From a089ae573bfe6159ca736c389b808485cb84fc5d Mon Sep 17 00:00:00 2001 From: Jamie Cameron Date: Fri, 25 Mar 2011 17:11:27 -0700 Subject: [PATCH] Initial check-in of open-sourced firewall module --- itsecur-firewall/CbButton.class | Bin 0 -> 4780 bytes itsecur-firewall/CbButton.java | 264 ++++ itsecur-firewall/CbButtonCallback.class | Bin 0 -> 137 bytes itsecur-firewall/CbButtonGroup.class | Bin 0 -> 651 bytes itsecur-firewall/LineInputStream.class | Bin 0 -> 1777 bytes itsecur-firewall/LineInputStream.java | 81 + itsecur-firewall/LogViewer.class | Bin 0 -> 3812 bytes itsecur-firewall/LogViewer.java | 133 ++ itsecur-firewall/Makefile | 2 + itsecur-firewall/Util.class | Bin 0 -> 4440 bytes itsecur-firewall/Util.java | 148 ++ itsecur-firewall/acl_security.pl | 58 + itsecur-firewall/apply.cgi | 29 + itsecur-firewall/apply.pl | 25 + itsecur-firewall/authdownload.cgi | 14 + itsecur-firewall/authtail.cgi | 26 + itsecur-firewall/backup.cgi | 102 ++ itsecur-firewall/backup.pl | 16 + itsecur-firewall/bootup.cgi | 30 + itsecur-firewall/config-*-linux | 9 + itsecur-firewall/config-freebsd | 9 + itsecur-firewall/config.info | 15 + itsecur-firewall/debug_file | 5 + itsecur-firewall/defaultacl | 2 + itsecur-firewall/down.cgi | 16 + itsecur-firewall/download.cgi | 14 + itsecur-firewall/edit_group.cgi | 82 + itsecur-firewall/edit_rule.cgi | 192 +++ itsecur-firewall/edit_sep.cgi | 74 + itsecur-firewall/edit_service.cgi | 73 + itsecur-firewall/edit_time.cgi | 79 + itsecur-firewall/edit_user.cgi | 107 ++ itsecur-firewall/enable_rules.cgi | 39 + itsecur-firewall/images/.xvpics/backup.gif | Bin 0 -> 2370 bytes itsecur-firewall/images/.xvpics/icon.gif | Bin 0 -> 2370 bytes itsecur-firewall/images/.xvpics/restore.gif | Bin 0 -> 2370 bytes itsecur-firewall/images/.xvpics/syn.gif | Bin 0 -> 2369 bytes itsecur-firewall/images/authlogs.gif | Bin 0 -> 470 bytes itsecur-firewall/images/backup.gif | Bin 0 -> 1658 bytes itsecur-firewall/images/bandwidth.gif | Bin 0 -> 1941 bytes itsecur-firewall/images/down.gif | Bin 0 -> 108 bytes itsecur-firewall/images/gap.gif | Bin 0 -> 73 bytes itsecur-firewall/images/groups.gif | Bin 0 -> 251 bytes itsecur-firewall/images/icon.gif | Bin 0 -> 3256 bytes itsecur-firewall/images/import.gif | Bin 0 -> 1848 bytes itsecur-firewall/images/lleft.gif | Bin 0 -> 133 bytes itsecur-firewall/images/logs.gif | Bin 0 -> 470 bytes itsecur-firewall/images/nat.gif | Bin 0 -> 1527 bytes itsecur-firewall/images/nat2.gif | Bin 0 -> 1527 bytes itsecur-firewall/images/pat.gif | Bin 0 -> 314 bytes itsecur-firewall/images/remote.gif | Bin 0 -> 2121 bytes itsecur-firewall/images/report.gif | Bin 0 -> 504 bytes itsecur-firewall/images/restore.gif | Bin 0 -> 1661 bytes itsecur-firewall/images/rright.gif | Bin 0 -> 131 bytes itsecur-firewall/images/rules.gif | Bin 0 -> 2918 bytes itsecur-firewall/images/services.gif | Bin 0 -> 364 bytes itsecur-firewall/images/smallicon.gif | Bin 0 -> 1469 bytes itsecur-firewall/images/spoof.gif | Bin 0 -> 316 bytes itsecur-firewall/images/syn.gif | Bin 0 -> 197 bytes itsecur-firewall/images/times.gif | Bin 0 -> 529 bytes itsecur-firewall/images/top_r1_c1.jpg | Bin 0 -> 19296 bytes itsecur-firewall/images/up.gif | Bin 0 -> 103 bytes itsecur-firewall/images/users.gif | Bin 0 -> 390 bytes itsecur-firewall/import_groups.cgi | 75 + itsecur-firewall/import_rules.cgi | 109 ++ itsecur-firewall/import_servs.cgi | 69 + itsecur-firewall/import_times.cgi | 89 ++ itsecur-firewall/index.cgi | 78 + itsecur-firewall/ipf-lib.pl | 348 +++++ itsecur-firewall/iptables-lib.pl | 496 ++++++ itsecur-firewall/itsecur-lib.pl | 1510 +++++++++++++++++++ itsecur-firewall/lang/en | 490 ++++++ itsecur-firewall/list_authlogs.cgi | 27 + itsecur-firewall/list_backup.cgi | 88 ++ itsecur-firewall/list_bandwidth.cgi | 28 + itsecur-firewall/list_groups.cgi | 40 + itsecur-firewall/list_import.cgi | 38 + itsecur-firewall/list_logs.cgi | 27 + itsecur-firewall/list_nat.cgi | 75 + itsecur-firewall/list_nat2.cgi | 69 + itsecur-firewall/list_pat.cgi | 39 + itsecur-firewall/list_remote.cgi | 44 + itsecur-firewall/list_report.cgi | 293 ++++ itsecur-firewall/list_restore.cgi | 54 + itsecur-firewall/list_rules.cgi | 149 ++ itsecur-firewall/list_services.cgi | 50 + itsecur-firewall/list_spoof.cgi | 34 + itsecur-firewall/list_syn.cgi | 41 + itsecur-firewall/list_times.cgi | 40 + itsecur-firewall/list_users.cgi | 61 + itsecur-firewall/list_welf.cgi | 55 + itsecur-firewall/log_parser.pl | 43 + itsecur-firewall/migrate-groups.pl | 23 + itsecur-firewall/module.info | 5 + itsecur-firewall/restore.cgi | 188 +++ itsecur-firewall/save_bandwidth.cgi | 63 + itsecur-firewall/save_group.cgi | 145 ++ itsecur-firewall/save_nat.cgi | 39 + itsecur-firewall/save_nat2.cgi | 34 + itsecur-firewall/save_pat.cgi | 28 + itsecur-firewall/save_remote.cgi | 24 + itsecur-firewall/save_rule.cgi | 124 ++ itsecur-firewall/save_search.cgi | 21 + itsecur-firewall/save_sep.cgi | 52 + itsecur-firewall/save_service.cgi | 117 ++ itsecur-firewall/save_spoof.cgi | 30 + itsecur-firewall/save_syn.cgi | 19 + itsecur-firewall/save_time.cgi | 77 + itsecur-firewall/save_user.cgi | 116 ++ itsecur-firewall/standard-services | 223 +++ itsecur-firewall/status_monitor.pl | 76 + itsecur-firewall/stop.pl | 25 + itsecur-firewall/tail.cgi | 26 + itsecur-firewall/up.cgi | 16 + itsecur-firewall/welf.cgi | 154 ++ 115 files changed, 7828 insertions(+) create mode 100644 itsecur-firewall/CbButton.class create mode 100644 itsecur-firewall/CbButton.java create mode 100644 itsecur-firewall/CbButtonCallback.class create mode 100644 itsecur-firewall/CbButtonGroup.class create mode 100644 itsecur-firewall/LineInputStream.class create mode 100755 itsecur-firewall/LineInputStream.java create mode 100644 itsecur-firewall/LogViewer.class create mode 100644 itsecur-firewall/LogViewer.java create mode 100644 itsecur-firewall/Makefile create mode 100644 itsecur-firewall/Util.class create mode 100644 itsecur-firewall/Util.java create mode 100644 itsecur-firewall/acl_security.pl create mode 100755 itsecur-firewall/apply.cgi create mode 100755 itsecur-firewall/apply.pl create mode 100755 itsecur-firewall/authdownload.cgi create mode 100755 itsecur-firewall/authtail.cgi create mode 100755 itsecur-firewall/backup.cgi create mode 100755 itsecur-firewall/backup.pl create mode 100755 itsecur-firewall/bootup.cgi create mode 100644 itsecur-firewall/config-*-linux create mode 100644 itsecur-firewall/config-freebsd create mode 100644 itsecur-firewall/config.info create mode 100644 itsecur-firewall/debug_file create mode 100644 itsecur-firewall/defaultacl create mode 100755 itsecur-firewall/down.cgi create mode 100755 itsecur-firewall/download.cgi create mode 100755 itsecur-firewall/edit_group.cgi create mode 100755 itsecur-firewall/edit_rule.cgi create mode 100755 itsecur-firewall/edit_sep.cgi create mode 100755 itsecur-firewall/edit_service.cgi create mode 100755 itsecur-firewall/edit_time.cgi create mode 100755 itsecur-firewall/edit_user.cgi create mode 100755 itsecur-firewall/enable_rules.cgi create mode 100644 itsecur-firewall/images/.xvpics/backup.gif create mode 100644 itsecur-firewall/images/.xvpics/icon.gif create mode 100644 itsecur-firewall/images/.xvpics/restore.gif create mode 100644 itsecur-firewall/images/.xvpics/syn.gif create mode 100644 itsecur-firewall/images/authlogs.gif create mode 100644 itsecur-firewall/images/backup.gif create mode 100755 itsecur-firewall/images/bandwidth.gif create mode 100644 itsecur-firewall/images/down.gif create mode 100644 itsecur-firewall/images/gap.gif create mode 100644 itsecur-firewall/images/groups.gif create mode 100644 itsecur-firewall/images/icon.gif create mode 100644 itsecur-firewall/images/import.gif create mode 100644 itsecur-firewall/images/lleft.gif create mode 100644 itsecur-firewall/images/logs.gif create mode 100644 itsecur-firewall/images/nat.gif create mode 100644 itsecur-firewall/images/nat2.gif create mode 100644 itsecur-firewall/images/pat.gif create mode 100644 itsecur-firewall/images/remote.gif create mode 100644 itsecur-firewall/images/report.gif create mode 100644 itsecur-firewall/images/restore.gif create mode 100644 itsecur-firewall/images/rright.gif create mode 100644 itsecur-firewall/images/rules.gif create mode 100644 itsecur-firewall/images/services.gif create mode 100644 itsecur-firewall/images/smallicon.gif create mode 100644 itsecur-firewall/images/spoof.gif create mode 100644 itsecur-firewall/images/syn.gif create mode 100644 itsecur-firewall/images/times.gif create mode 100644 itsecur-firewall/images/top_r1_c1.jpg create mode 100644 itsecur-firewall/images/up.gif create mode 100644 itsecur-firewall/images/users.gif create mode 100755 itsecur-firewall/import_groups.cgi create mode 100755 itsecur-firewall/import_rules.cgi create mode 100755 itsecur-firewall/import_servs.cgi create mode 100755 itsecur-firewall/import_times.cgi create mode 100755 itsecur-firewall/index.cgi create mode 100644 itsecur-firewall/ipf-lib.pl create mode 100644 itsecur-firewall/iptables-lib.pl create mode 100644 itsecur-firewall/itsecur-lib.pl create mode 100644 itsecur-firewall/lang/en create mode 100755 itsecur-firewall/list_authlogs.cgi create mode 100755 itsecur-firewall/list_backup.cgi create mode 100755 itsecur-firewall/list_bandwidth.cgi create mode 100755 itsecur-firewall/list_groups.cgi create mode 100755 itsecur-firewall/list_import.cgi create mode 100755 itsecur-firewall/list_logs.cgi create mode 100755 itsecur-firewall/list_nat.cgi create mode 100755 itsecur-firewall/list_nat2.cgi create mode 100755 itsecur-firewall/list_pat.cgi create mode 100755 itsecur-firewall/list_remote.cgi create mode 100755 itsecur-firewall/list_report.cgi create mode 100755 itsecur-firewall/list_restore.cgi create mode 100755 itsecur-firewall/list_rules.cgi create mode 100755 itsecur-firewall/list_services.cgi create mode 100755 itsecur-firewall/list_spoof.cgi create mode 100755 itsecur-firewall/list_syn.cgi create mode 100755 itsecur-firewall/list_times.cgi create mode 100755 itsecur-firewall/list_users.cgi create mode 100755 itsecur-firewall/list_welf.cgi create mode 100644 itsecur-firewall/log_parser.pl create mode 100644 itsecur-firewall/migrate-groups.pl create mode 100644 itsecur-firewall/module.info create mode 100755 itsecur-firewall/restore.cgi create mode 100755 itsecur-firewall/save_bandwidth.cgi create mode 100755 itsecur-firewall/save_group.cgi create mode 100755 itsecur-firewall/save_nat.cgi create mode 100755 itsecur-firewall/save_nat2.cgi create mode 100755 itsecur-firewall/save_pat.cgi create mode 100755 itsecur-firewall/save_remote.cgi create mode 100755 itsecur-firewall/save_rule.cgi create mode 100755 itsecur-firewall/save_search.cgi create mode 100755 itsecur-firewall/save_sep.cgi create mode 100755 itsecur-firewall/save_service.cgi create mode 100755 itsecur-firewall/save_spoof.cgi create mode 100755 itsecur-firewall/save_syn.cgi create mode 100755 itsecur-firewall/save_time.cgi create mode 100755 itsecur-firewall/save_user.cgi create mode 100644 itsecur-firewall/standard-services create mode 100644 itsecur-firewall/status_monitor.pl create mode 100755 itsecur-firewall/stop.pl create mode 100755 itsecur-firewall/tail.cgi create mode 100755 itsecur-firewall/up.cgi create mode 100755 itsecur-firewall/welf.cgi diff --git a/itsecur-firewall/CbButton.class b/itsecur-firewall/CbButton.class new file mode 100644 index 0000000000000000000000000000000000000000..5f15e39b45f11735d7b296e5b98a6c7a38bb35ab GIT binary patch literal 4780 zcma)9d3aRS75}}=yqRS30tsYcNCF5XBr{=O8VRB#B#@S+vQ}FmlguM|FqugwlLWEW zJuYZlH;_e(SQ|@40hxdsT~yklt+g%Iw%WzkYU|g3`hD%!zifZ!zBe<041WD%&UVjs z?>*<-H|IWi;S7LT_{fKP+~~vQ_-Y<*!p(VPZxQNNp>7lEcA@SNYEY;y(`uL=0NkE`Dh>VBaf5b8m(c*uu`u}9dwLOmkXJ^}lEIDmsfJu2WaAHIo0 z0v?wn4~y&xp}v)eg?LiHw?#H2;3*%zgChdIE8uAfbX2Hk#Nt_@j!CrRLY)xVbNM)l zq)@|Nobu7zXJ3 zWR^9q-P9~h4w=U0Rckj3<04~qhdNCSg{!uQ`a`or1BuzKB5Baz=}p9~Xs3p8_F5zq z?VP<{$+()^5sF0GLmfM0y{WyiFOi5vn;aR}={OdqV~;gpg%e#GyjGWKb#^5v>Pd-u z(xOC4lt_!LXs;z6v}?snG;Bs`t9Qm@eLWh+rem%Ufh5#xM$C?c8P?#6bj-bAOHHvz zEKVIR%u{eaVV5WoilnQ963-GVY9*FxsH(a6G}6)1JFMNrJ7`i{9J|Vjnrr&H+s*if zPPLrC7ctVZHM=P{oKTzR4b-Gn?BkH^JobTbcQwL#slLJ7$ulg; zlAUOXLv{HY#*a!%6pWOD?WcN_(&$2I6+68rWXa`~jxbme5A}3e9lZ^r;OXlLhY~zE zUw5pp*KCd^%y=eGDaz)4UVlStYb}c*&sN%L(WOlL}=mo7>EI+zhX` zcF}EVO>O2zms{N?ODh&-LF9My%DelzZ8fje-Dy)3Y8WcJiEn+ZFWzCcSaQ(?smh-v zw`O1qIs|lj@sfd;@dX2$1)LFZjeze7xK_aT1$3AIY7v-pu0KQ{0aoHMZ2UVGiZ=Y?901~1+)@KgNEz#5Tkz(z0L zH1Ko0Wni0tU!c>#)mUfXml!bcE73YHV7h?{2qTW za6NVz_#^&g;C(RcpYaz1QN+CXz`$SaATmJGvn74@a!MZ>=*Ix-E_H}(>$GN5DB2(D zWshx4SP>RRL}tfUGc3c(-5v{H&$|zY;yWBsL1ukxm&IBT6-60oEyd<`nu*Q!M9Na+ zoThnHSm{hE*S2Ukt0z+kEwN}~waFRC!qrfm&US>HMP(08CrZ|CV;puR;TYvYb^Gd& zj7e8_XeT>H>W|Cm`f?iG6$*2{6=d37wU0M$IvwWjRrRhr)6|n1rbX#YQ+;Q*yBdra zw!1wm)jZf{MI!4sQ+b@shZ)I`2**PMGVnNYUmb~(@o33QWWPsi+k4G;zZq|k0pQ~mEjN2R)QjK~hxW6iq0I4k!T3~p7p96V zHNknv9T7|3FLl_Pa2cQ1%lRr!fFFy|z&CV>JeatG{L&HpmE^A)!7n4doG}V>!YIu7 zqA;h6!kjI{McmsKY$a?XR|OsNHINqwYOcCd(2kSQ5F+$(`@lrxqFkA@k22AMSxqL> zWQsEBuuZhnjG@!-g1{-{1Wv$}gquiD!b9XuB9|yH2_I2@5(ZI05@Q0vB*q5nk|+#R zCQ%gdyOS6fIEk@m;SUHtjqynoJ7h@`r4$yPMLF%ugdE0%Bvr``V`7qWW!q1iEDmQk{esI!zNOnRbH z6+2tU@i2v}%vx>9UznR(E?4BF%!R~J!JMYSjS^N}DZh}XV?J-N9@VVV8E8TcAB7x|HE((i3iuvrd}TTv+c~t>| zXOZt%Uv{zeMtJ$~jOELzp$nE{y`G*W@(ihn!hj}aaj7dF#?*|{iSW?uI;OOR^}Lns z-G-^G?rKOiZ^sTNz}3#ys>FApU3W||OMzu^-$nNp-EZf;>|o_bcrV>_98s{13G8D2 zZsNv^EBaEK_&;J-Baa??89Tw)eLS;%RAPX2uoLt6HebQ0%Wwnp;G1l3(^bmT^>M6i zr~hgD*ls7`8-ka}y*eW@Y>{V8Ml{A2RkIJde)kaE zb&JJkM(V8_g6?-O&JE5SMs3jLD$(8H5|2APj6l%uP094IYZyT;yGlGd*MdQRuB@fB z1-nI@61Z(2K|9fmx=!c(>3UeV)op>Ec1tg{!4s$(#!T9>HUCM(9{iZ7Xg_uZN_0~G zaG{5uyx~)rwKz|rj4jdqdE99P>+e+lv%G=ar znnUAZ%pJmc%8J~F;2FX>A@xI8>qI46tfG-9mFVSRi7sN1jEqR$Z!eYFgOA~q`+lwz zc@7~ugdHTg>m}T$_Yyn&l&uXxZSE|lJDYSuX4zDx75B60z*#gNHUmkGpUXcVh_m;3y?$a4+8E{Cb-!@8SXc0}tX8?9trVtL5Vn&5wQB z6zta);DFYFN41A=NZX6YwZnKqJAx;*^LR@8H;(YX@6nuGJd;z3XLFX~c+N7M$XSW! zax4t9J9<(*f=SLO@C1Uxn3u`lLoMJm;g=C7Y$F$>uJm<&fG^WDUcyxO(`4=U(;kN} zu|Z#EtDd2>H;W;k!t92x(C}3nzDC1D7DGmyku~Bu8oo}$H)zrOJo ogJt^m-AY@C3(_j3U*JO?=0~jCzwzn#JKxoh8TAIrbMTe_0c#fz^#A|> literal 0 HcmV?d00001 diff --git a/itsecur-firewall/CbButton.java b/itsecur-firewall/CbButton.java new file mode 100644 index 000000000..97707513e --- /dev/null +++ b/itsecur-firewall/CbButton.java @@ -0,0 +1,264 @@ +import java.awt.*; +import java.util.*; + +public class CbButton extends Canvas +{ + public static final int LEFT = 0; + public static final int RIGHT = 1; + public static final int ABOVE = 2; + public static final int BELOW = 3; + + Image image; + String string; + CbButtonCallback callback; + int imode; + int iwidth, iheight, pwidth, pheight, twidth, theight; + boolean inside, indent; + + CbButtonGroup group; + boolean selected; + + Color lc1 = Util.light_edge, lc2 = Util.body, lc3 = Util.dark_edge; + Color hc1 = Util.light_edge_hi, hc2 = Util.body_hi, hc3 = Util.dark_edge_hi; + + public CbButton(Image i, CbButtonCallback cb) + { + this(i, null, LEFT, cb); + } + + public CbButton(String s, CbButtonCallback cb) + { + this(null, s, LEFT, cb); + } + + public CbButton(Image i, String s, int im, CbButtonCallback cb) + { + image = i; + string = s; + imode = im; + callback = cb; + if (image != null) { + iwidth = Util.getWidth(image); + iheight = Util.getHeight(image); + } + if (string != null) { + twidth = Util.fnm.stringWidth(string); + theight = Util.fnm.getHeight(); + } + if (image != null && string != null) { + switch(imode) { + case LEFT: + case RIGHT: + pwidth = iwidth + twidth + 6; + pheight = Math.max(iheight , theight) + 4; + break; + case ABOVE: + case BELOW: + pwidth = Math.max(iwidth, twidth) + 4; + pheight = iheight + theight + 6; + break; + } + } + else if (image != null) { + pwidth = iwidth + 4; + pheight = iheight + 4; + } + else if (string != null) { + pwidth = twidth + 8; + pheight = theight + 8; + } + } + + /**Make this button part of a mutual-exclusion group. Only one such + * button can be indented at a time + */ + public void setGroup(CbButtonGroup g) + { + group = g; + group.add(this); + } + + /**Make this button the selected one in it's group + */ + public void select() + { + if (group != null) + group.select(this); + } + + /**Display the given string + */ + public void setText(String s) + { + string = s; + image = null; + twidth = Util.fnm.stringWidth(string); + theight = Util.fnm.getHeight(); + repaint(); + } + + /**Display the given image + */ + public void setImage(Image i) + { + string = null; + image = i; + iwidth = Util.getWidth(image); + iheight = Util.getHeight(image); + repaint(); + } + + /**Display the given image and text, with the given alignment mode + */ + public void setImageText(Image i, String s, int m) + { + image = i; + string = s; + imode = m; + twidth = Util.fnm.stringWidth(string); + theight = Util.fnm.getHeight(); + iwidth = Util.getWidth(image); + iheight = Util.getHeight(image); + repaint(); + } + + public void paint(Graphics g) + { + Color c1 = inside ? hc1 : lc1, + c2 = inside ? hc2 : lc2, + c3 = inside ? hc3 : lc3; + int w = size().width, h = size().height; + Color hi = indent||selected ? c3 : c1, + lo = indent||selected ? c1 : c3; + g.setColor(c2); + g.fillRect(0, 0, w-1, h-1); + g.setColor(hi); + g.drawLine(0, 0, w-2, 0); + g.drawLine(0, 0, 0, h-2); + g.setColor(lo); + g.drawLine(w-1, h-1, w-1, 1); + g.drawLine(w-1, h-1, 1, h-1); + if (inside) { + /* g.setColor(hi); + g.drawLine(1, 1, w-3, 1); + g.drawLine(1, 1, 1, h-3); */ + g.setColor(lo); + g.drawLine(w-2, h-2, w-2, 2); + g.drawLine(w-2, h-2, 2, h-2); + } + + g.setColor(c3); + g.setFont(Util.f); + if (image != null && string != null) { + if (imode == LEFT) { + Dimension is = imgSize(w-twidth-6, h-4); + g.drawImage(image, (w - is.width - twidth - 2)/2, + (h-is.height)/2, is.width, is.height, this); + g.drawString(string, + (w - is.width - twidth - 2)/2 +is.width +2, + (h + theight - Util.fnm.getDescent())/2); + } + else if (imode == RIGHT) { + } + else if (imode == ABOVE) { + //Dimension is = imgSize(w-4, h-theight-6); + g.drawImage(image, (w - iwidth)/2, + (h - iheight - theight - 2)/2, + iwidth, iheight, this); + g.drawString(string, (w - twidth)/2, iheight+Util.fnm.getHeight()+2); + } + else if (imode == BELOW) { + } + } + else if (image != null) { + Dimension is = imgSize(w-4, h-4); + g.drawImage(image, (w - is.width)/2, (h-is.height)/2, + is.width, is.height, this); + } + else if (string != null) { + g.drawString(string, (w - twidth)/2, + (h+theight-Util.fnm.getDescent())/2); + } + } + + public void update(Graphics g) { paint(g); } + + public boolean mouseEnter(Event e, int x, int y) + { + inside = true; + repaint(); + return true; + } + + public boolean mouseExit(Event e, int x, int y) + { + inside = false; + repaint(); + return true; + } + + public boolean mouseDown(Event e, int x, int y) + { + indent = true; + repaint(); + return true; + } + + public boolean mouseUp(Event e, int x, int y) + { + if (x >= 0 && y >= 0 && x < size().width && y < size().height) { + if (callback != null) + callback.click(this); + select(); + } + indent = false; + repaint(); + return true; + } + + public Dimension preferredSize() + { + return new Dimension(pwidth, pheight); + } + + public Dimension minimumSize() + { + return preferredSize(); + } + + private Dimension imgSize(int mw, int mh) + { + float ws = (float)mw/(float)iwidth, + hs = (float)mh/(float)iheight; + float s = ws < hs ? ws : hs; + if (s > 1) s = 1; + return new Dimension((int)(iwidth*s), (int)(iheight*s)); + } +} + + +interface CbButtonCallback +{ + void click(CbButton b); +} + + +class CbButtonGroup +{ + Vector buttons = new Vector(); + + void add(CbButton b) + { + buttons.addElement(b); + } + + void select(CbButton b) + { + for(int i=0; iy*|UF(;ebEpwG;>(-n@D9zHjE6nV)};zXMpnybFnO8xt-Jj61lAN$uU! zrmW4BjcEr3+;`c`*mz*$A;AvvEKA}JVWhR^zw?`U7Dml&wUZ_362W>J#$ooHV0zVU zf>=)4iZI*?W3`d*2P%E#2N6e1zuhJjz1DK@vX^j4!>x{rI1|C$O7e6^t%e#~9AFl7 zL5X3M2&JpVC5jl5c!b9ivzU{pz#|j}T!|`b5_QczPq>yQ`N1Gp~tO-HTUUCpau!!(a3W>(%QNR@3iKaqIMkXPK%4Ka4ZX@bo2b zh4^q6Y)wAgCr56vH_vbVSE?O>YTsbIK7#ob;xos15p4CsfZq@};d>Of&zQ3u*FR3} z3q-w(8&@f(yxczw7(1uDG^gUD!WR*l5%npJ0na2o~Wqx^O=j ibolSrMea#htc)j31}4Zvg#_ySUL=c!-Qny8?*0ejMtgVw literal 0 HcmV?d00001 diff --git a/itsecur-firewall/LineInputStream.class b/itsecur-firewall/LineInputStream.class new file mode 100644 index 0000000000000000000000000000000000000000..108beef9498501fee50b97263888c87b4276a933 GIT binary patch literal 1777 zcmZuxU2_v<6n@@(bkpsYM$$qdTiOC*KC~4-5Nrc&V=F14QG;Od#%;Qkg>;iiHp-p< zfjhjB@rE0nkr@q+%+!1Th2DALU$8zW*`~?T$?Vy8&wHM8p7Wgd&7c4Mz6W3qn>tS6 z(l93RfsV_#BIZLe3t|?<Wm}LzsIt*OWiM*mAuVYL;416SJRm_^0kHuWq zQNX%{E@-%+p{NjYT!o3^1M6#R-l@$O+=~sxX;4G9rCjA(F3c z+X`bv$F(qs!uh$x$-K}?*K|8kB zR2WaCyY#D;yED)39CwG^$?i7_F=4oEc^3JVYpq7bUUP*1xOCK~$DC+nz{HG!(@1LA zFffa=VqO<>!N40x8AyvSBT-qrY2Ync&0${QL`UR44lAvD_v{8M9jL!rTI(rfpoC8h zd@9*KL)pMB$@V!eYPfCS4!-a;?_;PCKP*w&dSF+mOyVGUq14OW?>!ti=WW&NwoCbv zsr;*wb?M5nsM_w1cb|*OeXFs|A~KCU=fznR{k@o1>neRvtkZa&0IT9j*P7ET*R6_- zl-2H1!AV{LK=Glzw8!|En4;$lS7#C85709&pfcHC5qi!qg=yNM4yqeJqs!>Q=-Iw9N-mUNCeYSMuq~O~+qmdg`Ig#=dZm{z zHeX=0m}%qKW-hLOkJD!8DMnsmjQ;o^S@UrluibgJ{}<%9L^9|3KMlOoBld_sA$EO`SU)B6@ozZs z-Tps5wJ!5l0-o&ueH5e1WVFb8mE(C>BEMxUUV=7(hyetDyv`3cLVm8E%qcMuy`mPG|@srEzg{5VxqfRfF!+o|Mg($nrK7 zFAd_9hUK_j!^`k;6|c~+O2}S`SIO6_Wq6H>J2b4tow6Xe>x98;RlF{U*K62-H;BkL z%Hf-Wc(W|t62x1BxJzW*t>SGOn(%hnzem1K2k{OS?-VBYYSiXF8QvAdyMuU-hWFxq zGQ3~I2XIEktX%t`hCMhVcR!@zN_;qokEr;lY<^6Jj|;2&ReVClSq&X>{(xBKld^bF zzRm@a5is{_n8QQz^{@cHJBUYun3wCHs>G-9sEW_1_^gW0sd!95Y22Pvup)Ycag)(% z%($&X=5cqQV;b!WDtI=Uo|rHl1+_j!+^{BF2VEy-O?G%EBrA!f6fBQMW0u)%CDSgC zO(P)(?v#R1(Z!)Do{aOPENP@urUES*8SO~Bu5EF%eAN5mhj%)zKsh1+O^aXM+_vN6 z-lBYW%!;{tdDhr;SV16SkCRum0O(C8MonkP7>#o$AY>Glat()bAm!RgUUJf8SZ*Yf zrbQX68jAq>nzakpvaxtLTf##MYx$CLQFj&I;8 z9pA)L42V2QSKOY-VKVV89pA=x6a;gAW0cg__lq~{>qX3WbzFz*1=sfo!S|?TBupJI z#`Ux+ttU~z==?tDh8jnf!zpMC%j(_4` zG<-hzm}S1dlF2yDv(KAyo1UrzY0L7Hq9*6Lh!KyE8WQ3aDbw{`tYBR>9i$Zadp(9_ zOq!0D6s5*EQ)c%PDdQ)R+=|$Vq-`;7+nbi!R8UEAo#Qb#o1~3LB(2sg!Lz&DOYcK& zjNYezT|clxMG$4jLsp3Ch#j|?F=aDTF_-qMDF(q47Mf*b)j`cC9Xl;0U_}u_@3zNL zsJd*&%uxjzJvjQL>Gm5AL)uHs%}e0U>RnU-D0Isbg!#&n^Mxlkya>*77*ot5CE+{^ z=KSq3tS03B_87y-qTW(>YZ|i{v)M#^8?#b#JHFY9br5G%*{qro+p^3tNgM@h&*M}$ zBTv5&W;qs47@0&pVBVNEQ*OUQmX3Sk|5&I{ABt*o6%{JVOVK^6k0jlq9^|L{;%%?E z+hT|6Bs&=!7K35PF~+!4n>EAY8=e^hl*&%GGAFCpHVRsn@b86zkZ+nAnf0(@F|}At zUE9}gQ9;aYm9yzhO3`GylQx(#z61URZ3 zHB_StE7@oj#PSTEK{+7<_mNqU%qlX_!l6p8bgq^iIftqYs)xf5qN+55nt3cA357~) z^f|0}2rK8Yid3tk%@1Hr2DScF*F2B4BV}_~m%&Bh(E1E6Ucj1WvfMBdswePE$h9GZ zjl<#4rQYE>|IlA%2{!ozo0~;^L7z720IWbIHMyA2&dpejomj)CU@i8e4hQ*I9mYCp zxgIXxc_-r6ATfV-x)v zrqE_wgce?BXUwvDjO@zDZZsU)N|mC`3)nf2Z6o0fTASzayq=Z}F6#}4w)3zpP#0K0 z<<`)SxNL$SLSXn#%_TqPj<6|uCckp4dpOM!^F7doRPf{Dv z$I2-Y4(%p%Y9b&m>+v<|-Aa5dp&eA=a++_?2({cfhrQ>p%h%!Rwm?{vyk_>l&qim_ zAeSSg^uji@KZ8zgbaBeyT2hH_zybd4^X6WnE7t8G!#PT4_t5pdXh0u-7W7lY0n!iR zTISsW=G;MQ)JyI9_*@#Kh6yjf_%g}*Dnnn1oZE@9>@=D{18dBJq_EKUFGD? zLiY%Jgpgmff*N1|N)eewv+&$>1{({$@AZA(!*K3vc^LgAkZ?UqFh_A5x8y@`J0Gwh q%pieQ6L>9B%utsunxTtMP_3JJ<0M^i8}FUMt^DPw;6~mlf%89clf4B1 literal 0 HcmV?d00001 diff --git a/itsecur-firewall/LogViewer.java b/itsecur-firewall/LogViewer.java new file mode 100644 index 000000000..51cd7324e --- /dev/null +++ b/itsecur-firewall/LogViewer.java @@ -0,0 +1,133 @@ +import java.awt.*; +import java.net.*; +import java.io.*; +import java.util.*; +import java.applet.*; + +public class LogViewer extends Applet implements Runnable,CbButtonCallback +{ + TextArea log; + StringBuffer logbuffer = new StringBuffer(); + LineInputStream is; + Thread th; + CbButton pause, button; + boolean paused = false; + + public void init() + { + // Create the UI + setLayout(new BorderLayout()); + add("Center", log = new TextArea()); + log.setEditable(false); + Util.setFont(new Font("TimesRoman", Font.PLAIN, 12)); + Panel bot = new Panel(); + bot.setBackground(Color.white); + bot.setForeground(Color.white); + bot.setLayout(new FlowLayout(FlowLayout.RIGHT)); + if (getParameter("pause") != null) { + // Add button to pause display + bot.add(pause = new CbButton(" Pause ", this)); + } + if (getParameter("buttonname") != null) { + // Add button for some other purpose + bot.add(button = new CbButton(getParameter("buttonname"),this)); + } + add("South", bot); + } + + public void start() + { + // Start download thread + log.setText(""); + th = new Thread(this); + th.start(); + } + + public void stop() + { + // Stop download + try { + String killurl = getParameter("killurl"); + if (killurl != null) { + // Call this CGI at stop time + try { + URL u = new URL(getDocumentBase(), killurl); + URLConnection uc = u.openConnection(); + String session = getParameter("session"); + if (session != null) + uc.setRequestProperty("Cookie", session); + uc.getInputStream().close(); + } + catch(Exception e2) { } + } + if (is != null) is.close(); + if (th != null) th.stop(); + } + catch(Exception e) { + // ignore it + e.printStackTrace(); + } + } + + public void run() + { + try { + URL u = new URL(getDocumentBase(), getParameter("url")); + URLConnection uc = u.openConnection(); + String session = getParameter("session"); + if (session != null) + uc.setRequestProperty("Cookie", session); + is = new LineInputStream(uc.getInputStream()); + while(true) { + String l = is.gets(); + append(l); + } + } + catch(EOFException e) { + // end of file .. + } + catch(IOException e) { + // shouldn't happen! + e.printStackTrace(); + append("IO error : "+e.getMessage()); + } + } + + int len = 0, oldlen = 0; + + void append(String str) { + if (!paused) { + log.append((len == 0 ? "" : "\n")+str); + } + logbuffer.append((len == 0 ? "" : "\n")+str); + oldlen = len; + len += str.length()+1; + if (!paused) { + log.select(oldlen, oldlen); + } + } + + public void click(CbButton b) { + if (b == pause) { + if (paused) { + // Resume display, and append missing text + pause.setText(" Pause "); + log.setText(logbuffer.toString()); + log.select(oldlen, oldlen); + } else { + // Stop display + pause.setText("Resume"); + } + paused = !paused; + } else if (b == button) { + // Open some page + try { + URL u = new URL(getDocumentBase(), + getParameter("buttonlink")); + getAppletContext().showDocument(u); + } + catch(Exception e) { } + } + } +} + diff --git a/itsecur-firewall/Makefile b/itsecur-firewall/Makefile new file mode 100644 index 000000000..50006ac83 --- /dev/null +++ b/itsecur-firewall/Makefile @@ -0,0 +1,2 @@ +LogViewer.class: LogViewer.java + javac -target 1.2 -source 1.2 -classpath . *.java diff --git a/itsecur-firewall/Util.class b/itsecur-firewall/Util.class new file mode 100644 index 0000000000000000000000000000000000000000..cb1d4cf34df1bfee2698bf0b361d81f95ee121bf GIT binary patch literal 4440 zcmai130NJ~75*nYn8z@L0C|b#fhC#+9z;x3q9I8oD2j!c8Z;8?GVlhNL9j`0J`FOp7dAL@{bwc*)xL)`TLT)rDaFc<3c!Q9e4Q#+0 zg}lkYEx1+4ZKZfK-lF5J2C8sP9JdR6 zj^eW-`#Bw-*YO1n^9DQ(3%Yh#yR2qw+;8sitYN!VgEpw4I+{M;vqpxT{!v*O&`=Sr zbhufcvqb~hVGWB4=eup+3zX*hJ2g~At39rp+3AR)k#Pox{HyHrpj{A1yPI)6u9v1Q zZ)dn1>vPk4H0Z*v8gew0N6PBk%n7ScU48a(D>2{R?Q4h!@-kDh-pM-tMn+!Wa47}a z-82KJ=yJ05=CR>E+v~CVGMq8TEywS0z0P4vBCM{DHle0k8@6jm{LgG>r_9F(ZGW4S z_J@wE*vZ{d-~wAtKtox-XIs7@JNJ=Sk~t;bO@1G^XX z?XdglW<_WrV`T@Mw=zN5!8t8870B`A3k1X2(0rkwk#>FGPG79dC-VZ#RZXY-lVh&% z?EW!t)Y)ZsS$o_uhO;qwgPuE0Z3MOoMkjsdDc~B%W`~ue9mrQ(FWUG~|I>_^O_uC`B<7Q2K1&@i)S4~*x z)A2PEX?)$pfRI5932}6M!^GqGripLi2^~+G_%^=7-ir(dS=}@?FkrL0Pw221Zo1BQ z>w-$Cb5$wSnRp6MvjOVXarj+4W8!;w*2MSmtd8eQJdYok_#s}8vEv%M5OCc3fN#H-L{Vhp=X{1(46aS^td_`R%d74iommk9YIdNj<> z*;NH2>G_k1ZL)rukUtCQ6|!B(Ed5qK8m)p4j6G+?yv(81C?Nhbo7i~2@wZHoe^{uR=bz%K+ktFXdw(c4AZC)uww#OPy1gGG*&07dqKK3*36JQRvQe6JfabaG?R^P zhk_#_uEgx!4lyTIuTomDgX6&MF*}GFV-95*Q`)n}bVMt3 zQ#?N8_}oHqUxxTem{pfHcggB5k!>kVma9FOD`mHAc711n>t*y4okt?y$=ozO%-sa} z2?@*w1t>9vFBBpWO`dBHSYsJKH!qLJbRB*lqIJd%wyHo zQtd3N@%jzDE#;Ak!BYBJlAK2Q;hd-7j5jE8Cls#>gNsu3p*RD^*Hzr~=2T@+r5>Lc7B;qZx zWJ^h+r1oB{OeIQc5+#Y^t84FrUOR!f`e2ABaiCw_QZn(fubGq2mwqPd z!cADf-KM!~o25L!ju~Vz521s63miT-c3>Cz^{j|nn40^^AK-aC#1ngx{5d|K;_`$F zlh(`Xk`8WQ(q2)tK1o)05Va}R<LrHjWl{&>L`{SKqcAo12D)|>__au6iaa>Kj>{~ir%`5 zHr6(&NUEA@8A;h~4V{fm+N6)Nx75>57E5%-(K4Rn1YR^ldB%08?kKL*rQ4{%XJDw&8fq*~O@T^{li&$8aWIWlQ#ds;5CGZj+~pl8 z$DIu6E*cuoq3YwRn1Q{MXr97plUO~4HIq1f3JphaMsFpa2!3a9<`i0#(Ar6yHHEW- z<-02(ziN4%(r#5k>yKaqTYKXaiWF|WQqgm!1Toust2Pxah|i#X7U$05yeV`<0dG{W zZ?clgVKRYL{9exLY9tP?=GVEbuM3&fEkx_>IFWb264q4`yHSJd)FrW-37v;M{{@9N B95?^~ literal 0 HcmV?d00001 diff --git a/itsecur-firewall/Util.java b/itsecur-firewall/Util.java new file mode 100644 index 000000000..95d9a7d02 --- /dev/null +++ b/itsecur-firewall/Util.java @@ -0,0 +1,148 @@ +import java.awt.*; +import java.awt.image.*; + +class Util +{ + static Frame fr; + static Graphics g; + static Font f; + static FontMetrics fnm; + static Toolkit tk; + + static Color light_edge = Color.white; + static Color dark_edge = Color.black; + static Color body = Color.lightGray; + static Color body_hi = new Color(210, 210, 210); + static Color light_edge_hi = Color.white; + static Color dark_edge_hi = Color.darkGray; + static Color dark_bg = new Color(150, 150, 150); + static Color text = Color.black; + static Color light_bg = Color.white; + + static + { + fr = new Frame(); + fr.addNotify(); + g = fr.getGraphics(); + setFont(new Font("TimesRoman", Font.PLAIN, 8)); + tk = Toolkit.getDefaultToolkit(); + } + + static boolean waitForImage(Image i) + { + MediaTracker mt = new MediaTracker(fr); + mt.addImage(i, 0); + try { mt.waitForAll(); } catch(Exception e) { return false; } + return !mt.isErrorAny(); + } + + static boolean waitForImage(Image i, int w, int h) + { + MediaTracker mt = new MediaTracker(fr); + mt.addImage(i, w, h, 0); + try { mt.waitForAll(); } catch(Exception e) { return false; } + return !mt.isErrorAny(); + } + + static int getWidth(Image i) + { + waitForImage(i); + return i.getWidth(fr); + } + + static int getHeight(Image i) + { + waitForImage(i); + return i.getHeight(fr); + } + + static Image createImage(int w, int h) + { + return fr.createImage(w, h); + } + + static Image createImage(ImageProducer p) + { + return fr.createImage(p); + } + + static Object createObject(String name) + { + try { + Class c = Class.forName(name); + return c.newInstance(); + } + catch(Exception e) { + System.err.println("Failed to create object "+name+" : "+ + e.getClass().getName()); + System.exit(1); + } + return null; + } + + /**Create a new instance of some object + */ + static Object createObject(Object o) + { + try { return o.getClass().newInstance(); } + catch(Exception e) { + System.err.println("Failed to reproduce object "+o+" : "+ + e.getClass().getName()); + System.exit(1); + } + return null; + } + + + static void dottedRect(Graphics g, int x1, int y1, + int x2, int y2, int s) + { + int i, s2 = s*2, t; + if (x2 < x1) { t = x1; x1 = x2; x2 = t; } + if (y2 < y1) { t = y1; y1 = y2; y2 = t; } + for(i=x1; i<=x2; i+=s2) + g.drawLine(i, y1, i+s > x2 ? x2 : i+s, y1); + for(i=y1; i<=y2; i+=s2) + g.drawLine(x2, i, x2, i+s > y2 ? y2 : i+s); + for(i=x2; i>=x1; i-=s2) + g.drawLine(i, y2, i-s < x1 ? x1 : i-s, y2); + for(i=y2; i>=y1; i-=s2) + g.drawLine(x1, i, x1, i-s < y1 ? y1 : i-s); + } + + static void recursiveLayout(Container c) + { + c.layout(); + for(int i=0; i{'edit'})) { + if ($_[0]->{'edit'}) { + @edit = @read = split(/\s+/, $_[0]->{'features'}); + } + else { + @read = split(/\s+/, $_[0]->{'features'}); + } + } +else { + @edit = split(/\s+/, $_[0]->{'features'}); + @read = split(/\s+/, $_[0]->{'rfeatures'}); + } + +local $w; +foreach $w ([ \@edit, "features", "all" ], + [ \@read, "rfeatures", "rall" ]) { + local %can = map { $_, 1 } @{$w->[0]}; + print " ",$text{'acl_'.$w->[1]}, + " \n"; + printf "[2] value=1 %s> %s\n", + $can{"*"} ? "checked" : "", $text{'acl_all'}; + printf "[2] value=0 %s> %s
\n", + $can{"*"} ? "" : "checked", $text{'acl_sel'}; + printf " \n"; + } +} + +# acl_security_save(&options) +# Parse the form for security options for the acl module +sub acl_security_save +{ +$_[0]->{'features'} = $in{'all'} ? "*" : + join(" ", split(/\0/, $in{'features'})); +$_[0]->{'rfeatures'} = $in{'rall'} ? "*" : + join(" ", split(/\0/, $in{'rfeatures'})); +delete($_[0]->{'edit'}); +} + +1; + diff --git a/itsecur-firewall/apply.cgi b/itsecur-firewall/apply.cgi new file mode 100755 index 000000000..b0dfc9894 --- /dev/null +++ b/itsecur-firewall/apply.cgi @@ -0,0 +1,29 @@ +#!/usr/bin/perl +# apply.cgi +# Apply the firewall configuration + +require './itsecur-lib.pl'; +&can_edit_error("apply"); +&ReadParse(); +&header($text{'apply_title'}, "", + undef, undef, undef, undef, &apply_button()); +print "
\n"; + +print "

$text{'apply_doing'}
\n"; +&enable_routing(); +$err = &apply_rules(); +if ($err) { + print &text('apply_failed', $err),"

\n"; + } +else { + print "$text{'apply_done'}

\n"; + } + +print "

\n"; +if ($in{'return'}) { + &footer($ENV{'HTTP_REFERER'}, $text{'apply_return'}); + } +else { + &footer("", $text{'index_return'}); + } +&remote_webmin_log("apply"); diff --git a/itsecur-firewall/apply.pl b/itsecur-firewall/apply.pl new file mode 100755 index 000000000..d0ec49a8c --- /dev/null +++ b/itsecur-firewall/apply.pl @@ -0,0 +1,25 @@ +#!/usr/bin/perl +# apply.pl +# Apply the firewall configuration + +$ENV{'WEBMIN_CONFIG'} ||= "/etc/webmin"; +$ENV{'WEBMIN_VAR'} ||= "/var/webmin"; +$no_acl_check++; +if ($0 =~ /^(.*\/)[^\/]+$/) { + chdir($1); + } +require './itsecur-lib.pl'; +$module_name eq 'itsecur-firewall' || die "Command must be run with full path"; + +print "$text{'apply_doing'}\n"; +&enable_routing(); +$err = &apply_rules(); +if ($err) { + print &text('apply_failed', $err),"\n"; + exit(1); + } +else { + print "$text{'apply_done'}\n"; + exit(0); + } + diff --git a/itsecur-firewall/authdownload.cgi b/itsecur-firewall/authdownload.cgi new file mode 100755 index 000000000..07e35866a --- /dev/null +++ b/itsecur-firewall/authdownload.cgi @@ -0,0 +1,14 @@ +#!/usr/bin/perl +# authdownload.cgi +# Just dump log security file as text + +require './itsecur-lib.pl'; +&can_use_error("logs"); +$log = $config{'authlog'} || &get_authlog_file(); +print "Content-type: text/plain\n\n"; +open(LOG, $log); +while() { + print $_ if (!&is_log_line($_)); + } +close(LOG); + diff --git a/itsecur-firewall/authtail.cgi b/itsecur-firewall/authtail.cgi new file mode 100755 index 000000000..c60fa9e30 --- /dev/null +++ b/itsecur-firewall/authtail.cgi @@ -0,0 +1,26 @@ +#!/usr/bin/perl + +$trust_unknown_referers = 1; +require './itsecur-lib.pl'; +&can_use_error("logs"); +&ReadParse(); +$| = 1; +$SIG{'HUP'} = sub { print "got HUP!\n"; }; +$log = $config{'authlog'} || &get_authlog_file(); +print "Content-type: text/plain\n\n"; + +# Get all the firewall log lines +open(LOG, $log); +while() { + push(@log, $_) if (!&is_log_line($_)); + shift(@log) if (@log > 20); + } + +# Show the last 20, and keep tailing +print @log; +while(1) { + sleep(1); + $line = ; + print $line if ($line && !&is_log_line($line)); + } + diff --git a/itsecur-firewall/backup.cgi b/itsecur-firewall/backup.cgi new file mode 100755 index 000000000..e7d732d12 --- /dev/null +++ b/itsecur-firewall/backup.cgi @@ -0,0 +1,102 @@ +#!/usr/bin/perl +# Actually do a backup + +require './itsecur-lib.pl'; +&can_edit_error("backup"); +&error_setup($text{'backup_err'}); +&ReadParse(); + +# Validate inputs +if ($in{'dest_mode'} == 0) { + $file = &tempname(); + } +elsif ($in{'dest_mode'} == 1) { + $orig_dest = $in{'dest'}; + if (-d $in{'dest'}) { + $in{'dest'} .= "/firewall.zip"; + } + $in{'dest'} =~ /^(.*)\// || &error($text{'backup_edest'}); + -d $1 || &error($text{'backup_edestdir'}); + $file = $in{'dest'}; + $done = &text('backup_done1', $file); + } +elsif ($in{'dest_mode'} == 2) { + gethostbyname($in{'ftphost'}) || &error($text{'backup_eftphost'}); + $in{'ftpfile'} =~ /^\/\S+/ || &error($text{'backup_eftpfile'}); + $in{'ftpuser'} =~ /\S/ || &error($text{'backup_eftpuser'}); + $file = "ftp://$in{'ftpuser'}:$in{'ftppass'}\@$in{'ftphost'}$in{'ftpfile'}"; + $done = &text('backup_done2', $in{'ftphost'}, $in{'ftpfile'}); + } +elsif ($in{'dest_mode'} == 3) { + $in{'email'} =~ /^\S+\@\S+$/ || &error($text{'backup_eemail'}); + $file = "mailto:$in{'email'}"; + $done = &text('backup_done3', $in{'email'}); + } +if (!$in{'pass_def'}) { + $in{'pass'} || &error($text{'backup_epass'}); + } +@what = split(/\0/, $in{'what'}); +@what || &error($text{'backup_ewhat'}); + +if (!$in{'save'}) { + # Create the tar file + $err = &backup_firewall(\@what, $file, $in{'pass_def'} ? undef + : $in{'pass'}); + &error($err) if ($err); + } + +# Save settings +$config{'backup_dest'} = $in{'dest_mode'} == 0 ? undef : $file; +$config{'backup_what'} = join(" ", @what); +$config{'backup_pass'} = $in{'pass_def'} ? undef : $in{'pass'}; +&write_file($module_config_file, \%config); + +if ($in{'save'}) { + # Tell the user about the cron job + &header($text{'backup_title'}, "", + undef, undef, undef, undef, &apply_button()); + print "
\n"; + + print "

",&text('backup_donesched'),"

\n"; + + print "

\n"; + &footer("", $text{'index_return'}); + } +elsif ($in{'dest_mode'} == 0) { + # Send to browser + print "Content-type: application/octet-stream\n\n"; + open(FILE, $file); + while() { + print; + } + close(FILE); + unlink($file); + &remote_webmin_log("backup"); + } +else { + # Tell the user + &header($text{'backup_title'}, "", + undef, undef, undef, undef, &apply_button()); + print "
\n"; + + print "

$done

\n"; + + print "

\n"; + &footer("", $text{'index_return'}); + &remote_webmin_log("backup", undef, $in{'dest'}); + } + +# Setup cron job +$job = &find_backup_job(); +if ($job) { + &cron::delete_cron_job($job); + } +if (!$in{'sched_def'}) { + $job = { 'special' => $in{'sched'}, + 'user' => 'root', + 'command' => $cron_cmd, + 'active' => 1 }; + &cron::create_wrapper($cron_cmd, $module_name, "backup.pl"); + &cron::create_cron_job($job); + } + diff --git a/itsecur-firewall/backup.pl b/itsecur-firewall/backup.pl new file mode 100755 index 000000000..79024263b --- /dev/null +++ b/itsecur-firewall/backup.pl @@ -0,0 +1,16 @@ +#!/usr/bin/perl +# Do a backup on schedule + +$no_acl_check++; +require './itsecur-lib.pl'; + +$file = $config{'backup_dest'}; +if (-d $file) { + $file .= "/firewall.zip"; + } +@what = split(/\s+/, $config{'backup_what'}); +$pass = $config{'backup_pass'}; + +if ($file) { + &backup_firewall(\@what, $file, $pass); + } diff --git a/itsecur-firewall/bootup.cgi b/itsecur-firewall/bootup.cgi new file mode 100755 index 000000000..2540efca2 --- /dev/null +++ b/itsecur-firewall/bootup.cgi @@ -0,0 +1,30 @@ +#!/usr/bin/perl +# bootup.cgi +# Enable or disable iptables at boot time + +require './itsecur-lib.pl'; +&can_edit_error("bootup"); +&ReadParse(); +&foreign_require("init", "init-lib.pl"); +&foreign_require("cron", "cron-lib.pl"); + +# Create the wrapper script +$start_wrapper_script = "$module_config_directory/apply.pl"; +$stop_wrapper_script = "$module_config_directory/stop.pl"; +&cron::create_wrapper($start_wrapper_script, $module_name, "apply.pl"); +&cron::create_wrapper($stop_wrapper_script, $module_name, "stop.pl"); + +if ($in{'boot'}) { + &init::enable_at_boot("itsecur-firewall", + "Start or stop the ITsecur firewall", + $start_wrapper_script, + $stop_wrapper_script); + &remote_webmin_log("bootup"); + } +else { + &init::disable_at_boot("itsecur-firewall"); + &remote_webmin_log("bootdown"); + } + +&redirect(""); + diff --git a/itsecur-firewall/config-*-linux b/itsecur-firewall/config-*-linux new file mode 100644 index 000000000..7697ce1b8 --- /dev/null +++ b/itsecur-firewall/config-*-linux @@ -0,0 +1,9 @@ +type=iptables +what=rules services groups nat pat spoof +fw_any=0 +rusure=1 +show_desc=1 +perpage=40 +add_files=0 +open_log=1 +frags=0 diff --git a/itsecur-firewall/config-freebsd b/itsecur-firewall/config-freebsd new file mode 100644 index 000000000..16374400c --- /dev/null +++ b/itsecur-firewall/config-freebsd @@ -0,0 +1,9 @@ +type=ipf +what=rules services groups nat pat spoof +fw_any=0 +rusure=1 +show_desc=1 +perpage=40 +add_files=0 +open_log=1 +frags=0 diff --git a/itsecur-firewall/config.info b/itsecur-firewall/config.info new file mode 100644 index 000000000..bf3aac6b9 --- /dev/null +++ b/itsecur-firewall/config.info @@ -0,0 +1,15 @@ +line1=Configurable options,11 +fw_any=Include firewall in Any destination?,1,1-Yes,0-No +frags=Block fragmented packets?,1,1-Yes,0-No +auto_dir=Automatic backup directory,3,None +rusure=Ask for confirmation before saving rule?,1,1-Yes,0-No +show_desc=Show rule descriptions?,1,1-Yes,0-No +perpage=Logs to show per page,0,5 +refresh=Seconds between log view refreshes,3,Never +all_files=Include rotated versions of log file,1,1-Yes,0-No +from=From: address for emails,3,Automatic (webmin@hostname) +open_log=Open logs in new window?,1,1-Yes,0-No +line2=System configuration,11 +type=Firewall type,1,iptables-IPtables,ipf-IPF +log=Firewall log file,3,Automatic based on firewall type +authlog=Security log file,3,Automatic based on OS diff --git a/itsecur-firewall/debug_file b/itsecur-firewall/debug_file new file mode 100644 index 000000000..d2ba40b48 --- /dev/null +++ b/itsecur-firewall/debug_file @@ -0,0 +1,5 @@ + OLD @NET23 + NET NET2 + NET ARRAY(0x87a4b98) + NET ARRAY(0x87a09e4) + NET ARRAY(0x8429fc8) diff --git a/itsecur-firewall/defaultacl b/itsecur-firewall/defaultacl new file mode 100644 index 000000000..baf1e48e2 --- /dev/null +++ b/itsecur-firewall/defaultacl @@ -0,0 +1,2 @@ +features=* +rfeatures=* diff --git a/itsecur-firewall/down.cgi b/itsecur-firewall/down.cgi new file mode 100755 index 000000000..a8fd47f7b --- /dev/null +++ b/itsecur-firewall/down.cgi @@ -0,0 +1,16 @@ +#!/usr/bin/perl +# down.cgi +# Move a rule down + +require './itsecur-lib.pl'; +&can_edit_error("rules"); +&ReadParse(); +&lock_itsecur_files(); +@rules = &list_rules(); +($rules[$in{'idx'}], $rules[$in{'idx'}+1]) = + ($rules[$in{'idx'}+1], $rules[$in{'idx'}]); +&save_rules(@rules); +&unlock_itsecur_files(); +&remote_webmin_log("move", "rule", $in{'idx'}+1, $rules[$in{'idx'}]); +&redirect("list_rules.cgi"); + diff --git a/itsecur-firewall/download.cgi b/itsecur-firewall/download.cgi new file mode 100755 index 000000000..fda4b2036 --- /dev/null +++ b/itsecur-firewall/download.cgi @@ -0,0 +1,14 @@ +#!/usr/bin/perl +# download.cgi +# Just dump log file as text + +require './itsecur-lib.pl'; +&can_use_error("logs"); +$log = $config{'log'} || &get_log_file(); +print "Content-type: text/plain\n\n"; +open(LOG, $log); +while() { + print $_ if (&is_log_line($_)); + } +close(LOG); + diff --git a/itsecur-firewall/edit_group.cgi b/itsecur-firewall/edit_group.cgi new file mode 100755 index 000000000..f253675d0 --- /dev/null +++ b/itsecur-firewall/edit_group.cgi @@ -0,0 +1,82 @@ +#!/usr/bin/perl +# edit_group.cgi +# Show a form for editing or creating a group of hosts or nets + +require './itsecur-lib.pl'; +&can_use_error("groups"); +&ReadParse(); +if ($in{'new'}) { + &header($text{'group_title1'}, "", + undef, undef, undef, undef, &apply_button()); + } +else { + &header($text{'group_title2'}, "", + undef, undef, undef, undef, &apply_button()); + @groups = &list_groups(); + if (defined($in{'idx'})) { + $group = $groups[$in{'idx'}]; + } + else { + ($group) = grep { $_->{'name'} eq $in{'name'} } @groups; + $in{'idx'} = $group->{'index'}; + } + } +print "
\n"; + +print "
\n"; +print "\n"; +print "\n"; +print "\n"; +print "\n"; +print "\n"; +print "
$text{'group_header'}
\n"; + +print "\n"; +printf "\n", + $group->{'name'}; + +print "\n"; +print "\n"; + +# Show member groups +print "\n"; +print "\n"; + +print "
$text{'group_name'}
$text{'group_members'}\n"; +$i = 0; +foreach $m (( grep { !/\!?\@/ } @{$group->{'members'}} ), + $blank, $blank, $blank, $blank, $blank, $blank) { + $neg = ($m =~ s/^\!//); + print "\n"; + print " $text{'group_neg'}
\n"; + $i++; + } +print "
\n"; +print " $text{'group_resolv'}\n"; +print "
$text{'group_members2'}\n"; +$i = 0; +foreach $m (( grep { /\!?\@/ } @{$group->{'members'}} ), + $blank, $blank, $blank, $blank, $blank, $blank) { + $neg = ($m =~ s/^\!//); + $m =~ s/^\@//; + print "\n"; + $i++; + } +print "
\n"; + print &group_input("group_$i", $m, 1); + print "
\n"; +if ($in{'new'}) { + print "\n"; + } +else { + print "\n"; + print "\n"; + } +print "
\n"; +&can_edit_disable("groups"); + +print "
\n"; +$from = $in{'from'} || "groups"; +&footer("list_${from}.cgi", $text{$from.'_return'}); + diff --git a/itsecur-firewall/edit_rule.cgi b/itsecur-firewall/edit_rule.cgi new file mode 100755 index 000000000..d541d845a --- /dev/null +++ b/itsecur-firewall/edit_rule.cgi @@ -0,0 +1,192 @@ +#!/usr/bin/perl +# edit_rule.cgi +# Show a form for editing or creating a rule + +require './itsecur-lib.pl'; +&can_use_error("rules"); +&ReadParse(); +@rules = &list_rules(); +if ($in{'new'}) { + &header(defined($in{'insert'}) ? $text{'rule_title3'} + : $text{'rule_title1'}, "", + undef, undef, undef, undef, &apply_button()); + $rule = { 'enabled' => 1, + 'action' => &default_action(), + 'service' => '', + 'source' => '', + 'dest' => '', + 'time' => '*', + 'index' => scalar(@rules) }; + } +else { + &header($text{'rule_title2'}, "", + undef, undef, undef, undef, &apply_button()); + $rule = $rules[$in{'idx'}]; + } +print "
\n"; + +print "
\n"; +print "\n"; +print "\n"; +print "\n"; +print "\n"; +print "\n"; +print "
$text{'rule_header'}
\n"; + +# Show comment +print "\n", + $rule->{'desc'} eq "*" ? "" : $rule->{'desc'}; + +# Show source and destination +foreach $s ('source', 'dest') { + $not = ($rule->{$s} =~ s/^!//g); + $sm = $rule->{$s} eq '*' ? 0 : + $rule->{$s} =~ /^\@/ ? 2 : + $rule->{$s} =~ /^\%/ ? 3 : 1; + + # Any address options + print "\n"; + } + +# Show service +$not = ($rule->{'service'} =~ s/^!//g); +print "\n"; + +# Show action upon match +print "\n"; + +# Show time that this rule applies +$inp = &time_input("time", $rule->{'time'} eq "*" ? undef : $rule->{'time'}); +if ($inp) { + print "\n"; + } +else { + print "\n"; + } + +# Show enabled flag +print "\n"; + +# Show input for position of rule +print "\n"; + +print "
$text{'rule_desc'} \n"; +printf "
",$text{'rule_'.$s}, + " \n"; + print "\n"; + print "\n"; + + # Specific host option + print "\n"; + + # Host group option + local $gv; + if ($rule->{$s} =~ /^\@(.*)$/) { + $gv = $rule->{$s}; + $gv =~ s/(^|\s)@/$1/g; + } + $gi = &group_input("${s}_group", $gv, 0, 1); + if ($gi || $sm == 2) { + print "\n"; + } + + # Interface option + $ii = &iface_input("${s}_iface", + $rule->{$s} =~ /^\%(.*)$/ ? $1 : undef); + if ($ii || $sm == 3) { + print "\n"; + } + + print "
"; + printf " %s\n", + $sm == 0 ? "checked" : "", + $text{'rule_anywhere'}; + print "
"; + printf " %s\n", + $sm == 1 ? "checked" : "", $text{'rule_host'}; + print ""; + printf "\n", + $sm == 1 ? $rule->{$s} : ""; + print "$text{'rule_named'}\n"; + print "
\n"; + print " ", + "$text{'rule_resolv'}\n"; + print "
"; + printf " %s\n", + $sm == 2 ? "checked" : "", $text{'rule_group'}; + print ""; + print $gi; + print "
"; + printf " %s\n", + $sm == 3 ? "checked" : "", $text{'rule_iface'}; + print ""; + print $ii; + print "
\n"; + print "		 \n"; + #printf " %s\n", + # $not ? "checked" : "", $text{'rule_not'}; + print "
$text{'rule_service'} \n"; +printf " %s\n", + $rule->{'service'} eq '*' ? "checked" : "", $text{'rule_anyserv'}; +printf " %s
\n", + $rule->{'service'} eq '*' ? "" : "checked", $text{'rule_oneserv'}; +print &service_input("service", + $rule->{'service'} eq '*' ? undef : $rule->{'service'}, + 0, 1); +print "		 \n"; +#printf " %s\n", +# $not ? "checked" : "", $text{'rule_not'}; +print "
$text{'rule_action'} \n"; +print &action_input("action", $rule->{'action'}); +print " \n"; +printf " %s\n", + $rule->{'log'} ? 'checked' : '', $text{'rule_log'}; +print "
$text{'rule_time'} "; + printf " %s\n", + $rule->{'time'} eq "*" ? "checked" : "", $text{'rule_anytime'}; + printf " %s\n", + $rule->{'time'} eq "*" ? "" : "checked", $text{'rule_seltime'}; + print $inp; + print "
$text{'rule_enabled'} \n"; +printf " %s\n", + $rule->{'enabled'} ? "checked" : "", $text{'yes'}; +printf " %s\n", + $rule->{'enabled'} ? "" : "checked", $text{'no'}; +print "
$text{'rule_atpos'} \n"; +print "
\n"; +if ($in{'new'}) { + print "\n"; + } +else { + print "\n"; + print "\n"; + } +print "
\n"; +&can_edit_disable("rules"); + +print "
\n"; +&footer("list_rules.cgi", $text{'rules_return'}); + diff --git a/itsecur-firewall/edit_sep.cgi b/itsecur-firewall/edit_sep.cgi new file mode 100755 index 000000000..484b45880 --- /dev/null +++ b/itsecur-firewall/edit_sep.cgi @@ -0,0 +1,74 @@ +#!/usr/bin/perl +# Show a form for editing or creating a rule list section separator + +require './itsecur-lib.pl'; +&can_use_error("rules"); +&ReadParse(); +@rules = &list_rules(); +if ($in{'new'}) { + &header(defined($in{'insert'}) ? $text{'sep_title3'} + : $text{'sep_title1'}, "", + undef, undef, undef, undef, &apply_button()); + $rule = { 'index' => scalar(@rules) }; + } +else { + &header($text{'sep_title2'}, "", + undef, undef, undef, undef, &apply_button()); + $rule = $rules[$in{'idx'}]; + } +print "
\n"; + +print "
\n"; +print "\n"; +print "\n"; +print "\n"; +print "\n"; +print "\n"; +print "
$text{'sep_header'}
\n"; + +# Show separator title +print "\n", + $rule->{'desc'} eq "*" ? "" : $rule->{'desc'}; + +# Show input for position of rule +print "\n"; + +print "
$text{'sep_desc'} \n"; +printf "
$text{'rule_atpos'} \n"; +print "
\n"; +if ($in{'new'}) { + print "\n"; + } +else { + print "\n"; + print "\n"; + } +print "
\n"; +&can_edit_disable("rules"); + +print "
\n"; +&footer("list_rules.cgi", $text{'rules_return'}); + diff --git a/itsecur-firewall/edit_service.cgi b/itsecur-firewall/edit_service.cgi new file mode 100755 index 000000000..aae6e24a4 --- /dev/null +++ b/itsecur-firewall/edit_service.cgi @@ -0,0 +1,73 @@ +#!/usr/bin/perl +# edit_service.cgi +# Show a form for editing or creating a user-defined + +require './itsecur-lib.pl'; +&can_use_error("services"); +&ReadParse(); +if ($in{'new'}) { + &header($text{'service_title1'}, "", + undef, undef, undef, undef, &apply_button()); + } +else { + &header($text{'service_title2'}, "", + undef, undef, undef, undef, &apply_button()); + @services = &list_services(); + #$service = $services[$in{'idx'}]; + if (defined($in{'idx'})) { + $service = $services[$in{'idx'}]; + } + else { + ($service) = grep { $_->{'name'} eq $in{'name'} } @services; + $in{'idx'} = $services->{'index'}; + } + } +print "
\n"; + +print "
\n"; +print "\n"; +print "\n"; +print "\n"; +print "\n"; +print "
$text{'service_header'}
\n"; + +# Show service name input +print "\n"; +printf "\n", + $service->{'name'}; + +# Show protocols and ports +print "\n"; +print "\n"; + +# Show member services +print "\n"; +print "\n"; + +print "
$text{'service_name'}
$text{'service_ports'}\n"; +print " ", + "\n"; +for($i=0; $i<@{$service->{'protos'}}+6; $i++) { + print "\n"; + print "\n"; + printf "\n", + $i, $service->{'ports'}->[$i]; + print "\n"; + } +print "
$text{'service_proto'}$text{'service_port'}
",&protocol_input( + "proto_$i", $service->{'protos'}->[$i]),"
$text{'service_members'}",&service_input("others", + join(",", @{$service->{'others'}}), 0, 1),"
\n"; +if ($in{'new'}) { + print "\n"; + } +else { + print "\n"; + print "\n"; + } +print "
\n"; +&can_edit_disable("services"); + +print "
\n"; +&footer("list_services.cgi", $text{'services_return'}); + + diff --git a/itsecur-firewall/edit_time.cgi b/itsecur-firewall/edit_time.cgi new file mode 100755 index 000000000..44824d24e --- /dev/null +++ b/itsecur-firewall/edit_time.cgi @@ -0,0 +1,79 @@ +#!/usr/bin/perl +# edit_time.cgi +# Show a form for editing or creating a time range + +require './itsecur-lib.pl'; +&can_use_error("times"); +&ReadParse(); +if ($in{'new'}) { + &header($text{'time_title1'}, "", + undef, undef, undef, undef, &apply_button()); + $time = { 'hours' => '*', + 'days' => '*' }; + } +else { + &header($text{'time_title2'}, "", + undef, undef, undef, undef, &apply_button()); + @times = &list_times(); + if (defined($in{'idx'})) { + $time = $times[$in{'idx'}]; + } + else { + ($time) = grep { $_->{'name'} eq $in{'name'} } @times; + $in{'idx'} = $time->{'index'}; + } + } +print "
\n"; + +print "
\n"; +print "\n"; +print "\n"; +print "\n"; +print "\n"; +print "
$text{'time_header'}
\n"; + +# Show range name +print "\n"; +printf "\n", + $time->{'name'}; + +# Show hour range +print "\n", + $text{'time_to'}, $to; + +# Show days of week +print "\n"; + +print "
$text{'time_name'}
$text{'time_hours'} \n"; +printf " %s\n", + $time->{'hours'} eq "*" ? "checked" : "", $text{'time_allday'}; +printf "\n", + $time->{'hours'} eq "*" ? "" : "checked"; +($from, $to) = $time->{'hours'} eq "*" ? ( ) : split(/\-/, $time->{'hours'}); +printf "%s \n", + $text{'time_from'}, $from; +printf "%s
$text{'time_days'} \n"; +printf " %s\n", + $time->{'days'} eq "*" ? "checked" : "", $text{'time_allweek'}; +printf " %s
\n", + $time->{'days'} eq "*" ? "" : "checked", $text{'time_sel'}; +%days = map { $_, 1 } split(/,/, $time->{'days'}); +print "
\n"; +if ($in{'new'}) { + print "\n"; + } +else { + print "\n"; + print "\n"; + } +print "
\n"; +&can_edit_disable("times"); + +print "
\n"; +&footer("list_times.cgi", $text{'times_return'}); + diff --git a/itsecur-firewall/edit_user.cgi b/itsecur-firewall/edit_user.cgi new file mode 100755 index 000000000..51f04bb45 --- /dev/null +++ b/itsecur-firewall/edit_user.cgi @@ -0,0 +1,107 @@ +#!/usr/bin/perl +# edit_user.cgi +# Show one Webmin user + +require './itsecur-lib.pl'; +&foreign_require("acl", "acl-lib.pl"); +&can_use_error("users"); +@users = &acl::list_users(); +&ReadParse(); + +if ($in{'new'}) { + &header($text{'user_title1'}, "", + undef, undef, undef, undef, &apply_button()); + %gotmods = ( $module_name, 1 ); + } +else { + &header($text{'user_title2'}, "", + undef, undef, undef, undef, &apply_button()); + ($user) = grep { $_->{'name'} eq $in{'name'} } @users; + %gotmods = map { $_, 1 } @{$user->{'modules'}}; + } +print "
\n"; + +print "
\n"; +print "\n"; +print "\n"; +print "\n"; +print "\n"; +print "
$text{'user_header'}
\n"; + +# Show username +print "\n", + $user->{'name'}; + +# Show password +print "\n"; + +# Show enabled flag +print "\n", + $user->{'pass'} =~ /^\*LK\*/ ? "checked" : "", $text{'no'}; + +# Show allowed IPS +print "\n"; +print "\n"; + +# Show allowed modules (from list for *this* user) +print "\n"; +&read_acl(\%acl); +@mymods = grep { $acl{$base_remote_user,$_->{'dir'}} } &get_all_module_infos(); +print "\n"; + +# Show access control +print "\n"; +require "./acl_security.pl"; +if ($in{'new'}) { + %uaccess = ( 'features' => 'rules services groups nat pat spoof logs apply', + 'rfeatures' => 'rules services groups nat pat spoof logs apply', + 'edit' => 1 ); + } +else { + %uaccess = &get_module_acl($user->{'name'}); + } +&acl_security_form(\%uaccess); + +print "
$text{'user_name'} \n"; +printf "
$text{'user_pass'} \n"; +if (!$in{'new'}) { + print " ", + "$text{'user_same'}\n"; + print " ", + "$text{'user_change'}\n"; + } +print "
$text{'user_enabled'} \n"; +printf " %s\n", + $user->{'pass'} =~ /^\*LK\*/ ? "" : "checked", $text{'yes'}; +printf " %s
$acl::text{'edit_ips'}\n"; +printf "\n"; +print "
%s
\n", + $user->{'allow'} || $user->{'deny'} ? '' : 'checked', + $acl::text{'edit_all'}; +printf " %s
\n", + $user->{'allow'} ? 'checked' : '', $acl::text{'edit_allow'}; +printf " %s		 \n", + $user->{'deny'} ? 'checked' : '', $acl::text{'edit_deny'}; +print "
$text{'user_mods'}
\n"; +if ($in{'new'}) { + print "\n"; + } +else { + print "\n"; + print "\n"; + } +print "
\n"; +&can_edit_disable("users"); + +print "
\n"; +&footer("list_users.cgi", $text{'users_return'}); + diff --git a/itsecur-firewall/enable_rules.cgi b/itsecur-firewall/enable_rules.cgi new file mode 100755 index 000000000..94f24a8b2 --- /dev/null +++ b/itsecur-firewall/enable_rules.cgi @@ -0,0 +1,39 @@ +#!/usr/bin/perl +# Enable, disable, log, un-log or delete a bunch of rules + +require './itsecur-lib.pl'; +&can_edit_error("rules"); +&ReadParse(); +@rules = &list_rules(); +@nums = split(/\0/, $in{'r'}); + +&lock_itsecur_files(); +foreach $n (@nums) { + ($r) = grep { $_->{'index'} == $n } @rules; + if ($in{'enable'}) { + $r->{'enabled'} = 1; + } + elsif ($in{'disable'}) { + $r->{'enabled'} = 0; + } + elsif ($in{'logon'}) { + $r->{'log'} = 1; + } + elsif ($in{'logoff'}) { + $r->{'log'} = 0; + } + elsif ($in{'delete'}) { + @rules = grep { $_ ne $r } @rules; + } + } + +&automatic_backup(); +&save_rules(@rules); +&unlock_itsecur_files(); +&remote_webmin_log($in{'enable'} ? "enable" : + $in{'disable'} ? "disable" : + $in{'logon'} ? "logon" : + $in{'logoff'} ? "logoff" : "delete", "rules", undef, + { 'count' => scalar(@nums) } ); +&redirect("list_rules.cgi"); + diff --git a/itsecur-firewall/images/.xvpics/backup.gif b/itsecur-firewall/images/.xvpics/backup.gif new file mode 100644 index 0000000000000000000000000000000000000000..e381eb6c3d0b37e367d0adebf84f8d8d42bd3126 GIT binary patch literal 2370 zcmcIm!EPf(5bYyGTD~FD_DJ!O>;@u^5bt(HBw-EWx)Krxr0qEXLhutv(<|{Osg|7o zaHQ^k+2OtFvB!3nBTmaR%Dh+g>UB-Ezx(p^#f$Tk=W_E}ZeQJf_44x1mzSrj*I%EW zeg4J8<>^m<{r>ZBi<9Te+pD*Cuik!hcXPA6{o(r)fUwRlE>6UYR8^JG@mjhdUDcwv zN-ko4lrz|N_z}+(^^K&N&xmaV)S#OO;IAGw4~O`sJ?SK7mjQ$`=`7D~zb5~k0?tzZm@}Yg z+Xwhh`xKJt3wy!6zkh#E_(U)kie_xq%l#l8SL+!~Lq@3vv#(!CZMGiwUg@01JR~K8 zuswop9QGIc%=nh4xRi#JQaHpKi#x5$u#gGM{&(5~j&(%%k$e!)6Ps;p;9Z{v64IdE zE`#ZMV+3oB8SjQZg24Dg5<~31_6S=&gd=*C6iF~i7JSa&6HRaRx)fs{hirjKQf-Z^>!&0doN1&Z8^k??7;j8mm5gt}g&NSb7R_?rM zo?3iNe^GSn9DP1piQjSPPdk6ntqd-OMmFC$D{;vJ|MvVvEwdh+?~Z!ljA^Hi-S2}Z{xl5FH1_+!8O|L4fj{`oG1Zs@ZvJol Eztz~Z6951J literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/.xvpics/icon.gif b/itsecur-firewall/images/.xvpics/icon.gif new file mode 100644 index 0000000000000000000000000000000000000000..fa62d28e13074c0fc56d730919db5bb62b613911 GIT binary patch literal 2370 zcmXYy--_Et6vi7^naqIQR|wQHo(URLr)f(s+a_%mH0sKww}nD4SIdrywtb00WIBRA zMgkUC?~#B7@q08E>F;P`Sz~$TeCK@UuYUUK(UT`z{n?BBhZp{N@y!=s|M|t&kIEmu zeYAeEefs62-~RgJ_uA;sp84;8EuR1SU6JR{{Led$5Z~?7r~3SUd^e8chZBoDoQ5~& zx5x3&a}S4}oAuc9)Ey6f?2$j8#t&TYxF;O{#{jcfh}eIu=eLthFh~MCj^pty*U0xYNxflXxZe|%2y(#bLG}fOsu36jWK-bxhB1D8 zBkV_<-~o4JJ&*690*Ym_APPj)ghT^Ygur2(#Mu^|!#$aM)+1&I76}j(M2;T;3O%B9 z=nfLCjwcCSlnq&8+r?M0i+y{PGma#}|8l}^%jw6vj-l-WpSIlJ*8Frq4pDIEMfHI{ zAy!@0{2iJbk*G?(K9nrwjUYn@Dz<$L`w(w#ch|ep=ez6LbL0{7-sey9qRfk{B7h6n zjCC7pIV!EY+T_}K_RHX%cg}B(V=eh&CKR{(Ce&@y*3QngQ`(t@5rAMb=X42b?)(IB z&=N|!mvx8>ZM5Pt3#}{~vyF0#%+>iW_YNj?1`?xTCw_%)fqsz}7|+hSxpj-Y$acA_ z>L!HZ3VGnL5=Mw<#TPpK%q_o}wwX0f`)vhzzx589!T*BOO^dtEUCx~|n+$P;jW#OP z2Ap-dIGt^B5Wd8~z8PBa#`{o}&f=-f61$!)tx+~LE_<9g@A8dsLXM!05tCdvBf6Z? z>)C}}Y7oX6nukHKq4q$!KrJswlj$Y(`PJ}9zGD+)A8 z6SbTol&)7lYEMvzW7{3}G0+0r%f)?o=Bv5(;NN%`^4W!5yF;R&&NupL4IuWO-8zU~m-&IYG zUZ_aB-?c+1FHt^IsY)KK6O7Ohmvf71DIq#+A7dS;h8Xv;9mp>wsdU0;nGhMPc5tMM z(C!tT)zavc57Y_KVL;vrdzB>VMUoP%(8q-}_#vI|ceh2L+(V=pnRx@%O!+9P000K` zya=Vuq`4F|OV1o^=FT9ge29;E7G1~*#FE@(BowfR=Eg}bQl!eP&-cQ*fY zl7|gOW_Tb?Z?_n(w)9;)^$GsAL*#Wqn=l=uEhzcnbMQE5VBOM(Ws>_$uHcT!ooDO zpd{myiks#$(iAk4cR|D%76o~lu6&y3OvAE5zO0&R=R9MRMnos$B!g<{DMrdS1f;I$ zEuQPEo2KH`vkTL}r{S5nPEFbL^eRc>1%~;TcWwQ$1}jzC+yM7{O1zMilKT2u#Cavg z@Va?*_i|5I*!`ytRC566>%1lo5(QtzUiy^Wa0#Z5(&kh%1;KoSR=|dX4w=FK{ye_x XdB+aChvO?rQGbxQBin{M$d~^E32t&l literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/.xvpics/restore.gif b/itsecur-firewall/images/.xvpics/restore.gif new file mode 100644 index 0000000000000000000000000000000000000000..444c546d0b94dd7ea2d186a50311d5ccf046f332 GIT binary patch literal 2370 zcmcIm%Z?m16!n%-@(&}$B~33gc@VLL>7?$6nIR2g8wrU8Qd|o_2z~;ojKrVhTI&2q zk7WN#igT{((bWt~)HUtysdKK+IoD5?d!WQp1=D2`K$BYn=j8V zp1yqf^!$fEe*N*6&DoRf?bW-x*YCc%ySdrke)sJeK)5bnyf_mtQdCvihGTA8X^LjW zC@HIrcE94vG2Y<@Xp)m=FAiUe0_F?;fw4^(7rY}Nd1+ZUwJs^XgV%tciElVgc%X@& z>pRpY!Rps}tbWyIXy?SVkmE`l_3_Tp(_wQZo1%w(({9b{h#m*lq>}V#*zH_7C~&eZ zy4URmvst4l%Hyx(&xT>xy#?W;m#a-V?CEV=PT{~hg|WwggTNWQY}%stda;!Y@uvie zQNsTo3CQQLhwttFesB4lFf@HgR=pA+=_sF?=P^U0RcG;OhNC{5=I;on)!)_x_80AB zSH_-U4wy+FqQOUkv0$1W=-2We=g3Z6)c&tWBlc&`FcFqMO!cugorcs$1#CBCjb(jc zf6?a!?_%s@jO`j*XJAU(c7xSAuYac<;J8i*-;<9S!#^TBpsgiy?HOZ-(Nl3zM{9@ySOC z_B_CY@1(!(13y+zeTu2v*hvZ}V7mB({xMWKH&#$|mKK6JtDn2T-e=5WUE#*^#^0-VA2n)RS z%LxK3gEOPBOkL3&vG^hejjH)$CqXn3vGipq8J7hRI*41r)41MTNF+c^g~K!)q9;Ci z1Q$wx_WI1!Ib3AbShBtF<^?#W!Yk1#_qyeIAt7ZvsoZ;%U2D6xGqjWt7(DmvQ4dBV zU?<1sjP2GshRV{l*V(Ek?7eWy{OkUYZECo9oI@*auOp z)}{J#w$kg`ubsbGtt>8?LDt+e&z1&#PY>W5Jf6kZB{rXz)4BQ(zPR>U#~>+zoA`8& uKZu71=s_~3ojT^<2mi{aVtC+iy<2UL_$gp>{0DyZn`6|FT73Aw@&5pHP_#4v literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/.xvpics/syn.gif b/itsecur-firewall/images/.xvpics/syn.gif new file mode 100644 index 0000000000000000000000000000000000000000..928eb63c6bb7656f69709678bceb996efb77c6bc GIT binary patch literal 2369 zcmdUt%?^Sv5QI7N6ivA3QP6-MRWu#|quxnOd;&e_(__V^wp*s@ns|_qz|4HJEkFBQ zWLX*~yK1|uH_c*N+^2;&Y?op*ndjpCxLvN}I4SFO+icoZQ&nYsI>wTbXF8k3-M<_W zbE8qjYe=5e=y^s%@xcwv2R00zG^_*(i{+cgIZeKsFI#jF&}#nc0tnkS_@IWxTMd#Rsh3B916A@;m?l literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/authlogs.gif b/itsecur-firewall/images/authlogs.gif new file mode 100644 index 0000000000000000000000000000000000000000..7eebfc951f617c5dc02f55ffc470a492a1376476 GIT binary patch literal 470 zcmV;{0V)1RNk%w1VK4wN0KxzOnVFepW@gOH%>V!Y000000000000000A^8LW00093 zEC2ui05AYB000C22&%FEVhJ&-y*OLY+WVjcXe1VRsN;oTS$5pIh7&N=imSyZ7kW2Z zL}%g|J2Oe-7Eug|l@qcTb2M>~+LI`i9;HjAwrMLvyWL~?3Sw_v=(smbXRgg$d9Oz= zfBJ7EdT4iHYleO!I)iCWg(858aEyG3k&a<`l$Iixk3~^-Gz5?nyGu36yn|$sls#IWWcGX% zG$JRKE^Qu7sxz6-nTKi(g_;xTH=rDaUdn2c>OMp#>og@Ja>YkqWxO~_1Txb|XQev6 zy*M^wC8_*QrAdhIRFnV%s@d^d_O8^y#}1Cd5>t}m#R`9EFgtI-3(5e=;`#vPLW|Cz MLyI0w`a%K#J8&}0B>(^b literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/backup.gif b/itsecur-firewall/images/backup.gif new file mode 100644 index 0000000000000000000000000000000000000000..20cc7fb141822f09ab45eff10f55d74e7924cd35 GIT binary patch literal 1658 zcmeH``%}^f0KmTlq@f`dzQU=PwsLlnYg?RFzR_l>`9d8E;u8_yiHZjD5D63zHPH}h zDLxMfUsD%IqSMQ?+|tWiFK1p|%eK1eD&6`Y_TxT(!sl}zTv*5nEC~Z(fTzG`U@+L| z=;-k9@QoWc#>U1bCMG5)C*$Jcs;jGaWTZtkHBC)TnayUS(YU?6Z8Djrr>E!U=0-+F z#>dBXI-S8_kWNf!G#af|J2*I4H#VkLt9yHU1tTLJ9UWa=UH$$27j-($;9zTOYkPaU zN~P-T>||&(Ra$LRQ&USzOIuqTO|7O643rHFG&D5G<#MG`N$u<`>g_G;>8Y))6^q3( zne6oG)7jUq@pwFeKu}j#CzVRmRVoI9!DKQy98OJ5jZi3TY-}VcmE?|&WQF3wg$re6 zWo$OPzP_Gt;M$A`xCL&&tZ8P$;>%xdjCUB_$>6>+8|Y z&1a<2%*@R6^mG!5l#!89SXjvAa?iS$;m__(Z|OpR3Ztgt4m2qArJ_~#lp;+1c5goSf|J?4+cm zm6esm#Kige`S|$wgoFe<9zQfR6cZBzfk3*uyA=vWbab>tBFW3kv#_xEH^Kk>hX&B^ zAs`sA4S0P%;qw!KqwOtAI-6Oo%lPQ z8oG-Q-@Ux29d;zqp9!)$a}+;8iTY~xl7n~F<;XWip7xYhv2+Fl)W97*^@L|2T69u1jed`fXkiHxS zReXp7867hy{?pey7cPU5Tfc&WQLk4D9^0qL7XP?fx(uA1!!u3Ntfl z{heI5To;6+SY%} zJ%H7Ba91Li{Bdw${-9->q1|k9MLy&Q!2e)*@NpFLy W2&(n{i~nNy?VlfB8my2Az~>+Sf2*|s literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/bandwidth.gif b/itsecur-firewall/images/bandwidth.gif new file mode 100755 index 0000000000000000000000000000000000000000..8ee1b16757c350e8ed4108b809c98e3e0a58aed4 GIT binary patch literal 1941 zcmeH{`&W_)0)`R!LiK^W$jGkxZv&RPBkBhMQ7Z?rkO6MDV*FHa@Rd#d1=xS zKDm{qVCAK(0JX@}FsZbxKv1#FgGPpF23p=SL%V4gciVqrf12k{c;DxJH*8!V8<$K+ z&=C^|1dqo{OG^_71euwchYlUe&CSir%M%KPB9RD&;evt!u~;mTNTgD!OeT}d<%bU+ zK62zpVPRoWQPI((M~jP#OG-)<3WZXsEG;cPcI?>ki$-YPDLU(NtGg*VNS1*4CaockcZ8^IEO;!i5WUb#)gn zUaYULZ)j*}Y;3%A>5@*TYieq`eED*7bF*HrzjEcu)vH&pUAxxO($d=6dj0zK8#ivW zwYA;6dGpq-TeolDHW&;>qp`ic-DEPE&E}4dj?T``uC6YN#nRo~edo@dyLa#Q^z_`j zcdxg%*J`!)_4W1l_us#N-)6Htc<^9gVBq1yhjzPtaB%R^qenwSL&L+vj~_oC85w!< zeZ{)uV24;^XBc_x9{G)TUc0FTwHwr{{4p!A3lEk`03N9rKP3+{K@|} zfiT2p{)*2$V&XxP{A1MG0KQ5*6F=hND9e6gr*MjtsXevZ|E76Rz?Sa z_Y3FJ;xeq*W#K=yfKl`kFET@6w`@@;HlGc{kfy170W2}kV`NT=>MUQm&GUDz!NG(X zOn~snm6RZhS-X?k5UvMuSPb3@F? ziFzC!>{@~f%15}Rt}V5y2KYOh$!upufkm{wbaD21C0(&P)Df&tYgfOJ&)1M@LZda1t02ZT*qx=LcDZKm;+HNC?-u zj99kHC=-i0P5r_8WEy)5urb+$S#1{tuRm<2CC8EtqOx22>io$-iNXe7mC%NHb-IS3@1+q?PEKAaROO;)ld& z;*kK#Dn$Q0x{ZU5Y*8RFyS2#;0sC+Q6aL|>%J}(49dPsRR9-t6n&SHU!0xLa9cUED z6Ja{aHgLe@$J1etcT6!GASZH-cz#V%0qNHizyfgf3KQnuTedue&*vhsQEdv5AQciY zgLhy^ppVGT=Z26ueVx>-9uYudq#y=; zHV+-mu}v?L`Bi;EWmIemKpOOGmkx<{(coGn0JHI5Ib1B?^mXh`6y*S91b?@2h?K_% z$;jW_7w6)0jz%UWcqjTd#hcMeW;-srNC;ChuVevJ*0|req!kFiB=Y#*vS4v`BKq`@ z`y3&x5oqdTC5F#%TcPhr=G?KN{cH<9T5m9UuBwkFQmRw)xy3tf4oZmyh%GJUywFqVo8~wFh zjZd@e;et*Wub2MgE1?L>L%7GSKaYJ%@?!Qvu)p4cjs{sF?o(?a+%MQQ3ezdM#R6NH NINjcj5CZY-e*sbdOzi*w literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/down.gif b/itsecur-firewall/images/down.gif new file mode 100644 index 0000000000000000000000000000000000000000..73025ba5106abd951438d98486908e4b3f02e5d2 GIT binary patch literal 108 zcmZ?wbhEHb6krfwSjfO|CR zz|5cnQ~*>jz`($yJ*R&qv+QgK4kjhfw+BNv-^`rzJ=Lo@$?=!OW$tEAo_3C0y^U*6 Mr}#CAFfdpH03Em@y#N3J literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/gap.gif b/itsecur-firewall/images/gap.gif new file mode 100644 index 0000000000000000000000000000000000000000..1a777645397418e3aa27b12c3b14998fb601445a GIT binary patch literal 73 zcmZ?wbhEHb6krfwXkcLY4+e_=_Nk%w1VK4wN0HFW?|NsBY%*+4)0GXMYA^8LW00000EC2ui05AYB0008a zgpaAq?GK}z6o!kl4s`|rhN8%I(Kn`GX+EervTgIip*%0OE#P^wv-y69AZ$nk7*$B( zvbTv|a?fXsD&&!<(u?+%)O}ZBg>}o7rn*s2VDOH^gJ-Zrj)$+uy*vDmN5|I$bTM#< zcqlkV=&{F`qy|}rP)9~tw8o}k67~4isFSw{+A&J16$%6h=sD^3mME(@h?)8N<67!8 zTIh1)W!C){b6XxV40w8_a#p$gs1?2G|zNQ{RK+#P4D?JXURJUcrzoo-tI06Q>r BboBrL literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/icon.gif b/itsecur-firewall/images/icon.gif new file mode 100644 index 0000000000000000000000000000000000000000..5366851327f6be61d555c44d9e3345b75d7fcd37 GIT binary patch literal 3256 zcmWmD`9Ir-%)9n^KrDQ=d|m0-O;aoKi}71@ciXY)qG-|^1%C|eE9y)#sS z)Gn=lerc`$&Vv;7;QH1t_SsEtqFRBp$2usT7;?t@L=9F@f?%J-dq%~pZ;sqwaXQnU ztG@Ahelamdi2EE`!Fu@OH^7zZryDM--xlLt;eg|>^vQslYLmxPYzQ! zCspjrZsrtrwhqpPORp3*kBu3ZnITz=k2bA&S&YcjrMgMY@cik#0%H4o=NtiOCrs1ysD>nY|FwsR#4dMoK_Wa;X2j#2%4Gb zoL$GxZ5bRh2IXp;a$D#rWoI-)y~A^tx+W)$%jgj4$i$L|K*Gws94Bc#rqchmyGsu` z-rP5Xi&MA+q&V|W99H$i0`gdSmywC}M$>Aps-F~?VJT3O)9P80s}_7QJg!`Qb>_5F%1>KpcP%Dyqv>c&g!fTQuM zfoE@i%d5K$@fN9dlXOv|;KDUVb~7{ga^tnTgJULEUI#j%k}bV@Z)pP(Cigg679{D! z#8s3v8(RBjN#3c(`4x-YW>QcdB2rn`HR%ETxBq_uK<)y^i!;3Y=0?u^2W?}UxKMd1 z>%M)T{$V@B_ET|yP-FniyK=>>x3Rh>-$c}z8p<=gYu0_wvXTe+;Wg=#j9=?!{l#2C z9mQSn{QVckGW@51{WgBDJJw}^l6Fdy;axBM`kGlHaV`(|A)=7bG`7mZlYZf=bw$I7tRMU3-x@j%%R-+ zuOnAeYu|-B$c!;rv%dmVXIZiFcFI69q6E!Vg{3-x_czqy( zH1Mx~Pk(dHNXj-!&&x))eP64y7=Li2{GJ0Kr-rdzAHvlqwS|#nAu%ahHgPrb&Bo@R ze1`<-Nz+utxhDh7SKcv(E=320jr<71`F;HL0sf%JGAt;C96LoYi z!!l@LNCV(AMfeH(t_-bxujQHVhRYvkj^_t)Rd<+x5H5LiX$5O zj}3H)%~LX10LeFTWD$qg3kRN+NN_4T?S zOOf)!cKxZukX?|t&*wgNl)MAo^Xm8f!;ZD5YSCoh5iX95=RjcOg77-zfhs>D6rXJ{ z`_R=wpu>@8<~DKvVRO7DQPP}zFtN59f_GPz3uQt77!gDKTg%^Z_v#2o9^jf^ZNT9x z$bpiv&xL1a?4FIjou-7&$-+IC4-%tTYQv9w^XvM-P%<7V3EwR95LLRga#%CO3ctbm z?YqF)dBz#?+hCxR>BA3#Etgu;$2Gy-9l0+SRP1=I=6LZB=CginuvDQu!(+puGN;ss zL4)~T#6ekvkZ(Ah*et-&&S7EFc|Wn@A0vvazL7GlJFE1Zj7D)I@F|79!Imo`?C!9> z)Q41y{3J)WCld2D#YT+CE62eD{`?6~>KHW;YT9%wOOuXSHqg}ix9;dy}SB54T zz?H~Q+YQ4QVv2@{Gm!C526~)4#*;-wlkR|@(gh2UmLHe;^2F5#OM-zV0@Sga$Ay2H7`0BT%8AZA--LiazCF{>2&@mCFNmR5;X`SSLB_>HWtdju;PRX!r?X*R_ z3_SgZzUBCi!ID>7Vb`EQ2um;1jlty@kkjmYYCqh?S^>WG+=2t?YO^L6YgoXxYY1XFnbxacO??d4CfLC zw@W<=w3SK$4O$z{_tWfPkJ>uoXY??{&tgsD+J*ylEruvw*AUJd?DXAX7TJ20o4Ar3 zP~+rS=Z-nXr$NTVA;6mjoM$G0enOpr#AtDDb9kt6L7~cfNh1#j+lpNc*g2UDtslA( zz*S+SiuspmI03sUW)`o>z`q#y)NCr`vni$h z-Ow_epA4Hk%OkjjD*;WutIJ*)DvS;P&cx0Cs<2;Z*KD(lA)ysr#i&K?7* zup68Bz$70;CI|p#b?6g*A!HL5Lis4i9A$+a*ixx7Zp+OrV*q6*0*wF0@?g`B+;aaq z^s~$mfRY3hpNl=2*-1y!!-Mz!x%hl96+rDYU2a;E%gv)iNOX*W!QLO8YT(&oyQkeo zh4>-{cMpY|@ImAn=iwRC50k++KN=N(CUXZ*h^7- zMRB|igD`F@2_+C@?57w5SC1NKb4-KwKra|zKN-**p$9t#VOoGAO|XM&IMWUeT7!SH zBWM#s+o)#x8vNfe(3&fNF$RkM>hF8aWq4Y+GUaBvMKS_nzj!mwQMJ^(4^q9SD| lJC=PDfcb@w`e~YYItKN82htyd*bBxkQ{i+UGzbJ7_&;*dMM(ev literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/import.gif b/itsecur-firewall/images/import.gif new file mode 100644 index 0000000000000000000000000000000000000000..1523c90f1e45a5c7374f74a1ce7225c40025a86f GIT binary patch literal 1848 zcmbu;{Z~_m0mktV-olFz0_7#e09l9{Acnv)h&2addU+8zNF6OfBHUu?i6fJY<=Du{ z;1Vx1)c_fda`jyCN>fbrmZg|#j!PjxglIFGb<|~!(dY>lj~tC_^xQEv_BZVF4?N#r zo{B1OtJURl5o)n*eai~hdA;7Ks93+>FEy)0P{aEA zItYSF)Vr~^?C7n$2cRTTK@$8X7fPlf|VF zDGi9#wrp{FgoXfLAd-TR!{Mk?AsB|$u~X#^wcflU<sjRE36NyA>gWF=U z0M!bW+UWE7Xf&EwEOxuy8q6a#hvepUv&B<~Y{KtJMhV zfMATlV5l`n0-dHexgZEK7;%TwXSdq}fdG!PrwHBMrrqyZ{N`uAa1?4cfJ#F7$vbhaLpVPGhpdm35(i?1` zC4`_ZI-SlJ0I-8FI0*$#K(L)gqw5V08J8}T$=n`4tjAPZR12X-7a;?oMr^y;lA6ji zAufZ_3G3}amDu6%2?PKDfKKO%LWy8zj|_xytJi{W2j~&ht5k}WX_R=$t$z{)Sn5ik;bt3kJF13QSY}q$!l5f`fF~Wa%fi-Ky~wTBd_i&n(lg#dwg-Eq?6I{Vb_`m ztvR7@a^8HpoC`Xk9eIJl3!=t7yU#Uw6I06T4HRhK_mq*Ze)Gt&9~}SUa(vGp1gv+0 z_w?a;W0~*Wc|dtIpBJ$o*nIby7q0CmN;5ySKDztSt}n931bwZr?j7RWo8q*QHzwQO z{Afq>-4i|`g(T=4ZA<$^+y3z9!TG@#d*{ARdDVC6cIO(Kd^f@~T6WL^@NY$IuI+7| zj@#UltUVhR9{U{lZhiCWzfMPmGHNcA{PFo$>yFnipZ;U;^7QMKxZx|mZ(Dmdf}Z~S zv(y$S`0Z!)X~GUQqgAoXs(u6;4in@w@e3ZH* z=_`DD0pT9qymHk5Jh?TU6~}r$PnOV{2C|COPY&t+a{GL5QgHqQ^6B8>_mZrwn8&T+ zmhQD^nlL*|5*9g9ZcaL8Y=RTtH~kPm_^Kyu;`a0zNgAo9XC{I)RUXCaPHEMR{yLa5 zdr?UY9ZPPeOJ<55EcG}Oh7Z%Lk{*`$Yj)Q>K9t)}S1tVT2|u>@gYt+;KfoiuC%u-u zHJaX9Cd5jhYQ_L@@;Lq}-%c%fcQdGCJ8#jevZDr=?(09EOqQe#*qatEo*5`yx<)Rj zkEY+b^g_qGA>~vEt(?4S;g8hbdlNtHnVL_`(Vbk(Lni6UBsX@VjQz{(A?MED#hZsX zj4qm!_0mcx*x$&5P$cboPG@*?tC>p5z0V)uKVABq$NI(n>0T=B{2f=yxl~<8GKtk! zvx}464YL)ehHLj!v3kQ}_6_pL;o;*oLrbK88t>;vy;Lp6oEmSN&%74jw^(e-fBz@` zlk43##J?>ot9A8FS$j)L&w}pK!Q)?k!#5r7xS1l3E50oLQ%@^p_ri6ke=8546C3{g z>9}~&*U=0mr0*#Q0gDMAz)wno41cL#p^owusNa?NI6F$ z@8ID_Ho63-if7d&#-2mb2f)X}r^G1(Wdp^UrKJ8h^iwDhm>rviS;p^pKu+xFWCV3! zZiX6}IAN_S9?zr!+}jtvyjNlz+FKQWpENua9?7e?$4n`a^c23;?f>_yUriQzO7_q7 z)TYJMSCT2yOztX~*)kTHKQR`YyL%@2?sG{&%5-EFPnUR{b{n{hHM zB2LgAmN7Ta9E(o6QOF|agAj+DK74DBj(mpaELwklmQvZy%xR}EGweJ`4*kVI`)c`{ Yt|h1-f3?5`ZTFj8cc3Ir?y8Vu)7XSb|Ln}7Q literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/logs.gif b/itsecur-firewall/images/logs.gif new file mode 100644 index 0000000000000000000000000000000000000000..7eebfc951f617c5dc02f55ffc470a492a1376476 GIT binary patch literal 470 zcmV;{0V)1RNk%w1VK4wN0KxzOnVFepW@gOH%>V!Y000000000000000A^8LW00093 zEC2ui05AYB000C22&%FEVhJ&-y*OLY+WVjcXe1VRsN;oTS$5pIh7&N=imSyZ7kW2Z zL}%g|J2Oe-7Eug|l@qcTb2M>~+LI`i9;HjAwrMLvyWL~?3Sw_v=(smbXRgg$d9Oz= zfBJ7EdT4iHYleO!I)iCWg(858aEyG3k&a<`l$Iixk3~^-Gz5?nyGu36yn|$sls#IWWcGX% zG$JRKE^Qu7sxz6-nTKi(g_;xTH=rDaUdn2c>OMp#>og@Ja>YkqWxO~_1Txb|XQev6 zy*M^wC8_*QrAdhIRFnV%s@d^d_O8^y#}1Cd5>t}m#R`9EFgtI-3(5e=;`#vPLW|Cz MLyI0w`a%K#J8&}0B>(^b literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/nat.gif b/itsecur-firewall/images/nat.gif new file mode 100644 index 0000000000000000000000000000000000000000..b2d7f3b545191db01571a1d3c9e72389fd9f7a19 GIT binary patch literal 1527 zcmdthi&N4E0KoAd$WxJrppudyf&#vv!@|dTkO-)0s4cOuKv_Do4z=67%T&}7^-?3u z=NjZ=c4}s6cebv;5?|9p)85nFHO*(4t-oX6zv1&0MF_cp3KqZu{sw@rU%#%e zuV-dvZf|d=r>7?;C-3a+eERe$E-nrLfW*Ya&!0c%=jThM(y_6z-QC@+tSnnw+t$|B z+S*zd7Z)2F8xIeU!NI{VU%t4yx@Kf#G&D54e*N0s-k!~7$H&J%eE9J8?c34O(O4`N z3ZquwW5@v2*i~uSA;^LmzNiv zPM@Bh&d$!(>-8WI=*5c{d_ErzhmVeq;_-MS66xUJfWcrW6w2w-rza*RXf&EgBqEVW zWHLD{ER4ZmR8>{^`}-d`a^%{zYinz3j~_p-si`p-4CCYDZ{NPXfB!xV29ro60)c?Z zWS&2N{`vFg3WZ{0V?!(!$HvA61qG$0r3C~8$mQ~rCr`e7`7$^-*xA{cN~Pj(ICpn< zUtizr*RS{X_7aK2mX;Qi$@KB#$NKtunM}sza_#KwR4Ub}Q>P9bIDkf@+uPflo1155 zW=cy-_wU~y7#P^q)#c>ml#`Ql?%cTt4<0NmEcEsDy?gg=ad9yzDM_c(EiEn0&d!F0 zhL)F?4-XG}dwbW_)y2fbeE9GoB_$;xA>rV`gDWd5j~+eh>FH@}YfDW{)o3)Got+Q} zWOa4*#EBD?m6a$I>izroN~Lmga`Ky#|7AYklz%&c1ptU$0E8fk@90fM2t4yJQEqrr zVh2SPh`T8O7>bh4YW@WZ!AOFSRjef!LFlerdg3YwqC--|@`zOv#Fp+YEl|ya#>$9T zV{sk-2@DO-^J`@FFh6vnsq8LOIUqwBB?#IkP-> zIoL2W%7vQFjg~LMO!i3C&hLgIa|Jv^xHi+Ezf`#otfnFk#SdX?1ptBFPh7%L0j*wn zOF3+DI$Y2Fr%~UJM@t+8j6h!5Gfe#DL+nG}r#X5jNRk!MNw~MBRH{CXH1ZVSAJYVuy*a3Acx05!FzCkGV=93Pb1b58Pvevg#%3EgAVKV0 z1;{EaPMk$IxDSzwQ3|yTGYx-6xMYu3+|Z%rNQ{)4Jh>65{tE#(BD?bnH@)zV4Jo>xtt zs$pRUF*Y1kt4vZr<07q74aKY70Fg;|R$}7%S#1Hks`<;nPk=rQT#|M(liy|37C^g)z<8h3 zwt&$Q7*63rYBveUq~8`os>UyL#+F&&$ax(h&;246!8Hh?_QZG{E%!yDRz%ZwrJ18) IAP^AzA0(ahzyJUM literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/nat2.gif b/itsecur-firewall/images/nat2.gif new file mode 100644 index 0000000000000000000000000000000000000000..b2d7f3b545191db01571a1d3c9e72389fd9f7a19 GIT binary patch literal 1527 zcmdthi&N4E0KoAd$WxJrppudyf&#vv!@|dTkO-)0s4cOuKv_Do4z=67%T&}7^-?3u z=NjZ=c4}s6cebv;5?|9p)85nFHO*(4t-oX6zv1&0MF_cp3KqZu{sw@rU%#%e zuV-dvZf|d=r>7?;C-3a+eERe$E-nrLfW*Ya&!0c%=jThM(y_6z-QC@+tSnnw+t$|B z+S*zd7Z)2F8xIeU!NI{VU%t4yx@Kf#G&D54e*N0s-k!~7$H&J%eE9J8?c34O(O4`N z3ZquwW5@v2*i~uSA;^LmzNiv zPM@Bh&d$!(>-8WI=*5c{d_ErzhmVeq;_-MS66xUJfWcrW6w2w-rza*RXf&EgBqEVW zWHLD{ER4ZmR8>{^`}-d`a^%{zYinz3j~_p-si`p-4CCYDZ{NPXfB!xV29ro60)c?Z zWS&2N{`vFg3WZ{0V?!(!$HvA61qG$0r3C~8$mQ~rCr`e7`7$^-*xA{cN~Pj(ICpn< zUtizr*RS{X_7aK2mX;Qi$@KB#$NKtunM}sza_#KwR4Ub}Q>P9bIDkf@+uPflo1155 zW=cy-_wU~y7#P^q)#c>ml#`Ql?%cTt4<0NmEcEsDy?gg=ad9yzDM_c(EiEn0&d!F0 zhL)F?4-XG}dwbW_)y2fbeE9GoB_$;xA>rV`gDWd5j~+eh>FH@}YfDW{)o3)Got+Q} zWOa4*#EBD?m6a$I>izroN~Lmga`Ky#|7AYklz%&c1ptU$0E8fk@90fM2t4yJQEqrr zVh2SPh`T8O7>bh4YW@WZ!AOFSRjef!LFlerdg3YwqC--|@`zOv#Fp+YEl|ya#>$9T zV{sk-2@DO-^J`@FFh6vnsq8LOIUqwBB?#IkP-> zIoL2W%7vQFjg~LMO!i3C&hLgIa|Jv^xHi+Ezf`#otfnFk#SdX?1ptBFPh7%L0j*wn zOF3+DI$Y2Fr%~UJM@t+8j6h!5Gfe#DL+nG}r#X5jNRk!MNw~MBRH{CXH1ZVSAJYVuy*a3Acx05!FzCkGV=93Pb1b58Pvevg#%3EgAVKV0 z1;{EaPMk$IxDSzwQ3|yTGYx-6xMYu3+|Z%rNQ{)4Jh>65{tE#(BD?bnH@)zV4Jo>xtt zs$pRUF*Y1kt4vZr<07q74aKY70Fg;|R$}7%S#1Hks`<;nPk=rQT#|M(liy|37C^g)z<8h3 zwt&$Q7*63rYBveUq~8`os>UyL#+F&&$ax(h&;246!8Hh?_QZG{E%!yDRz%ZwrJ18) IAP^AzA0(ahzyJUM literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/pat.gif b/itsecur-firewall/images/pat.gif new file mode 100644 index 0000000000000000000000000000000000000000..84b41c13cb06d733d3bcf6e79b466e268cc991b9 GIT binary patch literal 314 zcmZ?wbhEHbG+;1bc+9|X=FFM@|NqaNIWsLSjp0ATe;{H20-zXnp!k!8k%57OK?kG? zWCjDvbAgkdtM^*GKD+yWf<|9T=Ddtm>vCT2E0AF-$-Q5(?zM=(p92dDJaqV2_Z~=C z5Mws=n8pN$rD7b6PmZX+bz9Ba%(!~$k7+*Ym$lal9cj&(;cx?^dx94{TWY3J0ozhR$`&zI-Zvnx4KyzS^_ zU^DO%0PsYR&-TjL6P6U~L&U>D6a)w1a4!@mgc-r3Feqp|2x8H2Uo4zVM6|baXXY55 z)!>Dt;DXP|41dh(I(_vW`QPt?*55&^>*UpSmgfz>;R-Y|%Aa^D=FsqmKJ|a?5%k~V zbhO7zdxRP_<=e~b{rkM5xdhKU{KFBk@_g8wC#6tHB12voDKUo+q!bkqe_0H#X@n~4 zgGZ-DCB+A(r)!qh^%;9`dHE2Vjj}tq1~aeCENV8=&ngo!aO95d-c~Esvl`%8CqJ9s zlP`}pn^Sz@Xou5#$rHNd30U&bEmoFRAFDrm_-ua0o=<(Z3UN9e;l&JpVJUEKfwr&^ zG&8rYxeXkf_!y;(FHnpY`pg`8Vrm~;=MNF-z7{npr_p*@dW(&tm0sVTbC$;(sVWwEgoh?KAe+uR7b zCI!!)v2Pl~1w5p~vDG!sb&bYM%tDTo3)yBPib zRJ)zxa6k@+uOcU~y^U_QLjC>3@2!OXe$Zl}-!l8==Yt(xfo3z@V!>IhD2oMUF{3S3 zq{RaN>^KF7_i1hqGn-NEM*NW@^e(fP*@!mXMVKu<8m-W1MC?xTH+2Sdb%Bj-to&1< z-9~~;1j$4~L4?nDH~h{hSwew877JbPA{%?5hI(0^f?lm>Q7G`Gcf1QazkOMd@;s$M zFU-pqGU;f$Gp0r>P~?F!nXf2@k}3m5BKYVy-e_i?RYHdqsK(|L7LOeB zK;Q!)06y}+CjiWQ-~*PLWNNXMVMx5}Aye!93PMOq(<_1mfFUscn+pIygT(j?at2y# znz}HoVc%lQcL*Iom*^Nr;TJ)u=x}citnA08ooe||ZL7@7CrC^%OiJ&M;^?uew~Mzr zo_6d!LwrP#4er(giM8Cw8~{V&q!pW{9_N7;s3glkkUr3NgD}$x_nenE$d;E9)HWH) zlKE5qmOQ4WI&k;exWR3A_)tYfuO@9FGFMkTu8eM7J5lbl6D~l`&R4)095V7ZMs5;@ z6)*G;H*eVLVa2P^9HOnKj&}3H*W#iO8$J}QZ%QM|E5DdY)onV+YQEO-;)2f)LKyi%>9T%sAE48pyCE2)zmLt zV~Mo=y*4&7JrVmdKv{fp7cKvVdKaCz*niPk3eN4Koo{i&nB^tuI_7&4yAZ=-^{phb^oG{g#wtNu zlCiAV1)~&?jKu|3r#{hz6zP_SLTdY9*w8u&YxvG&ism&bx86^755c3@GSkM0jdw!-weoWZx68@z5Y$)%CD+gC zHr`EpvzL%7iKv>Xn7F5ZdE?b3(R_`HQ1Q#9+4?G;d5~BoxHNz6^hn)>2y2ATukthD zeQ)d_-|)5`$LW#K^qdx5{oV1pHMfjlhyorm{{dV^2>MbZ6Y#f@afzF1Zo{MaSDzFm z;k_k$$KaR#)>gK8n<{byb%^j-LcsMh;v*dev!^%qh_wh!0q|rCJaD*HBW$Px6@>fb zXoiH@==RPYfDyI><@Iv|s>_)kz&j}+Qmm>vE;vRktd#|~6l!O42QJ#(>Ct)2OD6|a zftLp!#AyH^Z(khjz0H95rgN-}mudsQKjS{2BvJ2E!w^u8CQ4~Q=Vr%|CoyFRGZQJm z$bybAWXjSI>I2uQ5PhSz)MD{k)+=#E z)Nv_b+gVQLJXa%>E=_jnDgUdcNp7qfn_fCcYD>$ENwDdQqX&w54i11iKX1|w32h7i wb1!}t3|zS?BV7=e3(}-oSmu|fdm@u}kSRZAWX`uVR2kwqDP#JGPzJF5zoG4fr~m)} literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/report.gif b/itsecur-firewall/images/report.gif new file mode 100644 index 0000000000000000000000000000000000000000..f723f755bf7bc887f76a7bedff4fea4a66754111 GIT binary patch literal 504 zcmVV!Y00030|NsC0|NsC0A^8LW000L7 zEC2ui05AYB000C22&%FEVhM4oy*OLY+WVjcXe1VRsN+3nKoBiJm1M`QtK`0X&j&Nw zre*sGcD`f}D6Di&Hycn%O^$>yB4b+Z@~$N!H0v$Df*Nu5WG)A2YNDXqm_(3Dv?&g) zh5%J>HGFJJG71qBGI%~=gj98hh%$3jdKQG0R)>j_98_R?ae#RulXsvbFr${7iJgpJ zBr>afoVP}#d9w?(YPX$s5>+J-zA=-Y4w^}V8X?EHl!_CvJeM1$y;>2J5Y{iw&mrBl zp47UQG=Iyh(+*zUp%*#qfGgGU9~lev)WTa7(0Qdu0R|4s3L3e?tQolo^cX-OC=V4V zZ+0qzfg-+1VZuaJ08Z>w0bwUZ!W2fhi1MEZh)_<-TQ*4vkYo@}jfe?s8oDDkgZUH+ zv**m0pEjM$DKwH$SDvitgsM@Z&ZR^_WW9RJDN?LmrETpQ38%)aWzT&Lo7E*)ufbl4 zHQ6&)H(N_-HihfzEI6VnJssfKQ7fXqIBDJ*?6sxb!>t^9)5*B3M+tW?UPd_y)0=Y? ubwtJ}65^hBc9U8Wsdrw)mZ*0^!c1^Mlal*}#JK?Cw(sA-g9{gu0029z^WND2 literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/restore.gif b/itsecur-firewall/images/restore.gif new file mode 100644 index 0000000000000000000000000000000000000000..35d5f42212d7c6f5a4e4427f45f821a2858d93e7 GIT binary patch literal 1661 zcmeH``%}^f0KmTl3Q3}lv)Dt9xk$JeQb>6j>J)CV_wyjIErd$8Re%$9z_nz~S)m z@$s>-vFYjQiHV7+si~QnnfUm4Hk-XID3usP%4!|tyV6V_xJY?4-a3{Xt<-Jot>TC-Q5a> zqOY&7N~L0`)vc|q?d|PdU0u|H0s6>D`N&9fb8|;WM^8^reqUdyQdu%IR9joy)YK%E zN`r!ea(jFEe7;a96p2I@xGBt$z*bBYATUP#A31GVsVH_l$Ms3l9F=e$`uxi z72MDe7Z*pRQW*>ePAH_)=@k_fetbR{3=RtmD=jTePfyR!&(Fxnuvjd4d3m|Hxyi}N zi;IhwE?t_RpHE0gNJ>gdOia9U=T2;FECd1>92}I%WHB)@VzIceun-D`{+r-`{zC(< zA0Qw&umyO3KH>8d0BjT3+KvfV_2@aUJzm~0qFe`nFp(Lso~0RJn{7zfib`RsgTVJ% z&AxI|GaQV;HxZd^8>e#!TtxGMGc7y!`A5Aag3h;ZQQ&{CHvwGOZu;q!56#c5{kslE z`RnknF829)p0?jOinjsTdLNo9vRBRx9|RN4JtX!+sFP)5?v&kO0P)4KSo*{R&f~u9 z=+mD7#aWor%_3Sq_bAs`;}Ln?U++LzMAftAUk{OO>UKvaOKH*X30e13NV-Hj4zFH$ z-16h0J-CRneC){xEQMorK1Y_BQnESa3IB`y&Vo-dGtj!eu~(Ev{16z<~n`uEjo)(fBfy#weSvySiJE3DsG62a2-0-XIFiOgao92Zur=c7q)m!Xo6=**lULe#>m>+frgF;ZX7BSdb@AK!e z1>YcRIHDj&?1!RR#b9@0;|1E>w(LJb(B!upCsHs1LEtNE>_^jC1d>P}b5Aog2p+S7 zq@3PF9LV!Q-PX_A3RUpiyN{xdGs=0YW!=eNg0C^`FkEQh=&LVZGNF*(TW_KOx{id^ XXs}YVd*f5t$5kEl=p-Hl09D)Yvfl-jpWpI zLM6%h&iqKqH6^K}&DACSqASt&&V7Aff5GeVd_7*T7iW{dhi4oEVIZ#&Bp6`&ELOBH zGA-P%6Cjr5k_*rkgg)lBs>>fErDHw-e0dQhXJZ-w$|C&#;|-DSbb%keJypNJ8s_dh zba|nF%}tyHXxL_P?d;K)KX06_h6}b310Y%n)d0LT77dor7D||(j5!1_3hsmw*oRW14scn9icP9aDI} z&pAN03ETr16A+t>F;B}Jd&4frm5Ot7ul+2VaXfIpk}cDI++=tF@%^klF3^wfKH zz_!5^bBGLWCHrS)x;uIJvEqQ?y_#1!o}reeDFB}U@(IwG;@Ax!1ZX6~KC`^!`PWlVW~cJ@6;ZtY09UGVGGhWSx!DhNRW%Uc5`f}+`0$}S6rlEK!pu<2 z`zzYz!K{&^wmE3H8wLpkm@3CNld&x<zr82iX2KzVq4GFZ%#m_B++Av&>v}8%^l<2SsJhln}($pa3WasK>*hs7-Bt*e+RK z3d?0UmnAz8HQnU$G!rT~HZ{E9eO#}52^w@{S^w_>qP2uK+mGh>Lz={w_+kxo)|gfUx<7 z{-=YL)1!9~8b?U|wxg33cQGGx^&M|sis%x->pi`$6+@53)Wb)@HKxX9S|utt-2~*Vy69Jxna}8~ z^J%0i%X_jiN*<`c+h@FgNBE@8)yE@oc}wx>@e_HP-?z6_EZAKMDzV-rE-gJ6Tzug` zSvU2^&)m~ay8eF)?wF6r*2$55q!5-6->Htp5ZjPC6SSYfapYDt>-2%Lj*5+e&Rf}e zG>qR%{!aGdp?s6+Y!xM^JsS89`=)I|eZ9l|S%uU<8v}|^$>Oirq-5c2T$8Si=sA-4 zlO^qE4&Sk9|NGj*AZ?FPEfhwoMmuK=N1XCd+UPZ)eT&jZfgPm}Nkjff+zzq5@J@(oqj>fm4U_eWPc~v@Ve)M2s_4{u4r%srYz_)Q z_kQrZJP()Yl+zwt`{KWxt4e<5d~#jr4(iBi%I#A%j(eET`)ngO-Wizda5fqx92qqv ze{Fd(l{igJyu0+B9|u49LZT#Y=_?(%u;$96J}ZgeO;r7#!C$jPH+I+?zvtaGe?-f& zvfI6=Z0>4gBQ~Vt-)=+2_&t}VFNc;u8s>Zs=B`zT9sjqg5?oT z5){ta|pllSZUm{YXDsxu^c(RcJcF792}ky@G;X@g-a$KDt$J= zGhcP@yQPH#0R=}FI9U7~KL3_)H$tjP$t)F5_*gg4`gOb+c}6O=!R-!qI``_y`oUhk zDXy^kjI*?yp=o>rN0K#{l^&Y#(H1Bbuz`ibe@5`<277+!b0(pqLx`KkAMDklRa{`4 z*ISCv(m%G8Z+#vEsLhcI_`V6D%+vHN__Cqm3UF1ZO7UP#EMZU(I40$P6Q^=ZD8ICO=OjYZE zzdcQdBxPy8=#bP>WtM~@1+{lj!(mZwU*b_}Wop6Y1hO^bw9p$=dLq{W8rC<9tux?6 zV9csYuW;+PK6u4Ha>h=4Tuy41%^x=yAz&m(p?(B|V0Kxk$t?15IY$)7POEF)DD&vO zv&AbepU1udlzTmg@6WaTQQ0DN>7F~D{<)sgry8IqlnQd@)n|WNLVV5JrIHAS`dlEj zU-z37mD_}%9#&)Fa@_GCr5Y}_a3m@>y)?TpTs(p%M$oj~qW{8eQT4d_NeMfzokzVV z3IpEOX(wNz=|<5Cn6lSJ*L@Og51rD|lB5bxgdS^w*%A(9 zToZ?pB@;3ld>U1kSD#9Vx2_#v zsW+|rxk-s-LFsW~(#4+bM~CuOi7ip&7C~rSI{&(Noas+Wjj(@5#JlA6D~U?7`j<800I^)hH?qJ8TZg6CS#}aV1oT{!i8TJnOxJ%% zs0@SPUEs5#hbza7s*ZiLJ#RF;aGQjU6TQuNtZ{@02@W*vlp>*VMs=Ul!wZkJ#cOrE zB72SbX+>C5mfp6(7W=Zf5_=?%=vXb+ZInw^j|y?uLweUm?Ln0*c$f&geAl9$6%kCC z`6BBLPWv)*}e@+rDEM*fNE~*=itXIFd1dv>55!_##@n*k#cPs3;B`Cd{`AU zb=zm(z}opa?QP|Y6ggw#lG!KuG4nHZ_&_;!RgzDM-P%V6!yy`_htvfznEhAWFZM8{ zBNFDnQ!8aEzWb+HLRgm-WwPj+yHF}*(m*d% zZ#s-}@=%j+jQ2W!-YSlw_?q*Sx3O-sLJBF*RQ|h0?NL^$`}R0Yz0!xi4vHeBJY2jI zUHD=oWtEEnWz8t`)ERlZ&t&RZ5>dn$lIiUJ+l#U%=4xv}$O)$o%Pci*qwxSD*wtmF zfl~TuQ2BdJlb#XpXZc_GifE>PLO3_p0jOInnnCVWiMAd1cSjK>;DHnT(Q{z literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/services.gif b/itsecur-firewall/images/services.gif new file mode 100644 index 0000000000000000000000000000000000000000..83f72ea9f1facc29c3d808109ad338f4f9a3b742 GIT binary patch literal 364 zcmV-y0h9hmNk%v~VK4wN0KxzO|NsBY%*>gYnPz5Y|Nj600000000000EC2ui05AYB z000C22)f+FqI%@bRMajP;qa*%R{PTV-#4^&4Ra;IbS8HOS#Z#-PAWSRy*v6HQAlhx{N)wD>yg zSDzyo32^`k@?$fSzW5OVXs`~nXD?@bK*V`>uv&ty3Qvb^le)gg*b+;7YLB-aNpc)C zP$5KYd!E4>MQ=)Zs2?>+%+lX}m%5Rt#!rQ?J8+{UUz4G?&jwG1IB=j0OoA|PqJyEr z7hI6H!PE^hSedKGVu!L6L2PuGyV}!3BW0q==x#a5dXOOnK#MYdy z$qibM$}!2_{JsNq1$Aw||_#7gmTGE=g2{uyB>T zrn%2=mAY?}x}vkop|Q%**5Wa3o+C3$D`%J(E=sPv&~=izAX|+YT#&lM)h=tE%+%m! ziL?hod*I{k8&!xkXORt8jteeS2P#mhxXuYYX(3;cW{tNaT8U(fwPTC4ew)6oz}6Bm zR7H8GX@;;oc&Kueyctk`!^+x>ro}jNqy&eh=;S&dtXvdPcf$IaT1r^OFXg{QU48C{Z7 zd#W5TNeWnv#?Rb4ccyfgy>pkmICZ0orNb&UP}JDt2}^eatJS3K6a(n;OiwmTdTOv z2Tg_>UXy8$xP+m?4@r80oxtJc@7>|+$Ije!mc85G=?PJb2UCgJ-RCoGors*jf1SWi zc&As2vlvc)!OGb+bfUn>*d z+yy~)B0gb0bEF15ZE=sa226y!#@C*($_F4r6IF^@g|b+OutIX7jibYbrp3F+*+_h< zF>9JGX_p&AYB_nORfn)CW0Dh4gHwgB8Do}NfT|Z?l!u?dF>jqMSAuAXvS5m|00000 z0000000000EC2ui02lxm000R70C$WTv%}XIU%!eK`-BM-7)*ok0KwD4RgVsQz-a69 z$wV<>3#%{!!bnxCY0y-Sga84Owqn18sZwPEOciJlh&;k%z?l&|MSKz=QsPm#5`}sg zFffQ2up%8?74nltixvO?_^2!7bkZ#<0nh~+W$jgjEq0EC0l^l5AZzy``Iv$uOeF_% ztRNcU29b?awD57FHOCw_HX@`g>4oAHs8i%lRiO4F2R%-)*mavnEz>%4Jltr4lk3uj zJp^$5;9##*mw4@}5z^(PTZ;+G92JnpfQBgy=U9oN#3959cMTfk!-550vv)P->5vAc zUb0F$)}hiMBL%5Mwz&R1Q$b;$oi|UUiOBZN3W^!IN}XyHLQbMAe^@MN!wy!oXfbRe zLML=kkOK-om;nke9(?!5AL2c813S-6V2&;uSmQt{-RN=14@~4EM;1*q@xTL~sGtuI zhU^l+E)tA@!f?6lA&CXG2$6&WSzN(_C;1Svk0Ea@Awe>@xZuJzV#tzCJ@VXf!XH<7 zVoMpZ*ieHbA^_4!5KL^dN+@W|5=sUf2(bVQmT*%>6uSfyOe7LS0>uawD6+~dLm-iY zJTbsS#sUef!AUeygmDBiuYAx!G8zoy%`8YDaV9>-G{OZc*EHh<4+v<2%nFlu@d7Hu zc!S0`XQ&~|0i@)R!N~;c3?Rq~b|8}n6nsoW!6D$dunHP7$lyT;3EaU&JMG|;NezS) zkcT)^q*1{z7vKU)29jiOKoSQmqih>(#8XWj0w_^HFxk9d1~J530>cc~)ImZlG&q3B zI*SP4uQ_h$q693Jq{2#khkP*t4s>jR&M~8`5XcJ0JaL33**pOY9p#upi3W3k5QjQc XOu@%3K9n5C2ls5y3j;bR6A%D9SQVAu literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/spoof.gif b/itsecur-firewall/images/spoof.gif new file mode 100644 index 0000000000000000000000000000000000000000..a858bade157a55d2e42bc651c569847431ce2864 GIT binary patch literal 316 zcmZ?wbhEHbG+;1bc+9}?|NsA0t5$`EhFV%$GB7Y4KYm>M~7!vQgQr-sJgG z91U|9Da%5uQY@6Z2zD;bY@q}$Pt9I>Y=*~YOw%%~w8R0(F zeHTS8vm8Egk6(NG?D>99rPr@t++ca<{ITcR`_I_CX>@2HRA^-& zM@dak04x9i001xmFaQ7og@li(%k2-NoV3zlvkTk^4FcR4g5z0Q=bBFI+d}Ug&GwCx zTh8|#;|uZ@!s1O~OrnrVW1}g2Kzp$#uDYXPv&$_P_=v`6rml_9!q;+i zu1zIReb#+G;THuM7(_()=XPi#rC8V3$i{dyM+ZY`;7G}GIS9rH_!%lHS^xk$B$Qa7 literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/times.gif b/itsecur-firewall/images/times.gif new file mode 100644 index 0000000000000000000000000000000000000000..eff79f606e4b617058caceba50ac7d6a3072b057 GIT binary patch literal 529 zcmV+s0`C1sNk%w1VK4wN0OJ4v|NsBY%*+4)0L;w)NTdIcWHEJAV*0}PyiwM1OW;F4*)Cx0000m05AXm z1pe^JNvpj$>&?6WU?`5{bOdNxg2CawX$-8{`QC8==sHc^hF}mOgzwTbjgwTd2Ut7fXu6o=yV0%%cI&6*f`IxJ}pN*J!p=td!+8B%Z(S1n3SEdocL%-QnRN;eCE2F17y;>&c! zWcpkQMdF4S2!S>u0?_A{n@%?t-KupeNGUrsUecM(qEents5EtXRZt=UZ-dHWOP2%R zI1NAUv7+`)mbUV|O34wHP?l2d&;cOa_(Pf-m`_Z$lFr8`xjH8Efa+tyXE1I0mVRKM T0Ls-HJi(q#ySD8S5dZ)?4($1_ literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/top_r1_c1.jpg b/itsecur-firewall/images/top_r1_c1.jpg new file mode 100644 index 0000000000000000000000000000000000000000..843d390e90a693c8ef2c54572f241ee0f1004848 GIT binary patch literal 19296 zcma&Mbx<5p6EC_1NU$WhLxSt#t_eXGSllf*3oPyu#e)P`7F`Ik3yTI=T$11{7Gz2A z;10nh5N^Kv>fQUtyZ5WtQ&V+jda6&)shK|Azy96*y!!imb0RbVweL}+f#P|Q5q(t}c6OodUkdTs)kdc%9Pa!9J^qBndBQh!~YHBJfW+o;k z=BNKl{$m91!Gi}6$sW>^lhZTOP|z^`FXjK=!QEE?1rfjt_Q#j zzysX7hmQyN-$HmFp8)UP1EPOgFgXD49sxc+5h2liVtfL8z`sj;00AMzeM&YeQG*B6 zwCrNf?HxE&jC?0(=nUVcrWcNLiofuyT_)m^aP&_rs{1CX`cBHk6!yOB_dk1#cz6K( z|E$gbmVX8b2=D*XNl^U96FmHXa*yEtzp4J`WE7MHRBWQp4XD}e#e9FiO(iTW`bNVc zu2Q?~&~_~^DO%g;N0f1{AyQYTFLC{&!Zjh0!XCz!HBof z&YSFRQoih2Xkztw=t8}nOq1Bq?fKsAxOQVt3t%c*OQ_uGdxkDpxAl2=@zvlhlkjc7 z%oh(UTiFiB&DT4D*LwYb!pgG}yg>F-#OfnT7P)0cUe=V(sxDb$yZb3t!T|w>+=|vM zP^#^%`j_Z17OA+_4elK3SrQkf7Z%@F3rb-b;tGj58G!Vug+5ui_Hn(Xt7Y7TWA3ZL z)_jpQ^`fCF<;3%M0Z;)vKOROB7t9M$n| zV>cs|2jbuNxz{OOz|fF-dXA0Pu&%rZVB~h{dnTE)zp=JmHT1%`TJ2+AeaI1Tm`6iD zo-YHS9_7;5dAU(=B;1Ws?*1aUmA@VL~aBB9e|C>37O|S zvi^2%NZVgF4en}Ekq(h+vD`1$GZnCHvt1gC$=sGch=vvZl1s$Sb<_M!Q^3;6N^^28 zWn$rfjNC21vL;;BT^uCmMF!XgZmkWD>ndD#Gy$?9@sg?T1=x6j%^d0DzXN!qVg*zF z;m$+I)pX_aAJ?yMgI4YUV^^4~=Pw>-G*ffq44B7_Sd4G#$XCV&pFW<*x;92-9{0E%cWLMM9-m`Q1uP)fm@2F_Qi`+n@EfTxdc{vOIT{K?FzQf#3m z{~a+wrFBZUyq(N4$MY8f4IPu=Z=AHQ9nxC*_ifz#mDp{6oq46OJSe@s;{jrnsD9Z| zw2ljYD9ERU=}Os`%H3zlJv#Y&z!$%C@;j>-1cq}vAJgfy(6G7@GyjC#2Io!#Jn9k; zMgJ~cdnEJNjUB|-NPo`ruXHs>V7~gAX<%Pes$QN4$*m=cUcXj&#o%(JJcbn+p`Mt3 zW?<+tO7%PEF<4>iwsNX@-&y#rtx_e;PsM>i)|W`b9LUs=7ZSt2%@@9@ZOlH?1dU@KUaTe)Cu8BT9WEw)e8);?$8 zoB6je_g(PbuQ=D#lEMowLwC~b)^+3^!0b4|C|7*huJ)mK?GlBQCEw=NmA|46Yy&Je zyohT^Ow@CJY7Eb7vgf^pcgHUgHKk1*-Q4ik7E|KkvGLA-_Yilwemvp#hoW>_>8Veg z4j06DHgB`olWrkLVV}}vHIE?L1u-(uxRlw+=bctT$P!P{RcD7r@pg>D^&3LqP zwaJV)+!iXW%oDvN1~@yEb<-s)wi*8Mq$r_;spFb2n;*tk3HYF_zSy z=azv{Y>bb!Yo+(!-q!tnqRuEadu1i>9Q)CQA<_zhj_73%{gx|;&Df##VOnW7J9w?! z2KIt@ajj=gZDsACkAb6xX@a?7EkIgB=aQD_8WU!0qxHO@G{;W73Eb9RrxMsC0ZrxQ$77aU7H_kDJ&yd99X$FGM!I*L_pRefI?U=~DT@5_M1>&x z2XS_zMhGr859N+19(VwJ;n7apk-y4dnIE*6EosbU^855#sJ1w%Pll{ifH?OZpt7l= zYrI6PDH{S*vqb1k+yPR`xyU9gLcb2TzuEqC2UxgtT?mP4bpM9bL1b<06>V=UR726H zvK_A@o;FqJ#!MgsajEPx3rqEM`xHx*v4y|p`KNmMeZ7kFbddM#113NwJi<@`izXRZ zIPhpFle_e4^Y?D|hyIg)#?|D)%%x>k1%>nKkTjB_p6$zYQW2czD$N?IVY040C~hjb za@D#a9>L?J(k~YeQ$N>5>c$+>m$qpw=1hR8TZwV}J3ysz#r;dWMDm5uiPd?^x2c#X zGbLVLw^t#(rZGXfNr&)-BNKR{#IEs9y`Ih+?0AM&mMKaz*Ex5nCFoidt~oE+FPDiK zHp;S0!!kTVYUH0hdp6wOeZ3?dTbCjQytxDHoT9#rU4#buW<*pUpZEE629+T=_;Nch z-bLC41pOHAer-xy3BFlWaM1tg7WjNoDKlj}0rWdH^B_T66Ev7t&Gy`aNU@VuRLhnU zvhOvt{4ZQty9&IBOd7YaX&*Ll+4Z%sz|5P9th9tmuB*uX&Tl*g>RpYjMRkKlHB2#5- z9Lfe};HIggN%N*x#@AtW$ETKs$C2+v+T<7-hH)Ej<#t^xud8wt@~&i^!m>nrA!Q*J z3ni{%xO32q2l4W@DT7Kux&6Fw9n2Y%R?5TbaQ)O>%c?eH2@2~8mb%jZ)I9(AR?+C+ z`YQkK^L6tmvEEDEi|RtUBIjY*YW1J5Nj>PMZ1`(GK*@9qy_(@UTE4iCFsZkJd>TFg zZ*C?kMZ&&2z)e``9boG9a>5BXzhmGPYuR^^4e<(7&Vr9wIhmQLfhLjJ9Lw`$s0|+} z;3K}n5$cKboWhq=HQn$|WwcE{ zeNJUd?^q#`_%N~SJMxk@QF&h*iP;)<%hM~>1ZYmrf%2wK-@H7*q;%)p<{Kc*LC>a! zwxF|%zVjhLffy?2N>07PH=>y*>5NvCE#sJ0T0!lWY8Ep>0Rx8DZQkdqMo1UNtc)<5 z44Jju=xP5_#i?R{Ovm~AZwAP^A^zp0eJ;WHZI`s^9wcAx<^^9}V>@-#j`yE>TmslM zHGz=^#$K{FyYY-PFGT6!8Rfmny}$1w&=bPe^-spN?c-nCaO+Onf)20Mb&-|8^dMci zPN^lTrMfSArlFvRO4iLNe;S3wo{hT7^v>BplMTimJp-qHU32Y85iY5+>6r}{g@wOgRP?W(Ytn-E-U}OVx2yJrYE0tF@^yc2 zD__vw0jRE2Z`D#z6)*klWA>CWk(awcb%e*+cE^$AOrs70lz0- ztTO%J9LoP$MB$#Ap*^6utv>KjUcO<{Xth()A3GGw8!&unObX&g`=&ysvp^ZrC-lS9TXso%Uh(nJSAVoR5$jX<7iWK#fQROsxo(1^_!Lcr50Ja{f;JOaa~xCO1w_68HJO z3Kq**^kTc?Av`8YYLrW= zd>LU88H!?lDOEts9YBtu%?eByMkBqZXx{Y`HXp@MipYjqsr-rVwd^+Z z#x*Yg;xPB0dsVyMH0CN>Ib8pV4PBY5Pfpkv-uP;)U+6NKye4c!0!eH!;GO0CBX*NG zx&mVU`;1aO;O|Fcz<28M@no&ZVgkQ2>opM?@@DE-W=^kNyWi}xJPK`&rRBPLTs*)L zKbndh`9_yDfvPW6zSE3ea%%EzcD3Ynl4f~>b*5I(mj22|k>?$MSaru!h@gWECZ*!~ z*{|H~mEg|Lz1Aj;KajN@rvyN(+$Ba&=l2=c8O>z%N$8fUQ&BTM0b&CxZ|FWxkZlBH zAvLibb0cT;qx-d2R*>Z%sN~K|=Mv5y(Dwys%#B03z;>>~+rFohjjCS(Zw}Zg z_Xr+{{2w=^|7V+e@)$d`K(XJBd9TZ<%9Y_Jhesey@3gmaKP)0=DIZ$c;eme?g<`yE zoy;kBoa9AKtV&q$xrYZIuraCK0nolR8Zqg*vkF7Gm1AkZzD{gD`PwglJlRB!rfoxp^BiT3>sX7qq~oUCdMj&{QKkuD!< zUha$@4|WHrQ+!lF$e!AKQkppxC>uJ)@Oy0VK542MAGJmF5F2oEy5+2VE~=dL{p~Zg zu=apN|FWc-@%15DcJ2s8T5U$Zw>G`t!2#oZkWIiEl%I`H_wQE%AF$kX4M-RQiwL3!;_m_tg7m1#`!$ATyFS|<=HH$34@#o z7y;f8C`a38bMm$nnPkdoO=IPYA5V%iE#~$wFkM0U5mBFu8Uv*|Evi$dHKp1sMM4yQ zeX+u3;OwfU%}&rAF=wRW?^ zi0A3E?hYmuPpa^^sV0ohInZtGy>f3qa4x+{0UihXnGkMnx70VTI$|1$e}GRBs*dh+ zPik@+tNzt{@n&x3K}a)%PGW^KINjNYc2SSWa-38xsQzS_BBn-ISa^al*JZTTBu$s( zkXV0L-uofD$GeLYWzW|+@Da=FP`Eg@n*Z70(|G=Hn~_?Q~$ zbGMHwA+%R&uI=1!0;o`iW*_W^eN`O2F{l~uAFjVfUq&UamwsNCYeu`2ER^vL*A3e} zRiS~gHjFkVa?8wm{9dfbw!Q3zHS+Kq3F}&82Zm(DE)p!YOgft_BVMgZ{9MLG=`h5d8I=G#2T}iuDPzeXh*S{EX1r=qS$1UDAQbo z*~WMeJ#JpsI=6UWvIJ$BJ`k-eG7DSwe`Mr(7yOCfbmGV9XvMfUfV!Nqklh!C2OT)=s9B z#j@JMO|tVi^r1Yb&YKORHjXIq7s(4;g|ujrAzCK7d+II9Fguv&{vwrFAb%|%beiND zOP6>~H!55BkQkL|juyyf>&x*>uC;uo?CGfBu|7%V5n@_?=@OdVAc16a3T_M#9oMN9 zSst96esw8e>yy#x`nUG_bt%B`XQ#BtNn>hx^c_QMYDWk$X~pQ zQ|{;ULyTdBL|m>0{3Jj!$_8q~%#P^mfUEzWYw4~^`^nNBJo9M#baB54?N6*>#s7AR z`a_M(I-#uI&o)$MQc=(v#uwJfWC7hP$I0(Atff5sY&A5_ci7|vOQT_?jYV7N4ONlW za*M#f&u<(LvHVClFhcQg-qSM*uoR51(A{=;PZ#ehl9KCm-mIP~6!CGsgpxU7!Be|~ zt=oqq`S)Q_1iz>o|8IJPw2ls2xvEWGeLaQ1i_l`~j2W#s(ys&$e91HI@rM5oWy}9t z$UNvZT-i#2u9y77K8T4d$P2qUiditE5`6VmMY4Itacm_2=JIb=&`P&O^{sxrV>&~WOumPH;mFT*B7e_? z8^et+iMoDkDe*iHl|?>-9i-5gx~*$PD%^hD>9NnBRA39VMZMUhl};EYpUCgL4z=UD zob2C!EW-H#ty+0#m|SikKd88tb-EZn$@#lD#5SErT3SUCdwPuD+hk}W%>TaSbMo0O zyW_~sHjdEUZ4LX%I6feexX-ikN)z6;@|{GDZ{Bz^viaeIY%3%MfEfP zQ@Nitc$|8Jl1BXFfe=-ZaFBFMWGXfM?0|&EX(|`!w`3$^nxzkuZg*wZDF=hx&Xm?c1 zl=>gYVe%#uPSgtW5neq0U67O00+haK=r4REx^5aQt}J#YSr&IAk^MU7CG!h|Mw5}4 z62?2gaYfbNR7O+jG>+@~_MNnonnzow%#YpHrk@MiTe54`7G#G-?p_q~@V}mjJ8rG; zI=TFP+UkbmI6h{qJT9lP*gj**M#tKGc?XAHYM?E5*jWQh{hK6Op`Z#moK)UKK~9#L z!ADQI&bs7Zl#(rR4Mnvr0u}}2tvBD%K$b?1G}Vc4-TTw1Z_5Q&8p6|efTK*aiC0z| zy3~n0!q1>nN`Dsys(@2BYld{`L?M z+Vz)vvX3(@ZJ1=6G8K+C$Yi3ZGpP|p;*XsK8CY+Mt61o_Mdb@N{~?b(eZ^PDpAE&? zesfr%leQ#!!#GR#Qj`v^OGrp!V)}UNEBLasmYkN%HHQJhq=6yjY=XO)R`DYl0-A@b zAxWj0=vGHkF1bRG`~}g3(5U-&TXN%7cPnib5cu!qg!r~rcM~LnO|JWGuQqY*awk@XwswXlE4Ncr~0_n<|zG?F}2x&Q` zT}NTY4W-{XqB=bPbSK{dmT~79&WpOJw4Ipnxu}3h9g%B+h(^dwe&uN+I`3f#?A@bVj-0FIIURvO`N!xMdrbOl3es(@QA5`)3B3%-a52*1yC;cq3F<*l z`J4qtr_FhA^ali*0i6dU%+8;W8dhkVAUuMJ7KP1Nj+`zWGBfk-hu|a;oWjQ=1JXnN#wy`#g&{(~gJ$11lRTxxXtX~`ukXwho3V4 zw`7W1U&pV;mTKZ2NdXIga0B~9JGs<{8_i^)qTrBN(pvK(-A6c4uucdp|~=gp6xZH+)*d)Fj?nOo>GstI@?(*zE0m$))2C zjhoTG1_dq!HVZoCV zK@oUfTQwVgS&hXrpAW-mWJ(6{yK}{I9vpl|yLf(1MP%FYueH<;&mla96zMLdw zw=IXPb;XGsB!7-P^|gm7E99MN%`f&_&d7RYv7z#UHaqe+-Nr|TJppJ!_w0C7TJ8Es z;H!JmgHTh~-`&h!#a5J?sZcC;;w98g|kR-nol;ia>=se1TUHFXT{HZrFb@|uGkB12O zq)gzH*FnOlai7%JLTkGK4PV7Z=`DfARM8BJzP=p%*afNuv$`3t7!1p7PcYStxA@Z& zCrdslTi#SBC5iu_ z*qj?j0#jSU-+L_53+d)TS2#$ABcj0P<<)4FLRIbr9%t0@=nTocq{z*sjKfD&92+{ zwz;Th#B7CU3UJQm>s_RTsl9Gh*csi2+_asQ_q?J9Gj+p$l+4wDWw~$uFt3-A&-fB) zNrAsV`rJ{|$}MZDwB+E@P$2M--)il`@Ro@|liT_{t*OgPhL7Y9kV-$|x>(n4t5`*H z!Dkd=>s}+YPF}bAhsk&;18mA1_Gd!cE}mj$Qf)=)aBFRcyIzSVA)swil0nu*Z87pZ z*X?nMDe$UatyI6Sc6}?NQDSO-U#W?|qojFEH}VB8upXhjL5J}T5MS}QwLv(Afl^{B zw2REv+|lY&pqA{u&U7bdbGk!pKyo{5-6B><{s_@w>)sJpe!}fdy28N2X|v01&^4zg zxo%140Aw}uNZE-GGf01x)*}!C2klg@ln0a>b>Kmpzo2AWV-X#(5X-an#L=rgmn=6Qh|lo(5Ot&Q8O57uz#DX-U@R9*_t zB2jx#0Q^tj@3kF|3-5JP`-^oHV|J$PsC_hY+M2ceyI1;ozfRx$k+7yC!^?y&Gf}hI z3HKD#q&u{3ul2_wW__3Rx9Fx7sy!?;HZm+>tR~*W2>Dxe!ND+BBP*u>k?pTRYQ>#K zNdhY}_VRq-6W`!XGk^K6sbsW}2HOVmX4bX)j1D!C{FAHjrAI?U>kgnhhI`cz7H=Gs zZjn|l@o{A>Uwcj*^%AlDB`&GP)Dgm=RHahCvCD63R=P8rwa*3v^PcGH zYSTTrZTQtj3qg)psRGF3)mfQhiaMQ2fBtJ^~ z@_PT#0cy$nP?(MLA$Yk{Q6uk6%5p>I$>Tu;b7;n>9AdV!sOnXPMt10;R+!AHaa2J0 zLIT)?WE24@IvY%9uNQ0xHxT5ALYw#-OY^>b{>VU#i3OBtw^b1# zdCBmzOo67J%Cn_lTNNT799DFBYL;ozcG$|HKATRnCWh}-Hz@z^U6dtne7&s)m6r6& z7MHKL%L}xLe(`N4A+t$-q!yqMfe5===kU+nl1ZO$-##P{K5r{>EUn{_v`m*dctbA6 zWpP8(31pFkW{I;c*kHKuSa!XNlN&W!cmP7BC*w!1_nR=MXP-Km9F zD_v#QL)tmBb3B08=km#yW7YMOkJlpC3^$PCJ92%n-} zr^uE`Ta2M8K*i#F*4rh)XZvZt$v(2Ydnu1c(1u6;UwelCBIDJ4HTmMXP|Ey|nj_>T z)e`Xgst1WRz$2AiwX_kKrOcr#lnoDiK;J7Fi#D8!CmaER8dv5mjiZu^qev}OJ)HV( zSuM@N;Vh=|R+gbVEyC*$_!=0#hU_z57B}tG-n1y?-vJ)0^^(;Mx0j@w&J1cdc7+5| z;@vpDXZ~~3=KWYX*JI+=cVhiQ+mYlxM^6I-PuT>wLjecpRE5VQsoWaOGO@vf&=|6e zlF$Ni0T*PAlA=VE1`mBp(@*i!zur6z-g&L1IdxXU;<IGpz3{w>{ykqXt8*cRqTYu?IUgvqs?)zXwX!$Ro-`J^USoYFtxt8mFt>^YV%M^*{ zXY=a4Pb~AWfP^_ojz!u;(*mcP$|`X}skPIoNu!^i3N>Nw)|(D`GIf~+KZ0hh-8eG2 zwFXxd%UK#lA!8O!{g-zvxbjtNbhe4*3V;DRMjd(hJ041%Tw|~D$G10VE+9tBp{yUX9z7&6 z?aux($8?+mS8)Eq_TE=#hIuqz;!~vG^q}&FtpQD=dw*ruc*5d1pN_E!xJx2W;YdRX zZd3zCHV{TN?_ldT7%2&Bn61`B3tXKv7*)etx*J-paZieWzTq=ouTa2rDO(Ai|5|;n&2^5CLemAB4zDJ(zU2amTHB}v zUg%}iy+qvBE;qgP8S#HSy;yF#X2u@F#Y&0ndY`>{|Ji-R;CnhoWkXhGCWtG$|GY;Q z)X`GyRfldNb{ujrD$bjU$T4z$`oKmX5Eyr+YE;_c(P>mwHDx$GU1;Q=?ipm15nwi_ zG60%3UUH?7}i2ZyTnYzYBSE89yjaaR4Bl@%6J|jet>fF5St{P@_4n? zH#Mo*IkCr^>+HWHnybF7XjS#;*|n%~Yu$+(EnDAM6!}DM*8p)-#V~4qr82s5ov=v2Rx2D%cQ0(b!RLkS2+-^Z$>Fd+=q+@y z?;R4KoR1wdFtIF6C=?;)jAhLBZTLV~Wvkc_eyQg0 z+IizkD`XS0_YWrc894NiT6(TkfT_Tws_Ybg6RpLkd5WIpbq@|Kf|s9RKO0S>qaF}9 zAIdi*LYHw`vrw2G8=%OeOq$ax(beu@gEF5b)XTSF55>}YKNq}(yIRj{nf|Uogq<3W>tFQ0YZ9e34S~N-E}*-AMa@ zVy|o2Py8HEvBkdmn?k%qeU?VeH1T*HW+P-f#}U31UF4`8>Mj|(o44yYoIfX^pI9n- z-P8poUYT=9N#ZnZfr*NBKg_R(>uV+qPn%9Pg2nm@dujy~t}MQ@@pJY%vKUFh-7A>O zTDa}Xq~%BU(dIT)RJN=G`JlZR`kn@dVjj-ZaXmLA=PgPiw?}{mUb#T>X(!m&?QZ?#!JQ=REj-m0!sQXJ^*s@2a6;t?q?sIBx!Nh#A$P%bHO!!?C zYQZXSIa}QzIqJeqv&+T>x*^bG{DyU=cauqgY7?hN;!3Vxz;ge67%eKTurm%Khj<9_ z)mW-+c3x(N?`%NP#|njOjbe?!Z}Mjg49JF{76I94mdJG~nP{kdr+u-_; z28nv+S!Lr~w$#unyPLUQIWGFV>>mzI3#&0|Sq*3{qF(!)#ejH7NS;x_rqA$ZSb_b> z9a~RD(j8Yms)PR2#EnoYYe~+UWUvDI0SEh{eGa;KoTOmSz%?JS{$yfcZ$+sRvQ`Uaf~qBGP(n7SJ3lP9Ze~;bbHff4 ztwON}RUg|Y*D8tDtQxyQ+oe@3T+)UfB86yx>uhb!a@bR7ns=Y9hc|GamFnbvn{df& zK9ql+&iBT#qWdu~8i^?6F*NFwh~`3lyCwX#T4@_;lA`|MfIJC&+x?&04<(R5Q|Y9_ zXhgQx_cS(p6e;`dc=Q6bucUMJk|%#WWMt@m_NXL97#1G2!J4Ig9IA2waqAa!w{k>u z)qL0%f7o7{d&5ydIFC@{B90Z+S$Tp?)S$91T0AVMU2HZWBp#lI^{su@eLz+z9Z)d!r!UCWe(|2 z_o_R&45yfwQ05afkXUC;5*Kk!JH_S>Sc9PU^A8B(hG;^;IZlWdo1xfSwfLyNA29cJ znu2Z}7ZQDb*W`~Y#kIn@g505xqBQtm8C~FX*<*g`G4r~Kl`05 z*f`%oCb3FTQBzT2AAr~p{h%FMDU{_GmLFfzBqRGBB?s$aKo`{l}B3D zY8?X8CuT8rP8hb3?BI^1I)x*-7ycz>yqwIXQI4Tm0jqHtC_`8`ga1BtEGX&Hhhj*2 zuAHxwABG~_DSEzy+VZRIV;(v&T^J@F+&PLz6iL)-;+*%$gO3>1X^Y+JpxIGwLPm#) z0l4Pm+8s1Eo8TaUHwAvH>aziY2O(UuPyO+R|1lZrfxuQt+BOVv3##8%|yf1J_|z$`+EbfY)zrPBf`H%O*g}zE;m<;FF|5Sp$=+ zZ{A1}IEJ0zt)J+_5{DpiOCpSRzROhoeYo{aO;1fwi4yU7wq@t%Pdzu|_A%no@towbrKqXAz7sJ*_+lS%is-J+ZgDad3^?V7rI( zABNsnn>o`*E&_#j0QFfewOP!>5iNH)pId=Y7+I-6jH zmhzD2jcQ@rd{#%2JiVPZ&b;Zy_#K?r>L1t-YiOqR8b%*Hr zC^(~gLAn$?Wt8;!oY7u9#39Txli8@c3RqZla6BUv*mqE!yG)zK&ERJKnqg&@3?MV>OfK`oK^gyDaM zl!;gd+TZ=rhw|;8NM1m?J&kq^&?F(5`5Oi<@@MyBrGs2Www=9NQ)n9puZnRldD`l` zqiQR@WR@1g%GDWL-*9x!J9Tx2MUc=@4HvU%tNLd_6ENwljl@j*b#_q8U?-pg zhddg-^=peSbuLMl0?h&${7O;UHi2`ZSc%3Q6-QN&@U@zLEsgwxWqj$l(#@rcA&|DL zs;_FDjq^ujYn4|6`iFeaeJ>*)7m2lQ{E2c*yRUJMDyF9$wjk|}n#t61t8sxLHJ%y4 zztjG;JQ6>>0!cmjrlz|}=7V;%v~Iz+ggUP)sy#Gn@c**)o;G*5NZ{dMt2@_|Qu|Zg zHp6U~3S(ZGQr&7g6_1&zaTPT0Ov5L+(xANMa3{KCs5b5kaxOP7t;_H^z6~YX1^@N? zG5Xc)fNrbwPJK}>6*RU}5>Y-PuT`u)jLP6`K^&Xh|@?)TMyvmD@fAwqetqUCcD^3#7vhQc? z2I~(gS0=1ql+A1^I`fF(X)4&)s;|9fF+(@2g~;EN9z`B_H(J3vY=3z(&jle)4E9@q}0wl;kO-;jPz8@ZE0w7rHOqgWTZ0o@xeiI zPAx24j~Xj{*_U%X_KM=5U9+|6LOqpi!!n)$cbG&C-D^^lYD`Nj6)-^LykM$Myzc2? zcTOn(V?9|Oh_Osvrz?0kOzm&G+Bps`RFvyAMM{fxr9(qB6opIGDw;kxxVx9|oX0bA z_SeV!iG7cAT!nVvr(;j_hLFhCk}|LRGIEt+VUgUn`lmcB2APCHM8AT|Gy2NYzJVJ{ z(yEWV?f^vF{h~qwPL7emY)8ViiU0jd4C)BDWjAn-upw9Ea4 zFi$O<)In2XNH(9SuseKK0A@LS)4=ay#cyh({?CCQs1n`mO-!$yxMBjzK;+X3rSW^H z#xm<6eF#PP5R$b}v&=zOYFGRo7=ALKvpdKV)8U9}D{Aa4?l1R<^=}J*4pmUl#}XJDmnPo>{pd3XD7I2%ZM_0|T}ZpMHqeOD%>UE-`IK4L!yl4+ao&+5)?b z54uBhUcW3b@LhUcrrycA(G5*mm3AZgVM#A8=w)2FMOxu$ z4PGig1+fzaKIVbQe~|G1iiSTWf5JRiV}71*81{VJv*eo=7~4u1rGl2?p++28L>KJ} z(c}bThwBW}N_f}pnztOu#?M=Q?S?jnIo^9n{?&JH&ym?uCo7poxt~?#|C(3q~&g2Sc&$KMlHI2IDWy1Om_`&T=k5_*XubxuPr4Bi9sR z?qpzpd-3u6=h@xnuK{BQ{23*M3Ad&peCPlPAcn{){u#&wsx`gvBf-mTitP%t)>*8# zb_aNXeYraEK;*-ryt#t~A;{0cUMrvz-lpv>CI+dhqLRouV;>isul{jmvrb1)mn}#k zsao73GFxiFrk$Ic1=39(u-bX6$87HyDK zZjYg~5(I1&1rgw+#-j!kNgary#7rC4aMi1o0KH!vlO*yHlRR#=URe*kNs5(C|Xh zRkpnjn%6Dr9R8{9o*!!7ktiNs543)S(@3WtU7j}?Y|>t*zAixhaB?<~#;CkuluiAr z5A_iu`k@(B9oQO3$8zj%R8$|c{#nwitZmX6KIbV@?OxJ6;bIKq;J1;+*JZ!qu`Y+CNxYAMn1B~<1Sv+yAFWpnCPD+*RfjJtjY)G|cBgq)-Q)o$6nVG^F(_PjQ2;*bk~wNh~Md8?}~!9iDphI5=l2Hh)Z@Z z#!v=X-PjlI&_lrX3iu%85Yo$p_h;mKli;k^a+wYr*t1KclG(3MGGUB1{7=4#=C_}t zA8uI$>VOj)$?QF6#$4M3b;Tmtrk)^J@^?^zNll_NDpzOaK-!atkGF_G0 zH^qEHDWG3I`(cBOm6!%bfR^$77{ z7jb*NTbp0X`Q2wOx0!IT;s@ty+h={9d$*~htf&>h65|U#uHJ#k0G*H7?&hBT5sqR% zbl+e+@HkTJM06LkL3x zcUhGYHO=*eT&qXOB$<`FQ`Y1+{wju@X8YnSyCv3j1(TC2N5mO%w`Nvax>0q5OO-wS zNqnZAccOq{mx=$C3J3;9jE~DtzROuV(;}0r)rGpVrrN+K(M?oc3PaAv=er-e3A$X@ zOi5^;gV&$_?CC>NHET@ys;Pyh%N@_tHsH`n0x^o&RuX^O>nT6ax>)-nt!4bJgEdUP zXvd^qROlc|1_lGk!xq_PB0W!Cdn0O2t%e+5{*@>*dYomD^f}a*?Ts+J7*6#z>?)-3|YUNxX^F*B37jc_NI2X%Px`T03E` z>fV~vNG8Y<{Tw)9Ke!vVjrs6Kswf*lb=aVRQZot#efgq#W!!U3<`OXj&O+&9~Q#gBONuVA?zwEjXW$*jY&3 z{@lb!$Ah5EDiWqI!;>#Zf|-9?@#&_}=X1|kW$B(u#f>-aYLg^X4w1{g*}(g+w7>r_ z0x!EP_BrN4Ar`I|^yO5PC(}bYB-o=bW60WL~|w$8Mb`v*0ySqYkhfPd_qoExvrr92Ufk5A~~@H#fHCm$5Eg69V|?$3Y{xj(8Q z%gQk~LxZpE&zkrDIPFsP%=w0tlE-8S@hr@E4Q9=9MDf5r4><78m#0W00zXwxn@|u} zvU6MD;sk`Pg`hb6b{hI*k;d7RK+uO_PehjG+ymA05*?L#!L&2kb0j{nv!pS&gg%J} z!Vk3cQvWph4^ZF`nRS+GK1>(}QqK1@E7Lh5<#G;`on_eknb*d-a`dycUoMcH8&VrV zN#JT{$pVH!+g0u2)BI^E?6$eOP9Otx61QamFJb`7NP1+js27?%Y`pr&6Fy(;JZ+Gz zC2KP8XkoyOGyPPUZ6qL|TenNI(m0ohD?M@DBpnXU-KEJXg-UNe(K)~g<^4;SfE3FX zQ1%*w*?;O0=!Gb=y*yM>QS3eDF|XkD!jTQIQTj>fX1!edkm3f{!_YU>6-&)q4&N(_ zyMxm$4wDq8&Na~Y7B6w>oE7(0mng)tqGN1oKP7UtOBweY&l%CgTY+Bjy{NjUo;nlV zk9Yx@$=p;4uPIC3o_aC(!E!nreD5W@nv|6EkCT)q=mO!_r75I-xX$Z-0pz-MiIjHF z><>nb(h2S1UABrr1hC&VO}`z<*xTB6X;j#EjzQVC1Z*@hqwH@Fx=xdf6&OKRX;jKDST|O+Y-M)Kbd7-h%0UNQ0U~sdxa54p&How3 z)k;I5)S^IHLlMGIfxvMl<_=&W(kp77n|)he9n#awPTgn$Psq-~sZxgY{&bI=XCnp0 z*q`@uVL-jHRGjF7iPI*RKg9xvwv3L`H`QRBfl_rA5CN|0A{?}Kf_d*FaTw+0fuZfc&)g5?t47}7%(5DxE2S}Lr&Vu zbn&4nGopbxgJpD);pAV%I`vcv9t>_Ne*l&3swuWg~aks|uy^W(PqLoS< zGpo16+!*e%n4PENT<*tSr`=M*0l>F{zySgyb~kI1^bs@Sx`<;JUh>x$Zf3An>s*^;%-S4m9OgTk_5e(+hjxh->N7U-CJMXz zE@>r(e3&M~sIWkXvj;enY&OOACxCJ}rhfX4*-r;0mTpWCE_(&tw)!SQg&%H0Xs`NS zq12C%P)Ze|_6WLpd4wi`Tp)hFO|MrTuv7(7^m<4WZ%gRM8PE$W7@Fu{2_Rq(uw0?F zWSm{+<#Epzj%ltqA8hP-u0WbdhBbrDh>=aWDc@$6ZdT-i>3`Ahq9mfK8Ylw?QvF9qtWb;~Yc|gx0 z05HI73+JzsKKRJblRkAZOVkv+g&8O#$o7MVyqK}{2vdz7ME$gUY*A~Ml(O^f+D2Y; zh^dj1`IfJP(A9#knW1W8d1>aKGsdK7dgxRI_aBP6PM?@2SoP7f6HOJBDy^F#;$zm& z%D8X(CnB|oZ5z@>%4Gb*F5_R)6tQp6;d+aC(q0R<=SNPPNv<(0k?QQs6GS4}#CNE- z!F5NlAvUV&TYzNI>T;L_Z2vgJ@;@FLd!EXj2UT@_}!Mhb!#lhsw7 zZ@ll&TGHUjJu9rHQo0`_3GbTMlH}AJ-2~?*tCe9{hJv$8PoAeIupC_*^|$jgNrB?o z)nSP+a5Ya?2f0wwmzJteu(k+ggJWx(Od(mD9^;%{eZ8_?%&XLN2|_bXyzBD)pQs)v zy!~CLJ3F~7Fwd%<2C>ji#>B%CPn}*~5KGWpWbRCI94F#wu1@Hs&UW!pB1N0hK1k`5 z)704moQ$ybAEz;anH?dofT)Z;z_%MuK>3NfN3Y}`*&^pQ$V&WJse-#Zy#OsEZsMp*vmf%^oRU~`k35Q6LJuLZKvDJ&D&FKMN zZC$qVdRq++VmB9uoeiPB73Fk)K;!@`$^E(ddT7l8gRoE*+B{-~M`4lno!{U?`k^xa YUVi_@% literal 0 HcmV?d00001 diff --git a/itsecur-firewall/images/up.gif b/itsecur-firewall/images/up.gif new file mode 100644 index 0000000000000000000000000000000000000000..23ff2fefb55f5e46e75e3e64bc02aa8a5a980b55 GIT binary patch literal 103 zcmZ?wbhEHb6krfwSjfO|CR zz|5cnQ~*>jz`($yHm83j+Xk+t8ue2@-yHSKKUb5aI^|I6w1Z7S?yvbaSO9vevhOt#Bik%b}7taiUl}fgXZc-CwMmC}&;sQ8dvtwV|R}NHWO7$8K;})k^!KT4C zKyed@cK{b>C=d|#cR+LW$aj{O_;7UDn0d%2!0Fk@<0fdZk;EkBx1c&(c7vD*+gXRo z@L4+G6BVqRv3k;o1`M_|tYw_=_`4yty!%6#oJt)Fl2T>4r1!f`+-t`RO~@0zj;qTp zdyZo%DgIi1O8?DTUu^*2O&=F^wk9d_SBW2kXm~6z`-d-}!hr%E9t3DkV4hft2Jv7# zmS7bNOiXTkbiqpyi&O~0nT!Y$WxfL?J;Dr`5*^N#iCz|q*R7En7$;fAJci1Th@!@x kEda<=r&9$`Z>Ewum1b3#G>|@^Mz!dUv1H4d9a{hZJMDw1g#Z8m literal 0 HcmV?d00001 diff --git a/itsecur-firewall/import_groups.cgi b/itsecur-firewall/import_groups.cgi new file mode 100755 index 000000000..9e44a3087 --- /dev/null +++ b/itsecur-firewall/import_groups.cgi @@ -0,0 +1,75 @@ +#!/usr/bin/perl +# Actually do an import of host groups + +require './itsecur-lib.pl'; +&can_edit_error("import"); +&error_setup($text{'import_err'}); +&ReadParseMime(); + +# Validate inputs +if (!$in{'src_def'}) { + -r $in{'src'} || &error_cleanup($text{'restore_esrc'}); + $data = `cat $in{'src'}`; + } +else { + $in{'file'} || &error_cleanup($text{'restore_efile'}); + $data = $in{'file'}; + } + +%groups = map { $_->{'name'}, $_ } &list_groups(); + +# Parse the CSV data +$data =~ s/\r//g; +$i = 0; +foreach $line (split(/\n/, $data)) { + # Split into columns + $oldline = $line; + $i++; + next if (!$line); + local @row; + while($line && $line =~ /^,?("([^"]*)"|([^,]*))(.*)$/) { + push(@row, $2 || $3); + $line = $4; + } + @row >= 1 || &error(&text('import_erow', $i, $oldline)); + + # Create a service + $row[0] =~ /\S/ || &error(text('import_egroupname', $i)); + $groups{$row[0]} && &error(text('import_egroupclash', $i, $row[0])); + $group = { 'name' => $row[0] }; + if (@row == 1) { + # Group name is the host name + &valid_host($row[0]) || + &error(text('import_ehost', $i, $row[0])); + $group->{'members'} = [ $row[0] ]; + } + else { + # Hosts are listed + for($i=1; $i<@row; $i++) { + &valid_host($row[$i]) || + &error(text('import_ehost', $i, $row[$i])); + push(@{$group->{'members'}}, $row[$i]); + } + } + push(@newgroups, $group); + } + +# Save the groups +&lock_itsecur_files(); +@groups = &list_groups(); +push(@groups, @newgroups); +&automatic_backup(); +&save_groups(@groups); +&unlock_itsecur_files(); + +# Tell the user +&header($text{'import_title'}, "", + undef, undef, undef, undef, &apply_button()); +print "
\n"; + +print "

",&text('import_done3', scalar(@newgroups)),"

\n"; + +print "

\n"; +&footer("", $text{'index_return'}); +&remote_webmin_log("import", "services", $in{'src_def'} ? undef : $in{'src'}); + diff --git a/itsecur-firewall/import_rules.cgi b/itsecur-firewall/import_rules.cgi new file mode 100755 index 000000000..5f6114fdc --- /dev/null +++ b/itsecur-firewall/import_rules.cgi @@ -0,0 +1,109 @@ +#!/usr/bin/perl +# Actually do an import + +require './itsecur-lib.pl'; +&can_edit_error("import"); +&error_setup($text{'import_err'}); +&ReadParseMime(); + +if (&foreign_check("net")) { + &foreign_require("net", "net-lib.pl"); + foreach $i (&net::active_interfaces(), &net::boot_interfaces()) { + $iface{$i->{'fullname'}} = $i; + } + } +%services = map { $_->{'name'}, $_ } &list_services(); +%times = map { $_->{'name'}, $_ } &list_times(); + +# Validate inputs +if (!$in{'src_def'}) { + -r $in{'src'} || &error_cleanup($text{'restore_esrc'}); + $data = `cat $in{'src'}`; + } +else { + $in{'file'} || &error_cleanup($text{'restore_efile'}); + $data = $in{'file'}; + } + +# Parse the CSV data +$data =~ s/\r//g; +$i = 0; +foreach $line (split(/\n/, $data)) { + # Split into columns + $oldline = $line; + $i++; + next if (!$line); + local @row; + while($line && $line =~ /^,?("([^"]*)"|([^,]*))(.*)$/) { + push(@row, $2 || $3); + $line = $4; + } + @row >= 4 || &error(&text('import_erow', $i, $oldline)); + + # Create a rule + $rule = { 'enabled' => 1 }; + $rule->{'source'} = &parse_srcdest($row[0]); + $rule->{'source'} || &error(text('import_esource', $i, $row[0])); + $rule->{'dest'} = &parse_srcdest($row[1]); + $rule->{'dest'} || &error(text('import_edest', $i, $row[1])); + @servs = split(/\s+/, $row[2]); + foreach $s (@servs) { + $services{$s} || &error(text('import_eservice', $i, $s)); + } + $rule->{'service'} = @servs ? join(",", @servs) : "*"; + if ($row[3] =~ s/\s+log$//i) { + $rule->{'log'} = 1; + } + else { + $rule->{'log'} = 0; + } + &indexof(lc($row[3]), @actions) >= 0 || + &error(text('import_eaction', $i, $row[3])); + $rule->{'action'} = lc($row[3]); + $rule->{'desc'} = $row[4] || "*"; + if ($row[5]) { + $times{$row[5]} || &error(text('import_etime', $i, $row[5])); + $rule->{'time'} = $row[5]; + } + else { + $rule->{'time'} = "*"; + } + push(@newrules, $rule); + } + +# Ensure that new rules are sane + +# Save the rules +&lock_itsecur_files(); +@rules = &list_rules(); +push(@rules, @newrules); +&automatic_backup(); +&save_rules(@rules); +&unlock_itsecur_files(); + +# Tell the user +&header($text{'import_title'}, "", + undef, undef, undef, undef, &apply_button()); +print "
\n"; + +print "

",&text('import_done1', scalar(@newrules)),"

\n"; + +print "

\n"; +&footer("", $text{'index_return'}); +&remote_webmin_log("import", "rules", $in{'src_def'} ? undef : $in{'src'}); + +sub parse_srcdest +{ +if ($_[0] eq "") { + return "*"; + } +elsif (&valid_host($_[0])) { + return $_[0]; + } +elsif ($iface{lc($_[0])}) { + return "%".lc($_[0]); + } +else { + return undef; + } +} diff --git a/itsecur-firewall/import_servs.cgi b/itsecur-firewall/import_servs.cgi new file mode 100755 index 000000000..d9871b8c4 --- /dev/null +++ b/itsecur-firewall/import_servs.cgi @@ -0,0 +1,69 @@ +#!/usr/bin/perl +# Actually do an import of services + +require './itsecur-lib.pl'; +&can_edit_error("import"); +&error_setup($text{'import_err'}); +&ReadParseMime(); + +# Validate inputs +if (!$in{'src_def'}) { + -r $in{'src'} || &error_cleanup($text{'restore_esrc'}); + $data = `cat $in{'src'}`; + } +else { + $in{'file'} || &error_cleanup($text{'restore_efile'}); + $data = $in{'file'}; + } + +%services = map { $_->{'name'}, $_ } &list_services(); + +# Parse the CSV data +$data =~ s/\r//g; +$i = 0; +foreach $line (split(/\n/, $data)) { + # Split into columns + $oldline = $line; + $i++; + next if (!$line); + local @row; + while($line && $line =~ /^,?("([^"]*)"|([^,]*))(.*)$/) { + push(@row, $2 || $3); + $line = $4; + } + @row >= 3 || &error(&text('import_erow', $i, $oldline)); + + # Create a service + $row[0] =~ /\S/ || &error(text('import_eservname', $i)); + $services{$row[0]} && &error(text('import_eservclash', $i, $row[0])); + $serv = { 'name' => $row[0] }; + for($i=1; $i<@row; $i+=2) { + getprotobyname($row[$i]) || + &error(text('import_eproto', $i, $row[$i])); + $row[$i+1] =~ /^\d+$/ || + &error(text('import_eservnum', $i, $row[$i])); + push(@{$serv->{'protos'}}, $row[$i]); + push(@{$serv->{'ports'}}, $row[$i+1]); + } + push(@newservs, $serv); + } + +# Save the services +&lock_itsecur_files(); +@servs = &list_services(); +push(@servs, @newservs); +&automatic_backup(); +&save_services(@servs); +&unlock_itsecur_files(); + +# Tell the user +&header($text{'import_title'}, "", + undef, undef, undef, undef, &apply_button()); +print "
\n"; + +print "

",&text('import_done2', scalar(@newservs)),"

\n"; + +print "

\n"; +&footer("", $text{'index_return'}); +&remote_webmin_log("import", "services", $in{'src_def'} ? undef : $in{'src'}); + diff --git a/itsecur-firewall/import_times.cgi b/itsecur-firewall/import_times.cgi new file mode 100755 index 000000000..571b6e5fa --- /dev/null +++ b/itsecur-firewall/import_times.cgi @@ -0,0 +1,89 @@ +#!/usr/bin/perl +# Actually do an import of time ranges + +require './itsecur-lib.pl'; +&can_edit_error("import"); +&error_setup($text{'import_err'}); +&ReadParseMime(); + +# Validate inputs +if (!$in{'src_def'}) { + -r $in{'src'} || &error_cleanup($text{'restore_esrc'}); + $data = `cat $in{'src'}`; + } +else { + $in{'file'} || &error_cleanup($text{'restore_efile'}); + $data = $in{'file'}; + } + +%times = map { $_->{'name'}, $_ } &list_times(); +%daynum = ( "sun", 0, "mon", 1, "tue", 2, "wed", 3, "thu", 4, "fri", 5, "sat", 6 ); + +# Parse the CSV data +$data =~ s/\r//g; +$i = 0; +foreach $line (split(/\n/, $data)) { + # Split into columns + $oldline = $line; + $i++; + next if (!$line); + local @row; + while($line && $line =~ /^,?("([^"]*)"|([^,]*))(.*)$/) { + push(@row, $2 || $3); + $line = $4; + } + @row >= 1 || &error(&text('import_erow', $i, $oldline)); + + # Create a service + $row[0] =~ /\S/ || &error(text('import_etimename', $i)); + $times{$row[0]} && &error(text('import_etimeclash', $i, $row[0])); + $time = { 'name' => $row[0] }; + if ($row[1]) { + # Week days are given + foreach $d (split(/[\s|,]+/, $row[1])) { + local $dn = $daynum{lc($d)}; + defined($dn) || &error(text('import_etimeday', $i, $d)); + push(@days, $dn); + } + $time->{'days'} = join(",", @days); + } + else { + $time->{'days'} = '*'; + } + if ($row[2]) { + # Time range is given + $row[2] =~ /^(\d+):(\d+)\-(\d+):(\d+)$/ && + $1 >= 0 && $1 < 24 && + $2 >= 0 && $2 < 60 && + $3 >= 0 && $3 < 24 && + $4 >= 0 && $4 < 60 || + &error(&text('import_etimehour', $i, $row[2])); + $time->{'hours'} = $row[2]; + } + else { + $time->{'hours'} = '*'; + } + $time->{'days'} eq '*' && $time->{'hours'} eq '*' && + &error(text('import_etimenone', $i)); + push(@newtimes, $time); + } + +# Save the groups +&lock_itsecur_files(); +@times = &list_times(); +push(@times, @newtimes); +&automatic_backup(); +&save_times(@times); +&unlock_itsecur_files(); + +# Tell the user +&header($text{'import_title'}, "", + undef, undef, undef, undef, &apply_button()); +print "
\n"; + +print "

",&text('import_done4', scalar(@newtimes)),"

\n"; + +print "

\n"; +&footer("", $text{'index_return'}); +&remote_webmin_log("import", "times", $in{'src_def'} ? undef : $in{'src'}); + diff --git a/itsecur-firewall/index.cgi b/itsecur-firewall/index.cgi new file mode 100755 index 000000000..328d18715 --- /dev/null +++ b/itsecur-firewall/index.cgi @@ -0,0 +1,78 @@ +#!/usr/bin/perl +# index.cgi +# Show icons for rules, services, groups and NAT + +require './itsecur-lib.pl'; +&header($text{'index_title'}, "", undef, 1, 1, 0, &apply_button(), undef, undef, + &text('index_version', $module_info{'version'})); +print "
\n"; + +# Icons table +@can_opts = grep { $_ eq "backup" || $_ eq "restore" || $_ eq "remote" || $_ eq "import" ? &can_edit($_) : &can_use($_) } @opts; +@links = map { "list_".$_.".cgi" } @can_opts; +@titles = map { $text{$_."_title"} } @can_opts; +@icons = map { "images/".$_.".gif" } @can_opts; +@hrefs = map { ($_ eq "logs" || $_ eq "authlogs") && $config{'open_logs'} ? "target=_new" : "" } @can_opts; +&itsecur_icons_table(\@links, \@titles, \@icons, 4, \@hrefs); + +if (&can_edit("apply") || &can_edit("bootup")) { + print "
\n"; + } + +print "\n"; + +if (&can_edit("apply")) { + # Apply button + print "\n"; + print "\n"; + print "\n"; + print "\n"; + } + +if (&can_edit("bootup")) { + &foreign_require("init", "init-lib.pl"); + $atboot = &init::action_status("itsecur-firewall") == 2; + + # At-boot button + print "\n"; + print "\n"; + print "\n"; + } + +print "
$text{'index_applydesc'}
\n"; + printf " %s\n", + $atboot ? "checked" : "", $text{'yes'}; + printf " %s\n", + $atboot ? "" : "checked", $text{'no'}; + print " $text{'index_bootupdesc'}
\n"; + +print "
\n"; +&footer("/", $text{'index'}); + +# itsecur_icons_table(&links, &titles, &icons, [columns], [href], [width], [height]) +# Renders a 4-column table of icons +sub itsecur_icons_table +{ +&load_theme_library(); +if (defined(&theme_icons_table)) { + &theme_icons_table(@_); + return; + } +local ($i, $need_tr); +local $cols = $_[3] ? $_[3] : 4; +local $per = int(100.0 / $cols); +print "\n"; +for($i=0; $i<@{$_[0]}; $i++) { + if ($i%$cols == 0) { print "\n"; } + print "\n"; + if ($i%$cols == $cols-1) { print "\n"; } + } +while($i++%$cols) { print "\n"; $need_tr++; } +print "\n" if ($need_tr); +print "
\n"; + &generate_icon($_[2]->[$i], $_[1]->[$i], $_[0]->[$i], + ref($_[4]) ? $_[4]->[$i] : $_[4], $_[5], $_[6]); + print "
\n"; +} + + diff --git a/itsecur-firewall/ipf-lib.pl b/itsecur-firewall/ipf-lib.pl new file mode 100644 index 000000000..7721f96a7 --- /dev/null +++ b/itsecur-firewall/ipf-lib.pl @@ -0,0 +1,348 @@ +# ipf-lib.pl +# Defines firewall functions for IPF + +@actions = ( "allow", "deny", "reject" ); +$script_file = "$module_config_directory/ipf.sh"; +$nat_conf = "$module_config_directory/nat.conf"; +use Time::Local; + +# apply_rules(&rules, &hosts, &services) +# Turns the firewall configuration into an IPF script +sub apply_rules +{ +&deactivate_all_interfaces(); # will add those needed later +local $ipfw = &has_command("ipfw"); + +# Open scripts +open(SCRIPT, ">$script_file"); +print SCRIPT "#!/bin/sh\n"; +open(NATCONF, ">$nat_conf"); + +# Clear existing rules +print SCRIPT "$ipfw -f flush\n"; + +# Add rules for spoofing +local ($spoofiface, @nets) = &get_spoof(); +local $num = 1; +if ($spoofiface) { + local $n; + foreach $n (@nets) { + print_ipfw("drop ip from $n to any recv $spoofiface"); + } + } + +# Allow established connections +$num = 2; +print_ipfw("allow tcp from any to any established"); + +# Always allow localhost +$num = 3; +print_ipfw("allow ip from any to any recv lo"); + +if ($config{'frags'}) { + # Drop fragments + # XXX how? + } + +# Add primary rules +local $r; +local @rules = &list_rules(); +local %services = map { $_->{'name'}, $_ } &list_services(); +local @groups = &list_groups(); +foreach $r (@rules) { + next if (!$r->{'enabled'}); + next if ($r->{'sep'}); + $num = $r->{'num'}*10; + + # Work out all source and destination hosts? + local @sources = &expand_hosts($r->{'source'}, \@groups); + local @dests = &expand_hosts($r->{'dest'}, \@groups); + + # Need to output a rule for every possible combination + local ($source, $dest); + local $aarg = $r->{'action'}; + local $logarg = $r->{'log'} ? "log" : ""; + foreach $source (@sources) { + $source =~ s/^!(\S.*)$/not $1/; + local $sarg = $source eq '*' ? "from any" : + $source =~ /^%(.*)$/ ? "from any" : + "from $source"; + local $siarg = $source =~ /^%(.*)$/ ? "xmit $1" : ""; + + foreach $dest (@dests) { + $dest =~ s/^!(\S.*)$/! $1/; + local $darg = $dest eq '*' && !$config{'fw_any'} && + $r->{'action'} eq 'allow' ? "! -d me" : + $dest =~ /^%(.*)$/ ? "to any" : + "to $dest"; + local $diarg = $dest =~ /^%(.*)$/ ? "recv $1" : ""; + + if ($r->{'service'} ne '*') { + # Output one rule for each service + local ($protos, $ports) = + &combine_services($r->{'service'}, + \%services); + for($i=0; $i<@$protos; $i++) { + local $pr = lc($protos->[$i]); + local $pt = $ports->[$i]; + + local $parg; + local $opts; + local $prarg; + if ($pr eq "gre") { + # handle old GRE protocols + $pr = "ip"; + $pr = "gre"; + } + if ($pr eq "ip") { + $prarg = $pt; + } + else { + $prarg = $pr; + } + if ($pr eq "ip") { + # No port for IP + } + elsif ($pt =~ /^(\d+)$/ || $pt eq '*') { + if ($pr eq 'icmp') { + $opts = " icmptype $pt" if ($pt ne '*'); + } + else { + $parg = $pt; + } + } + elsif ($pt =~ /^(\d+)\-(\d+)$/) { + $parg = "$1-$2"; + } + else { + $parg = join(",", split(/\s+/, $pt)); + } + print_ipfw("$aarg $logarg $prarg $sarg $darg $parg $opts $siarg $diarg"); + } + } + else { + # Single service-independent rule + print_ipfw("$aarg $logarg ip $sarg $darg $siarg $diarg"); + } + } + } + } + +# Add syn flood and spoofing rules +local ($flood, $spoof, $fin) = &get_syn(); +if ($flood) { + # Configure kernel to use syn cookies + print SCRIPT "sysctl net.inet.tcp.syncookies=1\n"; + } +else { + # Configure kernel to disable syn cookies + print SCRIPT "sysctl net.inet.tcp.syncookies=0\n"; + } +if ($spoof) { + # Drop TCP connection starts without SYN set + $num = 60000; + print_ipfw("allow tcp from any to any established"); + print_ipfw("deny tcp from any to any tcpflags !syn"); + } +if ($fin) { + # Drop TCP packets with both SYN and FIN set + $num = 61000; + print_ipfw("deny tcp from any to any tcpflags syn,fin"); + } + +local ($natiface, @nets) = &get_nat(); +local @maps; +if ($natiface) { + # Add rules for NAT + @maps = grep { ref($_) } @nets; + @nets = grep { !ref($_) } @nets; + local $m; + foreach $m (@maps) { + # Add rule for static NAT (internal to external host mapping) + print NATCONF "map $natiface $m->[1]/32 -> $m->[0]/32\n"; + print NATCONF "map $natiface $m->[0]/32 -> $m->[1]/32\n"; + if ($m->[2]) { + &activate_interface($m->[2], $m->[0]); + } + } + local $n; + foreach $n (@nets) { + # Add rule for dynamic NAT + local @sources = &expand_hosts("\@$n", \@groups); + local $source; + foreach $source (@sources) { + $source =~ s/^!(\S.*)$/! $1/; + print NATCONF "map $natiface $source -> 0/32\n"; + } + } + } + +# Add rules for PAT (external port to internal host mapping) +local @forwards = &get_pat(); +local $f; +foreach $f (@forwards) { + next if (!$f->{'iface'}); + local ($protos, $ports) = &combine_services($f->{'service'}, + \%services); + local $i; + for($i=0; $i<@$protos; $i++) { + local $pr = lc($protos->[$i]); + local $pt = $ports->[$i]; + next if ($pr ne 'tcp' && $pr ne 'udp'); + print NATCONF "rdr $f->{'iface'} 0/32 port $pt -> $f->{'host'} port $pt $pr\n"; + } + } + +# Allow all by default +$num = 60001; +print_ipfw("allow ip from any to any"); +close(SCRIPT); +chmod(0755, $script_file); +close(NATCONF); + +# Run the script +#return "
".`cat $script_file`."
\n"; +local $out = `cd /; $script_file 2>&1 $out"; + } + +# Run the NAT config +$out = `cd /; ipnat -C >/dev/null ; ipnat -f $nat_conf 2>&1 $out"; + } + +return undef; +} + +sub print_ipfw +{ +print SCRIPT "$ipfw add $num $_[0]\n"; +} + +# stop_rules() +# Allow all traffic +sub stop_rules +{ +&deactivate_all_interfaces(); +system("cd /; ipfw -f flush; ipfw add allow ip from any to any"); +system("cd /; ipnat -C"); +} + +# enable_routing() +# Enable routing under BSD +sub enable_routing +{ +system("sysctl net.inet.ip.forwarding=1 >/dev/null 2>&1"); +} + +# disable_routing() +# Disable routing under BSD +sub disable_routing +{ +system("sysctl net.inet.ip.forwarding=0 >/dev/null 2>&1"); +} + +sub get_log_file +{ +return "/var/log/security"; +} + +sub get_authlog_file +{ +return "/var/log/security"; +} + +sub is_log_line +{ +return $_[0] =~ /\sipfw:\s/; +} + +$time_now = time(); +@time_now = localtime($time_now); +%mmap = ( 'jan' => 0, 'feb' => 1, 'mar' => 2, 'apr' => 3, + 'may' => 4, 'jun' => 5, 'jul' => 6, 'aug' => 7, + 'sep' => 8, 'oct' => 9, 'nov' =>10, 'dec' =>11 ); + +# parse_log_line(line) +# Parses a line into a log info structure, or returns undef +sub parse_log_line +{ +if (&is_log_line($_[0])) { + local $info = { }; + if ($_[0] =~ /^(\S+)\s+(\d+)\s+(\d+):(\d+):(\d+)/) { + local $tm = timelocal($5, $4, $3, $2, $mmap{lc($1)}, $time_now[5]); + if ($tm > $time_now + 24*60*60) { + # Was really last year + $tm = timelocal($5, $4, $3, $2, $mmap{lc($1)}, $time_now[5]-1); + } + $info->{'time'} = $tm; + } + if ($_[0] =~ /ipfw:\s+(\d+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(in|out)\s+\S+\s+(\S+)/) { + if ($1 >= 10 && $1 < 60000) { + $info->{'rule'} = int($1/10); + } + $info->{'action'} = lc($2); + $info->{'action'} = "allow" if ($info->{'action'} eq "accept"); + $info->{'proto'} = uc($3); + if ($6 eq "in") { + $info->{'dst_iface'} = $7; + } + else { + $info->{'src_iface'} = $7; + } + local ($src, $dst) = ($4, $5); + if ($src =~ /^(\S+):(\d+)$/) { + $info->{'src'} = $1; + $info->{'src_port'} = $2; + } + else { + $info->{'src'} = $src; + } + if ($dst =~ /^(\S+):(\d+)$/) { + $info->{'dst'} = $1; + $info->{'dst_port'} = $2; + } + else { + $info->{'dst'} = $dst; + } + if ($info->{'proto'} =~ /^(ICMP):(\d+)/) { + $info->{'proto'} = $1; + $info->{'dst_port'} = $2; + } + } + return $info; + } +else { + return undef; + } +} + +sub allow_action +{ +return $_[0]->{'action'} eq 'allow'; +} + +sub deny_action +{ +return $_[0]->{'action'} eq 'deny'; +} + +sub default_action +{ +return "deny"; +} + +sub supports_time +{ +return 0; +} + +sub supports_bandwidth +{ +return 0; +} + +1; + diff --git a/itsecur-firewall/iptables-lib.pl b/itsecur-firewall/iptables-lib.pl new file mode 100644 index 000000000..4376cb782 --- /dev/null +++ b/itsecur-firewall/iptables-lib.pl @@ -0,0 +1,496 @@ +# iptables-lib.pl +# Defines firewall functions for IPtables + +@actions = ( 'accept', 'drop', 'reject', 'ignore' ); +$save_file = "$module_config_directory/iptables.save"; +$prerules = "$module_config_directory/prerules"; +$postrules = "$module_config_directory/postrules"; +$prenat = "$module_config_directory/prenat"; +$postnat = "$module_config_directory/postnat"; +$premangle = "$module_config_directory/premangle"; +$postmangle = "$module_config_directory/postmangle"; + + +use Time::Local; + +# apply_rules() +# Turns the firewall configuration into an IPtables save file, and then +# applies it. +sub apply_rules +{ +&deactivate_all_interfaces(); # will add those needed later + +local @dayname = ( "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" ); + +# Create the groups +open(SAVE, ">$save_file"); +print SAVE "*filter\n"; +print SAVE ":INPUT ACCEPT [0:0]\n"; +print SAVE ":OUTPUT ACCEPT [0:0]\n"; +print SAVE ":FORWARD ACCEPT [0:0]\n"; +print SAVE ":SYN-FLOOD -\n"; + +# Disable bandwith monitor +# Have a lots of issues. +# AA 2006-02-21 + + +#if ($config{'bandwidth'}) { +# # Add rules for bandwidth logging +# print SAVE "-A INPUT -i $config{'bandwidth'} -j LOG --log-prefix BANDWIDTH_IN: --log-level debug\n"; +# print SAVE "-A FORWARD -i $config{'bandwidth'} -j LOG --log-prefix BANDWIDTH_IN: --log-level debug\n"; +# print SAVE "-A FORWARD -o $config{'bandwidth'} -j LOG --log-prefix BANDWIDTH_OUT: --log-level debug\n"; +# print SAVE "-A OUTPUT -o $config{'bandwidth'} -j LOG --log-prefix BANDWIDTH_OUT: --log-level debug\n"; +# } + +# Add rules for spoofing +local ($spoofiface, @nets) = &get_spoof(); +if ($spoofiface) { + local $n; + foreach $n (@nets) { + print SAVE "-A INPUT -i $spoofiface -s $n -j DROP\n"; + } + } + +# Always allow established connections +print SAVE "-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\n"; +print SAVE "-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT\n"; + +# Always allow localhost +print SAVE "-A INPUT -i lo -j ACCEPT\n"; +print SAVE "-A OUTPUT -o lo -j ACCEPT\n"; + +if ($config{'frags'}) { + # Drop fragments + print SAVE "-A INPUT -p ip -f -j DROP\n"; + print SAVE "-A OUTPUT -p ip -f -j DROP\n"; + print SAVE "-A FORWARD -p ip -f -j DROP\n"; + } + +# Add syn flood and spoofing rules +local ($flood, $spoof, $fin) = &get_syn(); +if ($flood) { + # Limit number of syns / second + print SAVE "-A SYN-FLOOD -m limit --limit 1/s --limit-burst 4 -j RETURN\n"; + print SAVE "-A SYN-FLOOD -j DROP\n"; + print SAVE "-A INPUT -p tcp -m tcp --syn -j SYN-FLOOD\n"; + } +if ($spoof) { + # Drop TCP connection starts without SYN set + print SAVE "-A INPUT -p tcp -m tcp ! --syn -m state --state NEW -j DROP\n"; + } +if ($fin) { + # Drop TCP packets with both SYN and FIN + print SAVE "-A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP\n"; + } + +# Load PRErules +open(STATICS, $prerules); +while() { + print SAVE "$_"; + } +close(STATICS); + +# Add primary rules +local $r; +local @rules = &list_rules(); +local %services = map { $_->{'name'}, $_ } &list_services(); +local %times = map { $_->{'name'}, $_ } &list_times(); +local @groups = &list_groups(); +foreach $r (@rules) { + next if (!$r->{'enabled'}); + next if ($r->{'sep'}); + + # Work out all source and destination hosts? + local @sources = &expand_hosts($r->{'source'}, \@groups); + local @dests = &expand_hosts($r->{'dest'}, \@groups); + + # Work out time args + local $timearg; + if ($r->{'time'} ne "*") { + local $time = $times{$r->{'time'}}; + $timearg .= "-m time"; + if ($time->{'hours'} ne "*") { + local ($from, $to) = split(/\-/, $time->{'hours'}); + $timearg .= " --timestart $from --timestop $to"; + } + if ($time->{'days'} ne "*") { + $timearg .= " --days ". + join(",", map { $dayname[$_] } + split(/,/, $time->{'days'})); + } + } + + # Need to output a rule for every possible combination + local ($source, $dest); + local $aarg = "-j ".uc($r->{'action'}); + local $n = $r->{'num'}; + local $logpfx = "--log-prefix RULE_${n}:".uc($r->{'action'}).":"; + foreach $source (@sources) { + $source =~ s/^!(\S.*)$/! $1/; + local $sarg = $source eq '*' ? "" : + $source =~ /^%(.*)$/ ? "-o $1" : + "-s $source"; + local $me = &my_address_in($source); + + foreach $dest (@dests) { + $dest =~ s/^!(\S.*)$/! $1/; + local $darg = $dest eq '*' && !$config{'fw_any'} && + $r->{'action'} eq 'accept' ? "! -d $me" : + $dest eq '*' ? "" : + $dest =~ /^%(.*)$/ ? "-i $1" : + "-d $dest"; + + if ($r->{'service'} ne '*') { + # Output one rule for each real service + local ($protos, $ports) = + &combine_services($r->{'service'}, + \%services); + for($i=0; $i<@$protos; $i++) { + local $pr = lc($protos->[$i]); + local $pt = $ports->[$i]; + local $marg = $pr eq 'tcp' || + $pr eq 'udp' || $pr eq 'icmp' ? "-m $pr" : ""; + local $prarg; + if ($pr eq "gre") { + # handle old GRE protocols + $pr = "ip"; + $pr = "gre"; + } + if ($pr eq "ip") { + $prarg = "-p $pt"; + } + else { + $prarg = "-p $pr"; + } + local $parg; + if ($pr eq "ip") { + # No need for port number + } + elsif ($pt =~ /^(\d+)$/ || $pt eq '*') { + if ($pr eq 'icmp') { + $parg = "--icmp-type $pt" if ($pt ne '*'); + } + else { + $parg = "--destination-port $pt"; + } + } + elsif ($pt =~ /^(\d+)\-(\d+)$/) { + $parg = "--dport $1:$2"; + } + else { + $parg = "--dports ". + join(",", split(/\s+/, $pt)); + $marg .= " -m multiport"; + } + if ($r->{'log'}) { + if ($source !~ /^%(.*)$/) { + #if ($dest !~ /^%(.*)$/) { + print SAVE "-A INPUT $marg $prarg $timearg $sarg $darg $parg -j LOG $logpfx\n"; + } + print SAVE "-A FORWARD $marg $prarg $timearg $sarg $darg $parg -j LOG $logpfx\n"; + } + if ($source !~ /^%(.*)$/) { + #if ($dest !~ /^%(.*)$/) { + print SAVE "-A INPUT $marg $prarg $timearg $sarg $darg $parg $aarg\n"; + } + print SAVE "-A FORWARD $marg $prarg $timearg $sarg $darg $parg $aarg\n"; + } + } + else { + # Single service-independent rule + if ($r->{'log'}) { + if ($source !~ /^%(.*)$/) { + #if ($dest !~ /^%(.*)$/) { + print SAVE "-A INPUT $timearg $sarg $darg -j LOG $logpfx\n"; + } + print SAVE "-A FORWARD $timearg $sarg $darg -j LOG $logpfx\n"; + } + if ($source !~ /^%(.*)$/) { + #if ($dest !~ /^%(.*)$/) { + print SAVE "-A INPUT $timearg $sarg $darg $aarg\n"; + } + print SAVE "-A FORWARD $timearg $sarg $darg $aarg\n"; + } + } + } + } +# Load POSTrules +open(STATICS, $postrules); +while() { + print SAVE "$_"; + } +close(STATICS); + + +print SAVE "COMMIT\n"; + +print SAVE "*nat\n"; +print SAVE ":PREROUTING ACCEPT [0:0]\n"; +print SAVE ":POSTROUTING ACCEPT [0:0]\n"; +print SAVE ":OUTPUT ACCEPT [0:0]\n"; + + + +local ($natiface, @nets) = &get_nat(); +local @maps; +if ($natiface) { + # Add rules for NAT + @maps = grep { ref($_) } @nets; + @nets = grep { !ref($_) } @nets; + + # Add rules for NAT exclusions + local ($e,$my_e); + foreach $e (grep { $_ =~ /^\!/ } @nets) { + $my_e = $e; + $my_e =~ s/^\!//; + local @dests = &expand_hosts("\@$my_e", \@groups); + local $dest; + + foreach $dest (@dests) { + $dest =~ s/^!(\S.*)$/! $1/; + #print SAVE "-A POSTROUTING -o $natiface -d $dest -j RETURN\n"; + #print SAVE "-A PREROUTING -i $natiface -d $dest -j RETURN\n"; + print SAVE "-A POSTROUTING -d $dest -j RETURN\n"; + print SAVE "-A PREROUTING -d $dest -j RETURN\n"; + } + } + #Clear the nets_copy + + # Load PREnat After Return + open(STATICS, $prenat); + while() { + print SAVE "$_"; + } + close(STATICS); + + + # Add rules for static NAT + local $m; + local ($intf_i,$intf_o,$option_i,$option_o); + + # local @dests = &expand_hosts("\@$my_e", \@groups); + local (@tmp,$internal,$external); + + + foreach $m (@maps) { + @tmp = &expand_hosts("\@$m->[1]", \@groups); + $internal=$tmp[0]; + #@tmp = &expand_hosts("\@$m->[0]", \@groups); + $external="$m->[0]"; + if ($m->[2]) { + $intf_i= " -i $m->[2] "; + $intf_o= " -o $m->[2] "; + } else { + $intf_i= ""; + $intf_o= ""; + } + if (&check_netaddress($external)) { + $option_i=" -j NETMAP "; + $option_o=" -j NETMAP "; + } elsif (&check_netaddress($internal)) { + $option_o=" -j SNAT "; + if ($m->[2]) { + &activate_interface($m->[2], $external); + } + } else { + $option_i=" -j DNAT "; + $option_o=" -j SNAT "; + if ($m->[2]) { + &activate_interface($m->[2], $external); + } + } + (! &check_netaddress($internal) ) && print SAVE "-A PREROUTING $intf_i -d $external $option_i --to $internal\n"; + print SAVE "-A POSTROUTING $intf_o -s $internal $option_o --to $external\n"; + } + + # Load POSTnat + open(STATICS, $postnat); + while() { + print SAVE "$_"; + } + close(STATICS); + + # Add rules for dynamic NAT + + local $n; + foreach $n (grep { $_ !~ /^\!/ } @nets) { + local @sources = &expand_hosts("\@$n", \@groups); + local $source; + foreach $source (@sources) { + $source =~ s/^!(\S.*)$/! $1/; + print SAVE "-A POSTROUTING -o $natiface -s $source -j MASQUERADE\n"; + } + } + } + +# Add rules for PAT +local @forwards = &get_pat(); +local $f; +foreach $f (@forwards) { + next if (!$f->{'iface'}); + local ($protos, $ports) = &combine_services($f->{'service'}, + \%services); + local $i; + for($i=0; $i<@$protos; $i++) { + local $pr = lc($protos->[$i]); + local $pt = $ports->[$i]; + next if ($pr ne 'tcp' && $pr ne 'udp'); + print SAVE "-A PREROUTING -m $pr -p $pr --dport $pt -i $f->{'iface'} -j DNAT --to-destination $f->{'host'}:$pt\n"; + } + } + +print SAVE "COMMIT\n"; + +print SAVE "*mangle\n"; +print SAVE ":PREROUTING ACCEPT [0:0]\n"; +print SAVE ":OUTPUT ACCEPT [0:0]\n"; +# Load PREmangle +open(STATICS, $premangle); +while() { + print SAVE "$_"; + } +close(STATICS); +# Add rules + +# Load POSTmangle +open(STATICS, $postmangle); +while() { + print SAVE "$_"; + } +close(STATICS); +print SAVE "COMMIT\n"; +close(SAVE); + +# Apply the save file +local $out = `iptables-restore <$save_file 2>&1`; +if ($?) { + return "iptables-restore output : 
$out
"; + } +return undef; +} + +# stop_rules() +# Cancel all firewall rules and return to the default settings (allow all) +sub stop_rules +{ +&deactivate_all_interfaces(); +local $table; +foreach $table ([ "filter", "INPUT", "OUTPUT", "FORWARD" ], + [ "nat", "PREROUTING", "POSTROUTING", "OUTPUT" ], + [ "mangle", "PREROUTING", "OUTPUT" ]) { + local ($name, @chains) = @$table; + local $cmd; + foreach $cmd ((map { "iptables -t $name -P $_ ACCEPT" } @chains), + "iptables -t $name -F", + "iptables -t $name -X", + "iptables -t $name -Z") { + local $out = `$cmd 2>&1`; + if ($?) { + return "$cmd output : $out"; + } + } + } +return undef; +} + +# enable_routing() +# Enable routing under Linux +sub enable_routing +{ +system("sysctl -w net.ipv4.ip_forward=1 >/dev/null 2>&1"); +} + +# disable_routing() +# Disable routing under Linux +sub disable_routing +{ +system("sysctl -w net.ipv4.ip_forward=0 >/dev/null 2>&1"); +} + +sub get_log_file +{ +return "/var/log/messages"; +} + +sub get_authlog_file +{ +return -r "/var/log/secure" ? "/var/log/secure" : + -r "/var/log/security" ? "/var/log/security" : + -r "/var/log/authlog" ? "/var/log/authlog" : + "/var/log/auth"; +} + +sub is_log_line +{ +return $_[0] =~ /IN=.*OUT=/; +} + +$time_now = time(); +@time_now = localtime($time_now); +%mmap = ( 'jan' => 0, 'feb' => 1, 'mar' => 2, 'apr' => 3, + 'may' => 4, 'jun' => 5, 'jul' => 6, 'aug' => 7, + 'sep' => 8, 'oct' => 9, 'nov' =>10, 'dec' =>11 ); + +# parse_log_line(line) +# Parses a line into a log info structure, or returns undef +sub parse_log_line +{ +if (&is_log_line($_[0])) { + local $info = { }; + if ($_[0] =~ /RULE_(\d+):([^\s:]+)/) { + $info->{'rule'} = $1; + $info->{'action'} = lc($2); + } + if ($_[0] =~ /^(\S+)\s+(\d+)\s+(\d+):(\d+):(\d+)/) { + local $tm = timelocal($5, $4, $3, $2, $mmap{lc($1)}, $time_now[5]); + if ($tm > $time_now + 24*60*60) { + # Was really last year + $tm = timelocal($5, $4, $3, $2, $mmap{lc($1)}, $time_now[5]-1); + } + $info->{'time'} = $tm; + } + $info->{'src_iface'} = $1 if ($_[0] =~ /OUT=(\S*)/); + $info->{'dst_iface'} = $1 if ($_[0] =~ /IN=(\S*)/); + $info->{'src'} = $1 if ($_[0] =~ /SRC=(\S*)/); + $info->{'dst'} = $1 if ($_[0] =~ /DST=(\S*)/); + $info->{'size'} = $1 if ($_[0] =~ /LEN=(\S*)/); + $info->{'proto'} = $1 if ($_[0] =~ /PROTO=(\S*)/); + $info->{'src_port'} = $1 if ($_[0] =~ /SPT=(\S*)/); + $info->{'dst_port'} = $1 if ($_[0] =~ /DPT=(\S*)/); + $info->{'dst_port'} = $1 if ($_[0] =~ /TYPE=(\S*)/ && + $info->{'proto'} eq 'ICMP'); + return $info; + } +else { + return undef; + } +} + +sub allow_action +{ +return $_[0]->{'action'} eq 'accept'; +} + +sub deny_action +{ +return $_[0]->{'action'} eq 'drop'; +} + +sub default_action +{ +return "drop"; +} + +sub supports_time +{ +return 1; +} + +sub supports_bandwidth +{ +return &foreign_check("bandwidth"); +} + +1; + diff --git a/itsecur-firewall/itsecur-lib.pl b/itsecur-firewall/itsecur-lib.pl new file mode 100644 index 000000000..6eb506b58 --- /dev/null +++ b/itsecur-firewall/itsecur-lib.pl @@ -0,0 +1,1510 @@ +# itsecure-lib.pl +# Version +# ITsecur +# Common functions for all firewall types +# XXX only backup firewall module users? + +BEGIN { push(@INC, ".."); }; +use WebminCore; +&init_config(); +do "$config{'type'}-lib.pl"; + +@opts = ( 'rules', 'services', 'groups', 'nat','nat2', 'pat', 'spoof', 'syn', 'logs', + 'authlogs', 'report', + 'users', + &supports_time() ? ('times') : (), + 'backup', 'restore', + 'remote', 'import' ); +# Take out to test +# &supports_bandwidth() ? ('bandwidth') : (), +@backup_opts = grep { $_ ne 'logs' && $_ ne 'backup' && $_ ne 'restore' } + (@opts, 'ipsec', 'searches', 'config'); + +$groups_file = "$module_config_directory/groups"; +$standard_services_file = "$module_root_directory/standard-services"; +$services_file = "$module_config_directory/services"; +$rules_file = "$module_config_directory/rules"; +$nat_file = "$module_config_directory/nat"; +$nat2_file = "$module_config_directory/nat2"; +$pat_file = "$module_config_directory/pat"; +$spoof_file = "$module_config_directory/spoof"; +$syn_file = "$module_config_directory/syn"; +$times_file = "$module_config_directory/times"; +$active_interfaces = "$module_config_directory/active"; +$prerules = "$module_config_directory/prerules"; +$postrules = "$module_config_directory/postrules"; +$prenat = "$module_config_directory/prenat"; +$postnat = "$module_config_directory/postnat"; +$debug_file = "$module_config_directory/debug"; + +$searches_dir = "$module_config_directory/searches"; + +@config_files = ( $groups_file, $services_file, + $rules_file, $nat_file, $nat2_file, $pat_file, $spoof_file, + $syn_file, $times_file ); + +%access = &get_module_acl(); +if (defined($access{'edit'})) { + if ($access{'edit'}) { + @edit_access = @read_access = split(/\s+/, $access{'features'}); + } + else { + @read_access = split(/\s+/, $access{'features'}); + } + } +else { + @edit_access = split(/\s+/, $access{'features'}); + @read_access = split(/\s+/, $access{'rfeatures'}); + } +%edit_access = map { $_, 1 } @edit_access; +%read_access = map { $_, 1 } @read_access; + +$cron_cmd = "$module_config_directory/backup.pl"; + +# list_groups([file]) +# Returns a list of groups. Each has a name and zero or more member hosts, +# IP addresses, networks or other groups. +sub list_groups +{ +local @rv; +open(GROUPS, $_[0] || $groups_file); +while() { + s/\r|\n//g; + if (/^(\S+)\t+(.*)$/) { + local $group = { 'name' => $1, + 'members' => [ split(/\t+/, $2) ], + 'index' => scalar(@rv) }; + push(@rv, $group); + } + } +close(GROUPS); +return @rv; +} + +# save_groups(group, ...) +# Updates the groups list +sub save_groups +{ +local $g; +local @SortGroups=(); +foreach $g (@_) { + push(@SortGroups,$g->{'name'}."\t".join("\t", @{$g->{'members'}})."\n"); + } +open(GROUPS, ">$groups_file"); +print GROUPS sort { lc($a) cmp lc($b) } @SortGroups; +close(GROUPS); +&automatic_backup(); +} + +# list_services([file]) +# Returns a list of services, each of which has a name and multiple +# protocols and port +sub list_services +{ +local ($sf, @rv); +#if (!-r $standard_services_file) { +# system("cp $module_root_directory/standard-services $standard_services_file"); +# } +foreach $sf ($_[0] || $services_file, $standard_services_file) { + local @frv; + open(SERVS, $sf); + while() { + s/\r|\n//g; + s/#.*$//; + s/\s+$//; + if (/^(\S+)\t+(.*)$/) { + local $serv = { 'name' => $1, + 'standard' => + ($sf eq $standard_services_file), + 'index' => scalar(@frv) }; + local @pps = split(/\s*\t+\s*/, $2); + local $i; + for($i=0; $i<@pps; $i+=2) { + if ($pps[$i] eq "other") { + push(@{$serv->{'others'}}, $pps[$i+1]); + } + else { + push(@{$serv->{'protos'}}, $pps[$i]); + push(@{$serv->{'ports'}}, $pps[$i+1]); + } + } + push(@frv, $serv); + } + } + close(SERVS); + if ($sf eq $standard_services_file) { + push(@rv, sort { lc($a->{'name'}) cmp lc($b->{'name'}) } @frv); + } + else { + push(@rv, @frv); + } + } +return @rv; +} + +# combine_services(comma-list, &services-hash) +# Returns lists of protocols and port numbers taken from a comma-separated list +# of service names +sub combine_services +{ +local (@protos, @ports); +foreach $sn (split(/,/, $_[0])) { + local $serv = $_[1]->{$sn}; + push(@protos, @{$serv->{'protos'}}); + push(@ports, @{$serv->{'ports'}}); + local ($cprotos, $cports) = &combine_services(join(",", @{$serv->{'others'}}), $_[1]); + push(@protos, @$cprotos); + push(@ports, @$cports); + } +return (\@protos, \@ports); +} + +# save_services(service, ...) +sub save_services +{ +#open(SERVS, ">$services_file"); + +local @SortGroups; +local $data; +foreach $serv (@_) { + next if ($serv->{'standard'}); + $data=$serv->{'name'}; + local $i; + for($i=0; $i<@{$serv->{'protos'}}; $i++) { + $data = $data . "\t" . $serv->{'protos'}->[$i] . "\t" . $serv->{'ports'}->[$i]; + } + for($i=0; $i<@{$serv->{'others'}}; $i++) { + if ( $serv->{'others'}->[$i] ne $serv->{'name'}) { + $data = $data . "\tother\t".$serv->{'others'}->[$i]; + } + } + $data=$data . "\n"; + push(@SortGroups,$data); + } + + +open(SERVS, ">$services_file"); +print SERVS sort { lc($a) cmp lc($b) } @SortGroups; +close(SERVS); + +} + +# list_rules([file]) +# Returns a list of rules, each of which has a source, destination, service, +# action and log-flag +sub list_rules +{ +local @rv; +open(RULES, $_[0] || $rules_file); +local $rn = 1; +while() { + s/\r|\n//g; + if (/^(#*)([^\t]+)\t+([^\t]+)\t+(\S+)\t+(\S+)\t+(\d+)(\t+(\S+))?(\t+(\S+))?$/) { + local $rule = { 'enabled' => !$1, + 'source' => $2, + 'dest' => $3, + 'service' => $4, + 'action' => $5, + 'log' => $6, + 'time' => $8 || "*", + 'desc' => &un_urlize($10 || "*"), + 'index' => scalar(@rv), + 'num' => $rn++ }; + push(@rv, $rule); + } + elsif (/^(\S+)$/) { + local $sep = { 'sep' => 1, + 'desc' => &un_urlize($1), + 'index' => scalar(@rv) }; + push(@rv, $sep); + } + } +close(RULES); +return @rv; +} + +# save_rules(rule, ...) +sub save_rules +{ +open(RULES, ">$rules_file"); +local $rule; +foreach $rule (@_) { + if ($rule->{'sep'}) { + print RULES &urlize($rule->{'desc'}),"\n"; + } + else { + print RULES ($rule->{'enabled'} ? "" : "#"), + $rule->{'source'},"\t", + $rule->{'dest'},"\t", + $rule->{'service'},"\t", + $rule->{'action'},"\t", + $rule->{'log'},"\t", + $rule->{'time'},"\t", + $rule->{'desc'} eq "*" ? "*" + : &urlize($rule->{'desc'}),"\n"; + } + } +close(RULES); +} + +# group_name(string, [direction]) +# Given a source or destination name that may be a group, makes it nice +sub group_name +{ +if ($_[0] =~ /^\@(.*)$/) { + # Host group + return "$1"; + } +elsif ($_[0] =~ /^\!\@(.*)$/) { + # Negated host group + return "".&text('not', "$1").""; + } +elsif ($_[0] =~ /^\%(.*)$/) { + # Interface + return "".&text('iface', "$1").""; + } +elsif ($_[0] =~ /^\!\%(.*)$/) { + # Negated interface + return "".&text('iface_not', "$1").""; + } +elsif ($_[0] eq '*') { + # Anywhere + return $text{'anywhere'}; + } +elsif ($_[0] eq '!*') { + # Nowhere + return $text{'nowhere'}; + } +elsif ($_[0] =~ /^\!(.*\/.*)$/) { + # Negated network address + return &text('not', "$1"); + } +elsif ($_[0] =~ /^\!([0-9\.]+)\-([0-9]+)$/) { + # Negated address range + return &text('not', "$1-$2"); + } +elsif ($_[0] =~ /^\!(.*)$/) { + # Negated hostname or IP + return &text('not', "$1"); + } +elsif ($_[0] =~ /^(.*\/.*)$/) { + # Network address + return "$_[0]"; + } +elsif ($_[0] =~ /^([0-9\.]+)\-([0-9]+)$/) { + # Address range + return "$1-$2"; + } +else { + # Hostname or IP + return "$_[0]"; + } +} + +# group_names(string) +sub group_names +{ +return join(", ", map { &group_name($_) } split(/\s+/, $_[0])); +} + +# group_names_link(dest, [from], [direction]) +sub group_names_link +{ +local $g; +local @rv; +foreach $g (split(/\s+/, $_[0])) { + if ($g =~ /^\@(.*)$/ || $g =~ /^\!\@(.*)$/) { + push(@rv, "". + &group_name($g, $_[2]).""); + } + else { + push(@rv, &group_name($g, $_[2])); + } + } +return join(", ", @rv); +} + +# group_input(name, [value], [blankoption], [multiple]) +sub group_input +{ +local @groups = &list_groups(); +return undef if (!@groups); +local $rv = $_[3] ? "\n"; +if ($_[2]) { + $rv .= sprintf "