forked from webmin/webmin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
firewall4-lib.pl
executable file
·63 lines (52 loc) · 1.69 KB
/
firewall4-lib.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# firewall4-lib.pl
# has to be included after firewall-lib from every cgi
# ipv4 initialization
if ($config{'save_file'}) {
# Force use of a different save file, and webmin's functions
$iptables_save_file = $config{'save_file'};
}
else {
if (-r "$module_root_directory/$gconfig{'os_type'}-lib.pl") {
# Use the operating system's save file and functions
do "$gconfig{'os_type'}-lib.pl";
}
if (!$iptables_save_file) {
# Use webmin's own save file
$iptables_save_file = "$module_config_directory/iptables.save";
}
}
%access = &get_module_acl();
@known_tables = ( "filter", "mangle", "nat" );
@known_args = ('-p', '-m', '-s', '-d', '-i', '-o', '-f',
'--dport', '--sport', '--tcp-flags', '--tcp-option',
'--icmp-type', '--mac-source', '--limit', '--limit-burst',
'--ports', '--uid-owner', '--gid-owner',
'--pid-owner', '--sid-owner', '--state', '--ctstate', '--tos',
'-j', '--to-ports', '--to-destination', '--to-source',
'--reject-with', '--dports', '--sports',
'--comment',
'--physdev-is-bridged',
'--physdev-is-in',
'--physdev-is-out',
'--physdev-in',
'--physdev-out');
@ipvx_rtypes = ( "icmp-net-unreachable", "icmp-host-unreachable",
"icmp-port-unreachable", "icmp-proto-unreachable",
"icmp-net-prohibited", "icmp-host-prohibited",
"echo-reply", "tcp-reset" );
$ipvx_todestpattern='^([0-9\.]+)(\-([0-9\.]+))?(:(\d+)(\-(\d+))?)?$';
# set IP Version
&set_ipvx_version('ipv4');
# IP V4 only functions
sub check_ipmask
{
foreach my $w (split(/\s+/, $_[0])) {
my $ok = &to_ipaddress($w) ||
$w =~ /^([0-9\.]+)\/([0-9\.]+)$/ &&
&to_ipaddress("$1") &&
(&check_ipaddress("$2") || ($2 =~ /^\d+$/ && $2 <= 32));
return 0 if (!$ok);
}
return 1;
}
1;