Thread: [Astlinux-commits] SF.net SVN: astlinux:[5509] branches/1.0/package/webinterface/altweb/admin/ fire

Brought to you by: dhartman, krisk84

astlinux-commits

[Astlinux-commits] SF.net SVN: astlinux:[5509] branches/1.0/package/webinterface/altweb/admin/ firewall.php

From: <abe...@us...> - 2012-04-10 17:48:03

Revision: 5509
          http://astlinux.svn.sourceforge.net/astlinux/?rev=5509&view=rev
Author:   abelbeck
Date:     2012-04-10 17:47:56 +0000 (Tue, 10 Apr 2012)
Log Message:
-----------
web interface, Firewall tab, allow changes to 'NAT EXT' to create a new rule

Modified Paths:
--------------
    branches/1.0/package/webinterface/altweb/admin/firewall.php

Modified: branches/1.0/package/webinterface/altweb/admin/firewall.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/firewall.php	2012-04-07 19:51:29 UTC (rev 5508)
+++ branches/1.0/package/webinterface/altweb/admin/firewall.php	2012-04-10 17:47:56 UTC (rev 5509)
@@ -395,7 +395,7 @@
 
 // Function: existFWRule
 //
-function existFWRule($db, $action, $proto, $s_addr, $s_lport, $s_uport, $d_addr, $d_lport, $d_uport) {
+function existFWRule($db, $action, $proto, $s_addr, $s_lport, $s_uport, $d_addr, $d_lport, $d_uport, $e_addr) {
 
   if (($n = count($db['data'])) > 0) {
     for ($i = 0; $i < $n; $i++) {
@@ -407,7 +407,8 @@
           $data['s_uport'] === $s_uport &&
           $data['d_addr'] === $d_addr &&
           $data['d_lport'] === $d_lport &&
-          $data['d_uport'] === $d_uport) {
+          $data['d_uport'] === $d_uport &&
+         ($data['e_addr'] === $e_addr || ($data['e_addr'] === '' && $e_addr === '0/0'))) {
         return($i);
       }
     }
@@ -494,9 +495,8 @@
     $d_uport = '';
   }
   
-  if (($eid = existFWRule($db, $action, $proto, $s_addr, $s_lport, $s_uport, $d_addr, $d_lport, $d_uport)) !== FALSE) {
+  if (($eid = existFWRule($db, $action, $proto, $s_addr, $s_lport, $s_uport, $d_addr, $d_lport, $d_uport, $e_addr)) !== FALSE) {
     $db['data'][$eid]['comment'] = $comment;
-    $db['data'][$eid]['e_addr'] = $e_addr;
     return(0);
   }
   

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Astlinux-commits] SF.net SVN: astlinux:[6541] branches/1.0/package/webinterface/altweb/admin/ firewall.php

From: <abe...@us...> - 2014-06-08 20:09:31

Revision: 6541
          http://sourceforge.net/p/astlinux/code/6541
Author:   abelbeck
Date:     2014-06-08 20:09:28 +0000 (Sun, 08 Jun 2014)
Log Message:
-----------
web interface, Network -> Firewall sub-tab, add support for multiple 'Allow OpenVPN' LAN interfaces

Modified Paths:
--------------
    branches/1.0/package/webinterface/altweb/admin/firewall.php

Modified: branches/1.0/package/webinterface/altweb/admin/firewall.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/firewall.php	2014-06-08 20:05:31 UTC (rev 6540)
+++ branches/1.0/package/webinterface/altweb/admin/firewall.php	2014-06-08 20:09:28 UTC (rev 6541)
@@ -19,6 +19,7 @@
 // 03-28-2012, Added NAT EXT support
 // 07-16-2012, Added "Pass LAN->EXT" and "Pass DMZ->EXT" actions
 // 01-27-2014, Added "Log Denied DMZ interface packets"
+// 06-08-2014, Added support for multiple "Allow OpenVPN" LAN interfaces
 //
 // System location of /mnt/kd/rc.conf.d directory
 $FIREWALLCONFDIR = '/mnt/kd/rc.conf.d';
@@ -91,10 +92,14 @@
   'INTIF INT2IF INT3IF' => '1st and 2nd and 3rd'
 );
 
-$allowlan_label = array (
-  'INTIF' => '1st LAN Interface',
-  'INT2IF' => '2nd LAN Interface',
-  'INT3IF' => '3rd LAN Interface'
+$vpn_allowlan_label = array (
+  'INTIF' => '1st',
+  'INT2IF' => '2nd',
+  'INT3IF' => '3rd',
+  'INTIF INT2IF' => '1st and 2nd',
+  'INTIF INT3IF' => '1st and 3rd',
+  'INT2IF INT3IF' => '2nd and 3rd',
+  'INTIF INT2IF INT3IF' => '1st and 2nd and 3rd'
 );
 
 $lan_default_policy_label = array (
@@ -994,26 +999,31 @@
   }
   putHtml('</select>');
   putHtml('LAN Interfaces</td></tr>');
+
   putHtml('<tr class="dtrow1"><td width="75" style="text-align: right;">');
   $ovpn_allowlan = getVARdef($vars, 'OVPNC_ALLOWLAN');
   $sel = ($ovpn_allowlan !== '') ? ' checked="checked"' : '';
   putHtml('<input type="checkbox" value="is_ovpnc_allowlan" name="is_ovpnc_allowlan"'.$sel.' /></td><td>Allow OpenVPN Client tunnel to the');
   putHtml('<select name="ovpnc_allowlan">');
-  foreach ($allowlan_label as $key => $value) {
+  foreach ($vpn_allowlan_label as $key => $value) {
     $sel = ($ovpn_allowlan === $key) ? ' selected="selected"' : '';
     putHtml('<option value="'.$key.'"'.$sel.'>'.$value.'</option>');
   }
-  putHtml('</select></td></tr>');
+  putHtml('</select>');
+  putHtml('LAN Interface(s)</td></tr>');
+
   putHtml('<tr class="dtrow1"><td width="75" style="text-align: right;">');
   $ovpn_allowlan = getVARdef($vars, 'OVPN_ALLOWLAN');
   $sel = ($ovpn_allowlan !== '') ? ' checked="checked"' : '';
   putHtml('<input type="checkbox" value="is_ovpn_allowlan" name="is_ovpn_allowlan"'.$sel.' /></td><td>Allow OpenVPN Server tunnel to the');
   putHtml('<select name="ovpn_allowlan">');
-  foreach ($allowlan_label as $key => $value) {
+  foreach ($vpn_allowlan_label as $key => $value) {
     $sel = ($ovpn_allowlan === $key) ? ' selected="selected"' : '';
     putHtml('<option value="'.$key.'"'.$sel.'>'.$value.'</option>');
   }
-  putHtml('</select></td></tr>');
+  putHtml('</select>');
+  putHtml('LAN Interface(s)</td></tr>');
+
   putHtml('<tr class="dtrow1"><td width="75" style="text-align: right;">');
   $sel = (getVARdef($vars, 'OPEN_ICMP') == 1) ? ' checked="checked"' : '';
   putHtml('<input type="checkbox" value="allow_icmp" name="allow_icmp"'.$sel.' /></td><td>Allow IPv4 ICMP (ping) on External (EXT) Interface</td></tr>');

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Astlinux-commits] SF.net SVN: astlinux:[7717] branches/1.0/package/webinterface/altweb/admin/ firewall.php

From: <abe...@us...> - 2016-06-12 14:39:33

Revision: 7717
          http://sourceforge.net/p/astlinux/code/7717
Author:   abelbeck
Date:     2016-06-12 14:39:30 +0000 (Sun, 12 Jun 2016)
Log Message:
-----------
web interface, Network -> Firewall sub-tab, add support for 'Pass LAN->LAN' action

Modified Paths:
--------------
    branches/1.0/package/webinterface/altweb/admin/firewall.php

Modified: branches/1.0/package/webinterface/altweb/admin/firewall.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/firewall.php	2016-06-11 20:31:25 UTC (rev 7716)
+++ branches/1.0/package/webinterface/altweb/admin/firewall.php	2016-06-12 14:39:30 UTC (rev 7717)
@@ -1,6 +1,6 @@
 <?php
 
-// Copyright (C) 2008-2014 Lonnie Abelbeck
+// Copyright (C) 2008-2016 Lonnie Abelbeck
 // This is free software, licensed under the GNU General Public License
 // version 3 as published by the Free Software Foundation; you can
 // redistribute it and/or modify it under the terms of the GNU
@@ -20,6 +20,7 @@
 // 07-16-2012, Added "Pass LAN->EXT" and "Pass DMZ->EXT" actions
 // 01-27-2014, Added "Log Denied DMZ interface packets"
 // 06-08-2014, Added support for multiple "Allow OpenVPN" LAN interfaces
+// 06-12-2016, Added "Pass LAN->LAN" action
 //
 // System location of /mnt/kd/rc.conf.d directory
 $FIREWALLCONFDIR = '/mnt/kd/rc.conf.d';
@@ -40,6 +41,7 @@
   'PASS_EXT_DMZ' => 'Pass EXT->DMZ',
   'PASS_DMZ_LOCAL' => 'Pass DMZ->Local',
   'PASS_DMZ_LAN' => 'Pass DMZ->LAN',
+  'PASS_LAN_LAN' => 'Pass LAN->LAN',
   'DENY_LAN_EXT' => 'Deny LAN->EXT',
   'DENY_LAN_LOCAL' => 'Deny LAN->Local',
   'DENY_LOCAL_EXT' => 'Deny Local->EXT',
@@ -59,6 +61,7 @@
   'PASS_EXT_DMZ' => 'INET_DMZ_HOST_OPEN_xxx',
   'PASS_DMZ_LOCAL' => 'DMZ_HOST_OPEN_xxx',
   'PASS_DMZ_LAN' => 'DMZ_LAN_HOST_OPEN_xxx',
+  'PASS_LAN_LAN' => 'LAN_LAN_HOST_OPEN_xxx',
   'DENY_LAN_EXT' => 'LAN_INET_HOST_DENY_xxx',
   'DENY_LAN_LOCAL' => 'LAN_HOST_DENY_xxx',
   'DENY_LOCAL_EXT' => 'HOST_DENY_xxx_OUTPUT',
@@ -172,6 +175,7 @@
           case 'DENY_EXT_DMZ':
           case 'DENY_DMZ_EXT':
           case 'PASS_DMZ_LAN':
+          case 'PASS_LAN_LAN':
           case 'PASS_LAN_EXT':
           case 'PASS_DMZ_EXT':
             if ($is_ip) {
@@ -499,6 +503,7 @@
   case 'DENY_EXT_DMZ':
   case 'DENY_DMZ_EXT':
   case 'PASS_DMZ_LAN':
+  case 'PASS_LAN_LAN':
   case 'PASS_LAN_EXT':
   case 'PASS_DMZ_EXT':
     if ($s_addr === '' || $d_addr === '') {
@@ -681,8 +686,8 @@
         break;
       case 3:  // PASS_EXT_LOCAL
       case 6:  // PASS_DMZ_LOCAL
-      case 9:  // DENY_LAN_LOCAL
-      case 16:  // LOG_LOCAL_IN
+      case 10:  // DENY_LAN_LOCAL
+      case 17:  // LOG_LOCAL_IN
         form.s_addr.disabled = 0;
         form.s_lport.disabled = 0;
         form.s_uport.disabled = 0;
@@ -710,11 +715,12 @@
       case 4:  // PASS_EXT_LAN
       case 5:  // PASS_EXT_DMZ
       case 7:  // PASS_DMZ_LAN
-      case 8:  // DENY_LAN_EXT
-      case 11:  // DENY_EXT_DMZ
-      case 12:  // DENY_DMZ_EXT
-      case 13:  // PASS_LAN_EXT
-      case 14:  // PASS_DMZ_EXT
+      case 8:  // PASS_LAN_LAN
+      case 9:  // DENY_LAN_EXT
+      case 12:  // DENY_EXT_DMZ
+      case 13:  // DENY_DMZ_EXT
+      case 14:  // PASS_LAN_EXT
+      case 15:  // PASS_DMZ_EXT
         form.s_addr.disabled = 0;
         form.d_addr.disabled = 0;
         form.d_lport.disabled = 0;
@@ -726,8 +732,8 @@
         form.s_uport.disabled = 1;
         nat_ext.style.visibility = "hidden";
         break;
-      case 10:  // DENY_LOCAL_EXT
-      case 15:  // LOG_LOCAL_OUT
+      case 11:  // DENY_LOCAL_EXT
+      case 16:  // LOG_LOCAL_OUT
         form.d_addr.disabled = 0;
         form.d_lport.disabled = 0;
         form.d_uport.disabled = 0;

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Astlinux-commits] SF.net SVN: astlinux:[7833] branches/1.0/package/webinterface/altweb/admin/ firewall.php

From: <abe...@us...> - 2016-09-14 21:11:47

Revision: 7833
          http://sourceforge.net/p/astlinux/code/7833
Author:   abelbeck
Date:     2016-09-14 21:11:45 +0000 (Wed, 14 Sep 2016)
Log Message:
-----------
web interface, Firewall sub-tab, add BLOCK_NETSET_DIR=/mnt/kd/blocklists support

Modified Paths:
--------------
    branches/1.0/package/webinterface/altweb/admin/firewall.php

Modified: branches/1.0/package/webinterface/altweb/admin/firewall.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/firewall.php	2016-09-14 18:15:56 UTC (rev 7832)
+++ branches/1.0/package/webinterface/altweb/admin/firewall.php	2016-09-14 21:11:45 UTC (rev 7833)
@@ -22,6 +22,7 @@
 // 06-08-2014, Added support for multiple "Allow OpenVPN" LAN interfaces
 // 06-12-2016, Added "Pass LAN->LAN" action
 // 07-10-2016, Added Deny LAN to DMZ for specified LAN Interfaces
+// 09-14-2016, Added BLOCK_NETSET_DIR support
 //
 // System location of /mnt/kd/rc.conf.d directory
 $FIREWALLCONFDIR = '/mnt/kd/rc.conf.d';
@@ -379,6 +380,10 @@
     $value = 'BLOCK_HOSTS_FILE="/mnt/kd/blocked-hosts"';
     fwrite($fp, $value."\n");
   }
+  if (isset($_POST['block_netset_dir'])) {
+    $value = 'BLOCK_NETSET_DIR="/mnt/kd/blocklists"';
+    fwrite($fp, $value."\n");
+  }
   $value = 'BLOCKED_HOST_LOG='.(isset($_POST['log_blocked']) ? '1' : '0');
   fwrite($fp, $value."\n");
   
@@ -1112,6 +1117,9 @@
   putHtml('<tr class="dtrow1"><td width="75" style="text-align: right;">');
   $sel = (getVARdef($vars, 'BLOCK_HOSTS_FILE') === '/mnt/kd/blocked-hosts') ? ' checked="checked"' : '';
   putHtml('<input type="checkbox" value="file_blocked" name="file_blocked"'.$sel.' /></td><td>Block Host/CIDR using the file /mnt/kd/blocked-hosts</td></tr>');
+  putHtml('<tr class="dtrow1"><td width="75" style="text-align: right;">');
+  $sel = (getVARdef($vars, 'BLOCK_NETSET_DIR') === '/mnt/kd/blocklists') ? ' checked="checked"' : '';
+  putHtml('<input type="checkbox" value="block_netset_dir" name="block_netset_dir"'.$sel.' /></td><td>Block Host/CIDR using *.netset file(s) in the directory /mnt/kd/blocklists</td></tr>');
   putHtml('<tr class="dtrow1"><td style="text-align: right;">');
   $sel = (getVARdef($vars, 'BLOCKED_HOST_LOG') == 1) ? ' checked="checked"' : '';
   putHtml('<input type="checkbox" value="log_blocked" name="log_blocked"'.$sel.' /></td><td>Log Denied attempts by a blocked host</td></tr>');

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Astlinux-commits] SF.net SVN: astlinux:[8080] branches/1.0/package/webinterface/altweb/admin/ firewall.php

From: <abe...@us...> - 2017-01-05 16:49:53

Revision: 8080
          http://sourceforge.net/p/astlinux/code/8080
Author:   abelbeck
Date:     2017-01-05 16:49:50 +0000 (Thu, 05 Jan 2017)
Log Message:
-----------
web interface, Firewall sub-tab, add 'Log Denied attempts by a blocked host' inbound/outbound selectively

Modified Paths:
--------------
    branches/1.0/package/webinterface/altweb/admin/firewall.php

Modified: branches/1.0/package/webinterface/altweb/admin/firewall.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/firewall.php	2017-01-05 14:38:12 UTC (rev 8079)
+++ branches/1.0/package/webinterface/altweb/admin/firewall.php	2017-01-05 16:49:50 UTC (rev 8080)
@@ -1,6 +1,6 @@
 <?php
 
-// Copyright (C) 2008-2016 Lonnie Abelbeck
+// Copyright (C) 2008-2017 Lonnie Abelbeck
 // This is free software, licensed under the GNU General Public License
 // version 3 as published by the Free Software Foundation; you can
 // redistribute it and/or modify it under the terms of the GNU
@@ -23,6 +23,7 @@
 // 06-12-2016, Added "Pass LAN->LAN" action
 // 07-10-2016, Added Deny LAN to DMZ for specified LAN Interfaces
 // 09-14-2016, Added BLOCK_NETSET_DIR support
+// 01-05-2017, Added BLOCKED_HOST_LOG direction support
 //
 // System location of /mnt/kd/rc.conf.d directory
 $FIREWALLCONFDIR = '/mnt/kd/rc.conf.d';
@@ -144,6 +145,13 @@
   '1' => 'Deny DMZ->EXT'
 );
 
+$log_blocked_label = array (
+  '0' => 'Disabled',
+  '1' => 'Inbound &amp; Outbound',
+  '2' => 'Inbound only',
+  '3' => 'Outbound only'
+);
+
 // Get arno firewall version
 //$MY_VERSION = trim(shell_exec('grep -m1 \'^MY_VERSION=\' /usr/sbin/arno-iptables-firewall | sed -e \'s/MY_VERSION=//\' -e \'s/"//g\''));
 //$arno_vers = (strncmp($MY_VERSION, '1.8.', 4) == 0) ? 18 : 19;
@@ -384,7 +392,7 @@
     $value = 'BLOCK_NETSET_DIR="/mnt/kd/blocklists"';
     fwrite($fp, $value."\n");
   }
-  $value = 'BLOCKED_HOST_LOG='.(isset($_POST['log_blocked']) ? '1' : '0');
+  $value = 'BLOCKED_HOST_LOG="'.$_POST['log_blocked'].'"';
   fwrite($fp, $value."\n");
   
   fwrite($fp, "### gui.firewall.conf - end ###\n");
@@ -1120,11 +1128,19 @@
   putHtml('<tr class="dtrow1"><td width="75" style="text-align: right;">');
   $sel = (getVARdef($vars, 'BLOCK_NETSET_DIR') === '/mnt/kd/blocklists') ? ' checked="checked"' : '';
   putHtml('<input type="checkbox" value="block_netset_dir" name="block_netset_dir"'.$sel.' /></td><td>Block Host/CIDR using *.netset file(s) in the directory /mnt/kd/blocklists</td></tr>');
-  putHtml('<tr class="dtrow1"><td style="text-align: right;">');
-  $sel = (getVARdef($vars, 'BLOCKED_HOST_LOG') == 1) ? ' checked="checked"' : '';
-  putHtml('<input type="checkbox" value="log_blocked" name="log_blocked"'.$sel.' /></td><td>Log Denied attempts by a blocked host</td></tr>');
+
+  putHtml('<tr class="dtrow1"><td width="75" style="text-align: right;">&nbsp;</td><td>');
+  putHtml('Log Denied attempts by a blocked host:');
+  $log_blocked = getVARdef($vars, 'BLOCKED_HOST_LOG');
+  putHtml('<select name="log_blocked">');
+  foreach ($log_blocked_label as $key => $value) {
+    $sel = ($log_blocked == $key) ? ' selected="selected"' : '';
+    putHtml('<option value="'.$key.'"'.$sel.'>'.$value.'</option>');
+  }
+  putHtml('</select>');
+  putHtml('</td></tr>');
+
   putHtml('</table>');
-  
   putHtml('</form>');
   putHtml('</center></td></tr></table>');
   putHtml('</center>');

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.