initial commit of file from CVS for e-smith-portforwarding on Wed 12 Jul 09:04:13 BST 2023
This commit is contained in:
parent
e5466e0cdd
commit
4094d29da6
4
.gitignore
vendored
Normal file
4
.gitignore
vendored
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
*.rpm
|
||||||
|
*.log
|
||||||
|
*spec-20*
|
||||||
|
*.tar.xz
|
21
Makefile
Normal file
21
Makefile
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
# Makefile for source rpm: e-smith-portforwarding
|
||||||
|
# $Id: Makefile,v 1.1 2016/02/05 22:00:01 stephdl Exp $
|
||||||
|
NAME := e-smith-portforwarding
|
||||||
|
SPECFILE = $(firstword $(wildcard *.spec))
|
||||||
|
|
||||||
|
define find-makefile-common
|
||||||
|
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||||
|
endef
|
||||||
|
|
||||||
|
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||||
|
|
||||||
|
ifeq ($(MAKEFILE_COMMON),)
|
||||||
|
# attept a checkout
|
||||||
|
define checkout-makefile-common
|
||||||
|
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
||||||
|
endef
|
||||||
|
|
||||||
|
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
||||||
|
endif
|
||||||
|
|
||||||
|
include $(MAKEFILE_COMMON)
|
16
README.md
16
README.md
@ -1,3 +1,17 @@
|
|||||||
# e-smith-portforwarding
|
# <img src="https://www.koozali.org/images/koozali/Logo/Png/Koozali_logo_2016.png" width="25%" vertical="auto" style="vertical-align:bottom"> e-smith-portforwarding
|
||||||
|
|
||||||
SMEServer Koozali developed git repo for e-smith-portforwarding smeserver
|
SMEServer Koozali developed git repo for e-smith-portforwarding smeserver
|
||||||
|
|
||||||
|
## Wiki
|
||||||
|
<br />https://wiki.koozali.org/
|
||||||
|
|
||||||
|
## Bugzilla
|
||||||
|
Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=e-smith-portforwarding&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
|
||||||
|
|
||||||
|
## Description
|
||||||
|
|
||||||
|
<br />*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.*
|
||||||
|
*Once it has been checked, then this comment will be deleted*
|
||||||
|
<br />
|
||||||
|
|
||||||
|
E-Smith-Portforwarding is a powerful software solution for streamlining the process of setting up and managing port forwarding on an internal network. It provides users with an intuitive and easy-to-use interface for creating and managing port forwarding rules, as well as quickly viewing the current status of active ports. With E-Smith-Portforwarding, users can quickly and easily forward ports to any internal or external host, allowing secure, remote access to services running on the internal network. It also provides in-depth monitoring and logging capabilities, allowing administrators to keep track of the activity on forwarded ports, as well as detect and alert them of any suspicious activity.
|
||||||
|
340
additional/COPYING
Executable file
340
additional/COPYING
Executable file
@ -0,0 +1,340 @@
|
|||||||
|
GNU GENERAL PUBLIC LICENSE
|
||||||
|
Version 2, June 1991
|
||||||
|
|
||||||
|
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
|
||||||
|
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
Everyone is permitted to copy and distribute verbatim copies
|
||||||
|
of this license document, but changing it is not allowed.
|
||||||
|
|
||||||
|
Preamble
|
||||||
|
|
||||||
|
The licenses for most software are designed to take away your
|
||||||
|
freedom to share and change it. By contrast, the GNU General Public
|
||||||
|
License is intended to guarantee your freedom to share and change free
|
||||||
|
software--to make sure the software is free for all its users. This
|
||||||
|
General Public License applies to most of the Free Software
|
||||||
|
Foundation's software and to any other program whose authors commit to
|
||||||
|
using it. (Some other Free Software Foundation software is covered by
|
||||||
|
the GNU Library General Public License instead.) You can apply it to
|
||||||
|
your programs, too.
|
||||||
|
|
||||||
|
When we speak of free software, we are referring to freedom, not
|
||||||
|
price. Our General Public Licenses are designed to make sure that you
|
||||||
|
have the freedom to distribute copies of free software (and charge for
|
||||||
|
this service if you wish), that you receive source code or can get it
|
||||||
|
if you want it, that you can change the software or use pieces of it
|
||||||
|
in new free programs; and that you know you can do these things.
|
||||||
|
|
||||||
|
To protect your rights, we need to make restrictions that forbid
|
||||||
|
anyone to deny you these rights or to ask you to surrender the rights.
|
||||||
|
These restrictions translate to certain responsibilities for you if you
|
||||||
|
distribute copies of the software, or if you modify it.
|
||||||
|
|
||||||
|
For example, if you distribute copies of such a program, whether
|
||||||
|
gratis or for a fee, you must give the recipients all the rights that
|
||||||
|
you have. You must make sure that they, too, receive or can get the
|
||||||
|
source code. And you must show them these terms so they know their
|
||||||
|
rights.
|
||||||
|
|
||||||
|
We protect your rights with two steps: (1) copyright the software, and
|
||||||
|
(2) offer you this license which gives you legal permission to copy,
|
||||||
|
distribute and/or modify the software.
|
||||||
|
|
||||||
|
Also, for each author's protection and ours, we want to make certain
|
||||||
|
that everyone understands that there is no warranty for this free
|
||||||
|
software. If the software is modified by someone else and passed on, we
|
||||||
|
want its recipients to know that what they have is not the original, so
|
||||||
|
that any problems introduced by others will not reflect on the original
|
||||||
|
authors' reputations.
|
||||||
|
|
||||||
|
Finally, any free program is threatened constantly by software
|
||||||
|
patents. We wish to avoid the danger that redistributors of a free
|
||||||
|
program will individually obtain patent licenses, in effect making the
|
||||||
|
program proprietary. To prevent this, we have made it clear that any
|
||||||
|
patent must be licensed for everyone's free use or not licensed at all.
|
||||||
|
|
||||||
|
The precise terms and conditions for copying, distribution and
|
||||||
|
modification follow.
|
||||||
|
|
||||||
|
GNU GENERAL PUBLIC LICENSE
|
||||||
|
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||||
|
|
||||||
|
0. This License applies to any program or other work which contains
|
||||||
|
a notice placed by the copyright holder saying it may be distributed
|
||||||
|
under the terms of this General Public License. The "Program", below,
|
||||||
|
refers to any such program or work, and a "work based on the Program"
|
||||||
|
means either the Program or any derivative work under copyright law:
|
||||||
|
that is to say, a work containing the Program or a portion of it,
|
||||||
|
either verbatim or with modifications and/or translated into another
|
||||||
|
language. (Hereinafter, translation is included without limitation in
|
||||||
|
the term "modification".) Each licensee is addressed as "you".
|
||||||
|
|
||||||
|
Activities other than copying, distribution and modification are not
|
||||||
|
covered by this License; they are outside its scope. The act of
|
||||||
|
running the Program is not restricted, and the output from the Program
|
||||||
|
is covered only if its contents constitute a work based on the
|
||||||
|
Program (independent of having been made by running the Program).
|
||||||
|
Whether that is true depends on what the Program does.
|
||||||
|
|
||||||
|
1. You may copy and distribute verbatim copies of the Program's
|
||||||
|
source code as you receive it, in any medium, provided that you
|
||||||
|
conspicuously and appropriately publish on each copy an appropriate
|
||||||
|
copyright notice and disclaimer of warranty; keep intact all the
|
||||||
|
notices that refer to this License and to the absence of any warranty;
|
||||||
|
and give any other recipients of the Program a copy of this License
|
||||||
|
along with the Program.
|
||||||
|
|
||||||
|
You may charge a fee for the physical act of transferring a copy, and
|
||||||
|
you may at your option offer warranty protection in exchange for a fee.
|
||||||
|
|
||||||
|
2. You may modify your copy or copies of the Program or any portion
|
||||||
|
of it, thus forming a work based on the Program, and copy and
|
||||||
|
distribute such modifications or work under the terms of Section 1
|
||||||
|
above, provided that you also meet all of these conditions:
|
||||||
|
|
||||||
|
a) You must cause the modified files to carry prominent notices
|
||||||
|
stating that you changed the files and the date of any change.
|
||||||
|
|
||||||
|
b) You must cause any work that you distribute or publish, that in
|
||||||
|
whole or in part contains or is derived from the Program or any
|
||||||
|
part thereof, to be licensed as a whole at no charge to all third
|
||||||
|
parties under the terms of this License.
|
||||||
|
|
||||||
|
c) If the modified program normally reads commands interactively
|
||||||
|
when run, you must cause it, when started running for such
|
||||||
|
interactive use in the most ordinary way, to print or display an
|
||||||
|
announcement including an appropriate copyright notice and a
|
||||||
|
notice that there is no warranty (or else, saying that you provide
|
||||||
|
a warranty) and that users may redistribute the program under
|
||||||
|
these conditions, and telling the user how to view a copy of this
|
||||||
|
License. (Exception: if the Program itself is interactive but
|
||||||
|
does not normally print such an announcement, your work based on
|
||||||
|
the Program is not required to print an announcement.)
|
||||||
|
|
||||||
|
These requirements apply to the modified work as a whole. If
|
||||||
|
identifiable sections of that work are not derived from the Program,
|
||||||
|
and can be reasonably considered independent and separate works in
|
||||||
|
themselves, then this License, and its terms, do not apply to those
|
||||||
|
sections when you distribute them as separate works. But when you
|
||||||
|
distribute the same sections as part of a whole which is a work based
|
||||||
|
on the Program, the distribution of the whole must be on the terms of
|
||||||
|
this License, whose permissions for other licensees extend to the
|
||||||
|
entire whole, and thus to each and every part regardless of who wrote it.
|
||||||
|
|
||||||
|
Thus, it is not the intent of this section to claim rights or contest
|
||||||
|
your rights to work written entirely by you; rather, the intent is to
|
||||||
|
exercise the right to control the distribution of derivative or
|
||||||
|
collective works based on the Program.
|
||||||
|
|
||||||
|
In addition, mere aggregation of another work not based on the Program
|
||||||
|
with the Program (or with a work based on the Program) on a volume of
|
||||||
|
a storage or distribution medium does not bring the other work under
|
||||||
|
the scope of this License.
|
||||||
|
|
||||||
|
3. You may copy and distribute the Program (or a work based on it,
|
||||||
|
under Section 2) in object code or executable form under the terms of
|
||||||
|
Sections 1 and 2 above provided that you also do one of the following:
|
||||||
|
|
||||||
|
a) Accompany it with the complete corresponding machine-readable
|
||||||
|
source code, which must be distributed under the terms of Sections
|
||||||
|
1 and 2 above on a medium customarily used for software interchange; or,
|
||||||
|
|
||||||
|
b) Accompany it with a written offer, valid for at least three
|
||||||
|
years, to give any third party, for a charge no more than your
|
||||||
|
cost of physically performing source distribution, a complete
|
||||||
|
machine-readable copy of the corresponding source code, to be
|
||||||
|
distributed under the terms of Sections 1 and 2 above on a medium
|
||||||
|
customarily used for software interchange; or,
|
||||||
|
|
||||||
|
c) Accompany it with the information you received as to the offer
|
||||||
|
to distribute corresponding source code. (This alternative is
|
||||||
|
allowed only for noncommercial distribution and only if you
|
||||||
|
received the program in object code or executable form with such
|
||||||
|
an offer, in accord with Subsection b above.)
|
||||||
|
|
||||||
|
The source code for a work means the preferred form of the work for
|
||||||
|
making modifications to it. For an executable work, complete source
|
||||||
|
code means all the source code for all modules it contains, plus any
|
||||||
|
associated interface definition files, plus the scripts used to
|
||||||
|
control compilation and installation of the executable. However, as a
|
||||||
|
special exception, the source code distributed need not include
|
||||||
|
anything that is normally distributed (in either source or binary
|
||||||
|
form) with the major components (compiler, kernel, and so on) of the
|
||||||
|
operating system on which the executable runs, unless that component
|
||||||
|
itself accompanies the executable.
|
||||||
|
|
||||||
|
If distribution of executable or object code is made by offering
|
||||||
|
access to copy from a designated place, then offering equivalent
|
||||||
|
access to copy the source code from the same place counts as
|
||||||
|
distribution of the source code, even though third parties are not
|
||||||
|
compelled to copy the source along with the object code.
|
||||||
|
|
||||||
|
4. You may not copy, modify, sublicense, or distribute the Program
|
||||||
|
except as expressly provided under this License. Any attempt
|
||||||
|
otherwise to copy, modify, sublicense or distribute the Program is
|
||||||
|
void, and will automatically terminate your rights under this License.
|
||||||
|
However, parties who have received copies, or rights, from you under
|
||||||
|
this License will not have their licenses terminated so long as such
|
||||||
|
parties remain in full compliance.
|
||||||
|
|
||||||
|
5. You are not required to accept this License, since you have not
|
||||||
|
signed it. However, nothing else grants you permission to modify or
|
||||||
|
distribute the Program or its derivative works. These actions are
|
||||||
|
prohibited by law if you do not accept this License. Therefore, by
|
||||||
|
modifying or distributing the Program (or any work based on the
|
||||||
|
Program), you indicate your acceptance of this License to do so, and
|
||||||
|
all its terms and conditions for copying, distributing or modifying
|
||||||
|
the Program or works based on it.
|
||||||
|
|
||||||
|
6. Each time you redistribute the Program (or any work based on the
|
||||||
|
Program), the recipient automatically receives a license from the
|
||||||
|
original licensor to copy, distribute or modify the Program subject to
|
||||||
|
these terms and conditions. You may not impose any further
|
||||||
|
restrictions on the recipients' exercise of the rights granted herein.
|
||||||
|
You are not responsible for enforcing compliance by third parties to
|
||||||
|
this License.
|
||||||
|
|
||||||
|
7. If, as a consequence of a court judgment or allegation of patent
|
||||||
|
infringement or for any other reason (not limited to patent issues),
|
||||||
|
conditions are imposed on you (whether by court order, agreement or
|
||||||
|
otherwise) that contradict the conditions of this License, they do not
|
||||||
|
excuse you from the conditions of this License. If you cannot
|
||||||
|
distribute so as to satisfy simultaneously your obligations under this
|
||||||
|
License and any other pertinent obligations, then as a consequence you
|
||||||
|
may not distribute the Program at all. For example, if a patent
|
||||||
|
license would not permit royalty-free redistribution of the Program by
|
||||||
|
all those who receive copies directly or indirectly through you, then
|
||||||
|
the only way you could satisfy both it and this License would be to
|
||||||
|
refrain entirely from distribution of the Program.
|
||||||
|
|
||||||
|
If any portion of this section is held invalid or unenforceable under
|
||||||
|
any particular circumstance, the balance of the section is intended to
|
||||||
|
apply and the section as a whole is intended to apply in other
|
||||||
|
circumstances.
|
||||||
|
|
||||||
|
It is not the purpose of this section to induce you to infringe any
|
||||||
|
patents or other property right claims or to contest validity of any
|
||||||
|
such claims; this section has the sole purpose of protecting the
|
||||||
|
integrity of the free software distribution system, which is
|
||||||
|
implemented by public license practices. Many people have made
|
||||||
|
generous contributions to the wide range of software distributed
|
||||||
|
through that system in reliance on consistent application of that
|
||||||
|
system; it is up to the author/donor to decide if he or she is willing
|
||||||
|
to distribute software through any other system and a licensee cannot
|
||||||
|
impose that choice.
|
||||||
|
|
||||||
|
This section is intended to make thoroughly clear what is believed to
|
||||||
|
be a consequence of the rest of this License.
|
||||||
|
|
||||||
|
8. If the distribution and/or use of the Program is restricted in
|
||||||
|
certain countries either by patents or by copyrighted interfaces, the
|
||||||
|
original copyright holder who places the Program under this License
|
||||||
|
may add an explicit geographical distribution limitation excluding
|
||||||
|
those countries, so that distribution is permitted only in or among
|
||||||
|
countries not thus excluded. In such case, this License incorporates
|
||||||
|
the limitation as if written in the body of this License.
|
||||||
|
|
||||||
|
9. The Free Software Foundation may publish revised and/or new versions
|
||||||
|
of the General Public License from time to time. Such new versions will
|
||||||
|
be similar in spirit to the present version, but may differ in detail to
|
||||||
|
address new problems or concerns.
|
||||||
|
|
||||||
|
Each version is given a distinguishing version number. If the Program
|
||||||
|
specifies a version number of this License which applies to it and "any
|
||||||
|
later version", you have the option of following the terms and conditions
|
||||||
|
either of that version or of any later version published by the Free
|
||||||
|
Software Foundation. If the Program does not specify a version number of
|
||||||
|
this License, you may choose any version ever published by the Free Software
|
||||||
|
Foundation.
|
||||||
|
|
||||||
|
10. If you wish to incorporate parts of the Program into other free
|
||||||
|
programs whose distribution conditions are different, write to the author
|
||||||
|
to ask for permission. For software which is copyrighted by the Free
|
||||||
|
Software Foundation, write to the Free Software Foundation; we sometimes
|
||||||
|
make exceptions for this. Our decision will be guided by the two goals
|
||||||
|
of preserving the free status of all derivatives of our free software and
|
||||||
|
of promoting the sharing and reuse of software generally.
|
||||||
|
|
||||||
|
NO WARRANTY
|
||||||
|
|
||||||
|
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
||||||
|
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
||||||
|
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
||||||
|
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
||||||
|
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||||
|
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
||||||
|
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
||||||
|
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
||||||
|
REPAIR OR CORRECTION.
|
||||||
|
|
||||||
|
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||||
|
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
||||||
|
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
||||||
|
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
||||||
|
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
||||||
|
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
||||||
|
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
||||||
|
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
||||||
|
POSSIBILITY OF SUCH DAMAGES.
|
||||||
|
|
||||||
|
END OF TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
How to Apply These Terms to Your New Programs
|
||||||
|
|
||||||
|
If you develop a new program, and you want it to be of the greatest
|
||||||
|
possible use to the public, the best way to achieve this is to make it
|
||||||
|
free software which everyone can redistribute and change under these terms.
|
||||||
|
|
||||||
|
To do so, attach the following notices to the program. It is safest
|
||||||
|
to attach them to the start of each source file to most effectively
|
||||||
|
convey the exclusion of warranty; and each file should have at least
|
||||||
|
the "copyright" line and a pointer to where the full notice is found.
|
||||||
|
|
||||||
|
<one line to give the program's name and a brief idea of what it does.>
|
||||||
|
Copyright (C) 19yy <name of author>
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
|
||||||
|
|
||||||
|
Also add information on how to contact you by electronic and paper mail.
|
||||||
|
|
||||||
|
If the program is interactive, make it output a short notice like this
|
||||||
|
when it starts in an interactive mode:
|
||||||
|
|
||||||
|
Gnomovision version 69, Copyright (C) 19yy name of author
|
||||||
|
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||||
|
This is free software, and you are welcome to redistribute it
|
||||||
|
under certain conditions; type `show c' for details.
|
||||||
|
|
||||||
|
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||||
|
parts of the General Public License. Of course, the commands you use may
|
||||||
|
be called something other than `show w' and `show c'; they could even be
|
||||||
|
mouse-clicks or menu items--whatever suits your program.
|
||||||
|
|
||||||
|
You should also get your employer (if you work as a programmer) or your
|
||||||
|
school, if any, to sign a "copyright disclaimer" for the program, if
|
||||||
|
necessary. Here is a sample; alter the names:
|
||||||
|
|
||||||
|
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
||||||
|
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
||||||
|
|
||||||
|
<signature of Ty Coon>, 1 April 1989
|
||||||
|
Ty Coon, President of Vice
|
||||||
|
|
||||||
|
This General Public License does not permit incorporating your program into
|
||||||
|
proprietary programs. If your program is a subroutine library, you may
|
||||||
|
consider it more useful to permit linking proprietary applications with the
|
||||||
|
library. If this is what you want to do, use the GNU Library General
|
||||||
|
Public License instead of this License.
|
1
contriborbase
Normal file
1
contriborbase
Normal file
@ -0,0 +1 @@
|
|||||||
|
sme10
|
23
createlinks
Executable file
23
createlinks
Executable file
@ -0,0 +1,23 @@
|
|||||||
|
#!/usr/bin/perl -w
|
||||||
|
# This script creates the symlinks needed by this RPM
|
||||||
|
# Specific support exists to create symlinks within e-smith web "panels"
|
||||||
|
# and for links from named "events" directories into the "actions" directory
|
||||||
|
|
||||||
|
use esmith::Build::CreateLinks qw(:all);
|
||||||
|
|
||||||
|
#--------------------------------------------------
|
||||||
|
# functions for user panel
|
||||||
|
#--------------------------------------------------
|
||||||
|
my $panel = "manager";
|
||||||
|
panel_link("portforwarding", $panel);
|
||||||
|
|
||||||
|
my $event = "portforwarding-update";
|
||||||
|
templates2events("/etc/rc.d/init.d/masq", $event);
|
||||||
|
safe_symlink("adjust", "root/etc/e-smith/events/$event/services2adjust/masq");
|
||||||
|
|
||||||
|
my $event = "e-smith-portforwarding-update";
|
||||||
|
templates2events("/etc/rc.d/init.d/masq", $event);
|
||||||
|
safe_symlink("adjust", "root/etc/e-smith/events/$event/services2adjust/masq");
|
||||||
|
# systemd-specific action mandatory for this package-update event
|
||||||
|
event_link("systemd-reload", $event, "89");
|
||||||
|
event_link("systemd-default", $event, "88");
|
486
e-smith-portforwarding.spec
Normal file
486
e-smith-portforwarding.spec
Normal file
@ -0,0 +1,486 @@
|
|||||||
|
# $Id: e-smith-portforwarding.spec,v 1.3 2021/01/06 20:31:11 jpp Exp $
|
||||||
|
|
||||||
|
Summary: portforwarding panel for SME Server
|
||||||
|
%define name e-smith-portforwarding
|
||||||
|
Name: %{name}
|
||||||
|
%define version 2.6.0
|
||||||
|
%define release 4
|
||||||
|
Version: %{version}
|
||||||
|
Release: %{release}%{?dist}
|
||||||
|
License: GPL
|
||||||
|
Group: Networking/Daemons
|
||||||
|
Source: %{name}-%{version}.tar.xz
|
||||||
|
|
||||||
|
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
|
||||||
|
BuildArchitectures: noarch
|
||||||
|
Requires: e-smith-base
|
||||||
|
Requires: e-smith-packetfilter >= 1.13.0-13
|
||||||
|
Requires: e-smith-lib >= 1.15.1-19
|
||||||
|
Requires: e-smith-formmagick >= 1.4.0-12
|
||||||
|
BuildRequires: e-smith-devtools >= 1.13.1-03
|
||||||
|
Obsoletes: e-smith-ipportfw dmc-mitel-portforwarding
|
||||||
|
AutoReqProv: no
|
||||||
|
|
||||||
|
%description
|
||||||
|
Adds a Port Forwarding panel to the SME server-manager.
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Wed Jul 12 2023 cvs2git.sh aka Brian Read <brianr@koozali.org> 2.6.0-4.sme
|
||||||
|
- Roll up patches and move to git repo [SME: 12338]
|
||||||
|
|
||||||
|
* Wed Jul 12 2023 BogusDateBot
|
||||||
|
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
|
||||||
|
by assuming the date is correct and changing the weekday.
|
||||||
|
Wed Jun 26 2007 --> Wed Jun 20 2007 or Tue Jun 26 2007 or Wed Jun 27 2007 or ....
|
||||||
|
|
||||||
|
* Wed Jan 06 2021 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-3.sme
|
||||||
|
- add update event [SME: 11148]
|
||||||
|
|
||||||
|
* Thu May 12 2016 Daniel Berteaud <daniel@firewall-services.com> 2.6.0-2.sme
|
||||||
|
- Rebuild for [SME: 9393]
|
||||||
|
|
||||||
|
* Fri Feb 05 2016 stephane de Labrusse <stephdl@de-labrusse.fr> 2.6.0-1.sme
|
||||||
|
- Initial release to sme10
|
||||||
|
|
||||||
|
* Thu Jan 31 2013 Shad L. Lords <slords@mail.com> 2.4.0-1.sme
|
||||||
|
- Roll new stream for sme9
|
||||||
|
|
||||||
|
* Thu Mar 11 2010 Jonathan Martens <smeserver-contribs@snetram.nl> 2.2.0-6.sme
|
||||||
|
- Fix missing space cuasing errors parsing the iptables rules [SME: 2379]
|
||||||
|
|
||||||
|
* Tue Mar 9 2010 Jonathan Martens <smeserver-contribs@snetram.nl> 2.2.0-5.sme
|
||||||
|
- Rework 91adjustPortForward template fragment [SME: 2379]
|
||||||
|
|
||||||
|
* Tue Dec 15 2009 Filippo Carletti <filippo.carletti@gmail.com> 2.2.0-4.sme
|
||||||
|
- Enable port forwards to localhost if mode is serveronly [SME: 1003]
|
||||||
|
|
||||||
|
* Tue Oct 20 2009 Filippo Carletti <filippo.carletti@gmail.com> 2.2.0-3.sme
|
||||||
|
- Adjust xml entry in locale [SME: 771]
|
||||||
|
|
||||||
|
* Mon Oct 19 2009 Filippo Carletti <filippo.carletti@gmail.com> 2.2.0-2.sme
|
||||||
|
- Add option to limit port forwards from source ip [SME: 2379]
|
||||||
|
- Add Text Description For Each Port Forwarding [SME: 771]
|
||||||
|
|
||||||
|
* Tue Oct 7 2008 Shad L. Lords <slords@mail.com> 2.2.0-1.sme
|
||||||
|
- Roll new stream to separate sme7/sme8 trees [SME: 4633]
|
||||||
|
|
||||||
|
* Sun Apr 27 2008 Jonathan Martens <smeserver-contribs@snetram.nl> 1.2.0-9
|
||||||
|
- Add common <base> tags to e-smith-formmagick's general [SME: 4282]
|
||||||
|
|
||||||
|
* Wed Feb 13 2008 Stephen Noble <support@dungog.net> 1.2.0-8
|
||||||
|
- Remove <base> tags now in general [SME: 3913]
|
||||||
|
|
||||||
|
* Sun Feb 10 2008 Stephen Noble <support@dungog.net> 1.2.0-7
|
||||||
|
- Remove duplicate <base> entries [SME: 3888]
|
||||||
|
|
||||||
|
* Thu Nov 08 2007 Gavin Weight<gweight@mail.com> 1.2.0-6
|
||||||
|
- Remove/Fix portforwarding.pm.orig file. [SME: 3526]
|
||||||
|
|
||||||
|
* Tue Oct 16 2007 Charlie Brady <charlie_brady@mitel.com> 1.2.0-5
|
||||||
|
- Use $OUTERNET for target of localhost port forwards, not externalIP
|
||||||
|
pulled from db at template expansion time. [SME: 2760]
|
||||||
|
|
||||||
|
* Tue Jun 26 2007 Shad L. Lords <slords@mail.com> 1.2.0-4
|
||||||
|
Wed Jun 26 2007 --> Wed Jun 20 2007 or Tue Jun 26 2007 or Wed Jun 27 2007 or ....
|
||||||
|
- Ensure portforwarding dbs exists [SME: 54]
|
||||||
|
|
||||||
|
* Tue Jun 26 2007 Shad L. Lords <slords@mail.com> 1.2.0-3
|
||||||
|
- Migrate portforwarding to own databases [SME: 54]
|
||||||
|
|
||||||
|
* Sun Apr 29 2007 Shad L. Lords <slords@mail.com>
|
||||||
|
- Clean up spec so package can be built by koji/plague
|
||||||
|
|
||||||
|
* Thu Dec 07 2006 Shad L. Lords <slords@mail.com>
|
||||||
|
- Update to new release naming. No functional changes.
|
||||||
|
- Make Packager generic
|
||||||
|
|
||||||
|
* Thu Mar 16 2006 Gordon Rowell <gordonr@gormand.com.au> 1.2.0-01
|
||||||
|
- Roll stable stream version. [SME: 1016]
|
||||||
|
|
||||||
|
* Wed Nov 30 2005 Gordon Rowell <gordonr@gormand.com.au> 1.1.2-02
|
||||||
|
- Bump release number only
|
||||||
|
|
||||||
|
* Fri Oct 14 2005 Gordon Rowell <gordonr@e-smith.com>
|
||||||
|
- [1.1.2-01]
|
||||||
|
- Remove L10Ns from base packages [SF: 1309520]
|
||||||
|
|
||||||
|
* Fri Oct 14 2005 Gordon Rowell <gordonr@e-smith.com>
|
||||||
|
- [1.1.1-01]
|
||||||
|
- New dev stream before relocating L10Ns
|
||||||
|
|
||||||
|
* Fri Sep 30 2005 Gordon Rowell <gordonr@e-smith.com>
|
||||||
|
- [1.1.0-13]
|
||||||
|
- Added Italian L10N - Thanks Filippo Carletti [SF: 1309266]
|
||||||
|
|
||||||
|
* Mon Sep 26 2005 Gordon Rowell <gordonr@e-smith.com>
|
||||||
|
- [1.1.0-12]
|
||||||
|
- Added German L10N - Thanks Dietmar Berteld [SF: 1293325]
|
||||||
|
|
||||||
|
* Thu Jul 14 2005 Charlie Brady <charlieb@e-smith.com>
|
||||||
|
- [1.1.0-11]
|
||||||
|
- Fix an expression precedence problem with UDP portforwarding. [SF: 1237913]
|
||||||
|
|
||||||
|
* Fri Jul 8 2005 Charlie Brady <charlieb@e-smith.com>
|
||||||
|
- [1.1.0-10]
|
||||||
|
- Fix UDP portforwarding. [SF: 1234630]
|
||||||
|
|
||||||
|
* Sat Mar 19 2005 Charlie Brady <charlieb@e-smith.com>
|
||||||
|
- [1.1.0-09]
|
||||||
|
- Fix typo in createlinks.
|
||||||
|
|
||||||
|
* Fri Mar 18 2005 Charlie Brady <charlieb@e-smith.com>
|
||||||
|
- [1.1.0-08]
|
||||||
|
- Add fr and es localisations for new text.
|
||||||
|
|
||||||
|
* Thu Mar 17 2005 Charlie Brady <charlieb@e-smith.com>
|
||||||
|
- [1.1.0-07]
|
||||||
|
- Display text to indicate that portforwarding isn't available in
|
||||||
|
serveronly mode.
|
||||||
|
- Create new portforwarding-update event, as remoteaccess-update
|
||||||
|
is rather heavyweight. use generic_template_expand and
|
||||||
|
adjust-services. [MN00064130, MN00065576]
|
||||||
|
- Fix some run-time probs with Gordon's contributed patch.
|
||||||
|
|
||||||
|
* Wed Mar 16 2005 Charlie Brady <charlieb@e-smith.com>
|
||||||
|
- [1.1.0-06]
|
||||||
|
- Patch provided by Gordon to allow portforwarding to "localhost".
|
||||||
|
|
||||||
|
* Wed May 5 2004 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [1.1.0-05]
|
||||||
|
- Now detecting serveronly mode, and disabling the ability to add
|
||||||
|
portforwarding rules while in that state. [msoulier MN00025609]
|
||||||
|
|
||||||
|
* Wed Dec 3 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [1.1.0-04]
|
||||||
|
- Added French and Spanish translations of new lexicon. [msoulier 10203]
|
||||||
|
|
||||||
|
* Wed Dec 3 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [1.1.0-03]
|
||||||
|
- Refactored 91adjustPortForward to remove duplicate code. [msoulier 10203]
|
||||||
|
- Added code to properly handle portforwarding to the external interface.
|
||||||
|
Forwarding to localhost or the private interface is now explicitly blocked.
|
||||||
|
[msoulier 10203]
|
||||||
|
|
||||||
|
* Mon Oct 20 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [1.1.0-02]
|
||||||
|
- Added better validation on the sort port to prevent conflicting rules.
|
||||||
|
[msoulier 9262]
|
||||||
|
|
||||||
|
* Fri Oct 17 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [1.1.0-01]
|
||||||
|
- forcing to dev stream - 1.1.0
|
||||||
|
|
||||||
|
* Fri Oct 17 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.2.0-03]
|
||||||
|
- Fixed summaries so that the styling is now 6.0. [msoulier 9306]
|
||||||
|
|
||||||
|
* Thu Aug 28 2003 Charlie Brady <charlieb@e-smith.com>
|
||||||
|
- [0.2.0-02]
|
||||||
|
- Fix typo in masq fragment which prevented forwarding of UDP.
|
||||||
|
[charlieb 9859]
|
||||||
|
|
||||||
|
* Thu Jun 26 2003 Charlie Brady <charlieb@e-smith.com>
|
||||||
|
- [0.2.0-01]
|
||||||
|
- Changing version to stable stream number - 0.2.0
|
||||||
|
|
||||||
|
* Tue Jun 24 2003 Gordon Rowell <gordonr@e-smith.com>
|
||||||
|
- [0.1.1-20]
|
||||||
|
- Wording update on main page [gordonr 9101]
|
||||||
|
|
||||||
|
* Fri Jun 20 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.1-19]
|
||||||
|
- Revert to previous version. [msoulier 8803]
|
||||||
|
|
||||||
|
* Wed Jun 11 2003 Charlie Brady <charlieb@e-smith.com>
|
||||||
|
- [0.1.1-18]
|
||||||
|
- Redo (simplify) some of the code in the portforwarding panel, and make
|
||||||
|
destination port explicit if not specified. [charlieb 8803]
|
||||||
|
|
||||||
|
* Tue May 6 2003 Lijie Deng <lijied@e-smith.com>
|
||||||
|
- [0.1.1-17]
|
||||||
|
- Add Spanish lexicon for portfowarding [lijied 3793]
|
||||||
|
|
||||||
|
* Tue Apr 8 2003 Lijie Deng <lijied@e-smith.com>
|
||||||
|
- [0.1.1-16]
|
||||||
|
- Removed colons on the label where necessary [lijied 7950]
|
||||||
|
|
||||||
|
* Tue Apr 8 2003 Lijie Deng <lijied@e-smith.com>
|
||||||
|
- [0.1.1-15]
|
||||||
|
- Modified button Apply to Add [lijied 7921]
|
||||||
|
|
||||||
|
* Tue Apr 8 2003 Lijie Deng <lijied@e-smith.com>
|
||||||
|
- [0.1.1-14]
|
||||||
|
- Added French translation for "Misuse of feature...." [lijied 8072]
|
||||||
|
|
||||||
|
* Tue Apr 8 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.1-13]
|
||||||
|
- Fixed lack of buttons on summary page. [msoulier 8089]
|
||||||
|
|
||||||
|
* Mon Apr 7 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.1-12]
|
||||||
|
- Inserting PortForwarding chain as first entry in the PREROUTING chain.
|
||||||
|
[msoulier 8089]
|
||||||
|
|
||||||
|
* Fri Apr 4 2003 Lijie Deng <lijied@e-smith.com>
|
||||||
|
- [0.1.1-11]
|
||||||
|
- Change $q->table to $q->start_table where necessary [lijied 8034]
|
||||||
|
|
||||||
|
* Fri Apr 4 2003 Gordon Rowell <gordonr@e-smith.com>
|
||||||
|
- [0.1.1-10]
|
||||||
|
- Text revision on panel [gordonr 8072]
|
||||||
|
|
||||||
|
* Thu Apr 3 2003 Tony Clayton <apc@e-smith.com>
|
||||||
|
- [0.1.1-09]
|
||||||
|
- Add colons to labels and fix text when table is empty in panel [tonyc 7950]
|
||||||
|
|
||||||
|
* Wed Apr 2 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.1-08]
|
||||||
|
- Added french lexicon for creating a port-forwarding rule. [msoulier 7284]
|
||||||
|
|
||||||
|
* Tue Apr 1 2003 Gordon Rowell <gordonr@e-smith.com>
|
||||||
|
- [0.1.1-07]
|
||||||
|
- Delete stray fr nav bar lexicon entries [gordonr 7926]
|
||||||
|
|
||||||
|
* Tue Apr 1 2003 Gordon Rowell <gordonr@e-smith.com>
|
||||||
|
- [0.1.1-06]
|
||||||
|
- Added french lexicon for security, so it shows up in the right spot
|
||||||
|
on the menu panel. [msoulier 7284]
|
||||||
|
|
||||||
|
* Tue Apr 1 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.1-05]
|
||||||
|
- Added proper styling to the tables. [msoulier 7284]
|
||||||
|
- Added spacing around table elements. [msoulier 7284]
|
||||||
|
- Put a 6.0 look on the buttons on the summary page. [msoulier 7284]
|
||||||
|
- Removed the button-like style from the remove links. [msoulier 7284]
|
||||||
|
|
||||||
|
* Fri Mar 28 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.1-04]
|
||||||
|
- Added proper styles to make links that behave like buttons,
|
||||||
|
look like buttons, for 6.0. [msoulier 7284]
|
||||||
|
|
||||||
|
* Fri Mar 28 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.1-03]
|
||||||
|
- Fixed a couple of typos in the english lexicon. [msoulier 7284]
|
||||||
|
- Included the french lexicon. [msoulier 7284]
|
||||||
|
|
||||||
|
* Tue Mar 25 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.1-02]
|
||||||
|
- Portforwarding still had problems, fixed here. [msoulier 7284]
|
||||||
|
|
||||||
|
* Tue Mar 25 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.1-01]
|
||||||
|
- Modified to work with new e-smith-packetfilter changes for 6.0
|
||||||
|
[msoulier 7284]
|
||||||
|
- Note: This breaks backwards-compatibility with 5.6.
|
||||||
|
|
||||||
|
* Tue Mar 18 2003 Lijie Deng <lijied@e-smith.com>
|
||||||
|
- [0.1.0-33]
|
||||||
|
- Modified port forwarding panel order [lijied 7356]
|
||||||
|
|
||||||
|
* Thu Mar 13 2003 Lijie Deng <lijied@e-smith.com>
|
||||||
|
- [0.1.0-32]
|
||||||
|
- Split en-us lexicon from portwarding panel [lijied 4030]
|
||||||
|
|
||||||
|
* Tue Mar 11 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-31]
|
||||||
|
- Finished patching the interface to take an empty dport. [msoulier 5645]
|
||||||
|
|
||||||
|
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-30]
|
||||||
|
- Patched the masq fragments to accept an empty dport. [msoulier 5645]
|
||||||
|
- Patched the interface to accept an empty destination port.
|
||||||
|
[msoulier 5645]
|
||||||
|
|
||||||
|
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-29]
|
||||||
|
- Tweaked the wording in the panel. [msoulier 5645]
|
||||||
|
|
||||||
|
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-28]
|
||||||
|
- Additional tweaks to fix the iptables syntax and adjust the size of the
|
||||||
|
fields in the UI. [msoulier 5645]
|
||||||
|
|
||||||
|
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-27]
|
||||||
|
- Adding support for a port range on source and destination ports.
|
||||||
|
[msoulier 5645]
|
||||||
|
|
||||||
|
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-26]
|
||||||
|
- Updating dependencies. [msoulier 5645]
|
||||||
|
|
||||||
|
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-25]
|
||||||
|
- Fixed bad removal which set all destination ports to the same port.
|
||||||
|
[msoulier 5645]
|
||||||
|
|
||||||
|
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-24]
|
||||||
|
- Updated dependency information to make it use the backported
|
||||||
|
e-smith-packetfilter rpm for the 5.6 updates stream. [msoulier 5645]
|
||||||
|
|
||||||
|
* Thu Mar 6 2003 Lijie Deng <lijied@e-smith.com>
|
||||||
|
- [0.1.0-23]
|
||||||
|
- Modified panel order [lijied 7356]
|
||||||
|
|
||||||
|
* Sun Feb 23 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-22]
|
||||||
|
- Backed-out the changes in 0.1.0-21. They're incompatible with
|
||||||
|
e-smith-packetfilter. We'll have to discuss this first. [msoulier 5696]
|
||||||
|
|
||||||
|
* Sun Feb 23 2003 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-21]
|
||||||
|
- Permitting port ranges instead of just single ports. [msoulier 5696]
|
||||||
|
|
||||||
|
* Sun Jan 26 2003 Mike Dickson <miked@e-smith.com>
|
||||||
|
- [0.1.0-20]
|
||||||
|
- added ACTION to lexicon, and code to use it [miked 6363]
|
||||||
|
|
||||||
|
* Sun Jan 26 2003 Mike Dickson <miked@e-smith.com>
|
||||||
|
- [0.1.0-19]
|
||||||
|
- backed out previous patch since it applied too many changes at once. I will
|
||||||
|
re-submit in manageable chunks
|
||||||
|
|
||||||
|
* Sat Jan 25 2003 Mike Dickson <miked@e-smith.com>
|
||||||
|
- [0.1.0-18]
|
||||||
|
- added ACTION to lexicon [miked 6363]
|
||||||
|
|
||||||
|
* Wed Dec 18 2002 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-17]
|
||||||
|
- Added a feature to remove the "finished" page and cycle back to the start
|
||||||
|
page with a status message instead. [msoulier 5696]
|
||||||
|
- Found and fixed a bug permitting the addition of duplicate rules.
|
||||||
|
|
||||||
|
* Mon Dec 16 2002 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-16]
|
||||||
|
- Added a space between the two buttons on the summary panel.
|
||||||
|
[msoulier 5696]
|
||||||
|
|
||||||
|
* Mon Dec 16 2002 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-15]
|
||||||
|
- Fixed broken removal due to using the wrong variable set to repopulate the
|
||||||
|
db entry. [msoulier 5696]
|
||||||
|
|
||||||
|
* Fri Dec 6 2002 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-14]
|
||||||
|
- Fixed bad variable reference in test cases. [msoulier 5696]
|
||||||
|
|
||||||
|
* Thu Dec 5 2002 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-13]
|
||||||
|
- Added some test cases to portforwarding.pm. [msoulier 5696]
|
||||||
|
|
||||||
|
* Fri Nov 29 2002 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-12]
|
||||||
|
- Improved the IP address validation. [msoulier 5696]
|
||||||
|
|
||||||
|
* Fri Nov 29 2002 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-11]
|
||||||
|
- Made sure all messages are localised, and added better error handling.
|
||||||
|
[msoulier 5696]
|
||||||
|
|
||||||
|
* Thu Nov 28 2002 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-10]
|
||||||
|
- Updated to make use of changes to the packetfilter. Fixed the placement of
|
||||||
|
the udp portforwarding rules, and the spelling of "completely".
|
||||||
|
[msoulier 5696]
|
||||||
|
|
||||||
|
* Wed Nov 27 2002 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-09]
|
||||||
|
- Localised the summary table labels. [msoulier 5696]
|
||||||
|
|
||||||
|
* Wed Nov 27 2002 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-08]
|
||||||
|
- The destination host must be an IP address. Enforcing now.
|
||||||
|
[msoulier 5696]
|
||||||
|
|
||||||
|
* Tue Nov 26 2002 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-07]
|
||||||
|
- First working prototype. [msoulier 5696]
|
||||||
|
|
||||||
|
* Mon Nov 25 2002 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-06]
|
||||||
|
- Basic functionality present. Still need to add the ability to
|
||||||
|
delete rules, and display current rules. [msoulier 5696]
|
||||||
|
|
||||||
|
* Fri Nov 22 2002 Michael Soulier <msoulier@e-smith.com>
|
||||||
|
- [0.1.0-05]
|
||||||
|
- Starting the FormMagick conversion of the panel. [msoulier 5696]
|
||||||
|
|
||||||
|
* Thu Nov 21 2002 Charlie Brady <charlieb@e-smith.com>
|
||||||
|
- [0.1.0-04]
|
||||||
|
- Use "--list --numeric" to avoid DNS lookup delays. [charlieb 5645]
|
||||||
|
|
||||||
|
* Mon Nov 11 2002 Charlie Brady <charlieb@e-smith.com>
|
||||||
|
- [0.1.0-03]
|
||||||
|
- Fix portforwarding rules to match DB format used by panel code -
|
||||||
|
which is $ip:[$dport], this allows forwarding to a port other than the
|
||||||
|
listen port [charlieb 5645].
|
||||||
|
|
||||||
|
* Mon Nov 11 2002 Charlie Brady <charlieb@e-smith.com>
|
||||||
|
- [0.1.0-02]
|
||||||
|
- Convert to iptables, and conform to "masq adjust" way of doing things.
|
||||||
|
[charlieb 5645]
|
||||||
|
|
||||||
|
* Mon Nov 11 2002 Charlie Brady <charlieb@e-smith.com>
|
||||||
|
- [0.1.0-01]
|
||||||
|
- Rolling to development stream to 0.1.0
|
||||||
|
|
||||||
|
* Mon Nov 11 2002 Charlie Brady <charlieb@e-smith.com>
|
||||||
|
- [0.0.1-6]
|
||||||
|
- Renamed to e-smith-portforwarding.
|
||||||
|
- Imported into CVS as baseline for further development.
|
||||||
|
|
||||||
|
* Sat Sep 21 2002 Darrell May <dmay@netsourced.com>
|
||||||
|
- updated 35SetPortFW to support dynamic external IP
|
||||||
|
- [0.0.1-5]
|
||||||
|
* Tue Jan 01 2002 Darrell May <dmay@netsourced.com>
|
||||||
|
- added Obsoletes: e-smith-ipportfw dmc-mitel-portfowarding
|
||||||
|
- [0.0.1-4]
|
||||||
|
* Tue Jan 01 2002 Darrell May <dmay@netsourced.com>
|
||||||
|
- fixed spelling in rpm name, now to dmc-mitel-portforwarding
|
||||||
|
- merged in e-smith-ipportfw-0.1.1-1.noarch.rpm
|
||||||
|
- [0.0.1-3]
|
||||||
|
* Mon Dec 31 2001 Darrell May <dmay@netsourced.com>
|
||||||
|
- added "Shad L. Lords" <slords@mail.com>, e-smith-iportfw 35SetPortFW
|
||||||
|
- templates-custom fragment supporting dest port addresses
|
||||||
|
- updated portforwarding panel to match
|
||||||
|
- removed first/last portforward panel bug by adding return on Operation Status
|
||||||
|
- [0.0.1-2]
|
||||||
|
* Sun Dec 30 2001 Darrell May <dmay@netsourced.com>
|
||||||
|
- initial release
|
||||||
|
- [0.0.1-1]
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup
|
||||||
|
|
||||||
|
%build
|
||||||
|
perl createlinks
|
||||||
|
|
||||||
|
%install
|
||||||
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
|
||||||
|
rm -f e-smith-%{version}-filelist
|
||||||
|
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist
|
||||||
|
|
||||||
|
for proto in tcp udp
|
||||||
|
do
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/home/e-smith/db
|
||||||
|
touch $RPM_BUILD_ROOT/home/e-smith/db/portforward_$proto
|
||||||
|
echo "%config(noreplace) %attr(0640,root,admin) /home/e-smith/db/portforward_$proto" \
|
||||||
|
>> %{name}-%{version}-filelist
|
||||||
|
done
|
||||||
|
|
||||||
|
%clean
|
||||||
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
|
%files -f %{name}-%{version}-filelist
|
||||||
|
|
||||||
|
%defattr(-,root,root)
|
||||||
|
|
||||||
|
%pre
|
||||||
|
|
||||||
|
%post
|
||||||
|
|
||||||
|
%preun
|
||||||
|
|
||||||
|
%postun
|
@ -0,0 +1,19 @@
|
|||||||
|
{
|
||||||
|
my %FDB;
|
||||||
|
foreach my $proto ('TCP', 'UDP') {
|
||||||
|
$FDB{$proto} = esmith::ConfigDB->open("portforward_" . lc($proto))
|
||||||
|
|| esmith::ConfigDB->create("portforward_" . lc($proto));
|
||||||
|
|
||||||
|
my %rules = split ',', $DB->get_prop_and_delete('masq', "${proto}Forwards")
|
||||||
|
|| next;
|
||||||
|
|
||||||
|
foreach my $entry (keys %rules) {
|
||||||
|
my %props = ( type => 'forward' );
|
||||||
|
my ($addr, $port) = split ':', $rules{$entry};
|
||||||
|
$props{'DestHost'} = $addr;
|
||||||
|
$props{'DestPort'} = $port if $port;
|
||||||
|
|
||||||
|
$FDB{$proto}->new_record($entry, \%props);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
168
root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding
Executable file
168
root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding
Executable file
@ -0,0 +1,168 @@
|
|||||||
|
<!-- vim: ft=xml:
|
||||||
|
-->
|
||||||
|
<lexicon lang="en-us">
|
||||||
|
<entry>
|
||||||
|
<base>FORM_TITLE</base>
|
||||||
|
<trans>Configure Port Forwarding</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>FIRST_PAGE_DESCRIPTION</base>
|
||||||
|
<trans><![CDATA[
|
||||||
|
<p>
|
||||||
|
You can use this panel to modify your firewall rules so
|
||||||
|
as to open a specific port on this server and forward it
|
||||||
|
to another port on another host. Doing so will permit
|
||||||
|
incoming traffic to directly access a private host on
|
||||||
|
your LAN.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
WARNING: Misuse of this feature can seriously compromise the
|
||||||
|
security of your network. Do not use this feature
|
||||||
|
lightly, or without fully understanding the implications
|
||||||
|
of your actions.
|
||||||
|
</p>
|
||||||
|
]]>
|
||||||
|
</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>CREATE_RULE</base>
|
||||||
|
<trans>Create portforwarding rule</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>SUMMARY_ADD_DESC</base>
|
||||||
|
<trans>The following summarizes the port-forwarding rule
|
||||||
|
that you are about to add. If you are satisfied with the rule,
|
||||||
|
click the "Add" button. If you are not, click the
|
||||||
|
"Cancel" button.
|
||||||
|
</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>SUMMARY_REMOVE_DESC</base>
|
||||||
|
<trans>The following summarizes the port-forwarding rule
|
||||||
|
that you are about to remove. If you are sure you want to
|
||||||
|
remove the rule, click the "Remove" button. If not,
|
||||||
|
click the "Cancel" button.
|
||||||
|
</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>SHOW_FORWARDS</base>
|
||||||
|
<trans>
|
||||||
|
Below you will find a table summarizing the current
|
||||||
|
port-forwarding rules installed on this server. Click on the
|
||||||
|
"Remove" link to remove the corresponding rule.
|
||||||
|
</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>NO_FORWARDS</base>
|
||||||
|
<trans>There are currently no forwarded ports on the system.</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>CREATE_PAGE_DESCRIPTION</base>
|
||||||
|
<trans><![CDATA[
|
||||||
|
<p>Select the protocol, the port you wish to forward, the
|
||||||
|
destination host, and the port on the destination host
|
||||||
|
that you wish to forward to. If you wish to specify a port
|
||||||
|
range, enter the lower and upper boundaries separated by a
|
||||||
|
hyphen. The destination port may be left blank, which will
|
||||||
|
instruct the firewall to leave the source port
|
||||||
|
unaltered.</p>
|
||||||
|
]]>
|
||||||
|
</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>LABEL_SOURCE_PORT</base>
|
||||||
|
<trans>Source Port(s)</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>LABEL_PROTOCOL</base>
|
||||||
|
<trans>Protocol</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>LABEL_DESTINATION_PORT</base>
|
||||||
|
<trans>Destination Port(s)</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>LABEL_DESTINATION_HOST</base>
|
||||||
|
<trans>Destination Host IP Address</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>LABEL_RULE_COMMENT</base>
|
||||||
|
<trans>Rule Comment</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>LABEL_ALLOW_HOSTS</base>
|
||||||
|
<trans>Allow Hosts</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>Port forwarding</base>
|
||||||
|
<trans>Port forwarding</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>SUCCESS</base>
|
||||||
|
<trans>Your change to the port forwarding rules has been
|
||||||
|
successfully saved.
|
||||||
|
</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>RULE_COMMENT</base>
|
||||||
|
<trans>Rule Comment</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>ALLOW_HOSTS</base>
|
||||||
|
<trans>Allow Hosts</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>ERR_NO_MASQ_RECORD</base>
|
||||||
|
<trans>Cannot retrieve masq record from the configuration
|
||||||
|
database.</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>ERR_UNSUPPORTED_MODE</base>
|
||||||
|
<trans>Unsupported mode.</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>ERR_CANNOT_REMOVE_NORULE</base>
|
||||||
|
<trans>Cannot remove non-existant rule.</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>ERR_NONZERO_RETURN_EVENT</base>
|
||||||
|
<trans>Event returned a non-zero return value.</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>ERR_BADPORT</base>
|
||||||
|
<trans>The ports must be a positive integer less than
|
||||||
|
65536.</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>ERR_BADIP</base>
|
||||||
|
<trans>This does not appear to be an IP address. You must use
|
||||||
|
dotted-quad notation, and each of the four numbers should be less
|
||||||
|
than 256. ie: 192.168.0.5</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>ERR_DUPRULE</base>
|
||||||
|
<trans>This rule has already been added, it cannot be added
|
||||||
|
twice.</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>ERR_PORT_COLLISION</base>
|
||||||
|
<trans>
|
||||||
|
ERROR: This port or port range conflicts with an existing
|
||||||
|
rule. Please modify this new rule, or remove the old rule.
|
||||||
|
</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>ERR_BADAHOST</base>
|
||||||
|
<trans>
|
||||||
|
This does not appear to be a valid IP address list.
|
||||||
|
ie: 192.168.0.1,192.168.1.1/24
|
||||||
|
</trans>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
<base>IN_SERVERONLY</base>
|
||||||
|
<trans>
|
||||||
|
This server is currently in serveronly mode and portforwarding
|
||||||
|
is possible only to localhost.
|
||||||
|
</trans>
|
||||||
|
</entry>
|
||||||
|
</lexicon>
|
@ -0,0 +1,5 @@
|
|||||||
|
/sbin/iptables -t nat --new-chain PortForwarding
|
||||||
|
/sbin/iptables -t nat --new-chain PortForwarding_1
|
||||||
|
/sbin/iptables -t nat --insert PREROUTING --jump PortForwarding
|
||||||
|
/sbin/iptables -t nat --append PortForwarding --destination $OUTERNET \
|
||||||
|
--jump PortForwarding_1
|
@ -0,0 +1,73 @@
|
|||||||
|
{
|
||||||
|
my $pf_chain = "PortForwarding_\$\$";
|
||||||
|
$OUT .= "# Create a new PortForwarding chain\n";
|
||||||
|
$OUT .= "PFC=\$(/sbin/iptables --table nat ";
|
||||||
|
$OUT .= "--numeric --list PortForwarding |\\\n";
|
||||||
|
$OUT .= " sed -n '3s/ .*//p')\n";
|
||||||
|
$OUT .= " /sbin/iptables --table nat --new-chain $pf_chain\n";
|
||||||
|
|
||||||
|
my %FDB;
|
||||||
|
|
||||||
|
foreach my $protocol (qw(tcp udp))
|
||||||
|
{
|
||||||
|
my $uproto = uc $protocol;
|
||||||
|
$FDB{$protocol} = esmith::ConfigDB->open("portforward_$protocol")
|
||||||
|
|| die "Can't open portforward_$protocol database: $!\n";
|
||||||
|
|
||||||
|
foreach my $entry ( $FDB{$protocol}->get_all ) {
|
||||||
|
my $port = $entry->key;
|
||||||
|
my $ip = $entry->prop('DestHost');
|
||||||
|
my $dport = $entry->prop('DestPort') || $port;
|
||||||
|
$port =~ s/-/:/;
|
||||||
|
|
||||||
|
# Map canonical localhost back to our current external IP
|
||||||
|
$ip = '$OUTERNET' if ($ip eq 'localhost');
|
||||||
|
|
||||||
|
my $host_list = $entry->prop("AllowHosts") || '0.0.0.0/0';
|
||||||
|
foreach my $host (split(',', $host_list)) {
|
||||||
|
|
||||||
|
$OUT .= " /sbin/iptables --table nat --append $pf_chain";
|
||||||
|
|
||||||
|
# Set up local port to forward
|
||||||
|
$OUT .= " --proto $protocol --destination-port ${port}";
|
||||||
|
$OUT .= " --src $host" unless $host eq '0.0.0.0/0';
|
||||||
|
|
||||||
|
# Set up the remote port to forward to
|
||||||
|
$OUT .= " -j DNAT --to-destination $ip:$dport\n";
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
# And accept the incoming packets. Use the dport if there is one.
|
||||||
|
($port = $dport) =~ s/-/:/ if $dport;
|
||||||
|
|
||||||
|
# If this rule is forwarding to localhost, ExternalIP or LocalIP,
|
||||||
|
# then we must allow it on the INPUT chain instead of the FORWARD
|
||||||
|
# chain.
|
||||||
|
|
||||||
|
my $target_chain = (($ip eq '$OUTERNET') ?
|
||||||
|
"Inbound${uproto}_\$\$" : "Forwarded${uproto}_\$\$");
|
||||||
|
|
||||||
|
foreach my $access_type (("Allow", "Deny")) {
|
||||||
|
my $jump_target = (($access_type eq "Allow") ? "ACCEPT" : "denylog");
|
||||||
|
my $host_list = $entry->prop("${access_type}Hosts") || "";
|
||||||
|
|
||||||
|
$host_list = "0.0.0.0/0"
|
||||||
|
if (($host_list eq "") and ($access_type eq "Allow"));
|
||||||
|
|
||||||
|
foreach my $host (split(',', $host_list)) {
|
||||||
|
$OUT .= " /sbin/iptables -A $target_chain";
|
||||||
|
$OUT .= " --proto $protocol --dport $port \\\n ";
|
||||||
|
$OUT .= " --destination $ip" if ($ip ne '$OUTERNET');
|
||||||
|
$OUT .= " --src $host --jump $jump_target\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# having created a new PortForwarding chain, activate it and destroy
|
||||||
|
# the old.
|
||||||
|
$OUT .= " /sbin/iptables --table nat --replace PortForwarding 1 " .
|
||||||
|
"--destination \$OUTERNET --jump $pf_chain\n";
|
||||||
|
$OUT .= " /sbin/iptables --table nat --flush \$PFC\n";
|
||||||
|
$OUT .= " /sbin/iptables --table nat --delete-chain \$PFC\n";
|
||||||
|
}
|
128
root/etc/e-smith/web/functions/portforwarding
Executable file
128
root/etc/e-smith/web/functions/portforwarding
Executable file
@ -0,0 +1,128 @@
|
|||||||
|
#!/usr/bin/perl -wT
|
||||||
|
# vim: ft=xml ts=4 sw=4 et:
|
||||||
|
#----------------------------------------------------------------------
|
||||||
|
# heading : Security
|
||||||
|
# description : Port forwarding
|
||||||
|
# navigation : 5000 5400
|
||||||
|
#----------------------------------------------------------------------
|
||||||
|
#----------------------------------------------------------------------
|
||||||
|
# copyright (C) 2002 Mitel Networks Corporation
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 2 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program; if not, write to the Free Software
|
||||||
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
#
|
||||||
|
# Technical support for this program is available from Mitel Networks
|
||||||
|
# Please visit our web site www.mitel.com/sme/ for details.
|
||||||
|
#----------------------------------------------------------------------
|
||||||
|
|
||||||
|
use strict;
|
||||||
|
use esmith::FormMagick::Panel::portforwarding;
|
||||||
|
my $form = esmith::FormMagick::Panel::portforwarding->new();
|
||||||
|
# Uncomment the next line for debugging purposes.
|
||||||
|
#$form->debug(1);
|
||||||
|
$form->display();
|
||||||
|
|
||||||
|
|
||||||
|
__DATA__
|
||||||
|
<form
|
||||||
|
title="FORM_TITLE"
|
||||||
|
header="/etc/e-smith/web/common/head.tmpl"
|
||||||
|
footer="/etc/e-smith/web/common/foot.tmpl">
|
||||||
|
|
||||||
|
<!-- page 0 -->
|
||||||
|
<page
|
||||||
|
name="First"
|
||||||
|
pre-event="print_status_message()">
|
||||||
|
<description>FIRST_PAGE_DESCRIPTION</description>
|
||||||
|
|
||||||
|
<subroutine src="show_port_forwards()" />
|
||||||
|
</page>
|
||||||
|
|
||||||
|
<!-- page 1 -->
|
||||||
|
<page
|
||||||
|
name="Create"
|
||||||
|
pre-event="print_status_message()">
|
||||||
|
<description>CREATE_PAGE_DESCRIPTION</description>
|
||||||
|
|
||||||
|
<field
|
||||||
|
id="protocol"
|
||||||
|
type="select"
|
||||||
|
options="'TCP','UDP'">
|
||||||
|
<label>LABEL_PROTOCOL</label>
|
||||||
|
</field>
|
||||||
|
<field
|
||||||
|
id="source_port"
|
||||||
|
type="text"
|
||||||
|
size="11"
|
||||||
|
validation="validate_source_port()">
|
||||||
|
<label>LABEL_SOURCE_PORT</label>
|
||||||
|
</field>
|
||||||
|
<field
|
||||||
|
id="destination_host"
|
||||||
|
type="text"
|
||||||
|
size="15"
|
||||||
|
validation="validate_destination_host()">
|
||||||
|
<label>LABEL_DESTINATION_HOST</label>
|
||||||
|
</field>
|
||||||
|
<field
|
||||||
|
id="destination_port"
|
||||||
|
type="text"
|
||||||
|
size="11"
|
||||||
|
validation="validate_destination_port()">
|
||||||
|
<label>LABEL_DESTINATION_PORT</label>
|
||||||
|
</field>
|
||||||
|
<field
|
||||||
|
id="rule_comment"
|
||||||
|
type="text">
|
||||||
|
<label>LABEL_RULE_COMMENT</label>
|
||||||
|
</field>
|
||||||
|
<field
|
||||||
|
id="allow_hosts"
|
||||||
|
type="text"
|
||||||
|
validation="validate_allowed_hosts()">
|
||||||
|
<label>LABEL_ALLOW_HOSTS</label>
|
||||||
|
</field>
|
||||||
|
|
||||||
|
<subroutine src="print_button('NEXT')" />
|
||||||
|
|
||||||
|
</page>
|
||||||
|
|
||||||
|
<!-- page 2 -->
|
||||||
|
<page
|
||||||
|
name="ShowSummary"
|
||||||
|
pre-event="turn_off_buttons()"
|
||||||
|
post-event="create_new()">
|
||||||
|
|
||||||
|
<subroutine src="display_summary_create" />
|
||||||
|
</page>
|
||||||
|
|
||||||
|
<!-- page 3
|
||||||
|
Note: This page is not used. It's a kludge to permit the next page
|
||||||
|
to work properly from a link on the front page. FormMagick needs
|
||||||
|
work.
|
||||||
|
-->
|
||||||
|
<page
|
||||||
|
name="Dummy">
|
||||||
|
</page>
|
||||||
|
|
||||||
|
<!-- page 4 -->
|
||||||
|
<page
|
||||||
|
name="Remove"
|
||||||
|
pre-event="turn_off_buttons()"
|
||||||
|
post-event="remove_rule()">
|
||||||
|
|
||||||
|
<subroutine src="display_summary_remove" />
|
||||||
|
</page>
|
||||||
|
|
||||||
|
</form>
|
@ -0,0 +1,676 @@
|
|||||||
|
#----------------------------------------------------------------------
|
||||||
|
# $Id: portforwarding.pm,v 1.38 2005/03/16 23:37:02 charlieb Exp $
|
||||||
|
# vim: ft=perl ts=4 sw=4 et:
|
||||||
|
#----------------------------------------------------------------------
|
||||||
|
# copyright (C) 2002 Mitel Networks Corporation
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 2 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program; if not, write to the Free Software
|
||||||
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
#
|
||||||
|
# Technical support for this program is available from Mitel Networks
|
||||||
|
# Please visit our web site www.e-smith.com for details.
|
||||||
|
#----------------------------------------------------------------------
|
||||||
|
|
||||||
|
package esmith::FormMagick::Panel::portforwarding;
|
||||||
|
|
||||||
|
use strict;
|
||||||
|
use esmith::ConfigDB;
|
||||||
|
use esmith::FormMagick;
|
||||||
|
use esmith::util;
|
||||||
|
use esmith::util::network qw(isValidIP);
|
||||||
|
use esmith::cgi;
|
||||||
|
use Exporter;
|
||||||
|
|
||||||
|
use constant TRUE => 1;
|
||||||
|
use constant FALSE => 0;
|
||||||
|
|
||||||
|
our @ISA = qw(esmith::FormMagick Exporter);
|
||||||
|
|
||||||
|
our @EXPORT = qw(
|
||||||
|
show_port_forwards create_new validate_source_port
|
||||||
|
validate_destination_port display_create_summary
|
||||||
|
);
|
||||||
|
|
||||||
|
our $VERSION = sprintf '%d.%03d', q$Revision: 1.38 $ =~ /: (\d+).(\d+)/;
|
||||||
|
our $db = esmith::ConfigDB->open
|
||||||
|
|| die "Can't open configuration database: $!\n";
|
||||||
|
our $tcp_db = esmith::ConfigDB->open('portforward_tcp')
|
||||||
|
|| die "Can't open portforward_tcp database: $!\n";
|
||||||
|
our $udp_db = esmith::ConfigDB->open('portforward_udp')
|
||||||
|
|| die "Can't open portforward_udp database: $!\n";
|
||||||
|
|
||||||
|
=head1 NAME
|
||||||
|
|
||||||
|
esmith::FormMagick::Panels::portforwarding - useful panel functions
|
||||||
|
|
||||||
|
=head1 SYNOPSIS
|
||||||
|
|
||||||
|
use esmith::FormMagick::Panels::portforwarding
|
||||||
|
|
||||||
|
my $panel = esmith::FormMagick::Panel::portforwarding->new();
|
||||||
|
$panel->display();
|
||||||
|
|
||||||
|
=head1 DESCRIPTION
|
||||||
|
|
||||||
|
This module is the backend to the portforwarding panel, responsible for
|
||||||
|
supplying all functions used by that panel. It is a subclass of
|
||||||
|
esmith::FormMagick itself, so it inherits the functionality of a FormMagick
|
||||||
|
object.
|
||||||
|
|
||||||
|
=head2 new
|
||||||
|
|
||||||
|
This is the class constructor.
|
||||||
|
|
||||||
|
=begin testing
|
||||||
|
|
||||||
|
$ENV{ESMITH_CONFIG_DB} = "10e-smith-base/configuration.conf";
|
||||||
|
|
||||||
|
use_ok('esmith::FormMagick::Panels::portforwarding');
|
||||||
|
our $panel;
|
||||||
|
ok($panel = esmith::FormMagick::Panels::portforwarding->new(),
|
||||||
|
"Create panel object");
|
||||||
|
isa_ok($panel, 'esmith::FormMagick::Panels::portforwarding');
|
||||||
|
|
||||||
|
=end testing
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub new {
|
||||||
|
my $class = ref($_[0]) || $_[0];
|
||||||
|
my $self = esmith::FormMagick->new();
|
||||||
|
bless $self, $class;
|
||||||
|
# Uncomment the following line for debugging.
|
||||||
|
#$self->debug(TRUE);
|
||||||
|
return $self;
|
||||||
|
}
|
||||||
|
|
||||||
|
=head2 show_port_forwards
|
||||||
|
|
||||||
|
This method displays the data on currently forwarded ports on
|
||||||
|
the system.
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub show_port_forwards {
|
||||||
|
my $self = shift;
|
||||||
|
my $q = $self->cgi;
|
||||||
|
|
||||||
|
my $empty = 0;
|
||||||
|
my @tcpforwards = $tcp_db->get_all;
|
||||||
|
my @udpforwards = $udp_db->get_all;
|
||||||
|
$empty = 1 if not @tcpforwards and not @udpforwards;
|
||||||
|
|
||||||
|
my %forwards = ();
|
||||||
|
$forwards{TCP} = \@tcpforwards;
|
||||||
|
$forwards{UDP} = \@udpforwards;
|
||||||
|
|
||||||
|
print $q->Tr(
|
||||||
|
$q->td({-colspan => 2},
|
||||||
|
'<br>' .
|
||||||
|
$q->a({-class => "button-like",
|
||||||
|
-href => "portforwarding?page=0&page_stack=&Next=Create"},
|
||||||
|
$self->localise('CREATE_RULE'))));
|
||||||
|
|
||||||
|
unless ($empty) {
|
||||||
|
print $q->Tr(
|
||||||
|
$q->td({-colspan => 2},
|
||||||
|
$q->p($self->localise('SHOW_FORWARDS')))),"\n";
|
||||||
|
|
||||||
|
my $q = $self->{cgi};
|
||||||
|
print "<tr><td colspan=\"2\">";
|
||||||
|
print $q->start_table({-class => 'sme-border'}), "\n ";
|
||||||
|
print $q->Tr(
|
||||||
|
esmith::cgi::genSmallCell(
|
||||||
|
$q,
|
||||||
|
$self->localise('LABEL_PROTOCOL'),
|
||||||
|
"header"
|
||||||
|
), " ",
|
||||||
|
esmith::cgi::genSmallCell(
|
||||||
|
$q,
|
||||||
|
$self->localise('LABEL_SOURCE_PORT'),
|
||||||
|
"header"
|
||||||
|
), " ",
|
||||||
|
esmith::cgi::genSmallCell(
|
||||||
|
$q,
|
||||||
|
$self->localise('LABEL_DESTINATION_HOST'),
|
||||||
|
"header"
|
||||||
|
), " ",
|
||||||
|
esmith::cgi::genSmallCell(
|
||||||
|
$q,
|
||||||
|
$self->localise('LABEL_DESTINATION_PORT'),
|
||||||
|
"header",
|
||||||
|
), " ",
|
||||||
|
esmith::cgi::genSmallCell(
|
||||||
|
$q,
|
||||||
|
$self->localise('ALLOW_HOSTS'),
|
||||||
|
"header",
|
||||||
|
), " ",
|
||||||
|
esmith::cgi::genSmallCell(
|
||||||
|
$q,
|
||||||
|
$self->localise('RULE_COMMENT'),
|
||||||
|
"header",
|
||||||
|
), " ",
|
||||||
|
$q->th({-class => "sme-border", -colspan => 2},
|
||||||
|
$self->localise('ACTION')
|
||||||
|
), "\n ",
|
||||||
|
);
|
||||||
|
foreach my $proto (sort keys %forwards) {
|
||||||
|
if (@{ $forwards{$proto} }) {
|
||||||
|
foreach my $entry (@{ $forwards{$proto} }) {
|
||||||
|
my $sport = $entry->key;
|
||||||
|
my $dhost = $entry->prop('DestHost');
|
||||||
|
my $dport = $entry->prop('DestPort') || '';
|
||||||
|
my $cmmnt = $entry->prop('Comment') || '';
|
||||||
|
my $allow = $entry->prop('AllowHosts') || '';
|
||||||
|
print $q->Tr(
|
||||||
|
esmith::cgi::genSmallCell($q, $proto),
|
||||||
|
" ",
|
||||||
|
esmith::cgi::genSmallCell($q, $sport),
|
||||||
|
" ",
|
||||||
|
esmith::cgi::genSmallCell($q, $dhost),
|
||||||
|
" ",
|
||||||
|
esmith::cgi::genSmallCell($q, $dport || ' '),
|
||||||
|
" ",
|
||||||
|
esmith::cgi::genSmallCell($q, $allow || ' '),
|
||||||
|
" ",
|
||||||
|
esmith::cgi::genSmallCell($q, $cmmnt || ' '),
|
||||||
|
" ",
|
||||||
|
esmith::cgi::genSmallCell(
|
||||||
|
$q,
|
||||||
|
$q->a({href => $q->url(-absolute => 1)
|
||||||
|
. "?page=3&Next=Next&protocol=$proto&"
|
||||||
|
. "source_port=$sport&"
|
||||||
|
. "destination_host=$dhost&"
|
||||||
|
. "destination_port=$dport&"
|
||||||
|
. "rule_comment=".CGI::escape($cmmnt)."&"
|
||||||
|
. "allow_hosts=$allow"},
|
||||||
|
$self->localise("REMOVE"))
|
||||||
|
),
|
||||||
|
"\n ",
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
print $q->end_table,"\n";
|
||||||
|
print '</td></tr>';
|
||||||
|
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
print $q->Tr(
|
||||||
|
$q->td({-colspan => 2}, '<br>' .
|
||||||
|
$self->localise('NO_FORWARDS')));
|
||||||
|
}
|
||||||
|
return undef;
|
||||||
|
}
|
||||||
|
|
||||||
|
=head2 validate_source_port
|
||||||
|
|
||||||
|
This method validates the source port field in the new port forward page.
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub validate_source_port {
|
||||||
|
my $self = shift;
|
||||||
|
my $q = $self->{cgi};
|
||||||
|
my $sport = $q->param('source_port');
|
||||||
|
$sport =~ s/^\s+|\s+$//g;
|
||||||
|
# If this is a port range, split it up and validate it individually.
|
||||||
|
my @ports = ();
|
||||||
|
if ($sport =~ /-/)
|
||||||
|
{
|
||||||
|
@ports = split /-/, $sport;
|
||||||
|
if (@ports > 2)
|
||||||
|
{
|
||||||
|
$self->debug_msg("found more than 2 ports: @ports");
|
||||||
|
return $self->localise('ERR_BADPORT');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
push @ports, $sport;
|
||||||
|
}
|
||||||
|
$self->debug_msg("the ports array is: @ports");
|
||||||
|
foreach my $port (@ports)
|
||||||
|
{
|
||||||
|
$self->debug_msg("looping on port $port");
|
||||||
|
if (! $self->isValidPort($port))
|
||||||
|
{
|
||||||
|
$self->debug_msg("returning: " . $self->localise('ERR_BADPORT'));
|
||||||
|
return $self->localise('ERR_BADPORT');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
# Now, lets screen any duplicates.
|
||||||
|
my $protocol = $q->param('protocol');
|
||||||
|
my @forwards = ();
|
||||||
|
|
||||||
|
# Grab the existing rules for this protocol.
|
||||||
|
if ($protocol eq 'TCP') {
|
||||||
|
@forwards = map { $_->key } $tcp_db->get_all;
|
||||||
|
} elsif ($protocol eq 'UDP') {
|
||||||
|
@forwards = map { $_->key } $udp_db->get_all;
|
||||||
|
}
|
||||||
|
foreach my $psport (@forwards)
|
||||||
|
{
|
||||||
|
if ($self->detect_collision($sport, $psport))
|
||||||
|
{
|
||||||
|
return $self->localise('ERR_PORT_COLLISION');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 'OK';
|
||||||
|
}
|
||||||
|
|
||||||
|
=head2 detect_collision
|
||||||
|
|
||||||
|
This method looks for a collision between two ports or port ranges.
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub detect_collision
|
||||||
|
{
|
||||||
|
my $self = shift;
|
||||||
|
my $port_a = shift;
|
||||||
|
my $port_b = shift;
|
||||||
|
|
||||||
|
# If they're both single ports, see if they're the same.
|
||||||
|
if (($port_a !~ /-/) && ($port_b !~ /-/))
|
||||||
|
{
|
||||||
|
return $port_a eq $port_b;
|
||||||
|
}
|
||||||
|
# If port_a is not a range but port_b is, is a in b?
|
||||||
|
elsif ($port_a !~ /-/)
|
||||||
|
{
|
||||||
|
my ($b1, $b2) = split /-/, $port_b;
|
||||||
|
return (($port_a >= $b1) && ($port_a <= $b2));
|
||||||
|
}
|
||||||
|
elsif ($port_b !~ /-/)
|
||||||
|
{
|
||||||
|
my ($a1, $a2) = split /-/, $port_a;
|
||||||
|
return (($port_b >= $a1) && ($port_b <= $a2));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
# They're both ranges. Do they overlap?
|
||||||
|
my ($a1, $a2) = split /-/, $port_a;
|
||||||
|
my ($b1, $b2) = split /-/, $port_b;
|
||||||
|
# They can overlap in two ways. Either a1 is in b, or b1 is in a.
|
||||||
|
if (($a1 >= $b1) && ($a1 <= $b2))
|
||||||
|
{
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
elsif (($b1 >= $a1) && ($b1 <= $a2))
|
||||||
|
{
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
=head2 validate_destination_port
|
||||||
|
|
||||||
|
This method validates the destination port field in the new port
|
||||||
|
forward page.
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub validate_destination_port {
|
||||||
|
my $self = shift;
|
||||||
|
my $dport = $self->{cgi}->param('destination_port');
|
||||||
|
$dport =~ s/^\s+|\s+$//g;
|
||||||
|
# If the dport is empty, that's ok.
|
||||||
|
return 'OK' if not $dport;
|
||||||
|
|
||||||
|
# If this is a port range, split it up and validate it individually.
|
||||||
|
my @ports = ();
|
||||||
|
if ($dport =~ /-/)
|
||||||
|
{
|
||||||
|
@ports = split /-/, $dport;
|
||||||
|
if (@ports > 2)
|
||||||
|
{
|
||||||
|
$self->debug_msg("found more than 2 ports: @ports");
|
||||||
|
return $self->localise('ERR_BADPORT');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
push @ports, $dport;
|
||||||
|
}
|
||||||
|
$self->debug_msg("the ports array is: @ports");
|
||||||
|
|
||||||
|
foreach my $port (@ports)
|
||||||
|
{
|
||||||
|
$self->debug_msg("looping on port $port");
|
||||||
|
if (! $self->isValidPort($port))
|
||||||
|
{
|
||||||
|
$self->debug_msg("returning: " . $self->localise('ERR_BADPORT'));
|
||||||
|
return $self->localise('ERR_BADPORT');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 'OK';
|
||||||
|
}
|
||||||
|
|
||||||
|
=head2 isValidPort
|
||||||
|
|
||||||
|
Test for a valid port.
|
||||||
|
FIXME: Remove this when 5.6 is no longer supported, and use
|
||||||
|
esmith::util::network::isValidPort instead.
|
||||||
|
|
||||||
|
=begin testing
|
||||||
|
|
||||||
|
@badports = (98765434, -183, 0, 'bad port', 'a');
|
||||||
|
@goodports = (67, 23, 1, 54736);
|
||||||
|
|
||||||
|
foreach $port (@badports) {
|
||||||
|
$panel->{cgi}->param('destination_port' => $port);
|
||||||
|
isnt($panel->validate_source_port(), "OK");
|
||||||
|
}
|
||||||
|
foreach $port (@goodports) {
|
||||||
|
$panel->{cgi}->param('source_port' => $port);
|
||||||
|
is($panel->validate_source_port(), "OK");
|
||||||
|
}
|
||||||
|
|
||||||
|
=end testing
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub isValidPort() {
|
||||||
|
my $self = shift;
|
||||||
|
my $port = shift;
|
||||||
|
|
||||||
|
return FALSE unless defined $port;
|
||||||
|
|
||||||
|
if (($port =~ /^\d+$/) &&
|
||||||
|
($port > 0) &&
|
||||||
|
($port < 65536))
|
||||||
|
{
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
=head2 validate_destination_host
|
||||||
|
|
||||||
|
The purpose of this method is to validate the destination host field in the
|
||||||
|
new port forward page.
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub validate_destination_host {
|
||||||
|
my $self = shift;
|
||||||
|
my $dhost = $self->{cgi}->param('destination_host');
|
||||||
|
$dhost =~ s/^\s+|\s+$//g;
|
||||||
|
|
||||||
|
my $localip = $db->get_prop('InternalInterface', 'IPAddress');
|
||||||
|
my $external_ip = $db->get_prop('ExternalInterface', 'IPAddress') || $localip;
|
||||||
|
|
||||||
|
if ($dhost =~ /^(localhost|127.0.0.1|$localip|$external_ip)$/i)
|
||||||
|
{
|
||||||
|
# localhost token gets expanded at runtime to current external IP
|
||||||
|
$self->{cgi}->param(-name=>'destination_host', -value=>'localhost');
|
||||||
|
return "OK";
|
||||||
|
}
|
||||||
|
|
||||||
|
my $systemmode = $db->get_value('SystemMode');
|
||||||
|
|
||||||
|
if ($systemmode eq 'serveronly') {
|
||||||
|
return $self->localise('IN_SERVERONLY');
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isValidIP($dhost)) {
|
||||||
|
return 'OK';
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return $self->localise('ERR_BADIP');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
=head2 validate_allowed_hosts
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub validate_allowed_hosts {
|
||||||
|
my $self = shift;
|
||||||
|
my $ahost = $self->{cgi}->param('allow_hosts');
|
||||||
|
$ahost =~ s/^\s+|\s+$//g;
|
||||||
|
|
||||||
|
my $valid_ahost_list = "OK";
|
||||||
|
|
||||||
|
foreach (split(/[\s,]+/, $ahost)) {
|
||||||
|
my $valid_ipnet = 0;
|
||||||
|
$valid_ipnet = 1 if ($_ =~ m/^\d+\.\d+\.\d+\.\d+$/);
|
||||||
|
$valid_ipnet = 1 if ($_ =~ m/^\d+\.\d+\.\d+\.\d+\/\d+$/);
|
||||||
|
$valid_ahost_list = "ERR_BADAHOST" if ($valid_ipnet != 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $valid_ahost_list;
|
||||||
|
}
|
||||||
|
|
||||||
|
=head2 display_summary_create
|
||||||
|
|
||||||
|
This is a wrapper for the display_summary method, to call it in create mode.
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub display_summary_create {
|
||||||
|
my $self = shift;
|
||||||
|
$self->display_summary('create');
|
||||||
|
}
|
||||||
|
|
||||||
|
=head2 display_summary_remove
|
||||||
|
|
||||||
|
This is a wrapper for the display_summary method, to call it in remove mode.
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub display_summary_remove {
|
||||||
|
my $self = shift;
|
||||||
|
$self->display_summary('remove');
|
||||||
|
}
|
||||||
|
|
||||||
|
=head2 display_create_summary
|
||||||
|
|
||||||
|
This method's purpose is to display a summary of the rule about to be added.
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub display_summary {
|
||||||
|
my $self = shift;
|
||||||
|
my $mode = shift;
|
||||||
|
my $save = $self->localise('SAVE');
|
||||||
|
my $cancel = $self->localise('CANCEL');
|
||||||
|
my $output = "";
|
||||||
|
my $q = $self->{cgi};
|
||||||
|
$self->debug_msg("start of method");
|
||||||
|
|
||||||
|
print "<tr><td colspan=\"2\">";
|
||||||
|
|
||||||
|
my $description = "";
|
||||||
|
if ($mode eq 'create') {
|
||||||
|
$description = $self->localise('SUMMARY_ADD_DESC');
|
||||||
|
}
|
||||||
|
elsif ($mode eq 'remove') {
|
||||||
|
$description = $self->localise('SUMMARY_REMOVE_DESC');
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return $self->error('ERR_UNSUPPORTED_MODE');
|
||||||
|
}
|
||||||
|
|
||||||
|
print $q->p($description);
|
||||||
|
|
||||||
|
my $dhost = $self->get_destination_host();
|
||||||
|
foreach my $tablearrayref (
|
||||||
|
[$self->localise('LABEL_PROTOCOL')
|
||||||
|
=> $q->param('protocol')],
|
||||||
|
[$self->localise('LABEL_SOURCE_PORT')
|
||||||
|
=> $q->param('source_port')],
|
||||||
|
[$self->localise('LABEL_DESTINATION_PORT')
|
||||||
|
=> $q->param('destination_port') || ' '],
|
||||||
|
[$self->localise('LABEL_DESTINATION_HOST')
|
||||||
|
=> $dhost],
|
||||||
|
[$self->localise('RULE_COMMENT')
|
||||||
|
=> $q->param('rule_comment')],
|
||||||
|
[$self->localise('ALLOW_HOSTS')
|
||||||
|
=> $q->param('allow_hosts')],
|
||||||
|
)
|
||||||
|
{
|
||||||
|
print $q->Tr(
|
||||||
|
$q->td({-class => 'sme-noborders-label'},
|
||||||
|
$tablearrayref->[0],
|
||||||
|
$q->td({-class => 'sme-noborders-content'},
|
||||||
|
$tablearrayref->[1]))), "\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($mode eq 'create') {
|
||||||
|
print $q->table({-width => '100%'}, $q->Tr($q->th({-class => 'sme-layout'},
|
||||||
|
$q->submit(-name => 'apply',
|
||||||
|
-value => $self->localise("ADD")),
|
||||||
|
' ',
|
||||||
|
$q->submit(-name => 'cancel',
|
||||||
|
-value => $self->localise("CANCEL")))));
|
||||||
|
}
|
||||||
|
elsif ($mode eq 'remove') {
|
||||||
|
print $q->table({-width => '100%'}, $q->Tr($q->th({-class => 'sme-layout'},
|
||||||
|
$q->submit( -name => 'remove',
|
||||||
|
-value => $self->localise("REMOVE")),
|
||||||
|
' ',
|
||||||
|
$q->submit( -name => 'cancel',
|
||||||
|
-value => $self->localise("CANCEL")))));
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return $self->error('ERR_UNSUPPORTED_MODE');
|
||||||
|
}
|
||||||
|
$self->debug_msg("returning");
|
||||||
|
|
||||||
|
print "</td></tr>";
|
||||||
|
return undef;
|
||||||
|
}
|
||||||
|
|
||||||
|
=head2 remove_rule
|
||||||
|
|
||||||
|
This method is a remove wrapper for the modify method.
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub remove_rule {
|
||||||
|
my $self = shift;
|
||||||
|
$self->modify('remove');
|
||||||
|
}
|
||||||
|
|
||||||
|
=head2 create_new
|
||||||
|
|
||||||
|
This method is a create wrapper for the modify method.
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub create_new {
|
||||||
|
my $self = shift;
|
||||||
|
$self->modify('create');
|
||||||
|
}
|
||||||
|
|
||||||
|
=head2 modify
|
||||||
|
|
||||||
|
This method's purpose is to add or remove rules from the database, and then
|
||||||
|
cause the firewall rules to update.
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub modify {
|
||||||
|
no strict 'refs';
|
||||||
|
my $self = shift;
|
||||||
|
my $mode = shift;
|
||||||
|
my $q = $self->{cgi};
|
||||||
|
$self->debug_msg("at start of modify method");
|
||||||
|
|
||||||
|
# If the cancel button was pressed, just go back to the start page.
|
||||||
|
if ($q->param("cancel")) {
|
||||||
|
$self->debug_msg("the cancel button was pressed");
|
||||||
|
$self->wherenext("First");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
# Save the changes.
|
||||||
|
my $proto = $q->param("protocol");
|
||||||
|
my $sport = $q->param("source_port");
|
||||||
|
my $dport = $q->param("destination_port");
|
||||||
|
my $dhost = $self->get_destination_host();
|
||||||
|
my $cmmnt = $q->param("rule_comment") || "";
|
||||||
|
my $allow = $q->param("allow_hosts") || "";
|
||||||
|
my $deny = (($q->param("allow_hosts")) ? "0.0.0.0/0" : "");
|
||||||
|
$proto =~ s/^\s+|\s+$//g;
|
||||||
|
$sport =~ s/^\s+|\s+$//g;
|
||||||
|
$dport =~ s/^\s+|\s+$//g;
|
||||||
|
$dhost =~ s/^\s+|\s+$//g;
|
||||||
|
|
||||||
|
$self->debug_msg("protocol is $proto");
|
||||||
|
$self->debug_msg("source_port is $sport");
|
||||||
|
$self->debug_msg("destination_port is $dport");
|
||||||
|
$self->debug_msg("destination_host is $dhost");
|
||||||
|
|
||||||
|
my $whichforwards = "";
|
||||||
|
my $fdb;
|
||||||
|
if ($proto eq 'TCP') {
|
||||||
|
$fdb = $tcp_db;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$fdb = $udp_db;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($mode eq 'create') {
|
||||||
|
$self->debug_msg("we are in create mode");
|
||||||
|
my $entry = $fdb->get($sport) || $fdb->new_record($sport, { type => 'forward' });
|
||||||
|
$entry->set_prop('DestHost', $dhost);
|
||||||
|
$entry->set_prop('DestPort', $dport) if $dport;
|
||||||
|
$entry->set_prop('Comment', $cmmnt);
|
||||||
|
$entry->set_prop('AllowHosts', $allow);
|
||||||
|
$entry->set_prop('DenyHosts', $deny);
|
||||||
|
}
|
||||||
|
elsif ($mode eq 'remove') {
|
||||||
|
$self->debug_msg("we are in remove mode");
|
||||||
|
my $entry = $fdb->get($sport);
|
||||||
|
return $self->error('ERR_CANNOT_REMOVE_NORULE') unless $entry;
|
||||||
|
$entry->delete;
|
||||||
|
}
|
||||||
|
|
||||||
|
system("/sbin/e-smith/signal-event",
|
||||||
|
"portforwarding-update") == 0
|
||||||
|
|| return $self->error('ERR_NONZERO_RETURN_EVENT');
|
||||||
|
|
||||||
|
return $self->success();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
=head2 get_destination_host
|
||||||
|
|
||||||
|
Get the 'destination_host' parameter, and fold it to 'localhost' if it
|
||||||
|
matches any local interface IP address.
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub get_destination_host
|
||||||
|
{
|
||||||
|
my $self = shift;
|
||||||
|
my $q = $self->{cgi};
|
||||||
|
my $dhost = $q->param("destination_host");
|
||||||
|
my $localip = $db->get_prop('InternalInterface', 'IPAddress');
|
||||||
|
my $external_ip = $db->get_prop('ExternalInterface', 'IPAddress') || $localip;
|
||||||
|
|
||||||
|
if ($dhost =~ /^(127.0.0.1|$localip|$external_ip)$/i)
|
||||||
|
{
|
||||||
|
# localhost token gets expanded at runtime to current external IP
|
||||||
|
$dhost = 'localhost';
|
||||||
|
}
|
||||||
|
return $dhost;
|
||||||
|
}
|
||||||
|
|
||||||
|
1;
|
Loading…
Reference in New Issue
Block a user