smeserver
/
smeserver-portforwarding
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit of file from CVS for e-smith-portforwarding on Wed 12 Jul 09:04:13 BST 2023

Browse Source
master 2.6.0
Brian Read 10 months ago
parent e5466e0cdd
commit 4094d29da6
13 changed files with 1960 additions and 2 deletions
Show Stats Download Patch File Download Diff File

4
.gitignore vendored
Unescape Escape View File

@ -0,0 +1,4 @@
*.rpm
*.log
*spec-20*
*.tar.xz

21
Makefile
Unescape Escape View File

@ -0,0 +1,21 @@
# Makefile for source rpm: e-smith-portforwarding
# $Id: Makefile,v 1.1 2016/02/05 22:00:01 stephdl Exp $
NAME := e-smith-portforwarding
SPECFILE = $(firstword $(wildcard *.spec))
define find-makefile-common
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
endef
MAKEFILE_COMMON := $(shell $(find-makefile-common))
ifeq ($(MAKEFILE_COMMON),)
# attept a checkout
define checkout-makefile-common
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
endef
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
endif
include $(MAKEFILE_COMMON)

18
README.md
Unescape Escape View File

@ -1,3 +1,17 @@
# e-smith-portforwarding
# <img src="https://www.koozali.org/images/koozali/Logo/Png/Koozali_logo_2016.png" width="25%" vertical="auto" style="vertical-align:bottom"> e-smith-portforwarding
SMEServer Koozali developed git repo for e-smith-portforwarding smeserver
SMEServer Koozali developed git repo for e-smith-portforwarding smeserver
## Wiki
<br />https://wiki.koozali.org/
## Bugzilla
Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=e-smith-portforwarding&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
## Description
<br />*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.*
*Once it has been checked, then this comment will be deleted*
<br />
E-Smith-Portforwarding is a powerful software solution for streamlining the process of setting up and managing port forwarding on an internal network. It provides users with an intuitive and easy-to-use interface for creating and managing port forwarding rules, as well as quickly viewing the current status of active ports. With E-Smith-Portforwarding, users can quickly and easily forward ports to any internal or external host, allowing secure, remote access to services running on the internal network. It also provides in-depth monitoring and logging capabilities, allowing administrators to keep track of the activity on forwarded ports, as well as detect and alert them of any suspicious activity.

340
additional/COPYING
Unescape Escape View File

@ -0,0 +1,340 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) 19yy <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) 19yy name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

1
contriborbase
Unescape Escape View File

@ -0,0 +1 @@
sme10

23
createlinks
Unescape Escape View File

@ -0,0 +1,23 @@
#!/usr/bin/perl -w
# This script creates the symlinks needed by this RPM
# Specific support exists to create symlinks within e-smith web "panels"
# and for links from named "events" directories into the "actions" directory
use esmith::Build::CreateLinks qw(:all);
#--------------------------------------------------
# functions for user panel
#--------------------------------------------------
my $panel = "manager";
panel_link("portforwarding", $panel);
my $event = "portforwarding-update";
templates2events("/etc/rc.d/init.d/masq", $event);
safe_symlink("adjust", "root/etc/e-smith/events/$event/services2adjust/masq");
my $event = "e-smith-portforwarding-update";
templates2events("/etc/rc.d/init.d/masq", $event);
safe_symlink("adjust", "root/etc/e-smith/events/$event/services2adjust/masq");
# systemd-specific action mandatory for this package-update event
event_link("systemd-reload", $event, "89");
event_link("systemd-default", $event, "88");

486
e-smith-portforwarding.spec
Unescape Escape View File

@ -0,0 +1,486 @@
# $Id: e-smith-portforwarding.spec,v 1.3 2021/01/06 20:31:11 jpp Exp $
Summary: portforwarding panel for SME Server
%define name e-smith-portforwarding
Name: %{name}
%define version 2.6.0
%define release 4
Version: %{version}
Release: %{release}%{?dist}
License: GPL
Group: Networking/Daemons
Source: %{name}-%{version}.tar.xz
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
BuildArchitectures: noarch
Requires: e-smith-base
Requires: e-smith-packetfilter >= 1.13.0-13
Requires: e-smith-lib >= 1.15.1-19
Requires: e-smith-formmagick >= 1.4.0-12
BuildRequires: e-smith-devtools >= 1.13.1-03
Obsoletes: e-smith-ipportfw dmc-mitel-portforwarding
AutoReqProv: no
%description
Adds a Port Forwarding panel to the SME server-manager.
%changelog
* Wed Jul 12 2023 cvs2git.sh aka Brian Read <brianr@koozali.org> 2.6.0-4.sme
- Roll up patches and move to git repo [SME: 12338]
* Wed Jul 12 2023 BogusDateBot
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
by assuming the date is correct and changing the weekday.
Wed Jun 26 2007 --> Wed Jun 20 2007 or Tue Jun 26 2007 or Wed Jun 27 2007 or ....
* Wed Jan 06 2021 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-3.sme
- add update event [SME: 11148]
* Thu May 12 2016 Daniel Berteaud <daniel@firewall-services.com> 2.6.0-2.sme
- Rebuild for [SME: 9393]
* Fri Feb 05 2016 stephane de Labrusse <stephdl@de-labrusse.fr> 2.6.0-1.sme
- Initial release to sme10
* Thu Jan 31 2013 Shad L. Lords <slords@mail.com> 2.4.0-1.sme
- Roll new stream for sme9
* Thu Mar 11 2010 Jonathan Martens <smeserver-contribs@snetram.nl> 2.2.0-6.sme
- Fix missing space cuasing errors parsing the iptables rules [SME: 2379]
* Tue Mar 9 2010 Jonathan Martens <smeserver-contribs@snetram.nl> 2.2.0-5.sme
- Rework 91adjustPortForward template fragment [SME: 2379]
* Tue Dec 15 2009 Filippo Carletti <filippo.carletti@gmail.com> 2.2.0-4.sme
- Enable port forwards to localhost if mode is serveronly [SME: 1003]
* Tue Oct 20 2009 Filippo Carletti <filippo.carletti@gmail.com> 2.2.0-3.sme
- Adjust xml entry in locale [SME: 771]
* Mon Oct 19 2009 Filippo Carletti <filippo.carletti@gmail.com> 2.2.0-2.sme
- Add option to limit port forwards from source ip [SME: 2379]
- Add Text Description For Each Port Forwarding [SME: 771]
* Tue Oct 7 2008 Shad L. Lords <slords@mail.com> 2.2.0-1.sme
- Roll new stream to separate sme7/sme8 trees [SME: 4633]
* Sun Apr 27 2008 Jonathan Martens <smeserver-contribs@snetram.nl> 1.2.0-9
- Add common <base> tags to e-smith-formmagick's general [SME: 4282]
* Wed Feb 13 2008 Stephen Noble <support@dungog.net> 1.2.0-8
- Remove <base> tags now in general [SME: 3913]
* Sun Feb 10 2008 Stephen Noble <support@dungog.net> 1.2.0-7
- Remove duplicate <base> entries [SME: 3888]
* Thu Nov 08 2007 Gavin Weight<gweight@mail.com> 1.2.0-6
- Remove/Fix portforwarding.pm.orig file. [SME: 3526]
* Tue Oct 16 2007 Charlie Brady <charlie_brady@mitel.com> 1.2.0-5
- Use $OUTERNET for target of localhost port forwards, not externalIP
pulled from db at template expansion time. [SME: 2760]
* Tue Jun 26 2007 Shad L. Lords <slords@mail.com> 1.2.0-4
Wed Jun 26 2007 --> Wed Jun 20 2007 or Tue Jun 26 2007 or Wed Jun 27 2007 or ....
- Ensure portforwarding dbs exists [SME: 54]
* Tue Jun 26 2007 Shad L. Lords <slords@mail.com> 1.2.0-3
- Migrate portforwarding to own databases [SME: 54]
* Sun Apr 29 2007 Shad L. Lords <slords@mail.com>
- Clean up spec so package can be built by koji/plague
* Thu Dec 07 2006 Shad L. Lords <slords@mail.com>
- Update to new release naming. No functional changes.
- Make Packager generic
* Thu Mar 16 2006 Gordon Rowell <gordonr@gormand.com.au> 1.2.0-01
- Roll stable stream version. [SME: 1016]
* Wed Nov 30 2005 Gordon Rowell <gordonr@gormand.com.au> 1.1.2-02
- Bump release number only
* Fri Oct 14 2005 Gordon Rowell <gordonr@e-smith.com>
- [1.1.2-01]
- Remove L10Ns from base packages [SF: 1309520]
* Fri Oct 14 2005 Gordon Rowell <gordonr@e-smith.com>
- [1.1.1-01]
- New dev stream before relocating L10Ns
* Fri Sep 30 2005 Gordon Rowell <gordonr@e-smith.com>
- [1.1.0-13]
- Added Italian L10N - Thanks Filippo Carletti [SF: 1309266]
* Mon Sep 26 2005 Gordon Rowell <gordonr@e-smith.com>
- [1.1.0-12]
- Added German L10N - Thanks Dietmar Berteld [SF: 1293325]
* Thu Jul 14 2005 Charlie Brady <charlieb@e-smith.com>
- [1.1.0-11]
- Fix an expression precedence problem with UDP portforwarding. [SF: 1237913]
* Fri Jul 8 2005 Charlie Brady <charlieb@e-smith.com>
- [1.1.0-10]
- Fix UDP portforwarding. [SF: 1234630]
* Sat Mar 19 2005 Charlie Brady <charlieb@e-smith.com>
- [1.1.0-09]
- Fix typo in createlinks.
* Fri Mar 18 2005 Charlie Brady <charlieb@e-smith.com>
- [1.1.0-08]
- Add fr and es localisations for new text.
* Thu Mar 17 2005 Charlie Brady <charlieb@e-smith.com>
- [1.1.0-07]
- Display text to indicate that portforwarding isn't available in
serveronly mode.
- Create new portforwarding-update event, as remoteaccess-update
is rather heavyweight. use generic_template_expand and
adjust-services. [MN00064130, MN00065576]
- Fix some run-time probs with Gordon's contributed patch.
* Wed Mar 16 2005 Charlie Brady <charlieb@e-smith.com>
- [1.1.0-06]
- Patch provided by Gordon to allow portforwarding to "localhost".
* Wed May 5 2004 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-05]
- Now detecting serveronly mode, and disabling the ability to add
portforwarding rules while in that state. [msoulier MN00025609]
* Wed Dec 3 2003 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-04]
- Added French and Spanish translations of new lexicon. [msoulier 10203]
* Wed Dec 3 2003 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-03]
- Refactored 91adjustPortForward to remove duplicate code. [msoulier 10203]
- Added code to properly handle portforwarding to the external interface.
Forwarding to localhost or the private interface is now explicitly blocked.
[msoulier 10203]
* Mon Oct 20 2003 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-02]
- Added better validation on the sort port to prevent conflicting rules.
[msoulier 9262]
* Fri Oct 17 2003 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-01]
- forcing to dev stream - 1.1.0
* Fri Oct 17 2003 Michael Soulier <msoulier@e-smith.com>
- [0.2.0-03]
- Fixed summaries so that the styling is now 6.0. [msoulier 9306]
* Thu Aug 28 2003 Charlie Brady <charlieb@e-smith.com>
- [0.2.0-02]
- Fix typo in masq fragment which prevented forwarding of UDP.
[charlieb 9859]
* Thu Jun 26 2003 Charlie Brady <charlieb@e-smith.com>
- [0.2.0-01]
- Changing version to stable stream number - 0.2.0
* Tue Jun 24 2003 Gordon Rowell <gordonr@e-smith.com>
- [0.1.1-20]
- Wording update on main page [gordonr 9101]
* Fri Jun 20 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.1-19]
- Revert to previous version. [msoulier 8803]
* Wed Jun 11 2003 Charlie Brady <charlieb@e-smith.com>
- [0.1.1-18]
- Redo (simplify) some of the code in the portforwarding panel, and make
destination port explicit if not specified. [charlieb 8803]
* Tue May 6 2003 Lijie Deng <lijied@e-smith.com>
- [0.1.1-17]
- Add Spanish lexicon for portfowarding [lijied 3793]
* Tue Apr 8 2003 Lijie Deng <lijied@e-smith.com>
- [0.1.1-16]
- Removed colons on the label where necessary [lijied 7950]
* Tue Apr 8 2003 Lijie Deng <lijied@e-smith.com>
- [0.1.1-15]
- Modified button Apply to Add [lijied 7921]
* Tue Apr 8 2003 Lijie Deng <lijied@e-smith.com>
- [0.1.1-14]
- Added French translation for "Misuse of feature...." [lijied 8072]
* Tue Apr 8 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.1-13]
- Fixed lack of buttons on summary page. [msoulier 8089]
* Mon Apr 7 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.1-12]
- Inserting PortForwarding chain as first entry in the PREROUTING chain.
[msoulier 8089]
* Fri Apr 4 2003 Lijie Deng <lijied@e-smith.com>
- [0.1.1-11]
- Change $q->table to $q->start_table where necessary [lijied 8034]
* Fri Apr 4 2003 Gordon Rowell <gordonr@e-smith.com>
- [0.1.1-10]
- Text revision on panel [gordonr 8072]
* Thu Apr 3 2003 Tony Clayton <apc@e-smith.com>
- [0.1.1-09]
- Add colons to labels and fix text when table is empty in panel [tonyc 7950]
* Wed Apr 2 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.1-08]
- Added french lexicon for creating a port-forwarding rule. [msoulier 7284]
* Tue Apr 1 2003 Gordon Rowell <gordonr@e-smith.com>
- [0.1.1-07]
- Delete stray fr nav bar lexicon entries [gordonr 7926]
* Tue Apr 1 2003 Gordon Rowell <gordonr@e-smith.com>
- [0.1.1-06]
- Added french lexicon for security, so it shows up in the right spot
on the menu panel. [msoulier 7284]
* Tue Apr 1 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.1-05]
- Added proper styling to the tables. [msoulier 7284]
- Added spacing around table elements. [msoulier 7284]
- Put a 6.0 look on the buttons on the summary page. [msoulier 7284]
- Removed the button-like style from the remove links. [msoulier 7284]
* Fri Mar 28 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.1-04]
- Added proper styles to make links that behave like buttons,
look like buttons, for 6.0. [msoulier 7284]
* Fri Mar 28 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.1-03]
- Fixed a couple of typos in the english lexicon. [msoulier 7284]
- Included the french lexicon. [msoulier 7284]
* Tue Mar 25 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.1-02]
- Portforwarding still had problems, fixed here. [msoulier 7284]
* Tue Mar 25 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.1-01]
- Modified to work with new e-smith-packetfilter changes for 6.0
[msoulier 7284]
- Note: This breaks backwards-compatibility with 5.6.
* Tue Mar 18 2003 Lijie Deng <lijied@e-smith.com>
- [0.1.0-33]
- Modified port forwarding panel order [lijied 7356]
* Thu Mar 13 2003 Lijie Deng <lijied@e-smith.com>
- [0.1.0-32]
- Split en-us lexicon from portwarding panel [lijied 4030]
* Tue Mar 11 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-31]
- Finished patching the interface to take an empty dport. [msoulier 5645]
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-30]
- Patched the masq fragments to accept an empty dport. [msoulier 5645]
- Patched the interface to accept an empty destination port.
[msoulier 5645]
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-29]
- Tweaked the wording in the panel. [msoulier 5645]
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-28]
- Additional tweaks to fix the iptables syntax and adjust the size of the
fields in the UI. [msoulier 5645]
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-27]
- Adding support for a port range on source and destination ports.
[msoulier 5645]
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-26]
- Updating dependencies. [msoulier 5645]
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-25]
- Fixed bad removal which set all destination ports to the same port.
[msoulier 5645]
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-24]
- Updated dependency information to make it use the backported
e-smith-packetfilter rpm for the 5.6 updates stream. [msoulier 5645]
* Thu Mar 6 2003 Lijie Deng <lijied@e-smith.com>
- [0.1.0-23]
- Modified panel order [lijied 7356]
* Sun Feb 23 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-22]
- Backed-out the changes in 0.1.0-21. They're incompatible with
e-smith-packetfilter. We'll have to discuss this first. [msoulier 5696]
* Sun Feb 23 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-21]
- Permitting port ranges instead of just single ports. [msoulier 5696]
* Sun Jan 26 2003 Mike Dickson <miked@e-smith.com>
- [0.1.0-20]
- added ACTION to lexicon, and code to use it [miked 6363]
* Sun Jan 26 2003 Mike Dickson <miked@e-smith.com>
- [0.1.0-19]
- backed out previous patch since it applied too many changes at once. I will
re-submit in manageable chunks
* Sat Jan 25 2003 Mike Dickson <miked@e-smith.com>
- [0.1.0-18]
- added ACTION to lexicon [miked 6363]
* Wed Dec 18 2002 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-17]
- Added a feature to remove the "finished" page and cycle back to the start
page with a status message instead. [msoulier 5696]
- Found and fixed a bug permitting the addition of duplicate rules.
* Mon Dec 16 2002 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-16]
- Added a space between the two buttons on the summary panel.
[msoulier 5696]
* Mon Dec 16 2002 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-15]
- Fixed broken removal due to using the wrong variable set to repopulate the
db entry. [msoulier 5696]
* Fri Dec 6 2002 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-14]
- Fixed bad variable reference in test cases. [msoulier 5696]
* Thu Dec 5 2002 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-13]
- Added some test cases to portforwarding.pm. [msoulier 5696]
* Fri Nov 29 2002 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-12]
- Improved the IP address validation. [msoulier 5696]
* Fri Nov 29 2002 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-11]
- Made sure all messages are localised, and added better error handling.
[msoulier 5696]
* Thu Nov 28 2002 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-10]
- Updated to make use of changes to the packetfilter. Fixed the placement of
the udp portforwarding rules, and the spelling of "completely".
[msoulier 5696]
* Wed Nov 27 2002 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-09]
- Localised the summary table labels. [msoulier 5696]
* Wed Nov 27 2002 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-08]
- The destination host must be an IP address. Enforcing now.
[msoulier 5696]
* Tue Nov 26 2002 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-07]
- First working prototype. [msoulier 5696]
* Mon Nov 25 2002 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-06]
- Basic functionality present. Still need to add the ability to
delete rules, and display current rules. [msoulier 5696]
* Fri Nov 22 2002 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-05]
- Starting the FormMagick conversion of the panel. [msoulier 5696]
* Thu Nov 21 2002 Charlie Brady <charlieb@e-smith.com>
- [0.1.0-04]
- Use "--list --numeric" to avoid DNS lookup delays. [charlieb 5645]
* Mon Nov 11 2002 Charlie Brady <charlieb@e-smith.com>
- [0.1.0-03]
- Fix portforwarding rules to match DB format used by panel code -
which is $ip:[$dport], this allows forwarding to a port other than the
listen port [charlieb 5645].
* Mon Nov 11 2002 Charlie Brady <charlieb@e-smith.com>
- [0.1.0-02]
- Convert to iptables, and conform to "masq adjust" way of doing things.
[charlieb 5645]
* Mon Nov 11 2002 Charlie Brady <charlieb@e-smith.com>
- [0.1.0-01]
- Rolling to development stream to 0.1.0
* Mon Nov 11 2002 Charlie Brady <charlieb@e-smith.com>
- [0.0.1-6]
- Renamed to e-smith-portforwarding.
- Imported into CVS as baseline for further development.
* Sat Sep 21 2002 Darrell May <dmay@netsourced.com>
- updated 35SetPortFW to support dynamic external IP
- [0.0.1-5]
* Tue Jan 01 2002 Darrell May <dmay@netsourced.com>
- added Obsoletes: e-smith-ipportfw dmc-mitel-portfowarding
- [0.0.1-4]
* Tue Jan 01 2002 Darrell May <dmay@netsourced.com>
- fixed spelling in rpm name, now to dmc-mitel-portforwarding
- merged in e-smith-ipportfw-0.1.1-1.noarch.rpm
- [0.0.1-3]
* Mon Dec 31 2001 Darrell May <dmay@netsourced.com>
- added "Shad L. Lords" <slords@mail.com>, e-smith-iportfw 35SetPortFW
- templates-custom fragment supporting dest port addresses
- updated portforwarding panel to match
- removed first/last portforward panel bug by adding return on Operation Status
- [0.0.1-2]
* Sun Dec 30 2001 Darrell May <dmay@netsourced.com>
- initial release
- [0.0.1-1]
%prep
%setup
%build
perl createlinks
%install
rm -rf $RPM_BUILD_ROOT
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
rm -f e-smith-%{version}-filelist
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist
for proto in tcp udp
do
mkdir -p $RPM_BUILD_ROOT/home/e-smith/db
touch $RPM_BUILD_ROOT/home/e-smith/db/portforward_$proto
echo "%config(noreplace) %attr(0640,root,admin) /home/e-smith/db/portforward_$proto" \
>> %{name}-%{version}-filelist
done
%clean
rm -rf $RPM_BUILD_ROOT
%files -f %{name}-%{version}-filelist
%defattr(-,root,root)
%pre
%post
%preun
%postun

19
root/etc/e-smith/db/configuration/migrate/10migrateMasqForwards
Unescape Escape View File

@ -0,0 +1,19 @@
{
my %FDB;
foreach my $proto ('TCP', 'UDP') {
$FDB{$proto} = esmith::ConfigDB->open("portforward_" . lc($proto))
|| esmith::ConfigDB->create("portforward_" . lc($proto));
my %rules = split ',', $DB->get_prop_and_delete('masq', "${proto}Forwards")
|| next;
foreach my $entry (keys %rules) {
my %props = ( type => 'forward' );
my ($addr, $port) = split ':', $rules{$entry};
$props{'DestHost'} = $addr;
$props{'DestPort'} = $port if $port;
$FDB{$proto}->new_record($entry, \%props);
}
}
}

168
root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/portforwarding
Unescape Escape View File

@ -0,0 +1,168 @@
<!-- vim: ft=xml:
-->
<lexicon lang="en-us">
<entry>
<base>FORM_TITLE</base>
<trans>Configure Port Forwarding</trans>
</entry>
<entry>
<base>FIRST_PAGE_DESCRIPTION</base>
<trans><![CDATA[
<p>
You can use this panel to modify your firewall rules so
as to open a specific port on this server and forward it
to another port on another host. Doing so will permit
incoming traffic to directly access a private host on
your LAN.
</p>
<p>
WARNING: Misuse of this feature can seriously compromise the
security of your network. Do not use this feature
lightly, or without fully understanding the implications
of your actions.
</p>
]]>
</trans>
</entry>
<entry>
<base>CREATE_RULE</base>
<trans>Create portforwarding rule</trans>
</entry>
<entry>
<base>SUMMARY_ADD_DESC</base>
<trans>The following summarizes the port-forwarding rule
that you are about to add. If you are satisfied with the rule,
click the &quot;Add&quot; button. If you are not, click the
&quot;Cancel&quot; button.
</trans>
</entry>
<entry>
<base>SUMMARY_REMOVE_DESC</base>
<trans>The following summarizes the port-forwarding rule
that you are about to remove. If you are sure you want to
remove the rule, click the &quot;Remove&quot; button. If not,
click the &quot;Cancel&quot; button.
</trans>
</entry>
<entry>
<base>SHOW_FORWARDS</base>
<trans>
Below you will find a table summarizing the current
port-forwarding rules installed on this server. Click on the
&quot;Remove&quot; link to remove the corresponding rule.
</trans>
</entry>
<entry>
<base>NO_FORWARDS</base>
<trans>There are currently no forwarded ports on the system.</trans>
</entry>
<entry>
<base>CREATE_PAGE_DESCRIPTION</base>
<trans><![CDATA[
<p>Select the protocol, the port you wish to forward, the
destination host, and the port on the destination host
that you wish to forward to. If you wish to specify a port
range, enter the lower and upper boundaries separated by a
hyphen. The destination port may be left blank, which will
instruct the firewall to leave the source port
unaltered.</p>
]]>
</trans>
</entry>
<entry>
<base>LABEL_SOURCE_PORT</base>
<trans>Source Port(s)</trans>
</entry>
<entry>
<base>LABEL_PROTOCOL</base>
<trans>Protocol</trans>
</entry>
<entry>
<base>LABEL_DESTINATION_PORT</base>
<trans>Destination Port(s)</trans>
</entry>
<entry>
<base>LABEL_DESTINATION_HOST</base>
<trans>Destination Host IP Address</trans>
</entry>
<entry>
<base>LABEL_RULE_COMMENT</base>
<trans>Rule Comment</trans>
</entry>
<entry>
<base>LABEL_ALLOW_HOSTS</base>
<trans>Allow Hosts</trans>
</entry>
<entry>
<base>Port forwarding</base>
<trans>Port forwarding</trans>
</entry>
<entry>
<base>SUCCESS</base>
<trans>Your change to the port forwarding rules has been
successfully saved.
</trans>
</entry>
<entry>
<base>RULE_COMMENT</base>
<trans>Rule Comment</trans>
</entry>
<entry>
<base>ALLOW_HOSTS</base>
<trans>Allow Hosts</trans>
</entry>
<entry>
<base>ERR_NO_MASQ_RECORD</base>
<trans>Cannot retrieve masq record from the configuration
database.</trans>
</entry>
<entry>
<base>ERR_UNSUPPORTED_MODE</base>
<trans>Unsupported mode.</trans>
</entry>
<entry>
<base>ERR_CANNOT_REMOVE_NORULE</base>
<trans>Cannot remove non-existant rule.</trans>
</entry>
<entry>
<base>ERR_NONZERO_RETURN_EVENT</base>
<trans>Event returned a non-zero return value.</trans>
</entry>
<entry>
<base>ERR_BADPORT</base>
<trans>The ports must be a positive integer less than
65536.</trans>
</entry>
<entry>
<base>ERR_BADIP</base>
<trans>This does not appear to be an IP address. You must use
dotted-quad notation, and each of the four numbers should be less
than 256. ie: 192.168.0.5</trans>
</entry>
<entry>
<base>ERR_DUPRULE</base>
<trans>This rule has already been added, it cannot be added
twice.</trans>
</entry>
<entry>
<base>ERR_PORT_COLLISION</base>
<trans>
ERROR: This port or port range conflicts with an existing
rule. Please modify this new rule, or remove the old rule.
</trans>
</entry>
<entry>
<base>ERR_BADAHOST</base>
<trans>
This does not appear to be a valid IP address list.
ie: 192.168.0.1,192.168.1.1/24
</trans>
</entry>
<entry>
<base>IN_SERVERONLY</base>
<trans>
This server is currently in serveronly mode and portforwarding
is possible only to localhost.
</trans>
</entry>
</lexicon>

5
root/etc/e-smith/templates/etc/rc.d/init.d/masq/42SetupPortForwarding
Unescape Escape View File

@ -0,0 +1,5 @@
/sbin/iptables -t nat --new-chain PortForwarding
/sbin/iptables -t nat --new-chain PortForwarding_1
/sbin/iptables -t nat --insert PREROUTING --jump PortForwarding
/sbin/iptables -t nat --append PortForwarding --destination $OUTERNET \
--jump PortForwarding_1

73
root/etc/e-smith/templates/etc/rc.d/init.d/masq/91adjustPortForward
Unescape Escape View File

@ -0,0 +1,73 @@
{
my $pf_chain = "PortForwarding_\$\$";
$OUT .= "# Create a new PortForwarding chain\n";
$OUT .= "PFC=\$(/sbin/iptables --table nat ";
$OUT .= "--numeric --list PortForwarding |\\\n";
$OUT .= " sed -n '3s/ .*//p')\n";
$OUT .= " /sbin/iptables --table nat --new-chain $pf_chain\n";
my %FDB;
foreach my $protocol (qw(tcp udp))
{
my $uproto = uc $protocol;
$FDB{$protocol} = esmith::ConfigDB->open("portforward_$protocol")
|| die "Can't open portforward_$protocol database: $!\n";
foreach my $entry ( $FDB{$protocol}->get_all ) {
my $port = $entry->key;
my $ip = $entry->prop('DestHost');
my $dport = $entry->prop('DestPort') || $port;
$port =~ s/-/:/;
# Map canonical localhost back to our current external IP
$ip = '$OUTERNET' if ($ip eq 'localhost');
my $host_list = $entry->prop("AllowHosts") || '0.0.0.0/0';
foreach my $host (split(',', $host_list)) {
$OUT .= " /sbin/iptables --table nat --append $pf_chain";
# Set up local port to forward
$OUT .= " --proto $protocol --destination-port ${port}";
$OUT .= " --src $host" unless $host eq '0.0.0.0/0';
# Set up the remote port to forward to
$OUT .= " -j DNAT --to-destination $ip:$dport\n";
}
# And accept the incoming packets. Use the dport if there is one.
($port = $dport) =~ s/-/:/ if $dport;
# If this rule is forwarding to localhost, ExternalIP or LocalIP,
# then we must allow it on the INPUT chain instead of the FORWARD
# chain.
my $target_chain = (($ip eq '$OUTERNET') ?
"Inbound${uproto}_\$\$" : "Forwarded${uproto}_\$\$");
foreach my $access_type (("Allow", "Deny")) {
my $jump_target = (($access_type eq "Allow") ? "ACCEPT" : "denylog");
my $host_list = $entry->prop("${access_type}Hosts") || "";
$host_list = "0.0.0.0/0"
if (($host_list eq "") and ($access_type eq "Allow"));
foreach my $host (split(',', $host_list)) {
$OUT .= " /sbin/iptables -A $target_chain";
$OUT .= " --proto $protocol --dport $port \\\n ";
$OUT .= " --destination $ip" if ($ip ne '$OUTERNET');
$OUT .= " --src $host --jump $jump_target\n";
}
}
}
}
# having created a new PortForwarding chain, activate it and destroy
# the old.
$OUT .= " /sbin/iptables --table nat --replace PortForwarding 1 " .
"--destination \$OUTERNET --jump $pf_chain\n";
$OUT .= " /sbin/iptables --table nat --flush \$PFC\n";
$OUT .= " /sbin/iptables --table nat --delete-chain \$PFC\n";
}

128
root/etc/e-smith/web/functions/portforwarding
Unescape Escape View File

@ -0,0 +1,128 @@
#!/usr/bin/perl -wT
# vim: ft=xml ts=4 sw=4 et:
#----------------------------------------------------------------------
# heading : Security
# description : Port forwarding
# navigation : 5000 5400
#----------------------------------------------------------------------
#----------------------------------------------------------------------
# copyright (C) 2002 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
use strict;
use esmith::FormMagick::Panel::portforwarding;
my $form = esmith::FormMagick::Panel::portforwarding->new();
# Uncomment the next line for debugging purposes.
#$form->debug(1);
$form->display();
__DATA__
<form
title="FORM_TITLE"
header="/etc/e-smith/web/common/head.tmpl"
footer="/etc/e-smith/web/common/foot.tmpl">
<!-- page 0 -->
<page
name="First"
pre-event="print_status_message()">
<description>FIRST_PAGE_DESCRIPTION</description>
<subroutine src="show_port_forwards()" />
</page>
<!-- page 1 -->
<page
name="Create"
pre-event="print_status_message()">
<description>CREATE_PAGE_DESCRIPTION</description>
<field
id="protocol"
type="select"
options="'TCP','UDP'">
<label>LABEL_PROTOCOL</label>
</field>
<field
id="source_port"
type="text"
size="11"
validation="validate_source_port()">
<label>LABEL_SOURCE_PORT</label>
</field>
<field
id="destination_host"
type="text"
size="15"
validation="validate_destination_host()">
<label>LABEL_DESTINATION_HOST</label>
</field>
<field
id="destination_port"
type="text"
size="11"
validation="validate_destination_port()">
<label>LABEL_DESTINATION_PORT</label>
</field>
<field
id="rule_comment"
type="text">
<label>LABEL_RULE_COMMENT</label>
</field>
<field
id="allow_hosts"
type="text"
validation="validate_allowed_hosts()">
<label>LABEL_ALLOW_HOSTS</label>
</field>
<subroutine src="print_button('NEXT')" />
</page>
<!-- page 2 -->
<page
name="ShowSummary"
pre-event="turn_off_buttons()"
post-event="create_new()">
<subroutine src="display_summary_create" />
</page>
<!-- page 3
Note: This page is not used. It's a kludge to permit the next page
to work properly from a link on the front page. FormMagick needs
work.
-->
<page
name="Dummy">
</page>
<!-- page 4 -->
<page
name="Remove"
pre-event="turn_off_buttons()"
post-event="remove_rule()">
<subroutine src="display_summary_remove" />
</page>
</form>

676
root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/portforwarding.pm
Unescape Escape View File

@ -0,0 +1,676 @@
#----------------------------------------------------------------------
# $Id: portforwarding.pm,v 1.38 2005/03/16 23:37:02 charlieb Exp $
# vim: ft=perl ts=4 sw=4 et:
#----------------------------------------------------------------------
# copyright (C) 2002 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.e-smith.com for details.
#----------------------------------------------------------------------
package esmith::FormMagick::Panel::portforwarding;
use strict;
use esmith::ConfigDB;
use esmith::FormMagick;
use esmith::util;
use esmith::util::network qw(isValidIP);
use esmith::cgi;
use Exporter;
use constant TRUE => 1;
use constant FALSE => 0;
our @ISA = qw(esmith::FormMagick Exporter);
our @EXPORT = qw(
show_port_forwards create_new validate_source_port
validate_destination_port display_create_summary
);
our $VERSION = sprintf '%d.%03d', q$Revision: 1.38 $ =~ /: (\d+).(\d+)/;
our $db = esmith::ConfigDB->open
|| die "Can't open configuration database: $!\n";
our $tcp_db = esmith::ConfigDB->open('portforward_tcp')
|| die "Can't open portforward_tcp database: $!\n";
our $udp_db = esmith::ConfigDB->open('portforward_udp')
|| die "Can't open portforward_udp database: $!\n";
=head1 NAME
esmith::FormMagick::Panels::portforwarding - useful panel functions
=head1 SYNOPSIS
use esmith::FormMagick::Panels::portforwarding
my $panel = esmith::FormMagick::Panel::portforwarding->new();
$panel->display();
=head1 DESCRIPTION
This module is the backend to the portforwarding panel, responsible for
supplying all functions used by that panel. It is a subclass of
esmith::FormMagick itself, so it inherits the functionality of a FormMagick
object.
=head2 new
This is the class constructor.
=begin testing
$ENV{ESMITH_CONFIG_DB} = "10e-smith-base/configuration.conf";
use_ok('esmith::FormMagick::Panels::portforwarding');
our $panel;
ok($panel = esmith::FormMagick::Panels::portforwarding->new(),
"Create panel object");
isa_ok($panel, 'esmith::FormMagick::Panels::portforwarding');
=end testing
=cut
sub new {
my $class = ref($_[0]) || $_[0];
my $self = esmith::FormMagick->new();
bless $self, $class;
# Uncomment the following line for debugging.
#$self->debug(TRUE);
return $self;
}
=head2 show_port_forwards
This method displays the data on currently forwarded ports on
the system.
=cut
sub show_port_forwards {
my $self = shift;
my $q = $self->cgi;
my $empty = 0;
my @tcpforwards = $tcp_db->get_all;
my @udpforwards = $udp_db->get_all;
$empty = 1 if not @tcpforwards and not @udpforwards;
my %forwards = ();
$forwards{TCP} = \@tcpforwards;
$forwards{UDP} = \@udpforwards;
print $q->Tr(
$q->td({-colspan => 2},
'<br>' .
$q->a({-class => "button-like",
-href => "portforwarding?page=0&page_stack=&Next=Create"},
$self->localise('CREATE_RULE'))));
unless ($empty) {
print $q->Tr(
$q->td({-colspan => 2},
$q->p($self->localise('SHOW_FORWARDS')))),"\n";
my $q = $self->{cgi};
print "<tr><td colspan=\"2\">";
print $q->start_table({-class => 'sme-border'}), "\n ";
print $q->Tr(
esmith::cgi::genSmallCell(
$q,
$self->localise('LABEL_PROTOCOL'),
"header"
), " ",
esmith::cgi::genSmallCell(
$q,
$self->localise('LABEL_SOURCE_PORT'),
"header"
), " ",
esmith::cgi::genSmallCell(
$q,
$self->localise('LABEL_DESTINATION_HOST'),
"header"
), " ",
esmith::cgi::genSmallCell(
$q,
$self->localise('LABEL_DESTINATION_PORT'),
"header",
), " ",
esmith::cgi::genSmallCell(
$q,
$self->localise('ALLOW_HOSTS'),
"header",
), " ",
esmith::cgi::genSmallCell(
$q,
$self->localise('RULE_COMMENT'),
"header",
), " ",
$q->th({-class => "sme-border", -colspan => 2},
$self->localise('ACTION')
), "\n ",
);
foreach my $proto (sort keys %forwards) {
if (@{ $forwards{$proto} }) {
foreach my $entry (@{ $forwards{$proto} }) {
my $sport = $entry->key;
my $dhost = $entry->prop('DestHost');
my $dport = $entry->prop('DestPort') || '';
my $cmmnt = $entry->prop('Comment') || '';
my $allow = $entry->prop('AllowHosts') || '';
print $q->Tr(
esmith::cgi::genSmallCell($q, $proto),
" ",
esmith::cgi::genSmallCell($q, $sport),
" ",
esmith::cgi::genSmallCell($q, $dhost),
" ",
esmith::cgi::genSmallCell($q, $dport || '&nbsp'),
" ",
esmith::cgi::genSmallCell($q, $allow || '&nbsp'),
" ",
esmith::cgi::genSmallCell($q, $cmmnt || '&nbsp'),
" ",
esmith::cgi::genSmallCell(
$q,
$q->a({href => $q->url(-absolute => 1)
. "?page=3&Next=Next&protocol=$proto&"
. "source_port=$sport&"
. "destination_host=$dhost&"
. "destination_port=$dport&"
. "rule_comment=".CGI::escape($cmmnt)."&"
. "allow_hosts=$allow"},
$self->localise("REMOVE"))
),
"\n ",
);
}
}
}
print $q->end_table,"\n";
print '</td></tr>';
}
else {
print $q->Tr(
$q->td({-colspan => 2}, '<br>' .
$self->localise('NO_FORWARDS')));
}
return undef;
}
=head2 validate_source_port
This method validates the source port field in the new port forward page.
=cut
sub validate_source_port {
my $self = shift;
my $q = $self->{cgi};
my $sport = $q->param('source_port');
$sport =~ s/^\s+|\s+$//g;
# If this is a port range, split it up and validate it individually.
my @ports = ();
if ($sport =~ /-/)
{
@ports = split /-/, $sport;
if (@ports > 2)
{
$self->debug_msg("found more than 2 ports: @ports");
return $self->localise('ERR_BADPORT');
}
}
else
{
push @ports, $sport;
}
$self->debug_msg("the ports array is: @ports");
foreach my $port (@ports)
{
$self->debug_msg("looping on port $port");
if (! $self->isValidPort($port))
{
$self->debug_msg("returning: " . $self->localise('ERR_BADPORT'));
return $self->localise('ERR_BADPORT');
}
}
# Now, lets screen any duplicates.
my $protocol = $q->param('protocol');
my @forwards = ();
# Grab the existing rules for this protocol.
if ($protocol eq 'TCP') {
@forwards = map { $_->key } $tcp_db->get_all;
} elsif ($protocol eq 'UDP') {
@forwards = map { $_->key } $udp_db->get_all;
}
foreach my $psport (@forwards)
{
if ($self->detect_collision($sport, $psport))
{
return $self->localise('ERR_PORT_COLLISION');
}
}
return 'OK';
}
=head2 detect_collision
This method looks for a collision between two ports or port ranges.
=cut
sub detect_collision
{
my $self = shift;
my $port_a = shift;
my $port_b = shift;
# If they're both single ports, see if they're the same.
if (($port_a !~ /-/) && ($port_b !~ /-/))
{
return $port_a eq $port_b;
}
# If port_a is not a range but port_b is, is a in b?
elsif ($port_a !~ /-/)
{
my ($b1, $b2) = split /-/, $port_b;
return (($port_a >= $b1) && ($port_a <= $b2));
}
elsif ($port_b !~ /-/)
{
my ($a1, $a2) = split /-/, $port_a;
return (($port_b >= $a1) && ($port_b <= $a2));
}
else
{
# They're both ranges. Do they overlap?
my ($a1, $a2) = split /-/, $port_a;
my ($b1, $b2) = split /-/, $port_b;
# They can overlap in two ways. Either a1 is in b, or b1 is in a.
if (($a1 >= $b1) && ($a1 <= $b2))
{
return TRUE;
}
elsif (($b1 >= $a1) && ($b1 <= $a2))
{
return TRUE;
}
return FALSE;
}
}
=head2 validate_destination_port
This method validates the destination port field in the new port
forward page.
=cut
sub validate_destination_port {
my $self = shift;
my $dport = $self->{cgi}->param('destination_port');
$dport =~ s/^\s+|\s+$//g;
# If the dport is empty, that's ok.
return 'OK' if not $dport;
# If this is a port range, split it up and validate it individually.
my @ports = ();
if ($dport =~ /-/)
{
@ports = split /-/, $dport;
if (@ports > 2)
{
$self->debug_msg("found more than 2 ports: @ports");
return $self->localise('ERR_BADPORT');
}
}
else
{
push @ports, $dport;
}
$self->debug_msg("the ports array is: @ports");
foreach my $port (@ports)
{
$self->debug_msg("looping on port $port");
if (! $self->isValidPort($port))
{
$self->debug_msg("returning: " . $self->localise('ERR_BADPORT'));
return $self->localise('ERR_BADPORT');
}
}
return 'OK';
}
=head2 isValidPort
Test for a valid port.
FIXME: Remove this when 5.6 is no longer supported, and use
esmith::util::network::isValidPort instead.
=begin testing
@badports = (98765434, -183, 0, 'bad port', 'a');
@goodports = (67, 23, 1, 54736);
foreach $port (@badports) {
$panel->{cgi}->param('destination_port' => $port);
isnt($panel->validate_source_port(), "OK");
}
foreach $port (@goodports) {
$panel->{cgi}->param('source_port' => $port);
is($panel->validate_source_port(), "OK");
}
=end testing
=cut
sub isValidPort() {
my $self = shift;
my $port = shift;
return FALSE unless defined $port;
if (($port =~ /^\d+$/) &&
($port > 0) &&
($port < 65536))
{
return TRUE;
}
else {
return FALSE;
}
}
=head2 validate_destination_host
The purpose of this method is to validate the destination host field in the
new port forward page.
=cut
sub validate_destination_host {
my $self = shift;
my $dhost = $self->{cgi}->param('destination_host');
$dhost =~ s/^\s+|\s+$//g;
my $localip = $db->get_prop('InternalInterface', 'IPAddress');
my $external_ip = $db->get_prop('ExternalInterface', 'IPAddress') || $localip;
if ($dhost =~ /^(localhost|127.0.0.1|$localip|$external_ip)$/i)
{
# localhost token gets expanded at runtime to current external IP
$self->{cgi}->param(-name=>'destination_host', -value=>'localhost');
return "OK";
}
my $systemmode = $db->get_value('SystemMode');
if ($systemmode eq 'serveronly') {
return $self->localise('IN_SERVERONLY');
}
if (isValidIP($dhost)) {
return 'OK';
}
else {
return $self->localise('ERR_BADIP');
}
}
=head2 validate_allowed_hosts
=cut
sub validate_allowed_hosts {
my $self = shift;
my $ahost = $self->{cgi}->param('allow_hosts');
$ahost =~ s/^\s+|\s+$//g;
my $valid_ahost_list = "OK";
foreach (split(/[\s,]+/, $ahost)) {
my $valid_ipnet = 0;
$valid_ipnet = 1 if ($_ =~ m/^\d+\.\d+\.\d+\.\d+$/);
$valid_ipnet = 1 if ($_ =~ m/^\d+\.\d+\.\d+\.\d+\/\d+$/);
$valid_ahost_list = "ERR_BADAHOST" if ($valid_ipnet != 1);
}
return $valid_ahost_list;
}
=head2 display_summary_create
This is a wrapper for the display_summary method, to call it in create mode.
=cut
sub display_summary_create {
my $self = shift;
$self->display_summary('create');
}
=head2 display_summary_remove
This is a wrapper for the display_summary method, to call it in remove mode.
=cut
sub display_summary_remove {
my $self = shift;
$self->display_summary('remove');
}
=head2 display_create_summary
This method's purpose is to display a summary of the rule about to be added.
=cut
sub display_summary {
my $self = shift;
my $mode = shift;
my $save = $self->localise('SAVE');
my $cancel = $self->localise('CANCEL');
my $output = "";
my $q = $self->{cgi};
$self->debug_msg("start of method");
print "<tr><td colspan=\"2\">";
my $description = "";
if ($mode eq 'create') {
$description = $self->localise('SUMMARY_ADD_DESC');
}
elsif ($mode eq 'remove') {
$description = $self->localise('SUMMARY_REMOVE_DESC');
}
else {
return $self->error('ERR_UNSUPPORTED_MODE');
}
print $q->p($description);
my $dhost = $self->get_destination_host();
foreach my $tablearrayref (
[$self->localise('LABEL_PROTOCOL')
=> $q->param('protocol')],
[$self->localise('LABEL_SOURCE_PORT')
=> $q->param('source_port')],
[$self->localise('LABEL_DESTINATION_PORT')
=> $q->param('destination_port') || '&nbsp;'],
[$self->localise('LABEL_DESTINATION_HOST')
=> $dhost],
[$self->localise('RULE_COMMENT')
=> $q->param('rule_comment')],
[$self->localise('ALLOW_HOSTS')
=> $q->param('allow_hosts')],
)
{
print $q->Tr(
$q->td({-class => 'sme-noborders-label'},
$tablearrayref->[0],
$q->td({-class => 'sme-noborders-content'},
$tablearrayref->[1]))), "\n";
}
if ($mode eq 'create') {
print $q->table({-width => '100%'}, $q->Tr($q->th({-class => 'sme-layout'},
$q->submit(-name => 'apply',
-value => $self->localise("ADD")),
'&nbsp;',
$q->submit(-name => 'cancel',
-value => $self->localise("CANCEL")))));
}
elsif ($mode eq 'remove') {
print $q->table({-width => '100%'}, $q->Tr($q->th({-class => 'sme-layout'},
$q->submit( -name => 'remove',
-value => $self->localise("REMOVE")),
'&nbsp;',
$q->submit( -name => 'cancel',
-value => $self->localise("CANCEL")))));
}
else {
return $self->error('ERR_UNSUPPORTED_MODE');
}
$self->debug_msg("returning");
print "</td></tr>";
return undef;
}
=head2 remove_rule
This method is a remove wrapper for the modify method.
=cut
sub remove_rule {
my $self = shift;
$self->modify('remove');
}
=head2 create_new
This method is a create wrapper for the modify method.
=cut
sub create_new {
my $self = shift;
$self->modify('create');
}
=head2 modify
This method's purpose is to add or remove rules from the database, and then
cause the firewall rules to update.
=cut
sub modify {
no strict 'refs';
my $self = shift;
my $mode = shift;
my $q = $self->{cgi};
$self->debug_msg("at start of modify method");
# If the cancel button was pressed, just go back to the start page.
if ($q->param("cancel")) {
$self->debug_msg("the cancel button was pressed");
$self->wherenext("First");
}
else {
# Save the changes.
my $proto = $q->param("protocol");
my $sport = $q->param("source_port");
my $dport = $q->param("destination_port");
my $dhost = $self->get_destination_host();
my $cmmnt = $q->param("rule_comment") || "";
my $allow = $q->param("allow_hosts") || "";
my $deny = (($q->param("allow_hosts")) ? "0.0.0.0/0" : "");
$proto =~ s/^\s+|\s+$//g;
$sport =~ s/^\s+|\s+$//g;
$dport =~ s/^\s+|\s+$//g;
$dhost =~ s/^\s+|\s+$//g;
$self->debug_msg("protocol is $proto");
$self->debug_msg("source_port is $sport");
$self->debug_msg("destination_port is $dport");
$self->debug_msg("destination_host is $dhost");
my $whichforwards = "";
my $fdb;
if ($proto eq 'TCP') {
$fdb = $tcp_db;
}
else {
$fdb = $udp_db;
}
if ($mode eq 'create') {
$self->debug_msg("we are in create mode");
my $entry = $fdb->get($sport) || $fdb->new_record($sport, { type => 'forward' });
$entry->set_prop('DestHost', $dhost);
$entry->set_prop('DestPort', $dport) if $dport;
$entry->set_prop('Comment', $cmmnt);
$entry->set_prop('AllowHosts', $allow);
$entry->set_prop('DenyHosts', $deny);
}
elsif ($mode eq 'remove') {
$self->debug_msg("we are in remove mode");
my $entry = $fdb->get($sport);
return $self->error('ERR_CANNOT_REMOVE_NORULE') unless $entry;
$entry->delete;
}
system("/sbin/e-smith/signal-event",
"portforwarding-update") == 0
|| return $self->error('ERR_NONZERO_RETURN_EVENT');
return $self->success();
}
}
=head2 get_destination_host
Get the 'destination_host' parameter, and fold it to 'localhost' if it
matches any local interface IP address.
=cut
sub get_destination_host
{
my $self = shift;
my $q = $self->{cgi};
my $dhost = $q->param("destination_host");
my $localip = $db->get_prop('InternalInterface', 'IPAddress');
my $external_ip = $db->get_prop('ExternalInterface', 'IPAddress') || $localip;
if ($dhost =~ /^(127.0.0.1|$localip|$external_ip)$/i)
{
# localhost token gets expanded at runtime to current external IP
$dhost = 'localhost';
}
return $dhost;
}
1;
Write Preview
Loading…
Cancel
Save