#! /bin/sh #------------------------------------------------------------------------------ # pf.cgi - show the firewall config # # Creation: 05.08.2005 jw5 # Last Update: $Id$ # #------------------------------------------------------------------------------ # Functions dump_rules () { rules="$1" f="echo \"Table filter\"; ip6tables --line-numbers -nvL" n="echo \"Table nat\"; ip6tables --line-numbers -t nat -nvL 2>/dev/null" r="echo \"Table raw\"; ip6tables --line-numbers -t raw -nvL" case $rules in INPUT | FORWARD | OUTPUT) eval $f $1 ;; PORTFW) eval $n PORTFW ;; all) eval $f eval $n eval $r ;; *[,:]*) for p in `echo $rules | sed -e 's/,/ /g'` do set `echo $p | sed -e 's/:/ /g'` case $# in 1) eval $f $1 ;; 2) echo "Table $1" iptables --line-numbers -t $1 -nvL $2 ;; esac done ;; *) eval $f INPUT eval $f FORWARD eval $f OUTPUT eval $n POSTROUTING ;; esac } format_output () { while read line do case "$line" in '') ;; Table*) table=$(echo "$line" | sed 's/^Table[[:space:]]*//') ;; Chain*) case $head in yes) echo '' show_tab_footer ;; esac show_tab_header "$line [$table]" no echo ' ' head=yes ;; num*) echo "$line" | sed -e 's/^/" #" echo "" ;; *) set -f set -- $line line="$1 $2 $3 $4 $5 --" shift 5 line="$line $*" set -- $line def=`echo "$1 $2 $3 $4 $5 $6 $7 $8 $9 ${10}" | sed -e 's/^/##g'` target=$4 shift 10 restr=`echo "" | sed -e 's,/[*].*[*]/,,;s###g'` if echo "$*" | grep -q '/\*.*\*/'; then comment="`echo "$*" | sed -e 's#.*/\*\(.*\)\*/[^*/]*#\1#'`" else comment="" fi echo "$def $restr " set +f ;; esac done echo '
/;s/[[:space:]]\+/<\/th>/g' echo "additional restrictionsconfig source
comment
/;s/[[:space:]]\+/<\/td>/g;s/$/<\/td>/;s#\(all\|[*]\|--\|0\.\0\.\0\.0/0\)$*
$comment
' show_tab_footer } # get main helper functions . /srv/www/include/cgi-helper # Security check_rights 'support' 'systeminfo' # some variable hacks for proper tab-selection _overview=$_MP_ov; _all=$_MN_all _INPUT="Input"; _FORWARD="Forward"; _OUTPUT="Output"; _PORTFW="Port-Forward"; : ${FORM_action:=overview} myname=`basename $0` show_html_header "$_MP_pf6-`eval echo '$_'$FORM_action`" "cssfile=pf" if ip6tables -t nat -L >/dev/null 2>&1 then show_tab_header "$_overview" "$myname" \ "$_INPUT" "$myname?action=INPUT" \ "$_FORWARD" "$myname?action=FORWARD" \ "$_OUTPUT" "$myname?action=OUTPUT" \ "$_PORTFW" "$myname?action=PORTFW" \ "$_all" "$myname?action=all" else show_tab_header "$_overview" "$myname" \ "$_INPUT" "$myname?action=INPUT" \ "$_FORWARD" "$myname?action=FORWARD" \ "$_OUTPUT" "$myname?action=OUTPUT" \ "$_all" "$myname?action=all" fi case $FORM_format in raw) echo "
"
        dump_rules $FORM_action
        echo "
" ;; *) dump_rules $FORM_action | format_output ;; esac show_tab_footer show_html_footer