#!/bin/sh #------------------------------------------------------------------------------ # portfw.cgi # Last Update: $Id$ #------------------------------------------------------------------------------ # get main helper functions #set_debug=yes . /srv/www/include/cgi-helper # Get libs . /srv/www/include/firewall_functions.inc # Security : ${FORM_action:="show"} case $FORM_action in show) sec_action="view" ;; *) sec_action="set" ;; esac check_rights "firewall-portfw" "$sec_action" case $FORM_action in show) show_html_header "$_PF_portforwarding" case $FORM_type in complete) get_all_matches show_tab_header "$_PF_portforwarding - $_PF_simple_view" "$myname?type=simple" "$_PF_portforwarding - $_PF_complete_view" no ;; *) get_active_matches show_tab_header "$_PF_portforwarding - $_PF_simple_view" no "$_PF_portforwarding - $_PF_complete_view" "$myname?type=complete" ;; esac cat <<-EOF EOF for match in $matches do eval echo '\ EOF src_used=no grep -n "DNAT:" /etc/portfw.conf | while read line_read do line= line_comment= eval `echo $line_read | sed 's/$[^#]*$/line="\1"/;s/$[^#]*$#$.*$/\1;line_comment="\2"/'` pf_rule=`echo "$line" |cut -d: -f2-` rulenum=`echo "$line" |cut -d: -f1` translate_ip_net () { # replace function to do nothing, because we dont't want to see the translated values in the gui res=$1 } cat <<-EOF EOF for match in $matches do val=`echo $pf_rule | sed -n -e "s/.*$match:$[^[:space:]]\+$.*/\1/p"` [ "$val" ] && pf_rule=`echo $pf_rule | sed -e "s/$.*$$match:[^[:space:]]\+$.*$/\1\2/"` eval echo '\ EOF done cat <<-EOF EOF for match in $matches do eval echo '\

$_PF_matches	$_PF_src		$_PF_dst		$_PF_redirect_to		$_PF_comment
$_PF_m_'$match'\' done cat <<-EOF	$_PF_host	$_PF_ports	$_PF_host	$_PF_ports	$_PF_host	$_PF_ports
$val\' done check_rule "$pf_rule" [ "$rule_error" ] && continue # don't show faulty rules dport=`echo $dport\|sed s/:/-/` rport=`echo $rport\|sed s/:/-/` pfw_fixup_ip src pfw_fixup_ip dst [ -n "$src" -a "$src" != "any" -o -n "$sport" ] && src_used=yes cat <<-EOF	$src	$sport	$dst	$dport	$rip	$rport	$line_comment
\\' done cat <<-EOF

EOF # show src field only if necessary [ "$src_used" = "yes" -o "$FORM_type" = "complete" ] && echo "" show_tab_footer show_html_footer ;; # create forward rule "$_PF_add") : ${FORM_dst:=dynamic} : ${FORM_src:=any} get_all_matches # add all transmitted matches to rule for match in $matches do eval val=\"\$FORM_$match\" [ "$val" ] && pf_rule="$pf_rule $match:$val" done create_rule "$FORM_src" "$FORM_sport" "$FORM_dst" "$FORM_dport" "$FORM_rip" "$FORM_rport" if [ "x$FORM_comment" != "x" ] then setup-portfw.sh add "$pf_rule #$FORM_comment" >> /tmp/pfcgi.$$ 2>&1 else setup-portfw.sh add "$pf_rule" >> /tmp/pfcgi.$$ 2>&1 fi if [ $? = 0 ] then reload else show_rule_error fi rm -f /tmp/pfcgi.$$ ;; # delete forward rule del_rule) pf_rule_read=`grep -n "DNAT:" /etc/portfw.conf | grep "^$FORM_rulenum:" | cut -d: -f2-` pf_rule_comment= eval `echo $pf_rule_read | sed 's/$[^#]*$/pf_rule="\1"/;s/$[^#]*$#$.*$/\1;pf_rule_comment="\2"/'` if [ "x$pf_rule_comment" != "x" ] then setup-portfw.sh del "$pf_rule #$pf_rule_comment" > /tmp/pfcgi.$$ 2>&1 else setup-portfw.sh del "$pf_rule" > /tmp/pfcgi.$$ 2>&1 fi if [ $? = 0 ] then reload else show_rule_error fi rm -f /tmp/pfcgi.$$ ;; esac