. save_net_error7=net "$1" can't be renamed to "$2", it already exists. save_net_error8=wrong net name format. diff --git a/src/turtlefirewall/lang/en b/src/turtlefirewall/lang/en index ba9f76a..7fe0aa7 100644 --- a/src/turtlefirewall/lang/en +++ b/src/turtlefirewall/lang/en @@ -8,9 +8,7 @@ net=Net geoip=GeoIP countrycode=Country Code netaddress=Net Address -netmask=Netmask -netaddress=Net Address -netmask=Netmask +netmask=Netmask / Prefix host=Host hostaddress=IP Address macaddress=MAC Address @@ -309,7 +307,7 @@ save_net_error2=item the same name already present. save_net_error3=net name field can't be empty. save_net_error4=wrong zone. save_net_error5=wrong ip address. -save_net_error6=wrong netmask. +save_net_error6=wrong netmask or prefix. save_net_error7=net "$1" can't be renamed to "$2", it already exists. save_net_error8=wrong net name format. diff --git a/src/turtlefirewall/lang/fr b/src/turtlefirewall/lang/fr index abba071..ccb0dcc 100644 --- a/src/turtlefirewall/lang/fr +++ b/src/turtlefirewall/lang/fr @@ -8,9 +8,7 @@ net=Réseau geoip=GeoIP countrycode=Country Code netaddress=Adresse réseau -netmask=Masque réseau -netaddress=Adresse réseau -netmask=Masque réseau +netmask=Masque réseau / préfixe host=Hôte hostaddress=Adresse IP macaddress=Adresse MAC @@ -309,7 +307,7 @@ save_net_error2=item the same name already present. save_net_error3=net name field can't be empty. save_net_error4=wrong zone. save_net_error5=wrong ip address. -save_net_error6=wrong netmask. +save_net_error6=mauvais masque de réseau ou préfixe. save_net_error7=net "$1" can't be renamed to "$2", it already exists. save_net_error8=wrong net name format. diff --git a/src/turtlefirewall/lang/it b/src/turtlefirewall/lang/it index 02a0c3a..393801b 100644 --- a/src/turtlefirewall/lang/it +++ b/src/turtlefirewall/lang/it @@ -8,9 +8,7 @@ net=Rete geoip=GeoIP countrycode=Country Code netaddress=Indirizzo di rete -netmask=Netmask -netaddress=Indirizzo di rete -netmask=Netmask +netmask=Netmask / prefisso host=Host hostaddress=indirizzo IP macaddress=indirizzo MAC @@ -309,7 +307,7 @@ save_net_error2=un elemento con questo nome esiste già. save_net_error3=il nome della rete non può essere vuoto. save_net_error4=zona errata. save_net_error5=indirizzo di rete errato. -save_net_error6=netmask errata. +save_net_error6=netmask errata o prefisso. save_net_error7=la rete "$1" non può essere rinominata in "$2", esiste già un elemento con lo stesso nome. save_net_error8=nome della net non corretto. diff --git a/src/turtlefirewall/lang/nl b/src/turtlefirewall/lang/nl index b3837d4..3d81cfe 100644 --- a/src/turtlefirewall/lang/nl +++ b/src/turtlefirewall/lang/nl @@ -8,9 +8,7 @@ net=Net geoip=GeoIP countrycode=Country Code netaddress=Netwerk adres -netmask=Netwerk masker -netaddress=Netwerk adres -netmask=Netwerk masker +netmask=Netwerk masker / Voorvoegsel host=Host hostaddress=IP adres macaddress=MAC adres @@ -309,7 +307,7 @@ save_net_error2=item the same name already present. save_net_error3=net name field can't be empty. save_net_error4=wrong zone. save_net_error5=wrong ip address. -save_net_error6=wrong netmask. +save_net_error6=wrong netwerk masker of voorvoegsel. save_net_error7=net "$1" can't be renamed to "$2", it already exists. save_net_error8=wrong net name format. diff --git a/src/turtlefirewall/list_items.cgi b/src/turtlefirewall/list_items.cgi index 80548bb..82e12d4 100644 --- a/src/turtlefirewall/list_items.cgi +++ b/src/turtlefirewall/list_items.cgi @@ -13,11 +13,11 @@ do 'turtlefirewall-lib.pl'; &ui_print_header( "$text{'list_items_title'}", $text{'title'}, "" ); $form = 0; -&showZone(); +&showAddressList(); $form++; print "

"; -&showNet(); +&showZone(); $form++; print "

"; @@ -25,20 +25,20 @@ print "

"; $form++; print "

"; -&LoadCountryCodes( $fw ); -&showGeoip(); +&showNet(); $form++; print "

"; -&showGroup(); +&LoadCountryCodes( $fw ); +&showGeoip(); $form++; print "

"; -&showTime(); +&showIPSet(); $form++; print "

"; -&showTimeGroup(); +&showGroup(); $form++; print "

"; @@ -55,11 +55,11 @@ print "

"; $form++; print "

"; -&showAddressList(); +&showTime(); $form++; print "

"; -&showIPSet(); +&showTimeGroup(); &ui_print_footer('index.cgi',$text{'index'}); diff --git a/src/turtlefirewall/save_net.cgi b/src/turtlefirewall/save_net.cgi index b5a546c..3650b78 100644 --- a/src/turtlefirewall/save_net.cgi +++ b/src/turtlefirewall/save_net.cgi @@ -48,7 +48,10 @@ if( $in{'delete'} ) { if ( $net eq '' ) { &error( $text{save_net_error3} ); } if ( ! $fw->GetZone($zone) ) { &error( $text{save_net_error4} ); } if ( $ip !~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/ ) { &error( $text{save_net_error5} ); } - if ( $netmask !~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/ ) { &error( $text{save_net_error6} ); } + if ( $netmask !~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/ ) { + $netmask = $netmask + 0; + if( $netmask < 1 || $netmask > 32 ) { &error( $text{save_net_error6} ); } + } $fw->AddNet( $net, $ip, $netmask, $zone, $description ); if( !$in{'new'} && $newnet ne $net ) { if( !$fw->RenameItem( $net, $newnet ) ) { From 248f7f6a32e4d4897925529ee9ad32609f36f713 Mon Sep 17 00:00:00 2001 From: netcons Date: Sat, 26 Oct 2024 09:08:27 +0200 Subject: [PATCH 012/113] Bump blacklist version. --- src/turtlefirewall/setup/domain_blacklist | 2 +- src/turtlefirewall/setup/ip_blacklist | 2 +- src/turtlefirewall/setup/ja3_blacklist | 2 +- src/turtlefirewall/setup/sha1_blacklist | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/turtlefirewall/setup/domain_blacklist b/src/turtlefirewall/setup/domain_blacklist index bcc0cb7..20aec45 100644 --- a/src/turtlefirewall/setup/domain_blacklist +++ b/src/turtlefirewall/setup/domain_blacklist @@ -4,7 +4,7 @@ # ln -sf /usr/lib/turtlefirewall/domain_blacklist /etc/cron.daily/domain_blacklist # -echo -e "\nTurtle Firewall 2.3 - Domain Blacklist"; +echo -e "\nTurtle Firewall 2.4 - Domain Blacklist"; echo -e "Copyright (c) 2001-2024 Andrea Frigido\n"; fw_file="/etc/turtlefirewall/fw.xml" diff --git a/src/turtlefirewall/setup/ip_blacklist b/src/turtlefirewall/setup/ip_blacklist index 59274ff..665311b 100644 --- a/src/turtlefirewall/setup/ip_blacklist +++ b/src/turtlefirewall/setup/ip_blacklist @@ -4,7 +4,7 @@ # ln -sf /usr/lib/turtlefirewall/ip_blacklist /etc/cron.daily/ip_blacklist # -echo -e "\nTurtle Firewall 2.3 - IP Blacklist"; +echo -e "\nTurtle Firewall 2.4 - IP Blacklist"; echo -e "Copyright (c) 2001-2024 Andrea Frigido\n"; fw_file="/etc/turtlefirewall/fw.xml" diff --git a/src/turtlefirewall/setup/ja3_blacklist b/src/turtlefirewall/setup/ja3_blacklist index 0f43a23..3284a2d 100644 --- a/src/turtlefirewall/setup/ja3_blacklist +++ b/src/turtlefirewall/setup/ja3_blacklist @@ -4,7 +4,7 @@ # ln -sf /usr/lib/turtlefirewall/ja3_blacklist /etc/cron.daily/ja3_blacklist # -echo -e "\nTurtle Firewall 2.3 - JA3 Blacklist"; +echo -e "\nTurtle Firewall 2.4 - JA3 Blacklist"; echo -e "Copyright (c) 2001-2024 Andrea Frigido\n"; fw_file="/etc/turtlefirewall/fw.xml" diff --git a/src/turtlefirewall/setup/sha1_blacklist b/src/turtlefirewall/setup/sha1_blacklist index 7ccc5e7..7503cb7 100644 --- a/src/turtlefirewall/setup/sha1_blacklist +++ b/src/turtlefirewall/setup/sha1_blacklist @@ -4,7 +4,7 @@ # ln -sf /usr/lib/turtlefirewall/sha1_blacklist /etc/cron.daily/sha1_blacklist # -echo -e "\nTurtle Firewall 2.3 - SHA1 Blacklist"; +echo -e "\nTurtle Firewall 2.4 - SHA1 Blacklist"; echo -e "Copyright (c) 2001-2024 Andrea Frigido\n"; fw_file="/etc/turtlefirewall/fw.xml" From d71117c4119af8bf076a40d9b719248e378b1001 Mon Sep 17 00:00:00 2001 From: netcons Date: Sat, 26 Oct 2024 11:44:24 +0200 Subject: [PATCH 013/113] Exclude blacklist names. --- src/turtlefirewall/lang/de | 5 +++-- src/turtlefirewall/lang/en | 5 +++-- src/turtlefirewall/lang/fr | 5 +++-- src/turtlefirewall/lang/it | 5 +++-- src/turtlefirewall/lang/nl | 5 +++-- src/turtlefirewall/save_ipset.cgi | 7 +++++-- 6 files changed, 20 insertions(+), 12 deletions(-) diff --git a/src/turtlefirewall/lang/de b/src/turtlefirewall/lang/de index 1f4d2eb..895b674 100644 --- a/src/turtlefirewall/lang/de +++ b/src/turtlefirewall/lang/de @@ -386,8 +386,9 @@ save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. save_ipset_error5=ipset field can't be empty. -save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. -save_ipset_error7=wrong ipset name format. +save_ipset_error6=that name is reserved. +save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error8=wrong ipset name format. save_nat_error_title1=Fail to delete Nat save_nat_error_title2=Fail to create new Nat diff --git a/src/turtlefirewall/lang/en b/src/turtlefirewall/lang/en index 7fe0aa7..d92a929 100644 --- a/src/turtlefirewall/lang/en +++ b/src/turtlefirewall/lang/en @@ -386,8 +386,9 @@ save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. save_ipset_error5=ipset field can't be empty. -save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. -save_ipset_error7=wrong ipset name format. +save_ipset_error6=that name is reserved. +save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error8=wrong ipset name format. save_nat_error_title1=Fail to delete Nat save_nat_error_title2=Fail to create new Nat diff --git a/src/turtlefirewall/lang/fr b/src/turtlefirewall/lang/fr index ccb0dcc..0128757 100644 --- a/src/turtlefirewall/lang/fr +++ b/src/turtlefirewall/lang/fr @@ -386,8 +386,9 @@ save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. save_ipset_error5=ipset field can't be empty. -save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. -save_ipset_error7=wrong ipset name format. +save_ipset_error6=that name is reserved. +save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error8=wrong ipset name format. save_nat_error_title1=Fail to delete Nat save_nat_error_title2=Fail to create new Nat diff --git a/src/turtlefirewall/lang/it b/src/turtlefirewall/lang/it index 393801b..863b131 100644 --- a/src/turtlefirewall/lang/it +++ b/src/turtlefirewall/lang/it @@ -386,8 +386,9 @@ save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. save_ipset_error5=ipset field can't be empty. -save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. -save_ipset_error7=wrong ipset name format. +save_ipset_error6=that name is reserved. +save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error8=wrong ipset name format. save_nat_error_title1=Errore cancellando la regola Nat save_nat_error_title2=Errore creando la regola Nat diff --git a/src/turtlefirewall/lang/nl b/src/turtlefirewall/lang/nl index 3d81cfe..6a8fd2a 100644 --- a/src/turtlefirewall/lang/nl +++ b/src/turtlefirewall/lang/nl @@ -386,8 +386,9 @@ save_ipset_error2=Item with same name already present. save_ipset_error3=ipset name field can't be empty. save_ipset_error4=wrong zone. save_ipset_error5=ipset field can't be empty. -save_ipset_error6=ipset "$1" can't be renamed to "$2", it already exists. -save_ipset_error7=wrong ipset name format. +save_ipset_error6=that name is reserved. +save_ipset_error7=ipset "$1" can't be renamed to "$2", it already exists. +save_ipset_error8=wrong ipset name format. save_nat_error_title1=Fail to delete Nat save_nat_error_title2=Fail to create new Nat diff --git a/src/turtlefirewall/save_ipset.cgi b/src/turtlefirewall/save_ipset.cgi index 847b4ce..c77570c 100644 --- a/src/turtlefirewall/save_ipset.cgi +++ b/src/turtlefirewall/save_ipset.cgi @@ -17,7 +17,7 @@ my $ip = $in{'ip'}; my $zone = $in{'zone'}; my $description = $in{'description'}; -if( ! $fw->checkName($newipset) ) { &error( $text{save_ipset_error7} ); } +if( ! $fw->checkName($newipset) ) { &error( $text{save_ipset_error8} ); } if( $in{'delete'} ) { # delete ipset @@ -47,10 +47,13 @@ if( $in{'delete'} ) { if ( $ipset eq '' ) { &error( $text{save_ipset_error3} ); } if ( ! $fw->GetZone($zone) ) { &error( $text{save_ipset_error4} ); } if ( $ip eq '' ) { &error( $text{save_ipset_error5} ); } + foreach my $b (sort keys %blacklists) { + if ( $ipset eq $b ) { &error( $text{save_ipset_error6} ); } + } $fw->AddIPSet( $ipset, $ip, $zone, $description ); if( !$in{'new'} && $newipset ne $ipset ) { if( !$fw->RenameItem( $ipset, $newipset ) ) { - &error( &text('save_ipset_error6', $ipset, $newipset) ); + &error( &text('save_ipset_error7', $ipset, $newipset) ); } } } From d2dfc2713e1174999078b0415e503bb8c536976d Mon Sep 17 00:00:00 2001 From: netcons Date: Sat, 26 Oct 2024 14:07:39 +0200 Subject: [PATCH 014/113] Exclude blacklist names extended. --- src/turtlefirewall/save_addresslist.cgi | 13 +++++++------ src/turtlefirewall/save_ipset.cgi | 13 +++++++------ 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/src/turtlefirewall/save_addresslist.cgi b/src/turtlefirewall/save_addresslist.cgi index 7874070..eae56c4 100644 --- a/src/turtlefirewall/save_addresslist.cgi +++ b/src/turtlefirewall/save_addresslist.cgi @@ -19,6 +19,10 @@ my $description = $in{'description'}; if( ! $fw->checkName($newaddresslist) ) { &error( $text{save_addresslist_error8} ); } +foreach my $b (sort keys %blacklists) { + if( $addresslist eq $b || $newaddresslist eq $b ) { &error( $text{save_addresslist_error4} ); } +} + if( $in{'delete'} ) { # delete addresslist if( $in{'d'} ) { @@ -44,12 +48,9 @@ if( $in{'delete'} ) { } else { $whatfailed = $text{save_addresslist_error_title3}; } - if ( $addresslist eq '' ) { &error( $text{save_addresslist_error3} ); } - foreach my $b (sort keys %blacklists) { - if ( $addresslist eq $b ) { &error( $text{save_addresslist_error4} ); } - } - if ( $file eq '' ) { &error( $text{save_addresslist_error5} ); } - if ( ! -f $file ) { &error( $text{save_addresslist_error6} ); } + if( $addresslist eq '' ) { &error( $text{save_addresslist_error3} ); } + if( $file eq '' ) { &error( $text{save_addresslist_error5} ); } + if( ! -f $file ) { &error( $text{save_addresslist_error6} ); } $fw->AddAddressList( $addresslist, $file, $type, $description ); if( !$in{'new'} && $newaddresslist ne $addresslist ) { if( !$fw->RenameItem( $addresslist, $newaddresslist ) ) { diff --git a/src/turtlefirewall/save_ipset.cgi b/src/turtlefirewall/save_ipset.cgi index c77570c..63071d1 100644 --- a/src/turtlefirewall/save_ipset.cgi +++ b/src/turtlefirewall/save_ipset.cgi @@ -19,6 +19,10 @@ my $description = $in{'description'}; if( ! $fw->checkName($newipset) ) { &error( $text{save_ipset_error8} ); } +foreach my $b (sort keys %blacklists) { + if( $ipset eq $b || $newipset eq $b ) { &error( $text{save_ipset_error6} ); } +} + if( $in{'delete'} ) { # delete ipset if( $in{'d'} ) { @@ -44,12 +48,9 @@ if( $in{'delete'} ) { } else { $whatfailed = $text{save_ipset_error_title3}; } - if ( $ipset eq '' ) { &error( $text{save_ipset_error3} ); } - if ( ! $fw->GetZone($zone) ) { &error( $text{save_ipset_error4} ); } - if ( $ip eq '' ) { &error( $text{save_ipset_error5} ); } - foreach my $b (sort keys %blacklists) { - if ( $ipset eq $b ) { &error( $text{save_ipset_error6} ); } - } + if( $ipset eq '' ) { &error( $text{save_ipset_error3} ); } + if( ! $fw->GetZone($zone) ) { &error( $text{save_ipset_error4} ); } + if( $ip eq '' ) { &error( $text{save_ipset_error5} ); } $fw->AddIPSet( $ipset, $ip, $zone, $description ); if( !$in{'new'} && $newipset ne $ipset ) { if( !$fw->RenameItem( $ipset, $newipset ) ) { From f47d9d1ef44d61f0ad7188ce5fcc811098b4f099 Mon Sep 17 00:00:00 2001 From: netcons Date: Sat, 26 Oct 2024 16:51:20 +0200 Subject: [PATCH 015/113] Limit netmask textbox size --- src/turtlefirewall/edit_net.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/turtlefirewall/edit_net.cgi b/src/turtlefirewall/edit_net.cgi index fd69f13..e03ef77 100644 --- a/src/turtlefirewall/edit_net.cgi +++ b/src/turtlefirewall/edit_net.cgi @@ -45,7 +45,7 @@ if( $new ) { print &ui_columns_row([ "$text{'name'}", $col ], \@tds); $col = &ui_textbox("ip", $ip); print &ui_columns_row([ "$text{'netaddress'}", $col ], \@tds); -$col = &ui_textbox("netmask", $netmask); +$col = &ui_textbox("netmask", $netmask, 15, 0, 15); print &ui_columns_row([ "$text{'netmask'}", $col ], \@tds); $col = &ui_select("zone", $zone, \@zones); print &ui_columns_row([ "$text{'zone'}", $col ], \@tds); From e1f4bdead9264aaa54f9f80b7643f116e05556cb Mon Sep 17 00:00:00 2001 From: netcons Date: Sat, 26 Oct 2024 17:02:28 +0200 Subject: [PATCH 016/113] Standardize address icon. --- src/turtlefirewall/edit_addresslist.cgi | 2 +- src/turtlefirewall/edit_ipset.cgi | 2 +- src/turtlefirewall/images/db.png | Bin 360 -> 0 bytes src/turtlefirewall/list_items.cgi | 6 +++--- 4 files changed, 5 insertions(+), 5 deletions(-) delete mode 100644 src/turtlefirewall/images/db.png diff --git a/src/turtlefirewall/edit_addresslist.cgi b/src/turtlefirewall/edit_addresslist.cgi index 70e9e8d..1f1cd06 100644 --- a/src/turtlefirewall/edit_addresslist.cgi +++ b/src/turtlefirewall/edit_addresslist.cgi @@ -41,7 +41,7 @@ if( $new ) { $col = &ui_textbox("newaddresslist", $in{'addresslist'}); $col .= &ui_hidden("addresslist", $in{'addresslist'}); } -print &ui_columns_row([ "$text{'name'}", $col ], \@tds); +print &ui_columns_row([ "$text{'name'}", $col ], \@tds); $col = &ui_textbox("file", $file, 60, 0, 60); print &ui_columns_row([ "$text{'file'}", $col ], \@tds); $col = &ui_select("type", $type, \@types); diff --git a/src/turtlefirewall/edit_ipset.cgi b/src/turtlefirewall/edit_ipset.cgi index 59d94f1..007adf6 100644 --- a/src/turtlefirewall/edit_ipset.cgi +++ b/src/turtlefirewall/edit_ipset.cgi @@ -45,7 +45,7 @@ if( $new ) { } print &ui_columns_row([ "$text{'name'}", $col ], \@tds); $col = &ui_select("ip", $ip, \@ips); -print &ui_columns_row([ "$text{'addresslist'}", $col ], \@tds); +print &ui_columns_row([ "$text{'addresslist'}", $col ], \@tds); $col = &ui_select("zone", $zone, \@zones); print &ui_columns_row([ "$text{'zone'}", $col ], \@tds); $col = &ui_textbox("description", $description, 60, 0, 60); diff --git a/src/turtlefirewall/images/db.png b/src/turtlefirewall/images/db.png deleted file mode 100644 index f5e2c90f63e64601c08b6c44999bd66227d0fa05..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 360 zcmV-u0hj)XP)77(2Q0<}swDu< zCEZj",$text{'addresslist'}); + print &ui_subheading("",$text{'addresslist'}); print &ui_form_start("save_addresslist.cgi", "post"); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), @@ -462,7 +462,7 @@ sub showAddressList { my %addresslist = $fw->GetAddressList($k); local @cols; my $href = &ui_link("edit_addresslist.cgi?addresslist=$k",$k); - push(@cols, "$href" ); + push(@cols, "$href" ); push(@cols, "$addresslist{'FILE'}" ); my $listcount = qx{wc -l < $addresslist{'FILE'} 2>/dev/null}; if( $listcount eq '' ) { $listcount = '0'; } @@ -500,7 +500,7 @@ sub showIPSet { local @cols; my $href = &ui_link("edit_ipset.cgi?ipset=$k",$k); push(@cols, "$href" ); - push(@cols, "$ipset{'IP'}" ); + push(@cols, "$ipset{'IP'}" ); push(@cols, "$ipset{'ZONE'}" ); push(@cols, "".($ipset{'DESCRIPTION'} ne '' ? "$ipset{'DESCRIPTION'}" : ' ')."" ); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); From 5f00501a9d68558f11351fda53d373c7beca3528 Mon Sep 17 00:00:00 2001 From: netcons Date: Sat, 26 Oct 2024 17:07:14 +0200 Subject: [PATCH 017/113] Limit net address textbox size --- src/turtlefirewall/edit_net.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/turtlefirewall/edit_net.cgi b/src/turtlefirewall/edit_net.cgi index e03ef77..fa9f262 100644 --- a/src/turtlefirewall/edit_net.cgi +++ b/src/turtlefirewall/edit_net.cgi @@ -43,7 +43,7 @@ if( $new ) { $col .= &ui_hidden("net", $in{'net'}); } print &ui_columns_row([ "$text{'name'}", $col ], \@tds); -$col = &ui_textbox("ip", $ip); +$col = &ui_textbox("ip", $ip, 15, 0, 15); print &ui_columns_row([ "$text{'netaddress'}", $col ], \@tds); $col = &ui_textbox("netmask", $netmask, 15, 0, 15); print &ui_columns_row([ "$text{'netmask'}", $col ], \@tds); From dd93347bbbc0d39059145751a7cf14f664edc87e Mon Sep 17 00:00:00 2001 From: netcons Date: Mon, 28 Oct 2024 08:46:01 +0200 Subject: [PATCH 018/113] Add GeoIP and IPset to Masquerade and Redirect --- src/turtlefirewall/edit_masq.cgi | 4 ++ src/turtlefirewall/edit_redirect.cgi | 4 ++ src/turtlefirewall/setup/TurtleFirewall.pm | 44 +++++++++++++++------- 3 files changed, 38 insertions(+), 14 deletions(-) diff --git a/src/turtlefirewall/edit_masq.cgi b/src/turtlefirewall/edit_masq.cgi index a24a3a7..83a2c32 100644 --- a/src/turtlefirewall/edit_masq.cgi +++ b/src/turtlefirewall/edit_masq.cgi @@ -40,6 +40,8 @@ push @items_src, grep(!/FIREWALL/, $fw->GetZoneList()); push @items_src, $fw->GetNetList(); push @items_src, $fw->GetHostList(); push @items_src, $fw->GetGroupList(); +push @items_src, $fw->GetGeoipList(); +push @items_src, $fw->GetIPSetList(); @items_src = sort(@items_src); my @items_dst = (); @@ -47,6 +49,8 @@ push @items_dst, grep(!/FIREWALL/, $fw->GetZoneList()); push @items_dst, $fw->GetNetList(); push @items_dst, $fw->GetHostList(); push @items_dst, $fw->GetGroupList(); +push @items_dst, $fw->GetGeoipList(); +push @items_dst, $fw->GetIPSetList(); @items_dst = sort(@items_dst); print &ui_subheading($heading); diff --git a/src/turtlefirewall/edit_redirect.cgi b/src/turtlefirewall/edit_redirect.cgi index 3be818c..6ea79c4 100644 --- a/src/turtlefirewall/edit_redirect.cgi +++ b/src/turtlefirewall/edit_redirect.cgi @@ -42,6 +42,8 @@ push @items_src, grep(!/FIREWALL/, $fw->GetZoneList()); push @items_src, $fw->GetNetList(); push @items_src, $fw->GetHostList(); push @items_src, $fw->GetGroupList(); +push @items_src, $fw->GetGeoipList(); +push @items_src, $fw->GetIPSetList(); @items_src = sort(@items_src); my @items_dst = ('*'); @@ -50,6 +52,8 @@ my @items_dst = ('*'); push @items_dst, $fw->GetNetList(); push @items_dst, $fw->GetHostList(); push @items_dst, $fw->GetGroupList(); +push @items_dst, $fw->GetGeoipList(); +push @items_dst, $fw->GetIPSetList(); @items_dst = sort(@items_dst); print &ui_subheading($heading); diff --git a/src/turtlefirewall/setup/TurtleFirewall.pm b/src/turtlefirewall/setup/TurtleFirewall.pm index 1e787d7..b29186e 100644 --- a/src/turtlefirewall/setup/TurtleFirewall.pm +++ b/src/turtlefirewall/setup/TurtleFirewall.pm @@ -2567,10 +2567,10 @@ sub applyMasquerade { $service = 'all'; } - my ($src_zone, $src_peer, undef, $src_mac) = $this->expand_item( $src ); + my ($src_zone, $src_peer, $src_type, $src_mac) = $this->expand_item( $src ); my %src_zone_attr = $this->GetZone( $src_zone ); $src_if = $src_zone_attr{IF}; - my ($dst_zone, $dst_peer, undef, undef) = $this->expand_item( $dst ); + my ($dst_zone, $dst_peer, $dst_type, undef) = $this->expand_item( $dst ); my %dst_zone_attr = $this->GetZone( $dst_zone ); $dst_if = $dst_zone_attr{IF}; @@ -2580,7 +2580,7 @@ sub applyMasquerade { if( $src_mac ne '' ) { print "(mac:$src_mac)"; } print " --> $dst IF $dst_if\n"; - $rules .= $this->applyServiceMasquerade( \%services, $service, $src_if, $src_peer, $src_mac, $dst_if, $dst_peer, $port, $is_masquerade); + $rules .= $this->applyServiceMasquerade( \%services, $service, $src_if, $src_peer, $src_type, $src_mac, $dst_if, $dst_peer, $dst_type, $port, $is_masquerade); return $rules; } @@ -2592,7 +2592,7 @@ sub applyServiceMasquerade { sub _applyServiceMasquerade { my $this = shift; - my ($ref_calledServices, $ref_services, $serviceName, $src_if, $src_peer, $src_mac, $dst_if, $dst_peer, $port, $is_masquerade) = @_; + my ($ref_calledServices, $ref_services, $serviceName, $src_if, $src_peer, $src_type, $src_mac, $dst_if, $dst_peer, $dst_type, $port, $is_masquerade) = @_; my %service = %{$ref_services->{$serviceName}}; @@ -2612,7 +2612,7 @@ sub _applyServiceMasquerade { if( $filter{SERVICE} ne '' && !$ref_calledServices->{$filter{SERVICE}} ) { # It is a subservice, recursion call to _applyServiceMasquerade $rules .= $this->_applyServiceMasquerade( $ref_calledServices, $ref_services, $filter{SERVICE}, - $src_if, $src_peer, $src_mac, $dst_if, $dst_peer, $port, $is_masquerade ); + $src_if, $src_peer, $src_type, $src_mac, $dst_if, $dst_peer, $dst_type, $port, $is_masquerade ); next; } @@ -2641,12 +2641,20 @@ sub _applyServiceMasquerade { if( $direction eq 'go' && ($jump eq '' || $jump eq 'ACCEPT') ) { $cmd = "-A MASQ "; if( $src_if ne '' ) { $cmd .= "-i $src_if "; } - if( $src_peer ne '0.0.0.0/0' && $src_peer ne '' ) { $cmd .= "-s $src_peer "; } + if( $src_peer ne '' ) { + if( $src_type eq 'GEOIP' ) { $cmd .= "-m geoip --source-country $src_peer "; } + if( $src_type eq 'IPSET' ) { $cmd .= "-m set --match-set $src_peer src "; } + if( $src_type =~ /HOST|NET/ ) { $cmd .= "-s $src_peer "; } + } if( $src_mac =~ /^[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}$/ ) { $cmd .= "-m mac --mac-source $src_mac "; } if( $dst_if ne '' ) { $cmd .= "-o $dst_if "; } - if( $dst_peer ne '0.0.0.0/0' && $dst_peer ne '' ) { $cmd .= "-d $dst_peer "; } + if( $dst_peer ne '' ) { + if( $dst_type eq 'GEOIP' ) { $cmd .= "-m geoip --destination-country $dst_peer "; } + if( $dst_type eq 'IPSET' ) { $cmd .= "-m set --match-set $dst_peer dst "; } + if( $dst_type =~ /HOST|NET/ ) { $cmd .= "-d $dst_peer "; } + } if( $p ne '' ) { $cmd .= "-p $p "; } if( $sport ne '' ) { $cmd .= "--sport $sport "; } if( $dport ne '' ) { $cmd .= "--dport $dport "; } @@ -2718,7 +2726,7 @@ sub applyRedirect { my $port = $redirect{PORT}; my $toport = $redirect{TOPORT}; - my ($src_zone, $src_peer, undef, $src_mac) = $this->expand_item( $src ); + my ($src_zone, $src_peer, $src_type, $src_mac) = $this->expand_item( $src ); my %src_zone_attr = $this->GetZone( $src_zone ); my $src_if = $src_zone_attr{IF}; @@ -2730,7 +2738,7 @@ sub applyRedirect { $dst_peer = '0.0.0.0/0'; $dst_if = ''; } else { - ($dst_zone, $dst_peer, undef, undef) = $this->expand_item( $dst ); + ($dst_zone, $dst_peer, $dst_type, undef) = $this->expand_item( $dst ); my %dst_zone_attr = $this->GetZone( $dst_zone ); $dst_if = $dst_zone_attr{IF}; } @@ -2751,7 +2759,7 @@ sub applyRedirect { print "\n"; # I create the 2 return chains - $rules .= $this->applyServiceRedirect( \%services, $service, $src_if, $src_peer, $src_mac, $dst_if, $dst_peer, $port, $toport, $is_redirect); + $rules .= $this->applyServiceRedirect( \%services, $service, $src_if, $src_peer, $src_type, $src_mac, $dst_if, $dst_peer, $dst_type, $port, $toport, $is_redirect); return $rules; } @@ -2764,7 +2772,7 @@ sub applyServiceRedirect { sub _applyServiceRedirect { my $this = shift; - my ($ref_calledServices, $ref_services, $serviceName, $src_if, $src_peer, $src_mac, $dst_if, $dst_peer, $port, $toport, $is_redirect) = @_; + my ($ref_calledServices, $ref_services, $serviceName, $src_if, $src_peer, $src_type, $src_mac, $dst_if, $dst_peer, $dst_type, $port, $toport, $is_redirect) = @_; my $rules = ''; @@ -2780,7 +2788,7 @@ sub _applyServiceRedirect { if( $filter{SERVICE} ne '' && !$ref_calledServices->{$filter{SERVICE}} ) { # It is a subservice, recursion call to _applyService $rules .= $this->_applyServiceRedirect( $ref_calledServices, $ref_services, $filter{SERVICE}, - $src_if, $src_peer, $src_mac, $dst_if, $dst_peer, $port, $toport, $is_redirect ); + $src_if, $src_peer, $src_type, $src_mac, $dst_if, $dst_peer, $dst_type, $port, $toport, $is_redirect ); next; } @@ -2802,7 +2810,11 @@ sub _applyServiceRedirect { my $cmd = "-A REDIR "; if( $src_if ne '' ) { $cmd .= "-i $src_if "; } - if( $src_peer ne '0.0.0.0/0' && $src_peer ne '' ) { $cmd .= "-s $src_peer "; } + if( $src_peer ne '' ) { + if( $src_type eq 'GEOIP' ) { $cmd .= "-m geoip --source-country $src_peer "; } + if( $src_type eq 'IPSET' ) { $cmd .= "-m set --match-set $src_peer src "; } + if( $src_type =~ /HOST|NET/ ) { $cmd .= "-s $src_peer "; } + } # Invalid Redirect, Ignore #if( $src_mac =~ /^[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}$/ ) { @@ -2811,7 +2823,11 @@ sub _applyServiceRedirect { # iptables prerouting chain don't accept -o option. #if( $dst_if ne '' ) { $cmd .= "-o $dst_if "; } - if( $dst_peer ne '0.0.0.0/0' && $dst_peer ne '' ) { $cmd .= "-d $dst_peer "; } + if( $dst_peer ne '' ) { + if( $dst_type eq 'GEOIP' ) { $cmd .= "-m geoip --destination-country $dst_peer "; } + if( $dst_type eq 'IPSET' ) { $cmd .= "-m set --match-set $dst_peer dst "; } + if( $dst_type =~ /HOST|NET/ ) { $cmd .= "-d $dst_peer "; } + } if( $p ne '' ) { $cmd .= "-p $p "; From e90f47ac4130840e9b17ca48cce9c2e0f75c87c2 Mon Sep 17 00:00:00 2001 From: netcons Date: Mon, 28 Oct 2024 16:19:29 +0200 Subject: [PATCH 019/113] Bug : Include reserved name check on item rename. --- src/turtlefirewall/save_hostnameset.cgi | 3 ++- src/turtlefirewall/save_ratelimit.cgi | 3 ++- src/turtlefirewall/save_riskset.cgi | 3 ++- src/turtlefirewall/save_time.cgi | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/turtlefirewall/save_hostnameset.cgi b/src/turtlefirewall/save_hostnameset.cgi index c325e53..4cae000 100644 --- a/src/turtlefirewall/save_hostnameset.cgi +++ b/src/turtlefirewall/save_hostnameset.cgi @@ -18,6 +18,8 @@ my $description = $in{'description'}; $hostnamesetlist =~ s/^\s+|\s+$//g; +if ( $hostnameset eq 'any' || $newhostnameset eq 'any' ) { &error( $text{save_hostnameset_error8} ); } + if( ! $fw->checkName($newhostnameset) ) { &error( $text{save_hostnameset_error6} ); } if( $in{'delete'} ) { @@ -46,7 +48,6 @@ if( $in{'delete'} ) { $whatfailed = $text{save_hostnameset_error_title3}; } if ( $hostnameset eq '' ) { &error( $text{save_hostnameset_error3} ); } - if ( $hostnameset eq 'any' ) { &error( $text{save_hostnameset_error8} ); } if ( $hostnamesetlist eq '' ) { &error( $text{save_hostnameset_error4} ); } else { diff --git a/src/turtlefirewall/save_ratelimit.cgi b/src/turtlefirewall/save_ratelimit.cgi index 44e5868..bbd8b9b 100644 --- a/src/turtlefirewall/save_ratelimit.cgi +++ b/src/turtlefirewall/save_ratelimit.cgi @@ -18,6 +18,8 @@ my $description = $in{'description'}; if( ! $fw->checkName($newratelimit) ) { &error( $text{save_ratelimit_error6} ); } +if ( $ratelimit eq 'none' || $newratelimit eq 'none' ) { &error( $text{save_ratelimit_error7} ); } + if( $in{'delete'} ) { # delete ratelimit if( $in{'d'} ) { @@ -44,7 +46,6 @@ if( $in{'delete'} ) { $whatfailed = $text{save_ratelimit_error_title3}; } if ( $ratelimit eq '' ) { &error( $text{save_ratelimit_error3} ); } - if ( $ratelimit eq 'none' ) { &error( $text{save_ratelimit_error7} ); } if( $rate eq '' || ($rate < 0.1 || $rate > 999) ) { &error( $text{save_ratelimit_error4} ); diff --git a/src/turtlefirewall/save_riskset.cgi b/src/turtlefirewall/save_riskset.cgi index 086b702..630c1f5 100644 --- a/src/turtlefirewall/save_riskset.cgi +++ b/src/turtlefirewall/save_riskset.cgi @@ -19,6 +19,8 @@ my $description = $in{'description'}; if( ! $fw->checkName($newriskset) ) { &error( $text{save_riskset_error6} ); } +if ( $riskset eq 'none' || $newriskset eq 'none' ) { &error( $text{save_riskset_error7} ); } + if( $in{'delete'} ) { # delete riskset if( $in{'d'} ) { @@ -45,7 +47,6 @@ if( $in{'delete'} ) { $whatfailed = $text{save_riskset_error_title3}; } if ( $riskset eq '' ) { &error( $text{save_riskset_error3} ); } - if ( $riskset eq 'none' ) { &error( $text{save_riskset_error7} ); } if ( $risks eq '' ) { &error( $text{save_riskset_error4} ); } $fw->AddRiskSet( $riskset, $risks, $description ); diff --git a/src/turtlefirewall/save_time.cgi b/src/turtlefirewall/save_time.cgi index 770e8ed..9f64970 100644 --- a/src/turtlefirewall/save_time.cgi +++ b/src/turtlefirewall/save_time.cgi @@ -19,6 +19,8 @@ my $description = $in{'description'}; if( ! $fw->checkName($newtime) ) { &error( $text{save_time_error8} ); } +if ( $time eq 'always' || $newtime eq 'always' ) { &error( $text{save_time_error9} ); } + if( $in{'delete'} ) { # delete time if( $in{'d'} ) { @@ -45,7 +47,6 @@ if( $in{'delete'} ) { $whatfailed = $text{save_time_error_title3}; } if ( $time eq '' ) { &error( $text{save_time_error3} ); } - if ( $time eq 'always' ) { &error( $text{save_time_error9} ); } if ( $timestart eq '' || $timestop eq '' ) { &error( $text{save_time_error5} ); } if ( $timestart ne '' && $timestart !~ /^([0-1][0-9]|[2][0-3]):([0-5][0-9])$/ ) { &error( $text{save_time_error6} ); From cf31d71705e47874f9d67d8b818015942996292c Mon Sep 17 00:00:00 2001 From: netcons Date: Sat, 2 Nov 2024 09:53:13 +0200 Subject: [PATCH 020/113] Feature : Add item reference lookup support. --- CHANGELOG | 1 + src/turtlefirewall/backup.cgi | 2 +- src/turtlefirewall/edit_addresslist.cgi | 12 +- src/turtlefirewall/edit_connmark.cgi | 24 +- src/turtlefirewall/edit_connmarkpreroute.cgi | 24 +- src/turtlefirewall/edit_conntrack.cgi | 16 +- src/turtlefirewall/edit_conntrackpreroute.cgi | 16 +- src/turtlefirewall/edit_flowstat.cgi | 14 +- src/turtlefirewall/edit_geoip.cgi | 12 +- src/turtlefirewall/edit_group.cgi | 10 +- src/turtlefirewall/edit_host.cgi | 14 +- src/turtlefirewall/edit_hostnameset.cgi | 10 +- src/turtlefirewall/edit_ipset.cgi | 12 +- .../{edit_masq.cgi => edit_masquerade.cgi} | 18 +- src/turtlefirewall/edit_nat.cgi | 16 +- src/turtlefirewall/edit_net.cgi | 14 +- src/turtlefirewall/edit_options.cgi | 6 +- src/turtlefirewall/edit_ratelimit.cgi | 10 +- src/turtlefirewall/edit_redirect.cgi | 16 +- src/turtlefirewall/edit_riskset.cgi | 10 +- src/turtlefirewall/edit_rule.cgi | 30 +- src/turtlefirewall/edit_time.cgi | 14 +- src/turtlefirewall/edit_timegroup.cgi | 10 +- src/turtlefirewall/edit_zone.cgi | 10 +- src/turtlefirewall/index.cgi | 10 +- src/turtlefirewall/lang/de | 3 + src/turtlefirewall/lang/en | 3 + src/turtlefirewall/lang/fr | 3 + src/turtlefirewall/lang/it | 3 + src/turtlefirewall/lang/nl | 3 + src/turtlefirewall/list_actionlog.cgi | 2 +- src/turtlefirewall/list_countrycodes.cgi | 4 +- src/turtlefirewall/list_flowlog.cgi | 2 +- src/turtlefirewall/list_flowstat.cgi | 2 +- src/turtlefirewall/list_itemreferences.cgi | 51 +++ src/turtlefirewall/list_items.cgi | 432 ++++++++++-------- src/turtlefirewall/list_manglerules.cgi | 90 ++-- src/turtlefirewall/list_nat.cgi | 92 ++-- src/turtlefirewall/list_ndpiprotocols.cgi | 4 +- src/turtlefirewall/list_ndpirisks.cgi | 4 +- src/turtlefirewall/list_rawrules.cgi | 61 +-- src/turtlefirewall/list_rules.cgi | 61 +-- src/turtlefirewall/list_services.cgi | 4 +- src/turtlefirewall/save_connmark.cgi | 2 + .../{save_masq.cgi => save_masquerade.cgi} | 0 src/turtlefirewall/setup/TurtleFirewall.pm | 72 +++ src/turtlefirewall/turtlefirewall-lib.pl | 71 +++ 47 files changed, 741 insertions(+), 559 deletions(-) rename src/turtlefirewall/{edit_masq.cgi => edit_masquerade.cgi} (73%) create mode 100644 src/turtlefirewall/list_itemreferences.cgi rename src/turtlefirewall/{save_masq.cgi => save_masquerade.cgi} (100%) diff --git a/CHANGELOG b/CHANGELOG index e31faaf..133015a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -245,5 +245,6 @@ CHANGELOG - Feature : nDPI 4.9.11 support. - Feature : Add ipset support. - Feature : Add prefix support for net items. + - Feature : Add item reference lookup support. - Todo : Translate new features - Todo : Fix backup.cgi restore upload. diff --git a/src/turtlefirewall/backup.cgi b/src/turtlefirewall/backup.cgi index a1f85f0..382050b 100644 --- a/src/turtlefirewall/backup.cgi +++ b/src/turtlefirewall/backup.cgi @@ -15,7 +15,7 @@ if( $in{download} ) { &backup_download(); } -&ui_print_header( "$text{'backup_title'}", $text{'title'}, "" ); +&ui_print_header( "$icons{SHIELD}{IMAGE}$text{'backup_title'}", $text{'title'}, "" ); if( $in{upload} ) { # FIXME diff --git a/src/turtlefirewall/edit_addresslist.cgi b/src/turtlefirewall/edit_addresslist.cgi index 1f1cd06..ff10c68 100644 --- a/src/turtlefirewall/edit_addresslist.cgi +++ b/src/turtlefirewall/edit_addresslist.cgi @@ -15,9 +15,9 @@ $new = $in{'new'}; my $heading = ''; if( $new ) { - $heading = "$text{'edit_addresslist_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_addresslist_title_create'}"; } else { - $heading = "$text{'edit_addresslist_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_addresslist_title_edit'}"; } &ui_print_header( $heading, $text{'title'}, "" ); @@ -41,13 +41,13 @@ if( $new ) { $col = &ui_textbox("newaddresslist", $in{'addresslist'}); $col .= &ui_hidden("addresslist", $in{'addresslist'}); } -print &ui_columns_row([ "$text{'name'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ADDRESSLIST}{IMAGE}$text{'name'}", $col ], \@tds); $col = &ui_textbox("file", $file, 60, 0, 60); -print &ui_columns_row([ "$text{'file'}", $col ], \@tds); +print &ui_columns_row([ "$icons{FILE}{IMAGE}$text{'file'}", $col ], \@tds); $col = &ui_select("type", $type, \@types); -print &ui_columns_row([ "$text{'type'}", $col ], \@tds); +print &ui_columns_row([ "$icons{OPTION}{IMAGE}$text{'type'}", $col ], \@tds); $col = &ui_textbox("description", $description, 60, 0, 60); -print &ui_columns_row([ "$text{'description'}", $col ], \@tds); +print &ui_columns_row([ "$icons{DESCRIPTION}{IMAGE}$text{'description'}", $col ], \@tds); print &ui_columns_end(); print ""; diff --git a/src/turtlefirewall/edit_connmark.cgi b/src/turtlefirewall/edit_connmark.cgi index 998b4ee..579b834 100644 --- a/src/turtlefirewall/edit_connmark.cgi +++ b/src/turtlefirewall/edit_connmark.cgi @@ -14,7 +14,7 @@ do 'turtlefirewall-lib.pl'; $new = $in{'new'}; if( $new ) { - $heading = "$text{'edit_connmark_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_connmark_title_create'}"; $idx = ''; $src = ''; $dst = ''; @@ -28,7 +28,7 @@ if( $new ) { $mark = ''; $active = 1; } else { - $heading = "$text{'edit_connmark_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_connmark_title_edit'}"; $idx = $in{'idx'}; %rule = $fw->GetConnmark($idx); $src = $rule{'SRC'}; @@ -77,26 +77,26 @@ print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; if( !$new ) { $col = "$idx"; - print &ui_columns_row([ "ID", $col ], \@tds); + print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); } $col = &ui_select("src", \@selected_src, \@items, 5, 1); -print &ui_columns_row([ "$text{'rule_src'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'rule_src'}", $col ], \@tds); $col = &ui_select("dst", \@selected_dst, \@items, 5, 1); -print &ui_columns_row([ "$text{'rule_dst'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'rule_dst'}", $col ], \@tds); $col = &formService($service, $port, 1); -print &ui_columns_row([ "$text{'rule_service'}", $col ], \@tds); +print &ui_columns_row([ "$icons{SERVICE}{IMAGE}$text{'rule_service'}", $col ], \@tds); $col = &formNdpiProtocol($ndpi, $category, 1); -print &ui_columns_row([ "$text{'rule_ndpi'}", $col ], \@tds); +print &ui_columns_row([ "$icons{NDPISERVICE}{IMAGE}$text{'rule_ndpi'}", $col ], \@tds); $col = &ui_select("hostnameset", $hostnameset, \@hostnamesets); -print &ui_columns_row([ "$text{'rule_hostname_set'}", $col ], \@tds); +print &ui_columns_row([ "$icons{HOSTNAMESET}{IMAGE}$text{'rule_hostname_set'}", $col ], \@tds); $col = &ui_select("riskset", $riskset, \@risksets); -print &ui_columns_row([ "$text{'rule_risk_set'}", $col ], \@tds); +print &ui_columns_row([ "$icons{RISKSET}{IMAGE}$text{'rule_risk_set'}", $col ], \@tds); $col = &ui_select("time", $time, \@times); -print &ui_columns_row([ "$text{'rule_time'}", $col ], \@tds); +print &ui_columns_row([ "$icons{TIME}{IMAGE}$text{'rule_time'}", $col ], \@tds); $col = &ui_textbox("mark", $mark, 13, 0, 13); -print &ui_columns_row([ "$text{'rule_mark'}", $col ], \@tds); +print &ui_columns_row([ "$icons{MARK}{IMAGE}$text{'rule_mark'}", $col ], \@tds); $col = &ui_checkbox("active", 1, undef, $active ? 1 : 0); -print &ui_columns_row([ "$text{'rule_active'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ACTIVE}{IMAGE}$text{'rule_active'}", $col ], \@tds); print &ui_columns_end(); print "
"; diff --git a/src/turtlefirewall/edit_connmarkpreroute.cgi b/src/turtlefirewall/edit_connmarkpreroute.cgi index 3df5b48..f17cf46 100644 --- a/src/turtlefirewall/edit_connmarkpreroute.cgi +++ b/src/turtlefirewall/edit_connmarkpreroute.cgi @@ -14,7 +14,7 @@ do 'turtlefirewall-lib.pl'; $new = $in{'new'}; if( $new ) { - $heading = "$text{'edit_connmarkpreroute_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_connmarkpreroute_title_create'}"; $idx = ''; $src = ''; $dst = ''; @@ -28,7 +28,7 @@ if( $new ) { $mark = ''; $active = 1; } else { - $heading = "$text{'edit_connmarkpreroute_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_connmarkpreroute_title_edit'}"; $idx = $in{'idx'}; %rule = $fw->GetConnmarkPreroute($idx); $src = $rule{'SRC'}; @@ -81,27 +81,27 @@ print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; if( !$new ) { $col = "$idx"; - print &ui_columns_row([ "ID", $col ], \@tds); + print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); } $col = &ui_select("src", $src, \@items_src); -print &ui_columns_row([ "$text{'rule_src'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'rule_src'}", $col ], \@tds); $col = &ui_select("dst", $dst, \@items_dst); $col .= "$text{preroute_help}"; -print &ui_columns_row([ "$text{'rule_dst'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'rule_dst'}", $col ], \@tds); $col = &formService($service, $port, 1); -print &ui_columns_row([ "$text{'rule_service'}", $col ], \@tds); +print &ui_columns_row([ "$icons{SERVICE}{IMAGE}$text{'rule_service'}", $col ], \@tds); $col = &formNdpiProtocol($ndpi, $category, 1); -print &ui_columns_row([ "$text{'rule_ndpi'}", $col ], \@tds); +print &ui_columns_row([ "$icons{NDPISERVICE}{IMAGE}$text{'rule_ndpi'}", $col ], \@tds); $col = &ui_select("hostnameset", $hostnameset, \@hostnamesets); -print &ui_columns_row([ "$text{'rule_hostname_set'}", $col ], \@tds); +print &ui_columns_row([ "$icons{HOSTNAMESET}{IMAGE}$text{'rule_hostname_set'}", $col ], \@tds); $col = &ui_select("riskset", $riskset, \@risksets); -print &ui_columns_row([ "$text{'rule_risk_set'}", $col ], \@tds); +print &ui_columns_row([ "$icons{RISKSET}{IMAGE}$text{'rule_risk_set'}", $col ], \@tds); $col = &ui_select("time", $time, \@times); -print &ui_columns_row([ "$text{'rule_time'}", $col ], \@tds); +print &ui_columns_row([ "$icons{TIME}{IMAGE}$text{'rule_time'}", $col ], \@tds); $col = &ui_textbox("mark", $mark, 13, 0, 13); -print &ui_columns_row([ "$text{'rule_mark'}", $col ], \@tds); +print &ui_columns_row([ "$icons{MARK}{IMAGE}$text{'rule_mark'}", $col ], \@tds); $col = &ui_checkbox("active", 1, undef, $active ? 1 : 0); -print &ui_columns_row([ "$text{'rule_active'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ACTIVE}{IMAGE}$text{'rule_active'}", $col ], \@tds); print &ui_columns_end(); print "
"; diff --git a/src/turtlefirewall/edit_conntrack.cgi b/src/turtlefirewall/edit_conntrack.cgi index 10f3bba..aa507c9 100644 --- a/src/turtlefirewall/edit_conntrack.cgi +++ b/src/turtlefirewall/edit_conntrack.cgi @@ -14,7 +14,7 @@ do 'turtlefirewall-lib.pl'; $new = $in{'new'}; if( $new ) { - $heading = "$text{'edit_conntrack_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_conntrack_title_create'}"; $idx = ''; $src = 'FIREWALL'; $dst = ''; @@ -23,7 +23,7 @@ if( $new ) { $helper = ''; $active = 1; } else { - $heading = "$text{'edit_conntrack_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_conntrack_title_edit'}"; $idx = $in{'idx'}; %rule = $fw->GetConntrack($idx); $src = $rule{'SRC'}; @@ -56,22 +56,22 @@ print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; if( !$new ) { $col = "$idx"; - print &ui_columns_row([ "ID", $col ], \@tds); + print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); } $col = "$src"; $col .= &ui_hidden("src", $src); -print &ui_columns_row([ "$text{'rule_src'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'rule_src'}", $col ], \@tds); $col = &ui_select("dst", $dst, \@items_dst); -print &ui_columns_row([ "$text{'rule_dst'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'rule_dst'}", $col ], \@tds); $col = &ui_select("service", $service, \@services); $col .= "$text{rule_port} : "; $col .= &ui_textbox("port", $port, 11, 0, 11); $col .= "$text{port_help}"; -print &ui_columns_row([ "$text{'rule_service'}", $col ], \@tds); +print &ui_columns_row([ "$icons{SERVICE}{IMAGE}$text{'rule_service'}", $col ], \@tds); $col = &ui_select("helper", $helper, \@helpers); -print &ui_columns_row([ "$text{'rule_helper'}", $col ], \@tds); +print &ui_columns_row([ "$icons{NDPISERVICE}{IMAGE}$text{'rule_helper'}", $col ], \@tds); $col = &ui_checkbox("active", 1, undef, $active ? 1 : 0); -print &ui_columns_row([ "$text{'rule_active'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ACTIVE}{IMAGE}$text{'rule_active'}", $col ], \@tds); print &ui_columns_end(); print "
"; diff --git a/src/turtlefirewall/edit_conntrackpreroute.cgi b/src/turtlefirewall/edit_conntrackpreroute.cgi index f55c770..9d0b94d 100644 --- a/src/turtlefirewall/edit_conntrackpreroute.cgi +++ b/src/turtlefirewall/edit_conntrackpreroute.cgi @@ -14,7 +14,7 @@ do 'turtlefirewall-lib.pl'; $new = $in{'new'}; if( $new ) { - $heading = "$text{'edit_conntrackpreroute_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_conntrackpreroute_title_create'}"; $idx = ''; $src = ''; $dst = ''; @@ -23,7 +23,7 @@ if( $new ) { $helper = ''; $active = 1; } else { - $heading = "$text{'edit_conntrackpreroute_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_conntrackpreroute_title_edit'}"; $idx = $in{'idx'}; %rule = $fw->GetConntrackPreroute($idx); $src = $rule{'SRC'}; @@ -63,22 +63,22 @@ print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; if( !$new ) { $col = "$idx"; - print &ui_columns_row([ "ID", $col ], \@tds); + print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); } $col = &ui_select("src", $src, \@items_src); -print &ui_columns_row([ "$text{'rule_src'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'rule_src'}", $col ], \@tds); $col = &ui_select("dst", $dst, \@items_dst); $col .= "$text{preroute_help}"; -print &ui_columns_row([ "$text{'rule_dst'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'rule_dst'}", $col ], \@tds); $col = &ui_select("service", $service, \@services); $col .= "$text{rule_port} : "; $col .= &ui_textbox("port", $port, 11, 0, 11); $col .= "$text{port_help}"; -print &ui_columns_row([ "$text{'rule_service'}", $col ], \@tds); +print &ui_columns_row([ "$icons{SERVICE}{IMAGE}$text{'rule_service'}", $col ], \@tds); $col = &ui_select("helper", $helper, \@helpers); -print &ui_columns_row([ "$text{'rule_helper'}", $col ], \@tds); +print &ui_columns_row([ "$icons{NDPISERVICE}{IMAGE}$text{'rule_helper'}", $col ], \@tds); $col = &ui_checkbox("active", 1, undef, $active ? 1 : 0); -print &ui_columns_row([ "$text{'rule_active'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ACTIVE}{IMAGE}$text{'rule_active'}", $col ], \@tds); print &ui_columns_end(); print "
"; diff --git a/src/turtlefirewall/edit_flowstat.cgi b/src/turtlefirewall/edit_flowstat.cgi index 95a9b7a..88832ba 100644 --- a/src/turtlefirewall/edit_flowstat.cgi +++ b/src/turtlefirewall/edit_flowstat.cgi @@ -11,7 +11,7 @@ do 'turtlefirewall-lib.pl'; use Tie::File; -&ui_print_header( "$text{'edit_flowstat_title_create'}", $text{'title'}, "" ); +&ui_print_header( "$icons{CREATE}{IMAGE}$text{'edit_flowstat_title_create'}", $text{'title'}, "" ); &reportFlowStat(); print "

"; @@ -36,22 +36,22 @@ sub reportFlowStat { my @logs = glob("${log}*"); - print &ui_subheading("$text{'edit_flowstat_title_create'}"); + print &ui_subheading("$icons{CREATE}{IMAGE}$text{'edit_flowstat_title_create'}"); print &ui_form_start("list_flowstat.cgi", "post"); my @tds = ( "width=20% style=white-space:nowrap ", "width=80%" ); print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; $col = &ui_select("log", $log, \@logs); - print &ui_columns_row([ "$text{'edit_flowstat_log'}", $col ], \@tds); + print &ui_columns_row([ "$icons{ITEM}{IMAGE}$text{'edit_flowstat_log'}", $col ], \@tds); $col = &ui_select("type", $type, \@types); - print &ui_columns_row([ "$text{'edit_flowstat_type'}", $col ], \@tds); + print &ui_columns_row([ "$icons{NDPISERVICE}{IMAGE}$text{'edit_flowstat_type'}", $col ], \@tds); $col = &ui_select("max", $max, \@maxs); $col .= "$text{flowstat_max_help}"; - print &ui_columns_row([ "$text{'edit_flowstat_max'}", $col ], \@tds); + print &ui_columns_row([ "$icons{RATELIMIT}{IMAGE}$text{'edit_flowstat_max'}", $col ], \@tds); $col = &ui_select("top", $top, \@tops); - print &ui_columns_row([ "$text{'edit_flowstat_top'}", $col ], \@tds); + print &ui_columns_row([ "$icons{FLOWSTAT}{IMAGE}$text{'edit_flowstat_top'}", $col ], \@tds); $col = &ui_textbox("string", $string, 60, 0, 60); - print &ui_columns_row([ "$text{'edit_flowstat_string'}", $col ], \@tds); + print &ui_columns_row([ "$icons{TARGET}{IMAGE}$text{'edit_flowstat_string'}", $col ], \@tds); print &ui_columns_end(); print "
"; diff --git a/src/turtlefirewall/edit_geoip.cgi b/src/turtlefirewall/edit_geoip.cgi index ca6f200..ad5de36 100644 --- a/src/turtlefirewall/edit_geoip.cgi +++ b/src/turtlefirewall/edit_geoip.cgi @@ -15,9 +15,9 @@ $new = $in{'new'}; my $heading = ''; if( $new ) { - $heading = "$text{'edit_geoip_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_geoip_title_create'}"; } else { - $heading = "$text{'edit_geoip_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_geoip_title_edit'}"; } &ui_print_header( $heading, $text{'title'}, "" ); @@ -50,13 +50,13 @@ if( $new ) { $col = &ui_textbox("newgeoip", $in{'geoip'}); $col .= &ui_hidden("geoip", $in{'geoip'}); } -print &ui_columns_row([ "$text{'name'}", $col ], \@tds); +print &ui_columns_row([ "$icons{GEOIP}{IMAGE}$text{'name'}", $col ], \@tds); $col = &ui_select("ip", "$ip", \@items_countrycode); -print &ui_columns_row([ "$text{'countrycode'}", $col ], \@tds); +print &ui_columns_row([ "$icons{COUNTRYCODE}{IMAGE}$text{'countrycode'}", $col ], \@tds); $col = &ui_select("zone", $zone, \@zones); -print &ui_columns_row([ "$text{'zone'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'zone'}", $col ], \@tds); $col = &ui_textbox("description", $description, 60, 0, 60); -print &ui_columns_row([ "$text{'description'}", $col ], \@tds); +print &ui_columns_row([ "$icons{DESCRIPTION}{IMAGE}$text{'description'}", $col ], \@tds); print &ui_columns_end(); print "
"; diff --git a/src/turtlefirewall/edit_group.cgi b/src/turtlefirewall/edit_group.cgi index 09414ff..740305c 100644 --- a/src/turtlefirewall/edit_group.cgi +++ b/src/turtlefirewall/edit_group.cgi @@ -17,9 +17,9 @@ $newgroup = $in{'newgroup'}; my $heading = ''; if( $new ) { - $heading = "$text{'edit_group_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_group_title_create'}"; } else { - $heading = "$text{'edit_group_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_group_title_edit'}"; } &ui_print_header( $heading, $text{'title'}, "" ); @@ -40,11 +40,11 @@ if( $new ) { $col = &ui_textbox("newgroup", $in{'group'}); $col .= &ui_hidden("group", $in{'group'}); } -print &ui_columns_row([ "$text{'name'}", $col ], \@tds); +print &ui_columns_row([ "$icons{GROUP}{IMAGE}$text{'name'}", $col ], \@tds); $col = &ui_select("items", \@selected_items, \@items, 8, 1); -print &ui_columns_row([ "$text{'groupitems'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ITEM}{IMAGE}$text{'groupitems'}", $col ], \@tds); $col = &ui_textbox("description", $description, 60, 0, 60); -print &ui_columns_row([ "$text{'description'}", $col ], \@tds); +print &ui_columns_row([ "$icons{DESCRIPTION}{IMAGE}$text{'description'}", $col ], \@tds); print &ui_columns_end(); print "
"; diff --git a/src/turtlefirewall/edit_host.cgi b/src/turtlefirewall/edit_host.cgi index e2a59da..8b3bef9 100644 --- a/src/turtlefirewall/edit_host.cgi +++ b/src/turtlefirewall/edit_host.cgi @@ -15,9 +15,9 @@ $new = $in{'new'}; my $heading = ''; if( $new ) { - $heading = "$text{'edit_host_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_host_title_create'}"; } else { - $heading = "$text{'edit_host_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_host_title_edit'}"; } &ui_print_header( $heading, $text{'title'}, "" ); @@ -41,17 +41,17 @@ if( $new ) { $col = &ui_textbox("newhost", $in{'host'}); $col .= &ui_hidden("host", $in{'host'}); } -print &ui_columns_row([ "$text{'name'}", $col ], \@tds); +print &ui_columns_row([ "$icons{HOST}{IMAGE}$text{'name'}", $col ], \@tds); $col = &ui_textbox("ip", $ip, 15, 0, 15); $col .= "$text{host_help}"; -print &ui_columns_row([ "$text{'hostaddress'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ADDRESS}{IMAGE}$text{'hostaddress'}", $col ], \@tds); $col = &ui_textbox("mac", $mac, 17, 0, 17); $col .= "$text{mac_help}"; -print &ui_columns_row([ "$text{'macaddress'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ADDRESS}{IMAGE}$text{'macaddress'}", $col ], \@tds); $col = &ui_select("zone", $zone, \@zones); -print &ui_columns_row([ "$text{'zone'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'zone'}", $col ], \@tds); $col = &ui_textbox("description", $description, 60, 0, 60); -print &ui_columns_row([ "$text{'description'}", $col ], \@tds); +print &ui_columns_row([ "$icons{DESCRIPTION}{IMAGE}$text{'description'}", $col ], \@tds); print &ui_columns_end(); print "
"; diff --git a/src/turtlefirewall/edit_hostnameset.cgi b/src/turtlefirewall/edit_hostnameset.cgi index 1e067b0..33dca48 100644 --- a/src/turtlefirewall/edit_hostnameset.cgi +++ b/src/turtlefirewall/edit_hostnameset.cgi @@ -17,9 +17,9 @@ $newhostnameset = $in{'newhostnameset'}; my $heading = ''; if( $new ) { - $heading = "$text{'edit_hostnameset_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_hostnameset_title_create'}"; } else { - $heading = "$text{'edit_hostnameset_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_hostnameset_title_edit'}"; } &ui_print_header( $heading, $text{'title'}, "" ); @@ -40,11 +40,11 @@ if( $new ) { $col = &ui_textbox("newhostnameset", $in{'hostnameset'}); $col .= &ui_hidden("hostnameset", $in{'hostnameset'}); } -print &ui_columns_row([ "$text{'name'}", $col ], \@tds); +print &ui_columns_row([ "$icons{HOSTNAMESET}{IMAGE}$text{'name'}", $col ], \@tds); $col = &ui_textarea("hostnamesetlist", join("\n", @hostnamesetlist), 10, 20); -print &ui_columns_row([ "$text{'hostnames'}", $col ], \@tds); +print &ui_columns_row([ "$icons{HOSTNAME}{IMAGE}$text{'hostnames'}", $col ], \@tds); $col = &ui_textbox("description", $description, 60, 0, 60); -print &ui_columns_row([ "$text{'description'}", $col ], \@tds); +print &ui_columns_row([ "$icons{DESCRIPTION}{IMAGE}$text{'description'}", $col ], \@tds); print &ui_columns_end(); print "
"; diff --git a/src/turtlefirewall/edit_ipset.cgi b/src/turtlefirewall/edit_ipset.cgi index 007adf6..06d97c2 100644 --- a/src/turtlefirewall/edit_ipset.cgi +++ b/src/turtlefirewall/edit_ipset.cgi @@ -15,9 +15,9 @@ $new = $in{'new'}; my $heading = ''; if( $new ) { - $heading = "$text{'edit_ipset_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_ipset_title_create'}"; } else { - $heading = "$text{'edit_ipset_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_ipset_title_edit'}"; } &ui_print_header( $heading, $text{'title'}, "" ); @@ -43,13 +43,13 @@ if( $new ) { $col = &ui_textbox("newipset", $in{'ipset'}); $col .= &ui_hidden("ipset", $in{'ipset'}); } -print &ui_columns_row([ "$text{'name'}", $col ], \@tds); +print &ui_columns_row([ "$icons{IPSET}{IMAGE}$text{'name'}", $col ], \@tds); $col = &ui_select("ip", $ip, \@ips); -print &ui_columns_row([ "$text{'addresslist'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ADDRESS}{IMAGE}$text{'addresslist'}", $col ], \@tds); $col = &ui_select("zone", $zone, \@zones); -print &ui_columns_row([ "$text{'zone'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'zone'}", $col ], \@tds); $col = &ui_textbox("description", $description, 60, 0, 60); -print &ui_columns_row([ "$text{'description'}", $col ], \@tds); +print &ui_columns_row([ "$icons{DESCRIPTION}{IMAGE}$text{'description'}", $col ], \@tds); print &ui_columns_end(); print "
"; diff --git a/src/turtlefirewall/edit_masq.cgi b/src/turtlefirewall/edit_masquerade.cgi similarity index 73% rename from src/turtlefirewall/edit_masq.cgi rename to src/turtlefirewall/edit_masquerade.cgi index 83a2c32..02c255c 100644 --- a/src/turtlefirewall/edit_masq.cgi +++ b/src/turtlefirewall/edit_masquerade.cgi @@ -14,7 +14,7 @@ do 'turtlefirewall-lib.pl'; $new = $in{'new'}; if( $new ) { - $heading = "$text{'edit_masq_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_masq_title_create'}"; $idx = ''; $src = ''; $dst = ''; @@ -23,7 +23,7 @@ if( $new ) { $is_masquerade = 1; $active = 1; } else { - $heading = "$text{'edit_masq_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_masq_title_edit'}"; $idx = $in{'idx'}; %masq = $fw->GetMasquerade($idx); $src = $masq{'SRC'}; @@ -54,26 +54,26 @@ push @items_dst, $fw->GetIPSetList(); @items_dst = sort(@items_dst); print &ui_subheading($heading); -print &ui_form_start("save_masq.cgi", "post"); +print &ui_form_start("save_masquerade.cgi", "post"); print &ui_hidden("idx", $idx); my @tds = ( "width=20%", "width=80%" ); print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; if( !$new ) { $col = "$idx"; - print &ui_columns_row([ "ID", $col ], \@tds); + print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); } $col = &ui_select("src", $src, \@items_src); -print &ui_columns_row([ "$text{'masq_src'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'masq_src'}", $col ], \@tds); $col = &ui_select("dst", $dst, \@items_dst); -print &ui_columns_row([ "$text{'masq_dst'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'masq_dst'}", $col ], \@tds); $col = &formService($service, $port, 1); -print &ui_columns_row([ "$text{'rule_service'}", $col ], \@tds); +print &ui_columns_row([ "$icons{SERVICE}{IMAGE}$text{'rule_service'}", $col ], \@tds); my @opts = ( [ 0, "$text{NO}
" ], [ 1, $text{YES} ] ); $col = &ui_radio("masquerade", $is_masquerade ? 1 : 0, \@opts); -print &ui_columns_row([ "$text{'masq_masquerade'}", $col ], \@tds); +print &ui_columns_row([ "$icons{MASQUERADE}{IMAGE}$text{'masq_masquerade'}", $col ], \@tds); $col = &ui_checkbox("active", 1, undef, $active ? 1 : 0); -print &ui_columns_row([ "$text{'masq_active'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ACTIVE}{IMAGE}$text{'masq_active'}", $col ], \@tds); print &ui_columns_end(); print "
"; diff --git a/src/turtlefirewall/edit_nat.cgi b/src/turtlefirewall/edit_nat.cgi index 951639f..83fdb3b 100644 --- a/src/turtlefirewall/edit_nat.cgi +++ b/src/turtlefirewall/edit_nat.cgi @@ -14,7 +14,7 @@ do 'turtlefirewall-lib.pl'; $new = $in{'new'}; if( $new ) { - $heading = "$text{'edit_nat_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_nat_title_create'}"; $idx = ''; $virtual = ''; $real = ''; @@ -23,7 +23,7 @@ if( $new ) { $toport = ''; $active = 1; } else { - $heading = "$text{'edit_nat_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_nat_title_edit'}"; $idx = $in{'idx'}; %nat = $fw->GetNat($idx); $virtual = $nat{'VIRTUAL'}; @@ -61,21 +61,21 @@ print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; if( !$new ) { $col = "$idx"; - print &ui_columns_row([ "ID", $col ], \@tds); + print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); } $col = &ui_select("virtual", $virtual, \@items_virtual); -print &ui_columns_row([ "$text{'virtual_host'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'virtual_host'}", $col ], \@tds); $col = &ui_select("real", $real, \@items_real); -print &ui_columns_row([ "$text{'real_host'}", $col ], \@tds); +print &ui_columns_row([ "$icons{HOST}{IMAGE}$text{'real_host'}", $col ], \@tds); $col = &formService($service, $port, 1); -print &ui_columns_row([ "$text{'rule_service'}", $col ], \@tds); +print &ui_columns_row([ "$icons{SERVICE}{IMAGE}$text{'rule_service'}", $col ], \@tds); my @opts = ( [ 1, "$text{YES}" ] ); $col = &ui_radio("dummy", 1, \@opts); $col .= " : $text{real_port} $text{nat_port} : "; $col .= &ui_textbox("toport", $toport, 5, 0, 5); -print &ui_columns_row([ "$text{'nat'}", $col ], \@tds); +print &ui_columns_row([ "$icons{NAT}{IMAGE}$text{'nat'}", $col ], \@tds); $col = &ui_checkbox("active", 1, undef, $active ? 1 : 0); -print &ui_columns_row([ "$text{'nat_active'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ACTIVE}{IMAGE}$text{'nat_active'}", $col ], \@tds); print &ui_columns_end(); print "
"; diff --git a/src/turtlefirewall/edit_net.cgi b/src/turtlefirewall/edit_net.cgi index fa9f262..ed5dd05 100644 --- a/src/turtlefirewall/edit_net.cgi +++ b/src/turtlefirewall/edit_net.cgi @@ -15,9 +15,9 @@ $new = $in{'new'}; my $heading = ''; if( $new ) { - $heading = "$text{'edit_net_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_net_title_create'}"; } else { - $heading = "$text{'edit_net_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_net_title_edit'}"; } &ui_print_header( $heading, $text{'title'}, "" ); @@ -42,15 +42,15 @@ if( $new ) { $col = &ui_textbox("newnet", $in{'net'}); $col .= &ui_hidden("net", $in{'net'}); } -print &ui_columns_row([ "$text{'name'}", $col ], \@tds); +print &ui_columns_row([ "$icons{NET}{IMAGE}$text{'name'}", $col ], \@tds); $col = &ui_textbox("ip", $ip, 15, 0, 15); -print &ui_columns_row([ "$text{'netaddress'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ADDRESS}{IMAGE}$text{'netaddress'}", $col ], \@tds); $col = &ui_textbox("netmask", $netmask, 15, 0, 15); -print &ui_columns_row([ "$text{'netmask'}", $col ], \@tds); +print &ui_columns_row([ "$icons{NETMASK}{IMAGE}$text{'netmask'}", $col ], \@tds); $col = &ui_select("zone", $zone, \@zones); -print &ui_columns_row([ "$text{'zone'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'zone'}", $col ], \@tds); $col = &ui_textbox("description", $description, 60, 0, 60); -print &ui_columns_row([ "$text{'description'}", $col ], \@tds); +print &ui_columns_row([ "$icons{DESCRIPTION}{IMAGE}$text{'description'}", $col ], \@tds); print &ui_columns_end(); print "
"; diff --git a/src/turtlefirewall/edit_options.cgi b/src/turtlefirewall/edit_options.cgi index 0c59c0f..cfe06f0 100644 --- a/src/turtlefirewall/edit_options.cgi +++ b/src/turtlefirewall/edit_options.cgi @@ -10,7 +10,7 @@ do 'turtlefirewall-lib.pl'; -&ui_print_header( "$text{'edit_options_title'}", $text{'title'}, "" ); +&ui_print_header( "$icons{EDIT}{IMAGE}$text{'edit_options_title'}", $text{'title'}, "" ); &getOptionsList(); @@ -21,7 +21,7 @@ foreach $option (@optionkeys) { } } -print &ui_subheading("$text{'edit_options_title'}"); +print &ui_subheading("$icons{EDIT}{IMAGE}$text{'edit_options_title'}"); print &ui_form_start("save_options.cgi", "post"); my @tds = ( "width=20% style=vertical-align:top", "width=20% style=vertical-align:top", "width=60% style=vertical-align:top" ); print &ui_columns_start(undef, 100, 0, \@tds); @@ -58,5 +58,5 @@ sub showOption { if( $type eq 'text' ) { $col = &ui_textbox($var, $value); } - print &ui_columns_row([ "$name", $col, "$desc
Default: $default" ], \@tds); + print &ui_columns_row([ "$icons{OPTION}{IMAGE}$name", $col, "$desc
Default: $default" ], \@tds); } diff --git a/src/turtlefirewall/edit_ratelimit.cgi b/src/turtlefirewall/edit_ratelimit.cgi index 7243907..57f1680 100644 --- a/src/turtlefirewall/edit_ratelimit.cgi +++ b/src/turtlefirewall/edit_ratelimit.cgi @@ -17,9 +17,9 @@ $newratelimit = $in{'newratelimit'}; my $heading = ''; if( $new ) { - $heading = "$text{'edit_ratelimit_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_ratelimit_title_create'}"; } else { - $heading = "$text{'edit_ratelimit_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_ratelimit_title_edit'}"; } &ui_print_header( $heading, $text{'title'}, "" ); @@ -38,12 +38,12 @@ if( $new ) { $col = &ui_textbox("newratelimit", $in{'ratelimit'}); $col .= &ui_hidden("ratelimit", $in{'ratelimit'}); } -print &ui_columns_row([ "$text{'name'}", $col ], \@tds); +print &ui_columns_row([ "$icons{RATELIMIT}{IMAGE}$text{'name'}", $col ], \@tds); $col = &ui_textbox("rate", $rate, 3, 0, 3); $col .= "Mbps"; -print &ui_columns_row([ "$text{'rate'}", $col ], \@tds); +print &ui_columns_row([ "$icons{RATE}{IMAGE}$text{'rate'}", $col ], \@tds); $col = &ui_textbox("description", $description, 60, 0, 60); -print &ui_columns_row([ "$text{'description'}", $col ], \@tds); +print &ui_columns_row([ "$icons{DESCRIPTION}{IMAGE}$text{'description'}", $col ], \@tds); print &ui_columns_end(); print "
"; diff --git a/src/turtlefirewall/edit_redirect.cgi b/src/turtlefirewall/edit_redirect.cgi index 6ea79c4..4d4bbd6 100644 --- a/src/turtlefirewall/edit_redirect.cgi +++ b/src/turtlefirewall/edit_redirect.cgi @@ -14,7 +14,7 @@ do 'turtlefirewall-lib.pl'; $new = $in{'new'}; if( $new ) { - $heading = "$text{'edit_redirect_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_redirect_title_create'}"; $idx = ''; $src = ''; $dst = ''; @@ -24,7 +24,7 @@ if( $new ) { $is_redirect = 1; $active = 1; } else { - $heading = "$text{'edit_redirect_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_redirect_title_edit'}"; $idx = $in{'idx'}; %redirect = $fw->GetRedirect($idx); $src = $redirect{'SRC'}; @@ -64,22 +64,22 @@ print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; if( !$new ) { $col = "$idx"; - print &ui_columns_row([ "ID", $col ], \@tds); + print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); } $col = &ui_select("src", $src, \@items_src); -print &ui_columns_row([ "$text{'redirect_src'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'redirect_src'}", $col ], \@tds); $col = &ui_select("dst", $dst, \@items_dst); $col .= "$text{preroute_help}"; -print &ui_columns_row([ "$text{'redirect_dst'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'redirect_dst'}", $col ], \@tds); $col = &formService($service, $port, 1); -print &ui_columns_row([ "$text{'rule_service'}", $col ], \@tds); +print &ui_columns_row([ "$icons{SERVICE}{IMAGE}$text{'rule_service'}", $col ], \@tds); my @opts = ( [ 0, "$text{NO}
" ], [ 1, "$text{YES}" ] ); $col = &ui_radio("redirect", $is_redirect ? 1 : 0, \@opts); $col .= " : $text{redirect_toport} : "; $col .= &ui_textbox("toport", $toport, 5, 0, 5); -print &ui_columns_row([ "$text{'redirect_redirect'}", $col ], \@tds); +print &ui_columns_row([ "$icons{REDIRECT}{IMAGE}$text{'redirect_redirect'}", $col ], \@tds); $col = &ui_checkbox("active", 1, undef, $active ? 1 : 0); -print &ui_columns_row([ "$text{'redirect_active'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ACTIVE}{IMAGE}$text{'redirect_active'}", $col ], \@tds); print &ui_columns_end(); print "
"; diff --git a/src/turtlefirewall/edit_riskset.cgi b/src/turtlefirewall/edit_riskset.cgi index 5408ad3..6a410e4 100644 --- a/src/turtlefirewall/edit_riskset.cgi +++ b/src/turtlefirewall/edit_riskset.cgi @@ -17,9 +17,9 @@ $newriskset = $in{'newriskset'}; my $heading = ''; if( $new ) { - $heading = "$text{'edit_riskset_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_riskset_title_create'}"; } else { - $heading = "$text{'edit_riskset_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_riskset_title_edit'}"; } &ui_print_header( $heading, $text{'title'}, "" ); @@ -59,11 +59,11 @@ if( $new ) { $col = &ui_textbox("newriskset", $in{'riskset'}); $col .= &ui_hidden("riskset", $in{'riskset'}); } -print &ui_columns_row([ "$text{'name'}", $col ], \@tds); +print &ui_columns_row([ "$icons{RISKSET}{IMAGE}$text{'name'}", $col ], \@tds); $col = &ui_select("risks", \@selected_risk, \@items_risk, 5, 1); -print &ui_columns_row([ "$text{'risks'}", $col ], \@tds); +print &ui_columns_row([ "$icons{RISK}{IMAGE}$text{'risks'}", $col ], \@tds); $col = &ui_textbox("description", $description, 60, 0, 60); -print &ui_columns_row([ "$text{'description'}", $col ], \@tds); +print &ui_columns_row([ "$icons{DESCRIPTION}{IMAGE}$text{'description'}", $col ], \@tds); print &ui_columns_end(); print "
"; diff --git a/src/turtlefirewall/edit_rule.cgi b/src/turtlefirewall/edit_rule.cgi index b96146a..46f0004 100644 --- a/src/turtlefirewall/edit_rule.cgi +++ b/src/turtlefirewall/edit_rule.cgi @@ -14,7 +14,7 @@ do 'turtlefirewall-lib.pl'; $new = $in{'new'}; if( $new ) { - $heading = "$text{'edit_rule_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_rule_title_create'}"; $idx = ''; $src = ''; $dst = ''; @@ -31,7 +31,7 @@ if( $new ) { $log = ''; $description = ''; } else { - $heading = "$text{'edit_rule_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_rule_title_edit'}"; $idx = $in{'idx'}; %rule = $fw->GetRule($idx); $src = $rule{'SRC'}; @@ -89,33 +89,33 @@ print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; if( !$new ) { $col = "$idx"; - print &ui_columns_row([ "ID", $col ], \@tds); + print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); } $col = &ui_select("src", \@selected_src, \@items, 5, 1); -print &ui_columns_row([ "$text{'rule_src'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'rule_src'}", $col ], \@tds); $col = &ui_select("dst", \@selected_dst, \@items, 5, 1); -print &ui_columns_row([ "$text{'rule_dst'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'rule_dst'}", $col ], \@tds); $col = &formService($service, $port, 1); -print &ui_columns_row([ "$text{'rule_service'}", $col ], \@tds); +print &ui_columns_row([ "$icons{SERVICE}{IMAGE}$text{'rule_service'}", $col ], \@tds); $col = &formNdpiProtocol($ndpi, $category, 1); -print &ui_columns_row([ "$text{'rule_ndpi'}", $col ], \@tds); +print &ui_columns_row([ "$icons{NDPISERVICE}{IMAGE}$text{'rule_ndpi'}", $col ], \@tds); $col = &ui_select("hostnameset", $hostnameset, \@hostnamesets); -print &ui_columns_row([ "$text{'rule_hostname_set'}", $col ], \@tds); +print &ui_columns_row([ "$icons{HOSTNAMESET}{IMAGE}$text{'rule_hostname_set'}", $col ], \@tds); $col = &ui_select("riskset", $riskset, \@risksets); -print &ui_columns_row([ "$text{'rule_risk_set'}", $col ], \@tds); +print &ui_columns_row([ "$icons{RISKSET}{IMAGE}$text{'rule_risk_set'}", $col ], \@tds); $col = &ui_select("ratelimit", $ratelimit, \@ratelimits); -print &ui_columns_row([ "$text{'rule_rate_limit'}", $col ], \@tds); +print &ui_columns_row([ "$icons{RATELIMIT}{IMAGE}$text{'rule_rate_limit'}", $col ], \@tds); $col = &ui_select("time", $time, \@times); -print &ui_columns_row([ "$text{'rule_time'}", $col ], \@tds); +print &ui_columns_row([ "$icons{TIME}{IMAGE}$text{'rule_time'}", $col ], \@tds); $col = &ui_select("target", $target, \@targets); -print &ui_columns_row([ "$text{'rule_target'}", $col ], \@tds); +print &ui_columns_row([ "$icons{TARGET}{IMAGE}$text{'rule_target'}", $col ], \@tds); $col = &ui_checkbox("log", 1, undef, $log ? 1 : 0); $col .= "$text{log_help}"; -print &ui_columns_row([ "$text{'rule_log'}", $col ], \@tds); +print &ui_columns_row([ "$icons{LOG}{IMAGE}$text{'rule_log'}", $col ], \@tds); $col = &ui_textbox("description", $description, 60, 0, 60); -print &ui_columns_row([ "$text{'description'}", $col ], \@tds); +print &ui_columns_row([ "$icons{DESCRIPTION}{IMAGE}$text{'description'}", $col ], \@tds); $col = &ui_checkbox("active", 1, undef, $active ? 1 : 0); -print &ui_columns_row([ "$text{'rule_active'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ACTIVE}{IMAGE}$text{'rule_active'}", $col ], \@tds); print &ui_columns_end(); print "
"; diff --git a/src/turtlefirewall/edit_time.cgi b/src/turtlefirewall/edit_time.cgi index 6e63e45..e24aa8a 100644 --- a/src/turtlefirewall/edit_time.cgi +++ b/src/turtlefirewall/edit_time.cgi @@ -17,9 +17,9 @@ $newtime = $in{'newtime'}; my $heading = ''; if( $new ) { - $heading = "$text{'edit_time_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_time_title_create'}"; } else { - $heading = "$text{'edit_time_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_time_title_edit'}"; } &ui_print_header( $heading, $text{'title'}, "" ); @@ -48,7 +48,7 @@ if( $new ) { $col = &ui_textbox("newtime", $in{'time'}); $col .= &ui_hidden("time", $in{'time'}); } -print &ui_columns_row([ "$text{'name'}", $col ], \@tds); +print &ui_columns_row([ "$icons{TIME}{IMAGE}$text{'name'}", $col ], \@tds); $col = "
"; foreach my $i (@aWeekdays) { $col .= ""; } $col .= "
"; @@ -56,13 +56,13 @@ foreach my $i (@aWeekdays) { $col .= "
"; -print &ui_columns_row([ "$text{'timeitems'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ITEM}{IMAGE}$text{'timeitems'}", $col ], \@tds); $col = &ui_textbox("timestart", $timestart, 5, 0, 5); -print &ui_columns_row([ "$text{'timestart'}", $col ], \@tds); +print &ui_columns_row([ "$icons{TIMESTART}{IMAGE}$text{'timestart'}", $col ], \@tds); $col = &ui_textbox("timestop", $timestop, 5, 0, 5); -print &ui_columns_row([ "$text{'timestop'}", $col ], \@tds); +print &ui_columns_row([ "$icons{TIMESTOP}{IMAGE}$text{'timestop'}", $col ], \@tds); $col = &ui_textbox("description", $description, 60, 0, 60); -print &ui_columns_row([ "$text{'description'}", $col ], \@tds); +print &ui_columns_row([ "$icons{DESCRIPTION}{IMAGE}$text{'description'}", $col ], \@tds); print &ui_columns_end(); print ""; diff --git a/src/turtlefirewall/edit_timegroup.cgi b/src/turtlefirewall/edit_timegroup.cgi index a1c90d2..8f59935 100644 --- a/src/turtlefirewall/edit_timegroup.cgi +++ b/src/turtlefirewall/edit_timegroup.cgi @@ -17,9 +17,9 @@ $newtimegroup = $in{'newtimegroup'}; my $heading = ''; if( $new ) { - $heading = "$text{'edit_timegroup_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_timegroup_title_create'}"; } else { - $heading = "$text{'edit_timegroup_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_timegroup_title_edit'}"; } &ui_print_header( $heading, $text{'title'}, "" ); @@ -40,11 +40,11 @@ if( $new ) { $col = &ui_textbox("newtimegroup", $in{'timegroup'}); $col .= &ui_hidden("timegroup", $in{'timegroup'}); } -print &ui_columns_row([ "$text{'name'}", $col ], \@tds); +print &ui_columns_row([ "$icons{TIMEGROUP}{IMAGE}$text{'name'}", $col ], \@tds); $col = &ui_select("items", \@selected_items, \@items, 8, 1); -print &ui_columns_row([ "$text{'groupitems'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ITEM}{IMAGE}$text{'groupitems'}", $col ], \@tds); $col = &ui_textbox("description", $description, 60, 0, 60); -print &ui_columns_row([ "$text{'description'}", $col ], \@tds); +print &ui_columns_row([ "$icons{DESCRIPTION}{IMAGE}$text{'description'}", $col ], \@tds); print &ui_columns_end(); print "
"; diff --git a/src/turtlefirewall/edit_zone.cgi b/src/turtlefirewall/edit_zone.cgi index 8db0770..0ec1cd5 100644 --- a/src/turtlefirewall/edit_zone.cgi +++ b/src/turtlefirewall/edit_zone.cgi @@ -19,9 +19,9 @@ $new = $in{'new'}; my $heading = ''; if( $new ) { - $heading = "$text{'edit_zone_title_create'}"; + $heading = "$icons{CREATE}{IMAGE}$text{'edit_zone_title_create'}"; } else { - $heading = "$text{'edit_zone_title_edit'}"; + $heading = "$icons{EDIT}{IMAGE}$text{'edit_zone_title_edit'}"; } &ui_print_header( $heading, $text{'title'}, "" ); @@ -40,12 +40,12 @@ if( $new ) { $col = &ui_textbox("newzone", $in{'zone'}, 13, 0, 13); $col .= &ui_hidden("zone", $in{'zone'}); } -print &ui_columns_row([ "$text{'name'}", $col ], \@tds); +print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'name'}", $col ], \@tds); $col = &ui_textbox("if", $if); $col .= "$text{zone_help}"; -print &ui_columns_row([ "$text{'interface'}", $col ], \@tds); +print &ui_columns_row([ "$icons{INTERFACE}{IMAGE}$text{'interface'}", $col ], \@tds); $col = &ui_textbox("description", $description, 60, 0, 60); -print &ui_columns_row([ "$text{'description'}", $col ], \@tds); +print &ui_columns_row([ "$icons{DESCRIPTION}{IMAGE}$text{'description'}", $col ], \@tds); print &ui_columns_end(); print "
"; diff --git a/src/turtlefirewall/index.cgi b/src/turtlefirewall/index.cgi index b6c0094..08cd2de 100644 --- a/src/turtlefirewall/index.cgi +++ b/src/turtlefirewall/index.cgi @@ -11,31 +11,31 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); -&ui_print_header( " v ".$fw->Version(), $text{'title'}, "", undef, 1, 1, 0, +&ui_print_header( "$icons{SHIELD}{IMAGE} v ".$fw->Version(), $text{'title'}, "", undef, 1, 1, 0, &help_search_link("iptables", "man", "doc")); -my @links = ('list_items.cgi', +my @olinks = ('list_items.cgi', 'list_services.cgi', 'list_ndpiprotocols.cgi', 'list_ndpirisks.cgi', 'list_countrycodes.cgi', 'edit_options.cgi', 'backup.cgi'); -my @titles = ($text{'index_icon_firewall_items'}, +my @otitles = ($text{'index_icon_firewall_items'}, $text{'index_icon_firewall_services'}, $text{'index_icon_firewall_ndpiprotocols'}, $text{'index_icon_firewall_ndpirisks'}, $text{'index_icon_firewall_countrycodes'}, $text{'index_icon_edit_options'}, $text{'index_icon_backup'}); -my @icons = ('images/items.png', +my @oicons = ('images/items.png', 'images/services.png', 'images/ndpiprotocols.png', 'images/ndpirisks.png', 'images/countrycodes.png', 'images/options.png', 'images/backup.png'); -&icons_table(\@links, \@titles, \@icons, 10); +&icons_table(\@olinks, \@otitles, \@oicons, 10); print &ui_hr(); my @rlinks = ('list_rules.cgi', diff --git a/src/turtlefirewall/lang/de b/src/turtlefirewall/lang/de index 895b674..9cf538e 100644 --- a/src/turtlefirewall/lang/de +++ b/src/turtlefirewall/lang/de @@ -79,6 +79,8 @@ off=off unchange=unchange description=Beschreibung items=Items +reference=Ref +references=References file=File category=Category index=Turtle Firewall index @@ -105,6 +107,7 @@ index_icon_log=Log index_icon_flowlog=Flow Log index_icon_flowstat=Flow Statistics index_icon_backup=Backup +list_itemreferences_title=Item References list_items_title=Firewall Objekte list_items_create_zone=neue Zone erstellen list_items_create_geoip=create new geoip diff --git a/src/turtlefirewall/lang/en b/src/turtlefirewall/lang/en index d92a929..732a6c7 100644 --- a/src/turtlefirewall/lang/en +++ b/src/turtlefirewall/lang/en @@ -79,6 +79,8 @@ off=off unchange=unchange description=Description items=Items +reference=Ref +references=References file=File category=Category index=Turtle Firewall index @@ -105,6 +107,7 @@ index_icon_log=Action Log index_icon_flowlog=Flow Log index_icon_flowstat=Flow Statistics index_icon_backup=Backup +list_itemreferences_title=Item References list_items_title=Items list_items_create_zone=create new zone list_items_create_geoip=create new geoip diff --git a/src/turtlefirewall/lang/fr b/src/turtlefirewall/lang/fr index 0128757..5284e63 100644 --- a/src/turtlefirewall/lang/fr +++ b/src/turtlefirewall/lang/fr @@ -79,6 +79,8 @@ off=off unchange=unchange description=Description items=Items +reference=Ref +references=References file=File category=Category index=Turtle Firewall index @@ -105,6 +107,7 @@ index_icon_log=Log index_icon_flowlog=Flow Log index_icon_flowstat=Flow Statistics index_icon_backup=Backup +list_itemreferences_title=Item References list_items_title=Eléments du Firewall list_items_create_zone=créer une nouvelle zone list_items_create_geoip=create new geoip diff --git a/src/turtlefirewall/lang/it b/src/turtlefirewall/lang/it index 863b131..9e7c5c4 100644 --- a/src/turtlefirewall/lang/it +++ b/src/turtlefirewall/lang/it @@ -79,6 +79,8 @@ off=off unchange=unchange description=Descrizione items=Items +reference=Ref +references=References file=File category=Category index=Turtle Firewall index @@ -105,6 +107,7 @@ index_icon_log=Log index_icon_flowlog=Flow Log index_icon_flowstat=Flow Statistics index_icon_backup=Backup Configurazione +list_itemreferences_title=Item References list_items_title=Elementi del firewall list_items_create_zone=crea una nuova zona list_items_create_geoip=create new geoip diff --git a/src/turtlefirewall/lang/nl b/src/turtlefirewall/lang/nl index 6a8fd2a..7fda1be 100644 --- a/src/turtlefirewall/lang/nl +++ b/src/turtlefirewall/lang/nl @@ -79,6 +79,8 @@ off=off unchange=unchange description=Beschrijving items=Items +reference=Ref +references=References file=File category=Category index=Turtle Firewall index @@ -105,6 +107,7 @@ index_icon_log=Log index_icon_flowlog=Flow Log index_icon_flowstat=Flow Statistics index_icon_backup=Backup +list_itemreferences_title=Item References list_items_title=Firewall Objecten list_items_create_zone=Toevoegen nieuwe zone list_items_create_geoip=create new geoip diff --git a/src/turtlefirewall/list_actionlog.cgi b/src/turtlefirewall/list_actionlog.cgi index 8645f72..874592d 100644 --- a/src/turtlefirewall/list_actionlog.cgi +++ b/src/turtlefirewall/list_actionlog.cgi @@ -11,7 +11,7 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); -&ui_print_header( "$text{'log_title'}", $text{'title'}, "" ); +&ui_print_header( "$icons{LOG}{IMAGE}$text{'log_title'}", $text{'title'}, "" ); &showLog(); diff --git a/src/turtlefirewall/list_countrycodes.cgi b/src/turtlefirewall/list_countrycodes.cgi index 0d05949..06db042 100644 --- a/src/turtlefirewall/list_countrycodes.cgi +++ b/src/turtlefirewall/list_countrycodes.cgi @@ -11,7 +11,7 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); -&ui_print_header( "$text{'list_countrycodes_title'}", $text{'title'}, "" ); +&ui_print_header( "$icons{COUNTRYCODE}{IMAGE}$text{'list_countrycodes_title'}", $text{'title'}, "" ); &LoadCountryCodes($fw); &showCountryCodes(); @@ -27,7 +27,7 @@ sub showCountryCodes { my @countrycodes = $fw->GetCountryCodesList(); foreach my $name (@countrycodes) { my %countrycode = $fw->GetCountryCode($name); - print &ui_columns_row([ "$name", "$countrycode{'DESCRIPTION'}" ], \@tds); + print &ui_columns_row([ "$icons{COUNTRYCODE}{IMAGE}$name", "$icons{DESCRIPTION}{IMAGE}$countrycode{'DESCRIPTION'}" ], \@tds); } print &ui_columns_end(); } diff --git a/src/turtlefirewall/list_flowlog.cgi b/src/turtlefirewall/list_flowlog.cgi index ea2afa8..bd22829 100644 --- a/src/turtlefirewall/list_flowlog.cgi +++ b/src/turtlefirewall/list_flowlog.cgi @@ -12,7 +12,7 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); use Time::Piece; -&ui_print_header( "$text{'flowlog_title'}", $text{'title'}, "" ); +&ui_print_header( "$icons{LOG}{IMAGE}$text{'flowlog_title'}", $text{'title'}, "" ); &LoadNdpiRisks($fw); &showLog(); diff --git a/src/turtlefirewall/list_flowstat.cgi b/src/turtlefirewall/list_flowstat.cgi index 020a032..b10c121 100644 --- a/src/turtlefirewall/list_flowstat.cgi +++ b/src/turtlefirewall/list_flowstat.cgi @@ -13,7 +13,7 @@ do 'turtlefirewall-lib.pl'; use Tie::File; use Time::Piece; -&ui_print_header( "$text{'report_flowstat_title'}", $text{'title'}, "" ); +&ui_print_header( "$icons{FLOWSTAT}{IMAGE}$text{'report_flowstat_title'}", $text{'title'}, "" ); my $log = $in{'log'}; my $type = $in{'type'}; diff --git a/src/turtlefirewall/list_itemreferences.cgi b/src/turtlefirewall/list_itemreferences.cgi new file mode 100644 index 0000000..fa7d985 --- /dev/null +++ b/src/turtlefirewall/list_itemreferences.cgi @@ -0,0 +1,51 @@ +#!/usr/bin/perl + +#====================================================================== +# Turtle Firewall webmin module +# +# Copyright (c) Andrea Frigido +# You may distribute under the terms of either the GNU General Public +# License +#====================================================================== + +do 'turtlefirewall-lib.pl'; +&ReadParse(); + +my $item = $in{'item'}; + +&ui_print_header( "$icons{SHIELD}{IMAGE}$text{'list_itemreferences_title'}", $text{'title'}, "" ); + +&showItemReferences(); + +&ui_print_footer('list_items.cgi','items list'); + +#============================================================================ + +sub showItemReferences { + my $type = $fw->GetItemType($item); + my $image = $icons{$type}{IMAGE}; + + print &ui_subheading($image,$item); + @tds = ( "" ); + print &ui_columns_start([ "$text{'references'}" ], 100, 0, \@tds); + my %itemreferences = $fw->GetItemReferences($item); + foreach my $k (sort keys %itemreferences) { + my $href = ''; + my $reftype = $itemreferences{$k}; + my $reftypelc = lc($reftype); + my @ks = split( / /, $k ); + my $refname = $ks[0]; + my $idx = $ks[1]; + # Item in Rule + if( $idx ne '' ) { + if( $reftypelc eq 'rule' ) { $reftypelc = 'filter' } + my $refnamelc = lc($refname); + $href = &ui_link("edit_$reftypelc.cgi?idx=$idx","$reftypelc rule id $idx $refnamelc"); + } else { + # Item in Item + $href = &ui_link("edit_$reftypelc.cgi?$reftypelc=$refname","$reftypelc item $refname"); + } + print &ui_columns_row([ "$icons{$reftype}{IMAGE} $href" ], \@tds); + } + print &ui_columns_end(); +} diff --git a/src/turtlefirewall/list_items.cgi b/src/turtlefirewall/list_items.cgi index 70457e5..6f84729 100644 --- a/src/turtlefirewall/list_items.cgi +++ b/src/turtlefirewall/list_items.cgi @@ -10,7 +10,7 @@ do 'turtlefirewall-lib.pl'; -&ui_print_header( "$text{'list_items_title'}", $text{'title'}, "" ); +&ui_print_header( "$icons{SHIELD}{IMAGE}$text{'list_items_title'}", $text{'title'}, "" ); $form = 0; &showAddressList(); @@ -65,32 +65,54 @@ print "

"; #============================================================================ -sub showZone { - print &ui_subheading("","$text{'zone'}"); - print &ui_form_start("save_zone.cgi", "post"); +sub showAddressList { + print &ui_subheading($icons{ADDRESSLIST}{IMAGE},$text{'addresslist'}); + print &ui_form_start("save_addresslist.cgi", "post"); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), - "$text{'list_items_create_zone'}" ); + "$text{'list_items_create_addresslist'}" ); @tds = ( "width=1% style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", - "style=vertical-align:top" ); + "style=vertical-align:top", + "style=vertical-align:top", + "style=vertical-align:top", + "width=1% style=vertical-align:top" ); print &ui_columns_start([ "", "$text{'name'}", - "$text{'interface'}", - "$text{'description'}" ], 100, 0, \@tds); - for my $k ($fw->GetZoneList()) { - my %zone = $fw->GetZone($k); + "$text{'file'}", + "$text{'items'}", + "$text{'type'}", + "$text{'description'}", + "$text{'reference'}" ], 100, 0, \@tds); + foreach my $b (sort keys %blacklists) { local @cols; - my $href = &ui_link("edit_zone.cgi?zone=$k",$k); - if( $k eq 'FIREWALL' ) { - push(@cols, "$k" ); - } else { - push(@cols, "$href" ); - } - push(@cols, "".($zone{'IF'} ne '' ? "$zone{'IF'}" : ' ')."" ); - push(@cols, "".($zone{'DESCRIPTION'} ne '' ? "$zone{'DESCRIPTION'}" : ' ')."" ); + push(@cols, "$icons{BLACKLIST}{IMAGE}$b"); + push(@cols, "$icons{FILE}{IMAGE}$blacklists{$b}{FILE}"); + my $blacklistcount = qx{wc -l < $blacklists{$b}{FILE} 2>/dev/null}; + if( $blacklistcount eq '' ) { $blacklistcount = '0'; } + push(@cols, $blacklistcount); + push(@cols, "$icons{OPTION}{IMAGE}$blacklists{$b}{TYPE}" ); + push(@cols, "$icons{DESCRIPTION}{IMAGE}$blacklists{$b}{DESCRIPTION}"); + push(@cols, "".($fw->GetOption("drop_$b") eq 'on' ? "1" : '0')."" ); + print &ui_checked_columns_row(\@cols, \@tds, "d", $k); + } + for my $k ($fw->GetAddressListList()) { + my %addresslist = $fw->GetAddressList($k); + my %itemreferences = $fw->GetItemReferences($k); + my $count = keys %itemreferences; + local @cols; + my $href = &ui_link("edit_addresslist.cgi?addresslist=$k",$k); + push(@cols, "$icons{ADDRESSLIST}{IMAGE}$href" ); + push(@cols, "$icons{FILE}{IMAGE}$addresslist{'FILE'}" ); + my $listcount = qx{wc -l < $addresslist{'FILE'} 2>/dev/null}; + if( $listcount eq '' ) { $listcount = '0'; } + push(@cols, $listcount); + push(@cols, "$icons{OPTION}{IMAGE}$addresslist{'TYPE'}" ); + push(@cols, "".($addresslist{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$addresslist{'DESCRIPTION'}" : ' ')."" ); + my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } print &ui_columns_end(); @@ -100,34 +122,38 @@ sub showZone { print "
"; print &ui_form_end(); } -sub showNet { - print &ui_subheading("",$text{'net'}); - print &ui_form_start("save_net.cgi", "post"); +sub showZone { + print &ui_subheading($icons{ZONE}{IMAGE},"$text{'zone'}"); + print &ui_form_start("save_zone.cgi", "post"); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), - "$text{'list_items_create_net'}" ); + "$text{'list_items_create_zone'}" ); @tds = ( "width=1% style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", - "style=vertical-align:top", - "style=vertical-align:top" ); + "width=1% style=vertical-align:top" ); print &ui_columns_start([ "", "$text{'name'}", - "$text{'netaddress'}", - "$text{'netmask'}", - "$text{'zone'}", - "$text{'description'}" ], 100, 0, \@tds); - for my $k ($fw->GetNetList()) { - my %net = $fw->GetNet($k); + "$text{'interface'}", + "$text{'description'}", + "$text{'reference'}" ], 100, 0, \@tds); + for my $k ($fw->GetZoneList()) { + my %zone = $fw->GetZone($k); + my %itemreferences = $fw->GetItemReferences($k); + my $count = keys %itemreferences; local @cols; - my $href = &ui_link("edit_net.cgi?net=$k",$k); - push(@cols, "$href" ); - push(@cols, "$net{'IP'}" ); - push(@cols, "$net{'NETMASK'}" ); - push(@cols, "$net{'ZONE'}" ); - push(@cols, "".($net{'DESCRIPTION'} ne '' ? "$net{'DESCRIPTION'}" : ' ')."" ); + my $href = &ui_link("edit_zone.cgi?zone=$k",$k); + if( $k eq 'FIREWALL' ) { + push(@cols, "$icons{FIREWALL}{IMAGE}$k" ); + } else { + push(@cols, "$icons{ZONE}{IMAGE}$href" ); + } + push(@cols, "".($zone{'IF'} ne '' ? "$icons{INTERFACE}{IMAGE}$zone{'IF'}" : ' ')."" ); + push(@cols, "".($zone{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$zone{'DESCRIPTION'}" : ' ')."" ); + my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } print &ui_columns_end(); @@ -138,7 +164,7 @@ sub showNet { print &ui_form_end(); } sub showHost { - print &ui_subheading("",$text{'host'}); + print &ui_subheading($icons{HOST}{IMAGE},$text{'host'}); print &ui_form_start("save_host.cgi", "post"); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), @@ -148,23 +174,29 @@ sub showHost { "style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", - "style=vertical-align:top" ); + "style=vertical-align:top", + "width=1% style=vertical-align:top" ); print &ui_columns_start([ "", "$text{'name'}", "$text{'hostaddress'}", "$text{'macaddress'}", "$text{'zone'}", - "$text{'description'}" ], 100, 0, \@tds); + "$text{'description'}", + "$text{'reference'}" ], 100, 0, \@tds); for my $k ($fw->GetHostList()) { my %host = $fw->GetHost($k); + my %itemreferences = $fw->GetItemReferences($k); + my $count = keys %itemreferences; local @cols; my $href = &ui_link("edit_host.cgi?host=$k",$k); - push(@cols, "$href" ); - push(@cols, "".($host{'IP'} ne '' ? "$host{'IP'}" : ' ')."" ); - push(@cols, "".($host{'MAC'} ne '' ? "$host{'MAC'}" : ' ')."" ); - push(@cols, "$host{'ZONE'}" ); - push(@cols, "".($host{'DESCRIPTION'} ne '' ? "$host{'DESCRIPTION'}" : ' ')."" ); + push(@cols, "$icons{HOST}{IMAGE}$href" ); + push(@cols, "".($host{'IP'} ne '' ? "$icons{ADDRESS}{IMAGE}$host{'IP'}" : ' ')."" ); + push(@cols, "".($host{'MAC'} ne '' ? "$icons{ADDRESS}{IMAGE}$host{'MAC'}" : ' ')."" ); + push(@cols, "$icons{ZONE}{IMAGE}$host{'ZONE'}" ); + push(@cols, "".($host{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$host{'DESCRIPTION'}" : ' ')."" ); + my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } print &ui_columns_end(); @@ -174,32 +206,41 @@ sub showHost { print ""; print &ui_form_end(); } -sub showGeoip { - print &ui_subheading("",$text{'geoip'}); - print &ui_form_start("save_geoip.cgi", "post"); +sub showNet { + print &ui_subheading($icons{NET}{IMAGE},$text{'net'}); + print &ui_form_start("save_net.cgi", "post"); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), - "$text{'list_items_create_geoip'}" ); + "$text{'list_items_create_net'}" ); @tds = ( "width=1% style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", - "style=vertical-align:top" ); + "style=vertical-align:top", + "style=vertical-align:top", + "width=1% style=vertical-align:top" ); print &ui_columns_start([ "", "$text{'name'}", - "$text{'countrycode'}", + "$text{'netaddress'}", + "$text{'netmask'}", "$text{'zone'}", - "$text{'description'}" ], 100, 0, \@tds); - for my $k ($fw->GetGeoipList()) { - my %geoip = $fw->GetGeoip($k); + "$text{'description'}", + "$text{'reference'}" ], 100, 0, \@tds); + for my $k ($fw->GetNetList()) { + my %net = $fw->GetNet($k); + my %itemreferences = $fw->GetItemReferences($k); + my $count = keys %itemreferences; + push(@cols, $count); local @cols; - my $href = &ui_link("edit_geoip.cgi?geoip=$k",$k); - push(@cols, "$href" ); - my %g = $fw->GetCountryCode($geoip{'IP'}); - push(@cols, "$geoip{'IP'} - $g{'DESCRIPTION'}" ); - push(@cols, "$geoip{'ZONE'}" ); - push(@cols, "".($geoip{'DESCRIPTION'} ne '' ? "$geoip{'DESCRIPTION'}" : ' ')."" ); + my $href = &ui_link("edit_net.cgi?net=$k",$k); + push(@cols, "$icons{NET}{IMAGE}$href" ); + push(@cols, "$icons{ADDRESS}{IMAGE}$net{'IP'}" ); + push(@cols, "$icons{NETMASK}{IMAGE}$net{'NETMASK'}" ); + push(@cols, "$icons{ZONE}{IMAGE}$net{'ZONE'}" ); + push(@cols, "".($net{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$net{'DESCRIPTION'}" : ' ')."" ); + my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } print &ui_columns_end(); @@ -209,42 +250,38 @@ sub showGeoip { print ""; print &ui_form_end(); } -sub showGroup { - print &ui_subheading("",$text{'group'}); - print &ui_form_start("save_group.cgi", "post" ); +sub showGeoip { + print &ui_subheading($icons{GEOIP}{IMAGE},$text{'geoip'}); + print &ui_form_start("save_geoip.cgi", "post"); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), - "$text{'list_items_create_group'}" ); + "$text{'list_items_create_geoip'}" ); @tds = ( "width=1% style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", - "style=vertical-align:top" ); + "style=vertical-align:top", + "style=vertical-align:top", + "width=1% style=vertical-align:top" ); print &ui_columns_start([ "", "$text{'name'}", - "$text{'groupitems'}", - "$text{'description'}" ], 100, 0, \@tds); - for my $k ($fw->GetGroupList()) { - my %group = $fw->GetGroup($k); + "$text{'countrycode'}", + "$text{'zone'}", + "$text{'description'}", + "$text{'reference'}" ], 100, 0, \@tds); + for my $k ($fw->GetGeoipList()) { + my %geoip = $fw->GetGeoip($k); + my %itemreferences = $fw->GetItemReferences($k); + my $count = keys %itemreferences; local @cols; - my $href = &ui_link("edit_group.cgi?group=$k",$k); - push(@cols, "$href" ); - my $grouplist; - for my $item (@{$group{ITEMS}}) { - if( $item eq 'FIREWALL' ) { - $iimage = ''; - } else { - my $type = $fw->GetItemType($item); - if( $type eq 'ZONE' ) { $iimage = ''; } - elsif( $type eq 'NET' ) { $iimage = ''; } - elsif( $type eq 'HOST' ) { $iimage = ''; } - elsif( $type eq 'GEOIP' ) { $iimage = ''; } - elsif( $type eq 'GROUP' ) { $iimage = ''; } - } - $grouplist .= "${iimage}${item}
"; - } - push(@cols, $grouplist ); - push(@cols, "".($group{'DESCRIPTION'} ne '' ? "$group{'DESCRIPTION'}" : ' ')."" ); + my $href = &ui_link("edit_geoip.cgi?geoip=$k",$k); + push(@cols, "$icons{GEOIP}{IMAGE}$href" ); + my %g = $fw->GetCountryCode($geoip{'IP'}); + push(@cols, "$icons{COUNTRYCODE}{IMAGE}$geoip{'IP'} - $g{'DESCRIPTION'}" ); + push(@cols, "$icons{ZONE}{IMAGE}$geoip{'ZONE'}" ); + push(@cols, "".($geoip{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$geoip{'DESCRIPTION'}" : ' ')."" ); + my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } print &ui_columns_end(); @@ -254,34 +291,37 @@ sub showGroup { print ""; print &ui_form_end(); } -sub showTime { - print &ui_subheading("",$text{'time'}); - print &ui_form_start("save_time.cgi", "post"); +sub showIPSet { + print &ui_subheading($icons{IPSET}{IMAGE},$text{'ipset'}); + print &ui_form_start("save_ipset.cgi", "post"); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), - "$text{'list_items_create_time'}" ); + "$text{'list_items_create_ipset'}" ); @tds = ( "width=1% style=vertical-align:top", - "style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", - "style=vertical-align:top" ); + "style=vertical-align:top", + "width=1% style=vertical-align:top" ); print &ui_columns_start([ "", "$text{'name'}", - "$text{'weekdays'}", - "$text{'timestart'}", - "$text{'timestop'}", - "$text{'description'}" ], 100, 0, \@tds); - for my $k ($fw->GetTimeList()) { - my %time = $fw->GetTime($k); + "$text{'addresslist'}", + "$text{'zone'}", + "$text{'description'}", + "$text{'reference'}" ], 100, 0, \@tds); + for my $k ($fw->GetIPSetList()) { + my %ipset = $fw->GetIPSet($k); + my %itemreferences = $fw->GetItemReferences($k); + my $count = keys %itemreferences; local @cols; - my $href = &ui_link("edit_time.cgi?time=$k",$k); - push(@cols, "$href" ); - push(@cols, "$time{'WEEKDAYS'}" ); - push(@cols, "$time{'TIMESTART'}" ); - push(@cols, "$time{'TIMESTOP'}" ); - push(@cols, "".($time{'DESCRIPTION'} ne '' ? "$time{'DESCRIPTION'}" : ' ')."" ); + my $href = &ui_link("edit_ipset.cgi?ipset=$k",$k); + push(@cols, "$icons{IPSET}{IMAGE}$href" ); + push(@cols, "$icons{ADDRESS}{IMAGE}$ipset{'IP'}" ); + push(@cols, "$icons{ZONE}{IMAGE}$ipset{'ZONE'}" ); + push(@cols, "".($ipset{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$ipset{'DESCRIPTION'}" : ' ')."" ); + my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } print &ui_columns_end(); @@ -291,32 +331,40 @@ sub showTime { print ""; print &ui_form_end(); } -sub showTimeGroup { - print &ui_subheading("",$text{'timegroup'}); - print &ui_form_start("save_timegroup.cgi", "post" ); +sub showGroup { + print &ui_subheading($icons{GROUP}{IMAGE},$text{'group'}); + print &ui_form_start("save_group.cgi", "post" ); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), - "$text{'list_items_create_timegroup'}" ); + "$text{'list_items_create_group'}" ); @tds = ( "width=1% style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", - "style=vertical-align:top" ); + "style=vertical-align:top", + "width=1% style=vertical-align:top" ); print &ui_columns_start([ "", "$text{'name'}", - "$text{'timegroupitems'}", - "$text{'description'}" ], 100, 0, \@tds); - for my $k ($fw->GetTimeGroupList()) { - my %timegroup = $fw->GetTimeGroup($k); + "$text{'groupitems'}", + "$text{'description'}", + "$text{'reference'}" ], 100, 0, \@tds); + for my $k ($fw->GetGroupList()) { + my %group = $fw->GetGroup($k); + my %itemreferences = $fw->GetItemReferences($k); + my $count = keys %itemreferences; local @cols; - my $href = &ui_link("edit_timegroup.cgi?timegroup=$k",$k); - push(@cols, "$href" ); - my $timegrouplist; - for my $item (@{$timegroup{ITEMS}}) { - $timegrouplist .= "$item
"; + my $href = &ui_link("edit_group.cgi?group=$k",$k); + push(@cols, "$icons{GROUP}{IMAGE}$href" ); + my $grouplist; + my $type = ''; + for my $item (@{$group{ITEMS}}) { + if( $item eq 'FIREWALL' ) { $type = $item; } else { $type = $fw->GetItemType($item); } + $grouplist .= "$icons{$type}{IMAGE}$item
"; } - push(@cols, $timegrouplist ); - push(@cols, "".($timegroup{'DESCRIPTION'} ne '' ? "$timegroup{'DESCRIPTION'}" : ' ')."" ); + push(@cols, $grouplist ); + push(@cols, "".($group{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$group{'DESCRIPTION'}" : ' ')."" ); + my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } print &ui_columns_end(); @@ -327,7 +375,7 @@ sub showTimeGroup { print &ui_form_end(); } sub showHostNameSet { - print &ui_subheading("",$text{'hostnameset'}); + print &ui_subheading($icons{HOSTNAMESET}{IMAGE},$text{'hostnameset'}); print &ui_form_start("save_hostnameset.cgi", "post"); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), @@ -335,23 +383,29 @@ sub showHostNameSet { @tds = ( "width=1% style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", - "style=vertical-align:top" ); + "style=vertical-align:top", + "width=1% style=vertical-align:top" ); print &ui_columns_start([ "", "$text{'name'}", "$text{'hostnames'}", - "$text{'description'}" ], 100, 0, \@tds); + "$text{'description'}", + "$text{'reference'}" ], 100, 0, \@tds); for my $k ($fw->GetHostNameSetList()) { my %hostnameset = $fw->GetHostNameSet($k); + my %itemreferences = $fw->GetItemReferences($k); + my $count = keys %itemreferences; local @cols; my $href = &ui_link("edit_hostnameset.cgi?hostnameset=$k",$k); - push(@cols, "$href" ); + push(@cols, "$icons{HOSTNAMESET}{IMAGE}$href" ); my $hostnamesetlist; for my $hostname (split(/,/, $hostnameset{'HOSTNAMES'})) { - $hostnamesetlist .= "$hostname
"; + $hostnamesetlist .= "$icons{HOSTNAME}{IMAGE}$hostname
"; } push(@cols, $hostnamesetlist ); - push(@cols, "".($hostnameset{'DESCRIPTION'} ne '' ? "$hostnameset{'DESCRIPTION'}" : ' ')."" ); + push(@cols, "".($hostnameset{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$hostnameset{'DESCRIPTION'}" : ' ')."" ); + my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } print &ui_columns_end(); @@ -362,7 +416,7 @@ sub showHostNameSet { print &ui_form_end(); } sub showRiskSet { - print &ui_subheading("",$text{'riskset'}); + print &ui_subheading($icons{RISKSET}{IMAGE},$text{'riskset'}); print &ui_form_start("save_riskset.cgi", "post"); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), @@ -370,24 +424,30 @@ sub showRiskSet { @tds = ( "width=1% style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", - "style=vertical-align:top" ); + "style=vertical-align:top", + "width=1% style=vertical-align:top" ); print &ui_columns_start([ "", "$text{'name'}", "$text{'risks'}", - "$text{'description'}" ], 100, 0, \@tds); + "$text{'description'}", + "$text{'reference'}" ], 100, 0, \@tds); for my $k ($fw->GetRiskSetList()) { my %riskset = $fw->GetRiskSet($k); + my %itemreferences = $fw->GetItemReferences($k); + my $count = keys %itemreferences; local @cols; my $href = &ui_link("edit_riskset.cgi?riskset=$k",$k); - push(@cols, "$href" ); + push(@cols, "$icons{RISKSET}{IMAGE}$href" ); my $risksetlist; for my $i (split(/,/, $riskset{'RISKS'})) { my %ndpirisk = $fw->GetNdpiRisk($i); - $risksetlist .= "$i - $ndpirisk{'DESCRIPTION'}
"; + $risksetlist .= "$icons{RISK}{IMAGE}$i - $ndpirisk{'DESCRIPTION'}
"; } push(@cols, $risksetlist ); - push(@cols, "".($riskset{'DESCRIPTION'} ne '' ? "$riskset{'DESCRIPTION'}" : ' ')."" ); + push(@cols, "".($riskset{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$riskset{'DESCRIPTION'}" : ' ')."" ); + my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } print &ui_columns_end(); @@ -398,7 +458,7 @@ sub showRiskSet { print &ui_form_end(); } sub showRateLimit { - print &ui_subheading("",$text{'ratelimit'}); + print &ui_subheading($icons{RATELIMIT}{IMAGE},$text{'ratelimit'}); print &ui_form_start("save_ratelimit.cgi", "post"); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), @@ -406,19 +466,25 @@ sub showRateLimit { @tds = ( "width=1% style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", - "style=vertical-align:top" ); + "style=vertical-align:top", + "width=1% style=vertical-align:top" ); print &ui_columns_start([ "", "$text{'name'}", "$text{'rate'}", - "$text{'description'}" ], 100, 0, \@tds); + "$text{'description'}", + "$text{'reference'}" ], 100, 0, \@tds); for my $k ($fw->GetRateLimitList()) { my %ratelimit = $fw->GetRateLimit($k); + my %itemreferences = $fw->GetItemReferences($k); + my $count = keys %itemreferences; local @cols; my $href = &ui_link("edit_ratelimit.cgi?ratelimit=$k",$k); - push(@cols, "$href" ); - push(@cols, "$ratelimit{'RATE'} Mbps" ); - push(@cols, "".($ratelimit{'DESCRIPTION'} ne '' ? "$ratelimit{'DESCRIPTION'}" : ' ')."" ); + push(@cols, "$icons{RATELIMIT}{IMAGE}$href" ); + push(@cols, "$icons{RATE}{IMAGE}$ratelimit{'RATE'} Mbps" ); + push(@cols, "".($ratelimit{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$ratelimit{'DESCRIPTION'}" : ' ')."" ); + my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } print &ui_columns_end(); @@ -428,47 +494,40 @@ sub showRateLimit { print ""; print &ui_form_end(); } -sub showAddressList { - print &ui_subheading("",$text{'addresslist'}); - print &ui_form_start("save_addresslist.cgi", "post"); +sub showTime { + print &ui_subheading($icons{TIME}{IMAGE},$text{'time'}); + print &ui_form_start("save_time.cgi", "post"); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), - "$text{'list_items_create_addresslist'}" ); + "$text{'list_items_create_time'}" ); @tds = ( "width=1% style=vertical-align:top", + "style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", - "style=vertical-align:top" ); + "width=1% style=vertical-align:top" ); print &ui_columns_start([ "", "$text{'name'}", - "$text{'file'}", - "$text{'items'}", - "$text{'type'}", - "$text{'description'}" ], 100, 0, \@tds); - foreach my $b (sort keys %blacklists) { - local @cols; - push(@cols, "$b"); - push(@cols, "$blacklists{$b}{FILE}"); - my $blacklistcount = qx{wc -l < $blacklists{$b}{FILE} 2>/dev/null}; - if( $blacklistcount eq '' ) { $blacklistcount = '0'; } - push(@cols, $blacklistcount); - push(@cols, "$blacklists{$b}{TYPE}" ); - push(@cols, "$blacklists{$b}{DESCRIPTION}"); - print &ui_checked_columns_row(\@cols, \@tds, "d", $k); - } - for my $k ($fw->GetAddressListList()) { - my %addresslist = $fw->GetAddressList($k); + "$text{'weekdays'}", + "$text{'timestart'}", + "$text{'timestop'}", + "$text{'description'}", + "$text{'reference'}" ], 100, 0, \@tds); + for my $k ($fw->GetTimeList()) { + my %time = $fw->GetTime($k); + my %itemreferences = $fw->GetItemReferences($k); + my $count = keys %itemreferences; local @cols; - my $href = &ui_link("edit_addresslist.cgi?addresslist=$k",$k); - push(@cols, "$href" ); - push(@cols, "$addresslist{'FILE'}" ); - my $listcount = qx{wc -l < $addresslist{'FILE'} 2>/dev/null}; - if( $listcount eq '' ) { $listcount = '0'; } - push(@cols, $listcount); - push(@cols, "$addresslist{'TYPE'}" ); - push(@cols, "".($addresslist{'DESCRIPTION'} ne '' ? "$addresslist{'DESCRIPTION'}" : ' ')."" ); + my $href = &ui_link("edit_time.cgi?time=$k",$k); + push(@cols, "$icons{TIME}{IMAGE}$href" ); + push(@cols, "$icons{ITEM}{IMAGE}$time{'WEEKDAYS'}" ); + push(@cols, "$icons{TIMESTART}{IMAGE}$time{'TIMESTART'}" ); + push(@cols, "$icons{TIMESTOP}{IMAGE}$time{'TIMESTOP'}" ); + push(@cols, "".($time{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$time{'DESCRIPTION'}" : ' ')."" ); + my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } print &ui_columns_end(); @@ -478,31 +537,38 @@ sub showAddressList { print ""; print &ui_form_end(); } -sub showIPSet { - print &ui_subheading("",$text{'ipset'}); - print &ui_form_start("save_ipset.cgi", "post"); +sub showTimeGroup { + print &ui_subheading($icons{TIMEGROUP}{IMAGE},$text{'timegroup'}); + print &ui_form_start("save_timegroup.cgi", "post" ); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), - "$text{'list_items_create_ipset'}" ); + "$text{'list_items_create_timegroup'}" ); @tds = ( "width=1% style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", "style=vertical-align:top", - "style=vertical-align:top" ); + "width=1% style=vertical-align:top" ); print &ui_columns_start([ "", "$text{'name'}", - "$text{'addresslist'}", - "$text{'zone'}", - "$text{'description'}" ], 100, 0, \@tds); - for my $k ($fw->GetIPSetList()) { - my %ipset = $fw->GetIPSet($k); + "$text{'timegroupitems'}", + "$text{'description'}", + "$text{'reference'}" ], 100, 0, \@tds); + for my $k ($fw->GetTimeGroupList()) { + my %timegroup = $fw->GetTimeGroup($k); + my %itemreferences = $fw->GetItemReferences($k); + my $count = keys %itemreferences; local @cols; - my $href = &ui_link("edit_ipset.cgi?ipset=$k",$k); - push(@cols, "$href" ); - push(@cols, "$ipset{'IP'}" ); - push(@cols, "$ipset{'ZONE'}" ); - push(@cols, "".($ipset{'DESCRIPTION'} ne '' ? "$ipset{'DESCRIPTION'}" : ' ')."" ); + my $href = &ui_link("edit_timegroup.cgi?timegroup=$k",$k); + push(@cols, "$icons{TIMEGROUP}{IMAGE}$href" ); + my $timegrouplist; + for my $item (@{$timegroup{ITEMS}}) { + $timegrouplist .= "$icons{TIME}{IMAGE}$item
"; + } + push(@cols, $timegrouplist ); + push(@cols, "".($timegroup{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$timegroup{'DESCRIPTION'}" : ' ')."" ); + my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } print &ui_columns_end(); diff --git a/src/turtlefirewall/list_manglerules.cgi b/src/turtlefirewall/list_manglerules.cgi index f15bbfb..166e944 100644 --- a/src/turtlefirewall/list_manglerules.cgi +++ b/src/turtlefirewall/list_manglerules.cgi @@ -11,7 +11,7 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); -&ui_print_header( "$text{'list_manglerules_title'}", $text{'title'}, "" ); +&ui_print_header( "$icons{MARK}{IMAGE}$text{'list_manglerules_title'}", $text{'title'}, "" ); $form = 0; &showConnmarkPreroute(); @@ -25,7 +25,7 @@ print "

"; #============================================================================ sub showConnmarkPreroute { - print &ui_subheading("",$text{'connmark_preroute'}); + print &ui_subheading($icons{MARK}{IMAGE},$text{'connmark_preroute'}); print &ui_form_start("save_connmarkpreroute.cgi", "post"); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), @@ -85,39 +85,28 @@ sub showConnmarkPreroute { my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd my $href = &ui_link("edit_connmarkpreroute.cgi?idx=$i","${sb}${bb}${i}${be}${se}"); push(@cols, $href ); - my $zimage = ''; my $type = $fw->GetItemType($attr{'SRC'}); - if( $type eq 'NET' ) { $zimage = ''; } - elsif( $type eq 'HOST' ) { $zimage = ''; } - elsif( $type eq 'GEOIP' ) { $zimage = ''; } - elsif( $type eq 'IPSET' ) { $zimage = ''; } - push(@cols, "${zimage}${sb}${bb}$attr{'SRC'}${be}${se}" ); - my $zimage = ''; + push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'SRC'}${be}${se}" ); my $type = $fw->GetItemType($attr{'DST'}); - if( $type eq 'NET' ) { $zimage = ''; } - elsif( $type eq 'HOST' ) { $zimage = ''; } - elsif( $type eq 'GEOIP' ) { $zimage = ''; } - elsif( $type eq 'IPSET' ) { $zimage = ''; } - push(@cols, "${zimage}${sb}${bb}$attr{'DST'}${be}${se}" ); + push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'DST'}${be}${se}" ); my $servicelist = ''; - my $simage = ''; if( $attr{'SERVICE'} eq 'tcp' || $attr{'SERVICE'} eq 'udp' ) { if( $attr{'PORT'} ne '' ) { - $servicelist .= "${simage}$attr{'SERVICE'}/$attr{'PORT'}"; + $servicelist .= "$icons{SERVICE}{IMAGE}$attr{'SERVICE'}/$attr{'PORT'}"; } else { - $servicelist .= "${simage}$attr{'SERVICE'}/all"; + $servicelist .= "$icons{SERVICE}{IMAGE}$attr{'SERVICE'}/all"; } } else { my @services = split(/,/, $attr{'SERVICE'}); foreach my $s (@services) { - $servicelist .= "${simage}${s}
"; + $servicelist .= "$icons{SERVICE}{IMAGE}${s}
"; } } push(@cols, "${sb}${bb}${servicelist}${be}${se}"); my $ndpilist = ''; my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd - my $nimage = $attr{'ACTIVE'} eq 'NO' ? '' : ''; + my $nimage = $attr{'ACTIVE'} eq 'NO' ? $icons{NDPISERVICE}{IMAGE} : $icons{NDPISERVICE_A}{IMAGE}; if( $attr{'CATEGORY'} ne '' ) { $ndpilist .= "${nimage}${cb}category: $attr{'CATEGORY'}${ce}"; } elsif( $attr{'NDPI'} ne '' ) { @@ -127,17 +116,17 @@ sub showConnmarkPreroute { } } push(@cols, "${sb}${bb}${ndpilist}${be}${se}"); - my $himage = $attr{'HOSTNAMESET'} eq '' ? '' : ''; + my $himage = $attr{'HOSTNAMESET'} eq '' ? '' : $icons{HOSTNAMESET}{IMAGE}; push(@cols, "${himage}${sb}${bb}$attr{'HOSTNAMESET'}${be}${se}" ); - my $rimage = $attr{'RISKSET'} eq '' ? '' : ''; + my $rimage = $attr{'RISKSET'} eq '' ? '' : $icons{RISKSET}{IMAGE}; push(@cols, "${rimage}${sb}${bb}$attr{'RISKSET'}${be}${se}" ); my $type = $fw->GetItemType($attr{'TIME'}); - my $cimage = $type eq 'TIMEGROUP' ? '' : ''; + my $cimage = $type eq 'TIMEGROUP' ? $icons{TIMEGROUP}{IMAGE} : $icons{TIME}{IMAGE}; if( $attr{'TIME'} eq '' ) { $cimage = ''; } push(@cols, "${cimage}${sb}${bb}$attr{'TIME'}${be}${se}" ); my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd - my $mimage = $attr{'ACTIVE'} eq 'NO' ? '' : ''; + my $mimage = $attr{'ACTIVE'} eq 'NO' ? $icons{MARK}{IMAGE} : $icons{MARK_A}{IMAGE}; push(@cols, "${mimage}${sb}${bb}${cb}".($attr{'MARK'} ne '' ? $attr{'MARK'} : ' ')."${ce}${be}${se}" ); local $mover; $mover .= ""; @@ -182,7 +171,7 @@ sub showConnmarkPreroute { } sub showConnmark { - print &ui_subheading("",$text{'connmark'}); + print &ui_subheading($icons{MARK}{IMAGE},$text{'connmark'}); print &ui_form_start("save_connmark.cgi", "post"); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), @@ -240,52 +229,42 @@ sub showConnmark { my $be = $idx == $i ? '' : ''; # BoldEnd my $sb = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeBegin my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd - my $mimage = $attr{'ACTIVE'} eq 'NO' ? '' : ''; my $href = &ui_link("edit_connmark.cgi?idx=$i","${sb}${bb}${i}${be}${se}"); push(@cols, $href ); - my $zimage = ''; - if( $attr{'SRC'} eq 'FIREWALL' ) { - $zimage = ''; - } else { - my $type = $fw->GetItemType($attr{'SRC'}); - if( $type eq 'NET' ) { $zimage = ''; } - elsif( $type eq 'HOST' ) { $zimage = ''; } - elsif( $type eq 'GEOIP' ) { $zimage = ''; } - elsif( $type eq 'GROUP' ) { $zimage = ''; } - elsif( $type eq 'IPSET' ) { $zimage = ''; } + my $srclist = ''; + my $type = ''; + my @srcs = split(/,/, $attr{'SRC'}); + foreach my $s (@srcs) { + if( $s eq 'FIREWALL' ) { $type = $s; } else { $type = $fw->GetItemType($s); } + $srclist .= "$icons{$type}{IMAGE}$s
"; } - push(@cols, "${zimage}${sb}${bb}$attr{'SRC'}${be}${se}" ); - my $zimage = ''; - if( $attr{'DST'} eq 'FIREWALL' ) { - $zimage = ''; - } else { - my $type = $fw->GetItemType($attr{'DST'}); - if( $type eq 'NET' ) { $zimage = ''; } - elsif( $type eq 'HOST' ) { $zimage = ''; } - elsif( $type eq 'GEOIP' ) { $zimage = ''; } - elsif( $type eq 'GROUP' ) { $zimage = ''; } - elsif( $type eq 'IPSET' ) { $zimage = ''; } + push(@cols, "${sb}${bb}${srclist}${be}${se}" ); + my $dstlist = ''; + my $type = ''; + my @dsts = split(/,/, $attr{'DST'}); + foreach my $d (@dsts) { + if( $d eq 'FIREWALL' ) { $type = $d; } else { $type = $fw->GetItemType($d); } + $dstlist .= "$icons{$type}{IMAGE}$d
"; } - push(@cols, "${zimage}${sb}${bb}$attr{'DST'}${be}${se}" ); + push(@cols, "${sb}${bb}${dstlist}${be}${se}" ); my $servicelist = ''; - my $simage = ''; if( $attr{'SERVICE'} eq 'tcp' || $attr{'SERVICE'} eq 'udp' ) { if( $attr{'PORT'} ne '' ) { - $servicelist .= "${simage}$attr{'SERVICE'}/$attr{'PORT'}"; + $servicelist .= "$icons{SERVICE}{IMAGE}$attr{'SERVICE'}/$attr{'PORT'}"; } else { - $servicelist .= "${simage}$attr{'SERVICE'}/all"; + $servicelist .= "$icons{SERVICE}{IMAGE}$attr{'SERVICE'}/all"; } } else { my @services = split(/,/, $attr{'SERVICE'}); foreach my $s (@services) { - $servicelist .= "${simage}${s}
"; + $servicelist .= "$icons{SERVICE}{IMAGE}${s}
"; } } push(@cols, "${sb}${bb}${servicelist}${be}${se}"); my $ndpilist = ''; my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd - my $nimage = $attr{'ACTIVE'} eq 'NO' ? '' : ''; + my $nimage = $attr{'ACTIVE'} eq 'NO' ? $icons{NDPISERVICE}{IMAGE}: $icons{NDPISERVICE_A}{IMAGE}; if( $attr{'CATEGORY'} ne '' ) { $ndpilist .= "${nimage}${cb}category: $attr{'CATEGORY'}${ce}"; } elsif( $attr{'NDPI'} ne '' ) { @@ -295,16 +274,17 @@ sub showConnmark { } } push(@cols, "${sb}${bb}${ndpilist}${be}${se}"); - my $himage = $attr{'HOSTNAMESET'} eq '' ? '' : ''; + my $himage = $attr{'HOSTNAMESET'} eq '' ? '' : $icons{HOSTNAMESET}{IMAGE}; push(@cols, "${himage}${sb}${bb}$attr{'HOSTNAMESET'}${be}${se}" ); - my $rimage = $attr{'RISKSET'} eq '' ? '' : ''; + my $rimage = $attr{'RISKSET'} eq '' ? '' : $icons{RISKSET}{IMAGE}; push(@cols, "${rimage}${sb}${bb}$attr{'RISKSET'}${be}${se}" ); my $type = $fw->GetItemType($attr{'TIME'}); - my $cimage = $type eq 'TIMEGROUP' ? '' : ''; + my $cimage = $type eq 'TIMEGROUP' ? $icons{TIMEGROUP}{IMAGE} : $icons{TIME}{IMAGE}; if( $attr{'TIME'} eq '' ) { $cimage = ''; } push(@cols, "${cimage}${sb}${bb}$attr{'TIME'}${be}${se}" ); my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd + my $mimage = $attr{'ACTIVE'} eq 'NO' ? $icons{MARK}{IMAGE} : $icons{MARK_A}{IMAGE}; push(@cols, "${mimage}${sb}${bb}${cb}".($attr{'MARK'} ne '' ? $attr{'MARK'} : ' ')."${ce}${be}${se}" ); local $mover; $mover .= "
"; diff --git a/src/turtlefirewall/list_nat.cgi b/src/turtlefirewall/list_nat.cgi index 1774716..9993d10 100644 --- a/src/turtlefirewall/list_nat.cgi +++ b/src/turtlefirewall/list_nat.cgi @@ -11,7 +11,7 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); -&ui_print_header( "$text{'list_nat_title'}", $text{'title'}, "" ); +&ui_print_header( "$icons{NAT}{IMAGE}$text{'list_nat_title'}", $text{'title'}, "" ); $form = 0; &showNat(); @@ -29,7 +29,7 @@ print "

"; #============================================================================ sub showNat { - print &ui_subheading("",$text{'nat'}); + print &ui_subheading($icons{NAT}{IMAGE},$text{'nat'}); print &ui_form_start("save_nat.cgi", "post"); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), @@ -78,34 +78,30 @@ sub showNat { push(@cols, $href ); my %zone = $fw->GetZone($attr{'VIRTUAL'}); if( $zone{IF} ne '' ) { - my $zimage = ''; - push(@cols, "${zimage}${sb}$attr{'VIRTUAL'} ($zone{'IF'})${se}" ); + push(@cols, "$icons{ZONE}{IMAGE}${sb}$attr{'VIRTUAL'} ($zone{'IF'})${se}" ); } else { - my $himage = ''; - push(@cols, "${himage}${sb}$attr{'VIRTUAL'}${se}" ); + push(@cols, "$icons{HOST}{IMAGE}${sb}$attr{'VIRTUAL'}${se}" ); } - my $himage = ''; - push(@cols, "${himage}${sb}$attr{'REAL'}${se}" ); + push(@cols, "$icons{HOST}{IMAGE}${sb}$attr{'REAL'}${se}" ); my $servicelist = ''; - my $simage = ''; if( $attr{'SERVICE'} eq 'tcp' || $attr{'SERVICE'} eq 'udp' ) { if( $attr{'PORT'} ne '' ) { - $servicelist .= "${simage}$attr{'SERVICE'}/$attr{'PORT'}"; + $servicelist .= "$icons{SERVICE}{IMAGE}$attr{'SERVICE'}/$attr{'PORT'}"; } else { - $servicelist .= "${simage}$attr{'SERVICE'}/all"; + $servicelist .= "$icons{SERVICE}{IMAGE}{'SERVICE'}/all"; } } else { my @services = split(/,/, $attr{'SERVICE'}); foreach my $s (@services) { - $servicelist .= "${simage}${s}
"; + $servicelist .= "$icons{SERVICE}{IMAGE}${s}
"; } } - push(@cols, "${sb}${bb}${servicelist}${be}${se}"); + push(@cols, "${sb}${servicelist}${se}"); my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd - my $nimage = $attr{'ACTIVE'} eq 'NO' ? '' : ''; + my $nimage = $attr{'ACTIVE'} eq 'NO' ? $icons{NAT}{IMAGE} : $icons{NAT_A}{IMAGE}; push(@cols, "${nimage}${sb}${cb}$text{YES}${ce}${se}" ); - my $timage = $attr{'TOPORT'} eq '' ? '' : ''; + my $timage = $attr{'TOPORT'} eq '' ? '' : $icons{TOPORT}{IMAGE}; push(@cols, "${timage}${sb}$attr{'TOPORT'}${se}" ); local $mover; $mover .= "
"; @@ -141,11 +137,11 @@ sub showNat { } sub showMasquerade { - print &ui_subheading("",$text{'masquerade'}); - print &ui_form_start("save_masq.cgi", "post"); + print &ui_subheading($icons{MASQUERADE}{IMAGE},$text{'masquerade'}); + print &ui_form_start("save_masquerade.cgi", "post"); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), - "$text{'list_nat_create_masq'}" ); + "$text{'list_nat_create_masq'}" ); @tds = ( "width=1% style=vertical-align:top", "width=1% style=text-align:center;vertical-align:top", "width=25% style=vertical-align:top;white-space:normal", @@ -184,44 +180,35 @@ sub showMasquerade { local @cols; my $sb = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeBegin my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd - my $href = &ui_link("edit_masq.cgi?idx=$i","${sb}${i}${se}"); + my $href = &ui_link("edit_masquerade.cgi?idx=$i","${sb}${i}${se}"); push(@cols, $href ); - my $zimage = ''; my $type = $fw->GetItemType($attr{'SRC'}); - if( $type eq 'NET' ) { $zimage = ''; } - elsif( $type eq 'HOST' ) { $zimage = ''; } - elsif( $type eq 'GROUP' ) { $zimage = ''; } - push(@cols, "${zimage}${sb}".($attr{'SRC'} ne '' ? $attr{'SRC'} : '*')."${se}" ); - my $zimage = ''; + push(@cols, "$icons{$type}{IMAGE}${sb}".($attr{'SRC'} ne '' ? $attr{'SRC'} : '*')."${se}" ); my $type = $fw->GetItemType($attr{'DST'}); - if( $type eq 'NET' ) { $zimage = ''; } - elsif( $type eq 'HOST' ) { $zimage = ''; } - elsif( $type eq 'GROUP' ) { $zimage = ''; } - push(@cols, "${zimage}${sb}".($attr{'DST'} ne '' ? $attr{'DST'} : ' ')."${se}" ); + push(@cols, "$icons{$type}{IMAGE}${sb}".($attr{'DST'} ne '' ? $attr{'DST'} : ' ')."${se}" ); my $servicelist = ''; - my $simage = ''; if( $attr{'SERVICE'} eq 'tcp' || $attr{'SERVICE'} eq 'udp' ) { if( $attr{'PORT'} ne '' ) { - $servicelist .= "${simage}$attr{'SERVICE'}/$attr{'PORT'}"; + $servicelist .= "$icons{SERVICE}{IMAGE}$attr{'SERVICE'}/$attr{'PORT'}"; } else { - $servicelist .= "${simage}$attr{'SERVICE'}/all"; + $servicelist .= "$icons{SERVICE}{IMAGE}$attr{'SERVICE'}/all"; } } else { my @services = split(/,/, $attr{'SERVICE'}); foreach my $s (@services) { - $servicelist .= "${simage}${s}
"; + $servicelist .= "$icons{SERVICE}{IMAGE}${s}
"; } } - push(@cols, "${sb}${bb}${servicelist}${be}${se}"); + push(@cols, "${sb}${servicelist}${se}"); if( $attr{'MASQUERADE'} eq 'NO' ) { my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd - my $dimage = $attr{'ACTIVE'} eq 'NO' ? '' : ''; + my $dimage = $attr{'ACTIVE'} eq 'NO' ? $icons{MASQUERADE}{IMAGE} : $icons{MASQUERADE_NO}{IMAGE}; push(@cols, "${dimage}${sb}${cb}$text{NO}${ce}${se}" ); } else { my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd - my $aimage = $attr{'ACTIVE'} eq 'NO' ? '' : ''; + my $aimage = $attr{'ACTIVE'} eq 'NO' ? $icons{MASQUERADE}{IMAGE} : $icons{MASQUERADE_A}{IMAGE}; push(@cols, "${aimage}${sb}${cb}$text{YES}${ce}${se}" ); } local $mover; @@ -257,7 +244,7 @@ sub showMasquerade { } sub showRedirect { - print &ui_subheading("",$text{'redirect_redirect'}); + print &ui_subheading($icons{REDIRECT}{IMAGE},$text{'redirect_redirect'}); print &ui_form_start("save_redirect.cgi", "post"); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), @@ -303,41 +290,36 @@ sub showRedirect { my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd my $href = &ui_link("edit_redirect.cgi?idx=$i","${sb}${i}${se}"); push(@cols, $href ); - my $zimage = ''; my $type = $fw->GetItemType($attr{'SRC'}); - if( $type eq 'NET' ) { $zimage = ''; } - elsif( $type eq 'HOST' ) { $zimage = ''; } - elsif( $type eq 'GROUP' ) { $zimage = ''; } - push(@cols, "${zimage}${sb}$attr{'SRC'}${se}" ); - my $zimage = ''; + push(@cols, "$icons{$type}{IMAGE}${sb}$attr{'SRC'}${se}" ); my $type = $fw->GetItemType($attr{'DST'}); - if( $type eq 'NET' ) { $zimage = ''; } - elsif( $type eq 'HOST' ) { $zimage = ''; } - elsif( $type eq 'GROUP' ) { $zimage = ''; } - push(@cols, "${zimage}${sb}$attr{'DST'}${se}" ); + push(@cols, "$icons{$type}{IMAGE}${sb}$attr{'DST'}${se}" ); my $servicelist = ''; - $servicelist .= $attr{'SERVICE'}; if( $attr{'SERVICE'} eq 'tcp' || $attr{'SERVICE'} eq 'udp' ) { if( $attr{'PORT'} ne '' ) { - $servicelist .= "/$attr{'PORT'}"; + $servicelist .= "$icons{SERVICE}{IMAGE}$attr{'SERVICE'}/$attr{'PORT'}"; } else { - $servicelist .= "/all"; + $servicelist .= "$icons{SERVICE}{IMAGE}$attr{'SERVICE'}/all"; + } + } else { + my @services = split(/,/, $attr{'SERVICE'}); + foreach my $s (@services) { + $servicelist .= "$icons{SERVICE}{IMAGE}${s}
"; } } - my $simage = ''; - push(@cols, "${simage}${sb}${servicelist}${se}"); + push(@cols, "${sb}${servicelist}${se}"); if( $attr{'REDIRECT'} eq 'NO' ) { my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd - my $dimage = $attr{'ACTIVE'} eq 'NO' ? '' : ''; + my $dimage = $attr{'ACTIVE'} eq 'NO' ? $icons{REDIRECT}{IMAGE} : $icons{REDIRECT_NO}{IMAGE}; push(@cols, "${dimage}${sb}${cb}$text{NO}${ce}${se}" ); push(@cols, "" ); } else { my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd - my $aimage = $attr{'ACTIVE'} eq 'NO' ? '' : ''; + my $aimage = $attr{'ACTIVE'} eq 'NO' ? $icons{REDIRECT}{IMAGE} : $icons{REDIRECT_A}{IMAGE}; push(@cols, "${aimage}${sb}${cb}$text{YES}${ce}${se}" ); - my $timage = $attr{'TOPORT'} eq '' ? '' : ''; + my $timage = $attr{'TOPORT'} eq '' ? '' : $icons{TOPORT}{IMAGE}; push(@cols, "${timage}${sb}$attr{'TOPORT'}${se}" ); } local $mover; diff --git a/src/turtlefirewall/list_ndpiprotocols.cgi b/src/turtlefirewall/list_ndpiprotocols.cgi index 5cff41f..2959fbc 100644 --- a/src/turtlefirewall/list_ndpiprotocols.cgi +++ b/src/turtlefirewall/list_ndpiprotocols.cgi @@ -10,7 +10,7 @@ do 'turtlefirewall-lib.pl'; -&ui_print_header( "$text{'list_ndpiprotocols_title'}", $text{'title'}, "" ); +&ui_print_header( "$icons{NDPISERVICE}{IMAGE}$text{'list_ndpiprotocols_title'}", $text{'title'}, "" ); &LoadNdpiProtocols($fw); &showNdpiProtocols(); @@ -26,7 +26,7 @@ sub showNdpiProtocols { my @ndpiprotocols = $fw->GetNdpiProtocolsList(); foreach my $name (@ndpiprotocols) { my %ndpiprotocol = $fw->GetNdpiProtocol($name); - print &ui_columns_row([ "$name", "$ndpiprotocol{'CATEGORY'}" ], \@tds); + print &ui_columns_row([ "$icons{NDPISERVICE}{IMAGE}$name", "$icons{DESCRIPTION}{IMAGE}$ndpiprotocol{'CATEGORY'}" ], \@tds); } print &ui_columns_end(); } diff --git a/src/turtlefirewall/list_ndpirisks.cgi b/src/turtlefirewall/list_ndpirisks.cgi index 976b81d..9b53724 100644 --- a/src/turtlefirewall/list_ndpirisks.cgi +++ b/src/turtlefirewall/list_ndpirisks.cgi @@ -10,7 +10,7 @@ do 'turtlefirewall-lib.pl'; -&ui_print_header( "$text{'list_ndpirisks_title'}", $text{'title'}, "" ); +&ui_print_header( "$icons{RISK}{IMAGE}$text{'list_ndpirisks_title'}", $text{'title'}, "" ); &LoadNdpiRisks($fw); &showNdpiRisks(); @@ -26,7 +26,7 @@ sub showNdpiRisks { my @ndpirisks = $fw->GetNdpiRisksList(); foreach $id (sort { $a <=> $b } @ndpirisks) { my %ndpirisk = $fw->GetNdpiRisk($id); - print &ui_columns_row([ "$id", "$ndpirisk{'DESCRIPTION'}" ], \@tds); + print &ui_columns_row([ "$icons{RISK}{IMAGE}$id", "$icons{DESCRIPTION}{IMAGE}$ndpirisk{'DESCRIPTION'}" ], \@tds); } print &ui_columns_end(); } diff --git a/src/turtlefirewall/list_rawrules.cgi b/src/turtlefirewall/list_rawrules.cgi index 2806336..4877aac 100644 --- a/src/turtlefirewall/list_rawrules.cgi +++ b/src/turtlefirewall/list_rawrules.cgi @@ -11,7 +11,7 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); -&ui_print_header( "$text{'list_rawrules_title'}", $text{'title'}, "" ); +&ui_print_header( "$icons{HELPER}{IMAGE}$text{'list_rawrules_title'}", $text{'title'}, "" ); $form = 0; showConntrackPreroute(); @@ -25,7 +25,7 @@ showConntrack(); #============================================================================ sub showConntrackPreroute { - print &ui_subheading("",$text{'conntrack_preroute'}); + print &ui_subheading($icons{HELPER}{IMAGE},$text{'conntrack_preroute'}); print &ui_form_start("save_conntrackpreroute.cgi", "post"); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), @@ -77,36 +77,14 @@ sub showConntrackPreroute { my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd my $href = &ui_link("edit_conntrackpreroute.cgi?idx=$i","${sb}${bb}${i}${be}${se}"); push(@cols, $href ); - my $zimage = ''; my $type = $fw->GetItemType($attr{'SRC'}); - if( $type eq 'NET' ) { $zimage = ''; } - elsif( $type eq 'HOST' ) { $zimage = ''; } - elsif( $type eq 'GEOIP' ) { $zimage = ''; } - elsif( $type eq 'GROUP' ) { $zimage = ''; } - elsif( $type eq 'IPSET' ) { $zimage = ''; } - push(@cols, "${zimage}${sb}${bb}$attr{'SRC'}${be}${se}" ); - my $zimage = ''; + push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'SRC'}${be}${se}" ); my $type = $fw->GetItemType($attr{'DST'}); - if( $type eq 'NET' ) { $zimage = ''; } - elsif( $type eq 'HOST' ) { $zimage = ''; } - elsif( $type eq 'GEOIP' ) { $zimage = ''; } - elsif( $type eq 'IPSET' ) { $zimage = ''; } - push(@cols, "${zimage}${sb}${bb}$attr{'DST'}${be}${se}" ); - $attr{'SERVICE'} =~ s/,/, /g; - my $servicelist = ''; - $servicelist .= $attr{'SERVICE'}; - if( $attr{'SERVICE'} eq 'tcp' || $attr{'SERVICE'} eq 'udp' ) { - if( $attr{'PORT'} ne '' ) { - $servicelist .= "/$attr{'PORT'}"; - } else { - $servicelist .= "/all"; - } - } - my $simage = ''; - push(@cols, "${simage}${sb}${bb}${servicelist}${be}${se}"); + push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'DST'}${be}${se}" ); + push(@cols, "$icons{SERVICE}{IMAGE}${sb}${bb}$attr{'SERVICE'}/$attr{'PORT'}${be}${se}"); my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd - my $himage = $attr{'ACTIVE'} eq 'NO' ? '' : ''; + my $himage = $attr{'ACTIVE'} eq 'NO' ? $icons{HELPER}{IMAGE} : $icons{HELPER_A}{IMAGE}; push(@cols, "${himage}${sb}${bb}${cb}".($attr{'HELPER'} ne '' ? $attr{'HELPER'} : ' ')."${ce}${be}${se}" ); local $mover; $mover .= "
"; @@ -151,7 +129,7 @@ sub showConntrackPreroute { } sub showConntrack { - print &ui_subheading("",$text{'conntrack'}); + print &ui_subheading($icons{HELPER}{IMAGE},$text{'conntrack'}); print &ui_form_start("save_conntrack.cgi", "post"); @links = ( &select_all_link("d", $form), &select_invert_link("d", $form), @@ -203,30 +181,13 @@ sub showConntrack { my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd my $href = &ui_link("edit_conntrack.cgi?idx=$i","${sb}${bb}${i}${be}${se}"); push(@cols, $href ); - my $zimage = ''; - push(@cols, "${zimage}${sb}${bb}$attr{'SRC'}${be}${se}" ); - my $zimage = ''; + push(@cols, "$icons{FIREWALL}{IMAGE}${sb}${bb}$attr{'SRC'}${be}${se}" ); my $type = $fw->GetItemType($attr{'DST'}); - if( $type eq 'NET' ) { $zimage = ''; } - elsif( $type eq 'HOST' ) { $zimage = ''; } - elsif( $type eq 'GEOIP' ) { $zimage = ''; } - elsif( $type eq 'GROUP' ) { $zimage = ''; } - $attr{'DST'} =~ s/,/, /g; - push(@cols, "${zimage}${sb}${bb}$attr{'DST'}${be}${se}" ); - my $servicelist = ''; - $servicelist .= $attr{'SERVICE'}; - if( $attr{'SERVICE'} eq 'tcp' || $attr{'SERVICE'} eq 'udp' ) { - if( $attr{'PORT'} ne '' ) { - $servicelist .= "/$attr{'PORT'}"; - } else { - $servicelist .= "/all"; - } - } - my $simage = ''; - push(@cols, "${simage}${sb}${bb}${servicelist}${be}${se}"); + push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'DST'}${be}${se}" ); + push(@cols, "$icons{SERVICE}{IMAGE}${sb}${bb}$attr{'SERVICE'}/$attr{'PORT'}${be}${se}"); my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd - my $himage = $attr{'ACTIVE'} eq 'NO' ? '' : ''; + my $himage = $attr{'ACTIVE'} eq 'NO' ? $icons{HELPER}{IMAGE} : $icons{HELPER_A}{IMAGE}; push(@cols, "${himage}${sb}${bb}${cb}".($attr{'HELPER'} ne '' ? $attr{'HELPER'} : ' ')."${ce}${be}${se}" ); local $mover; $mover .= "
"; diff --git a/src/turtlefirewall/list_rules.cgi b/src/turtlefirewall/list_rules.cgi index 0b43615..b1766d9 100644 --- a/src/turtlefirewall/list_rules.cgi +++ b/src/turtlefirewall/list_rules.cgi @@ -11,7 +11,7 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); -&ui_print_header( "$text{'list_rules_title'}", $text{'title'}, "" ); +&ui_print_header( "$icons{RULE}{IMAGE}$text{'list_rules_title'}", $text{'title'}, "" ); &showRule(); @@ -93,58 +93,39 @@ sub showRule { my $href = &ui_link("edit_rule.cgi?idx=$i","${sb}${bb}${i}${be}${se}"); push(@cols, $href ); my $srclist = ''; + my $type = ''; my @srcs = split(/,/, $attr{'SRC'}); foreach my $s (@srcs) { - my $zimage = ''; - if( $s eq 'FIREWALL' ) { - $zimage = ''; - } else { - my $type = $fw->GetItemType($s); - if( $type eq 'NET' ) { $zimage = ''; } - elsif( $type eq 'HOST' ) { $zimage = ''; } - elsif( $type eq 'GEOIP' ) { $zimage = ''; } - elsif( $type eq 'GROUP' ) { $zimage = ''; } - elsif( $type eq 'IPSET' ) { $zimage = ''; } - } - $srclist .= "${zimage}${s}
"; + if( $s eq 'FIREWALL' ) { $type = $s; } else { $type = $fw->GetItemType($s); } + $srclist .= "$icons{$type}{IMAGE}$s
"; } push(@cols, "${sb}${bb}${srclist}${be}${se}" ); my $dstlist = ''; + my $type = ''; my @dsts = split(/,/, $attr{'DST'}); foreach my $d (@dsts) { - my $zimage = ''; - if( $d eq 'FIREWALL' ) { - $zimage = ''; - } else { - my $type = $fw->GetItemType($d); - if( $type eq 'NET' ) { $zimage = ''; } - elsif( $type eq 'HOST' ) { $zimage = ''; } - elsif( $type eq 'GEOIP' ) { $zimage = ''; } - elsif( $type eq 'GROUP' ) { $zimage = ''; } - elsif( $type eq 'IPSET' ) { $zimage = ''; } - } - $dstlist .= "${zimage}${d}
"; + if( $d eq 'FIREWALL' ) { $type = $d; } else { $type = $fw->GetItemType($d); } + $dstlist .= "$icons{$type}{IMAGE}$d
"; } push(@cols, "${sb}${bb}${dstlist}${be}${se}" ); my $servicelist = ''; - my $simage = ''; if( $attr{'SERVICE'} eq 'tcp' || $attr{'SERVICE'} eq 'udp' ) { if( $attr{'PORT'} ne '' ) { - $servicelist .= "${simage}$attr{'SERVICE'}/$attr{'PORT'}"; + $servicelist .= "$icons{SERVICE}{IMAGE}$attr{'SERVICE'}/$attr{'PORT'}"; } else { - $servicelist .= "${simage}$attr{'SERVICE'}/all"; + $servicelist .= "$icons{SERVICE}{IMAGE}$attr{'SERVICE'}/all"; } } else { my @services = split(/,/, $attr{'SERVICE'}); foreach my $s (@services) { - $servicelist .= "${simage}${s}
"; + $servicelist .= "$icons{SERVICE}{IMAGE}$s
"; } } push(@cols, "${sb}${bb}${servicelist}${be}${se}"); my $ndpilist = ''; my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd - my $nimage = $attr{'ACTIVE'} eq 'NO' ? '' : ''; + my $nimage = $attr{'ACTIVE'} eq 'NO' ? $icons{NDPISERVICE}{IMAGE} : $icons{NDPISERVICE_A}{IMAGE}; if( $attr{'CATEGORY'} ne '' ) { $ndpilist .= "${nimage}${cb}category: $attr{'CATEGORY'}${ce}"; } elsif( $attr{'NDPI'} ne '' ) { @@ -154,41 +135,41 @@ sub showRule { } } push(@cols, "${sb}${bb}${ndpilist}${be}${se}"); - my $himage = $attr{'HOSTNAMESET'} eq '' ? '' : ''; + my $himage = $attr{'HOSTNAMESET'} eq '' ? '' : $icons{HOSTNAMESET}{IMAGE}; push(@cols, "${himage}${sb}${bb}$attr{'HOSTNAMESET'}${be}${se}" ); - my $rimage = $attr{'RISKSET'} eq '' ? '' : ''; + my $rimage = $attr{'RISKSET'} eq '' ? '' : $icons{RISKSET}{IMAGE}; push(@cols, "${rimage}${sb}${bb}$attr{'RISKSET'}${be}${se}" ); - my $pimage = $attr{'RATELIMIT'} eq '' ? '' : ''; + my $pimage = $attr{'RATELIMIT'} eq '' ? '' : $icons{RATELIMIT}{IMAGE}; push(@cols, "${pimage}${sb}${bb}$attr{'RATELIMIT'}${be}${se}" ); my $type = $fw->GetItemType($attr{'TIME'}); - my $cimage = $type eq 'TIMEGROUP' ? '' : ''; + my $cimage = $type eq 'TIMEGROUP' ? $icons{TIMEGROUP}{IMAGE} : $icons{TIME}{IMAGE}; if( $attr{'TIME'} eq '' ) { $cimage = ''; } push(@cols, "${cimage}${sb}${bb}$attr{'TIME'}${be}${se}" ); if( $attr{'TARGET'} eq 'ACCEPT' ) { my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd - my $aimage = $attr{'ACTIVE'} eq 'NO' ? '' : ''; + my $aimage = $attr{'ACTIVE'} eq 'NO' ? $icons{ACCEPT}{IMAGE} : $icons{ACCEPT_A}{IMAGE}; push(@cols, "${aimage}${sb}${bb}${cb}$attr{'TARGET'}${ce}${be}${se}" ); } elsif( $attr{'TARGET'} eq 'DROP' ) { my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd - my $dimage = $attr{'ACTIVE'} eq 'NO' ? '' : ''; + my $dimage = $attr{'ACTIVE'} eq 'NO' ? $icons{DROP}{IMAGE} : $icons{DROP_A}{IMAGE}; push(@cols, "${dimage}${sb}${bb}${cb}$attr{'TARGET'}${ce}${be}${se}" ); } elsif( $attr{'TARGET'} eq 'REJECT' ) { my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd - my $dimage = $attr{'ACTIVE'} eq 'NO' ? '' : ''; + my $dimage = $attr{'ACTIVE'} eq 'NO' ? $icons{REJECT}{IMAGE} : $icons{REJECT_A}{IMAGE}; push(@cols, "${dimage}${sb}${bb}${cb}$attr{'TARGET'}${ce}${be}${se}" ); } if( $attr{'LOG'} eq 'YES' ) { my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd - my $limage = $attr{'ACTIVE'} eq 'NO' ? '' : ''; + my $limage = $attr{'ACTIVE'} eq 'NO' ? $icons{LOG}{IMAGE} : $icons{LOG_A}{IMAGE}; push(@cols, "${limage}${sb}${bb}${cb}".($attr{'TARGET'} eq 'ACCEPT' ? 'FLO' : 'ACT')."${ce}${be}${se}" ); } else { push(@cols, ' ' ); } - my $iimage = $attr{'DESCRIPTION'} eq '' ? '' : ''; + my $iimage = $attr{'DESCRIPTION'} eq '' ? '' : $icons{DESCRIPTION}{IMAGE}; push(@cols, "${iimage}${sb}${bb}".($attr{'DESCRIPTION'} ne '' ? $attr{'DESCRIPTION'} : ' ')."${be}${se}" ); local $mover; $mover .= "
"; @@ -224,7 +205,7 @@ sub showRule { push(@cols, $mover); print &ui_checked_columns_row(\@cols, \@tds, "d", $i); } - print &ui_columns_row([undef, undef, "*", "*", "all", "", "", "", "", "", "DROP", "ACT", "Implicit Deny", undef], \@tds); + print &ui_columns_row([undef, undef, "$icons{ZONE}{IMAGE}*", "$icons{ZONE}{IMAGE}*", "$icons{SERVICE}{IMAGE}all", "", "", "", "", "", "$icons{DROP_A}{IMAGE}DROP", "$icons{LOG_A}{IMAGE}ACT", "$icons{DESCRIPTION}{IMAGE}Implicit Deny", undef], \@tds); print &ui_columns_end(); print "
"; print ''; diff --git a/src/turtlefirewall/list_services.cgi b/src/turtlefirewall/list_services.cgi index 76e1f13..22556b1 100644 --- a/src/turtlefirewall/list_services.cgi +++ b/src/turtlefirewall/list_services.cgi @@ -10,7 +10,7 @@ do 'turtlefirewall-lib.pl'; -&ui_print_header( "$text{'list_services_title'}", $text{'title'}, "" ); +&ui_print_header( "$icons{SERVICE}{IMAGE}$text{'list_services_title'}", $text{'title'}, "" ); &LoadServices($fw); &showServices(); @@ -26,7 +26,7 @@ sub showServices { my @services = $fw->GetServicesList(); foreach my $name (@services) { my %service = $fw->GetService($name); - print &ui_columns_row([ "$name", "$service{'DESCRIPTION'}" ], \@tds); + print &ui_columns_row([ "$icons{SERVICE}{IMAGE}$name", "$icons{DESCRIPTION}{IMAGE}$service{'DESCRIPTION'}" ], \@tds); } print &ui_columns_end(); } diff --git a/src/turtlefirewall/save_connmark.cgi b/src/turtlefirewall/save_connmark.cgi index 3a0a797..b72c4f7 100644 --- a/src/turtlefirewall/save_connmark.cgi +++ b/src/turtlefirewall/save_connmark.cgi @@ -13,7 +13,9 @@ do 'turtlefirewall-lib.pl'; my $idx = $in{'idx'}; my $src = $in{'src'}; +$src =~ s/\0/,/g; my $dst = $in{'dst'}; +$dst =~ s/\0/,/g; my ($service, $port) = &formServiceParse( $in{'servicetype'}, $in{'service2'}, $in{'service3'}, $in{'port'} ); if( $service eq '' ) { $service = 'all'; } my ($ndpi, $category) = &formNdpiProtocolParse( $in{'ndpiprotocoltype'}, $in{'ndpiprotocol2'}, $in{'category'} ); diff --git a/src/turtlefirewall/save_masq.cgi b/src/turtlefirewall/save_masquerade.cgi similarity index 100% rename from src/turtlefirewall/save_masq.cgi rename to src/turtlefirewall/save_masquerade.cgi diff --git a/src/turtlefirewall/setup/TurtleFirewall.pm b/src/turtlefirewall/setup/TurtleFirewall.pm index b29186e..f6b0fa0 100644 --- a/src/turtlefirewall/setup/TurtleFirewall.pm +++ b/src/turtlefirewall/setup/TurtleFirewall.pm @@ -914,6 +914,78 @@ sub RenameItem { } } +sub GetItemReferences { + my $this = shift; + my $item = shift; + + my $type = $this->{fwItems}{$item}; + + my %references = (); + + if( $type eq 'ZONE' ) { + foreach $k (@{$this->{fwKeys}{HOST}}) { + if( $this->{fw}{HOST}{$k}{ZONE} eq $item ) { + $references{$k} = 'HOST'; + } + } + + foreach $k (@{$this->{fwKeys}{NET}}) { + if( $this->{fw}{NET}{$k}{ZONE} eq $item ) { + $references{$k} = 'NET'; + } + } + + foreach $k (@{$this->{fwKeys}{GEOIP}}) { + if( $this->{fw}{GEOIP}{$k}{ZONE} eq $item ) { + $references{$k} = 'GEOIP'; + } + } + + foreach $k (@{$this->{fwKeys}{IPSET}}) { + if( $this->{fw}{IPSET}{$k}{ZONE} eq $item ) { + $references{$k} = 'IPSET'; + } + } + } + + if( $type eq 'ADDRESSLIST' ) { + foreach $k (@{$this->{fwKeys}{IPSET}}) { + if( $this->{fw}{IPSET}{$k}{IP} eq $item ) { + $references{$k} = 'IPSET'; + } + } + } + + foreach my $group (@{$this->{fwKeys}{GROUP}}) { + for( my $i=0; $i<=$#{$this->{fw}{GROUP}{$group}{ITEMS}}; $i++ ) { + if( $this->{fw}{GROUP}{$group}{ITEMS}[$i] eq $item ) { + $references{$group} = 'GROUP'; + } + } + } + + foreach my $timegroup (@{$this->{fwKeys}{TIMEGROUP}}) { + for( my $i=0; $i<=$#{$this->{fw}{TIMEGROUP}{$timegroup}{ITEMS}}; $i++ ) { + if( $this->{fw}{TIMEGROUP}{$timegroup}{ITEMS}[$i] eq $item ) { + $references{$timegroup} = 'TIMEGROUP'; + } + } + } + + foreach my $ruletype ('RULE','CONNMARKPREROUTE','CONNMARK','CONNTRACKPREROUTE','CONNTRACK','NAT','MASQUERADE','REDIRECT') { + for( my $i=0; $i<=$#{$this->{fw}{$ruletype}}; $i++ ) { + foreach $ruleitem ('SRC','DST','ZONE','VIRTUAL','REAL','TIME','HOSTNAMESET','RISKSET','RATELIMIT') { + my @ruleitem_list = split( /,/, $this->{fw}{$ruletype}[$i]{$ruleitem} ); + if( grep( /^$item$/, @ruleitem_list ) ) { + $references{"${ruleitem} ${i}"} = $ruletype; + } + } + } + } + + return %references; +} + # DeleteGroup( $group ); sub DeleteGroup { my ($this, $group) = @_; diff --git a/src/turtlefirewall/turtlefirewall-lib.pl b/src/turtlefirewall/turtlefirewall-lib.pl index 7aee2fa..c756f34 100644 --- a/src/turtlefirewall/turtlefirewall-lib.pl +++ b/src/turtlefirewall/turtlefirewall-lib.pl @@ -95,6 +95,77 @@ sub confdir { 'sha1_blacklist' => { FILE => '/etc/turtlefirewall/sha1_blacklist.dat', TYPE => 'ndpi:sha1', DESCRIPTION => 'SSL Certificate Fingerprint' } ); +%icons = ( + 'SHIELD' => { IMAGE => '' }, + 'ADDRESSLIST' => { IMAGE => '' }, + 'FIREWALL' => { IMAGE => '' }, + 'ZONE' => { IMAGE => '' }, + 'NET' => { IMAGE => '' }, + 'HOST' => { IMAGE => '' }, + 'GEOIP' => { IMAGE => '' }, + 'IPSET' => { IMAGE => '' }, + 'GROUP' => { IMAGE => '' }, + 'HOSTNAMESET' => { IMAGE => '' }, + 'HOSTNAME' => { IMAGE => '' }, + 'RISKSET' => { IMAGE => '' }, + 'RISK' => { IMAGE => '' }, + 'RATELIMIT' => { IMAGE => '' }, + 'RATE' => { IMAGE => '' }, + 'TIME' => { IMAGE => '' }, + 'TIMEGROUP' => { IMAGE => '' }, + 'TIMESTART' => { IMAGE => '' }, + 'TIMESTOP' => { IMAGE => '' }, + 'RULE' => { IMAGE => '' }, + 'CONNMARKPREROUTE' => { IMAGE => '' }, + 'CONNMARK' => { IMAGE => '' }, + 'CONNTRACKPREROUTE' => { IMAGE => '' }, + 'CONNTRACK' => { IMAGE => '' }, + 'REDIRECT' => { IMAGE => '' }, + 'REDIRECT_A' => { IMAGE => '' }, + 'REDIRECT_NO' => { IMAGE => '' }, + 'NAT' => { IMAGE => '' }, + 'NAT_A' => { IMAGE => '' }, + 'NAT_NO' => { IMAGE => '' }, + 'MASQUERADE' => { IMAGE => '' }, + 'MASQUERADE_A' => { IMAGE => '' }, + 'MASQUERADE_NO' => { IMAGE => '' }, + 'SRC' => { IMAGE => '' }, + 'DST' => { IMAGE => '' }, + 'VIRTUAL' => { IMAGE => '' }, + 'REAL' => { IMAGE => '' }, + 'BLACKLIST' => { IMAGE => '' }, + 'FILE' => { IMAGE => '' }, + 'OPTION' => { IMAGE => '' }, + 'DESCRIPTION' => { IMAGE => '' }, + 'ADDRESS' => { IMAGE => '' }, + 'INTERFACE' => { IMAGE => '' }, + 'CREATE' => { IMAGE => '' }, + 'EDIT' => { IMAGE => '' }, + 'NETMASK' => { IMAGE => '' }, + 'COUNTRYCODE' => { IMAGE => '' }, + 'ITEM' => { IMAGE => '' }, + 'SERVICE' => { IMAGE => '' }, + 'NDPISERVICE' => { IMAGE => '' }, + 'NDPISERVICE_A' => { IMAGE => '' }, + 'LOG' => { IMAGE => '' }, + 'LOG_A' => { IMAGE => '' }, + 'FLOWSTAT' => { IMAGE => '' }, + 'TARGET' => { IMAGE => '' }, + 'ACCEPT' => { IMAGE => '' }, + 'ACCEPT_A' => { IMAGE => '' }, + 'DROP' => { IMAGE => '' }, + 'DROP_A' => { IMAGE => '' }, + 'REJECT' => { IMAGE => '' }, + 'REJECT_A' => { IMAGE => '' }, + 'ID' => { IMAGE => '' }, + 'ACTIVE' => { IMAGE => '' }, + 'HELPER' => { IMAGE => '' }, + 'HELPER_A' => { IMAGE => '' }, + 'MARK' => { IMAGE => '' }, + 'MARK_A' => { IMAGE => '' }, + 'TOPORT' => { IMAGE => '' } +); + sub LoadServices { my $firewall = shift; my $fwservices_file = $config{'fwservices_file'}; From f8e39cdb8773b576abb8f032f60125e2e5d7643d Mon Sep 17 00:00:00 2001 From: netcons Date: Sat, 2 Nov 2024 12:10:12 +0200 Subject: [PATCH 021/113] Update list_itemreferences.cgi --- src/turtlefirewall/list_itemreferences.cgi | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/turtlefirewall/list_itemreferences.cgi b/src/turtlefirewall/list_itemreferences.cgi index fa7d985..55fec26 100644 --- a/src/turtlefirewall/list_itemreferences.cgi +++ b/src/turtlefirewall/list_itemreferences.cgi @@ -33,19 +33,19 @@ sub showItemReferences { my $href = ''; my $reftype = $itemreferences{$k}; my $reftypelc = lc($reftype); + my $prefix = $reftype eq 'RULE' ? 'filter' : $reftypelc; my @ks = split( / /, $k ); my $refname = $ks[0]; my $idx = $ks[1]; # Item in Rule if( $idx ne '' ) { - if( $reftypelc eq 'rule' ) { $reftypelc = 'filter' } my $refnamelc = lc($refname); - $href = &ui_link("edit_$reftypelc.cgi?idx=$idx","$reftypelc rule id $idx $refnamelc"); + $href = &ui_link("edit_$reftypelc.cgi?idx=$idx","$prefix rule id $idx $refnamelc"); } else { # Item in Item - $href = &ui_link("edit_$reftypelc.cgi?$reftypelc=$refname","$reftypelc item $refname"); + $href = &ui_link("edit_$reftypelc.cgi?$reftypelc=$refname","$prefix item $refname"); } - print &ui_columns_row([ "$icons{$reftype}{IMAGE} $href" ], \@tds); + print &ui_columns_row([ "$icons{$reftype}{IMAGE}$href" ], \@tds); } print &ui_columns_end(); } From fb847a708fe30eb9f73b9189d3d8e11acdb8df9f Mon Sep 17 00:00:00 2001 From: netcons Date: Sun, 3 Nov 2024 06:20:41 +0200 Subject: [PATCH 022/113] Restore zone wildcard icon check --- src/turtlefirewall/list_manglerules.cgi | 6 +++--- src/turtlefirewall/list_nat.cgi | 11 ++++++----- src/turtlefirewall/list_rawrules.cgi | 7 ++++--- src/turtlefirewall/list_rules.cgi | 4 ++-- 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/src/turtlefirewall/list_manglerules.cgi b/src/turtlefirewall/list_manglerules.cgi index 166e944..2d3311b 100644 --- a/src/turtlefirewall/list_manglerules.cgi +++ b/src/turtlefirewall/list_manglerules.cgi @@ -87,7 +87,7 @@ sub showConnmarkPreroute { push(@cols, $href ); my $type = $fw->GetItemType($attr{'SRC'}); push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'SRC'}${be}${se}" ); - my $type = $fw->GetItemType($attr{'DST'}); + if( $attr{'DST'} eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($attr{'DST'}); } push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'DST'}${be}${se}" ); my $servicelist = ''; if( $attr{'SERVICE'} eq 'tcp' || $attr{'SERVICE'} eq 'udp' ) { @@ -235,7 +235,7 @@ sub showConnmark { my $type = ''; my @srcs = split(/,/, $attr{'SRC'}); foreach my $s (@srcs) { - if( $s eq 'FIREWALL' ) { $type = $s; } else { $type = $fw->GetItemType($s); } + if( $s eq 'FIREWALL' ) { $type = $s; } elsif( $s eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($s); } $srclist .= "$icons{$type}{IMAGE}$s
"; } push(@cols, "${sb}${bb}${srclist}${be}${se}" ); @@ -243,7 +243,7 @@ sub showConnmark { my $type = ''; my @dsts = split(/,/, $attr{'DST'}); foreach my $d (@dsts) { - if( $d eq 'FIREWALL' ) { $type = $d; } else { $type = $fw->GetItemType($d); } + if( $d eq 'FIREWALL' ) { $type = $d; } elsif( $d eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($d); } $dstlist .= "$icons{$type}{IMAGE}$d
"; } push(@cols, "${sb}${bb}${dstlist}${be}${se}" ); diff --git a/src/turtlefirewall/list_nat.cgi b/src/turtlefirewall/list_nat.cgi index 9993d10..d6c7c5c 100644 --- a/src/turtlefirewall/list_nat.cgi +++ b/src/turtlefirewall/list_nat.cgi @@ -182,10 +182,11 @@ sub showMasquerade { my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd my $href = &ui_link("edit_masquerade.cgi?idx=$i","${sb}${i}${se}"); push(@cols, $href ); - my $type = $fw->GetItemType($attr{'SRC'}); - push(@cols, "$icons{$type}{IMAGE}${sb}".($attr{'SRC'} ne '' ? $attr{'SRC'} : '*')."${se}" ); - my $type = $fw->GetItemType($attr{'DST'}); - push(@cols, "$icons{$type}{IMAGE}${sb}".($attr{'DST'} ne '' ? $attr{'DST'} : ' ')."${se}" ); + my $type = ''; + if( $attr{'SRC'} eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($attr{'SRC'}); } + push(@cols, "$icons{$type}{IMAGE}${sb}$attr{'SRC'}${se}" ); + $type = $fw->GetItemType($attr{'DST'}); + push(@cols, "$icons{$type}{IMAGE}${sb}$attr{'DST'}${se}" ); my $servicelist = ''; if( $attr{'SERVICE'} eq 'tcp' || $attr{'SERVICE'} eq 'udp' ) { if( $attr{'PORT'} ne '' ) { @@ -292,7 +293,7 @@ sub showRedirect { push(@cols, $href ); my $type = $fw->GetItemType($attr{'SRC'}); push(@cols, "$icons{$type}{IMAGE}${sb}$attr{'SRC'}${se}" ); - my $type = $fw->GetItemType($attr{'DST'}); + if( $attr{'DST'} eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($attr{'DST'}); } push(@cols, "$icons{$type}{IMAGE}${sb}$attr{'DST'}${se}" ); my $servicelist = ''; if( $attr{'SERVICE'} eq 'tcp' || $attr{'SERVICE'} eq 'udp' ) { diff --git a/src/turtlefirewall/list_rawrules.cgi b/src/turtlefirewall/list_rawrules.cgi index 4877aac..bf5ce7d 100644 --- a/src/turtlefirewall/list_rawrules.cgi +++ b/src/turtlefirewall/list_rawrules.cgi @@ -77,9 +77,10 @@ sub showConntrackPreroute { my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd my $href = &ui_link("edit_conntrackpreroute.cgi?idx=$i","${sb}${bb}${i}${be}${se}"); push(@cols, $href ); - my $type = $fw->GetItemType($attr{'SRC'}); + my $type = ''; + if( $attr{'SRC'} eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($attr{'SRC'}); } push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'SRC'}${be}${se}" ); - my $type = $fw->GetItemType($attr{'DST'}); + if( $attr{'DST'} eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($attr{'DST'}); } push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'DST'}${be}${se}" ); push(@cols, "$icons{SERVICE}{IMAGE}${sb}${bb}$attr{'SERVICE'}/$attr{'PORT'}${be}${se}"); my $cb = $sb eq '' ? '' : ''; # ColourBegin @@ -182,7 +183,7 @@ sub showConntrack { my $href = &ui_link("edit_conntrack.cgi?idx=$i","${sb}${bb}${i}${be}${se}"); push(@cols, $href ); push(@cols, "$icons{FIREWALL}{IMAGE}${sb}${bb}$attr{'SRC'}${be}${se}" ); - my $type = $fw->GetItemType($attr{'DST'}); + if( $attr{'DST'} eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($attr{'DST'}); } push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'DST'}${be}${se}" ); push(@cols, "$icons{SERVICE}{IMAGE}${sb}${bb}$attr{'SERVICE'}/$attr{'PORT'}${be}${se}"); my $cb = $sb eq '' ? '' : ''; # ColourBegin diff --git a/src/turtlefirewall/list_rules.cgi b/src/turtlefirewall/list_rules.cgi index b1766d9..659c5e2 100644 --- a/src/turtlefirewall/list_rules.cgi +++ b/src/turtlefirewall/list_rules.cgi @@ -96,7 +96,7 @@ sub showRule { my $type = ''; my @srcs = split(/,/, $attr{'SRC'}); foreach my $s (@srcs) { - if( $s eq 'FIREWALL' ) { $type = $s; } else { $type = $fw->GetItemType($s); } + if( $s eq 'FIREWALL' ) { $type = $s; } elsif( $s eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($s); } $srclist .= "$icons{$type}{IMAGE}$s
"; } push(@cols, "${sb}${bb}${srclist}${be}${se}" ); @@ -104,7 +104,7 @@ sub showRule { my $type = ''; my @dsts = split(/,/, $attr{'DST'}); foreach my $d (@dsts) { - if( $d eq 'FIREWALL' ) { $type = $d; } else { $type = $fw->GetItemType($d); } + if( $d eq 'FIREWALL' ) { $type = $d; } elsif( $d eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($d); } $dstlist .= "$icons{$type}{IMAGE}$d
"; } push(@cols, "${sb}${bb}${dstlist}${be}${se}" ); From 1eeae774f1b7baec6a71ecf8bee3f555d2de2aa9 Mon Sep 17 00:00:00 2001 From: netcons Date: Sun, 3 Nov 2024 15:28:13 +0200 Subject: [PATCH 023/113] Simplify GetItemType --- src/turtlefirewall/list_itemreferences.cgi | 2 +- src/turtlefirewall/list_items.cgi | 2 +- src/turtlefirewall/list_manglerules.cgi | 38 +++++++++++++--------- src/turtlefirewall/list_nat.cgi | 7 ++-- src/turtlefirewall/list_rawrules.cgi | 10 +++--- src/turtlefirewall/list_rules.cgi | 19 ++++++----- src/turtlefirewall/setup/TurtleFirewall.pm | 10 +++--- 7 files changed, 52 insertions(+), 36 deletions(-) diff --git a/src/turtlefirewall/list_itemreferences.cgi b/src/turtlefirewall/list_itemreferences.cgi index 55fec26..2cb7c23 100644 --- a/src/turtlefirewall/list_itemreferences.cgi +++ b/src/turtlefirewall/list_itemreferences.cgi @@ -26,7 +26,7 @@ sub showItemReferences { my $image = $icons{$type}{IMAGE}; print &ui_subheading($image,$item); - @tds = ( "" ); + @tds = (); print &ui_columns_start([ "$text{'references'}" ], 100, 0, \@tds); my %itemreferences = $fw->GetItemReferences($item); foreach my $k (sort keys %itemreferences) { diff --git a/src/turtlefirewall/list_items.cgi b/src/turtlefirewall/list_items.cgi index 6f84729..621d82a 100644 --- a/src/turtlefirewall/list_items.cgi +++ b/src/turtlefirewall/list_items.cgi @@ -358,7 +358,7 @@ sub showGroup { my $grouplist; my $type = ''; for my $item (@{$group{ITEMS}}) { - if( $item eq 'FIREWALL' ) { $type = $item; } else { $type = $fw->GetItemType($item); } + $type = $fw->GetItemType($item); $grouplist .= "$icons{$type}{IMAGE}$item
"; } push(@cols, $grouplist ); diff --git a/src/turtlefirewall/list_manglerules.cgi b/src/turtlefirewall/list_manglerules.cgi index 2d3311b..740c746 100644 --- a/src/turtlefirewall/list_manglerules.cgi +++ b/src/turtlefirewall/list_manglerules.cgi @@ -40,7 +40,7 @@ sub showConnmarkPreroute { "style=vertical-align:top;white-space:normal", "style=vertical-align:top;white-space:normal", "style=vertical-align:top;white-space:normal", - "width=1% style=vertical-align:top;white-space:normal", + "width=5% style=vertical-align:top;white-space:normal", "width=1% style=vertical-align:top" ); print &ui_columns_start([ '', @@ -85,9 +85,10 @@ sub showConnmarkPreroute { my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd my $href = &ui_link("edit_connmarkpreroute.cgi?idx=$i","${sb}${bb}${i}${be}${se}"); push(@cols, $href ); - my $type = $fw->GetItemType($attr{'SRC'}); + my $type = ''; + $type = $fw->GetItemType($attr{'SRC'}); push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'SRC'}${be}${se}" ); - if( $attr{'DST'} eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($attr{'DST'}); } + $type = $fw->GetItemType($attr{'DST'}); push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'DST'}${be}${se}" ); my $servicelist = ''; if( $attr{'SERVICE'} eq 'tcp' || $attr{'SERVICE'} eq 'udp' ) { @@ -120,9 +121,13 @@ sub showConnmarkPreroute { push(@cols, "${himage}${sb}${bb}$attr{'HOSTNAMESET'}${be}${se}" ); my $rimage = $attr{'RISKSET'} eq '' ? '' : $icons{RISKSET}{IMAGE}; push(@cols, "${rimage}${sb}${bb}$attr{'RISKSET'}${be}${se}" ); - my $type = $fw->GetItemType($attr{'TIME'}); - my $cimage = $type eq 'TIMEGROUP' ? $icons{TIMEGROUP}{IMAGE} : $icons{TIME}{IMAGE}; - if( $attr{'TIME'} eq '' ) { $cimage = ''; } + my $cimage = ''; + if( $attr{'TIME'} eq '' ) { + $cimage = ''; + } else { + $type = $fw->GetItemType($attr{'TIME'}); + $cimage = $icons{$type}{IMAGE}; + } push(@cols, "${cimage}${sb}${bb}$attr{'TIME'}${be}${se}" ); my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd @@ -186,7 +191,7 @@ sub showConnmark { "style=vertical-align:top;white-space:normal", "style=vertical-align:top;white-space:normal", "style=vertical-align:top;white-space:normal", - "width=1% style=vertical-align:top;white-space:normal", + "width=5% style=vertical-align:top;white-space:normal", "width=1% style=vertical-align:top" ); print &ui_columns_start([ '', @@ -231,19 +236,18 @@ sub showConnmark { my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd my $href = &ui_link("edit_connmark.cgi?idx=$i","${sb}${bb}${i}${be}${se}"); push(@cols, $href ); - my $srclist = ''; my $type = ''; + my $srclist = ''; + my $dstlist = ''; my @srcs = split(/,/, $attr{'SRC'}); foreach my $s (@srcs) { - if( $s eq 'FIREWALL' ) { $type = $s; } elsif( $s eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($s); } + $type = $fw->GetItemType($s); $srclist .= "$icons{$type}{IMAGE}$s
"; } push(@cols, "${sb}${bb}${srclist}${be}${se}" ); - my $dstlist = ''; - my $type = ''; my @dsts = split(/,/, $attr{'DST'}); foreach my $d (@dsts) { - if( $d eq 'FIREWALL' ) { $type = $d; } elsif( $d eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($d); } + $type = $fw->GetItemType($d); $dstlist .= "$icons{$type}{IMAGE}$d
"; } push(@cols, "${sb}${bb}${dstlist}${be}${se}" ); @@ -278,9 +282,13 @@ sub showConnmark { push(@cols, "${himage}${sb}${bb}$attr{'HOSTNAMESET'}${be}${se}" ); my $rimage = $attr{'RISKSET'} eq '' ? '' : $icons{RISKSET}{IMAGE}; push(@cols, "${rimage}${sb}${bb}$attr{'RISKSET'}${be}${se}" ); - my $type = $fw->GetItemType($attr{'TIME'}); - my $cimage = $type eq 'TIMEGROUP' ? $icons{TIMEGROUP}{IMAGE} : $icons{TIME}{IMAGE}; - if( $attr{'TIME'} eq '' ) { $cimage = ''; } + my $cimage = ''; + if( $attr{'TIME'} eq '' ) { + $cimage = ''; + } else { + $type = $fw->GetItemType($attr{'TIME'}); + $cimage = $icons{$type}{IMAGE}; + } push(@cols, "${cimage}${sb}${bb}$attr{'TIME'}${be}${se}" ); my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd diff --git a/src/turtlefirewall/list_nat.cgi b/src/turtlefirewall/list_nat.cgi index d6c7c5c..e79e879 100644 --- a/src/turtlefirewall/list_nat.cgi +++ b/src/turtlefirewall/list_nat.cgi @@ -183,7 +183,7 @@ sub showMasquerade { my $href = &ui_link("edit_masquerade.cgi?idx=$i","${sb}${i}${se}"); push(@cols, $href ); my $type = ''; - if( $attr{'SRC'} eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($attr{'SRC'}); } + $type = $fw->GetItemType($attr{'SRC'}); push(@cols, "$icons{$type}{IMAGE}${sb}$attr{'SRC'}${se}" ); $type = $fw->GetItemType($attr{'DST'}); push(@cols, "$icons{$type}{IMAGE}${sb}$attr{'DST'}${se}" ); @@ -291,9 +291,10 @@ sub showRedirect { my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd my $href = &ui_link("edit_redirect.cgi?idx=$i","${sb}${i}${se}"); push(@cols, $href ); - my $type = $fw->GetItemType($attr{'SRC'}); + my $type = ''; + $type = $fw->GetItemType($attr{'SRC'}); push(@cols, "$icons{$type}{IMAGE}${sb}$attr{'SRC'}${se}" ); - if( $attr{'DST'} eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($attr{'DST'}); } + $type = $fw->GetItemType($attr{'DST'}); push(@cols, "$icons{$type}{IMAGE}${sb}$attr{'DST'}${se}" ); my $servicelist = ''; if( $attr{'SERVICE'} eq 'tcp' || $attr{'SERVICE'} eq 'udp' ) { diff --git a/src/turtlefirewall/list_rawrules.cgi b/src/turtlefirewall/list_rawrules.cgi index bf5ce7d..b247a0c 100644 --- a/src/turtlefirewall/list_rawrules.cgi +++ b/src/turtlefirewall/list_rawrules.cgi @@ -78,9 +78,9 @@ sub showConntrackPreroute { my $href = &ui_link("edit_conntrackpreroute.cgi?idx=$i","${sb}${bb}${i}${be}${se}"); push(@cols, $href ); my $type = ''; - if( $attr{'SRC'} eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($attr{'SRC'}); } + $type = $fw->GetItemType($attr{'SRC'}); push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'SRC'}${be}${se}" ); - if( $attr{'DST'} eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($attr{'DST'}); } + $type = $fw->GetItemType($attr{'DST'}); push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'DST'}${be}${se}" ); push(@cols, "$icons{SERVICE}{IMAGE}${sb}${bb}$attr{'SERVICE'}/$attr{'PORT'}${be}${se}"); my $cb = $sb eq '' ? '' : ''; # ColourBegin @@ -182,8 +182,10 @@ sub showConntrack { my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd my $href = &ui_link("edit_conntrack.cgi?idx=$i","${sb}${bb}${i}${be}${se}"); push(@cols, $href ); - push(@cols, "$icons{FIREWALL}{IMAGE}${sb}${bb}$attr{'SRC'}${be}${se}" ); - if( $attr{'DST'} eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($attr{'DST'}); } + my $type = ''; + $type = $fw->GetItemType($attr{'SRC'}); + push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'SRC'}${be}${se}" ); + $type = $fw->GetItemType($attr{'DST'}); push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'DST'}${be}${se}" ); push(@cols, "$icons{SERVICE}{IMAGE}${sb}${bb}$attr{'SERVICE'}/$attr{'PORT'}${be}${se}"); my $cb = $sb eq '' ? '' : ''; # ColourBegin diff --git a/src/turtlefirewall/list_rules.cgi b/src/turtlefirewall/list_rules.cgi index 659c5e2..0da45ab 100644 --- a/src/turtlefirewall/list_rules.cgi +++ b/src/turtlefirewall/list_rules.cgi @@ -92,19 +92,18 @@ sub showRule { my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd my $href = &ui_link("edit_rule.cgi?idx=$i","${sb}${bb}${i}${be}${se}"); push(@cols, $href ); - my $srclist = ''; my $type = ''; + my $srclist = ''; + my $dstlist = ''; my @srcs = split(/,/, $attr{'SRC'}); foreach my $s (@srcs) { - if( $s eq 'FIREWALL' ) { $type = $s; } elsif( $s eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($s); } + $type = $fw->GetItemType($s); $srclist .= "$icons{$type}{IMAGE}$s
"; } push(@cols, "${sb}${bb}${srclist}${be}${se}" ); - my $dstlist = ''; - my $type = ''; my @dsts = split(/,/, $attr{'DST'}); foreach my $d (@dsts) { - if( $d eq 'FIREWALL' ) { $type = $d; } elsif( $d eq '*' ) { $type = 'ZONE'; } else { $type = $fw->GetItemType($d); } + $type = $fw->GetItemType($d); $dstlist .= "$icons{$type}{IMAGE}$d
"; } push(@cols, "${sb}${bb}${dstlist}${be}${se}" ); @@ -141,9 +140,13 @@ sub showRule { push(@cols, "${rimage}${sb}${bb}$attr{'RISKSET'}${be}${se}" ); my $pimage = $attr{'RATELIMIT'} eq '' ? '' : $icons{RATELIMIT}{IMAGE}; push(@cols, "${pimage}${sb}${bb}$attr{'RATELIMIT'}${be}${se}" ); - my $type = $fw->GetItemType($attr{'TIME'}); - my $cimage = $type eq 'TIMEGROUP' ? $icons{TIMEGROUP}{IMAGE} : $icons{TIME}{IMAGE}; - if( $attr{'TIME'} eq '' ) { $cimage = ''; } + my $cimage = ''; + if( $attr{'TIME'} eq '' ) { + $cimage = ''; + } else { + $type = $fw->GetItemType($attr{'TIME'}); + $cimage = $icons{$type}{IMAGE}; + } push(@cols, "${cimage}${sb}${bb}$attr{'TIME'}${be}${se}" ); if( $attr{'TARGET'} eq 'ACCEPT' ) { my $cb = $sb eq '' ? '' : ''; # ColourBegin diff --git a/src/turtlefirewall/setup/TurtleFirewall.pm b/src/turtlefirewall/setup/TurtleFirewall.pm index f6b0fa0..08e2e27 100644 --- a/src/turtlefirewall/setup/TurtleFirewall.pm +++ b/src/turtlefirewall/setup/TurtleFirewall.pm @@ -326,7 +326,10 @@ sub GetOption { sub GetItemType { my $this = shift; my $item = shift; - return $type = $this->{fwItems}{$item}; + + my $type = ''; + if( $item eq '*' ) { $type = 'ZONE' } elsif( $item eq 'FIREWALL' ) { $type = 'FIREWALL' } else { $type = $this->{fwItems}{$item} } + return $type; } # AddGroup( $group, $description, @items ) @@ -2964,9 +2967,10 @@ sub applyRule { my $ndpi = $rule{NDPI}; my $category = $rule{CATEGORY}; my $hostnameset = $rule{HOSTNAMESET}; + my $hostname = $rule{HOSTNAME}; my $riskset = $rule{RISKSET}; + my $risk = $rule{RISK}; my $ratelimit = $rule{RATELIMIT}; - my $hostname = $rule{HOSTNAME}; my $port = $rule{PORT}; my $mark = $rule{MARK}; my $helper = $rule{HELPER}; @@ -3464,7 +3468,6 @@ sub expand_time_item { my $item = shift; my %fw = %{$this->{fw}}; - my %fwItems = %{$this->{fwItems}}; my $weekdays = ''; my $timestart = ''; @@ -3482,7 +3485,6 @@ sub expand_hostnameset_item { my $item = shift; my %fw = %{$this->{fw}}; - my %fwItems = %{$this->{fwItems}}; my $hostnames = ''; $hostnames = $fw{HOSTNAMESET}{$item}{HOSTNAMES}; From 58f9fce5867790156578044ab1f0c56664b0bc4b Mon Sep 17 00:00:00 2001 From: netcons Date: Sun, 3 Nov 2024 16:05:52 +0200 Subject: [PATCH 024/113] Fix Item Reference Rule ID --- src/turtlefirewall/list_itemreferences.cgi | 1 + 1 file changed, 1 insertion(+) diff --git a/src/turtlefirewall/list_itemreferences.cgi b/src/turtlefirewall/list_itemreferences.cgi index 2cb7c23..f486154 100644 --- a/src/turtlefirewall/list_itemreferences.cgi +++ b/src/turtlefirewall/list_itemreferences.cgi @@ -39,6 +39,7 @@ sub showItemReferences { my $idx = $ks[1]; # Item in Rule if( $idx ne '' ) { + $idx++; my $refnamelc = lc($refname); $href = &ui_link("edit_$reftypelc.cgi?idx=$idx","$prefix rule id $idx $refnamelc"); } else { From d70a09a61a8e3018b280a16f188dac6e68067d0e Mon Sep 17 00:00:00 2001 From: netcons Date: Mon, 4 Nov 2024 20:31:43 +0200 Subject: [PATCH 025/113] Add Blacklist reference links --- src/turtlefirewall/list_items.cgi | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/src/turtlefirewall/list_items.cgi b/src/turtlefirewall/list_items.cgi index 621d82a..d24a91f 100644 --- a/src/turtlefirewall/list_items.cgi +++ b/src/turtlefirewall/list_items.cgi @@ -95,7 +95,8 @@ sub showAddressList { push(@cols, $blacklistcount); push(@cols, "$icons{OPTION}{IMAGE}$blacklists{$b}{TYPE}" ); push(@cols, "$icons{DESCRIPTION}{IMAGE}$blacklists{$b}{DESCRIPTION}"); - push(@cols, "".($fw->GetOption("drop_$b") eq 'on' ? "1" : '0')."" ); + my $href = &ui_link("edit_options.cgi","".($fw->GetOption("drop_$b") eq 'on' ? "1" : '0').""); + push(@cols, $href ); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } for my $k ($fw->GetAddressListList()) { @@ -111,7 +112,7 @@ sub showAddressList { push(@cols, $listcount); push(@cols, "$icons{OPTION}{IMAGE}$addresslist{'TYPE'}" ); push(@cols, "".($addresslist{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$addresslist{'DESCRIPTION'}" : ' ')."" ); - my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + $href = &ui_link("list_itemreferences.cgi?item=$k",$count); push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } @@ -152,7 +153,7 @@ sub showZone { } push(@cols, "".($zone{'IF'} ne '' ? "$icons{INTERFACE}{IMAGE}$zone{'IF'}" : ' ')."" ); push(@cols, "".($zone{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$zone{'DESCRIPTION'}" : ' ')."" ); - my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + $href = &ui_link("list_itemreferences.cgi?item=$k",$count); push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } @@ -195,7 +196,7 @@ sub showHost { push(@cols, "".($host{'MAC'} ne '' ? "$icons{ADDRESS}{IMAGE}$host{'MAC'}" : ' ')."" ); push(@cols, "$icons{ZONE}{IMAGE}$host{'ZONE'}" ); push(@cols, "".($host{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$host{'DESCRIPTION'}" : ' ')."" ); - my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + $href = &ui_link("list_itemreferences.cgi?item=$k",$count); push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } @@ -239,7 +240,7 @@ sub showNet { push(@cols, "$icons{NETMASK}{IMAGE}$net{'NETMASK'}" ); push(@cols, "$icons{ZONE}{IMAGE}$net{'ZONE'}" ); push(@cols, "".($net{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$net{'DESCRIPTION'}" : ' ')."" ); - my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + $href = &ui_link("list_itemreferences.cgi?item=$k",$count); push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } @@ -280,7 +281,7 @@ sub showGeoip { push(@cols, "$icons{COUNTRYCODE}{IMAGE}$geoip{'IP'} - $g{'DESCRIPTION'}" ); push(@cols, "$icons{ZONE}{IMAGE}$geoip{'ZONE'}" ); push(@cols, "".($geoip{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$geoip{'DESCRIPTION'}" : ' ')."" ); - my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + $href = &ui_link("list_itemreferences.cgi?item=$k",$count); push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } @@ -320,7 +321,7 @@ sub showIPSet { push(@cols, "$icons{ADDRESS}{IMAGE}$ipset{'IP'}" ); push(@cols, "$icons{ZONE}{IMAGE}$ipset{'ZONE'}" ); push(@cols, "".($ipset{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$ipset{'DESCRIPTION'}" : ' ')."" ); - my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + $href = &ui_link("list_itemreferences.cgi?item=$k",$count); push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } @@ -363,7 +364,7 @@ sub showGroup { } push(@cols, $grouplist ); push(@cols, "".($group{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$group{'DESCRIPTION'}" : ' ')."" ); - my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + $href = &ui_link("list_itemreferences.cgi?item=$k",$count); push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } @@ -404,7 +405,7 @@ sub showHostNameSet { } push(@cols, $hostnamesetlist ); push(@cols, "".($hostnameset{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$hostnameset{'DESCRIPTION'}" : ' ')."" ); - my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + $href = &ui_link("list_itemreferences.cgi?item=$k",$count); push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } @@ -446,7 +447,7 @@ sub showRiskSet { } push(@cols, $risksetlist ); push(@cols, "".($riskset{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$riskset{'DESCRIPTION'}" : ' ')."" ); - my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + $href = &ui_link("list_itemreferences.cgi?item=$k",$count); push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } @@ -483,7 +484,7 @@ sub showRateLimit { push(@cols, "$icons{RATELIMIT}{IMAGE}$href" ); push(@cols, "$icons{RATE}{IMAGE}$ratelimit{'RATE'} Mbps" ); push(@cols, "".($ratelimit{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$ratelimit{'DESCRIPTION'}" : ' ')."" ); - my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + $href = &ui_link("list_itemreferences.cgi?item=$k",$count); push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } @@ -526,7 +527,7 @@ sub showTime { push(@cols, "$icons{TIMESTART}{IMAGE}$time{'TIMESTART'}" ); push(@cols, "$icons{TIMESTOP}{IMAGE}$time{'TIMESTOP'}" ); push(@cols, "".($time{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$time{'DESCRIPTION'}" : ' ')."" ); - my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + $href = &ui_link("list_itemreferences.cgi?item=$k",$count); push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } @@ -567,7 +568,7 @@ sub showTimeGroup { } push(@cols, $timegrouplist ); push(@cols, "".($timegroup{'DESCRIPTION'} ne '' ? "$icons{DESCRIPTION}{IMAGE}$timegroup{'DESCRIPTION'}" : ' ')."" ); - my $href = &ui_link("list_itemreferences.cgi?item=$k",$count); + $href = &ui_link("list_itemreferences.cgi?item=$k",$count); push(@cols, $href); print &ui_checked_columns_row(\@cols, \@tds, "d", $k); } From 1107492cc651dd82c4200609ca90e9b57c26141a Mon Sep 17 00:00:00 2001 From: netcons Date: Tue, 5 Nov 2024 05:17:41 +0200 Subject: [PATCH 026/113] Add type icons to flow reports. --- src/turtlefirewall/list_flowstat.cgi | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/turtlefirewall/list_flowstat.cgi b/src/turtlefirewall/list_flowstat.cgi index b10c121..92b187c 100644 --- a/src/turtlefirewall/list_flowstat.cgi +++ b/src/turtlefirewall/list_flowstat.cgi @@ -21,6 +21,14 @@ my $max = $in{'max'}; my $top = $in{'top'}; my $string = $in{'string'}; +my $icon = ''; +if( $type eq "source" ) { $icon = $icons{SRC}{IMAGE}; } +if( $type eq "destination" ) { $icon = $icons{DST}{IMAGE}; } +if( $type eq 'dport' ) { $icon = $icons{SERVICE}{IMAGE}; } +if( $type eq 'protocol' ) { $icon = $icons{NDPISERVICE}{IMAGE}; } +if( $type eq 'hostname' ) { $icon = $icons{HOSTNAME}{IMAGE}; } +if( $type eq 'risk' ) { $icon = $icons{RISK}{IMAGE}; } + if( $type eq 'risk' ) { &LoadNdpiRisks($fw); } my $flowtotal = 0; @@ -201,7 +209,7 @@ sub showstats { $item = join(",", @risk_list); } - push(@cols, "$item"); + push(@cols, "$icon$item"); push(@cols, "${graph}${greygraph}"); From c8ff9a3754d1af1d13a06207a8c1398b7a3ce28a Mon Sep 17 00:00:00 2001 From: netcons Date: Tue, 5 Nov 2024 13:25:52 +0200 Subject: [PATCH 027/113] Rework flow reports. --- src/turtlefirewall/list_flowstat.cgi | 26 ++++++++---------------- src/turtlefirewall/turtlefirewall-lib.pl | 12 +++++------ 2 files changed, 14 insertions(+), 24 deletions(-) diff --git a/src/turtlefirewall/list_flowstat.cgi b/src/turtlefirewall/list_flowstat.cgi index 92b187c..b8544e7 100644 --- a/src/turtlefirewall/list_flowstat.cgi +++ b/src/turtlefirewall/list_flowstat.cgi @@ -21,26 +21,15 @@ my $max = $in{'max'}; my $top = $in{'top'}; my $string = $in{'string'}; -my $icon = ''; -if( $type eq "source" ) { $icon = $icons{SRC}{IMAGE}; } -if( $type eq "destination" ) { $icon = $icons{DST}{IMAGE}; } -if( $type eq 'dport' ) { $icon = $icons{SERVICE}{IMAGE}; } -if( $type eq 'protocol' ) { $icon = $icons{NDPISERVICE}{IMAGE}; } -if( $type eq 'hostname' ) { $icon = $icons{HOSTNAME}{IMAGE}; } -if( $type eq 'risk' ) { $icon = $icons{RISK}{IMAGE}; } - if( $type eq 'risk' ) { &LoadNdpiRisks($fw); } my $flowtotal = 0; my %type_list = (); my @flows = &getflows($log); -my $index = $flowreports{$type}{INDEX}; - -my @stats = &getstats($index,\%type_list,\@flows); +my @stats = &getstats($flowreports{$type}{LOGIDX},\%type_list,\@flows); -$type_name = "flowstat_type_${type}"; -&showstats($type_name,@stats); +&showstats($flowreports{$type}{TXTIDX},$flowreports{$type}{ICOIDX},@stats); &ui_print_footer("edit_flowstat.cgi",'flow statistics'); @@ -143,7 +132,7 @@ sub getflows { sub getstats { - my $index = shift; + my $logindex = shift; my ($type_list,$flows) = @_; my @stats = (); @@ -151,7 +140,7 @@ sub getstats { # Sum bytes per Type foreach my $f (@{$flows}) { foreach $t (sort keys %{$type_list}) { - if( $f->[$index] eq $t ) { $type_list{$t} = ($type_list{$t} + $f->[8] + $f->[9]); } + if( $f->[$logindex] eq $t ) { $type_list{$t} = ($type_list{$t} + $f->[8] + $f->[9]); } } } @@ -167,7 +156,8 @@ sub getstats { sub showstats { - my $type_name = shift; + my $txtindex = shift; + my $icoindex = shift; my @stats = @_; my $graphwidth = 300; @@ -183,7 +173,7 @@ sub showstats { @tds = ( "style=white-space:nowrap", "width=$graphwidth", "", "width=1% style=text-align:right;white-space:nowrap" ); - print &ui_columns_start([ "$text{$type_name}", "$text{'flowstat_percent'}", "", "$text{'flowstat_traffic'}" ], 100, 0, \@tds); + print &ui_columns_start([ "$text{$txtindex}", "$text{'flowstat_percent'}", "", "$text{'flowstat_traffic'}" ], 100, 0, \@tds); foreach my $l (@stats) { local @cols; @@ -209,7 +199,7 @@ sub showstats { $item = join(",", @risk_list); } - push(@cols, "$icon$item"); + push(@cols, "$icons{$icoindex}{IMAGE}$item"); push(@cols, "${graph}${greygraph}"); diff --git a/src/turtlefirewall/turtlefirewall-lib.pl b/src/turtlefirewall/turtlefirewall-lib.pl index c756f34..f88316b 100644 --- a/src/turtlefirewall/turtlefirewall-lib.pl +++ b/src/turtlefirewall/turtlefirewall-lib.pl @@ -80,12 +80,12 @@ sub confdir { } %flowreports = ( - 'source' => { INDEX => '4' }, - 'destination' => { INDEX => '6' }, - 'dport' => { INDEX => '7' }, - 'protocol' => { INDEX => '16' }, - 'hostname' => { INDEX => '17' }, - 'risk' => { INDEX => '22' } + 'source' => { LOGIDX => '4', ICOIDX => 'SRC', TXTIDX => 'flowstat_type_source' }, + 'destination' => { LOGIDX => '6', ICOIDX => 'DST', TXTIDX => 'flowstat_type_destination' }, + 'dport' => { LOGIDX => '7', ICOIDX => 'SERVICE', TXTIDX => 'flowstat_type_dport' }, + 'protocol' => { LOGIDX => '16', ICOIDX => 'NDPISERVICE', TXTIDX => 'flowstat_type_protocol' }, + 'hostname' => { LOGIDX => '17', ICOIDX => 'HOSTNAME', TXTIDX => 'flowstat_type_hostname' }, + 'risk' => { LOGIDX => '22', ICOIDX => 'RISK', TXTIDX => 'flowstat_type_risk' } ); %blacklists = ( From 1faf1dd055ca19ef9237852945afa23d41dc9289 Mon Sep 17 00:00:00 2001 From: netcons Date: Tue, 5 Nov 2024 13:55:45 +0200 Subject: [PATCH 028/113] Standardize flow report icons. --- src/turtlefirewall/edit_flowstat.cgi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/turtlefirewall/edit_flowstat.cgi b/src/turtlefirewall/edit_flowstat.cgi index 88832ba..c8ab92c 100644 --- a/src/turtlefirewall/edit_flowstat.cgi +++ b/src/turtlefirewall/edit_flowstat.cgi @@ -42,9 +42,9 @@ sub reportFlowStat { print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; $col = &ui_select("log", $log, \@logs); - print &ui_columns_row([ "$icons{ITEM}{IMAGE}$text{'edit_flowstat_log'}", $col ], \@tds); + print &ui_columns_row([ "$icons{LOG}{IMAGE}$text{'edit_flowstat_log'}", $col ], \@tds); $col = &ui_select("type", $type, \@types); - print &ui_columns_row([ "$icons{NDPISERVICE}{IMAGE}$text{'edit_flowstat_type'}", $col ], \@tds); + print &ui_columns_row([ "$icons{OPTION}{IMAGE}$text{'edit_flowstat_type'}", $col ], \@tds); $col = &ui_select("max", $max, \@maxs); $col .= "$text{flowstat_max_help}"; print &ui_columns_row([ "$icons{RATELIMIT}{IMAGE}$text{'edit_flowstat_max'}", $col ], \@tds); From 2656e8c90937570711daf5f844d5c1a707c43cb3 Mon Sep 17 00:00:00 2001 From: netcons Date: Wed, 6 Nov 2024 16:42:46 +0200 Subject: [PATCH 029/113] Update list_flowstat.cgi --- src/turtlefirewall/list_flowstat.cgi | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/turtlefirewall/list_flowstat.cgi b/src/turtlefirewall/list_flowstat.cgi index b8544e7..90e2b18 100644 --- a/src/turtlefirewall/list_flowstat.cgi +++ b/src/turtlefirewall/list_flowstat.cgi @@ -24,10 +24,9 @@ my $string = $in{'string'}; if( $type eq 'risk' ) { &LoadNdpiRisks($fw); } my $flowtotal = 0; -my %type_list = (); -my @flows = &getflows($log); +my ($type_list, @flows) = &getflows($log); -my @stats = &getstats($flowreports{$type}{LOGIDX},\%type_list,\@flows); +my @stats = &getstats($flowreports{$type}{LOGIDX},$type_list,\@flows); &showstats($flowreports{$type}{TXTIDX},$flowreports{$type}{ICOIDX},@stats); @@ -38,6 +37,7 @@ my @stats = &getstats($flowreports{$type}{LOGIDX},\%type_list,\@flows); sub getflows { my $log = shift; + my %type_list = (); my @last_log_lines = (); @@ -127,7 +127,7 @@ sub getflows { $connmark, $srcnat, $dstnat, $protocol, $hostname, $ja4c, $ja3c, $tlsfp, $tlsv, $risk]; } - return @flows; + return (\%type_list, @flows); } sub getstats { From ed6f2061d6ccbda371796ddcffb4c8883eed2248 Mon Sep 17 00:00:00 2001 From: netcons Date: Thu, 7 Nov 2024 08:18:36 +0200 Subject: [PATCH 030/113] Update list_flowstat.cgi --- src/turtlefirewall/list_flowstat.cgi | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/turtlefirewall/list_flowstat.cgi b/src/turtlefirewall/list_flowstat.cgi index 90e2b18..691e3a9 100644 --- a/src/turtlefirewall/list_flowstat.cgi +++ b/src/turtlefirewall/list_flowstat.cgi @@ -24,9 +24,9 @@ my $string = $in{'string'}; if( $type eq 'risk' ) { &LoadNdpiRisks($fw); } my $flowtotal = 0; -my ($type_list, @flows) = &getflows($log); +my ($type_list, $flows) = &getflows($log); -my @stats = &getstats($flowreports{$type}{LOGIDX},$type_list,\@flows); +my @stats = &getstats($flowreports{$type}{LOGIDX},$type_list,$flows); &showstats($flowreports{$type}{TXTIDX},$flowreports{$type}{ICOIDX},@stats); @@ -127,7 +127,7 @@ sub getflows { $connmark, $srcnat, $dstnat, $protocol, $hostname, $ja4c, $ja3c, $tlsfp, $tlsv, $risk]; } - return (\%type_list, @flows); + return (\%type_list, \@flows); } sub getstats { From 33f0125c45d0107c6d9f0c2023e91ae64507c5e7 Mon Sep 17 00:00:00 2001 From: netcons Date: Thu, 7 Nov 2024 08:32:48 +0200 Subject: [PATCH 031/113] Update CHANGELOG --- CHANGELOG | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 133015a..30f72c9 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -235,11 +235,13 @@ CHANGELOG - Theme : Update edit forms to use ui standard. - Theme : Standardize Webmin images. 22-08-2024 v.2.4 - - OS : Discontinue el7 and el8 RPM packaging. - - OS : Move old fw.xml format fixes, from RPM spec to fixconfig.sh. - - OS : Restore setup.cgi for wbm install. + - OS : Old fw.xml format fixes in fixconfig.sh. + - OS : Restore setup.cgi for WBM install. - OS : Support for Debian 12 syslog date format. - OS : Standardize shebang. + - Bug : Fixed ApplyRule risk variable not initialised. + - Bug : Fixed GeoIP include for Masquerade and Redirect. + - Bug : Include reserved name check on item rename. - Services : Removed depreciated smtps TCP port 465 service. - Services : Added DNS over TLS TCP port 853 service. - Feature : nDPI 4.9.11 support. From 98f96a127b36a0b546b84bfd392f8fdbcff51e4e Mon Sep 17 00:00:00 2001 From: netcons Date: Tue, 12 Nov 2024 15:02:57 +0200 Subject: [PATCH 032/113] Extend nDPI support. --- src/turtlefirewall/setup/fwndpiprotocols.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/turtlefirewall/setup/fwndpiprotocols.xml b/src/turtlefirewall/setup/fwndpiprotocols.xml index 100dabb..948f78a 100644 --- a/src/turtlefirewall/setup/fwndpiprotocols.xml +++ b/src/turtlefirewall/setup/fwndpiprotocols.xml @@ -233,6 +233,7 @@ + @@ -259,6 +260,7 @@ + From c287d8952bfba3c37d0cfda234cb6423a06bcc0d Mon Sep 17 00:00:00 2001 From: netcons Date: Thu, 21 Nov 2024 13:51:04 +0200 Subject: [PATCH 033/113] Update INSTALL.md for latest xtables-addons. --- INSTALL.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 4db3882..794401c 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -101,18 +101,18 @@ make all install Download source. ``` cd /usr/src -wget https://inai.de/files/xtables-addons/xtables-addons-3.26.tar.xz -O xtables-addons-3.26.tar.xz -tar -xvf xtables-addons-3.26.tar.xz -rm -rf xtables-addons-3.26.tar.xz -cd xtables-addons-3.26 +wget https://inai.de/files/xtables-addons/xtables-addons-3.27.tar.xz -O xtables-addons-3.27.tar.xz +tar -xvf xtables-addons-3.27.tar.xz +rm -rf xtables-addons-3.27.tar.xz +cd xtables-addons-3.27 ``` Install module. ``` cp /tmp/turtlefirewall-master/dkms/dkms-xtables-addons.conf ./dkms.conf -dkms add -m xtables-addons -v 3.26 -dkms build -m xtables-addons -v 3.26 -dkms install -m xtables-addons -v 3.26 +dkms add -m xtables-addons -v 3.27 +dkms build -m xtables-addons -v 3.27 +dkms install -m xtables-addons -v 3.27 ``` Install library. From cec6cd67b210e4e2bf173d94d4d04c1709200fc3 Mon Sep 17 00:00:00 2001 From: netcons Date: Fri, 22 Nov 2024 14:34:57 +0200 Subject: [PATCH 034/113] Update README.md --- README.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ab41dad..32fa6d0 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ ## Turtle Firewall 2 Turtle Firewall allows you to configure a Linux firewall in a simple and fast way. -It's based on Netfilter iptables. Its operation is easy to understand: you can define the different firewall elements (zones, hosts, networks, geoip) and then set the services (port, dpi) you want to control (allow, deny, ratelimit, log) among the different elements or groups of elements. +It's based on Netfilter iptables. Its operation is easy to understand: you can define the different firewall elements (zones, hosts, networks, geoip, ipset) and then set the services (port, dpi) you want to control (allow, deny, ratelimit, log) among the different elements or groups of elements. You can do this by simply editing a XML file or using the web interface [Webmin](http://www.webmin.com/). Turtle Firewall is an Open Source project written using the perl language and realeased under GPL version 2.0 by Andrea Frigido (Frisoft). @@ -20,6 +20,9 @@ Turtle Firewall is an Open Source project written using the perl language and re - Flow Statistics. - Connection Marking. - Connection Tracking. +- Item References. +- CIDR Networks. +- IP Sets. ## Requirements @@ -31,7 +34,8 @@ Turtle Firewall is an Open Source project written using the perl language and re nf_tables,
nf_conntrack,
xt_connmark,
-xt_time.
+xt_time,
+xt_set.
- Extra Netfilter kernel modules :
xt_ndpi, ( https://github.com/vel21ripn/nDPI )
xt_geoip, ( https://codeberg.org/jengelh/xtables-addons )
From 9f9f105987c6c779133c9157ff2cdd42a6a94596 Mon Sep 17 00:00:00 2001 From: netcons Date: Wed, 27 Nov 2024 12:59:37 +0200 Subject: [PATCH 035/113] Feature : Make rule order configurable. --- CHANGELOG | 1 + src/turtlefirewall/edit_connmark.cgi | 16 ++-- src/turtlefirewall/edit_connmarkpreroute.cgi | 16 ++-- src/turtlefirewall/edit_conntrack.cgi | 16 ++-- src/turtlefirewall/edit_conntrackpreroute.cgi | 16 ++-- src/turtlefirewall/edit_masquerade.cgi | 16 ++-- src/turtlefirewall/edit_nat.cgi | 16 ++-- src/turtlefirewall/edit_redirect.cgi | 16 ++-- src/turtlefirewall/edit_rule.cgi | 16 ++-- src/turtlefirewall/list_manglerules.cgi | 20 ----- src/turtlefirewall/list_nat.cgi | 80 +++++++++++-------- src/turtlefirewall/list_rawrules.cgi | 20 ----- src/turtlefirewall/list_rules.cgi | 19 ----- src/turtlefirewall/save_connmark.cgi | 2 + src/turtlefirewall/save_connmarkpreroute.cgi | 2 + src/turtlefirewall/save_conntrack.cgi | 2 + src/turtlefirewall/save_conntrackpreroute.cgi | 2 + src/turtlefirewall/save_masquerade.cgi | 2 + src/turtlefirewall/save_nat.cgi | 2 + src/turtlefirewall/save_redirect.cgi | 2 + src/turtlefirewall/save_rule.cgi | 2 + src/turtlefirewall/setup/TurtleFirewall.pm | 21 +++++ 22 files changed, 171 insertions(+), 134 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 30f72c9..d27884e 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -248,5 +248,6 @@ CHANGELOG - Feature : Add ipset support. - Feature : Add prefix support for net items. - Feature : Add item reference lookup support. + - Feature : Make rule order configurable. - Todo : Translate new features - Todo : Fix backup.cgi restore upload. diff --git a/src/turtlefirewall/edit_connmark.cgi b/src/turtlefirewall/edit_connmark.cgi index 579b834..e14c477 100644 --- a/src/turtlefirewall/edit_connmark.cgi +++ b/src/turtlefirewall/edit_connmark.cgi @@ -11,11 +11,15 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); +my $nConnmarks = $fw->GetConnmarksCount(); + $new = $in{'new'}; if( $new ) { $heading = "$icons{CREATE}{IMAGE}$text{'edit_connmark_title_create'}"; - $idx = ''; + $nConnmarks++; + $idx = $nConnmarks; + $newIdx = ''; $src = ''; $dst = ''; $service = ''; @@ -30,6 +34,7 @@ if( $new ) { } else { $heading = "$icons{EDIT}{IMAGE}$text{'edit_connmark_title_edit'}"; $idx = $in{'idx'}; + $newIdx = ''; %rule = $fw->GetConnmark($idx); $src = $rule{'SRC'}; $dst = $rule{'DST'}; @@ -45,6 +50,9 @@ if( $new ) { } &ui_print_header( $heading, $text{'title'}, "" ); +my @idxs = (); +for( my $i=1; $i<=$nConnmarks; $i++ ) { push @idxs, $i; } + my @selected_src = split(/,/, $src); my @selected_dst = split(/,/, $dst); my @items = ('*'); @@ -75,10 +83,8 @@ print &ui_hidden("idx", $idx); my @tds = ( "width=20%", "width=80%" ); print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; -if( !$new ) { - $col = "$idx"; - print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); -} +$col = &ui_select("newIdx", $idx, \@idxs, 1); +print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); $col = &ui_select("src", \@selected_src, \@items, 5, 1); print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'rule_src'}", $col ], \@tds); $col = &ui_select("dst", \@selected_dst, \@items, 5, 1); diff --git a/src/turtlefirewall/edit_connmarkpreroute.cgi b/src/turtlefirewall/edit_connmarkpreroute.cgi index f17cf46..671ae2b 100644 --- a/src/turtlefirewall/edit_connmarkpreroute.cgi +++ b/src/turtlefirewall/edit_connmarkpreroute.cgi @@ -11,11 +11,15 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); +my $nConnmarkPreroutes = $fw->GetConnmarkPreroutesCount(); + $new = $in{'new'}; if( $new ) { $heading = "$icons{CREATE}{IMAGE}$text{'edit_connmarkpreroute_title_create'}"; - $idx = ''; + $nConnmarkPreroutes++; + $idx = $nConnmarkPreroutes; + $newIdx = ''; $src = ''; $dst = ''; $service = ''; @@ -30,6 +34,7 @@ if( $new ) { } else { $heading = "$icons{EDIT}{IMAGE}$text{'edit_connmarkpreroute_title_edit'}"; $idx = $in{'idx'}; + $newIdx = ''; %rule = $fw->GetConnmarkPreroute($idx); $src = $rule{'SRC'}; $dst = $rule{'DST'}; @@ -45,6 +50,9 @@ if( $new ) { } &ui_print_header( $heading, $text{'title'}, "" ); +my @idxs = (); +for( my $i=1; $i<=$nConnmarkPreroutes; $i++ ) { push @idxs, $i; } + my @items_src = (); push @items_src, grep(!/FIREWALL/, $fw->GetZoneList()); push @items_src, $fw->GetGeoipList(); @@ -79,10 +87,8 @@ print &ui_hidden("idx", $idx); my @tds = ( "width=20%", "width=80%" ); print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; -if( !$new ) { - $col = "$idx"; - print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); -} +$col = &ui_select("newIdx", $idx, \@idxs, 1); +print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); $col = &ui_select("src", $src, \@items_src); print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'rule_src'}", $col ], \@tds); $col = &ui_select("dst", $dst, \@items_dst); diff --git a/src/turtlefirewall/edit_conntrack.cgi b/src/turtlefirewall/edit_conntrack.cgi index aa507c9..bb0d69a 100644 --- a/src/turtlefirewall/edit_conntrack.cgi +++ b/src/turtlefirewall/edit_conntrack.cgi @@ -11,11 +11,15 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); +my $nConntracks = $fw->GetConntracksCount(); + $new = $in{'new'}; if( $new ) { $heading = "$icons{CREATE}{IMAGE}$text{'edit_conntrack_title_create'}"; - $idx = ''; + $nConntracks++; + $idx = $nConntracks; + $newIdx = ''; $src = 'FIREWALL'; $dst = ''; $service = ''; @@ -25,6 +29,7 @@ if( $new ) { } else { $heading = "$icons{EDIT}{IMAGE}$text{'edit_conntrack_title_edit'}"; $idx = $in{'idx'}; + $newIdx = ''; %rule = $fw->GetConntrack($idx); $src = $rule{'SRC'}; $dst = $rule{'DST'}; @@ -35,6 +40,9 @@ if( $new ) { } &ui_print_header( $heading, $text{'title'}, "" ); +my @idxs = (); +for( my $i=1; $i<=$nConntracks; $i++ ) { push @idxs, $i; } + my @items_dst = ('*'); push @items_dst, grep(!/FIREWALL/, $fw->GetZoneList()); push @items_dst, $fw->GetGeoipList(); @@ -54,10 +62,8 @@ print &ui_hidden("idx", $idx); my @tds = ( "width=20%", "width=80%" ); print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; -if( !$new ) { - $col = "$idx"; - print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); -} +$col = &ui_select("newIdx", $idx, \@idxs, 1); +print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); $col = "$src"; $col .= &ui_hidden("src", $src); print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'rule_src'}", $col ], \@tds); diff --git a/src/turtlefirewall/edit_conntrackpreroute.cgi b/src/turtlefirewall/edit_conntrackpreroute.cgi index 9d0b94d..3f8e06b 100644 --- a/src/turtlefirewall/edit_conntrackpreroute.cgi +++ b/src/turtlefirewall/edit_conntrackpreroute.cgi @@ -11,11 +11,15 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); +my $nConntrackPreroutes = $fw->GetConntrackPreroutesCount(); + $new = $in{'new'}; if( $new ) { $heading = "$icons{CREATE}{IMAGE}$text{'edit_conntrackpreroute_title_create'}"; - $idx = ''; + $nConntrackPreroutes++; + $idx = $nConntrackPreroutes; + $newIdx = ''; $src = ''; $dst = ''; $service = ''; @@ -25,6 +29,7 @@ if( $new ) { } else { $heading = "$icons{EDIT}{IMAGE}$text{'edit_conntrackpreroute_title_edit'}"; $idx = $in{'idx'}; + $newIdx = ''; %rule = $fw->GetConntrackPreroute($idx); $src = $rule{'SRC'}; $dst = $rule{'DST'}; @@ -35,6 +40,9 @@ if( $new ) { } &ui_print_header( $heading, $text{'title'}, "" ); +my @idxs = (); +for( my $i=1; $i<=$nConntrackPreroutes; $i++ ) { push @idxs, $i; } + my @items_src = ('*'); push @items_src, grep(!/FIREWALL/, $fw->GetZoneList()); push @items_src, $fw->GetGeoipList(); @@ -61,10 +69,8 @@ print &ui_hidden("idx", $idx); my @tds = ( "width=20%", "width=80%" ); print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; -if( !$new ) { - $col = "$idx"; - print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); -} +$col = &ui_select("newIdx", $idx, \@idxs, 1); +print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); $col = &ui_select("src", $src, \@items_src); print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'rule_src'}", $col ], \@tds); $col = &ui_select("dst", $dst, \@items_dst); diff --git a/src/turtlefirewall/edit_masquerade.cgi b/src/turtlefirewall/edit_masquerade.cgi index 02c255c..b611966 100644 --- a/src/turtlefirewall/edit_masquerade.cgi +++ b/src/turtlefirewall/edit_masquerade.cgi @@ -11,11 +11,15 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); +my $nMasq = $fw->GetMasqueradesCount(); + $new = $in{'new'}; if( $new ) { $heading = "$icons{CREATE}{IMAGE}$text{'edit_masq_title_create'}"; - $idx = ''; + $nMasq++; + $idx = $nMasq; + $newIdx = ''; $src = ''; $dst = ''; $service = ''; @@ -25,6 +29,7 @@ if( $new ) { } else { $heading = "$icons{EDIT}{IMAGE}$text{'edit_masq_title_edit'}"; $idx = $in{'idx'}; + $newIdx = ''; %masq = $fw->GetMasquerade($idx); $src = $masq{'SRC'}; $dst = $masq{'DST'}; @@ -35,6 +40,9 @@ if( $new ) { } &ui_print_header( $heading, $text{'title'}, "" ); +my @idxs = (); +for( my $i=1; $i<=$nMasq; $i++ ) { push @idxs, $i; } + my @items_src = ('*'); push @items_src, grep(!/FIREWALL/, $fw->GetZoneList()); push @items_src, $fw->GetNetList(); @@ -59,10 +67,8 @@ print &ui_hidden("idx", $idx); my @tds = ( "width=20%", "width=80%" ); print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; -if( !$new ) { - $col = "$idx"; - print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); -} +$col = &ui_select("newIdx", $idx, \@idxs, 1); +print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); $col = &ui_select("src", $src, \@items_src); print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'masq_src'}", $col ], \@tds); $col = &ui_select("dst", $dst, \@items_dst); diff --git a/src/turtlefirewall/edit_nat.cgi b/src/turtlefirewall/edit_nat.cgi index 83fdb3b..197133c 100644 --- a/src/turtlefirewall/edit_nat.cgi +++ b/src/turtlefirewall/edit_nat.cgi @@ -11,11 +11,15 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); +$nNat = $fw->GetNatsCount(); + $new = $in{'new'}; if( $new ) { $heading = "$icons{CREATE}{IMAGE}$text{'edit_nat_title_create'}"; - $idx = ''; + $nNat++; + $idx = $nNat; + $newIdx = ''; $virtual = ''; $real = ''; $service = ''; @@ -25,6 +29,7 @@ if( $new ) { } else { $heading = "$icons{EDIT}{IMAGE}$text{'edit_nat_title_edit'}"; $idx = $in{'idx'}; + $newIdx = ''; %nat = $fw->GetNat($idx); $virtual = $nat{'VIRTUAL'}; $real = $nat{'REAL'}; @@ -35,6 +40,9 @@ if( $new ) { } &ui_print_header( $heading, $text{'title'}, "" ); +my @idxs = (); +for( my $i=1; $i<=$nNat; $i++ ) { push @idxs, $i; } + my @items_virtual = (); my @virtuals = (); push @virtuals, grep(!/FIREWALL/, $fw->GetZoneList()); @@ -59,10 +67,8 @@ print &ui_hidden("idx", $idx); my @tds = ( "width=20%", "width=80%" ); print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; -if( !$new ) { - $col = "$idx"; - print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); -} +$col = &ui_select("newIdx", $idx, \@idxs, 1); +print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); $col = &ui_select("virtual", $virtual, \@items_virtual); print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'virtual_host'}", $col ], \@tds); $col = &ui_select("real", $real, \@items_real); diff --git a/src/turtlefirewall/edit_redirect.cgi b/src/turtlefirewall/edit_redirect.cgi index 4d4bbd6..6251699 100644 --- a/src/turtlefirewall/edit_redirect.cgi +++ b/src/turtlefirewall/edit_redirect.cgi @@ -11,11 +11,15 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); +my $nRedirect = $fw->GetRedirectCount(); + $new = $in{'new'}; if( $new ) { $heading = "$icons{CREATE}{IMAGE}$text{'edit_redirect_title_create'}"; - $idx = ''; + $nRedirect++; + $idx = $nRedirect; + $newIdx = ''; $src = ''; $dst = ''; $service = ''; @@ -26,6 +30,7 @@ if( $new ) { } else { $heading = "$icons{EDIT}{IMAGE}$text{'edit_redirect_title_edit'}"; $idx = $in{'idx'}; + $newIdx = ''; %redirect = $fw->GetRedirect($idx); $src = $redirect{'SRC'}; $dst = $redirect{'DST'}; @@ -37,6 +42,9 @@ if( $new ) { } &ui_print_header( $heading, $text{'title'}, "" ); +my @idxs = (); +for( my $i=1; $i<=$nRedirect; $i++ ) { push @idxs, $i; } + my @items_src = (); push @items_src, grep(!/FIREWALL/, $fw->GetZoneList()); push @items_src, $fw->GetNetList(); @@ -62,10 +70,8 @@ print &ui_hidden("idx", $idx); my @tds = ( "width=20%", "width=80%" ); print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; -if( !$new ) { - $col = "$idx"; - print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); -} +$col = &ui_select("newIdx", $idx, \@idxs, 1); +print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); $col = &ui_select("src", $src, \@items_src); print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'redirect_src'}", $col ], \@tds); $col = &ui_select("dst", $dst, \@items_dst); diff --git a/src/turtlefirewall/edit_rule.cgi b/src/turtlefirewall/edit_rule.cgi index 46f0004..89f04e3 100644 --- a/src/turtlefirewall/edit_rule.cgi +++ b/src/turtlefirewall/edit_rule.cgi @@ -11,11 +11,15 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); +my $nRules = $fw->GetRulesCount(); + $new = $in{'new'}; if( $new ) { $heading = "$icons{CREATE}{IMAGE}$text{'edit_rule_title_create'}"; - $idx = ''; + $nRules++; + $idx = $nRules; + $newIdx = ''; $src = ''; $dst = ''; $service = ''; @@ -33,6 +37,7 @@ if( $new ) { } else { $heading = "$icons{EDIT}{IMAGE}$text{'edit_rule_title_edit'}"; $idx = $in{'idx'}; + $newIdx = ''; %rule = $fw->GetRule($idx); $src = $rule{'SRC'}; $dst = $rule{'DST'}; @@ -51,6 +56,9 @@ if( $new ) { } &ui_print_header( $heading, $text{'title'}, "" ); +my @idxs = (); +for( my $i=1; $i<=$nRules; $i++ ) { push @idxs, $i; } + my @selected_src = split(/,/, $src); my @selected_dst = split(/,/, $dst); my @items = ('*'); @@ -87,10 +95,8 @@ print &ui_hidden("idx", $idx); my @tds = ( "width=20%", "width=80%" ); print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; -if( !$new ) { - $col = "$idx"; - print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); -} +$col = &ui_select("newIdx", $idx, \@idxs, 1); +print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); $col = &ui_select("src", \@selected_src, \@items, 5, 1); print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'rule_src'}", $col ], \@tds); $col = &ui_select("dst", \@selected_dst, \@items, 5, 1); diff --git a/src/turtlefirewall/list_manglerules.cgi b/src/turtlefirewall/list_manglerules.cgi index 740c746..bfe2d90 100644 --- a/src/turtlefirewall/list_manglerules.cgi +++ b/src/turtlefirewall/list_manglerules.cgi @@ -135,11 +135,6 @@ sub showConnmarkPreroute { push(@cols, "${mimage}${sb}${bb}${cb}".($attr{'MARK'} ne '' ? $attr{'MARK'} : ' ')."${ce}${be}${se}" ); local $mover; $mover .= "
'.&ui_links_row(\@links).'
"; - # if( $i < $nConnmarkPreroutes-1 ) { - # $mover .= ""; - # } else { - # $mover .= ""; - # } if( $i < $nConnmarkPreroutes ) { $mover .= ""; } - # if( $i > 2 ) { - # $mover .= ""; - # } else { - # $mover .= ""; - # } $mover .= "
V     v @@ -158,11 +153,6 @@ sub showConnmarkPreroute {    A  
"; push(@cols, $mover); print &ui_checked_columns_row(\@cols, \@tds, "d", $i); @@ -296,11 +286,6 @@ sub showConnmark { push(@cols, "${mimage}${sb}${bb}${cb}".($attr{'MARK'} ne '' ? $attr{'MARK'} : ' ')."${ce}${be}${se}" ); local $mover; $mover .= ""; - # if( $i < $nConnmarks-1 ) { - # $mover .= ""; - # } else { - # $mover .= ""; - # } if( $i < $nConnmarks ) { $mover .= ""; } - # if( $i > 2 ) { - # $mover .= ""; - # } else { - # $mover .= ""; - # } $mover .= "
V     v @@ -319,11 +304,6 @@ sub showConnmark {    A  
"; push(@cols, $mover); print &ui_checked_columns_row(\@cols, \@tds, "d", $i); diff --git a/src/turtlefirewall/list_nat.cgi b/src/turtlefirewall/list_nat.cgi index e79e879..6f3a63e 100644 --- a/src/turtlefirewall/list_nat.cgi +++ b/src/turtlefirewall/list_nat.cgi @@ -54,19 +54,22 @@ sub showNat { $nNat = $fw->GetNatsCount(); + my $idx = $in{idx}; if( $in{table} eq 'nat' ) { - my $idx = $in{idx}; - if( $in{down} ne '' && $idx > 0 && $idx < $nNat ) { - my %appo = $fw->GetNat($idx+1); - $fw->AddNatAttr($idx+1, $fw->GetNat($idx)); - $fw->AddNatAttr($idx, %appo); - } - if( $in{up} ne '' && $idx > 1 && $idx <= $nNat ) { - my %appo = $fw->GetNat($idx-1); - $fw->AddNatAttr($idx-1, $fw->GetNat($idx)); - $fw->AddNatAttr($idx, %appo); + if( $in{down} > 0 || $in{up} > 0 ) { + my $newIdx = $idx; + if( $in{down} > 0 && $idx > 0 && $idx < $nNat ) { + $newIdx = $idx + $in{down}; + if( $newIdx > $nNat ) { $newIdx = $nNat; } + } + if( $in{up} > 0 && $idx > 1 && $idx <= $nNat ) { + $newIdx = $idx - $in{up}; + if( $newIdx < 1 ) { $newIdx = 1; } + } + $fw->MoveNat( $idx, $newIdx ); + $fw->SaveFirewall(); + $idx=$newIdx; } - $fw->SaveFirewall(); } for( my $i=1; $i<=$nNat; $i++ ) { @@ -160,21 +163,24 @@ sub showMasquerade { my $nMasq = $fw->GetMasqueradesCount(); + my $idx = $in{idx}; if( $in{table} eq 'masquerade' ) { - my $idx = $in{idx}; - if( $in{down} ne '' && $idx > 0 && $idx < $nMasq ) { - my %appo = $fw->GetMasquerade($idx+1); - $fw->AddMasqueradeAttr($idx+1, $fw->GetMasquerade($idx)); - $fw->AddMasqueradeAttr($idx, %appo); - } - if( $in{up} ne '' && $idx > 1 && $idx <= $nMasq ) { - my %appo = $fw->GetMasquerade($idx-1); - $fw->AddMasqueradeAttr($idx-1, $fw->GetMasquerade($idx)); - $fw->AddMasqueradeAttr($idx, %appo); + if( $in{down} > 0 || $in{up} > 0 ) { + my $newIdx = $idx; + if( $in{down} > 0 && $idx > 0 && $idx < $nMasq ) { + $newIdx = $idx + $in{down}; + if( $newIdx > $nMasq ) { $newIdx = $nMasq; } + } + if( $in{up} > 0 && $idx > 1 && $idx <= $nMasq ) { + $newIdx = $idx - $in{up}; + if( $newIdx < 1 ) { $newIdx = 1; } + } + $fw->MoveMasquerade( $idx, $newIdx ); + $fw->SaveFirewall(); + $idx=$newIdx; } - $fw->SaveFirewall(); - } - + } + for( my $i=1; $i<=$nMasq; $i++ ) { my %attr = $fw->GetMasquerade( $i ); local @cols; @@ -269,19 +275,23 @@ sub showRedirect { "$text{'redirect_move'}" ], 100, 0, \@tds); my $nRedirect = $fw->GetRedirectCount(); + + my $idx = $in{idx}; if( $in{table} eq 'redirect' ) { - my $idx = $in{idx}; - if( $in{down} ne '' && $idx > 0 && $idx < $nRedirect ) { - my %appo = $fw->GetRedirect($idx+1); - $fw->AddRedirectAttr($idx+1, $fw->GetRedirect($idx)); - $fw->AddRedirectAttr($idx, %appo); - } - if( $in{up} ne '' && $idx > 1 && $idx <= $nRedirect ) { - my %appo = $fw->GetRedirect($idx-1); - $fw->AddRedirectAttr($idx-1, $fw->GetRedirect($idx)); - $fw->AddRedirectAttr($idx, %appo); + if( $in{down} > 0 || $in{up} > 0 ) { + my $newIdx = $idx; + if( $in{down} > 0 && $idx > 0 && $idx < $nRedirect ) { + $newIdx = $idx + $in{down}; + if( $newIdx > $nRedirect ) { $newIdx = $nRedirect; } + } + if( $in{up} > 0 && $idx > 1 && $idx <= $nRedirect ) { + $newIdx = $idx - $in{up}; + if( $newIdx < 1 ) { $newIdx = 1; } + } + $fw->MoveRedirect( $idx, $newIdx ); + $fw->SaveFirewall(); + $idx=$newIdx; } - $fw->SaveFirewall(); } for( my $i=1; $i<=$nRedirect; $i++ ) { diff --git a/src/turtlefirewall/list_rawrules.cgi b/src/turtlefirewall/list_rawrules.cgi index b247a0c..5a5beee 100644 --- a/src/turtlefirewall/list_rawrules.cgi +++ b/src/turtlefirewall/list_rawrules.cgi @@ -89,11 +89,6 @@ sub showConntrackPreroute { push(@cols, "${himage}${sb}${bb}${cb}".($attr{'HELPER'} ne '' ? $attr{'HELPER'} : ' ')."${ce}${be}${se}" ); local $mover; $mover .= ""; - # if( $i < $nConntrackPreroutes-1 ) { - # $mover .= ""; - # } else { - # $mover .= ""; - # } if( $i < $nConntrackPreroutes ) { $mover .= ""; } - # if( $i > 2 ) { - # $mover .= ""; - # } else { - # $mover .= ""; - # } $mover .= "
V     v @@ -112,11 +107,6 @@ sub showConntrackPreroute {    A  
"; push(@cols, $mover); print &ui_checked_columns_row(\@cols, \@tds, "d", $i); @@ -194,11 +184,6 @@ sub showConntrack { push(@cols, "${himage}${sb}${bb}${cb}".($attr{'HELPER'} ne '' ? $attr{'HELPER'} : ' ')."${ce}${be}${se}" ); local $mover; $mover .= ""; - # if( $i < $nConntracks-1 ) { - # $mover .= ""; - # } else { - # $mover .= ""; - # } if( $i < $nConntracks ) { $mover .= ""; } - # if( $i > 2 ) { - # $mover .= ""; - # } else { - # $mover .= ""; - # } $mover .= "
V     v @@ -217,11 +202,6 @@ sub showConntrack {    A  
"; push(@cols, $mover); print &ui_checked_columns_row(\@cols, \@tds, "d", $i); diff --git a/src/turtlefirewall/list_rules.cgi b/src/turtlefirewall/list_rules.cgi index 0da45ab..a562a5d 100644 --- a/src/turtlefirewall/list_rules.cgi +++ b/src/turtlefirewall/list_rules.cgi @@ -63,19 +63,10 @@ sub showRule { if( $in{down} > 0 && $idx > 0 && $idx < $nRules ) { $newIdx = $idx + $in{down}; if( $newIdx > $nRules ) { $newIdx = $nRules; } - - #my %appo = $fw->GetRule($newIdx); - #$fw->AddRuleAttr($newIdx, $fw->GetRule($idx)); - #$fw->AddRuleAttr($idx, %appo); - #$idx=$newIdx; - #$fw->SaveFirewall(); } if( $in{up} > 0 && $idx > 1 && $idx <= $nRules ) { $newIdx = $idx - $in{up}; if( $newIdx < 1 ) { $newIdx = 1; } - #my %appo = $fw->GetRule($newIdx); - #$fw->AddRuleAttr($newIdx, $fw->GetRule($idx)); - #$fw->AddRuleAttr($idx, %appo); } $fw->MoveRule( $idx, $newIdx ); $fw->SaveFirewall(); @@ -176,11 +167,6 @@ sub showRule { push(@cols, "${iimage}${sb}${bb}".($attr{'DESCRIPTION'} ne '' ? $attr{'DESCRIPTION'} : ' ')."${be}${se}" ); local $mover; $mover .= ""; - # if( $i < $nRules-1 ) { - # $mover .= ""; - # } else { - # $mover .= ""; - # } if( $i < $nRules ) { $mover .= ""; } - # if( $i > 2 ) { - # $mover .= ""; - # } else { - # $mover .= ""; - # } $mover .= "
V     v @@ -199,11 +185,6 @@ sub showRule {    A  
"; push(@cols, $mover); print &ui_checked_columns_row(\@cols, \@tds, "d", $i); diff --git a/src/turtlefirewall/save_connmark.cgi b/src/turtlefirewall/save_connmark.cgi index b72c4f7..62a3d17 100644 --- a/src/turtlefirewall/save_connmark.cgi +++ b/src/turtlefirewall/save_connmark.cgi @@ -12,6 +12,7 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); my $idx = $in{'idx'}; +my $newIdx = $in{'newIdx'}; my $src = $in{'src'}; $src =~ s/\0/,/g; my $dst = $in{'dst'}; @@ -71,5 +72,6 @@ if( $in{'delete'} ) { $fw->AddConnmark( $in{'new'} ? 0 : $idx, $src, $dst, $service, $ndpi, $category, $hostnameset, $riskset, $port, $time, $mark, $active ); } +if( $idx ne $newIdx ) { $fw->MoveConnmark( $idx, $newIdx ); } $fw->SaveFirewall(); &redirect( 'list_manglerules.cgi'.($in{'delete'} ? "?idx=$idx" : '') ); diff --git a/src/turtlefirewall/save_connmarkpreroute.cgi b/src/turtlefirewall/save_connmarkpreroute.cgi index 041d649..2fc0457 100644 --- a/src/turtlefirewall/save_connmarkpreroute.cgi +++ b/src/turtlefirewall/save_connmarkpreroute.cgi @@ -12,6 +12,7 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); my $idx = $in{'idx'}; +my $newIdx = $in{'newIdx'}; my $src = $in{'src'}; my $dst = $in{'dst'}; my ($service, $port) = &formServiceParse( $in{'servicetype'}, $in{'service2'}, $in{'service3'}, $in{'port'} ); @@ -69,5 +70,6 @@ if( $in{'delete'} ) { $fw->AddConnmarkPreroute( $in{'new'} ? 0 : $idx, $src, $dst, $service, $ndpi, $category, $hostnameset, $riskset, $port, $time, $mark, $active ); } +if( $idx ne $newIdx ) { $fw->MoveConnmarkPreroute( $idx, $newIdx ); } $fw->SaveFirewall(); &redirect( 'list_manglerules.cgi'.($in{'delete'} ? "?idx=$idx" : '') ); diff --git a/src/turtlefirewall/save_conntrack.cgi b/src/turtlefirewall/save_conntrack.cgi index d0fad90..a807cd2 100644 --- a/src/turtlefirewall/save_conntrack.cgi +++ b/src/turtlefirewall/save_conntrack.cgi @@ -12,6 +12,7 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); my $idx = $in{'idx'}; +my $newIdx = $in{'newIdx'}; my $src = $in{'src'}; my $dst = $in{'dst'}; my $service = $in{'service'}; @@ -94,5 +95,6 @@ if( $in{'delete'} ) { $fw->AddConntrack( $in{'new'} ? 0 : $idx, $src, $dst, $service, $port, $helper, $active ); } +if( $idx ne $newIdx ) { $fw->MoveConntrack( $idx, $newIdx ); } $fw->SaveFirewall(); &redirect( 'list_rawrules.cgi'.($in{'delete'} ? "?idx=$idx" : '') ); diff --git a/src/turtlefirewall/save_conntrackpreroute.cgi b/src/turtlefirewall/save_conntrackpreroute.cgi index 2183bda..7c56fbf 100644 --- a/src/turtlefirewall/save_conntrackpreroute.cgi +++ b/src/turtlefirewall/save_conntrackpreroute.cgi @@ -12,6 +12,7 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); my $idx = $in{'idx'}; +my $newIdx = $in{'newIdx'}; my $src = $in{'src'}; my $dst = $in{'dst'}; my $service = $in{'service'}; @@ -94,5 +95,6 @@ if( $in{'delete'} ) { $fw->AddConntrackPreroute( $in{'new'} ? 0 : $idx, $src, $dst, $service, $port, $helper, $active ); } +if( $idx ne $newIdx ) { $fw->MoveConntrackPreroute( $idx, $newIdx ); } $fw->SaveFirewall(); &redirect( 'list_rawrules.cgi'.($in{'delete'} ? "?idx=$idx" : '') ); diff --git a/src/turtlefirewall/save_masquerade.cgi b/src/turtlefirewall/save_masquerade.cgi index 60e77ef..21340d1 100644 --- a/src/turtlefirewall/save_masquerade.cgi +++ b/src/turtlefirewall/save_masquerade.cgi @@ -12,6 +12,7 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); my $idx = $in{'idx'}; +my $newIdx = $in{'newIdx'}; my $src = $in{'src'}; my $dst = $in{'dst'}; my ($service, $port) = &formServiceParse( $in{'servicetype'}, $in{'service2'}, $in{'service3'}, $in{'port'} ); @@ -57,5 +58,6 @@ if( $in{'delete'} ) { $fw->AddMasquerade( $in{'new'} ? 0 : $idx, $src, $dst, $service, $port, $is_masquerade, $active ); } +if( $idx ne $newIdx ) { $fw->MoveMasquerade( $idx, $newIdx ); } $fw->SaveFirewall(); &redirect( 'list_nat.cgi' ); diff --git a/src/turtlefirewall/save_nat.cgi b/src/turtlefirewall/save_nat.cgi index c49613f..6e182f4 100644 --- a/src/turtlefirewall/save_nat.cgi +++ b/src/turtlefirewall/save_nat.cgi @@ -12,6 +12,7 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); my $idx = $in{'idx'}; +my $newIdx = $in{'newIdx'}; my $virtual = $in{'virtual'}; my $real = $in{'real'}; my ($service, $port) = &formServiceParse( $in{'servicetype'}, $in{'service2'}, $in{'service3'}, $in{'port'} ); @@ -72,5 +73,6 @@ if( $in{'delete'} ) { } } +if( $idx ne $newIdx ) { $fw->MoveNat( $idx, $newIdx ); } $fw->SaveFirewall(); &redirect( 'list_nat.cgi' ); diff --git a/src/turtlefirewall/save_redirect.cgi b/src/turtlefirewall/save_redirect.cgi index 86ef283..305901a 100644 --- a/src/turtlefirewall/save_redirect.cgi +++ b/src/turtlefirewall/save_redirect.cgi @@ -12,6 +12,7 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); my $idx = $in{'idx'}; +my $newIdx = $in{'newIdx'}; my $src = $in{'src'}; my $dst = $in{'dst'}; my ($service, $port) = &formServiceParse( $in{'servicetype'}, $in{'service2'}, $in{'service3'}, $in{'port'} ); @@ -66,5 +67,6 @@ if( $in{'delete'} ) { $fw->AddRedirect( $in{'new'} ? 0 : $idx, $src, $dst, $service, $port, $toport, $is_redirect, $active ); } +if( $idx ne $newIdx ) { $fw->MoveRedirect( $idx, $newIdx ); } $fw->SaveFirewall(); &redirect( 'list_nat.cgi' ); diff --git a/src/turtlefirewall/save_rule.cgi b/src/turtlefirewall/save_rule.cgi index 29ea535..4ea5ba7 100644 --- a/src/turtlefirewall/save_rule.cgi +++ b/src/turtlefirewall/save_rule.cgi @@ -12,6 +12,7 @@ do 'turtlefirewall-lib.pl'; &ReadParse(); my $idx = $in{'idx'}; +my $newIdx = $in{'newIdx'}; my $src = $in{'src'}; $src =~ s/\0/,/g; my $dst = $in{'dst'}; @@ -87,5 +88,6 @@ if( $in{'delete'} ) { $fw->AddRule( $in{'new'} ? 0 : $idx, $src, $dst, $service, $ndpi, $category, $hostnameset, $riskset, $ratelimit, $port, $time, $target, $active, $log, $description ); } +if( $idx ne $newIdx ) { $fw->MoveRule( $idx, $newIdx ); } $fw->SaveFirewall(); &redirect( 'list_rules.cgi'.($in{'delete'} ? "?idx=$idx" : '') ); diff --git a/src/turtlefirewall/setup/TurtleFirewall.pm b/src/turtlefirewall/setup/TurtleFirewall.pm index 08e2e27..0e468fb 100644 --- a/src/turtlefirewall/setup/TurtleFirewall.pm +++ b/src/turtlefirewall/setup/TurtleFirewall.pm @@ -454,6 +454,13 @@ sub AddMasqueradeAttr { } } +sub MoveMasquerade { + my ($this, $idxSrc, $idxDst) = @_; + my %attr = %{$this->{fw}{MASQUERADE}[$idxSrc-1]}; + splice @{$this->{fw}{MASQUERADE}}, $idxSrc-1, 1; + splice @{$this->{fw}{MASQUERADE}}, $idxDst-1, 0, \%attr; +} + # AddNat( $idx, $virtual, $real, $service, $port, $toport, $active ) if $idx==0 then add new Masquerade sub AddNat { my ($this, $idx, $virtual, $real, $service, $port, $toport, $active) = @_; @@ -476,6 +483,13 @@ sub AddNatAttr { } } +sub MoveNat { + my ($this, $idxSrc, $idxDst) = @_; + my %attr = %{$this->{fw}{NAT}[$idxSrc-1]}; + splice @{$this->{fw}{NAT}}, $idxSrc-1, 1; + splice @{$this->{fw}{NAT}}, $idxDst-1, 0, \%attr; +} + # AddRedirect( $idx, $src, $dst, $service, $port, $toport, $active ); sub AddRedirect { my ($this, $idx, $src, $dst, $service, $port, $toport, $redirect, $active ) = @_; @@ -498,6 +512,13 @@ sub AddRedirectAttr { } } +sub MoveRedirect { + my ($this, $idxSrc, $idxDst) = @_; + my %attr = %{$this->{fw}{REDIRECT}[$idxSrc-1]}; + splice @{$this->{fw}{REDIRECT}}, $idxSrc-1, 1; + splice @{$this->{fw}{REDIRECT}}, $idxDst-1, 0, \%attr; +} + # AddRule( $idx, $src, $dst, $service, $ndpi, $category, $hostnameset, $riskset, $ratelimit, $port, $time, $target, $active, $log, $description ); sub AddRule { my ($this, $idx, $src, $dst, $service, $ndpi, $category, $hostnameset, $riskset, $ratelimit, $port, $time, $target, $active, $log, $description ) = @_; From 821555479399d8444031cc671cbfc76d14abb0a6 Mon Sep 17 00:00:00 2001 From: netcons Date: Wed, 27 Nov 2024 16:15:58 +0200 Subject: [PATCH 036/113] Bug : Fix rule item reference lookup. --- src/turtlefirewall/list_itemreferences.cgi | 2 +- src/turtlefirewall/setup/TurtleFirewall.pm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/turtlefirewall/list_itemreferences.cgi b/src/turtlefirewall/list_itemreferences.cgi index f486154..eadfb4f 100644 --- a/src/turtlefirewall/list_itemreferences.cgi +++ b/src/turtlefirewall/list_itemreferences.cgi @@ -35,7 +35,7 @@ sub showItemReferences { my $reftypelc = lc($reftype); my $prefix = $reftype eq 'RULE' ? 'filter' : $reftypelc; my @ks = split( / /, $k ); - my $refname = $ks[0]; + my $refname = $ks[2]; my $idx = $ks[1]; # Item in Rule if( $idx ne '' ) { diff --git a/src/turtlefirewall/setup/TurtleFirewall.pm b/src/turtlefirewall/setup/TurtleFirewall.pm index 0e468fb..db2539b 100644 --- a/src/turtlefirewall/setup/TurtleFirewall.pm +++ b/src/turtlefirewall/setup/TurtleFirewall.pm @@ -1001,7 +1001,7 @@ sub GetItemReferences { foreach $ruleitem ('SRC','DST','ZONE','VIRTUAL','REAL','TIME','HOSTNAMESET','RISKSET','RATELIMIT') { my @ruleitem_list = split( /,/, $this->{fw}{$ruletype}[$i]{$ruleitem} ); if( grep( /^$item$/, @ruleitem_list ) ) { - $references{"${ruleitem} ${i}"} = $ruletype; + $references{"$ruletype $i $ruleitem"} = $ruletype; } } } From 00111cfd9c4215b58f7948b61c5dcc9345cb2258 Mon Sep 17 00:00:00 2001 From: netcons Date: Thu, 28 Nov 2024 03:18:31 +0200 Subject: [PATCH 037/113] Bug : Fix rule item reference lookup, 2nd try. --- src/turtlefirewall/list_itemreferences.cgi | 2 +- src/turtlefirewall/setup/TurtleFirewall.pm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/turtlefirewall/list_itemreferences.cgi b/src/turtlefirewall/list_itemreferences.cgi index eadfb4f..f486154 100644 --- a/src/turtlefirewall/list_itemreferences.cgi +++ b/src/turtlefirewall/list_itemreferences.cgi @@ -35,7 +35,7 @@ sub showItemReferences { my $reftypelc = lc($reftype); my $prefix = $reftype eq 'RULE' ? 'filter' : $reftypelc; my @ks = split( / /, $k ); - my $refname = $ks[2]; + my $refname = $ks[0]; my $idx = $ks[1]; # Item in Rule if( $idx ne '' ) { diff --git a/src/turtlefirewall/setup/TurtleFirewall.pm b/src/turtlefirewall/setup/TurtleFirewall.pm index db2539b..728ba6b 100644 --- a/src/turtlefirewall/setup/TurtleFirewall.pm +++ b/src/turtlefirewall/setup/TurtleFirewall.pm @@ -1001,7 +1001,7 @@ sub GetItemReferences { foreach $ruleitem ('SRC','DST','ZONE','VIRTUAL','REAL','TIME','HOSTNAMESET','RISKSET','RATELIMIT') { my @ruleitem_list = split( /,/, $this->{fw}{$ruletype}[$i]{$ruleitem} ); if( grep( /^$item$/, @ruleitem_list ) ) { - $references{"$ruletype $i $ruleitem"} = $ruletype; + $references{"$ruleitem $i $ruletype"} = $ruletype; } } } From efc0c743fd681fe6b2ab9d2ccb6000bc1e057d78 Mon Sep 17 00:00:00 2001 From: netcons Date: Thu, 28 Nov 2024 07:39:03 +0200 Subject: [PATCH 038/113] Update INSTALL.md --- INSTALL.md | 1 + 1 file changed, 1 insertion(+) diff --git a/INSTALL.md b/INSTALL.md index 794401c..cf38184 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -58,6 +58,7 @@ dnf -y upgrade kernel reboot dnf -y install kernel-devel kernel-headers +dnf -y install kernel-modules-extra dnf -y install iptables-devel libpcap-devel json-c-devel libgcrypt-devel perl-File-Path dnf -y install autoconf automake libtool dnf -y install dkms From a106e68c7b5fe014c23ccf6223ac99c290fadf72 Mon Sep 17 00:00:00 2001 From: netcons Date: Fri, 29 Nov 2024 11:12:06 +0200 Subject: [PATCH 039/113] Bug : Fix rule highlighting on move. --- src/turtlefirewall/save_connmark.cgi | 4 ++-- src/turtlefirewall/save_connmarkpreroute.cgi | 4 ++-- src/turtlefirewall/save_conntrack.cgi | 4 ++-- src/turtlefirewall/save_conntrackpreroute.cgi | 4 ++-- src/turtlefirewall/save_rule.cgi | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/turtlefirewall/save_connmark.cgi b/src/turtlefirewall/save_connmark.cgi index 62a3d17..67d8b5b 100644 --- a/src/turtlefirewall/save_connmark.cgi +++ b/src/turtlefirewall/save_connmark.cgi @@ -72,6 +72,6 @@ if( $in{'delete'} ) { $fw->AddConnmark( $in{'new'} ? 0 : $idx, $src, $dst, $service, $ndpi, $category, $hostnameset, $riskset, $port, $time, $mark, $active ); } -if( $idx ne $newIdx ) { $fw->MoveConnmark( $idx, $newIdx ); } +if( $idx ne $newIdx ) { $fw->MoveConnmark( $idx, $newIdx ); $idx=$newIdx; } $fw->SaveFirewall(); -&redirect( 'list_manglerules.cgi'.($in{'delete'} ? "?idx=$idx" : '') ); +&redirect( 'list_manglerules.cgi'.($in{'delete'} ? '' : "?idx=$idx") ); diff --git a/src/turtlefirewall/save_connmarkpreroute.cgi b/src/turtlefirewall/save_connmarkpreroute.cgi index 2fc0457..f04cbd8 100644 --- a/src/turtlefirewall/save_connmarkpreroute.cgi +++ b/src/turtlefirewall/save_connmarkpreroute.cgi @@ -70,6 +70,6 @@ if( $in{'delete'} ) { $fw->AddConnmarkPreroute( $in{'new'} ? 0 : $idx, $src, $dst, $service, $ndpi, $category, $hostnameset, $riskset, $port, $time, $mark, $active ); } -if( $idx ne $newIdx ) { $fw->MoveConnmarkPreroute( $idx, $newIdx ); } +if( $idx ne $newIdx ) { $fw->MoveConnmarkPreroute( $idx, $newIdx ); $idx=$newIdx; } $fw->SaveFirewall(); -&redirect( 'list_manglerules.cgi'.($in{'delete'} ? "?idx=$idx" : '') ); +&redirect( 'list_manglerules.cgi'.($in{'delete'} ? '' : "?idx=$idx") ); diff --git a/src/turtlefirewall/save_conntrack.cgi b/src/turtlefirewall/save_conntrack.cgi index a807cd2..bed2400 100644 --- a/src/turtlefirewall/save_conntrack.cgi +++ b/src/turtlefirewall/save_conntrack.cgi @@ -95,6 +95,6 @@ if( $in{'delete'} ) { $fw->AddConntrack( $in{'new'} ? 0 : $idx, $src, $dst, $service, $port, $helper, $active ); } -if( $idx ne $newIdx ) { $fw->MoveConntrack( $idx, $newIdx ); } +if( $idx ne $newIdx ) { $fw->MoveConntrack( $idx, $newIdx ); $idx=$newIdx; } $fw->SaveFirewall(); -&redirect( 'list_rawrules.cgi'.($in{'delete'} ? "?idx=$idx" : '') ); +&redirect( 'list_rawrules.cgi'.($in{'delete'} ? '' : "?idx=$idx") ); diff --git a/src/turtlefirewall/save_conntrackpreroute.cgi b/src/turtlefirewall/save_conntrackpreroute.cgi index 7c56fbf..4a68da4 100644 --- a/src/turtlefirewall/save_conntrackpreroute.cgi +++ b/src/turtlefirewall/save_conntrackpreroute.cgi @@ -95,6 +95,6 @@ if( $in{'delete'} ) { $fw->AddConntrackPreroute( $in{'new'} ? 0 : $idx, $src, $dst, $service, $port, $helper, $active ); } -if( $idx ne $newIdx ) { $fw->MoveConntrackPreroute( $idx, $newIdx ); } +if( $idx ne $newIdx ) { $fw->MoveConntrackPreroute( $idx, $newIdx ); $idx=$newIdx; } $fw->SaveFirewall(); -&redirect( 'list_rawrules.cgi'.($in{'delete'} ? "?idx=$idx" : '') ); +&redirect( 'list_rawrules.cgi'.($in{'delete'} ? '' : "?idx=$idx") ); diff --git a/src/turtlefirewall/save_rule.cgi b/src/turtlefirewall/save_rule.cgi index 4ea5ba7..6bc37e9 100644 --- a/src/turtlefirewall/save_rule.cgi +++ b/src/turtlefirewall/save_rule.cgi @@ -88,6 +88,6 @@ if( $in{'delete'} ) { $fw->AddRule( $in{'new'} ? 0 : $idx, $src, $dst, $service, $ndpi, $category, $hostnameset, $riskset, $ratelimit, $port, $time, $target, $active, $log, $description ); } -if( $idx ne $newIdx ) { $fw->MoveRule( $idx, $newIdx ); } +if( $idx ne $newIdx ) { $fw->MoveRule( $idx, $newIdx ); $idx=$newIdx; } $fw->SaveFirewall(); -&redirect( 'list_rules.cgi'.($in{'delete'} ? "?idx=$idx" : '') ); +&redirect( 'list_rules.cgi'.($in{'delete'} ? '' : "?idx=$idx") ); From 5122cbf24b89b04950d4acf5daeaf50a6a907a8e Mon Sep 17 00:00:00 2001 From: netcons Date: Fri, 29 Nov 2024 12:26:59 +0200 Subject: [PATCH 040/113] Feature : Add NAT rule highlighting. --- src/turtlefirewall/list_manglerules.cgi | 12 ++--- src/turtlefirewall/list_nat.cgi | 46 +++++++++++-------- src/turtlefirewall/list_rawrules.cgi | 12 ++--- src/turtlefirewall/save_connmark.cgi | 2 +- src/turtlefirewall/save_connmarkpreroute.cgi | 2 +- src/turtlefirewall/save_conntrack.cgi | 2 +- src/turtlefirewall/save_conntrackpreroute.cgi | 2 +- src/turtlefirewall/save_masquerade.cgi | 4 +- src/turtlefirewall/save_nat.cgi | 4 +- src/turtlefirewall/save_redirect.cgi | 4 +- 10 files changed, 48 insertions(+), 42 deletions(-) diff --git a/src/turtlefirewall/list_manglerules.cgi b/src/turtlefirewall/list_manglerules.cgi index bfe2d90..0a8efd6 100644 --- a/src/turtlefirewall/list_manglerules.cgi +++ b/src/turtlefirewall/list_manglerules.cgi @@ -57,8 +57,8 @@ sub showConnmarkPreroute { my $nConnmarkPreroutes = $fw->GetConnmarkPreroutesCount(); + my $idx = $in{idx}; if( $in{table} eq 'connmarkpreroute' ) { - my $idx = $in{idx}; if( $in{down} > 0 || $in{up} > 0 ) { my $newIdx = $idx; if( $in{down} > 0 && $idx > 0 && $idx < $nConnmarkPreroutes ) { @@ -79,8 +79,8 @@ sub showConnmarkPreroute { my %attr = $fw->GetConnmarkPreroute($i); local @cols; if( $attr{'TARGET'} eq '' ) { $attr{'TARGET'} = 'ACCEPT'; } - my $bb = $idx == $i ? '' : ''; # BoldBegin - my $be = $idx == $i ? '' : ''; # BoldEnd + my $bb = $idx == $i && $in{table} eq 'connmarkpreroute' ? '' : ''; # BoldBegin + my $be = $idx == $i && $in{table} eq 'connmarkpreroute' ? '' : ''; # BoldEnd my $sb = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeBegin my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd my $href = &ui_link("edit_connmarkpreroute.cgi?idx=$i","${sb}${bb}${i}${be}${se}"); @@ -198,8 +198,8 @@ sub showConnmark { my $nConnmarks = $fw->GetConnmarksCount(); + my $idx = $in{idx}; if( $in{table} eq 'connmark' ) { - my $idx = $in{idx}; if( $in{down} > 0 || $in{up} > 0 ) { my $newIdx = $idx; if( $in{down} > 0 && $idx > 0 && $idx < $nConnmarks ) { @@ -220,8 +220,8 @@ sub showConnmark { my %attr = $fw->GetConnmark($i); local @cols; if( $attr{'TARGET'} eq '' ) { $attr{'TARGET'} = 'ACCEPT'; } - my $bb = $idx == $i ? '' : ''; # BoldBegin - my $be = $idx == $i ? '' : ''; # BoldEnd + my $bb = $idx == $i && $in{table} eq 'connmark' ? '' : ''; # BoldBegin + my $be = $idx == $i && $in{table} eq 'connmark' ? '' : ''; # BoldEnd my $sb = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeBegin my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd my $href = &ui_link("edit_connmark.cgi?idx=$i","${sb}${bb}${i}${be}${se}"); diff --git a/src/turtlefirewall/list_nat.cgi b/src/turtlefirewall/list_nat.cgi index 6f3a63e..9a3699c 100644 --- a/src/turtlefirewall/list_nat.cgi +++ b/src/turtlefirewall/list_nat.cgi @@ -75,17 +75,19 @@ sub showNat { for( my $i=1; $i<=$nNat; $i++ ) { my %attr = $fw->GetNat( $i ); local @cols; + my $bb = $idx == $i && $in{table} eq 'nat' ? '' : ''; # BoldBegin + my $be = $idx == $i && $in{table} eq 'nat'? '' : ''; # BoldEnd my $sb = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeBegin my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd - my $href = &ui_link("edit_nat.cgi?idx=$i","${sb}${i}${se}"); + my $href = &ui_link("edit_nat.cgi?idx=$i","${sb}${bb}${i}${be}${se}"); push(@cols, $href ); my %zone = $fw->GetZone($attr{'VIRTUAL'}); if( $zone{IF} ne '' ) { - push(@cols, "$icons{ZONE}{IMAGE}${sb}$attr{'VIRTUAL'} ($zone{'IF'})${se}" ); + push(@cols, "$icons{ZONE}{IMAGE}${sb}${bb}$attr{'VIRTUAL'} ($zone{'IF'})${be}${se}" ); } else { - push(@cols, "$icons{HOST}{IMAGE}${sb}$attr{'VIRTUAL'}${se}" ); + push(@cols, "$icons{HOST}{IMAGE}${sb}${bb}$attr{'VIRTUAL'}${be}${se}" ); } - push(@cols, "$icons{HOST}{IMAGE}${sb}$attr{'REAL'}${se}" ); + push(@cols, "$icons{HOST}{IMAGE}${sb}${bb}$attr{'REAL'}${be}${se}" ); my $servicelist = ''; if( $attr{'SERVICE'} eq 'tcp' || $attr{'SERVICE'} eq 'udp' ) { if( $attr{'PORT'} ne '' ) { @@ -99,13 +101,13 @@ sub showNat { $servicelist .= "$icons{SERVICE}{IMAGE}${s}
"; } } - push(@cols, "${sb}${servicelist}${se}"); + push(@cols, "${sb}${bb}${servicelist}${be}${se}"); my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd my $nimage = $attr{'ACTIVE'} eq 'NO' ? $icons{NAT}{IMAGE} : $icons{NAT_A}{IMAGE}; - push(@cols, "${nimage}${sb}${cb}$text{YES}${ce}${se}" ); + push(@cols, "${nimage}${sb}${bb}${cb}$text{YES}${ce}${be}${se}" ); my $timage = $attr{'TOPORT'} eq '' ? '' : $icons{TOPORT}{IMAGE}; - push(@cols, "${timage}${sb}$attr{'TOPORT'}${se}" ); + push(@cols, "${timage}${sb}${bb}$attr{'TOPORT'}${be}${se}" ); local $mover; $mover .= ""; @@ -184,15 +186,17 @@ sub showMasquerade { for( my $i=1; $i<=$nMasq; $i++ ) { my %attr = $fw->GetMasquerade( $i ); local @cols; + my $bb = $idx == $i && $in{table} eq 'masquerade' ? '' : ''; # BoldBegin + my $be = $idx == $i && $in{table} eq 'masquerade' ? '' : ''; # BoldEnd my $sb = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeBegin my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd - my $href = &ui_link("edit_masquerade.cgi?idx=$i","${sb}${i}${se}"); + my $href = &ui_link("edit_masquerade.cgi?idx=$i","${sb}${bb}${i}${be}${se}"); push(@cols, $href ); my $type = ''; $type = $fw->GetItemType($attr{'SRC'}); - push(@cols, "$icons{$type}{IMAGE}${sb}$attr{'SRC'}${se}" ); + push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'SRC'}${be}${se}" ); $type = $fw->GetItemType($attr{'DST'}); - push(@cols, "$icons{$type}{IMAGE}${sb}$attr{'DST'}${se}" ); + push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'DST'}${be}${se}" ); my $servicelist = ''; if( $attr{'SERVICE'} eq 'tcp' || $attr{'SERVICE'} eq 'udp' ) { if( $attr{'PORT'} ne '' ) { @@ -206,17 +210,17 @@ sub showMasquerade { $servicelist .= "$icons{SERVICE}{IMAGE}${s}
"; } } - push(@cols, "${sb}${servicelist}${se}"); + push(@cols, "${sb}${bb}${servicelist}${se}"); if( $attr{'MASQUERADE'} eq 'NO' ) { my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd my $dimage = $attr{'ACTIVE'} eq 'NO' ? $icons{MASQUERADE}{IMAGE} : $icons{MASQUERADE_NO}{IMAGE}; - push(@cols, "${dimage}${sb}${cb}$text{NO}${ce}${se}" ); + push(@cols, "${dimage}${sb}${bb}${cb}$text{NO}${ce}${be}${se}" ); } else { my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd my $aimage = $attr{'ACTIVE'} eq 'NO' ? $icons{MASQUERADE}{IMAGE} : $icons{MASQUERADE_A}{IMAGE}; - push(@cols, "${aimage}${sb}${cb}$text{YES}${ce}${se}" ); + push(@cols, "${aimage}${sb}${bb}${cb}$text{YES}${ce}${be}${se}" ); } local $mover; $mover .= "
"; @@ -297,15 +301,17 @@ sub showRedirect { for( my $i=1; $i<=$nRedirect; $i++ ) { my %attr = $fw->GetRedirect( $i ); local @cols; + my $bb = $idx == $i && $in{table} eq 'redirect' ? '' : ''; # BoldBegin + my $be = $idx == $i && $in{table} eq 'redirect' ? '' : ''; # BoldEnd my $sb = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeBegin my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd - my $href = &ui_link("edit_redirect.cgi?idx=$i","${sb}${i}${se}"); + my $href = &ui_link("edit_redirect.cgi?idx=$i","${sb}${bb}${i}${be}${se}"); push(@cols, $href ); my $type = ''; $type = $fw->GetItemType($attr{'SRC'}); - push(@cols, "$icons{$type}{IMAGE}${sb}$attr{'SRC'}${se}" ); + push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'SRC'}${be}${se}" ); $type = $fw->GetItemType($attr{'DST'}); - push(@cols, "$icons{$type}{IMAGE}${sb}$attr{'DST'}${se}" ); + push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'DST'}${be}${se}" ); my $servicelist = ''; if( $attr{'SERVICE'} eq 'tcp' || $attr{'SERVICE'} eq 'udp' ) { if( $attr{'PORT'} ne '' ) { @@ -319,20 +325,20 @@ sub showRedirect { $servicelist .= "$icons{SERVICE}{IMAGE}${s}
"; } } - push(@cols, "${sb}${servicelist}${se}"); + push(@cols, "${sb}${bb}${servicelist}${be}${se}"); if( $attr{'REDIRECT'} eq 'NO' ) { my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd my $dimage = $attr{'ACTIVE'} eq 'NO' ? $icons{REDIRECT}{IMAGE} : $icons{REDIRECT_NO}{IMAGE}; - push(@cols, "${dimage}${sb}${cb}$text{NO}${ce}${se}" ); + push(@cols, "${dimage}${sb}${bb}${cb}$text{NO}${ce}${be}${se}" ); push(@cols, "" ); } else { my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd my $aimage = $attr{'ACTIVE'} eq 'NO' ? $icons{REDIRECT}{IMAGE} : $icons{REDIRECT_A}{IMAGE}; - push(@cols, "${aimage}${sb}${cb}$text{YES}${ce}${se}" ); + push(@cols, "${aimage}${sb}${bb}${cb}$text{YES}${ce}${be}${se}" ); my $timage = $attr{'TOPORT'} eq '' ? '' : $icons{TOPORT}{IMAGE}; - push(@cols, "${timage}${sb}$attr{'TOPORT'}${se}" ); + push(@cols, "${timage}${sb}${bb}$attr{'TOPORT'}${be}${se}" ); } local $mover; $mover .= "
"; diff --git a/src/turtlefirewall/list_rawrules.cgi b/src/turtlefirewall/list_rawrules.cgi index 5a5beee..3f6f5fa 100644 --- a/src/turtlefirewall/list_rawrules.cgi +++ b/src/turtlefirewall/list_rawrules.cgi @@ -49,8 +49,8 @@ sub showConntrackPreroute { my $nConntrackPreroutes = $fw->GetConntrackPreroutesCount(); + my $idx = $in{idx}; if( $in{table} eq 'conntrackpreroute' ) { - my $idx = $in{idx}; if( $in{down} > 0 || $in{up} > 0 ) { my $newIdx = $idx; if( $in{down} > 0 && $idx > 0 && $idx < $nConntrackPreroutes ) { @@ -71,8 +71,8 @@ sub showConntrackPreroute { my %attr = $fw->GetConntrackPreroute($i); local @cols; if( $attr{'TARGET'} eq '' ) { $attr{'TARGET'} = 'ACCEPT'; } - my $bb = $idx == $i ? '' : ''; # BoldBegin - my $be = $idx == $i ? '' : ''; # BoldEnd + my $bb = $idx == $i && $in{table} eq 'conntrackpreroute' ? '' : ''; # BoldBegin + my $be = $idx == $i && $in{table} eq 'conntrackpreroute' ? '' : ''; # BoldEnd my $sb = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeBegin my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd my $href = &ui_link("edit_conntrackpreroute.cgi?idx=$i","${sb}${bb}${i}${be}${se}"); @@ -144,8 +144,8 @@ sub showConntrack { my $nConntracks = $fw->GetConntracksCount(); + my $idx = $in{idx}; if( $in{table} eq 'conntrack' ) { - my $idx = $in{idx}; if( $in{down} > 0 || $in{up} > 0 ) { my $newIdx = $idx; if( $in{down} > 0 && $idx > 0 && $idx < $nConntracks ) { @@ -166,8 +166,8 @@ sub showConntrack { my %attr = $fw->GetConntrack($i); local @cols; if( $attr{'TARGET'} eq '' ) { $attr{'TARGET'} = 'ACCEPT'; } - my $bb = $idx == $i ? '' : ''; # BoldBegin - my $be = $idx == $i ? '' : ''; # BoldEnd + my $bb = $idx == $i && $in{table} eq 'conntrack' ? '' : ''; # BoldBegin + my $be = $idx == $i && $in{table} eq 'conntrack' ? '' : ''; # BoldEnd my $sb = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeBegin my $se = $attr{'ACTIVE'} eq 'NO' ? '' : ''; # StrikeEnd my $href = &ui_link("edit_conntrack.cgi?idx=$i","${sb}${bb}${i}${be}${se}"); diff --git a/src/turtlefirewall/save_connmark.cgi b/src/turtlefirewall/save_connmark.cgi index 67d8b5b..b06c549 100644 --- a/src/turtlefirewall/save_connmark.cgi +++ b/src/turtlefirewall/save_connmark.cgi @@ -74,4 +74,4 @@ if( $in{'delete'} ) { if( $idx ne $newIdx ) { $fw->MoveConnmark( $idx, $newIdx ); $idx=$newIdx; } $fw->SaveFirewall(); -&redirect( 'list_manglerules.cgi'.($in{'delete'} ? '' : "?idx=$idx") ); +&redirect( 'list_manglerules.cgi'.($in{'delete'} ? '' : "?table=connmark&idx=$idx") ); diff --git a/src/turtlefirewall/save_connmarkpreroute.cgi b/src/turtlefirewall/save_connmarkpreroute.cgi index f04cbd8..798fd5e 100644 --- a/src/turtlefirewall/save_connmarkpreroute.cgi +++ b/src/turtlefirewall/save_connmarkpreroute.cgi @@ -72,4 +72,4 @@ if( $in{'delete'} ) { if( $idx ne $newIdx ) { $fw->MoveConnmarkPreroute( $idx, $newIdx ); $idx=$newIdx; } $fw->SaveFirewall(); -&redirect( 'list_manglerules.cgi'.($in{'delete'} ? '' : "?idx=$idx") ); +&redirect( 'list_manglerules.cgi'.($in{'delete'} ? '' : "?table=connmarkpreroute&idx=$idx") ); diff --git a/src/turtlefirewall/save_conntrack.cgi b/src/turtlefirewall/save_conntrack.cgi index bed2400..081e6c2 100644 --- a/src/turtlefirewall/save_conntrack.cgi +++ b/src/turtlefirewall/save_conntrack.cgi @@ -97,4 +97,4 @@ if( $in{'delete'} ) { if( $idx ne $newIdx ) { $fw->MoveConntrack( $idx, $newIdx ); $idx=$newIdx; } $fw->SaveFirewall(); -&redirect( 'list_rawrules.cgi'.($in{'delete'} ? '' : "?idx=$idx") ); +&redirect( 'list_rawrules.cgi'.($in{'delete'} ? '' : "?table=conntrack&idx=$idx") ); diff --git a/src/turtlefirewall/save_conntrackpreroute.cgi b/src/turtlefirewall/save_conntrackpreroute.cgi index 4a68da4..633fa06 100644 --- a/src/turtlefirewall/save_conntrackpreroute.cgi +++ b/src/turtlefirewall/save_conntrackpreroute.cgi @@ -97,4 +97,4 @@ if( $in{'delete'} ) { if( $idx ne $newIdx ) { $fw->MoveConntrackPreroute( $idx, $newIdx ); $idx=$newIdx; } $fw->SaveFirewall(); -&redirect( 'list_rawrules.cgi'.($in{'delete'} ? '' : "?idx=$idx") ); +&redirect( 'list_rawrules.cgi'.($in{'delete'} ? '' : "?table=conntrackpreroute&idx=$idx") ); diff --git a/src/turtlefirewall/save_masquerade.cgi b/src/turtlefirewall/save_masquerade.cgi index 21340d1..271d870 100644 --- a/src/turtlefirewall/save_masquerade.cgi +++ b/src/turtlefirewall/save_masquerade.cgi @@ -58,6 +58,6 @@ if( $in{'delete'} ) { $fw->AddMasquerade( $in{'new'} ? 0 : $idx, $src, $dst, $service, $port, $is_masquerade, $active ); } -if( $idx ne $newIdx ) { $fw->MoveMasquerade( $idx, $newIdx ); } +if( $idx ne $newIdx ) { $fw->MoveMasquerade( $idx, $newIdx ); $idx=$newIdx; } $fw->SaveFirewall(); -&redirect( 'list_nat.cgi' ); +&redirect( 'list_nat.cgi'.($in{'delete'} ? '' : "?table=masquerade&idx=$idx") ); diff --git a/src/turtlefirewall/save_nat.cgi b/src/turtlefirewall/save_nat.cgi index 6e182f4..ee16933 100644 --- a/src/turtlefirewall/save_nat.cgi +++ b/src/turtlefirewall/save_nat.cgi @@ -73,6 +73,6 @@ if( $in{'delete'} ) { } } -if( $idx ne $newIdx ) { $fw->MoveNat( $idx, $newIdx ); } +if( $idx ne $newIdx ) { $fw->MoveNat( $idx, $newIdx ); $idx=$newIdx; } $fw->SaveFirewall(); -&redirect( 'list_nat.cgi' ); +&redirect( 'list_nat.cgi'.($in{'delete'} ? '' : "?table=nat&idx=$idx") ); diff --git a/src/turtlefirewall/save_redirect.cgi b/src/turtlefirewall/save_redirect.cgi index 305901a..aa71ad2 100644 --- a/src/turtlefirewall/save_redirect.cgi +++ b/src/turtlefirewall/save_redirect.cgi @@ -67,6 +67,6 @@ if( $in{'delete'} ) { $fw->AddRedirect( $in{'new'} ? 0 : $idx, $src, $dst, $service, $port, $toport, $is_redirect, $active ); } -if( $idx ne $newIdx ) { $fw->MoveRedirect( $idx, $newIdx ); } +if( $idx ne $newIdx ) { $fw->MoveRedirect( $idx, $newIdx ); $idx=$newIdx; } $fw->SaveFirewall(); -&redirect( 'list_nat.cgi' ); +&redirect( 'list_nat.cgi'.($in{'delete'} ? '' : "?table=redirect&idx=$idx") ); From 5abdf9c5a55a2153b6442ddef65d4ee8275d3e92 Mon Sep 17 00:00:00 2001 From: netcons Date: Fri, 29 Nov 2024 15:16:36 +0200 Subject: [PATCH 041/113] Bug : Fixed rule tcp/udp ALL ports display. --- CHANGELOG | 2 ++ src/turtlefirewall/list_manglerules.cgi | 4 ++-- src/turtlefirewall/list_nat.cgi | 8 ++++---- src/turtlefirewall/list_rawrules.cgi | 12 ++++++++++-- 4 files changed, 18 insertions(+), 8 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index d27884e..4ed2cc7 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -242,6 +242,8 @@ CHANGELOG - Bug : Fixed ApplyRule risk variable not initialised. - Bug : Fixed GeoIP include for Masquerade and Redirect. - Bug : Include reserved name check on item rename. + - Bug : Fixed rule highlighting on move. + - Bug : Fixed rule tcp/udp ALL ports display. - Services : Removed depreciated smtps TCP port 465 service. - Services : Added DNS over TLS TCP port 853 service. - Feature : nDPI 4.9.11 support. diff --git a/src/turtlefirewall/list_manglerules.cgi b/src/turtlefirewall/list_manglerules.cgi index 0a8efd6..9af78cb 100644 --- a/src/turtlefirewall/list_manglerules.cgi +++ b/src/turtlefirewall/list_manglerules.cgi @@ -100,7 +100,7 @@ sub showConnmarkPreroute { } else { my @services = split(/,/, $attr{'SERVICE'}); foreach my $s (@services) { - $servicelist .= "$icons{SERVICE}{IMAGE}${s}
"; + $servicelist .= "$icons{SERVICE}{IMAGE}$s
"; } } push(@cols, "${sb}${bb}${servicelist}${be}${se}"); @@ -251,7 +251,7 @@ sub showConnmark { } else { my @services = split(/,/, $attr{'SERVICE'}); foreach my $s (@services) { - $servicelist .= "$icons{SERVICE}{IMAGE}${s}
"; + $servicelist .= "$icons{SERVICE}{IMAGE}$s
"; } } push(@cols, "${sb}${bb}${servicelist}${be}${se}"); diff --git a/src/turtlefirewall/list_nat.cgi b/src/turtlefirewall/list_nat.cgi index 9a3699c..2e72f95 100644 --- a/src/turtlefirewall/list_nat.cgi +++ b/src/turtlefirewall/list_nat.cgi @@ -93,12 +93,12 @@ sub showNat { if( $attr{'PORT'} ne '' ) { $servicelist .= "$icons{SERVICE}{IMAGE}$attr{'SERVICE'}/$attr{'PORT'}"; } else { - $servicelist .= "$icons{SERVICE}{IMAGE}{'SERVICE'}/all"; + $servicelist .= "$icons{SERVICE}{IMAGE}$attr{'SERVICE'}/all"; } } else { my @services = split(/,/, $attr{'SERVICE'}); foreach my $s (@services) { - $servicelist .= "$icons{SERVICE}{IMAGE}${s}
"; + $servicelist .= "$icons{SERVICE}{IMAGE}$s
"; } } push(@cols, "${sb}${bb}${servicelist}${be}${se}"); @@ -207,7 +207,7 @@ sub showMasquerade { } else { my @services = split(/,/, $attr{'SERVICE'}); foreach my $s (@services) { - $servicelist .= "$icons{SERVICE}{IMAGE}${s}
"; + $servicelist .= "$icons{SERVICE}{IMAGE}$s
"; } } push(@cols, "${sb}${bb}${servicelist}${se}"); @@ -322,7 +322,7 @@ sub showRedirect { } else { my @services = split(/,/, $attr{'SERVICE'}); foreach my $s (@services) { - $servicelist .= "$icons{SERVICE}{IMAGE}${s}
"; + $servicelist .= "$icons{SERVICE}{IMAGE}$s
"; } } push(@cols, "${sb}${bb}${servicelist}${be}${se}"); diff --git a/src/turtlefirewall/list_rawrules.cgi b/src/turtlefirewall/list_rawrules.cgi index 3f6f5fa..0674eca 100644 --- a/src/turtlefirewall/list_rawrules.cgi +++ b/src/turtlefirewall/list_rawrules.cgi @@ -82,7 +82,11 @@ sub showConntrackPreroute { push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'SRC'}${be}${se}" ); $type = $fw->GetItemType($attr{'DST'}); push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'DST'}${be}${se}" ); - push(@cols, "$icons{SERVICE}{IMAGE}${sb}${bb}$attr{'SERVICE'}/$attr{'PORT'}${be}${se}"); + if( $attr{'PORT'} ne '' ) { + push(@cols, "$icons{SERVICE}{IMAGE}${sb}${bb}$attr{'SERVICE'}/$attr{'PORT'}${be}${se}"); + } else { + push(@cols, "$icons{SERVICE}{IMAGE}${sb}${bb}$attr{'SERVICE'}/all${be}${se}"); + } my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd my $himage = $attr{'ACTIVE'} eq 'NO' ? $icons{HELPER}{IMAGE} : $icons{HELPER_A}{IMAGE}; @@ -177,7 +181,11 @@ sub showConntrack { push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'SRC'}${be}${se}" ); $type = $fw->GetItemType($attr{'DST'}); push(@cols, "$icons{$type}{IMAGE}${sb}${bb}$attr{'DST'}${be}${se}" ); - push(@cols, "$icons{SERVICE}{IMAGE}${sb}${bb}$attr{'SERVICE'}/$attr{'PORT'}${be}${se}"); + if( $attr{'PORT'} ne '' ) { + push(@cols, "$icons{SERVICE}{IMAGE}${sb}${bb}$attr{'SERVICE'}/$attr{'PORT'}${be}${se}"); + } else { + push(@cols, "$icons{SERVICE}{IMAGE}${sb}${bb}$attr{'SERVICE'}/all${be}${se}"); + } my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd my $himage = $attr{'ACTIVE'} eq 'NO' ? $icons{HELPER}{IMAGE} : $icons{HELPER_A}{IMAGE}; From 2a0957c52b0c43dd79d2586c38356d636674cc54 Mon Sep 17 00:00:00 2001 From: netcons Date: Fri, 29 Nov 2024 16:53:33 +0200 Subject: [PATCH 042/113] Bug : Extend fix rule highlighting on move. --- src/turtlefirewall/edit_connmark.cgi | 2 +- src/turtlefirewall/edit_connmarkpreroute.cgi | 2 +- src/turtlefirewall/edit_conntrack.cgi | 2 +- src/turtlefirewall/edit_conntrackpreroute.cgi | 2 +- src/turtlefirewall/edit_masquerade.cgi | 2 +- src/turtlefirewall/edit_nat.cgi | 2 +- src/turtlefirewall/edit_redirect.cgi | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/turtlefirewall/edit_connmark.cgi b/src/turtlefirewall/edit_connmark.cgi index e14c477..3f8b17b 100644 --- a/src/turtlefirewall/edit_connmark.cgi +++ b/src/turtlefirewall/edit_connmark.cgi @@ -117,4 +117,4 @@ print "
"; print &ui_form_end(); print "

"; -&ui_print_footer("list_manglerules.cgi?idx=$idx",'Mangle Rules list'); +&ui_print_footer("list_manglerules.cgi?table=connmark&idx=$idx",'Mangle Rules list'); diff --git a/src/turtlefirewall/edit_connmarkpreroute.cgi b/src/turtlefirewall/edit_connmarkpreroute.cgi index 671ae2b..ae88e7a 100644 --- a/src/turtlefirewall/edit_connmarkpreroute.cgi +++ b/src/turtlefirewall/edit_connmarkpreroute.cgi @@ -122,4 +122,4 @@ print ""; print &ui_form_end(); print "

"; -&ui_print_footer("list_manglerules.cgi?idx=$idx",'Mangle Rules list'); +&ui_print_footer("list_manglerules.cgi?table=connmarkpreroute&idx=$idx",'Mangle Rules list'); diff --git a/src/turtlefirewall/edit_conntrack.cgi b/src/turtlefirewall/edit_conntrack.cgi index bb0d69a..64474e8 100644 --- a/src/turtlefirewall/edit_conntrack.cgi +++ b/src/turtlefirewall/edit_conntrack.cgi @@ -92,4 +92,4 @@ print ""; print &ui_form_end(); print "

"; -&ui_print_footer("list_rawrules.cgi?idx=$idx",'Raw Rules list'); +&ui_print_footer("list_rawrules.cgi?table=conntrack&idx=$idx",'Raw Rules list'); diff --git a/src/turtlefirewall/edit_conntrackpreroute.cgi b/src/turtlefirewall/edit_conntrackpreroute.cgi index 3f8e06b..163f493 100644 --- a/src/turtlefirewall/edit_conntrackpreroute.cgi +++ b/src/turtlefirewall/edit_conntrackpreroute.cgi @@ -99,4 +99,4 @@ print ""; print &ui_form_end(); print "

"; -&ui_print_footer("list_rawrules.cgi?idx=$idx",'Raw Rules list'); +&ui_print_footer("list_rawrules.cgi?table=conntrackpreroute&idx=$idx",'Raw Rules list'); diff --git a/src/turtlefirewall/edit_masquerade.cgi b/src/turtlefirewall/edit_masquerade.cgi index b611966..fc16a3a 100644 --- a/src/turtlefirewall/edit_masquerade.cgi +++ b/src/turtlefirewall/edit_masquerade.cgi @@ -94,4 +94,4 @@ print ""; print &ui_form_end(); print "

"; -&ui_print_footer('list_nat.cgi','NAT list'); +&ui_print_footer("list_nat.cgi?table=masquerade&idx=$idx",'NAT list'); diff --git a/src/turtlefirewall/edit_nat.cgi b/src/turtlefirewall/edit_nat.cgi index 197133c..c2349a6 100644 --- a/src/turtlefirewall/edit_nat.cgi +++ b/src/turtlefirewall/edit_nat.cgi @@ -96,4 +96,4 @@ print ""; print &ui_form_end(); print "

"; -&ui_print_footer('list_nat.cgi','NAT list'); +&ui_print_footer("list_nat.cgi?table=nat&idx=$idx",'NAT list'); diff --git a/src/turtlefirewall/edit_redirect.cgi b/src/turtlefirewall/edit_redirect.cgi index 6251699..3c2e663 100644 --- a/src/turtlefirewall/edit_redirect.cgi +++ b/src/turtlefirewall/edit_redirect.cgi @@ -100,4 +100,4 @@ print ""; print &ui_form_end(); print "

"; -&ui_print_footer('list_nat.cgi','NAT list'); +&ui_print_footer("list_nat.cgi?table=redirect&idx=$idx",'NAT list'); From 8f79544ffbe1d8e8deffee9fd55afcab3f7fc419 Mon Sep 17 00:00:00 2001 From: netcons Date: Sat, 30 Nov 2024 06:18:55 +0200 Subject: [PATCH 043/113] Code cleanup. --- src/turtlefirewall/edit_connmark.cgi | 2 +- src/turtlefirewall/edit_connmarkpreroute.cgi | 2 +- src/turtlefirewall/edit_conntrack.cgi | 2 +- src/turtlefirewall/edit_conntrackpreroute.cgi | 2 +- src/turtlefirewall/edit_masquerade.cgi | 2 +- src/turtlefirewall/edit_nat.cgi | 2 +- src/turtlefirewall/edit_redirect.cgi | 2 +- src/turtlefirewall/edit_rule.cgi | 2 +- src/turtlefirewall/list_nat.cgi | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/turtlefirewall/edit_connmark.cgi b/src/turtlefirewall/edit_connmark.cgi index 3f8b17b..73fafc8 100644 --- a/src/turtlefirewall/edit_connmark.cgi +++ b/src/turtlefirewall/edit_connmark.cgi @@ -83,7 +83,7 @@ print &ui_hidden("idx", $idx); my @tds = ( "width=20%", "width=80%" ); print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; -$col = &ui_select("newIdx", $idx, \@idxs, 1); +$col = &ui_select("newIdx", $idx, \@idxs); print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); $col = &ui_select("src", \@selected_src, \@items, 5, 1); print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'rule_src'}", $col ], \@tds); diff --git a/src/turtlefirewall/edit_connmarkpreroute.cgi b/src/turtlefirewall/edit_connmarkpreroute.cgi index ae88e7a..8d21dc5 100644 --- a/src/turtlefirewall/edit_connmarkpreroute.cgi +++ b/src/turtlefirewall/edit_connmarkpreroute.cgi @@ -87,7 +87,7 @@ print &ui_hidden("idx", $idx); my @tds = ( "width=20%", "width=80%" ); print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; -$col = &ui_select("newIdx", $idx, \@idxs, 1); +$col = &ui_select("newIdx", $idx, \@idxs); print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); $col = &ui_select("src", $src, \@items_src); print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'rule_src'}", $col ], \@tds); diff --git a/src/turtlefirewall/edit_conntrack.cgi b/src/turtlefirewall/edit_conntrack.cgi index 64474e8..766a481 100644 --- a/src/turtlefirewall/edit_conntrack.cgi +++ b/src/turtlefirewall/edit_conntrack.cgi @@ -62,7 +62,7 @@ print &ui_hidden("idx", $idx); my @tds = ( "width=20%", "width=80%" ); print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; -$col = &ui_select("newIdx", $idx, \@idxs, 1); +$col = &ui_select("newIdx", $idx, \@idxs); print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); $col = "$src"; $col .= &ui_hidden("src", $src); diff --git a/src/turtlefirewall/edit_conntrackpreroute.cgi b/src/turtlefirewall/edit_conntrackpreroute.cgi index 163f493..80a6732 100644 --- a/src/turtlefirewall/edit_conntrackpreroute.cgi +++ b/src/turtlefirewall/edit_conntrackpreroute.cgi @@ -69,7 +69,7 @@ print &ui_hidden("idx", $idx); my @tds = ( "width=20%", "width=80%" ); print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; -$col = &ui_select("newIdx", $idx, \@idxs, 1); +$col = &ui_select("newIdx", $idx, \@idxs); print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); $col = &ui_select("src", $src, \@items_src); print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'rule_src'}", $col ], \@tds); diff --git a/src/turtlefirewall/edit_masquerade.cgi b/src/turtlefirewall/edit_masquerade.cgi index fc16a3a..d832722 100644 --- a/src/turtlefirewall/edit_masquerade.cgi +++ b/src/turtlefirewall/edit_masquerade.cgi @@ -67,7 +67,7 @@ print &ui_hidden("idx", $idx); my @tds = ( "width=20%", "width=80%" ); print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; -$col = &ui_select("newIdx", $idx, \@idxs, 1); +$col = &ui_select("newIdx", $idx, \@idxs); print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); $col = &ui_select("src", $src, \@items_src); print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'masq_src'}", $col ], \@tds); diff --git a/src/turtlefirewall/edit_nat.cgi b/src/turtlefirewall/edit_nat.cgi index c2349a6..f8c457a 100644 --- a/src/turtlefirewall/edit_nat.cgi +++ b/src/turtlefirewall/edit_nat.cgi @@ -67,7 +67,7 @@ print &ui_hidden("idx", $idx); my @tds = ( "width=20%", "width=80%" ); print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; -$col = &ui_select("newIdx", $idx, \@idxs, 1); +$col = &ui_select("newIdx", $idx, \@idxs); print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); $col = &ui_select("virtual", $virtual, \@items_virtual); print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'virtual_host'}", $col ], \@tds); diff --git a/src/turtlefirewall/edit_redirect.cgi b/src/turtlefirewall/edit_redirect.cgi index 3c2e663..5a4ef6e 100644 --- a/src/turtlefirewall/edit_redirect.cgi +++ b/src/turtlefirewall/edit_redirect.cgi @@ -70,7 +70,7 @@ print &ui_hidden("idx", $idx); my @tds = ( "width=20%", "width=80%" ); print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; -$col = &ui_select("newIdx", $idx, \@idxs, 1); +$col = &ui_select("newIdx", $idx, \@idxs); print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); $col = &ui_select("src", $src, \@items_src); print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'redirect_src'}", $col ], \@tds); diff --git a/src/turtlefirewall/edit_rule.cgi b/src/turtlefirewall/edit_rule.cgi index 89f04e3..c5d2ec6 100644 --- a/src/turtlefirewall/edit_rule.cgi +++ b/src/turtlefirewall/edit_rule.cgi @@ -95,7 +95,7 @@ print &ui_hidden("idx", $idx); my @tds = ( "width=20%", "width=80%" ); print &ui_columns_start(undef, 100, 0, \@tds); my $col = ''; -$col = &ui_select("newIdx", $idx, \@idxs, 1); +$col = &ui_select("newIdx", $idx, \@idxs); print &ui_columns_row([ "$icons{ID}{IMAGE}ID", $col ], \@tds); $col = &ui_select("src", \@selected_src, \@items, 5, 1); print &ui_columns_row([ "$icons{ZONE}{IMAGE}$text{'rule_src'}", $col ], \@tds); diff --git a/src/turtlefirewall/list_nat.cgi b/src/turtlefirewall/list_nat.cgi index 2e72f95..d1460ef 100644 --- a/src/turtlefirewall/list_nat.cgi +++ b/src/turtlefirewall/list_nat.cgi @@ -210,7 +210,7 @@ sub showMasquerade { $servicelist .= "$icons{SERVICE}{IMAGE}$s
"; } } - push(@cols, "${sb}${bb}${servicelist}${se}"); + push(@cols, "${sb}${bb}${servicelist}${be}${se}"); if( $attr{'MASQUERADE'} eq 'NO' ) { my $cb = $sb eq '' ? '' : ''; # ColourBegin my $ce = $se eq '' ? '' : ''; # ColourEnd From 7d026ab64ae57c430f6fb6986394ec3116d318c1 Mon Sep 17 00:00:00 2001 From: netcons Date: Tue, 3 Dec 2024 16:45:18 +0200 Subject: [PATCH 044/113] Update dkms-xtables-addons.conf for latest xtables-addons. --- dkms/dkms-xtables-addons.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dkms/dkms-xtables-addons.conf b/dkms/dkms-xtables-addons.conf index 3398dd1..db9e227 100644 --- a/dkms/dkms-xtables-addons.conf +++ b/dkms/dkms-xtables-addons.conf @@ -1,4 +1,4 @@ -PACKAGE_VERSION="3.26" +PACKAGE_VERSION="3.27" # Items below here should not have to change with each driver version From fbbcb1fc65b05e0a26364297091fdd57fb2bdae6 Mon Sep 17 00:00:00 2001 From: netcons Date: Wed, 4 Dec 2024 17:03:09 +0200 Subject: [PATCH 045/113] Update CHANGELOG --- CHANGELOG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 4ed2cc7..b8fb596 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -246,7 +246,7 @@ CHANGELOG - Bug : Fixed rule tcp/udp ALL ports display. - Services : Removed depreciated smtps TCP port 465 service. - Services : Added DNS over TLS TCP port 853 service. - - Feature : nDPI 4.9.11 support. + - Feature : nDPI 4.11 support. - Feature : Add ipset support. - Feature : Add prefix support for net items. - Feature : Add item reference lookup support. From 3558eb9712d7339415687479a3afd8c7222ce566 Mon Sep 17 00:00:00 2001 From: netcons Date: Wed, 1 Jan 2025 19:28:17 +0200 Subject: [PATCH 046/113] v2.5 Release --- CHANGELOG | 25 +- INSTALL.md | 23 +- src/turtlefirewall/backup.cgi | 2 +- src/turtlefirewall/edit_addresslist.cgi | 2 +- src/turtlefirewall/edit_connmark.cgi | 2 +- src/turtlefirewall/edit_connmarkpreroute.cgi | 2 +- src/turtlefirewall/edit_conntrack.cgi | 2 +- src/turtlefirewall/edit_conntrackpreroute.cgi | 2 +- src/turtlefirewall/edit_flowstat.cgi | 2 +- src/turtlefirewall/edit_geoip.cgi | 2 +- src/turtlefirewall/edit_group.cgi | 2 +- src/turtlefirewall/edit_host.cgi | 2 +- src/turtlefirewall/edit_hostnameset.cgi | 2 +- src/turtlefirewall/edit_ipset.cgi | 2 +- src/turtlefirewall/edit_masquerade.cgi | 2 +- src/turtlefirewall/edit_nat.cgi | 2 +- src/turtlefirewall/edit_net.cgi | 2 +- src/turtlefirewall/edit_options.cgi | 2 +- src/turtlefirewall/edit_ratelimit.cgi | 2 +- src/turtlefirewall/edit_redirect.cgi | 2 +- src/turtlefirewall/edit_riskset.cgi | 2 +- src/turtlefirewall/edit_rule.cgi | 2 +- src/turtlefirewall/edit_time.cgi | 2 +- src/turtlefirewall/edit_timegroup.cgi | 2 +- src/turtlefirewall/edit_zone.cgi | 2 +- src/turtlefirewall/index.cgi | 2 +- src/turtlefirewall/list_actionlog.cgi | 2 +- src/turtlefirewall/list_countrycodes.cgi | 2 +- src/turtlefirewall/list_flowlog.cgi | 2 +- src/turtlefirewall/list_flowstat.cgi | 2 +- src/turtlefirewall/list_itemreferences.cgi | 2 +- src/turtlefirewall/list_items.cgi | 2 +- src/turtlefirewall/list_manglerules.cgi | 2 +- src/turtlefirewall/list_nat.cgi | 2 +- src/turtlefirewall/list_ndpiprotocols.cgi | 2 +- src/turtlefirewall/list_ndpirisks.cgi | 2 +- src/turtlefirewall/list_rawrules.cgi | 2 +- src/turtlefirewall/list_rules.cgi | 2 +- src/turtlefirewall/list_services.cgi | 2 +- src/turtlefirewall/module.info | 2 +- src/turtlefirewall/save_addresslist.cgi | 2 +- src/turtlefirewall/save_connmark.cgi | 2 +- src/turtlefirewall/save_connmarkpreroute.cgi | 2 +- src/turtlefirewall/save_conntrack.cgi | 2 +- src/turtlefirewall/save_conntrackpreroute.cgi | 2 +- src/turtlefirewall/save_geoip.cgi | 2 +- src/turtlefirewall/save_group.cgi | 2 +- src/turtlefirewall/save_host.cgi | 2 +- src/turtlefirewall/save_hostnameset.cgi | 2 +- src/turtlefirewall/save_ipset.cgi | 2 +- src/turtlefirewall/save_masquerade.cgi | 2 +- src/turtlefirewall/save_nat.cgi | 2 +- src/turtlefirewall/save_net.cgi | 2 +- src/turtlefirewall/save_options.cgi | 2 +- src/turtlefirewall/save_ratelimit.cgi | 2 +- src/turtlefirewall/save_redirect.cgi | 2 +- src/turtlefirewall/save_riskset.cgi | 2 +- src/turtlefirewall/save_rule.cgi | 2 +- src/turtlefirewall/save_time.cgi | 2 +- src/turtlefirewall/save_timegroup.cgi | 2 +- src/turtlefirewall/save_zone.cgi | 2 +- src/turtlefirewall/setup/TurtleFirewall.pm | 8 +- src/turtlefirewall/setup/domain_blacklist | 4 +- src/turtlefirewall/setup/fwservices.xml | 289 ++++++++++++++++-- .../setup/fwuserdefservices.xml | 224 -------------- src/turtlefirewall/setup/ip_blacklist | 4 +- src/turtlefirewall/setup/ja3_blacklist | 4 +- src/turtlefirewall/setup/sha1_blacklist | 4 +- src/turtlefirewall/setup/turtlefirewall | 9 +- src/turtlefirewall/start.cgi | 2 +- src/turtlefirewall/stop.cgi | 2 +- src/turtlefirewall/turtlefirewall-lib.pl | 2 +- 72 files changed, 374 insertions(+), 344 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index b8fb596..d1745f3 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,12 +1,14 @@ - - Turtle Firewall - - 2001/11/23 13:25:00 - - Copyright (c) 2001-2024 Andrea Frigido - You may distribute under the terms of either - the GNU General Public License (GPL) - +# Turtle Firewall +# +# Software for configuring a linux firewall (netfilter) +# +# 2001/11/23 13:25:00 +# +#====================================================================== +# Copyright (c) 2001-2025 Andrea Frigido +# You may distribute under the terms of either the GNU General Public +# License +#====================================================================== CHANGELOG --------- @@ -251,5 +253,8 @@ CHANGELOG - Feature : Add prefix support for net items. - Feature : Add item reference lookup support. - Feature : Make rule order configurable. - - Todo : Translate new features +01-01-2025 v.2.5 + - Services : Make user defined services permanent. + - Services : Removed depreciated kazaa and edonkey services. + - Todo : Translate new features. - Todo : Fix backup.cgi restore upload. diff --git a/INSTALL.md b/INSTALL.md index cf38184..867bb4b 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -173,17 +173,28 @@ dkms install -m xtables-time -v 1.0.0 ## Turtlefirewall Setup -First finalise setup via Webmin, then enable service. - -RHEL. +Disable default firewall RHEL. ``` -/etc/cron.daily/xt_geoip_update systemctl disable firewalld --now -systemctl enable turtlefirewall --now +``` +Finalise setup via Webmin or command line RHEL. +``` +cd /usr/libexec/webmin/turtlefirewall/setup +/usr/bin/env perl setup +cd .. +rm -rf setup* ``` -Debian. +Finalise setup via Webmin or command line Debian. +``` +cd /usr/share/webmin/turtlefirewall/setup +/usr/bin/env perl setup +cd .. +rm -rf setup* +``` + +Download GeoIP database and enable service. ``` /etc/cron.daily/xt_geoip_update systemctl enable turtlefirewall --now diff --git a/src/turtlefirewall/backup.cgi b/src/turtlefirewall/backup.cgi index 382050b..78a03b0 100644 --- a/src/turtlefirewall/backup.cgi +++ b/src/turtlefirewall/backup.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_addresslist.cgi b/src/turtlefirewall/edit_addresslist.cgi index ff10c68..55b4d81 100644 --- a/src/turtlefirewall/edit_addresslist.cgi +++ b/src/turtlefirewall/edit_addresslist.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_connmark.cgi b/src/turtlefirewall/edit_connmark.cgi index 73fafc8..f19bf6e 100644 --- a/src/turtlefirewall/edit_connmark.cgi +++ b/src/turtlefirewall/edit_connmark.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_connmarkpreroute.cgi b/src/turtlefirewall/edit_connmarkpreroute.cgi index 8d21dc5..449ab34 100644 --- a/src/turtlefirewall/edit_connmarkpreroute.cgi +++ b/src/turtlefirewall/edit_connmarkpreroute.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_conntrack.cgi b/src/turtlefirewall/edit_conntrack.cgi index 766a481..1830c26 100644 --- a/src/turtlefirewall/edit_conntrack.cgi +++ b/src/turtlefirewall/edit_conntrack.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_conntrackpreroute.cgi b/src/turtlefirewall/edit_conntrackpreroute.cgi index 80a6732..872ead2 100644 --- a/src/turtlefirewall/edit_conntrackpreroute.cgi +++ b/src/turtlefirewall/edit_conntrackpreroute.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_flowstat.cgi b/src/turtlefirewall/edit_flowstat.cgi index c8ab92c..778bbc5 100644 --- a/src/turtlefirewall/edit_flowstat.cgi +++ b/src/turtlefirewall/edit_flowstat.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_geoip.cgi b/src/turtlefirewall/edit_geoip.cgi index ad5de36..570a701 100644 --- a/src/turtlefirewall/edit_geoip.cgi +++ b/src/turtlefirewall/edit_geoip.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_group.cgi b/src/turtlefirewall/edit_group.cgi index 740305c..c5efaa4 100644 --- a/src/turtlefirewall/edit_group.cgi +++ b/src/turtlefirewall/edit_group.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_host.cgi b/src/turtlefirewall/edit_host.cgi index 8b3bef9..46f2636 100644 --- a/src/turtlefirewall/edit_host.cgi +++ b/src/turtlefirewall/edit_host.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_hostnameset.cgi b/src/turtlefirewall/edit_hostnameset.cgi index 33dca48..7fb9f40 100644 --- a/src/turtlefirewall/edit_hostnameset.cgi +++ b/src/turtlefirewall/edit_hostnameset.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_ipset.cgi b/src/turtlefirewall/edit_ipset.cgi index 06d97c2..69b6c77 100644 --- a/src/turtlefirewall/edit_ipset.cgi +++ b/src/turtlefirewall/edit_ipset.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_masquerade.cgi b/src/turtlefirewall/edit_masquerade.cgi index d832722..a98c729 100644 --- a/src/turtlefirewall/edit_masquerade.cgi +++ b/src/turtlefirewall/edit_masquerade.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_nat.cgi b/src/turtlefirewall/edit_nat.cgi index f8c457a..cf3e4f6 100644 --- a/src/turtlefirewall/edit_nat.cgi +++ b/src/turtlefirewall/edit_nat.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_net.cgi b/src/turtlefirewall/edit_net.cgi index ed5dd05..749dc7f 100644 --- a/src/turtlefirewall/edit_net.cgi +++ b/src/turtlefirewall/edit_net.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_options.cgi b/src/turtlefirewall/edit_options.cgi index cfe06f0..c084b51 100644 --- a/src/turtlefirewall/edit_options.cgi +++ b/src/turtlefirewall/edit_options.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_ratelimit.cgi b/src/turtlefirewall/edit_ratelimit.cgi index 57f1680..66bd48b 100644 --- a/src/turtlefirewall/edit_ratelimit.cgi +++ b/src/turtlefirewall/edit_ratelimit.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_redirect.cgi b/src/turtlefirewall/edit_redirect.cgi index 5a4ef6e..24de7fa 100644 --- a/src/turtlefirewall/edit_redirect.cgi +++ b/src/turtlefirewall/edit_redirect.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_riskset.cgi b/src/turtlefirewall/edit_riskset.cgi index 6a410e4..2289386 100644 --- a/src/turtlefirewall/edit_riskset.cgi +++ b/src/turtlefirewall/edit_riskset.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_rule.cgi b/src/turtlefirewall/edit_rule.cgi index c5d2ec6..4baf5f6 100644 --- a/src/turtlefirewall/edit_rule.cgi +++ b/src/turtlefirewall/edit_rule.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_time.cgi b/src/turtlefirewall/edit_time.cgi index e24aa8a..afda838 100644 --- a/src/turtlefirewall/edit_time.cgi +++ b/src/turtlefirewall/edit_time.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_timegroup.cgi b/src/turtlefirewall/edit_timegroup.cgi index 8f59935..91c71ba 100644 --- a/src/turtlefirewall/edit_timegroup.cgi +++ b/src/turtlefirewall/edit_timegroup.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/edit_zone.cgi b/src/turtlefirewall/edit_zone.cgi index 0ec1cd5..ee91cd1 100644 --- a/src/turtlefirewall/edit_zone.cgi +++ b/src/turtlefirewall/edit_zone.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/index.cgi b/src/turtlefirewall/index.cgi index 08cd2de..2fd1188 100644 --- a/src/turtlefirewall/index.cgi +++ b/src/turtlefirewall/index.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/list_actionlog.cgi b/src/turtlefirewall/list_actionlog.cgi index 874592d..8119439 100644 --- a/src/turtlefirewall/list_actionlog.cgi +++ b/src/turtlefirewall/list_actionlog.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/list_countrycodes.cgi b/src/turtlefirewall/list_countrycodes.cgi index 06db042..c6c72f5 100644 --- a/src/turtlefirewall/list_countrycodes.cgi +++ b/src/turtlefirewall/list_countrycodes.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/list_flowlog.cgi b/src/turtlefirewall/list_flowlog.cgi index bd22829..bd43fe9 100644 --- a/src/turtlefirewall/list_flowlog.cgi +++ b/src/turtlefirewall/list_flowlog.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/list_flowstat.cgi b/src/turtlefirewall/list_flowstat.cgi index 691e3a9..50f013d 100644 --- a/src/turtlefirewall/list_flowstat.cgi +++ b/src/turtlefirewall/list_flowstat.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/list_itemreferences.cgi b/src/turtlefirewall/list_itemreferences.cgi index f486154..d83350e 100644 --- a/src/turtlefirewall/list_itemreferences.cgi +++ b/src/turtlefirewall/list_itemreferences.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/list_items.cgi b/src/turtlefirewall/list_items.cgi index d24a91f..133856f 100644 --- a/src/turtlefirewall/list_items.cgi +++ b/src/turtlefirewall/list_items.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/list_manglerules.cgi b/src/turtlefirewall/list_manglerules.cgi index 9af78cb..2629b4e 100644 --- a/src/turtlefirewall/list_manglerules.cgi +++ b/src/turtlefirewall/list_manglerules.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/list_nat.cgi b/src/turtlefirewall/list_nat.cgi index d1460ef..62e5e9b 100644 --- a/src/turtlefirewall/list_nat.cgi +++ b/src/turtlefirewall/list_nat.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/list_ndpiprotocols.cgi b/src/turtlefirewall/list_ndpiprotocols.cgi index 2959fbc..43a6410 100644 --- a/src/turtlefirewall/list_ndpiprotocols.cgi +++ b/src/turtlefirewall/list_ndpiprotocols.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/list_ndpirisks.cgi b/src/turtlefirewall/list_ndpirisks.cgi index 9b53724..30ef540 100644 --- a/src/turtlefirewall/list_ndpirisks.cgi +++ b/src/turtlefirewall/list_ndpirisks.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/list_rawrules.cgi b/src/turtlefirewall/list_rawrules.cgi index 0674eca..a11afcd 100644 --- a/src/turtlefirewall/list_rawrules.cgi +++ b/src/turtlefirewall/list_rawrules.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/list_rules.cgi b/src/turtlefirewall/list_rules.cgi index a562a5d..79a3974 100644 --- a/src/turtlefirewall/list_rules.cgi +++ b/src/turtlefirewall/list_rules.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/list_services.cgi b/src/turtlefirewall/list_services.cgi index 22556b1..6be5d09 100644 --- a/src/turtlefirewall/list_services.cgi +++ b/src/turtlefirewall/list_services.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/module.info b/src/turtlefirewall/module.info index 832b6e2..c9fce83 100644 --- a/src/turtlefirewall/module.info +++ b/src/turtlefirewall/module.info @@ -1,5 +1,5 @@ os_support=*-linux -version=2.4 +version=2.5 longdesc=Configure a Linux firewall in a simple and fast way. name=turtlefirewall desc=Turtle Firewall diff --git a/src/turtlefirewall/save_addresslist.cgi b/src/turtlefirewall/save_addresslist.cgi index eae56c4..82aaea6 100644 --- a/src/turtlefirewall/save_addresslist.cgi +++ b/src/turtlefirewall/save_addresslist.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_connmark.cgi b/src/turtlefirewall/save_connmark.cgi index b06c549..4e68585 100644 --- a/src/turtlefirewall/save_connmark.cgi +++ b/src/turtlefirewall/save_connmark.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_connmarkpreroute.cgi b/src/turtlefirewall/save_connmarkpreroute.cgi index 798fd5e..064404b 100644 --- a/src/turtlefirewall/save_connmarkpreroute.cgi +++ b/src/turtlefirewall/save_connmarkpreroute.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_conntrack.cgi b/src/turtlefirewall/save_conntrack.cgi index 081e6c2..ba2d564 100644 --- a/src/turtlefirewall/save_conntrack.cgi +++ b/src/turtlefirewall/save_conntrack.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_conntrackpreroute.cgi b/src/turtlefirewall/save_conntrackpreroute.cgi index 633fa06..05b25e6 100644 --- a/src/turtlefirewall/save_conntrackpreroute.cgi +++ b/src/turtlefirewall/save_conntrackpreroute.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_geoip.cgi b/src/turtlefirewall/save_geoip.cgi index b4c338b..7653237 100644 --- a/src/turtlefirewall/save_geoip.cgi +++ b/src/turtlefirewall/save_geoip.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_group.cgi b/src/turtlefirewall/save_group.cgi index 1155167..2101935 100644 --- a/src/turtlefirewall/save_group.cgi +++ b/src/turtlefirewall/save_group.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_host.cgi b/src/turtlefirewall/save_host.cgi index d54ee85..749bc7b 100644 --- a/src/turtlefirewall/save_host.cgi +++ b/src/turtlefirewall/save_host.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_hostnameset.cgi b/src/turtlefirewall/save_hostnameset.cgi index 4cae000..4d65144 100644 --- a/src/turtlefirewall/save_hostnameset.cgi +++ b/src/turtlefirewall/save_hostnameset.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_ipset.cgi b/src/turtlefirewall/save_ipset.cgi index 63071d1..6612eea 100644 --- a/src/turtlefirewall/save_ipset.cgi +++ b/src/turtlefirewall/save_ipset.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_masquerade.cgi b/src/turtlefirewall/save_masquerade.cgi index 271d870..6b20ec9 100644 --- a/src/turtlefirewall/save_masquerade.cgi +++ b/src/turtlefirewall/save_masquerade.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_nat.cgi b/src/turtlefirewall/save_nat.cgi index ee16933..5d34af1 100644 --- a/src/turtlefirewall/save_nat.cgi +++ b/src/turtlefirewall/save_nat.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_net.cgi b/src/turtlefirewall/save_net.cgi index 3650b78..076586c 100644 --- a/src/turtlefirewall/save_net.cgi +++ b/src/turtlefirewall/save_net.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_options.cgi b/src/turtlefirewall/save_options.cgi index 62bc445..af35a08 100644 --- a/src/turtlefirewall/save_options.cgi +++ b/src/turtlefirewall/save_options.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_ratelimit.cgi b/src/turtlefirewall/save_ratelimit.cgi index bbd8b9b..8c577c5 100644 --- a/src/turtlefirewall/save_ratelimit.cgi +++ b/src/turtlefirewall/save_ratelimit.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_redirect.cgi b/src/turtlefirewall/save_redirect.cgi index aa71ad2..b54d8bb 100644 --- a/src/turtlefirewall/save_redirect.cgi +++ b/src/turtlefirewall/save_redirect.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_riskset.cgi b/src/turtlefirewall/save_riskset.cgi index 630c1f5..4bdea74 100644 --- a/src/turtlefirewall/save_riskset.cgi +++ b/src/turtlefirewall/save_riskset.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_rule.cgi b/src/turtlefirewall/save_rule.cgi index 6bc37e9..ca5349d 100644 --- a/src/turtlefirewall/save_rule.cgi +++ b/src/turtlefirewall/save_rule.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_time.cgi b/src/turtlefirewall/save_time.cgi index 9f64970..c445ef6 100644 --- a/src/turtlefirewall/save_time.cgi +++ b/src/turtlefirewall/save_time.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_timegroup.cgi b/src/turtlefirewall/save_timegroup.cgi index fd271a4..27c4174 100644 --- a/src/turtlefirewall/save_timegroup.cgi +++ b/src/turtlefirewall/save_timegroup.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/save_zone.cgi b/src/turtlefirewall/save_zone.cgi index 3bd0253..72a155d 100644 --- a/src/turtlefirewall/save_zone.cgi +++ b/src/turtlefirewall/save_zone.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/setup/TurtleFirewall.pm b/src/turtlefirewall/setup/TurtleFirewall.pm index 728ba6b..de07fda 100644 --- a/src/turtlefirewall/setup/TurtleFirewall.pm +++ b/src/turtlefirewall/setup/TurtleFirewall.pm @@ -1,11 +1,11 @@ -# TurtleFirewall: Turtle Firewall Library +# Turtle Firewall : Library # -# Software for configuring a Linux firewall (netfilter) +# Software for configuring a linux firewall (netfilter) # # 2001/11/23 13:25:00 # #====================================================================== -# Copyright (c) 2001-2024 Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== @@ -16,7 +16,7 @@ use XML::Parser; # Turtle Firewall Version sub Version { - return '2.4'; + return '2.5'; } sub new { diff --git a/src/turtlefirewall/setup/domain_blacklist b/src/turtlefirewall/setup/domain_blacklist index 20aec45..60f869a 100644 --- a/src/turtlefirewall/setup/domain_blacklist +++ b/src/turtlefirewall/setup/domain_blacklist @@ -4,8 +4,8 @@ # ln -sf /usr/lib/turtlefirewall/domain_blacklist /etc/cron.daily/domain_blacklist # -echo -e "\nTurtle Firewall 2.4 - Domain Blacklist"; -echo -e "Copyright (c) 2001-2024 Andrea Frigido\n"; +echo -e "\nTurtle Firewall 2.5 - Domain Blacklist"; +echo -e "Copyright (c) 2001-2025 Andrea Frigido \n"; fw_file="/etc/turtlefirewall/fw.xml" diff --git a/src/turtlefirewall/setup/fwservices.xml b/src/turtlefirewall/setup/fwservices.xml index a3896bb..3a0193d 100644 --- a/src/turtlefirewall/setup/fwservices.xml +++ b/src/turtlefirewall/setup/fwservices.xml @@ -67,6 +67,20 @@ + + + + + + + + + + + + + + @@ -87,21 +101,41 @@ + + + + + + + + + + + + + + + + + + + + @@ -112,7 +146,7 @@ - + @@ -128,6 +162,13 @@ + + + + + + + @@ -143,6 +184,11 @@ + + + + + @@ -229,11 +275,25 @@ - - - - - + + + + + + + + + + + + + + + + + + + @@ -274,7 +334,33 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -284,23 +370,6 @@ - - - - - - - - - - - - - - - - - @@ -393,7 +462,12 @@ - + + + + + + @@ -410,5 +484,170 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/turtlefirewall/setup/fwuserdefservices.xml b/src/turtlefirewall/setup/fwuserdefservices.xml index e62aae9..8ad7503 100644 --- a/src/turtlefirewall/setup/fwuserdefservices.xml +++ b/src/turtlefirewall/setup/fwuserdefservices.xml @@ -2,228 +2,4 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/src/turtlefirewall/setup/ip_blacklist b/src/turtlefirewall/setup/ip_blacklist index 665311b..7431d51 100644 --- a/src/turtlefirewall/setup/ip_blacklist +++ b/src/turtlefirewall/setup/ip_blacklist @@ -4,8 +4,8 @@ # ln -sf /usr/lib/turtlefirewall/ip_blacklist /etc/cron.daily/ip_blacklist # -echo -e "\nTurtle Firewall 2.4 - IP Blacklist"; -echo -e "Copyright (c) 2001-2024 Andrea Frigido\n"; +echo -e "\nTurtle Firewall 2.5 - IP Blacklist"; +echo -e "Copyright (c) 2001-2025 Andrea Frigido \n"; fw_file="/etc/turtlefirewall/fw.xml" diff --git a/src/turtlefirewall/setup/ja3_blacklist b/src/turtlefirewall/setup/ja3_blacklist index 3284a2d..231cd27 100644 --- a/src/turtlefirewall/setup/ja3_blacklist +++ b/src/turtlefirewall/setup/ja3_blacklist @@ -4,8 +4,8 @@ # ln -sf /usr/lib/turtlefirewall/ja3_blacklist /etc/cron.daily/ja3_blacklist # -echo -e "\nTurtle Firewall 2.4 - JA3 Blacklist"; -echo -e "Copyright (c) 2001-2024 Andrea Frigido\n"; +echo -e "\nTurtle Firewall 2.5 - JA3 Blacklist"; +echo -e "Copyright (c) 2001-2025 Andrea Frigido \n"; fw_file="/etc/turtlefirewall/fw.xml" diff --git a/src/turtlefirewall/setup/sha1_blacklist b/src/turtlefirewall/setup/sha1_blacklist index 7503cb7..bf94924 100644 --- a/src/turtlefirewall/setup/sha1_blacklist +++ b/src/turtlefirewall/setup/sha1_blacklist @@ -4,8 +4,8 @@ # ln -sf /usr/lib/turtlefirewall/sha1_blacklist /etc/cron.daily/sha1_blacklist # -echo -e "\nTurtle Firewall 2.4 - SHA1 Blacklist"; -echo -e "Copyright (c) 2001-2024 Andrea Frigido\n"; +echo -e "\nTurtle Firewall 2.5 - SHA1 Blacklist"; +echo -e "Copyright (c) 2001-2025 Andrea Frigido \n"; fw_file="/etc/turtlefirewall/fw.xml" diff --git a/src/turtlefirewall/setup/turtlefirewall b/src/turtlefirewall/setup/turtlefirewall index 14969d0..0bb8cae 100644 --- a/src/turtlefirewall/setup/turtlefirewall +++ b/src/turtlefirewall/setup/turtlefirewall @@ -1,24 +1,23 @@ #!/usr/bin/env perl -# -# TurtleFw: Turtle Firewall + +# Turtle Firewall # # Software for configuring a linux firewall (netfilter) # # 2001/11/23 13:25:00 # #====================================================================== -# Copyright (c) 2001-2024 Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== -# require '/usr/lib/turtlefirewall/TurtleFirewall.pm'; $firewall = new TurtleFirewall(); print "\nTurtle Firewall ".$firewall->Version()."\n"; -print "Copyright (c) 2001-2024 Andrea Frigido\n\n"; +print "Copyright (c) 2001-2025 Andrea Frigido \n\n"; # parsing dei parametri my $outputFile; diff --git a/src/turtlefirewall/start.cgi b/src/turtlefirewall/start.cgi index 6413ceb..76615d4 100644 --- a/src/turtlefirewall/start.cgi +++ b/src/turtlefirewall/start.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/stop.cgi b/src/turtlefirewall/stop.cgi index 9e59256..d7c3a3b 100644 --- a/src/turtlefirewall/stop.cgi +++ b/src/turtlefirewall/stop.cgi @@ -3,7 +3,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== diff --git a/src/turtlefirewall/turtlefirewall-lib.pl b/src/turtlefirewall/turtlefirewall-lib.pl index f88316b..541c177 100644 --- a/src/turtlefirewall/turtlefirewall-lib.pl +++ b/src/turtlefirewall/turtlefirewall-lib.pl @@ -1,7 +1,7 @@ #====================================================================== # Turtle Firewall webmin module # -# Copyright (c) Andrea Frigido +# Copyright (c) 2001-2025 Andrea Frigido # You may distribute under the terms of either the GNU General Public # License #====================================================================== From 9ede619cc86d1ef56da627930de6d124b752d2d2 Mon Sep 17 00:00:00 2001 From: netcons Date: Mon, 6 Jan 2025 15:43:07 +0200 Subject: [PATCH 047/113] Feature : nDPI 4.13 support. --- CHANGELOG | 1 + INSTALL.md | 10 +++++----- dkms/dkms-ndpi-netfilter.conf | 2 +- src/turtlefirewall/setup/fwndpiprotocols.xml | 7 +++++++ 4 files changed, 14 insertions(+), 6 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index d1745f3..5b6ef67 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -256,5 +256,6 @@ CHANGELOG 01-01-2025 v.2.5 - Services : Make user defined services permanent. - Services : Removed depreciated kazaa and edonkey services. + - Feature : nDPI 4.13 support. - Todo : Translate new features. - Todo : Fix backup.cgi restore upload. diff --git a/INSTALL.md b/INSTALL.md index 867bb4b..96203c8 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -130,18 +130,18 @@ Download source. cd /usr/src wget https://github.com/vel21ripn/nDPI/archive/master.zip -O nDPI-flow_info-4.zip unzip nDPI-flow_info-4.zip -mv nDPI-flow_info-4 ndpi-netfilter-4.11.0 +mv nDPI-flow_info-4 ndpi-netfilter-4.13.0 rm -rf nDPI-flow_info-4.zip -cd ndpi-netfilter-4.11.0 +cd ndpi-netfilter-4.13.0 rm -rf windows ``` Install module. ``` cp /tmp/turtlefirewall-master/dkms/dkms-ndpi-netfilter.conf ./dkms.conf -dkms add -m ndpi-netfilter -v 4.11.0 -dkms build -m ndpi-netfilter -v 4.11.0 -dkms install -m ndpi-netfilter -v 4.11.0 +dkms add -m ndpi-netfilter -v 4.13.0 +dkms build -m ndpi-netfilter -v 4.13.0 +dkms install -m ndpi-netfilter -v 4.13.0 ``` Install library. diff --git a/dkms/dkms-ndpi-netfilter.conf b/dkms/dkms-ndpi-netfilter.conf index 39a23d8..2f97b9d 100644 --- a/dkms/dkms-ndpi-netfilter.conf +++ b/dkms/dkms-ndpi-netfilter.conf @@ -1,4 +1,4 @@ -PACKAGE_VERSION="4.11.0" +PACKAGE_VERSION="4.13.0" # Items below here should not have to change with each driver version diff --git a/src/turtlefirewall/setup/fwndpiprotocols.xml b/src/turtlefirewall/setup/fwndpiprotocols.xml index 948f78a..62911da 100644 --- a/src/turtlefirewall/setup/fwndpiprotocols.xml +++ b/src/turtlefirewall/setup/fwndpiprotocols.xml @@ -76,6 +76,7 @@ + @@ -216,6 +217,7 @@ + @@ -262,6 +264,7 @@ + @@ -311,6 +314,7 @@ + @@ -347,6 +351,7 @@ + @@ -355,6 +360,7 @@ + @@ -419,6 +425,7 @@ + From a6bd9165f577c80bec5dd4fbc948cde440bcde41 Mon Sep 17 00:00:00 2001 From: netcons Date: Tue, 14 Jan 2025 05:58:45 +0200 Subject: [PATCH 048/113] Feature : Add clamp_mss_to_pmtu option. --- CHANGELOG | 1 + src/turtlefirewall/lang/de | 2 ++ src/turtlefirewall/lang/en | 2 ++ src/turtlefirewall/lang/fr | 2 ++ src/turtlefirewall/lang/it | 2 ++ src/turtlefirewall/lang/nl | 2 ++ src/turtlefirewall/setup/TurtleFirewall.pm | 15 +++++++++++++-- src/turtlefirewall/setup/fw.xml | 1 + src/turtlefirewall/turtlefirewall-lib.pl | 3 ++- 9 files changed, 27 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 5b6ef67..3b1e271 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -257,5 +257,6 @@ CHANGELOG - Services : Make user defined services permanent. - Services : Removed depreciated kazaa and edonkey services. - Feature : nDPI 4.13 support. + - Feature : Add clamp_mss_to_pmtu option. - Todo : Translate new features. - Todo : Fix backup.cgi restore upload. diff --git a/src/turtlefirewall/lang/de b/src/turtlefirewall/lang/de index 9cf538e..f569875 100644 --- a/src/turtlefirewall/lang/de +++ b/src/turtlefirewall/lang/de @@ -239,6 +239,8 @@ options_drop_sha1_blacklist_name=drop_sha1_blacklist options_drop_sha1_blacklist_desc=Drop sha1 blacklist - SSL certificate fingerprint ( globally ) options_nf_conntrack_max_name=nf_conntrack_max options_nf_conntrack_max_desc=Maximum number of sessions in conntrack table. +options_clamp_mss_to_pmtu_name=clamp_mss_to_pmtu +options_clamp_mss_to_pmtu_desc=Automatically set MSS for TCP SYN packets outgoing on any ppp interface. options_log_limit_name=log_limit options_log_limit_desc=Maximum average matching rate: number of logs per hour. options_log_limit_burst_name=log_limit_burst diff --git a/src/turtlefirewall/lang/en b/src/turtlefirewall/lang/en index 732a6c7..15414d7 100644 --- a/src/turtlefirewall/lang/en +++ b/src/turtlefirewall/lang/en @@ -239,6 +239,8 @@ options_drop_sha1_blacklist_name=drop_sha1_blacklist options_drop_sha1_blacklist_desc=Drop sha1 blacklist - SSL certificate fingerprint ( globally ) options_nf_conntrack_max_name=nf_conntrack_max options_nf_conntrack_max_desc=Maximum number of sessions in conntrack table. +options_clamp_mss_to_pmtu_name=clamp_mss_to_pmtu +options_clamp_mss_to_pmtu_desc=Automatically set MSS for TCP SYN packets outgoing on any ppp interface. options_log_limit_name=log_limit options_log_limit_desc=Maximum average matching rate: number of logs per hour. options_log_limit_burst_name=log_limit_burst diff --git a/src/turtlefirewall/lang/fr b/src/turtlefirewall/lang/fr index 5284e63..0eb9ad9 100644 --- a/src/turtlefirewall/lang/fr +++ b/src/turtlefirewall/lang/fr @@ -239,6 +239,8 @@ options_drop_sha1_blacklist_name=drop_sha1_blacklist options_drop_sha1_blacklist_desc=Drop sha1 blacklist - SSL certificate fingerprint ( globally ) options_nf_conntrack_max_name=nf_conntrack_max options_nf_conntrack_max_desc=Maximum number of sessions in conntrack table. +options_clamp_mss_to_pmtu_name=clamp_mss_to_pmtu +options_clamp_mss_to_pmtu_desc=Automatically set MSS for TCP SYN packets outgoing on any ppp interface. options_log_limit_name=log_limit options_log_limit_desc=Maximum average matching rate: number of logs per hour. options_log_limit_burst_name=log_limit_burst diff --git a/src/turtlefirewall/lang/it b/src/turtlefirewall/lang/it index 9e7c5c4..e0319ab 100644 --- a/src/turtlefirewall/lang/it +++ b/src/turtlefirewall/lang/it @@ -239,6 +239,8 @@ options_drop_sha1_blacklist_name=drop_sha1_blacklist options_drop_sha1_blacklist_desc=Drop sha1 blacklist - SSL certificate fingerprint ( globally ) options_nf_conntrack_max_name=nf_conntrack_max options_nf_conntrack_max_desc=Maximum number of sessions in conntrack table. +options_clamp_mss_to_pmtu_name=clamp_mss_to_pmtu +options_clamp_mss_to_pmtu_desc=Automatically set MSS for TCP SYN packets outgoing on any ppp interface. options_log_limit_name=log_limit options_log_limit_desc=Numero medio di log generati in un ora per una singola catena (zona->zona). options_log_limit_burst_name=log_limit_burst diff --git a/src/turtlefirewall/lang/nl b/src/turtlefirewall/lang/nl index 7fda1be..8b4d17c 100644 --- a/src/turtlefirewall/lang/nl +++ b/src/turtlefirewall/lang/nl @@ -239,6 +239,8 @@ options_drop_sha1_blacklist_name=drop_sha1_blacklist options_drop_sha1_blacklist_desc=Drop sha1 blacklist - SSL certificate fingerprint ( globally ) options_nf_conntrack_max_name=nf_conntrack_max options_nf_conntrack_max_desc=Maximum number of sessions in conntrack table. +options_clamp_mss_to_pmtu_name=clamp_mss_to_pmtu +options_clamp_mss_to_pmtu_desc=Automatically set MSS for TCP SYN packets outgoing on any ppp interface. options_log_limit_name=log_limit options_log_limit_desc=Maximum average matching rate: number of logs per hour. options_log_limit_burst_name=log_limit_burst diff --git a/src/turtlefirewall/setup/TurtleFirewall.pm b/src/turtlefirewall/setup/TurtleFirewall.pm index de07fda..59864a2 100644 --- a/src/turtlefirewall/setup/TurtleFirewall.pm +++ b/src/turtlefirewall/setup/TurtleFirewall.pm @@ -2007,6 +2007,8 @@ sub getIptablesRules { my $chains_mangle = ''; my $rules_mangle = ''; + my $rules_mangle_option = ''; + my $chains_mangle_connmarkpreroute = ''; my $rules_mangle_connmarkpreroute = ''; @@ -2063,7 +2065,7 @@ sub getIptablesRules { # Copy packet mark to connection mark and vice versa $rules_mangle .= "-A PREROUTING -j CONNMARK --restore-mark\n"; $rules_mangle .= "-A POSTROUTING -j CONNMARK --save-mark\n"; - + # Enable access from/to the loopback interface. $rules .= "-A INPUT -i lo -j ACCEPT\n"; $rules .= "-A OUTPUT -o lo -j ACCEPT\n"; @@ -2213,6 +2215,15 @@ sub getIptablesRules { } else { print "off\n"; } + + print "clamp_mss_to_pmtu: "; + if( $this->{fw}{OPTION}{clamp_mss_to_pmtu} ne 'off' ) { + $rules_mangle_option .= "-A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o ppp+ -j TCPMSS --clamp-mss-to-pmtu\n"; + $rules_mangle .= $rules_mangle_option; + print "on\n"; + } else { + print "off\n"; + } # Definition for the return chain # Return packet chain (NO new connections) @@ -2407,7 +2418,7 @@ sub getIptablesRules { print "DROP any other connections and LOG Action\n"; return ($rules_raw_conntrackpreroute || $rules_raw_conntrack ? $chains_raw.$rules_raw."COMMIT\n" : "*raw\nCOMMIT\n"). - ($rules_mangle_connmarkpreroute || $rules_mangle_connmark ? $chains_mangle.$rules_mangle."COMMIT\n" : "*mangle\nCOMMIT\n"). + ($rules_mangle_connmarkpreroute || $rules_mangle_connmark || $rules_mangle_option ? $chains_mangle.$rules_mangle."COMMIT\n" : "*mangle\nCOMMIT\n"). $chains.$rules."COMMIT\n".$chains_nat.$rules_nat."COMMIT\n"; } diff --git a/src/turtlefirewall/setup/fw.xml b/src/turtlefirewall/setup/fw.xml index 6eec0a9..4b0da19 100644 --- a/src/turtlefirewall/setup/fw.xml +++ b/src/turtlefirewall/setup/fw.xml @@ -17,6 +17,7 @@