mirror of
https://github.com/webmin/webmin.git
synced 2026-05-26 16:10:29 +01:00
Merge pull request #558 from gnadelwartz/add-warning-about-not-active-direct
Add warnings about not active direct and disable edit for filtered rules
This commit is contained in:
Jamie Cameron
@@ -11,4 +11,4 @@ after_apply_cmd=Command to run after applying configuration,3,None
|
||||
line1=System configuration,11
|
||||
save_file=IPtables save file to edit,3,Use operating system or Webmin default
|
||||
direct=Directly edit firewall rules instead of save file?,1,1-Yes,0-No
|
||||
filter_chain=List of regexes to filter out chains not managed by firewall. You must activate "direct edit firewall rules" to use this feature,0
|
||||
filter_chain=Comma sepeated list of regexes to filter out chains not managed by firewall,0
|
||||
|
||||
@@ -11,4 +11,4 @@ after_apply_cmd=Befehle zum Anwendung der Konfiguration,3,Keiner
|
||||
line1=System Konfiguration,11
|
||||
save_file=IPtables Speicherdatei zum Bearbeiten,3,Verwendung des Betriebssystems oder Webmin Standard
|
||||
direct=Direktes Bearbeiten der Firewall-Regeln anstatt von gespeicherter Datei?,1,1-Ja,0-Nein
|
||||
filter_chain=Liste von RegEx zum Ausfiltern von Ketten die nicht von Firewall verwaltet werden. Die Option "Direktes Bearbeiten der Firewall-Regeln" muss aktiv sein,0
|
||||
filter_chain=Komma getrennte Liste von Regex zum Ausfiltern von Ketten die nicht von Firewall verwaltet werden,0
|
||||
|
||||
@@ -48,9 +48,9 @@ if (!$config{'direct'} && &foreign_check("init")) {
|
||||
# Check if the save file exists. If not, check for any existing firewall
|
||||
# rules, and offer to create a save file from them
|
||||
@livetables = &get_iptables_save("iptables-save 2>/dev/null |");
|
||||
&shorewall_message(\@livetables);
|
||||
&firewalld_message(\@livetables);
|
||||
&fail2ban_message(\@livetables);
|
||||
|
||||
#display warnings about active external firewalls!
|
||||
&external_firewall_message(\@livetables);
|
||||
if (!$config{'direct'} &&
|
||||
(!-s $iptables_save_file || $in{'reset'}) && $access{'setup'}) {
|
||||
@tables = @livetables;
|
||||
@@ -172,16 +172,30 @@ else {
|
||||
$form++;
|
||||
}
|
||||
|
||||
# Display a table of rules for each chain
|
||||
foreach $c (sort by_string_for_iptables keys %{$table->{'defaults'}}) {
|
||||
print &ui_hr();
|
||||
@rules = grep { lc($_->{'chain'}) eq lc($c) }
|
||||
@{$table->{'rules'}};
|
||||
print "<b>",$text{"index_chain_".lc($c)} ||
|
||||
&text('index_chain', "<tt>$c</tt>"),"</b><br>\n";
|
||||
print "<form action=save_policy.cgi>\n";
|
||||
print &ui_hidden("table", $in{'table'});
|
||||
print &ui_hidden("chain", $c);
|
||||
# Display a table of rules for each chain
|
||||
CHAIN:
|
||||
foreach $c (sort by_string_for_iptables keys %{$table->{'defaults'}}) {
|
||||
print &ui_hr();
|
||||
@rules = grep { lc($_->{'chain'}) eq lc($c) }
|
||||
@{$table->{'rules'}};
|
||||
print "<b>",$text{"index_chain_".lc($c)} ||
|
||||
&text('index_chain', "<tt>$c</tt>"),"</b><br>\n";
|
||||
|
||||
# check if chain is filtered out
|
||||
if ($config{'filter_chain'}) {
|
||||
foreach $filter (split(',', $config{'filter_chain'})) {
|
||||
if($c =~ /^$filter$/) {
|
||||
# not managed by firewall, do not dispaly or modify
|
||||
print "<em>".$text{'index_filter_chain'}."</em><br>\n";
|
||||
next CHAIN;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
print "<form action=save_policy.cgi>\n";
|
||||
print &ui_hidden("table", $in{'table'});
|
||||
print &ui_hidden("chain", $c);
|
||||
|
||||
if (@rules) {
|
||||
@links = ( &select_all_link("d", $form),
|
||||
&select_invert_link("d", $form) );
|
||||
@@ -210,7 +224,19 @@ else {
|
||||
local $act =
|
||||
$text{"index_jump_".lc($r->{'j'}->[1])} ||
|
||||
&text('index_jump', $r->{'j'}->[1]);
|
||||
if ($edit) {
|
||||
|
||||
# check if chain jump TO is filtered out
|
||||
local $chain_filtered;
|
||||
if ($config{'filter_chain'}) {
|
||||
foreach $filter (split(',', $config{'filter_chain'})) {
|
||||
if($r->{'j'}->[1] =~ /^$filter$/) {
|
||||
$chain_filtered=&text('index_filter_chain');
|
||||
$act=$act."<br><em>$chain_filtered</em>";
|
||||
}
|
||||
}
|
||||
}
|
||||
# chain to jump to is filtered, switch of edit
|
||||
if ($edit && !$chain_filtered)) {
|
||||
push(@cols, &ui_link("edit_rule.cgi?table=".&urlize($in{'table'})."&idx=$r->{'index'}",$act));
|
||||
}
|
||||
else {
|
||||
@@ -262,16 +288,19 @@ else {
|
||||
"&chain=".&urlize($c)."&new=1&".
|
||||
"before=$r->{'index'}'><img src=".
|
||||
"images/before.gif border=0></a>";
|
||||
push(@cols, $adder);
|
||||
|
||||
if ($edit) {
|
||||
print &ui_checked_columns_row(
|
||||
\@cols, \@tds, "d", $r->{'index'});
|
||||
}
|
||||
else {
|
||||
print &ui_columns_row(\@cols, \@tds);
|
||||
}
|
||||
}
|
||||
push(@cols, $adder);
|
||||
# chain to jump to is filtered, switch of edit
|
||||
if ($edit && !$chain_filtered) {
|
||||
print &ui_checked_columns_row(
|
||||
\@cols, \@tds, "d", $r->{'index'});
|
||||
}
|
||||
else {
|
||||
local $r=&ui_columns_row(\@cols, \@tds);
|
||||
# fix missing first colum, need be a better solution ...
|
||||
$r=~ s/<td /<td ><\/td><td width="30%" /;
|
||||
print $r;
|
||||
}
|
||||
}
|
||||
print &ui_columns_end();
|
||||
print &ui_links_row(\@links);
|
||||
}
|
||||
@@ -412,33 +441,32 @@ else {
|
||||
|
||||
&ui_print_footer("/", $text{'index'});
|
||||
|
||||
sub shorewall_message
|
||||
{
|
||||
local ($filter) = grep { $_->{'name'} eq 'filter' } @{$_[0]};
|
||||
if ($filter->{'defaults'}->{'shorewall'}) {
|
||||
print "<b><center>",
|
||||
&text('index_shorewall', "$gconfig{'webprefix'}/shorewall/"),
|
||||
"</b></center><p>\n";
|
||||
}
|
||||
}
|
||||
|
||||
sub firewalld_message
|
||||
{
|
||||
local ($filter) = grep { $_->{'name'} eq 'filter' } @{$_[0]};
|
||||
if ($filter->{'defaults'}->{'INPUT_ZONES'}) {
|
||||
print "<b><center>",
|
||||
&text('index_firewalld', "$gconfig{'webprefix'}/firewalld/"),
|
||||
"</b></center><p>\n";
|
||||
}
|
||||
}
|
||||
|
||||
sub fail2ban_message
|
||||
{
|
||||
local ($filter) = grep { $_->{'name'} eq 'filter' } @{$_[0]};
|
||||
if ($filter->{'defaults'} ~~ /^f2b-|^fail2ban-/) {
|
||||
print "<b><center>",
|
||||
&text('index_fail2ban', "$gconfig{'webprefix'}/fail2ban/"),
|
||||
"</b></center><p>\n";
|
||||
}
|
||||
}
|
||||
sub external_firewall_message
|
||||
{
|
||||
local $fwname="";
|
||||
local $fwconfig="$gconfig{'webprefix'}/config.cgi?firewall";
|
||||
|
||||
# detect external firewalls
|
||||
local ($filter) = grep { $_->{'name'} eq 'filter' } @{$_[0]};
|
||||
if ($filter->{'defaults'}->{'shorewall'}) {
|
||||
$fwname+='shorewall ';
|
||||
}
|
||||
if ($filter->{'defaults'}->{'INPUT_ZONES'}) {
|
||||
$fwname+='firewalld ';
|
||||
}
|
||||
if ($filter->{'defaults'} ~~ /^f2b-|^fail2ban-/) {
|
||||
$fwname+='fail2ban ';
|
||||
}
|
||||
# warning about not using direct
|
||||
if($fwname && !$config{'direct'}) {
|
||||
print "<b><center>",
|
||||
&text('index_filter_nodirect', $fwconfig),
|
||||
"</b></center><p>\n";
|
||||
}
|
||||
# naming the detected firewall modules
|
||||
foreach my $word (split ' ', $fwname) {
|
||||
print "<center>",
|
||||
&text("index_$word", "$gconfig{'webprefix'}/$word/", $fwconfig),
|
||||
"</center><p>\n";
|
||||
}
|
||||
}
|
||||
|
||||
@@ -191,8 +191,10 @@ index_ecommand=Der Befehl $1 wurde nicht auf Ihrem System gefunden. Webmin ben&#
|
||||
index_editing=Regel Datei $1
|
||||
index_ekernel=Ein Fehler ist beim Überprüfen Ihrer aktuellen IPtables-Konfiguration aufgetreten : $1 Dies könnte darauf hindeuten, dass Ihr Kernel IPtables nicht unterstützt.
|
||||
index_existing=Webmin hat erkannt, dass $1 IPtables Firewall-Regel(n) derzeit in Benutzung sind, die nicht in der Datei $2 gespeichert wurden. Diese Regeln wurden vermutlich von einem Skript einrichtet, jedoch dieses Modul nicht in der Lage ist, dieses zu lesen und zu bearbeiten.<p>Wenn Sie dieses Modul benutzen wollen, um Ihre IPtables-Firewall verwalten zu lassen, klicken Sie auf die Schaltfläche unten, um die bestehenden Regeln zu einer Sicherungsdatei zu konvertieren und anschließend Ihr bestehendes Firewall-Skript zu deaktivieren.
|
||||
index_fail2ban=Warnung! Es scheint, dass Fail2ban verwendet wird, um das Firewall-System zu generieren. Vielleicht sollten Sie die <a href='$1'>Fail2Ban-Modul</a> verwenden.
|
||||
index_firewalld=Warnung! Es scheint, dass FirewallD verwendet wird, um das Firewall-System zu generieren. Vielleicht sollten Sie die <a href='$1'>FirewallD Firewall-Modul</a> verwenden.
|
||||
index_firewalld=Hinweis! Es scheint, dass FirewallD verwendet wird, um das Firewall-System zu generieren. Vielleicht sollten Sie die <a href='$1'>FirewallD Firewall-Modul</a> verwenden.
|
||||
index_fail2ban=Hinweis! Verwendung von Fail2Ban wurde erkannt. Verwalten sie Fail2Ban mit dem <a href='$1'>Fail2Ban Modul</a> und filtern nach <a href=$2>f2b-.*</a> bzw. <a href=$2>fail2ban-.*</a>
|
||||
index_filter_chain=wird nicht von Linux-Firewall verwaltet.
|
||||
index_filter_nodirect=Warnung! Extern verwaltete Regeln erkannt. Bitte aktiveren sie die Option "<a href=$1>Direkte Bearbeitung von Firewall-Regeln"</a>.
|
||||
index_header=Firewall Konfiguration von $1
|
||||
index_headerex=Bestehende Firewall Konfiguration
|
||||
index_jump=Führe Regel $1 aus
|
||||
@@ -218,7 +220,7 @@ index_return=Regelliste
|
||||
index_rsetup=Die IPtables-Firewall-Konfiguration auf Ihrem System ist dabei neu eingerichtet zu werden. Webmin richtet neue Standard-Regeln ein, die in der Datei $1 gespeichert werden, mit den initialen Einstellungen basierend Ihrer Firewall-Typ-Auswahl unten ..
|
||||
index_saveex=Speichere Firewall Regeln
|
||||
index_setup=Keine IPtables-Firewall wurde bisher auf Ihrem System eingerichtet. Webmin kann das für Sie erledigen und dies in der Datei $1, mit den initialen Einstellungen basierend Ihre Firewall-Typ Auswahl unten, speichern..
|
||||
index_shorewall=Warnung! Es scheint, dass Shorewall verwendet wird, um das Firewall-System zu generieren. Vielleicht sollten Sie die <a href='$1'>Shoreline Firewall-Modul</a> verwenden.
|
||||
index_shorewall=Hinweis! Es scheint, dass Shorewall verwendet wird, um das Firewall-System zu generieren. Vielleicht sollten Sie die <a href='$1'>Shoreline Firewall-Modul</a> verwenden.
|
||||
index_table_filter=Packet filtering (filter)
|
||||
index_table_mangle=Packet alteration (mangle)
|
||||
index_table_nat=Network address translation (nat)
|
||||
|
||||
@@ -67,9 +67,11 @@ index_auto4=Block all except SSH, IDENT, ping and high ports on interface:
|
||||
index_auto5=Block all except ports used for virtual hosting, on interface:
|
||||
index_auto=Setup Firewall
|
||||
index_add=Add
|
||||
index_shorewall=Warning! It appears that Shorewall is being used to generate your system's firewall. Maybe you should use the <a href='$1'>Shoreline Firewall module</a> instead.
|
||||
index_firewalld=Warning! It appears that FirewallD is being used to generate your system's firewall. Maybe you should use the <a href='$1'>FirewallD module</a> instead.
|
||||
index_fail2ban=Warning! It appears that Fail2Ban is being used to generate your system's firewall. Maybe you should use the <a href='$1'>Fail2Ban module</a> instead.
|
||||
index_shorewall=Note! It appears that Shorewall is being used to generate your system's firewall. Maybe you should use the <a href='$1'>Shoreline Firewall module</a> instead.
|
||||
index_firewalld=Note! It appears that FirewallD is being used to generate your system's firewall. Maybe you should use the <a href='$1'>FirewallD module</a> instead.
|
||||
index_fail2ban=Note! It appears that Fail2Ban is being used to manage some firewall rules. You should modify them with <a href='$1'>Fail2Ban module</a> and filter <a href=$2>f2b-.*</a> or <a href=$2>fail2ban-.*</a>.
|
||||
index_filter_chain=ist not managed by firewall.
|
||||
index_filter_nodirect=Warning! External managed rules detected. Activate "<a href=$1>Directly edit firewall rules"</a> or your firewall rules may break.
|
||||
index_reset=Reset Firewall
|
||||
index_resetdesc=Click this button to clear all existing firewall rules and set up new rules for a basic initial configuration.
|
||||
index_cluster=Cluster Servers
|
||||
|
||||
Reference in New Issue
Block a user