umify images and config.info module.info

firewall/coherent-linux-lib.pl

@@ -2,7 +2,7 @@
 # Deal with redhat's /etc/sysconfig/iptables save file and startup script
 
 &foreign_require("init", "init-lib.pl");
-$init_script = "$init::config{'init_dir'}/iptables";
+$init_script = "$init::config{'init_dir'}/ip${ipvx}tables";
 
 # check_iptables()
 # Returns an error message if something is wrong with iptables on this system
@@ -23,6 +23,7 @@ if (!$config{'done_check_iptables'}) {
 return undef;
 }
 
+$ip6tables_save_file = "/etc/sysconfig/ip6tables";
 $iptables_save_file = "/etc/sysconfig/iptables";
 
 # apply_iptables()
@@ -46,17 +47,17 @@ return $? || $out =~ /FAILED/ ? "<pre>$out</pre>" : undef;
 # started_at_boot()
 sub started_at_boot
 {
-return &init::action_status("iptables") == 2;
+return &init::action_status("ip${ipvx}tables") == 2;
 }
 
 sub enable_at_boot
 {
-&init::enable_at_boot("iptables");	 # Assumes init script exists
+&init::enable_at_boot("ip${ipvx}tables");	 # Assumes init script exists
 }
 
 sub disable_at_boot
 {
-&init::disable_at_boot("iptables");
+&init::disable_at_boot("ip${ipvx}tables");
 }
 
 1;

firewall/debian-linux-lib.pl

@@ -2,20 +2,24 @@
 # Deal with debian's iptables save file and startup script
 
 if ($gconfig{'os_version'} >= 3.1 &&
-    !-r "/etc/init.d/iptables" &&
-    !-r "/etc/init.d/webmin-iptables" &&
+    !-r "/etc/init.d/ip${ipvx}tables" &&
+    !-r "/etc/init.d/webmin-ip${ipvx}tables" &&
     !$config{'force_init'}) {
 	# In newer Debians, IPtable is started by the network init script
 	$has_new_debian_iptables = 1;
+	$ip6tables_save_file = "/etc/ip6tables.up.rules";
 	$iptables_save_file = "/etc/iptables.up.rules";
 	}
 else {
 	# Older Debians use an init script
 	$has_debian_iptables = -r "/etc/init.d/iptables";
+	$debian_ip6tables_dir = "/var/lib/ip6tables";
 	$debian_iptables_dir = "/var/lib/iptables";
 	if ($has_debian_iptables) {
+		mkdir($debian_ip6tables_dir, 0755) if (!-d $debian_ip6tables_dir);
 		mkdir($debian_iptables_dir, 0755) if (!-d $debian_iptables_dir);
 		$iptables_save_file = "$debian_iptables_dir/active";
+		$ip6tables_save_file = "$debian_ip6tables_dir/active";
 		}
 	}
 
@@ -24,7 +28,7 @@ else {
 sub apply_iptables
 {
 if ($has_debian_iptables) {
-	local $out = &backquote_logged("cd / ; /etc/init.d/iptables start 2>&1");
+	local $out = &backquote_logged("cd / ; /etc/init.d/ip${ipvx}tables start 2>&1");
 	return $? ? "<pre>$out</pre>" : undef;
 	}
 else {
@@ -37,7 +41,7 @@ else {
 sub unapply_iptables
 {
 if ($has_debian_iptables) {
-	$out = &backquote_logged("cd / ; /etc/init.d/iptables save active 2>&1 </dev/null");
+	$out = &backquote_logged("cd / ; /etc/init.d/ip${ipvx}tables save active 2>&1 </dev/null");
 	return $? ? "<pre>$out</pre>" : undef;
 	}
 else {
@@ -51,7 +55,7 @@ sub started_at_boot
 &foreign_require("init", "init-lib.pl");
 if ($has_debian_iptables) {
 	# Check Debian init script
-	return &init::action_status("iptables") == 2;
+	return &init::action_status("ip${ipvx}tables") == 2;
 	}
 elsif ($has_new_debian_iptables) {
 	# Check network interface config
@@ -60,7 +64,7 @@ elsif ($has_new_debian_iptables) {
 			       &net::get_interface_defs();
 	foreach my $o (@{$debpri->[3]}) {
 		if (($o->[0] eq "pre-up" || $o->[0] eq "post-up") &&
-		    $o->[1] =~ /\S*iptables-restore\s+<\s+(\S+)/ &&
+		    $o->[1] =~ /\S*ip${ipvx}tables-restore\s+<\s+(\S+)/ &&
 		    $1 eq $iptables_save_file) {
 			return 1;
 			}
@@ -68,7 +72,7 @@ elsif ($has_new_debian_iptables) {
 	}
 else {
 	# Check Webmin init script
-	return &init::action_status("webmin-iptables") == 2;
+	return &init::action_status("webmin-ip${ipvx}tables") == 2;
 	}
 }
 
@@ -76,7 +80,7 @@ sub enable_at_boot
 {
 &foreign_require("init", "init-lib.pl");
 if ($has_debian_iptables) {
-	&init::enable_at_boot("iptables");	 # Assumes init script exists
+	&init::enable_at_boot("ip${ipvx}tables");	 # Assumes init script exists
 	}
 elsif ($has_new_debian_iptables) {
 	# Add to network interface config
@@ -85,7 +89,7 @@ elsif ($has_new_debian_iptables) {
 			       &net::get_interface_defs();
 	if ($debpri && !&started_at_boot()) {
 		push(@{$debpri->[3]},
-		     [ "post-up", "iptables-restore < $iptables_save_file" ]);
+		     [ "post-up", "ip${ipvx}tables-restore < $iptables_save_file" ]);
 		&net::modify_interface_def(@$debpri);
 		}
 	}
@@ -98,7 +102,7 @@ sub disable_at_boot
 {
 &foreign_require("init", "init-lib.pl");
 if ($has_debian_iptables) {
-	&init::disable_at_boot("iptables");
+	&init::disable_at_boot("ip${ipvx}tables");
 	}
 elsif ($has_new_debian_iptables) {
 	# Remove from network interface config
@@ -107,11 +111,11 @@ elsif ($has_new_debian_iptables) {
 			       &net::get_interface_defs();
 	@{$debpri->[3]} = grep {
 			($_->[0] ne "pre-up" && $_->[0] ne "post-up") ||
-			 $_->[1] !~ /^\S*iptables/ } @{$debpri->[3]};
+			 $_->[1] !~ /^\S*ip${ipvx}tables/ } @{$debpri->[3]};
 	&net::modify_interface_def(@$debpri);
 	}
 else {
-	&init::disable_at_boot("webmin-iptables");
+	&init::disable_at_boot("webmin-ip${ipvx}tables");
 	}
 }
 

firewall6/CHANGELOG

@@ -1,2 +0,0 @@
----- Changes since 1.800 ----
-First version of this module, contributed by Patrick Wahle.

firewall6/coherent-linux-lib.pl

@@ -1,63 +0,0 @@
-# coherant-linux-lib.pl
-# Deal with redhat's /etc/sysconfig/ip6tables save file and startup script
-
-&foreign_require("init", "init-lib.pl");
-$init_script = "$init::config{'init_dir'}/ip6tables";
-
-# check_ip6tables()
-# Returns an error message if something is wrong with ip6tables on this system
-sub check_ip6tables
-{
-if (!-r $init_script) {
-	return &text('coherent_escript', "<tt>$init_script</tt>");
-	}
-if (!$config{'done_check_ip6tables'}) {
-	local $out = `$init_script status 2>&1`;
-	if ($out !~ /table:|INPUT|FORWARD|OUTPUT/) {
-		return &text('coherent_eoutput',
-			     "<tt>$init_script status</tt>");
-		}
-	$config{'done_check_ip6tables'} = 1;
-	&save_module_config();
-	}
-return undef;
-}
-
-$ip6tables_save_file = "/etc/sysconfig/ip6tables";
-
-# apply_ip6tables()
-# Applies the current ip6tables configuration from the save file
-sub apply_ip6tables
-{
-local $out = &backquote_logged("cd / ; $init_script restart 2>&1");
-$out =~ s/\033[^m]+m//g;
-return $? || $out =~ /FAILED/ ? "<pre>$out</pre>" : undef;
-}
-
-# unapply_ip6tables()
-# Writes the current ip6tables configuration to the save file
-sub unapply_ip6tables
-{
-$out = &backquote_logged("cd / ; $init_script save 2>&1 </dev/null");
-$out =~ s/\033[^m]+m//g;
-return $? || $out =~ /FAILED/ ? "<pre>$out</pre>" : undef;
-}
-
-# started_at_boot()
-sub started_at_boot
-{
-return &init::action_status("ip6tables") == 2;
-}
-
-sub enable_at_boot
-{
-&init::enable_at_boot("ip6tables");	 # Assumes init script exists
-}
-
-sub disable_at_boot
-{
-&init::disable_at_boot("ip6tables");
-}
-
-1;
-

firewall6/coherent-linux-lib.pl

@@ -0,0 +1 @@
+../firewall/coherent-linux-lib.pl

firewall6/debian-linux-lib.pl

@@ -1,131 +0,0 @@
-# debians-linux-lib.pl
-# Deal with debian's ip6tables save file and startup script
-
-if ($gconfig{'os_version'} >= 3.1 &&
-    !-r "/etc/init.d/ip6tables" &&
-    !-r "/etc/init.d/webmin-ip6tables" &&
-    !$config{'force_init'}) {
-	# In newer Debians, IPtable is started by the network init script
-	$has_new_debian_ip6tables = 1;
-	$ip6tables_save_file = "/etc/ip6tables.up.rules";
-	}
-else {
-	# Older Debians use an init script
-	$has_debian_ip6tables = -r "/etc/init.d/ip6tables";
-	$debian_ip6tables_dir = "/var/lib/ip6tables";
-	if ($has_debian_ip6tables) {
-		mkdir($debian_ip6tables_dir, 0755) if (!-d $debian_ip6tables_dir);
-		$ip6tables_save_file = "$debian_ip6tables_dir/active";
-		}
-	}
-
-# apply_ip6tables()
-# Applies the current ip6tables configuration from the save file
-sub apply_ip6tables
-{
-if ($has_debian_ip6tables) {
-	local $out = &backquote_logged("cd / ; /etc/init.d/ip6tables start 2>&1");
-	return $? ? "<pre>$out</pre>" : undef;
-	}
-else {
-	return &ip6tables_restore();
-	}
-}
-
-# unapply_ip6tables()
-# Writes the current ip6tables configuration to the save file
-sub unapply_ip6tables
-{
-if ($has_debian_ip6tables) {
-	$out = &backquote_logged("cd / ; /etc/init.d/ip6tables save active 2>&1 </dev/null");
-	return $? ? "<pre>$out</pre>" : undef;
-	}
-else {
-	return &ip6tables_save();
-	}
-}
-
-# started_at_boot()
-sub started_at_boot
-{
-&foreign_require("init", "init-lib.pl");
-if ($has_debian_ip6tables) {
-	# Check Debian init script
-	return &init::action_status("ip6tables") == 2;
-	}
-elsif ($has_new_debian_ip6tables) {
-	# Check network interface config
-	local $pri = &get_primary_network_interface();
-	local ($debpri) = grep { $_->[0] eq $pri->{'fullname'} }
-			       &net::get_interface_defs();
-	foreach my $o (@{$debpri->[3]}) {
-		if (($o->[0] eq "pre-up" || $o->[0] eq "post-up") &&
-		    $o->[1] =~ /\S*ip6tables-restore\s+<\s+(\S+)/ &&
-		    $1 eq $ip6tables_save_file) {
-			return 1;
-			}
-		}
-	}
-else {
-	# Check Webmin init script
-	return &init::action_status("webmin-ip6tables") == 2;
-	}
-}
-
-sub enable_at_boot
-{
-&foreign_require("init", "init-lib.pl");
-if ($has_debian_ip6tables) {
-	&init::enable_at_boot("ip6tables");	 # Assumes init script exists
-	}
-elsif ($has_new_debian_ip6tables) {
-	# Add to network interface config
-	local $pri = &get_primary_network_interface();
-	local ($debpri) = grep { $_->[0] eq $pri->{'fullname'} }
-			       &net::get_interface_defs();
-	if ($debpri && !&started_at_boot()) {
-		push(@{$debpri->[3]},
-		     [ "post-up", "ip6tables-restore < $ip6tables_save_file" ]);
-		&net::modify_interface_def(@$debpri);
-		}
-	}
-else {
-	&create_webmin_init();
-	}
-}
-
-sub disable_at_boot
-{
-&foreign_require("init", "init-lib.pl");
-if ($has_debian_ip6tables) {
-	&init::disable_at_boot("ip6tables");
-	}
-elsif ($has_new_debian_ip6tables) {
-	# Remove from network interface config
-	local $pri = &get_primary_network_interface();
-	local ($debpri) = grep { $_->[0] eq $pri->{'fullname'} }
-			       &net::get_interface_defs();
-	@{$debpri->[3]} = grep {
-			($_->[0] ne "pre-up" && $_->[0] ne "post-up") ||
-			 $_->[1] !~ /^\S*ip6tables/ } @{$debpri->[3]};
-	&net::modify_interface_def(@$debpri);
-	}
-else {
-	&init::disable_at_boot("webmin-ip6tables");
-	}
-}
-
-sub get_primary_network_interface
-{
-&foreign_require("net", "net-lib.pl");
-local @boot = sort { $a->{'fullname'} cmp $b->{'fullname'} }
-		   &net::boot_interfaces();
-local ($eth) = grep { $_->{'fullname'} =~ /^eth\d+$/ } @boot;
-local ($ppp) = grep { $_->{'fullname'} =~ /^ppp\d+$/ } @boot;
-local ($venetn) = grep { $_->{'fullname'} =~ /^venet\d+:\d+$/ } @boot;
-local ($venet) = grep { $_->{'fullname'} =~ /^venet\d+$/ } @boot;
-return $eth || $ppp || $venetn || $venet || $boot[0];
-}
-
-1;
-

firewall6/debian-linux-lib.pl

@@ -0,0 +1 @@
+../firewall/debian-linux-lib.pl

firewall6/images

@@ -0,0 +1 @@
+../firewall/images

firewall6/install_check.pl

@@ -1,24 +0,0 @@
-# install_check.pl
-
-do 'firewall6-lib.pl';
-
-# is_installed(mode)
-# For mode 1, returns 2 if the server is installed and configured for use by
-# Webmin, 1 if installed but not configured, or 0 otherwise.
-# For mode 0, returns 1 if installed, 0 if not
-sub is_installed
-{
-return 0 if (&missing_firewall_commands());
-local $out = &backquote_command("ip6tables -n -t filter -L OUTPUT 2>&1");
-return 0 if ($?);
-if ($_[0]) {
-	if (!$config{'direct'} &&
-	    (defined(&check_ip6tables) && &check_ip6tables() ||
-	     !-s $ip6tables_save_file)) {
-		return 1;
-		}
-	return 2;
-	}
-return 1;
-}
-

firewall6/install_check.pl

@@ -0,0 +1 @@
+../firewall/install_check.pl

firewall6/module.info

@@ -1,9 +0,0 @@
-desc=Linux IPv6 Firewall
-category=net
-longdesc=Configure a Linux firewall using ip6tables. Allows the editing of all tables, chains, rules and options.
-name=Firewall6
-desc_de=Linux IPv6 Firewall
-os_support=*-linux
-desc_ca=Tallafocs Linux IPv6
-longdesc_ca=Configura un tallafocs Linux utilitzant ip6tables. Permet l'edició de totes les taules, cadenes, regles i opcions.
-longdesc_de=Konfiguriert eine Linux-Firewall mit ip6tables. Ermöglicht die Bearbeitung aller Tabellen, Ketten, Regeln und Optionen.

firewall6/module.info

@@ -0,0 +1 @@
+../firewall/module.info

firewall6/open-ports.pl

@@ -1,142 +0,0 @@
-#!/usr/local/bin/perl
-# Open some ports on the firewall. Exit statuses are :
-# 0 - Nothing needed to be done
-# 1 - Given ports were opened up
-# 2 - ip6tables is not installed or supported
-# 3 - No firewall is active
-# 4 - Could not apply configuration
-# 5 - Bad args
-
-$no_acl_check++;
-$ENV{'WEBMIN_CONFIG'} = "/etc/webmin";
-$ENV{'WEBMIN_VAR'} = "/var/webmin";
-if ($0 =~ /^(.*\/)[^\/]+$/) {
-	chdir($1);
-	}
-require './firewall6-lib.pl';
-if ($module_name ne 'firewall') {
-	print STDERR "Command must be run with full path\n";
-	exit(5);
-	}
-
-# Parse args
-if ($ARGV[0] eq "--no-apply") {
-	$no_apply = 1;
-	shift(@ARGV);
-	}
-if (!@ARGV) {
-	print STDERR "Missing ports to open\n";
-	exit(5);
-	}
-foreach $p (@ARGV) {
-	if ($p !~ /^\d+$/ && $p !~ /^\d+:\d+$/ && $p !~ /^\d+(,\d+)*$/) {
-		print STDERR "Port $p must be number or start:end range\n";
-		exit(5);
-		}
-	}
-
-# Check ip6tables support
-if (&foreign_installed($module_name, 1) != 2) {
-	print STDERR "ip6tables is not available\n";
-	exit(2);
-	}
-
-# Check if any rules exist
-@tables = &get_ip6tables_save();
-if (!@tables) {
-	print STDERR "No ip6tables rules exist yet\n";
-	exit(3);
-	}
-($filter) = grep { $_->{'name'} eq 'filter' } @tables;
-if (!$filter) {
-	print STDERR "No ip6tables filter table found\n";
-	exit(3);
-	}
-elsif (!@{$filter->{'rules'}}) {
-	print STDERR "No ip6tables rules found in filter table\n";
-	exit(3);
-	}
-
-# Check if any rules are active
-@livetables = &get_ip6tables_save("ip6tables-save 2>/dev/null |");
-($livefilter) = grep { $_->{'name'} eq 'filter' } @livetables;
-
-@added = ( );
-PORT: foreach $p (@ARGV) {
-	# For each port, find existing rules
-	print STDERR "Checking for port $p ..\n";
-	foreach $r (@{$filter->{'rules'}}) {
-		if ($r->{'chain'} eq 'INPUT' &&
-		    $r->{'j'} && $r->{'j'}->[1] eq 'ACCEPT' &&
-		    $r->{'p'} && $r->{'p'}->[0] eq '' &&
-		    		 $r->{'p'}->[1] eq 'tcp') {
-			# Found tcp rule .. check ports
-			@rports = ( );
-			$rrange = undef;
-			if ($r->{'dports'} && $r->{'dports'}->[0] eq '') {
-				push(@rports, split(/,/, $r->{'dports'}->[1]));
-				$rrange = $r->{'dports'}->[1];
-				}
-			if ($r->{'dport'} && $r->{'dport'}->[0] eq '') {
-				($s, $e) = split(":", $r->{'dport'}->[1]);
-				if ($s && $e) {
-					push(@rports, ($s .. $e));
-					}
-				elsif ($s) {
-					push(@rports, $s);
-					}
-				$rrange = $r->{'dport'}->[1];
-				}
-			if (&indexof($p, @rports) >= 0 ||
-			    $p eq $rrange) {
-				print STDERR ".. already allowed\n";
-				next PORT;
-				}
-			}
-		}
-
-	# Add a rule at the top for this port
-	$r = { 'chain' => 'INPUT',
-	       'm' => [ [ "", "tcp" ] ],
-	       'p' => [ "", "tcp" ],
-	       'j' => [ "", 'ACCEPT' ] };
-	if ($p =~ /,/) {
-		$r->{'dports'} = [ "", $p ];
-		push(@{$r->{'m'}}, [ "", "multiport" ]);
-		}
-	else {
-		$r->{'dport'} = [ "", $p ];
-		}
-	unshift(@{$filter->{'rules'}}, $r);
-	push(@added, $p);
-	}
-
-if (@added) {
-	# Added some rules .. save them
-	&run_before_command();
-	&lock_file($ip6tables_save_file);
-	&save_table($filter);
-	&unlock_file($ip6tables_save_file);
-	&run_after_command();
-	&copy_to_cluster();
-	print STDERR "Opened ports ",join(" ", @added),"\n";
-
-	# Apply, if live
-	$ex = 1;
-	if (!$no_apply && $livefilter && @{$livefilter->{'rules'}}) {
-		$err = &apply_configuration();
-		if ($err) {
-			print "Failed to apply configuration : $err\n";
-			$ex = 4;
-			}
-		else {
-			print "Applied configuration successfully\n";
-			}
-		}
-	&webmin_log("openports", undef, undef, { 'ports' => \@added });
-	exit($ex);
-	}
-else {
-	print STDERR "All ports are already open\n";
-	exit(0);
-	}

firewall6/open-ports.pl

@@ -0,0 +1 @@
+../firewall/open-ports.pl