From 4094d29da69d5eafae5661dfc71db59acb8bf6d1 Mon Sep 17 00:00:00 2001
From: Brian Read
Date: Wed, 12 Jul 2023 09:04:13 +0100
Subject: [PATCH] initial commit of file from CVS for e-smith-portforwarding on
Wed 12 Jul 09:04:13 BST 2023
---
.gitignore | 4 +
Makefile | 21 +
README.md | 18 +-
additional/COPYING | 340 +++++++++
contriborbase | 1 +
createlinks | 23 +
e-smith-portforwarding.spec | 486 +++++++++++++
.../migrate/10migrateMasqForwards | 19 +
.../etc/e-smith/web/functions/portforwarding | 168 +++++
.../rc.d/init.d/masq/42SetupPortForwarding | 5 +
.../etc/rc.d/init.d/masq/91adjustPortForward | 73 ++
root/etc/e-smith/web/functions/portforwarding | 128 ++++
.../esmith/FormMagick/Panel/portforwarding.pm | 676 ++++++++++++++++++
13 files changed, 1960 insertions(+), 2 deletions(-)
create mode 100644 .gitignore
create mode 100644 Makefile
create mode 100755 additional/COPYING
create mode 100644 contriborbase
create mode 100755 createlinks
create mode 100644 e-smith-portforwarding.spec
create mode 100644 root/etc/e-smith/db/configuration/migrate/10migrateMasqForwards
create mode 100755 root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding
create mode 100644 root/etc/e-smith/templates/etc/rc.d/init.d/masq/42SetupPortForwarding
create mode 100644 root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward
create mode 100755 root/etc/e-smith/web/functions/portforwarding
create mode 100644 root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/portforwarding.pm
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e594810
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+*.rpm
+*.log
+*spec-20*
+*.tar.xz
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..7937134
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,21 @@
+# Makefile for source rpm: e-smith-portforwarding
+# $Id: Makefile,v 1.1 2016/02/05 22:00:01 stephdl Exp $
+NAME := e-smith-portforwarding
+SPECFILE = $(firstword $(wildcard *.spec))
+
+define find-makefile-common
+for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
+endef
+
+MAKEFILE_COMMON := $(shell $(find-makefile-common))
+
+ifeq ($(MAKEFILE_COMMON),)
+# attept a checkout
+define checkout-makefile-common
+test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
+endef
+
+MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
+endif
+
+include $(MAKEFILE_COMMON)
diff --git a/README.md b/README.md
index 57ebf71..6da9e7a 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,17 @@
-# e-smith-portforwarding
+# e-smith-portforwarding
-SMEServer Koozali developed git repo for e-smith-portforwarding smeserver
\ No newline at end of file
+SMEServer Koozali developed git repo for e-smith-portforwarding smeserver
+
+## Wiki
+
https://wiki.koozali.org/
+
+## Bugzilla
+Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=e-smith-portforwarding&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
+
+## Description
+
+
*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.*
+*Once it has been checked, then this comment will be deleted*
+
+
+E-Smith-Portforwarding is a powerful software solution for streamlining the process of setting up and managing port forwarding on an internal network. It provides users with an intuitive and easy-to-use interface for creating and managing port forwarding rules, as well as quickly viewing the current status of active ports. With E-Smith-Portforwarding, users can quickly and easily forward ports to any internal or external host, allowing secure, remote access to services running on the internal network. It also provides in-depth monitoring and logging capabilities, allowing administrators to keep track of the activity on forwarded ports, as well as detect and alert them of any suspicious activity.
diff --git a/additional/COPYING b/additional/COPYING
new file mode 100755
index 0000000..196760e
--- /dev/null
+++ b/additional/COPYING
@@ -0,0 +1,340 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+
+ Copyright (C) 19yy
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) 19yy name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ , 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/contriborbase b/contriborbase
new file mode 100644
index 0000000..ef36a67
--- /dev/null
+++ b/contriborbase
@@ -0,0 +1 @@
+sme10
diff --git a/createlinks b/createlinks
new file mode 100755
index 0000000..ec9a25c
--- /dev/null
+++ b/createlinks
@@ -0,0 +1,23 @@
+#!/usr/bin/perl -w
+# This script creates the symlinks needed by this RPM
+# Specific support exists to create symlinks within e-smith web "panels"
+# and for links from named "events" directories into the "actions" directory
+
+use esmith::Build::CreateLinks qw(:all);
+
+#--------------------------------------------------
+# functions for user panel
+#--------------------------------------------------
+my $panel = "manager";
+panel_link("portforwarding", $panel);
+
+my $event = "portforwarding-update";
+templates2events("/etc/rc.d/init.d/masq", $event);
+safe_symlink("adjust", "root/etc/e-smith/events/$event/services2adjust/masq");
+
+my $event = "e-smith-portforwarding-update";
+templates2events("/etc/rc.d/init.d/masq", $event);
+safe_symlink("adjust", "root/etc/e-smith/events/$event/services2adjust/masq");
+# systemd-specific action mandatory for this package-update event
+event_link("systemd-reload", $event, "89");
+event_link("systemd-default", $event, "88");
diff --git a/e-smith-portforwarding.spec b/e-smith-portforwarding.spec
new file mode 100644
index 0000000..ea639aa
--- /dev/null
+++ b/e-smith-portforwarding.spec
@@ -0,0 +1,486 @@
+# $Id: e-smith-portforwarding.spec,v 1.3 2021/01/06 20:31:11 jpp Exp $
+
+Summary: portforwarding panel for SME Server
+%define name e-smith-portforwarding
+Name: %{name}
+%define version 2.6.0
+%define release 4
+Version: %{version}
+Release: %{release}%{?dist}
+License: GPL
+Group: Networking/Daemons
+Source: %{name}-%{version}.tar.xz
+
+BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
+BuildArchitectures: noarch
+Requires: e-smith-base
+Requires: e-smith-packetfilter >= 1.13.0-13
+Requires: e-smith-lib >= 1.15.1-19
+Requires: e-smith-formmagick >= 1.4.0-12
+BuildRequires: e-smith-devtools >= 1.13.1-03
+Obsoletes: e-smith-ipportfw dmc-mitel-portforwarding
+AutoReqProv: no
+
+%description
+Adds a Port Forwarding panel to the SME server-manager.
+
+%changelog
+* Wed Jul 12 2023 cvs2git.sh aka Brian Read 2.6.0-4.sme
+- Roll up patches and move to git repo [SME: 12338]
+
+* Wed Jul 12 2023 BogusDateBot
+- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
+ by assuming the date is correct and changing the weekday.
+ Wed Jun 26 2007 --> Wed Jun 20 2007 or Tue Jun 26 2007 or Wed Jun 27 2007 or ....
+
+* Wed Jan 06 2021 Jean-Philipe Pialasse 2.6.0-3.sme
+- add update event [SME: 11148]
+
+* Thu May 12 2016 Daniel Berteaud 2.6.0-2.sme
+- Rebuild for [SME: 9393]
+
+* Fri Feb 05 2016 stephane de Labrusse 2.6.0-1.sme
+- Initial release to sme10
+
+* Thu Jan 31 2013 Shad L. Lords 2.4.0-1.sme
+- Roll new stream for sme9
+
+* Thu Mar 11 2010 Jonathan Martens 2.2.0-6.sme
+- Fix missing space cuasing errors parsing the iptables rules [SME: 2379]
+
+* Tue Mar 9 2010 Jonathan Martens 2.2.0-5.sme
+- Rework 91adjustPortForward template fragment [SME: 2379]
+
+* Tue Dec 15 2009 Filippo Carletti 2.2.0-4.sme
+- Enable port forwards to localhost if mode is serveronly [SME: 1003]
+
+* Tue Oct 20 2009 Filippo Carletti 2.2.0-3.sme
+- Adjust xml entry in locale [SME: 771]
+
+* Mon Oct 19 2009 Filippo Carletti 2.2.0-2.sme
+- Add option to limit port forwards from source ip [SME: 2379]
+- Add Text Description For Each Port Forwarding [SME: 771]
+
+* Tue Oct 7 2008 Shad L. Lords 2.2.0-1.sme
+- Roll new stream to separate sme7/sme8 trees [SME: 4633]
+
+* Sun Apr 27 2008 Jonathan Martens 1.2.0-9
+- Add common tags to e-smith-formmagick's general [SME: 4282]
+
+* Wed Feb 13 2008 Stephen Noble 1.2.0-8
+- Remove tags now in general [SME: 3913]
+
+* Sun Feb 10 2008 Stephen Noble 1.2.0-7
+- Remove duplicate entries [SME: 3888]
+
+* Thu Nov 08 2007 Gavin Weight 1.2.0-6
+- Remove/Fix portforwarding.pm.orig file. [SME: 3526]
+
+* Tue Oct 16 2007 Charlie Brady 1.2.0-5
+- Use $OUTERNET for target of localhost port forwards, not externalIP
+ pulled from db at template expansion time. [SME: 2760]
+
+* Tue Jun 26 2007 Shad L. Lords 1.2.0-4
+ Wed Jun 26 2007 --> Wed Jun 20 2007 or Tue Jun 26 2007 or Wed Jun 27 2007 or ....
+- Ensure portforwarding dbs exists [SME: 54]
+
+* Tue Jun 26 2007 Shad L. Lords 1.2.0-3
+- Migrate portforwarding to own databases [SME: 54]
+
+* Sun Apr 29 2007 Shad L. Lords
+- Clean up spec so package can be built by koji/plague
+
+* Thu Dec 07 2006 Shad L. Lords
+- Update to new release naming. No functional changes.
+- Make Packager generic
+
+* Thu Mar 16 2006 Gordon Rowell 1.2.0-01
+- Roll stable stream version. [SME: 1016]
+
+* Wed Nov 30 2005 Gordon Rowell 1.1.2-02
+- Bump release number only
+
+* Fri Oct 14 2005 Gordon Rowell
+- [1.1.2-01]
+- Remove L10Ns from base packages [SF: 1309520]
+
+* Fri Oct 14 2005 Gordon Rowell
+- [1.1.1-01]
+- New dev stream before relocating L10Ns
+
+* Fri Sep 30 2005 Gordon Rowell
+- [1.1.0-13]
+- Added Italian L10N - Thanks Filippo Carletti [SF: 1309266]
+
+* Mon Sep 26 2005 Gordon Rowell
+- [1.1.0-12]
+- Added German L10N - Thanks Dietmar Berteld [SF: 1293325]
+
+* Thu Jul 14 2005 Charlie Brady
+- [1.1.0-11]
+- Fix an expression precedence problem with UDP portforwarding. [SF: 1237913]
+
+* Fri Jul 8 2005 Charlie Brady
+- [1.1.0-10]
+- Fix UDP portforwarding. [SF: 1234630]
+
+* Sat Mar 19 2005 Charlie Brady
+- [1.1.0-09]
+- Fix typo in createlinks.
+
+* Fri Mar 18 2005 Charlie Brady
+- [1.1.0-08]
+- Add fr and es localisations for new text.
+
+* Thu Mar 17 2005 Charlie Brady
+- [1.1.0-07]
+- Display text to indicate that portforwarding isn't available in
+ serveronly mode.
+- Create new portforwarding-update event, as remoteaccess-update
+ is rather heavyweight. use generic_template_expand and
+ adjust-services. [MN00064130, MN00065576]
+- Fix some run-time probs with Gordon's contributed patch.
+
+* Wed Mar 16 2005 Charlie Brady
+- [1.1.0-06]
+- Patch provided by Gordon to allow portforwarding to "localhost".
+
+* Wed May 5 2004 Michael Soulier
+- [1.1.0-05]
+- Now detecting serveronly mode, and disabling the ability to add
+ portforwarding rules while in that state. [msoulier MN00025609]
+
+* Wed Dec 3 2003 Michael Soulier
+- [1.1.0-04]
+- Added French and Spanish translations of new lexicon. [msoulier 10203]
+
+* Wed Dec 3 2003 Michael Soulier
+- [1.1.0-03]
+- Refactored 91adjustPortForward to remove duplicate code. [msoulier 10203]
+- Added code to properly handle portforwarding to the external interface.
+ Forwarding to localhost or the private interface is now explicitly blocked.
+ [msoulier 10203]
+
+* Mon Oct 20 2003 Michael Soulier
+- [1.1.0-02]
+- Added better validation on the sort port to prevent conflicting rules.
+ [msoulier 9262]
+
+* Fri Oct 17 2003 Michael Soulier
+- [1.1.0-01]
+- forcing to dev stream - 1.1.0
+
+* Fri Oct 17 2003 Michael Soulier
+- [0.2.0-03]
+- Fixed summaries so that the styling is now 6.0. [msoulier 9306]
+
+* Thu Aug 28 2003 Charlie Brady
+- [0.2.0-02]
+- Fix typo in masq fragment which prevented forwarding of UDP.
+ [charlieb 9859]
+
+* Thu Jun 26 2003 Charlie Brady
+- [0.2.0-01]
+- Changing version to stable stream number - 0.2.0
+
+* Tue Jun 24 2003 Gordon Rowell
+- [0.1.1-20]
+- Wording update on main page [gordonr 9101]
+
+* Fri Jun 20 2003 Michael Soulier
+- [0.1.1-19]
+- Revert to previous version. [msoulier 8803]
+
+* Wed Jun 11 2003 Charlie Brady
+- [0.1.1-18]
+- Redo (simplify) some of the code in the portforwarding panel, and make
+ destination port explicit if not specified. [charlieb 8803]
+
+* Tue May 6 2003 Lijie Deng
+- [0.1.1-17]
+- Add Spanish lexicon for portfowarding [lijied 3793]
+
+* Tue Apr 8 2003 Lijie Deng
+- [0.1.1-16]
+- Removed colons on the label where necessary [lijied 7950]
+
+* Tue Apr 8 2003 Lijie Deng
+- [0.1.1-15]
+- Modified button Apply to Add [lijied 7921]
+
+* Tue Apr 8 2003 Lijie Deng
+- [0.1.1-14]
+- Added French translation for "Misuse of feature...." [lijied 8072]
+
+* Tue Apr 8 2003 Michael Soulier
+- [0.1.1-13]
+- Fixed lack of buttons on summary page. [msoulier 8089]
+
+* Mon Apr 7 2003 Michael Soulier
+- [0.1.1-12]
+- Inserting PortForwarding chain as first entry in the PREROUTING chain.
+ [msoulier 8089]
+
+* Fri Apr 4 2003 Lijie Deng
+- [0.1.1-11]
+- Change $q->table to $q->start_table where necessary [lijied 8034]
+
+* Fri Apr 4 2003 Gordon Rowell
+- [0.1.1-10]
+- Text revision on panel [gordonr 8072]
+
+* Thu Apr 3 2003 Tony Clayton
+- [0.1.1-09]
+- Add colons to labels and fix text when table is empty in panel [tonyc 7950]
+
+* Wed Apr 2 2003 Michael Soulier
+- [0.1.1-08]
+- Added french lexicon for creating a port-forwarding rule. [msoulier 7284]
+
+* Tue Apr 1 2003 Gordon Rowell
+- [0.1.1-07]
+- Delete stray fr nav bar lexicon entries [gordonr 7926]
+
+* Tue Apr 1 2003 Gordon Rowell
+- [0.1.1-06]
+- Added french lexicon for security, so it shows up in the right spot
+ on the menu panel. [msoulier 7284]
+
+* Tue Apr 1 2003 Michael Soulier
+- [0.1.1-05]
+- Added proper styling to the tables. [msoulier 7284]
+- Added spacing around table elements. [msoulier 7284]
+- Put a 6.0 look on the buttons on the summary page. [msoulier 7284]
+- Removed the button-like style from the remove links. [msoulier 7284]
+
+* Fri Mar 28 2003 Michael Soulier
+- [0.1.1-04]
+- Added proper styles to make links that behave like buttons,
+ look like buttons, for 6.0. [msoulier 7284]
+
+* Fri Mar 28 2003 Michael Soulier
+- [0.1.1-03]
+- Fixed a couple of typos in the english lexicon. [msoulier 7284]
+- Included the french lexicon. [msoulier 7284]
+
+* Tue Mar 25 2003 Michael Soulier
+- [0.1.1-02]
+- Portforwarding still had problems, fixed here. [msoulier 7284]
+
+* Tue Mar 25 2003 Michael Soulier
+- [0.1.1-01]
+- Modified to work with new e-smith-packetfilter changes for 6.0
+ [msoulier 7284]
+- Note: This breaks backwards-compatibility with 5.6.
+
+* Tue Mar 18 2003 Lijie Deng
+- [0.1.0-33]
+- Modified port forwarding panel order [lijied 7356]
+
+* Thu Mar 13 2003 Lijie Deng
+- [0.1.0-32]
+- Split en-us lexicon from portwarding panel [lijied 4030]
+
+* Tue Mar 11 2003 Michael Soulier
+- [0.1.0-31]
+- Finished patching the interface to take an empty dport. [msoulier 5645]
+
+* Mon Mar 10 2003 Michael Soulier
+- [0.1.0-30]
+- Patched the masq fragments to accept an empty dport. [msoulier 5645]
+- Patched the interface to accept an empty destination port.
+ [msoulier 5645]
+
+* Mon Mar 10 2003 Michael Soulier
+- [0.1.0-29]
+- Tweaked the wording in the panel. [msoulier 5645]
+
+* Mon Mar 10 2003 Michael Soulier
+- [0.1.0-28]
+- Additional tweaks to fix the iptables syntax and adjust the size of the
+ fields in the UI. [msoulier 5645]
+
+* Mon Mar 10 2003 Michael Soulier
+- [0.1.0-27]
+- Adding support for a port range on source and destination ports.
+ [msoulier 5645]
+
+* Mon Mar 10 2003 Michael Soulier
+- [0.1.0-26]
+- Updating dependencies. [msoulier 5645]
+
+* Mon Mar 10 2003 Michael Soulier
+- [0.1.0-25]
+- Fixed bad removal which set all destination ports to the same port.
+ [msoulier 5645]
+
+* Mon Mar 10 2003 Michael Soulier
+- [0.1.0-24]
+- Updated dependency information to make it use the backported
+ e-smith-packetfilter rpm for the 5.6 updates stream. [msoulier 5645]
+
+* Thu Mar 6 2003 Lijie Deng
+- [0.1.0-23]
+- Modified panel order [lijied 7356]
+
+* Sun Feb 23 2003 Michael Soulier
+- [0.1.0-22]
+- Backed-out the changes in 0.1.0-21. They're incompatible with
+ e-smith-packetfilter. We'll have to discuss this first. [msoulier 5696]
+
+* Sun Feb 23 2003 Michael Soulier
+- [0.1.0-21]
+- Permitting port ranges instead of just single ports. [msoulier 5696]
+
+* Sun Jan 26 2003 Mike Dickson
+- [0.1.0-20]
+- added ACTION to lexicon, and code to use it [miked 6363]
+
+* Sun Jan 26 2003 Mike Dickson
+- [0.1.0-19]
+- backed out previous patch since it applied too many changes at once. I will
+ re-submit in manageable chunks
+
+* Sat Jan 25 2003 Mike Dickson
+- [0.1.0-18]
+- added ACTION to lexicon [miked 6363]
+
+* Wed Dec 18 2002 Michael Soulier
+- [0.1.0-17]
+- Added a feature to remove the "finished" page and cycle back to the start
+ page with a status message instead. [msoulier 5696]
+- Found and fixed a bug permitting the addition of duplicate rules.
+
+* Mon Dec 16 2002 Michael Soulier
+- [0.1.0-16]
+- Added a space between the two buttons on the summary panel.
+ [msoulier 5696]
+
+* Mon Dec 16 2002 Michael Soulier
+- [0.1.0-15]
+- Fixed broken removal due to using the wrong variable set to repopulate the
+ db entry. [msoulier 5696]
+
+* Fri Dec 6 2002 Michael Soulier
+- [0.1.0-14]
+- Fixed bad variable reference in test cases. [msoulier 5696]
+
+* Thu Dec 5 2002 Michael Soulier
+- [0.1.0-13]
+- Added some test cases to portforwarding.pm. [msoulier 5696]
+
+* Fri Nov 29 2002 Michael Soulier
+- [0.1.0-12]
+- Improved the IP address validation. [msoulier 5696]
+
+* Fri Nov 29 2002 Michael Soulier
+- [0.1.0-11]
+- Made sure all messages are localised, and added better error handling.
+ [msoulier 5696]
+
+* Thu Nov 28 2002 Michael Soulier
+- [0.1.0-10]
+- Updated to make use of changes to the packetfilter. Fixed the placement of
+ the udp portforwarding rules, and the spelling of "completely".
+ [msoulier 5696]
+
+* Wed Nov 27 2002 Michael Soulier
+- [0.1.0-09]
+- Localised the summary table labels. [msoulier 5696]
+
+* Wed Nov 27 2002 Michael Soulier
+- [0.1.0-08]
+- The destination host must be an IP address. Enforcing now.
+ [msoulier 5696]
+
+* Tue Nov 26 2002 Michael Soulier
+- [0.1.0-07]
+- First working prototype. [msoulier 5696]
+
+* Mon Nov 25 2002 Michael Soulier
+- [0.1.0-06]
+- Basic functionality present. Still need to add the ability to
+ delete rules, and display current rules. [msoulier 5696]
+
+* Fri Nov 22 2002 Michael Soulier
+- [0.1.0-05]
+- Starting the FormMagick conversion of the panel. [msoulier 5696]
+
+* Thu Nov 21 2002 Charlie Brady
+- [0.1.0-04]
+- Use "--list --numeric" to avoid DNS lookup delays. [charlieb 5645]
+
+* Mon Nov 11 2002 Charlie Brady
+- [0.1.0-03]
+- Fix portforwarding rules to match DB format used by panel code -
+ which is $ip:[$dport], this allows forwarding to a port other than the
+ listen port [charlieb 5645].
+
+* Mon Nov 11 2002 Charlie Brady
+- [0.1.0-02]
+- Convert to iptables, and conform to "masq adjust" way of doing things.
+ [charlieb 5645]
+
+* Mon Nov 11 2002 Charlie Brady
+- [0.1.0-01]
+- Rolling to development stream to 0.1.0
+
+* Mon Nov 11 2002 Charlie Brady
+- [0.0.1-6]
+- Renamed to e-smith-portforwarding.
+- Imported into CVS as baseline for further development.
+
+* Sat Sep 21 2002 Darrell May
+- updated 35SetPortFW to support dynamic external IP
+- [0.0.1-5]
+* Tue Jan 01 2002 Darrell May
+- added Obsoletes: e-smith-ipportfw dmc-mitel-portfowarding
+- [0.0.1-4]
+* Tue Jan 01 2002 Darrell May
+- fixed spelling in rpm name, now to dmc-mitel-portforwarding
+- merged in e-smith-ipportfw-0.1.1-1.noarch.rpm
+- [0.0.1-3]
+* Mon Dec 31 2001 Darrell May
+- added "Shad L. Lords" , e-smith-iportfw 35SetPortFW
+- templates-custom fragment supporting dest port addresses
+- updated portforwarding panel to match
+- removed first/last portforward panel bug by adding return on Operation Status
+- [0.0.1-2]
+* Sun Dec 30 2001 Darrell May
+- initial release
+- [0.0.1-1]
+
+%prep
+%setup
+
+%build
+perl createlinks
+
+%install
+rm -rf $RPM_BUILD_ROOT
+(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
+rm -f e-smith-%{version}-filelist
+/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist
+
+for proto in tcp udp
+do
+ mkdir -p $RPM_BUILD_ROOT/home/e-smith/db
+ touch $RPM_BUILD_ROOT/home/e-smith/db/portforward_$proto
+ echo "%config(noreplace) %attr(0640,root,admin) /home/e-smith/db/portforward_$proto" \
+ >> %{name}-%{version}-filelist
+done
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files -f %{name}-%{version}-filelist
+
+%defattr(-,root,root)
+
+%pre
+
+%post
+
+%preun
+
+%postun
diff --git a/root/etc/e-smith/db/configuration/migrate/10migrateMasqForwards b/root/etc/e-smith/db/configuration/migrate/10migrateMasqForwards
new file mode 100644
index 0000000..ed3e1ad
--- /dev/null
+++ b/root/etc/e-smith/db/configuration/migrate/10migrateMasqForwards
@@ -0,0 +1,19 @@
+{
+ my %FDB;
+ foreach my $proto ('TCP', 'UDP') {
+ $FDB{$proto} = esmith::ConfigDB->open("portforward_" . lc($proto))
+ || esmith::ConfigDB->create("portforward_" . lc($proto));
+
+ my %rules = split ',', $DB->get_prop_and_delete('masq', "${proto}Forwards")
+ || next;
+
+ foreach my $entry (keys %rules) {
+ my %props = ( type => 'forward' );
+ my ($addr, $port) = split ':', $rules{$entry};
+ $props{'DestHost'} = $addr;
+ $props{'DestPort'} = $port if $port;
+
+ $FDB{$proto}->new_record($entry, \%props);
+ }
+ }
+}
diff --git a/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding b/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding
new file mode 100755
index 0000000..f1fdda9
--- /dev/null
+++ b/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding
@@ -0,0 +1,168 @@
+
+
+
+ FORM_TITLE
+ Configure Port Forwarding
+
+
+ FIRST_PAGE_DESCRIPTION
+
+ You can use this panel to modify your firewall rules so
+ as to open a specific port on this server and forward it
+ to another port on another host. Doing so will permit
+ incoming traffic to directly access a private host on
+ your LAN.
+
+
+ WARNING: Misuse of this feature can seriously compromise the
+ security of your network. Do not use this feature
+ lightly, or without fully understanding the implications
+ of your actions.
+
+ ]]>
+
+
+
+ CREATE_RULE
+ Create portforwarding rule
+
+
+ SUMMARY_ADD_DESC
+ The following summarizes the port-forwarding rule
+ that you are about to add. If you are satisfied with the rule,
+ click the "Add" button. If you are not, click the
+ "Cancel" button.
+
+
+
+ SUMMARY_REMOVE_DESC
+ The following summarizes the port-forwarding rule
+ that you are about to remove. If you are sure you want to
+ remove the rule, click the "Remove" button. If not,
+ click the "Cancel" button.
+
+
+
+ SHOW_FORWARDS
+
+ Below you will find a table summarizing the current
+ port-forwarding rules installed on this server. Click on the
+ "Remove" link to remove the corresponding rule.
+
+
+
+ NO_FORWARDS
+ There are currently no forwarded ports on the system.
+
+
+ CREATE_PAGE_DESCRIPTION
+ Select the protocol, the port you wish to forward, the
+ destination host, and the port on the destination host
+ that you wish to forward to. If you wish to specify a port
+ range, enter the lower and upper boundaries separated by a
+ hyphen. The destination port may be left blank, which will
+ instruct the firewall to leave the source port
+ unaltered.
+ ]]>
+
+
+
+ LABEL_SOURCE_PORT
+ Source Port(s)
+
+
+ LABEL_PROTOCOL
+ Protocol
+
+
+ LABEL_DESTINATION_PORT
+ Destination Port(s)
+
+
+ LABEL_DESTINATION_HOST
+ Destination Host IP Address
+
+
+ LABEL_RULE_COMMENT
+ Rule Comment
+
+
+ LABEL_ALLOW_HOSTS
+ Allow Hosts
+
+
+ Port forwarding
+ Port forwarding
+
+
+ SUCCESS
+ Your change to the port forwarding rules has been
+ successfully saved.
+
+
+
+ RULE_COMMENT
+ Rule Comment
+
+
+ ALLOW_HOSTS
+ Allow Hosts
+
+
+ ERR_NO_MASQ_RECORD
+ Cannot retrieve masq record from the configuration
+ database.
+
+
+ ERR_UNSUPPORTED_MODE
+ Unsupported mode.
+
+
+ ERR_CANNOT_REMOVE_NORULE
+ Cannot remove non-existant rule.
+
+
+ ERR_NONZERO_RETURN_EVENT
+ Event returned a non-zero return value.
+
+
+ ERR_BADPORT
+ The ports must be a positive integer less than
+ 65536.
+
+
+ ERR_BADIP
+ This does not appear to be an IP address. You must use
+ dotted-quad notation, and each of the four numbers should be less
+ than 256. ie: 192.168.0.5
+
+
+ ERR_DUPRULE
+ This rule has already been added, it cannot be added
+ twice.
+
+
+ ERR_PORT_COLLISION
+
+ ERROR: This port or port range conflicts with an existing
+ rule. Please modify this new rule, or remove the old rule.
+
+
+
+ ERR_BADAHOST
+
+ This does not appear to be a valid IP address list.
+ ie: 192.168.0.1,192.168.1.1/24
+
+
+
+ IN_SERVERONLY
+
+ This server is currently in serveronly mode and portforwarding
+ is possible only to localhost.
+
+
+
diff --git a/root/etc/e-smith/templates/etc/rc.d/init.d/masq/42SetupPortForwarding b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/42SetupPortForwarding
new file mode 100644
index 0000000..0d6c421
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/42SetupPortForwarding
@@ -0,0 +1,5 @@
+ /sbin/iptables -t nat --new-chain PortForwarding
+ /sbin/iptables -t nat --new-chain PortForwarding_1
+ /sbin/iptables -t nat --insert PREROUTING --jump PortForwarding
+ /sbin/iptables -t nat --append PortForwarding --destination $OUTERNET \
+ --jump PortForwarding_1
diff --git a/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward
new file mode 100644
index 0000000..41c636c
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward
@@ -0,0 +1,73 @@
+{
+ my $pf_chain = "PortForwarding_\$\$";
+ $OUT .= "# Create a new PortForwarding chain\n";
+ $OUT .= "PFC=\$(/sbin/iptables --table nat ";
+ $OUT .= "--numeric --list PortForwarding |\\\n";
+ $OUT .= " sed -n '3s/ .*//p')\n";
+ $OUT .= " /sbin/iptables --table nat --new-chain $pf_chain\n";
+
+ my %FDB;
+
+ foreach my $protocol (qw(tcp udp))
+ {
+ my $uproto = uc $protocol;
+ $FDB{$protocol} = esmith::ConfigDB->open("portforward_$protocol")
+ || die "Can't open portforward_$protocol database: $!\n";
+
+ foreach my $entry ( $FDB{$protocol}->get_all ) {
+ my $port = $entry->key;
+ my $ip = $entry->prop('DestHost');
+ my $dport = $entry->prop('DestPort') || $port;
+ $port =~ s/-/:/;
+
+ # Map canonical localhost back to our current external IP
+ $ip = '$OUTERNET' if ($ip eq 'localhost');
+
+ my $host_list = $entry->prop("AllowHosts") || '0.0.0.0/0';
+ foreach my $host (split(',', $host_list)) {
+
+ $OUT .= " /sbin/iptables --table nat --append $pf_chain";
+
+ # Set up local port to forward
+ $OUT .= " --proto $protocol --destination-port ${port}";
+ $OUT .= " --src $host" unless $host eq '0.0.0.0/0';
+
+ # Set up the remote port to forward to
+ $OUT .= " -j DNAT --to-destination $ip:$dport\n";
+
+ }
+
+ # And accept the incoming packets. Use the dport if there is one.
+ ($port = $dport) =~ s/-/:/ if $dport;
+
+ # If this rule is forwarding to localhost, ExternalIP or LocalIP,
+ # then we must allow it on the INPUT chain instead of the FORWARD
+ # chain.
+
+ my $target_chain = (($ip eq '$OUTERNET') ?
+ "Inbound${uproto}_\$\$" : "Forwarded${uproto}_\$\$");
+
+ foreach my $access_type (("Allow", "Deny")) {
+ my $jump_target = (($access_type eq "Allow") ? "ACCEPT" : "denylog");
+ my $host_list = $entry->prop("${access_type}Hosts") || "";
+
+ $host_list = "0.0.0.0/0"
+ if (($host_list eq "") and ($access_type eq "Allow"));
+
+ foreach my $host (split(',', $host_list)) {
+ $OUT .= " /sbin/iptables -A $target_chain";
+ $OUT .= " --proto $protocol --dport $port \\\n ";
+ $OUT .= " --destination $ip" if ($ip ne '$OUTERNET');
+ $OUT .= " --src $host --jump $jump_target\n";
+ }
+ }
+ }
+ }
+
+ # having created a new PortForwarding chain, activate it and destroy
+ # the old.
+ $OUT .= " /sbin/iptables --table nat --replace PortForwarding 1 " .
+ "--destination \$OUTERNET --jump $pf_chain\n";
+ $OUT .= " /sbin/iptables --table nat --flush \$PFC\n";
+ $OUT .= " /sbin/iptables --table nat --delete-chain \$PFC\n";
+}
diff --git a/root/etc/e-smith/web/functions/portforwarding b/root/etc/e-smith/web/functions/portforwarding
new file mode 100755
index 0000000..a5b9e8b
--- /dev/null
+++ b/root/etc/e-smith/web/functions/portforwarding
@@ -0,0 +1,128 @@
+#!/usr/bin/perl -wT
+# vim: ft=xml ts=4 sw=4 et:
+#----------------------------------------------------------------------
+# heading : Security
+# description : Port forwarding
+# navigation : 5000 5400
+#----------------------------------------------------------------------
+#----------------------------------------------------------------------
+# copyright (C) 2002 Mitel Networks Corporation
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# Technical support for this program is available from Mitel Networks
+# Please visit our web site www.mitel.com/sme/ for details.
+#----------------------------------------------------------------------
+
+use strict;
+use esmith::FormMagick::Panel::portforwarding;
+my $form = esmith::FormMagick::Panel::portforwarding->new();
+# Uncomment the next line for debugging purposes.
+#$form->debug(1);
+$form->display();
+
+
+__DATA__
+
diff --git a/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/portforwarding.pm b/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/portforwarding.pm
new file mode 100644
index 0000000..9c6dbd7
--- /dev/null
+++ b/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/portforwarding.pm
@@ -0,0 +1,676 @@
+#----------------------------------------------------------------------
+# $Id: portforwarding.pm,v 1.38 2005/03/16 23:37:02 charlieb Exp $
+# vim: ft=perl ts=4 sw=4 et:
+#----------------------------------------------------------------------
+# copyright (C) 2002 Mitel Networks Corporation
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# Technical support for this program is available from Mitel Networks
+# Please visit our web site www.e-smith.com for details.
+#----------------------------------------------------------------------
+
+package esmith::FormMagick::Panel::portforwarding;
+
+use strict;
+use esmith::ConfigDB;
+use esmith::FormMagick;
+use esmith::util;
+use esmith::util::network qw(isValidIP);
+use esmith::cgi;
+use Exporter;
+
+use constant TRUE => 1;
+use constant FALSE => 0;
+
+our @ISA = qw(esmith::FormMagick Exporter);
+
+our @EXPORT = qw(
+ show_port_forwards create_new validate_source_port
+ validate_destination_port display_create_summary
+ );
+
+our $VERSION = sprintf '%d.%03d', q$Revision: 1.38 $ =~ /: (\d+).(\d+)/;
+our $db = esmith::ConfigDB->open
+ || die "Can't open configuration database: $!\n";
+our $tcp_db = esmith::ConfigDB->open('portforward_tcp')
+ || die "Can't open portforward_tcp database: $!\n";
+our $udp_db = esmith::ConfigDB->open('portforward_udp')
+ || die "Can't open portforward_udp database: $!\n";
+
+=head1 NAME
+
+esmith::FormMagick::Panels::portforwarding - useful panel functions
+
+=head1 SYNOPSIS
+
+ use esmith::FormMagick::Panels::portforwarding
+
+ my $panel = esmith::FormMagick::Panel::portforwarding->new();
+ $panel->display();
+
+=head1 DESCRIPTION
+
+This module is the backend to the portforwarding panel, responsible for
+supplying all functions used by that panel. It is a subclass of
+esmith::FormMagick itself, so it inherits the functionality of a FormMagick
+object.
+
+=head2 new
+
+This is the class constructor.
+
+=begin testing
+
+$ENV{ESMITH_CONFIG_DB} = "10e-smith-base/configuration.conf";
+
+use_ok('esmith::FormMagick::Panels::portforwarding');
+our $panel;
+ok($panel = esmith::FormMagick::Panels::portforwarding->new(),
+ "Create panel object");
+isa_ok($panel, 'esmith::FormMagick::Panels::portforwarding');
+
+=end testing
+
+=cut
+
+sub new {
+ my $class = ref($_[0]) || $_[0];
+ my $self = esmith::FormMagick->new();
+ bless $self, $class;
+ # Uncomment the following line for debugging.
+ #$self->debug(TRUE);
+ return $self;
+}
+
+=head2 show_port_forwards
+
+This method displays the data on currently forwarded ports on
+the system.
+
+=cut
+
+sub show_port_forwards {
+ my $self = shift;
+ my $q = $self->cgi;
+
+ my $empty = 0;
+ my @tcpforwards = $tcp_db->get_all;
+ my @udpforwards = $udp_db->get_all;
+ $empty = 1 if not @tcpforwards and not @udpforwards;
+
+ my %forwards = ();
+ $forwards{TCP} = \@tcpforwards;
+ $forwards{UDP} = \@udpforwards;
+
+ print $q->Tr(
+ $q->td({-colspan => 2},
+ '
' .
+ $q->a({-class => "button-like",
+ -href => "portforwarding?page=0&page_stack=&Next=Create"},
+ $self->localise('CREATE_RULE'))));
+
+ unless ($empty) {
+ print $q->Tr(
+ $q->td({-colspan => 2},
+ $q->p($self->localise('SHOW_FORWARDS')))),"\n";
+
+ my $q = $self->{cgi};
+ print "";
+ print $q->start_table({-class => 'sme-border'}), "\n ";
+ print $q->Tr(
+ esmith::cgi::genSmallCell(
+ $q,
+ $self->localise('LABEL_PROTOCOL'),
+ "header"
+ ), " ",
+ esmith::cgi::genSmallCell(
+ $q,
+ $self->localise('LABEL_SOURCE_PORT'),
+ "header"
+ ), " ",
+ esmith::cgi::genSmallCell(
+ $q,
+ $self->localise('LABEL_DESTINATION_HOST'),
+ "header"
+ ), " ",
+ esmith::cgi::genSmallCell(
+ $q,
+ $self->localise('LABEL_DESTINATION_PORT'),
+ "header",
+ ), " ",
+ esmith::cgi::genSmallCell(
+ $q,
+ $self->localise('ALLOW_HOSTS'),
+ "header",
+ ), " ",
+ esmith::cgi::genSmallCell(
+ $q,
+ $self->localise('RULE_COMMENT'),
+ "header",
+ ), " ",
+ $q->th({-class => "sme-border", -colspan => 2},
+ $self->localise('ACTION')
+ ), "\n ",
+ );
+ foreach my $proto (sort keys %forwards) {
+ if (@{ $forwards{$proto} }) {
+ foreach my $entry (@{ $forwards{$proto} }) {
+ my $sport = $entry->key;
+ my $dhost = $entry->prop('DestHost');
+ my $dport = $entry->prop('DestPort') || '';
+ my $cmmnt = $entry->prop('Comment') || '';
+ my $allow = $entry->prop('AllowHosts') || '';
+ print $q->Tr(
+ esmith::cgi::genSmallCell($q, $proto),
+ " ",
+ esmith::cgi::genSmallCell($q, $sport),
+ " ",
+ esmith::cgi::genSmallCell($q, $dhost),
+ " ",
+ esmith::cgi::genSmallCell($q, $dport || ' '),
+ " ",
+ esmith::cgi::genSmallCell($q, $allow || ' '),
+ " ",
+ esmith::cgi::genSmallCell($q, $cmmnt || ' '),
+ " ",
+ esmith::cgi::genSmallCell(
+ $q,
+ $q->a({href => $q->url(-absolute => 1)
+ . "?page=3&Next=Next&protocol=$proto&"
+ . "source_port=$sport&"
+ . "destination_host=$dhost&"
+ . "destination_port=$dport&"
+ . "rule_comment=".CGI::escape($cmmnt)."&"
+ . "allow_hosts=$allow"},
+ $self->localise("REMOVE"))
+ ),
+ "\n ",
+ );
+ }
+ }
+ }
+ print $q->end_table,"\n";
+ print ' |
';
+
+ }
+ else {
+ print $q->Tr(
+ $q->td({-colspan => 2}, '
' .
+ $self->localise('NO_FORWARDS')));
+ }
+ return undef;
+}
+
+=head2 validate_source_port
+
+This method validates the source port field in the new port forward page.
+
+=cut
+
+sub validate_source_port {
+ my $self = shift;
+ my $q = $self->{cgi};
+ my $sport = $q->param('source_port');
+ $sport =~ s/^\s+|\s+$//g;
+ # If this is a port range, split it up and validate it individually.
+ my @ports = ();
+ if ($sport =~ /-/)
+ {
+ @ports = split /-/, $sport;
+ if (@ports > 2)
+ {
+ $self->debug_msg("found more than 2 ports: @ports");
+ return $self->localise('ERR_BADPORT');
+ }
+ }
+ else
+ {
+ push @ports, $sport;
+ }
+ $self->debug_msg("the ports array is: @ports");
+ foreach my $port (@ports)
+ {
+ $self->debug_msg("looping on port $port");
+ if (! $self->isValidPort($port))
+ {
+ $self->debug_msg("returning: " . $self->localise('ERR_BADPORT'));
+ return $self->localise('ERR_BADPORT');
+ }
+ }
+ # Now, lets screen any duplicates.
+ my $protocol = $q->param('protocol');
+ my @forwards = ();
+
+ # Grab the existing rules for this protocol.
+ if ($protocol eq 'TCP') {
+ @forwards = map { $_->key } $tcp_db->get_all;
+ } elsif ($protocol eq 'UDP') {
+ @forwards = map { $_->key } $udp_db->get_all;
+ }
+ foreach my $psport (@forwards)
+ {
+ if ($self->detect_collision($sport, $psport))
+ {
+ return $self->localise('ERR_PORT_COLLISION');
+ }
+ }
+ return 'OK';
+}
+
+=head2 detect_collision
+
+This method looks for a collision between two ports or port ranges.
+
+=cut
+
+sub detect_collision
+{
+ my $self = shift;
+ my $port_a = shift;
+ my $port_b = shift;
+
+ # If they're both single ports, see if they're the same.
+ if (($port_a !~ /-/) && ($port_b !~ /-/))
+ {
+ return $port_a eq $port_b;
+ }
+ # If port_a is not a range but port_b is, is a in b?
+ elsif ($port_a !~ /-/)
+ {
+ my ($b1, $b2) = split /-/, $port_b;
+ return (($port_a >= $b1) && ($port_a <= $b2));
+ }
+ elsif ($port_b !~ /-/)
+ {
+ my ($a1, $a2) = split /-/, $port_a;
+ return (($port_b >= $a1) && ($port_b <= $a2));
+ }
+ else
+ {
+ # They're both ranges. Do they overlap?
+ my ($a1, $a2) = split /-/, $port_a;
+ my ($b1, $b2) = split /-/, $port_b;
+ # They can overlap in two ways. Either a1 is in b, or b1 is in a.
+ if (($a1 >= $b1) && ($a1 <= $b2))
+ {
+ return TRUE;
+ }
+ elsif (($b1 >= $a1) && ($b1 <= $a2))
+ {
+ return TRUE;
+ }
+ return FALSE;
+ }
+}
+
+=head2 validate_destination_port
+
+This method validates the destination port field in the new port
+forward page.
+
+=cut
+
+sub validate_destination_port {
+ my $self = shift;
+ my $dport = $self->{cgi}->param('destination_port');
+ $dport =~ s/^\s+|\s+$//g;
+ # If the dport is empty, that's ok.
+ return 'OK' if not $dport;
+
+ # If this is a port range, split it up and validate it individually.
+ my @ports = ();
+ if ($dport =~ /-/)
+ {
+ @ports = split /-/, $dport;
+ if (@ports > 2)
+ {
+ $self->debug_msg("found more than 2 ports: @ports");
+ return $self->localise('ERR_BADPORT');
+ }
+ }
+ else
+ {
+ push @ports, $dport;
+ }
+ $self->debug_msg("the ports array is: @ports");
+
+ foreach my $port (@ports)
+ {
+ $self->debug_msg("looping on port $port");
+ if (! $self->isValidPort($port))
+ {
+ $self->debug_msg("returning: " . $self->localise('ERR_BADPORT'));
+ return $self->localise('ERR_BADPORT');
+ }
+ }
+ return 'OK';
+}
+
+=head2 isValidPort
+
+Test for a valid port.
+FIXME: Remove this when 5.6 is no longer supported, and use
+esmith::util::network::isValidPort instead.
+
+=begin testing
+
+@badports = (98765434, -183, 0, 'bad port', 'a');
+@goodports = (67, 23, 1, 54736);
+
+foreach $port (@badports) {
+ $panel->{cgi}->param('destination_port' => $port);
+ isnt($panel->validate_source_port(), "OK");
+}
+foreach $port (@goodports) {
+ $panel->{cgi}->param('source_port' => $port);
+ is($panel->validate_source_port(), "OK");
+}
+
+=end testing
+
+=cut
+
+sub isValidPort() {
+ my $self = shift;
+ my $port = shift;
+
+ return FALSE unless defined $port;
+
+ if (($port =~ /^\d+$/) &&
+ ($port > 0) &&
+ ($port < 65536))
+ {
+ return TRUE;
+ }
+ else {
+ return FALSE;
+ }
+}
+
+=head2 validate_destination_host
+
+The purpose of this method is to validate the destination host field in the
+new port forward page.
+
+=cut
+
+sub validate_destination_host {
+ my $self = shift;
+ my $dhost = $self->{cgi}->param('destination_host');
+ $dhost =~ s/^\s+|\s+$//g;
+
+ my $localip = $db->get_prop('InternalInterface', 'IPAddress');
+ my $external_ip = $db->get_prop('ExternalInterface', 'IPAddress') || $localip;
+
+ if ($dhost =~ /^(localhost|127.0.0.1|$localip|$external_ip)$/i)
+ {
+ # localhost token gets expanded at runtime to current external IP
+ $self->{cgi}->param(-name=>'destination_host', -value=>'localhost');
+ return "OK";
+ }
+
+ my $systemmode = $db->get_value('SystemMode');
+
+ if ($systemmode eq 'serveronly') {
+ return $self->localise('IN_SERVERONLY');
+ }
+
+ if (isValidIP($dhost)) {
+ return 'OK';
+ }
+ else {
+ return $self->localise('ERR_BADIP');
+ }
+}
+
+=head2 validate_allowed_hosts
+
+=cut
+
+sub validate_allowed_hosts {
+ my $self = shift;
+ my $ahost = $self->{cgi}->param('allow_hosts');
+ $ahost =~ s/^\s+|\s+$//g;
+
+ my $valid_ahost_list = "OK";
+
+ foreach (split(/[\s,]+/, $ahost)) {
+ my $valid_ipnet = 0;
+ $valid_ipnet = 1 if ($_ =~ m/^\d+\.\d+\.\d+\.\d+$/);
+ $valid_ipnet = 1 if ($_ =~ m/^\d+\.\d+\.\d+\.\d+\/\d+$/);
+ $valid_ahost_list = "ERR_BADAHOST" if ($valid_ipnet != 1);
+ }
+
+ return $valid_ahost_list;
+}
+
+=head2 display_summary_create
+
+This is a wrapper for the display_summary method, to call it in create mode.
+
+=cut
+
+sub display_summary_create {
+ my $self = shift;
+ $self->display_summary('create');
+}
+
+=head2 display_summary_remove
+
+This is a wrapper for the display_summary method, to call it in remove mode.
+
+=cut
+
+sub display_summary_remove {
+ my $self = shift;
+ $self->display_summary('remove');
+}
+
+=head2 display_create_summary
+
+This method's purpose is to display a summary of the rule about to be added.
+
+=cut
+
+sub display_summary {
+ my $self = shift;
+ my $mode = shift;
+ my $save = $self->localise('SAVE');
+ my $cancel = $self->localise('CANCEL');
+ my $output = "";
+ my $q = $self->{cgi};
+ $self->debug_msg("start of method");
+
+ print "";
+
+ my $description = "";
+ if ($mode eq 'create') {
+ $description = $self->localise('SUMMARY_ADD_DESC');
+ }
+ elsif ($mode eq 'remove') {
+ $description = $self->localise('SUMMARY_REMOVE_DESC');
+ }
+ else {
+ return $self->error('ERR_UNSUPPORTED_MODE');
+ }
+
+ print $q->p($description);
+
+ my $dhost = $self->get_destination_host();
+ foreach my $tablearrayref (
+ [$self->localise('LABEL_PROTOCOL')
+ => $q->param('protocol')],
+ [$self->localise('LABEL_SOURCE_PORT')
+ => $q->param('source_port')],
+ [$self->localise('LABEL_DESTINATION_PORT')
+ => $q->param('destination_port') || ' '],
+ [$self->localise('LABEL_DESTINATION_HOST')
+ => $dhost],
+ [$self->localise('RULE_COMMENT')
+ => $q->param('rule_comment')],
+ [$self->localise('ALLOW_HOSTS')
+ => $q->param('allow_hosts')],
+ )
+ {
+ print $q->Tr(
+ $q->td({-class => 'sme-noborders-label'},
+ $tablearrayref->[0],
+ $q->td({-class => 'sme-noborders-content'},
+ $tablearrayref->[1]))), "\n";
+ }
+
+ if ($mode eq 'create') {
+ print $q->table({-width => '100%'}, $q->Tr($q->th({-class => 'sme-layout'},
+ $q->submit(-name => 'apply',
+ -value => $self->localise("ADD")),
+ ' ',
+ $q->submit(-name => 'cancel',
+ -value => $self->localise("CANCEL")))));
+ }
+ elsif ($mode eq 'remove') {
+ print $q->table({-width => '100%'}, $q->Tr($q->th({-class => 'sme-layout'},
+ $q->submit( -name => 'remove',
+ -value => $self->localise("REMOVE")),
+ ' ',
+ $q->submit( -name => 'cancel',
+ -value => $self->localise("CANCEL")))));
+ }
+ else {
+ return $self->error('ERR_UNSUPPORTED_MODE');
+ }
+ $self->debug_msg("returning");
+
+ print " |
";
+ return undef;
+}
+
+=head2 remove_rule
+
+This method is a remove wrapper for the modify method.
+
+=cut
+
+sub remove_rule {
+ my $self = shift;
+ $self->modify('remove');
+}
+
+=head2 create_new
+
+This method is a create wrapper for the modify method.
+
+=cut
+
+sub create_new {
+ my $self = shift;
+ $self->modify('create');
+}
+
+=head2 modify
+
+This method's purpose is to add or remove rules from the database, and then
+cause the firewall rules to update.
+
+=cut
+
+sub modify {
+ no strict 'refs';
+ my $self = shift;
+ my $mode = shift;
+ my $q = $self->{cgi};
+ $self->debug_msg("at start of modify method");
+
+ # If the cancel button was pressed, just go back to the start page.
+ if ($q->param("cancel")) {
+ $self->debug_msg("the cancel button was pressed");
+ $self->wherenext("First");
+ }
+ else {
+ # Save the changes.
+ my $proto = $q->param("protocol");
+ my $sport = $q->param("source_port");
+ my $dport = $q->param("destination_port");
+ my $dhost = $self->get_destination_host();
+ my $cmmnt = $q->param("rule_comment") || "";
+ my $allow = $q->param("allow_hosts") || "";
+ my $deny = (($q->param("allow_hosts")) ? "0.0.0.0/0" : "");
+ $proto =~ s/^\s+|\s+$//g;
+ $sport =~ s/^\s+|\s+$//g;
+ $dport =~ s/^\s+|\s+$//g;
+ $dhost =~ s/^\s+|\s+$//g;
+
+ $self->debug_msg("protocol is $proto");
+ $self->debug_msg("source_port is $sport");
+ $self->debug_msg("destination_port is $dport");
+ $self->debug_msg("destination_host is $dhost");
+
+ my $whichforwards = "";
+ my $fdb;
+ if ($proto eq 'TCP') {
+ $fdb = $tcp_db;
+ }
+ else {
+ $fdb = $udp_db;
+ }
+
+ if ($mode eq 'create') {
+ $self->debug_msg("we are in create mode");
+ my $entry = $fdb->get($sport) || $fdb->new_record($sport, { type => 'forward' });
+ $entry->set_prop('DestHost', $dhost);
+ $entry->set_prop('DestPort', $dport) if $dport;
+ $entry->set_prop('Comment', $cmmnt);
+ $entry->set_prop('AllowHosts', $allow);
+ $entry->set_prop('DenyHosts', $deny);
+ }
+ elsif ($mode eq 'remove') {
+ $self->debug_msg("we are in remove mode");
+ my $entry = $fdb->get($sport);
+ return $self->error('ERR_CANNOT_REMOVE_NORULE') unless $entry;
+ $entry->delete;
+ }
+
+ system("/sbin/e-smith/signal-event",
+ "portforwarding-update") == 0
+ || return $self->error('ERR_NONZERO_RETURN_EVENT');
+
+ return $self->success();
+ }
+}
+
+=head2 get_destination_host
+
+Get the 'destination_host' parameter, and fold it to 'localhost' if it
+matches any local interface IP address.
+
+=cut
+
+sub get_destination_host
+{
+ my $self = shift;
+ my $q = $self->{cgi};
+ my $dhost = $q->param("destination_host");
+ my $localip = $db->get_prop('InternalInterface', 'IPAddress');
+ my $external_ip = $db->get_prop('ExternalInterface', 'IPAddress') || $localip;
+
+ if ($dhost =~ /^(127.0.0.1|$localip|$external_ip)$/i)
+ {
+ # localhost token gets expanded at runtime to current external IP
+ $dhost = 'localhost';
+ }
+ return $dhost;
+}
+
+1;