#! /bin/sh
#------------------------------------------------------------------------------
# pf.cgi - show the firewall config
#
# Creation:     05.08.2005  jw5
# Last Update:  $Id$
#
#------------------------------------------------------------------------------

# Functions
dump_rules ()
{
    rules="$1"
    f="iptables --line-numbers -nvL"
    n="iptables --line-numbers -t nat -nvL"
    case $rules in
        INPUT | FORWARD) $f $1 ;;
        PORTFW)
	    setup-portfw.sh status | grep -v '^#'
            ;;
        DMZ)
            $f INPUT | grep -e ^Chain -e ^num -e dmz-inp
            $f dmz-inp
            $f FORWARD | grep -e ^Chain -e ^num -e dmz-fwd
            $f dmz-fwd
            $n PREROUTING
            $n POSTROUTING
            ;;
        all)
            $f
            $n
            ;;
        *[,:]*)
            for p in `echo $rules | sed -e 's/,/ /g'`
            do
                set `echo $p | sed -e 's/:/ /g'`
                case $# in
                    1)
                        $f $1
                        ;;
                    2)
                        iptables --line-numbers -t $1 -nvL $2
                        ;;
                esac
            done
            ;;
        *)
            $f INPUT
            $f FORWARD
            $n POSTROUTING
            ;;
    esac
}

format_output ()
{
    while read line
    do
        case "$line" in
            '') ;;
            Chain*)
                 case $head in
                     yes)
                         echo '</table>'
                         show_tab_footer
                     ;;
                 esac
                 show_tab_header "$line" no
                 echo '    <table class="normtable">'
                head=yes
                ;;
            num*)
                echo "$line" | sed -e 's/^/<tr><th>/;s/[[:space:]]\+/<\/th><th>/g'
                echo "</th><th>additional restrictions</th>" #<th>config source</th></tr>"
                echo "<th>comment</th></tr>"
                ;;
            *)
                set -f
                set -- $line
                def=`echo "$1 $2 $3 $4 $5 $6 $7 $8 $9 ${10}" | sed -e 's/^/<td>/;s/[[:space:]]\+/<\/td><td>/g;s/$/<\/td>/;s#<td>\(all\|[*]\|--\|0\.\0\.\0\.0/0\)</td>#<td>\&nbsp;</td>#g'`
                 target=$4
                shift 10
                restr=`echo "<td>$*</td>" | sed -e 's,/[*].*[*]/,,;s#<td></td>#<td>\&nbsp;</td>#g'`
                if echo "$*" | grep -q '/\*.*\*/'; then
                    comment="`echo "$*" | sed -e 's#.*/\*\(.*\)\*/[^*/]*#\1#'`"
                else
                    comment=""
                fi
                echo "<tr title=\"$comment\" class=\"$target\">$def $restr <td>$comment</td></tr>"
                set +f
                ;;
        esac
    done
    echo '</table>'
    show_tab_footer
}

# get main helper functions
. /srv/www/include/cgi-helper

# Security
check_rights 'support' 'systeminfo'

# some variable hacks for proper tab-selection
_overview=$_MP_ov; _all=$_MN_all
_INPUT="Input"; _FORWARD="Forward"; _PORTFW="Port-Forward"; _DMZ="DMZ"

: ${FORM_action:=overview}
myname=`basename $0`

show_html_header "$_MP_pf-`eval echo '$_'$FORM_action`" "cssfile=pf"

show_tab_header "$_overview" "$myname" \
                "$_INPUT" "$myname?action=INPUT" \
                "$_FORWARD" "$myname?action=FORWARD" \
                "$_PORTFW" "$myname?action=PORTFW" \
                "$_DMZ" "$myname?action=DMZ" \
                "$_all" "$myname?action=all"

case $FORM_format in
    raw)
        echo "<pre>"
        dump_rules $FORM_action
        echo "</pre>"
        ;;
    *)   dump_rules $FORM_action | format_output ;;
esac

show_tab_footer
show_html_footer
/;s/[[:space:]]\+/<\/th>	/g' echo "	additional restrictions	config source
comment
/;s/[[:space:]]\+/<\/td>	/g;s/$/<\/td>/;s#	\(all\\|[*]\\|--\\|0\.\0\.\0\.0/0\)	\	$*	\
$comment