initial commit of file from CVS for e-smith-portforwarding on Wed 12 Jul 09:04:13 BST 2023
parent
e5466e0cdd
commit
4094d29da6
@ -0,0 +1,4 @@
|
||||
*.rpm
|
||||
*.log
|
||||
*spec-20*
|
||||
*.tar.xz
|
@ -0,0 +1,21 @@
|
||||
# Makefile for source rpm: e-smith-portforwarding
|
||||
# $Id: Makefile,v 1.1 2016/02/05 22:00:01 stephdl Exp $
|
||||
NAME := e-smith-portforwarding
|
||||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
||||
ifeq ($(MAKEFILE_COMMON),)
|
||||
# attept a checkout
|
||||
define checkout-makefile-common
|
||||
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
||||
endif
|
||||
|
||||
include $(MAKEFILE_COMMON)
|
@ -1,3 +1,17 @@
|
||||
# e-smith-portforwarding
|
||||
# <img src="https://www.koozali.org/images/koozali/Logo/Png/Koozali_logo_2016.png" width="25%" vertical="auto" style="vertical-align:bottom"> e-smith-portforwarding
|
||||
|
||||
SMEServer Koozali developed git repo for e-smith-portforwarding smeserver
|
||||
SMEServer Koozali developed git repo for e-smith-portforwarding smeserver
|
||||
|
||||
## Wiki
|
||||
<br />https://wiki.koozali.org/
|
||||
|
||||
## Bugzilla
|
||||
Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=e-smith-portforwarding&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
|
||||
|
||||
## Description
|
||||
|
||||
<br />*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.*
|
||||
*Once it has been checked, then this comment will be deleted*
|
||||
<br />
|
||||
|
||||
E-Smith-Portforwarding is a powerful software solution for streamlining the process of setting up and managing port forwarding on an internal network. It provides users with an intuitive and easy-to-use interface for creating and managing port forwarding rules, as well as quickly viewing the current status of active ports. With E-Smith-Portforwarding, users can quickly and easily forward ports to any internal or external host, allowing secure, remote access to services running on the internal network. It also provides in-depth monitoring and logging capabilities, allowing administrators to keep track of the activity on forwarded ports, as well as detect and alert them of any suspicious activity.
|
||||
|
@ -0,0 +1 @@
|
||||
sme10
|
@ -0,0 +1,23 @@
|
||||
#!/usr/bin/perl -w
|
||||
# This script creates the symlinks needed by this RPM
|
||||
# Specific support exists to create symlinks within e-smith web "panels"
|
||||
# and for links from named "events" directories into the "actions" directory
|
||||
|
||||
use esmith::Build::CreateLinks qw(:all);
|
||||
|
||||
#--------------------------------------------------
|
||||
# functions for user panel
|
||||
#--------------------------------------------------
|
||||
my $panel = "manager";
|
||||
panel_link("portforwarding", $panel);
|
||||
|
||||
my $event = "portforwarding-update";
|
||||
templates2events("/etc/rc.d/init.d/masq", $event);
|
||||
safe_symlink("adjust", "root/etc/e-smith/events/$event/services2adjust/masq");
|
||||
|
||||
my $event = "e-smith-portforwarding-update";
|
||||
templates2events("/etc/rc.d/init.d/masq", $event);
|
||||
safe_symlink("adjust", "root/etc/e-smith/events/$event/services2adjust/masq");
|
||||
# systemd-specific action mandatory for this package-update event
|
||||
event_link("systemd-reload", $event, "89");
|
||||
event_link("systemd-default", $event, "88");
|
@ -0,0 +1,486 @@
|
||||
# $Id: e-smith-portforwarding.spec,v 1.3 2021/01/06 20:31:11 jpp Exp $
|
||||
|
||||
Summary: portforwarding panel for SME Server
|
||||
%define name e-smith-portforwarding
|
||||
Name: %{name}
|
||||
%define version 2.6.0
|
||||
%define release 4
|
||||
Version: %{version}
|
||||
Release: %{release}%{?dist}
|
||||
License: GPL
|
||||
Group: Networking/Daemons
|
||||
Source: %{name}-%{version}.tar.xz
|
||||
|
||||
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
|
||||
BuildArchitectures: noarch
|
||||
Requires: e-smith-base
|
||||
Requires: e-smith-packetfilter >= 1.13.0-13
|
||||
Requires: e-smith-lib >= 1.15.1-19
|
||||
Requires: e-smith-formmagick >= 1.4.0-12
|
||||
BuildRequires: e-smith-devtools >= 1.13.1-03
|
||||
Obsoletes: e-smith-ipportfw dmc-mitel-portforwarding
|
||||
AutoReqProv: no
|
||||
|
||||
%description
|
||||
Adds a Port Forwarding panel to the SME server-manager.
|
||||
|
||||
%changelog
|
||||
* Wed Jul 12 2023 cvs2git.sh aka Brian Read <brianr@koozali.org> 2.6.0-4.sme
|
||||
- Roll up patches and move to git repo [SME: 12338]
|
||||
|
||||
* Wed Jul 12 2023 BogusDateBot
|
||||
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
|
||||
by assuming the date is correct and changing the weekday.
|
||||
Wed Jun 26 2007 --> Wed Jun 20 2007 or Tue Jun 26 2007 or Wed Jun 27 2007 or ....
|
||||
|
||||
* Wed Jan 06 2021 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-3.sme
|
||||
- add update event [SME: 11148]
|
||||
|
||||
* Thu May 12 2016 Daniel Berteaud <daniel@firewall-services.com> 2.6.0-2.sme
|
||||
- Rebuild for [SME: 9393]
|
||||
|
||||
* Fri Feb 05 2016 stephane de Labrusse <stephdl@de-labrusse.fr> 2.6.0-1.sme
|
||||
- Initial release to sme10
|
||||
|
||||
* Thu Jan 31 2013 Shad L. Lords <slords@mail.com> 2.4.0-1.sme
|
||||
- Roll new stream for sme9
|
||||
|
||||
* Thu Mar 11 2010 Jonathan Martens <smeserver-contribs@snetram.nl> 2.2.0-6.sme
|
||||
- Fix missing space cuasing errors parsing the iptables rules [SME: 2379]
|
||||
|
||||
* Tue Mar 9 2010 Jonathan Martens <smeserver-contribs@snetram.nl> 2.2.0-5.sme
|
||||
- Rework 91adjustPortForward template fragment [SME: 2379]
|
||||
|
||||
* Tue Dec 15 2009 Filippo Carletti <filippo.carletti@gmail.com> 2.2.0-4.sme
|
||||
- Enable port forwards to localhost if mode is serveronly [SME: 1003]
|
||||
|
||||
* Tue Oct 20 2009 Filippo Carletti <filippo.carletti@gmail.com> 2.2.0-3.sme
|
||||
- Adjust xml entry in locale [SME: 771]
|
||||
|
||||
* Mon Oct 19 2009 Filippo Carletti <filippo.carletti@gmail.com> 2.2.0-2.sme
|
||||
- Add option to limit port forwards from source ip [SME: 2379]
|
||||
- Add Text Description For Each Port Forwarding [SME: 771]
|
||||
|
||||
* Tue Oct 7 2008 Shad L. Lords <slords@mail.com> 2.2.0-1.sme
|
||||
- Roll new stream to separate sme7/sme8 trees [SME: 4633]
|
||||
|
||||
* Sun Apr 27 2008 Jonathan Martens <smeserver-contribs@snetram.nl> 1.2.0-9
|
||||
- Add common <base> tags to e-smith-formmagick's general [SME: 4282]
|
||||
|
||||
* Wed Feb 13 2008 Stephen Noble <support@dungog.net> 1.2.0-8
|
||||
- Remove <base> tags now in general [SME: 3913]
|
||||
|
||||
* Sun Feb 10 2008 Stephen Noble <support@dungog.net> 1.2.0-7
|
||||
- Remove duplicate <base> entries [SME: 3888]
|
||||
|
||||
* Thu Nov 08 2007 Gavin Weight<gweight@mail.com> 1.2.0-6
|
||||
- Remove/Fix portforwarding.pm.orig file. [SME: 3526]
|
||||
|
||||
* Tue Oct 16 2007 Charlie Brady <charlie_brady@mitel.com> 1.2.0-5
|
||||
- Use $OUTERNET for target of localhost port forwards, not externalIP
|
||||
pulled from db at template expansion time. [SME: 2760]
|
||||
|
||||
* Tue Jun 26 2007 Shad L. Lords <slords@mail.com> 1.2.0-4
|
||||
Wed Jun 26 2007 --> Wed Jun 20 2007 or Tue Jun 26 2007 or Wed Jun 27 2007 or ....
|
||||
- Ensure portforwarding dbs exists [SME: 54]
|
||||
|
||||
* Tue Jun 26 2007 Shad L. Lords <slords@mail.com> 1.2.0-3
|
||||
- Migrate portforwarding to own databases [SME: 54]
|
||||
|
||||
* Sun Apr 29 2007 Shad L. Lords <slords@mail.com>
|
||||
- Clean up spec so package can be built by koji/plague
|
||||
|
||||
* Thu Dec 07 2006 Shad L. Lords <slords@mail.com>
|
||||
- Update to new release naming. No functional changes.
|
||||
- Make Packager generic
|
||||
|
||||
* Thu Mar 16 2006 Gordon Rowell <gordonr@gormand.com.au> 1.2.0-01
|
||||
- Roll stable stream version. [SME: 1016]
|
||||
|
||||
* Wed Nov 30 2005 Gordon Rowell <gordonr@gormand.com.au> 1.1.2-02
|
||||
- Bump release number only
|
||||
|
||||
* Fri Oct 14 2005 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.1.2-01]
|
||||
- Remove L10Ns from base packages [SF: 1309520]
|
||||
|
||||
* Fri Oct 14 2005 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.1.1-01]
|
||||
- New dev stream before relocating L10Ns
|
||||
|
||||
* Fri Sep 30 2005 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.1.0-13]
|
||||
- Added Italian L10N - Thanks Filippo Carletti [SF: 1309266]
|
||||
|
||||
* Mon Sep 26 2005 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.1.0-12]
|
||||
- Added German L10N - Thanks Dietmar Berteld [SF: 1293325]
|
||||
|
||||
* Thu Jul 14 2005 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.1.0-11]
|
||||
- Fix an expression precedence problem with UDP portforwarding. [SF: 1237913]
|
||||
|
||||
* Fri Jul 8 2005 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.1.0-10]
|
||||
- Fix UDP portforwarding. [SF: 1234630]
|
||||
|
||||
* Sat Mar 19 2005 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.1.0-09]
|
||||
- Fix typo in createlinks.
|
||||
|
||||
* Fri Mar 18 2005 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.1.0-08]
|
||||
- Add fr and es localisations for new text.
|
||||
|
||||
* Thu Mar 17 2005 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.1.0-07]
|
||||
- Display text to indicate that portforwarding isn't available in
|
||||
serveronly mode.
|
||||
- Create new portforwarding-update event, as remoteaccess-update
|
||||
is rather heavyweight. use generic_template_expand and
|
||||
adjust-services. [MN00064130, MN00065576]
|
||||
- Fix some run-time probs with Gordon's contributed patch.
|
||||
|
||||
* Wed Mar 16 2005 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.1.0-06]
|
||||
- Patch provided by Gordon to allow portforwarding to "localhost".
|
||||
|
||||
* Wed May 5 2004 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.1.0-05]
|
||||
- Now detecting serveronly mode, and disabling the ability to add
|
||||
portforwarding rules while in that state. [msoulier MN00025609]
|
||||
|
||||
* Wed Dec 3 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.1.0-04]
|
||||
- Added French and Spanish translations of new lexicon. [msoulier 10203]
|
||||
|
||||
* Wed Dec 3 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.1.0-03]
|
||||
- Refactored 91adjustPortForward to remove duplicate code. [msoulier 10203]
|
||||
- Added code to properly handle portforwarding to the external interface.
|
||||
Forwarding to localhost or the private interface is now explicitly blocked.
|
||||
[msoulier 10203]
|
||||
|
||||
* Mon Oct 20 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.1.0-02]
|
||||
- Added better validation on the sort port to prevent conflicting rules.
|
||||
[msoulier 9262]
|
||||
|
||||
* Fri Oct 17 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.1.0-01]
|
||||
- forcing to dev stream - 1.1.0
|
||||
|
||||
* Fri Oct 17 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.2.0-03]
|
||||
- Fixed summaries so that the styling is now 6.0. [msoulier 9306]
|
||||
|
||||
* Thu Aug 28 2003 Charlie Brady <charlieb@e-smith.com>
|
||||
- [0.2.0-02]
|
||||
- Fix typo in masq fragment which prevented forwarding of UDP.
|
||||
[charlieb 9859]
|
||||
|
||||
* Thu Jun 26 2003 Charlie Brady <charlieb@e-smith.com>
|
||||
- [0.2.0-01]
|
||||
- Changing version to stable stream number - 0.2.0
|
||||
|
||||
* Tue Jun 24 2003 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [0.1.1-20]
|
||||
- Wording update on main page [gordonr 9101]
|
||||
|
||||
* Fri Jun 20 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.1-19]
|
||||
- Revert to previous version. [msoulier 8803]
|
||||
|
||||
* Wed Jun 11 2003 Charlie Brady <charlieb@e-smith.com>
|
||||
- [0.1.1-18]
|
||||
- Redo (simplify) some of the code in the portforwarding panel, and make
|
||||
destination port explicit if not specified. [charlieb 8803]
|
||||
|
||||
* Tue May 6 2003 Lijie Deng <lijied@e-smith.com>
|
||||
- [0.1.1-17]
|
||||
- Add Spanish lexicon for portfowarding [lijied 3793]
|
||||
|
||||
* Tue Apr 8 2003 Lijie Deng <lijied@e-smith.com>
|
||||
- [0.1.1-16]
|
||||
- Removed colons on the label where necessary [lijied 7950]
|
||||
|
||||
* Tue Apr 8 2003 Lijie Deng <lijied@e-smith.com>
|
||||
- [0.1.1-15]
|
||||
- Modified button Apply to Add [lijied 7921]
|
||||
|
||||
* Tue Apr 8 2003 Lijie Deng <lijied@e-smith.com>
|
||||
- [0.1.1-14]
|
||||
- Added French translation for "Misuse of feature...." [lijied 8072]
|
||||
|
||||
* Tue Apr 8 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.1-13]
|
||||
- Fixed lack of buttons on summary page. [msoulier 8089]
|
||||
|
||||
* Mon Apr 7 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.1-12]
|
||||
- Inserting PortForwarding chain as first entry in the PREROUTING chain.
|
||||
[msoulier 8089]
|
||||
|
||||
* Fri Apr 4 2003 Lijie Deng <lijied@e-smith.com>
|
||||
- [0.1.1-11]
|
||||
- Change $q->table to $q->start_table where necessary [lijied 8034]
|
||||
|
||||
* Fri Apr 4 2003 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [0.1.1-10]
|
||||
- Text revision on panel [gordonr 8072]
|
||||
|
||||
* Thu Apr 3 2003 Tony Clayton <apc@e-smith.com>
|
||||
- [0.1.1-09]
|
||||
- Add colons to labels and fix text when table is empty in panel [tonyc 7950]
|
||||
|
||||
* Wed Apr 2 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.1-08]
|
||||
- Added french lexicon for creating a port-forwarding rule. [msoulier 7284]
|
||||
|
||||
* Tue Apr 1 2003 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [0.1.1-07]
|
||||
- Delete stray fr nav bar lexicon entries [gordonr 7926]
|
||||
|
||||
* Tue Apr 1 2003 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [0.1.1-06]
|
||||
- Added french lexicon for security, so it shows up in the right spot
|
||||
on the menu panel. [msoulier 7284]
|
||||
|
||||
* Tue Apr 1 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.1-05]
|
||||
- Added proper styling to the tables. [msoulier 7284]
|
||||
- Added spacing around table elements. [msoulier 7284]
|
||||
- Put a 6.0 look on the buttons on the summary page. [msoulier 7284]
|
||||
- Removed the button-like style from the remove links. [msoulier 7284]
|
||||
|
||||
* Fri Mar 28 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.1-04]
|
||||
- Added proper styles to make links that behave like buttons,
|
||||
look like buttons, for 6.0. [msoulier 7284]
|
||||
|
||||
* Fri Mar 28 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.1-03]
|
||||
- Fixed a couple of typos in the english lexicon. [msoulier 7284]
|
||||
- Included the french lexicon. [msoulier 7284]
|
||||
|
||||
* Tue Mar 25 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.1-02]
|
||||
- Portforwarding still had problems, fixed here. [msoulier 7284]
|
||||
|
||||
* Tue Mar 25 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.1-01]
|
||||
- Modified to work with new e-smith-packetfilter changes for 6.0
|
||||
[msoulier 7284]
|
||||
- Note: This breaks backwards-compatibility with 5.6.
|
||||
|
||||
* Tue Mar 18 2003 Lijie Deng <lijied@e-smith.com>
|
||||
- [0.1.0-33]
|
||||
- Modified port forwarding panel order [lijied 7356]
|
||||
|
||||
* Thu Mar 13 2003 Lijie Deng <lijied@e-smith.com>
|
||||
- [0.1.0-32]
|
||||
- Split en-us lexicon from portwarding panel [lijied 4030]
|
||||
|
||||
* Tue Mar 11 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-31]
|
||||
- Finished patching the interface to take an empty dport. [msoulier 5645]
|
||||
|
||||
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-30]
|
||||
- Patched the masq fragments to accept an empty dport. [msoulier 5645]
|
||||
- Patched the interface to accept an empty destination port.
|
||||
[msoulier 5645]
|
||||
|
||||
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-29]
|
||||
- Tweaked the wording in the panel. [msoulier 5645]
|
||||
|
||||
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-28]
|
||||
- Additional tweaks to fix the iptables syntax and adjust the size of the
|
||||
fields in the UI. [msoulier 5645]
|
||||
|
||||
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-27]
|
||||
- Adding support for a port range on source and destination ports.
|
||||
[msoulier 5645]
|
||||
|
||||
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-26]
|
||||
- Updating dependencies. [msoulier 5645]
|
||||
|
||||
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-25]
|
||||
- Fixed bad removal which set all destination ports to the same port.
|
||||
[msoulier 5645]
|
||||
|
||||
* Mon Mar 10 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-24]
|
||||
- Updated dependency information to make it use the backported
|
||||
e-smith-packetfilter rpm for the 5.6 updates stream. [msoulier 5645]
|
||||
|
||||
* Thu Mar 6 2003 Lijie Deng <lijied@e-smith.com>
|
||||
- [0.1.0-23]
|
||||
- Modified panel order [lijied 7356]
|
||||
|
||||
* Sun Feb 23 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-22]
|
||||
- Backed-out the changes in 0.1.0-21. They're incompatible with
|
||||
e-smith-packetfilter. We'll have to discuss this first. [msoulier 5696]
|
||||
|
||||
* Sun Feb 23 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-21]
|
||||
- Permitting port ranges instead of just single ports. [msoulier 5696]
|
||||
|
||||
* Sun Jan 26 2003 Mike Dickson <miked@e-smith.com>
|
||||
- [0.1.0-20]
|
||||
- added ACTION to lexicon, and code to use it [miked 6363]
|
||||
|
||||
* Sun Jan 26 2003 Mike Dickson <miked@e-smith.com>
|
||||
- [0.1.0-19]
|
||||
- backed out previous patch since it applied too many changes at once. I will
|
||||
re-submit in manageable chunks
|
||||
|
||||
* Sat Jan 25 2003 Mike Dickson <miked@e-smith.com>
|
||||
- [0.1.0-18]
|
||||
- added ACTION to lexicon [miked 6363]
|
||||
|
||||
* Wed Dec 18 2002 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-17]
|
||||
- Added a feature to remove the "finished" page and cycle back to the start
|
||||
page with a status message instead. [msoulier 5696]
|
||||
- Found and fixed a bug permitting the addition of duplicate rules.
|
||||
|
||||
* Mon Dec 16 2002 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-16]
|
||||
- Added a space between the two buttons on the summary panel.
|
||||
[msoulier 5696]
|
||||
|
||||
* Mon Dec 16 2002 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-15]
|
||||
- Fixed broken removal due to using the wrong variable set to repopulate the
|
||||
db entry. [msoulier 5696]
|
||||
|
||||
* Fri Dec 6 2002 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-14]
|
||||
- Fixed bad variable reference in test cases. [msoulier 5696]
|
||||
|
||||
* Thu Dec 5 2002 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-13]
|
||||
- Added some test cases to portforwarding.pm. [msoulier 5696]
|
||||
|
||||
* Fri Nov 29 2002 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-12]
|
||||
- Improved the IP address validation. [msoulier 5696]
|
||||
|
||||
* Fri Nov 29 2002 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-11]
|
||||
- Made sure all messages are localised, and added better error handling.
|
||||
[msoulier 5696]
|
||||
|
||||
* Thu Nov 28 2002 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-10]
|
||||
- Updated to make use of changes to the packetfilter. Fixed the placement of
|
||||
the udp portforwarding rules, and the spelling of "completely".
|
||||
[msoulier 5696]
|
||||
|
||||
* Wed Nov 27 2002 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-09]
|
||||
- Localised the summary table labels. [msoulier 5696]
|
||||
|
||||
* Wed Nov 27 2002 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-08]
|
||||
- The destination host must be an IP address. Enforcing now.
|
||||
[msoulier 5696]
|
||||
|
||||
* Tue Nov 26 2002 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-07]
|
||||
- First working prototype. [msoulier 5696]
|
||||
|
||||
* Mon Nov 25 2002 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-06]
|
||||
- Basic functionality present. Still need to add the ability to
|
||||
delete rules, and display current rules. [msoulier 5696]
|
||||
|
||||
* Fri Nov 22 2002 Michael Soulier <msoulier@e-smith.com>
|
||||
- [0.1.0-05]
|
||||
- Starting the FormMagick conversion of the panel. [msoulier 5696]
|
||||
|
||||
* Thu Nov 21 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [0.1.0-04]
|
||||
- Use "--list --numeric" to avoid DNS lookup delays. [charlieb 5645]
|
||||
|
||||
* Mon Nov 11 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [0.1.0-03]
|
||||
- Fix portforwarding rules to match DB format used by panel code -
|
||||
which is $ip:[$dport], this allows forwarding to a port other than the
|
||||
listen port [charlieb 5645].
|
||||
|
||||
* Mon Nov 11 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [0.1.0-02]
|
||||
- Convert to iptables, and conform to "masq adjust" way of doing things.
|
||||
[charlieb 5645]
|
||||
|
||||
* Mon Nov 11 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [0.1.0-01]
|
||||
- Rolling to development stream to 0.1.0
|
||||
|
||||
* Mon Nov 11 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [0.0.1-6]
|
||||
- Renamed to e-smith-portforwarding.
|
||||
- Imported into CVS as baseline for further development.
|
||||
|
||||
* Sat Sep 21 2002 Darrell May <dmay@netsourced.com>
|
||||
- updated 35SetPortFW to support dynamic external IP
|
||||
- [0.0.1-5]
|
||||
* Tue Jan 01 2002 Darrell May <dmay@netsourced.com>
|
||||
- added Obsoletes: e-smith-ipportfw dmc-mitel-portfowarding
|
||||
- [0.0.1-4]
|
||||
* Tue Jan 01 2002 Darrell May <dmay@netsourced.com>
|
||||
- fixed spelling in rpm name, now to dmc-mitel-portforwarding
|
||||
- merged in e-smith-ipportfw-0.1.1-1.noarch.rpm
|
||||
- [0.0.1-3]
|
||||
* Mon Dec 31 2001 Darrell May <dmay@netsourced.com>
|
||||
- added "Shad L. Lords" <slords@mail.com>, e-smith-iportfw 35SetPortFW
|
||||
- templates-custom fragment supporting dest port addresses
|
||||
- updated portforwarding panel to match
|
||||
- removed first/last portforward panel bug by adding return on Operation Status
|
||||
- [0.0.1-2]
|
||||
* Sun Dec 30 2001 Darrell May <dmay@netsourced.com>
|
||||
- initial release
|
||||
- [0.0.1-1]
|
||||
|
||||
%prep
|
||||
%setup
|
||||
|
||||
%build
|
||||
perl createlinks
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
|
||||
rm -f e-smith-%{version}-filelist
|
||||
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist
|
||||
|
||||
for proto in tcp udp
|
||||
do
|
||||
mkdir -p $RPM_BUILD_ROOT/home/e-smith/db
|
||||
touch $RPM_BUILD_ROOT/home/e-smith/db/portforward_$proto
|
||||
echo "%config(noreplace) %attr(0640,root,admin) /home/e-smith/db/portforward_$proto" \
|
||||
>> %{name}-%{version}-filelist
|
||||
done
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%files -f %{name}-%{version}-filelist
|
||||
|
||||
%defattr(-,root,root)
|
||||
|
||||
%pre
|
||||
|
||||
%post
|
||||
|
||||
%preun
|
||||
|
||||
%postun
|
@ -0,0 +1,19 @@
|
||||
{
|
||||
my %FDB;
|
||||
foreach my $proto ('TCP', 'UDP') {
|
||||
$FDB{$proto} = esmith::ConfigDB->open("portforward_" . lc($proto))
|
||||
|| esmith::ConfigDB->create("portforward_" . lc($proto));
|
||||
|
||||
my %rules = split ',', $DB->get_prop_and_delete('masq', "${proto}Forwards")
|
||||
|| next;
|
||||
|
||||
foreach my $entry (keys %rules) {
|
||||
my %props = ( type => 'forward' );
|
||||
my ($addr, $port) = split ':', $rules{$entry};
|
||||
$props{'DestHost'} = $addr;
|
||||
$props{'DestPort'} = $port if $port;
|
||||
|
||||
$FDB{$proto}->new_record($entry, \%props);
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,168 @@
|
||||
<!-- vim: ft=xml:
|
||||
-->
|
||||
<lexicon lang="en-us">
|
||||
<entry>
|
||||
<base>FORM_TITLE</base>
|
||||
<trans>Configure Port Forwarding</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>FIRST_PAGE_DESCRIPTION</base>
|
||||
<trans><![CDATA[
|
||||
<p>
|
||||
You can use this panel to modify your firewall rules so
|
||||
as to open a specific port on this server and forward it
|
||||
to another port on another host. Doing so will permit
|
||||
incoming traffic to directly access a private host on
|
||||
your LAN.
|
||||
</p>
|
||||
<p>
|
||||
WARNING: Misuse of this feature can seriously compromise the
|
||||
security of your network. Do not use this feature
|
||||
lightly, or without fully understanding the implications
|
||||
of your actions.
|
||||
</p>
|
||||
]]>
|
||||
</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>CREATE_RULE</base>
|
||||
<trans>Create portforwarding rule</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>SUMMARY_ADD_DESC</base>
|
||||
<trans>The following summarizes the port-forwarding rule
|
||||
that you are about to add. If you are satisfied with the rule,
|
||||
click the "Add" button. If you are not, click the
|
||||
"Cancel" button.
|
||||
</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>SUMMARY_REMOVE_DESC</base>
|
||||
<trans>The following summarizes the port-forwarding rule
|
||||
that you are about to remove. If you are sure you want to
|
||||
remove the rule, click the "Remove" button. If not,
|
||||
click the "Cancel" button.
|
||||
</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>SHOW_FORWARDS</base>
|
||||
<trans>
|
||||
Below you will find a table summarizing the current
|
||||
port-forwarding rules installed on this server. Click on the
|
||||
"Remove" link to remove the corresponding rule.
|
||||
</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>NO_FORWARDS</base>
|
||||
<trans>There are currently no forwarded ports on the system.</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>CREATE_PAGE_DESCRIPTION</base>
|
||||
<trans><![CDATA[
|
||||
<p>Select the protocol, the port you wish to forward, the
|
||||
destination host, and the port on the destination host
|
||||
that you wish to forward to. If you wish to specify a port
|
||||
range, enter the lower and upper boundaries separated by a
|
||||
hyphen. The destination port may be left blank, which will
|
||||
instruct the firewall to leave the source port
|
||||
unaltered.</p>
|
||||
]]>
|
||||
</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>LABEL_SOURCE_PORT</base>
|
||||
<trans>Source Port(s)</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>LABEL_PROTOCOL</base>
|
||||
<trans>Protocol</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>LABEL_DESTINATION_PORT</base>
|
||||
<trans>Destination Port(s)</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>LABEL_DESTINATION_HOST</base>
|
||||
<trans>Destination Host IP Address</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>LABEL_RULE_COMMENT</base>
|
||||
<trans>Rule Comment</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>LABEL_ALLOW_HOSTS</base>
|
||||
<trans>Allow Hosts</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>Port forwarding</base>
|
||||
<trans>Port forwarding</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>SUCCESS</base>
|
||||
<trans>Your change to the port forwarding rules has been
|
||||
successfully saved.
|
||||
</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>RULE_COMMENT</base>
|
||||
<trans>Rule Comment</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>ALLOW_HOSTS</base>
|
||||
<trans>Allow Hosts</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>ERR_NO_MASQ_RECORD</base>
|
||||
<trans>Cannot retrieve masq record from the configuration
|
||||
database.</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>ERR_UNSUPPORTED_MODE</base>
|
||||
<trans>Unsupported mode.</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>ERR_CANNOT_REMOVE_NORULE</base>
|
||||
<trans>Cannot remove non-existant rule.</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>ERR_NONZERO_RETURN_EVENT</base>
|
||||
<trans>Event returned a non-zero return value.</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>ERR_BADPORT</base>
|
||||
<trans>The ports must be a positive integer less than
|
||||
65536.</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>ERR_BADIP</base>
|
||||
<trans>This does not appear to be an IP address. You must use
|
||||
dotted-quad notation, and each of the four numbers should be less
|
||||
than 256. ie: 192.168.0.5</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>ERR_DUPRULE</base>
|
||||
<trans>This rule has already been added, it cannot be added
|
||||
twice.</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>ERR_PORT_COLLISION</base>
|
||||
<trans>
|
||||
ERROR: This port or port range conflicts with an existing
|
||||
rule. Please modify this new rule, or remove the old rule.
|
||||
</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>ERR_BADAHOST</base>
|
||||
<trans>
|
||||
This does not appear to be a valid IP address list.
|
||||
ie: 192.168.0.1,192.168.1.1/24
|
||||
</trans>
|
||||
</entry>
|
||||
<entry>
|
||||
<base>IN_SERVERONLY</base>
|
||||
<trans>
|
||||
This server is currently in serveronly mode and portforwarding
|
||||
is possible only to localhost.
|
||||
</trans>
|
||||
</entry>
|
||||
</lexicon>
|
@ -0,0 +1,5 @@
|
||||
/sbin/iptables -t nat --new-chain PortForwarding
|
||||
/sbin/iptables -t nat --new-chain PortForwarding_1
|
||||
/sbin/iptables -t nat --insert PREROUTING --jump PortForwarding
|
||||
/sbin/iptables -t nat --append PortForwarding --destination $OUTERNET \
|
||||
--jump PortForwarding_1
|
@ -0,0 +1,73 @@
|
||||
{
|
||||
my $pf_chain = "PortForwarding_\$\$";
|
||||
$OUT .= "# Create a new PortForwarding chain\n";
|
||||
$OUT .= "PFC=\$(/sbin/iptables --table nat ";
|
||||
$OUT .= "--numeric --list PortForwarding |\\\n";
|
||||
$OUT .= " sed -n '3s/ .*//p')\n";
|
||||
$OUT .= " /sbin/iptables --table nat --new-chain $pf_chain\n";
|
||||
|
||||
my %FDB;
|
||||
|
||||
foreach my $protocol (qw(tcp udp))
|
||||
{
|
||||
my $uproto = uc $protocol;
|
||||
$FDB{$protocol} = esmith::ConfigDB->open("portforward_$protocol")
|
||||
|| die "Can't open portforward_$protocol database: $!\n";
|
||||
|
||||
foreach my $entry ( $FDB{$protocol}->get_all ) {
|
||||
my $port = $entry->key;
|
||||
my $ip = $entry->prop('DestHost');
|
||||
my $dport = $entry->prop('DestPort') || $port;
|
||||
$port =~ s/-/:/;
|
||||
|
||||
# Map canonical localhost back to our current external IP
|
||||
$ip = '$OUTERNET' if ($ip eq 'localhost');
|
||||
|
||||
my $host_list = $entry->prop("AllowHosts") || '0.0.0.0/0';
|
||||
foreach my $host (split(',', $host_list)) {
|
||||
|
||||
$OUT .= " /sbin/iptables --table nat --append $pf_chain";
|
||||
|
||||
# Set up local port to forward
|
||||
$OUT .= " --proto $protocol --destination-port ${port}";
|
||||
$OUT .= " --src $host" unless $host eq '0.0.0.0/0';
|
||||
|
||||
# Set up the remote port to forward to
|
||||
$OUT .= " -j DNAT --to-destination $ip:$dport\n";
|
||||
|
||||
}
|
||||
|
||||
# And accept the incoming packets. Use the dport if there is one.
|
||||
($port = $dport) =~ s/-/:/ if $dport;
|
||||
|
||||
# If this rule is forwarding to localhost, ExternalIP or LocalIP,
|
||||
# then we must allow it on the INPUT chain instead of the FORWARD
|
||||
# chain.
|
||||
|
||||
my $target_chain = (($ip eq '$OUTERNET') ?
|
||||
"Inbound${uproto}_\$\$" : "Forwarded${uproto}_\$\$");
|
||||
|
||||
foreach my $access_type (("Allow", "Deny")) {
|
||||
my $jump_target = (($access_type eq "Allow") ? "ACCEPT" : "denylog");
|
||||
my $host_list = $entry->prop("${access_type}Hosts") || "";
|
||||
|
||||
$host_list = "0.0.0.0/0"
|
||||
if (($host_list eq "") and ($access_type eq "Allow"));
|
||||
|
||||
foreach my $host (split(',', $host_list)) {
|
||||
$OUT .= " /sbin/iptables -A $target_chain";
|
||||
$OUT .= " --proto $protocol --dport $port \\\n ";
|
||||
$OUT .= " --destination $ip" if ($ip ne '$OUTERNET');
|
||||
$OUT .= " --src $host --jump $jump_target\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# having created a new PortForwarding chain, activate it and destroy
|
||||
# the old.
|
||||
$OUT .= " /sbin/iptables --table nat --replace PortForwarding 1 " .
|
||||
"--destination \$OUTERNET --jump $pf_chain\n";
|
||||
$OUT .= " /sbin/iptables --table nat --flush \$PFC\n";
|
||||
$OUT .= " /sbin/iptables --table nat --delete-chain \$PFC\n";
|
||||
}
|
@ -0,0 +1,128 @@
|
||||
#!/usr/bin/perl -wT
|
||||
# vim: ft=xml ts=4 sw=4 et:
|
||||
#----------------------------------------------------------------------
|
||||
# heading : Security
|
||||
# description : Port forwarding
|
||||
# navigation : 5000 5400
|
||||
#----------------------------------------------------------------------
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 2002 Mitel Networks Corporation
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
# Technical support for this program is available from Mitel Networks
|
||||
# Please visit our web site www.mitel.com/sme/ for details.
|
||||
#----------------------------------------------------------------------
|
||||
|
||||
use strict;
|
||||
use esmith::FormMagick::Panel::portforwarding;
|
||||
my $form = esmith::FormMagick::Panel::portforwarding->new();
|
||||
# Uncomment the next line for debugging purposes.
|
||||
#$form->debug(1);
|
||||
$form->display();
|
||||
|
||||
|
||||
__DATA__
|
||||
<form
|
||||
title="FORM_TITLE"
|
||||
header="/etc/e-smith/web/common/head.tmpl"
|
||||
footer="/etc/e-smith/web/common/foot.tmpl">
|
||||
|
||||
<!-- page 0 -->
|
||||
<page
|
||||
name="First"
|
||||
pre-event="print_status_message()">
|
||||
<description>FIRST_PAGE_DESCRIPTION</description>
|
||||
|
||||
<subroutine src="show_port_forwards()" />
|
||||
</page>
|
||||
|
||||
<!-- page 1 -->
|
||||
<page
|
||||
name="Create"
|
||||
pre-event="print_status_message()">
|
||||
<description>CREATE_PAGE_DESCRIPTION</description>
|
||||
|
||||
<field
|
||||
id="protocol"
|
||||
type="select"
|
||||
options="'TCP','UDP'">
|
||||
<label>LABEL_PROTOCOL</label>
|
||||
</field>
|
||||
<field
|
||||
id="source_port"
|
||||
type="text"
|
||||
size="11"
|
||||
validation="validate_source_port()">
|
||||
<label>LABEL_SOURCE_PORT</label>
|
||||
</field>
|
||||
<field
|
||||
id="destination_host"
|
||||
type="text"
|
||||
size="15"
|
||||
validation="validate_destination_host()">
|
||||
<label>LABEL_DESTINATION_HOST</label>
|
||||
</field>
|
||||
<field
|
||||
id="destination_port"
|
||||
type="text"
|
||||
size="11"
|
||||
validation="validate_destination_port()">
|
||||
<label>LABEL_DESTINATION_PORT</label>
|
||||
</field>
|
||||
<field
|
||||
id="rule_comment"
|
||||
type="text">
|
||||
<label>LABEL_RULE_COMMENT</label>
|
||||
</field>
|
||||
<field
|
||||
id="allow_hosts"
|
||||
type="text"
|
||||
validation="validate_allowed_hosts()">
|
||||
<label>LABEL_ALLOW_HOSTS</label>
|
||||
</field>
|
||||
|
||||
<subroutine src="print_button('NEXT')" />
|
||||
|
||||
</page>
|
||||
|
||||
<!-- page 2 -->
|
||||
<page
|
||||
name="ShowSummary"
|
||||
pre-event="turn_off_buttons()"
|
||||
post-event="create_new()">
|
||||
|
||||
<subroutine src="display_summary_create" />
|
||||
</page>
|
||||
|
||||
<!-- page 3
|
||||
Note: This page is not used. It's a kludge to permit the next page
|
||||
to work properly from a link on the front page. FormMagick needs
|
||||
work.
|
||||
-->
|
||||
<page
|
||||
name="Dummy">
|
||||
</page>
|
||||
|
||||
<!-- page 4 -->
|
||||
<page
|
||||
name="Remove"
|
||||
pre-event="turn_off_buttons()"
|
||||
post-event="remove_rule()">
|
||||
|
||||
<subroutine src="display_summary_remove" />
|
||||
</page>
|
||||
|
||||
</form>
|
@ -0,0 +1,676 @@
|
||||
#----------------------------------------------------------------------
|
||||
# $Id: portforwarding.pm,v 1.38 2005/03/16 23:37:02 charlieb Exp $
|
||||
# vim: ft=perl ts=4 sw=4 et:
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 2002 Mitel Networks Corporation
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
# Technical support for this program is available from Mitel Networks
|
||||
# Please visit our web site www.e-smith.com for details.
|
||||
#----------------------------------------------------------------------
|
||||
|
||||
package esmith::FormMagick::Panel::portforwarding;
|
||||
|
||||
use strict;
|
||||
use esmith::ConfigDB;
|
||||
use esmith::FormMagick;
|
||||
use esmith::util;
|
||||
use esmith::util::network qw(isValidIP);
|
||||
use esmith::cgi;
|
||||
use Exporter;
|
||||
|
||||
use constant TRUE => 1;
|
||||
use constant FALSE => 0;
|
||||
|
||||
our @ISA = qw(esmith::FormMagick Exporter);
|
||||
|
||||
our @EXPORT = qw(
|
||||
show_port_forwards create_new validate_source_port
|
||||
validate_destination_port display_create_summary
|
||||
);
|
||||
|
||||
our $VERSION = sprintf '%d.%03d', q$Revision: 1.38 $ =~ /: (\d+).(\d+)/;
|
||||
our $db = esmith::ConfigDB->open
|
||||
|| die "Can't open configuration database: $!\n";
|
||||
our $tcp_db = esmith::ConfigDB->open('portforward_tcp')
|
||||
|| die "Can't open portforward_tcp database: $!\n";
|
||||
our $udp_db = esmith::ConfigDB->open('portforward_udp')
|
||||
|| die "Can't open portforward_udp database: $!\n";
|
||||
|
||||
=head1 NAME
|
||||
|
||||
esmith::FormMagick::Panels::portforwarding - useful panel functions
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
use esmith::FormMagick::Panels::portforwarding
|
||||
|
||||
my $panel = esmith::FormMagick::Panel::portforwarding->new();
|
||||
$panel->display();
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
This module is the backend to the portforwarding panel, responsible for
|
||||
supplying all functions used by that panel. It is a subclass of
|
||||
esmith::FormMagick itself, so it inherits the functionality of a FormMagick
|
||||
object.
|
||||
|
||||
=head2 new
|
||||
|
||||
This is the class constructor.
|
||||
|
||||
=begin testing
|
||||
|
||||
$ENV{ESMITH_CONFIG_DB} = "10e-smith-base/configuration.conf";
|
||||
|
||||
use_ok('esmith::FormMagick::Panels::portforwarding');
|
||||
our $panel;
|
||||
ok($panel = esmith::FormMagick::Panels::portforwarding->new(),
|
||||
"Create panel object");
|
||||
isa_ok($panel, 'esmith::FormMagick::Panels::portforwarding');
|
||||
|
||||
=end testing
|
||||
|
||||
=cut
|
||||
|
||||
sub new {
|
||||
my $class = ref($_[0]) || $_[0];
|
||||
my $self = esmith::FormMagick->new();
|
||||
bless $self, $class;
|
||||
# Uncomment the following line for debugging.
|
||||
#$self->debug(TRUE);
|
||||
return $self;
|
||||
}
|
||||
|
||||
=head2 show_port_forwards
|
||||
|
||||
This method displays the data on currently forwarded ports on
|
||||
the system.
|
||||
|
||||
=cut
|
||||
|
||||
sub show_port_forwards {
|
||||
my $self = shift;
|
||||
my $q = $self->cgi;
|
||||
|
||||
my $empty = 0;
|
||||
my @tcpforwards = $tcp_db->get_all;
|
||||
my @udpforwards = $udp_db->get_all;
|
||||
$empty = 1 if not @tcpforwards and not @udpforwards;
|
||||
|
||||
my %forwards = ();
|
||||
$forwards{TCP} = \@tcpforwards;
|
||||
$forwards{UDP} = \@udpforwards;
|
||||
|
||||
print $q->Tr(
|
||||
$q->td({-colspan => 2},
|
||||
'<br>' .
|
||||
$q->a({-class => "button-like",
|
||||
-href => "portforwarding?page=0&page_stack=&Next=Create"},
|
||||
$self->localise('CREATE_RULE'))));
|
||||
|
||||
unless ($empty) {
|
||||
print $q->Tr(
|
||||
$q->td({-colspan => 2},
|
||||
$q->p($self->localise('SHOW_FORWARDS')))),"\n";
|
||||
|
||||
my $q = $self->{cgi};
|
||||
print "<tr><td colspan=\"2\">";
|
||||
print $q->start_table({-class => 'sme-border'}), "\n ";
|
||||
print $q->Tr(
|
||||
esmith::cgi::genSmallCell(
|
||||
$q,
|
||||
$self->localise('LABEL_PROTOCOL'),
|
||||
"header"
|
||||
), " ",
|
||||
esmith::cgi::genSmallCell(
|
||||
$q,
|
||||
$self->localise('LABEL_SOURCE_PORT'),
|
||||
"header"
|
||||
), " ",
|
||||
esmith::cgi::genSmallCell(
|
||||
$q,
|
||||
$self->localise('LABEL_DESTINATION_HOST'),
|
||||
"header"
|
||||
), " ",
|
||||
esmith::cgi::genSmallCell(
|
||||
$q,
|
||||
$self->localise('LABEL_DESTINATION_PORT'),
|
||||
"header",
|
||||
), " ",
|
||||
esmith::cgi::genSmallCell(
|
||||
$q,
|
||||
$self->localise('ALLOW_HOSTS'),
|
||||
"header",
|
||||
), " ",
|
||||
esmith::cgi::genSmallCell(
|
||||
$q,
|
||||
$self->localise('RULE_COMMENT'),
|
||||
"header",
|
||||
), " ",
|
||||
$q->th({-class => "sme-border", -colspan => 2},
|
||||
$self->localise('ACTION')
|
||||
), "\n ",
|
||||
);
|
||||
foreach my $proto (sort keys %forwards) {
|
||||
if (@{ $forwards{$proto} }) {
|
||||
foreach my $entry (@{ $forwards{$proto} }) {
|
||||
my $sport = $entry->key;
|
||||
my $dhost = $entry->prop('DestHost');
|
||||
my $dport = $entry->prop('DestPort') || '';
|
||||
my $cmmnt = $entry->prop('Comment') || '';
|
||||
my $allow = $entry->prop('AllowHosts') || '';
|
||||
print $q->Tr(
|
||||
esmith::cgi::genSmallCell($q, $proto),
|
||||
" ",
|
||||
esmith::cgi::genSmallCell($q, $sport),
|
||||
" ",
|
||||
esmith::cgi::genSmallCell($q, $dhost),
|
||||
" ",
|
||||
esmith::cgi::genSmallCell($q, $dport || ' '),
|
||||
" ",
|
||||
esmith::cgi::genSmallCell($q, $allow || ' '),
|
||||
" ",
|
||||
esmith::cgi::genSmallCell($q, $cmmnt || ' '),
|
||||
" ",
|
||||
esmith::cgi::genSmallCell(
|
||||
$q,
|
||||
$q->a({href => $q->url(-absolute => 1)
|
||||
. "?page=3&Next=Next&protocol=$proto&"
|
||||
. "source_port=$sport&"
|
||||
. "destination_host=$dhost&"
|
||||
. "destination_port=$dport&"
|
||||
. "rule_comment=".CGI::escape($cmmnt)."&"
|
||||
. "allow_hosts=$allow"},
|
||||
$self->localise("REMOVE"))
|
||||
),
|
||||
"\n ",
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
print $q->end_table,"\n";
|
||||
print '</td></tr>';
|
||||
|
||||
}
|
||||
else {
|
||||
print $q->Tr(
|
||||
$q->td({-colspan => 2}, '<br>' .
|
||||
$self->localise('NO_FORWARDS')));
|
||||
}
|
||||
return undef;
|
||||
}
|
||||
|
||||
=head2 validate_source_port
|
||||
|
||||
This method validates the source port field in the new port forward page.
|
||||
|
||||
=cut
|
||||
|
||||
sub validate_source_port {
|
||||
my $self = shift;
|
||||
my $q = $self->{cgi};
|
||||
my $sport = $q->param('source_port');
|
||||
$sport =~ s/^\s+|\s+$//g;
|
||||
# If this is a port range, split it up and validate it individually.
|
||||
my @ports = ();
|
||||
if ($sport =~ /-/)
|
||||
{
|
||||
@ports = split /-/, $sport;
|
||||
if (@ports > 2)
|
||||
{
|
||||
$self->debug_msg("found more than 2 ports: @ports");
|
||||
return $self->localise('ERR_BADPORT');
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
push @ports, $sport;
|
||||
}
|
||||
$self->debug_msg("the ports array is: @ports");
|
||||
foreach my $port (@ports)
|
||||
{
|
||||
$self->debug_msg("looping on port $port");
|
||||
if (! $self->isValidPort($port))
|
||||
{
|
||||
$self->debug_msg("returning: " . $self->localise('ERR_BADPORT'));
|
||||
return $self->localise('ERR_BADPORT');
|
||||
}
|
||||
}
|
||||
# Now, lets screen any duplicates.
|
||||
my $protocol = $q->param('protocol');
|
||||
my @forwards = ();
|
||||
|
||||
# Grab the existing rules for this protocol.
|
||||
if ($protocol eq 'TCP') {
|
||||
@forwards = map { $_->key } $tcp_db->get_all;
|
||||
} elsif ($protocol eq 'UDP') {
|
||||
@forwards = map { $_->key } $udp_db->get_all;
|
||||
}
|
||||
foreach my $psport (@forwards)
|
||||
{
|
||||
if ($self->detect_collision($sport, $psport))
|
||||
{
|
||||
return $self->localise('ERR_PORT_COLLISION');
|
||||
}
|
||||
}
|
||||
return 'OK';
|
||||
}
|
||||
|
||||
=head2 detect_collision
|
||||
|
||||
This method looks for a collision between two ports or port ranges.
|
||||
|
||||
=cut
|
||||
|
||||
sub detect_collision
|
||||
{
|
||||
my $self = shift;
|
||||
my $port_a = shift;
|
||||
my $port_b = shift;
|
||||
|
||||
# If they're both single ports, see if they're the same.
|
||||
if (($port_a !~ /-/) && ($port_b !~ /-/))
|
||||
{
|
||||
return $port_a eq $port_b;
|
||||
}
|
||||
# If port_a is not a range but port_b is, is a in b?
|
||||
elsif ($port_a !~ /-/)
|
||||
{
|
||||
my ($b1, $b2) = split /-/, $port_b;
|
||||
return (($port_a >= $b1) && ($port_a <= $b2));
|
||||
}
|
||||
elsif ($port_b !~ /-/)
|
||||
{
|
||||
my ($a1, $a2) = split /-/, $port_a;
|
||||
return (($port_b >= $a1) && ($port_b <= $a2));
|
||||
}
|
||||
else
|
||||
{
|
||||
# They're both ranges. Do they overlap?
|
||||
my ($a1, $a2) = split /-/, $port_a;
|
||||
my ($b1, $b2) = split /-/, $port_b;
|
||||
# They can overlap in two ways. Either a1 is in b, or b1 is in a.
|
||||
if (($a1 >= $b1) && ($a1 <= $b2))
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
elsif (($b1 >= $a1) && ($b1 <= $a2))
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
=head2 validate_destination_port
|
||||
|
||||
This method validates the destination port field in the new port
|
||||
forward page.
|
||||
|
||||
=cut
|
||||
|
||||
sub validate_destination_port {
|
||||
my $self = shift;
|
||||
my $dport = $self->{cgi}->param('destination_port');
|
||||
$dport =~ s/^\s+|\s+$//g;
|
||||
# If the dport is empty, that's ok.
|
||||
return 'OK' if not $dport;
|
||||
|
||||
# If this is a port range, split it up and validate it individually.
|
||||
my @ports = ();
|
||||
if ($dport =~ /-/)
|
||||
{
|
||||
@ports = split /-/, $dport;
|
||||
if (@ports > 2)
|
||||
{
|
||||
$self->debug_msg("found more than 2 ports: @ports");
|
||||
return $self->localise('ERR_BADPORT');
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
push @ports, $dport;
|
||||
}
|
||||
$self->debug_msg("the ports array is: @ports");
|
||||
|
||||
foreach my $port (@ports)
|
||||
{
|
||||
$self->debug_msg("looping on port $port");
|
||||
if (! $self->isValidPort($port))
|
||||
{
|
||||
$self->debug_msg("returning: " . $self->localise('ERR_BADPORT'));
|
||||
return $self->localise('ERR_BADPORT');
|
||||
}
|
||||
}
|
||||
return 'OK';
|
||||
}
|
||||
|
||||
=head2 isValidPort
|
||||
|
||||
Test for a valid port.
|
||||
FIXME: Remove this when 5.6 is no longer supported, and use
|
||||
esmith::util::network::isValidPort instead.
|
||||
|
||||
=begin testing
|
||||
|
||||
@badports = (98765434, -183, 0, 'bad port', 'a');
|
||||
@goodports = (67, 23, 1, 54736);
|
||||
|
||||
foreach $port (@badports) {
|
||||
$panel->{cgi}->param('destination_port' => $port);
|
||||
isnt($panel->validate_source_port(), "OK");
|
||||
}
|
||||
foreach $port (@goodports) {
|
||||
$panel->{cgi}->param('source_port' => $port);
|
||||
is($panel->validate_source_port(), "OK");
|
||||
}
|
||||
|
||||
=end testing
|
||||
|
||||
=cut
|
||||
|
||||
sub isValidPort() {
|
||||
my $self = shift;
|
||||
my $port = shift;
|
||||
|
||||
return FALSE unless defined $port;
|
||||
|
||||
if (($port =~ /^\d+$/) &&
|
||||
($port > 0) &&
|
||||
($port < 65536))
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
else {
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
=head2 validate_destination_host
|
||||
|
||||
The purpose of this method is to validate the destination host field in the
|
||||
new port forward page.
|
||||
|
||||
=cut
|
||||
|
||||
sub validate_destination_host {
|
||||
my $self = shift;
|
||||
my $dhost = $self->{cgi}->param('destination_host');
|
||||
$dhost =~ s/^\s+|\s+$//g;
|
||||
|
||||
my $localip = $db->get_prop('InternalInterface', 'IPAddress');
|
||||
my $external_ip = $db->get_prop('ExternalInterface', 'IPAddress') || $localip;
|
||||
|
||||
if ($dhost =~ /^(localhost|127.0.0.1|$localip|$external_ip)$/i)
|
||||
{
|
||||
# localhost token gets expanded at runtime to current external IP
|
||||
$self->{cgi}->param(-name=>'destination_host', -value=>'localhost');
|
||||
return "OK";
|
||||
}
|
||||
|
||||
my $systemmode = $db->get_value('SystemMode');
|
||||
|
||||
if ($systemmode eq 'serveronly') {
|
||||
return $self->localise('IN_SERVERONLY');
|
||||
}
|
||||
|
||||
if (isValidIP($dhost)) {
|
||||
return 'OK';
|
||||
}
|
||||
else {
|
||||
return $self->localise('ERR_BADIP');
|
||||
}
|
||||
}
|
||||
|
||||
=head2 validate_allowed_hosts
|
||||
|
||||
=cut
|
||||
|
||||
sub validate_allowed_hosts {
|
||||
my $self = shift;
|
||||
my $ahost = $self->{cgi}->param('allow_hosts');
|
||||
$ahost =~ s/^\s+|\s+$//g;
|
||||
|
||||
my $valid_ahost_list = "OK";
|
||||
|
||||
foreach (split(/[\s,]+/, $ahost)) {
|
||||
my $valid_ipnet = 0;
|
||||
$valid_ipnet = 1 if ($_ =~ m/^\d+\.\d+\.\d+\.\d+$/);
|
||||
$valid_ipnet = 1 if ($_ =~ m/^\d+\.\d+\.\d+\.\d+\/\d+$/);
|
||||
$valid_ahost_list = "ERR_BADAHOST" if ($valid_ipnet != 1);
|
||||
}
|
||||
|
||||
return $valid_ahost_list;
|
||||
}
|
||||
|
||||
=head2 display_summary_create
|
||||
|
||||
This is a wrapper for the display_summary method, to call it in create mode.
|
||||
|
||||
=cut
|
||||
|
||||
sub display_summary_create {
|
||||
my $self = shift;
|
||||
$self->display_summary('create');
|
||||
}
|
||||
|
||||
=head2 display_summary_remove
|
||||
|
||||
This is a wrapper for the display_summary method, to call it in remove mode.
|
||||
|
||||
=cut
|
||||
|
||||
sub display_summary_remove {
|
||||
my $self = shift;
|
||||
$self->display_summary('remove');
|
||||
}
|
||||
|
||||
=head2 display_create_summary
|
||||
|
||||
This method's purpose is to display a summary of the rule about to be added.
|
||||
|
||||
=cut
|
||||
|
||||
sub display_summary {
|
||||
my $self = shift;
|
||||
my $mode = shift;
|
||||
my $save = $self->localise('SAVE');
|
||||
my $cancel = $self->localise('CANCEL');
|
||||
my $output = "";
|
||||
my $q = $self->{cgi};
|
||||
$self->debug_msg("start of method");
|
||||
|
||||
print "<tr><td colspan=\"2\">";
|
||||
|
||||
my $description = "";
|
||||
if ($mode eq 'create') {
|
||||
$description = $self->localise('SUMMARY_ADD_DESC');
|
||||
}
|
||||
elsif ($mode eq 'remove') {
|
||||
$description = $self->localise('SUMMARY_REMOVE_DESC');
|
||||
}
|
||||
else {
|
||||
return $self->error('ERR_UNSUPPORTED_MODE');
|
||||
}
|
||||
|
||||
print $q->p($description);
|
||||
|
||||
my $dhost = $self->get_destination_host();
|
||||
foreach my $tablearrayref (
|
||||
[$self->localise('LABEL_PROTOCOL')
|
||||
=> $q->param('protocol')],
|
||||
[$self->localise('LABEL_SOURCE_PORT')
|
||||
=> $q->param('source_port')],
|
||||
[$self->localise('LABEL_DESTINATION_PORT')
|
||||
=> $q->param('destination_port') || ' '],
|
||||
[$self->localise('LABEL_DESTINATION_HOST')
|
||||
=> $dhost],
|
||||
[$self->localise('RULE_COMMENT')
|
||||
=> $q->param('rule_comment')],
|
||||
[$self->localise('ALLOW_HOSTS')
|
||||
=> $q->param('allow_hosts')],
|
||||
)
|
||||
{
|
||||
print $q->Tr(
|
||||
$q->td({-class => 'sme-noborders-label'},
|
||||
$tablearrayref->[0],
|
||||
$q->td({-class => 'sme-noborders-content'},
|
||||
$tablearrayref->[1]))), "\n";
|
||||
}
|
||||
|
||||
if ($mode eq 'create') {
|
||||
print $q->table({-width => '100%'}, $q->Tr($q->th({-class => 'sme-layout'},
|
||||
$q->submit(-name => 'apply',
|
||||
-value => $self->localise("ADD")),
|
||||
' ',
|
||||
$q->submit(-name => 'cancel',
|
||||
-value => $self->localise("CANCEL")))));
|
||||
}
|
||||
elsif ($mode eq 'remove') {
|
||||
print $q->table({-width => '100%'}, $q->Tr($q->th({-class => 'sme-layout'},
|
||||
$q->submit( -name => 'remove',
|
||||
-value => $self->localise("REMOVE")),
|
||||
' ',
|
||||
$q->submit( -name => 'cancel',
|
||||
-value => $self->localise("CANCEL")))));
|
||||
}
|
||||
else {
|
||||
return $self->error('ERR_UNSUPPORTED_MODE');
|
||||
}
|
||||
$self->debug_msg("returning");
|
||||
|
||||
print "</td></tr>";
|
||||
return undef;
|
||||
}
|
||||
|
||||
=head2 remove_rule
|
||||
|
||||
This method is a remove wrapper for the modify method.
|
||||
|
||||
=cut
|
||||
|
||||
sub remove_rule {
|
||||
my $self = shift;
|
||||
$self->modify('remove');
|
||||
}
|
||||
|
||||
=head2 create_new
|
||||
|
||||
This method is a create wrapper for the modify method.
|
||||
|
||||
=cut
|
||||
|
||||
sub create_new {
|
||||
my $self = shift;
|
||||
$self->modify('create');
|
||||
}
|
||||
|
||||
=head2 modify
|
||||
|
||||
This method's purpose is to add or remove rules from the database, and then
|
||||
cause the firewall rules to update.
|
||||
|
||||
=cut
|
||||
|
||||
sub modify {
|
||||
no strict 'refs';
|
||||
my $self = shift;
|
||||
my $mode = shift;
|
||||
my $q = $self->{cgi};
|
||||
$self->debug_msg("at start of modify method");
|
||||
|
||||
# If the cancel button was pressed, just go back to the start page.
|
||||
if ($q->param("cancel")) {
|
||||
$self->debug_msg("the cancel button was pressed");
|
||||
$self->wherenext("First");
|
||||
}
|
||||
else {
|
||||
# Save the changes.
|
||||
my $proto = $q->param("protocol");
|
||||
my $sport = $q->param("source_port");
|
||||
my $dport = $q->param("destination_port");
|
||||
my $dhost = $self->get_destination_host();
|
||||
my $cmmnt = $q->param("rule_comment") || "";
|
||||
my $allow = $q->param("allow_hosts") || "";
|
||||
my $deny = (($q->param("allow_hosts")) ? "0.0.0.0/0" : "");
|
||||
$proto =~ s/^\s+|\s+$//g;
|
||||
$sport =~ s/^\s+|\s+$//g;
|
||||
$dport =~ s/^\s+|\s+$//g;
|
||||
$dhost =~ s/^\s+|\s+$//g;
|
||||
|
||||
$self->debug_msg("protocol is $proto");
|
||||
$self->debug_msg("source_port is $sport");
|
||||
$self->debug_msg("destination_port is $dport");
|
||||
$self->debug_msg("destination_host is $dhost");
|
||||
|
||||
my $whichforwards = "";
|
||||
my $fdb;
|
||||
if ($proto eq 'TCP') {
|
||||
$fdb = $tcp_db;
|
||||
}
|
||||
else {
|
||||
$fdb = $udp_db;
|
||||
}
|
||||
|
||||
if ($mode eq 'create') {
|
||||
$self->debug_msg("we are in create mode");
|
||||
my $entry = $fdb->get($sport) || $fdb->new_record($sport, { type => 'forward' });
|
||||
$entry->set_prop('DestHost', $dhost);
|
||||
$entry->set_prop('DestPort', $dport) if $dport;
|
||||
$entry->set_prop('Comment', $cmmnt);
|
||||
$entry->set_prop('AllowHosts', $allow);
|
||||
$entry->set_prop('DenyHosts', $deny);
|
||||
}
|
||||
elsif ($mode eq 'remove') {
|
||||
$self->debug_msg("we are in remove mode");
|
||||
my $entry = $fdb->get($sport);
|
||||
return $self->error('ERR_CANNOT_REMOVE_NORULE') unless $entry;
|
||||
$entry->delete;
|
||||
}
|
||||
|
||||
system("/sbin/e-smith/signal-event",
|
||||
"portforwarding-update") == 0
|
||||
|| return $self->error('ERR_NONZERO_RETURN_EVENT');
|
||||
|
||||
return $self->success();
|
||||
}
|
||||
}
|
||||
|
||||
=head2 get_destination_host
|
||||
|
||||
Get the 'destination_host' parameter, and fold it to 'localhost' if it
|
||||
matches any local interface IP address.
|
||||
|
||||
=cut
|
||||
|
||||
sub get_destination_host
|
||||
{
|
||||
my $self = shift;
|
||||
my $q = $self->{cgi};
|
||||
my $dhost = $q->param("destination_host");
|
||||
my $localip = $db->get_prop('InternalInterface', 'IPAddress');
|
||||
my $external_ip = $db->get_prop('ExternalInterface', 'IPAddress') || $localip;
|
||||
|
||||
if ($dhost =~ /^(127.0.0.1|$localip|$external_ip)$/i)
|
||||
{
|
||||
# localhost token gets expanded at runtime to current external IP
|
||||
$dhost = 'localhost';
|
||||
}
|
||||
return $dhost;
|
||||
}
|
||||
|
||||
1;
|
Loading…
Reference in New Issue