mirror of
https://github.com/webmin/webmin.git
synced 2026-05-07 07:40:28 +01:00
170 lines
5.2 KiB
Perl
Executable File
170 lines
5.2 KiB
Perl
Executable File
#!/usr/bin/perl
|
|
# edit_rule.cgi
|
|
# Display a form for creating or editing a rule
|
|
|
|
require './nftables-lib.pl';
|
|
use strict;
|
|
use warnings;
|
|
our (%in, %text, %config);
|
|
&ReadParse();
|
|
my @tables = &get_nftables_save();
|
|
my $table = $tables[$in{'table'}];
|
|
my $rule;
|
|
my $chain_def;
|
|
my $chain_hook;
|
|
my $action_sel;
|
|
my $proto_sel;
|
|
my $icmp_type;
|
|
my $log_enabled;
|
|
|
|
if ($in{'new'}) {
|
|
&ui_print_header(undef, $text{'edit_title_new'}, "", "intro", 1, 1);
|
|
$rule = { 'chain' => $in{'chain'} };
|
|
} else {
|
|
&ui_print_header(undef, $text{'edit_title_edit'}, "", "intro", 1, 1);
|
|
$rule = $table->{'rules'}->[$in{'idx'}];
|
|
}
|
|
if ($table && $rule->{'chain'}) {
|
|
$chain_def = $table->{'chains'}->{$rule->{'chain'}};
|
|
$chain_hook = $chain_def ? $chain_def->{'hook'} : undef;
|
|
}
|
|
if ($rule) {
|
|
if ($rule->{'jump'}) {
|
|
$action_sel = 'jump';
|
|
}
|
|
elsif ($rule->{'goto'}) {
|
|
$action_sel = 'goto';
|
|
}
|
|
else {
|
|
$action_sel = $rule->{'action'};
|
|
}
|
|
$action_sel ||= 'accept';
|
|
$proto_sel = $rule->{'proto'} || $rule->{'l4proto'};
|
|
if (!$proto_sel) {
|
|
$proto_sel = 'icmp' if ($rule->{'icmp_type'});
|
|
$proto_sel = 'icmpv6' if ($rule->{'icmpv6_type'});
|
|
}
|
|
$proto_sel ||= 'tcp' if ($in{'new'});
|
|
$icmp_type = $rule->{'icmp_type'} || $rule->{'icmpv6_type'};
|
|
$log_enabled = $rule->{'log'} || $rule->{'log_prefix'} || $rule->{'log_level'};
|
|
}
|
|
|
|
print &ui_form_start("save_rule.cgi");
|
|
print &ui_hidden("table", $in{'table'});
|
|
print &ui_hidden("idx", $in{'idx'});
|
|
print &ui_hidden("chain", $rule->{'chain'});
|
|
print &ui_hidden("new", $in{'new'});
|
|
|
|
print &ui_table_start($text{'edit_header'}, "width=100%", 2);
|
|
|
|
# Rule comment
|
|
print &ui_table_row($text{'edit_comment'},
|
|
&ui_textbox("comment", $rule->{'comment'}, 50));
|
|
|
|
# Action
|
|
print &ui_table_row($text{'edit_action'},
|
|
&ui_select("action", $action_sel,
|
|
[
|
|
[ "accept", $text{'index_accept'} ],
|
|
[ "drop", $text{'index_drop'} ],
|
|
[ "reject", $text{'index_reject'} ],
|
|
[ "return", $text{'edit_return'} ],
|
|
[ "jump", $text{'edit_jump_action'} ],
|
|
[ "goto", $text{'edit_goto_action'} ],
|
|
]));
|
|
|
|
# Jump/Goto target chain
|
|
print &ui_table_row($text{'edit_jump'},
|
|
&ui_textbox("jump", $rule->{'jump'}, 20));
|
|
print &ui_table_row($text{'edit_goto'},
|
|
&ui_textbox("goto", $rule->{'goto'}, 20));
|
|
|
|
# Interfaces
|
|
if ($chain_hook && $chain_hook eq 'input') {
|
|
# Incoming interface
|
|
print &ui_table_row($text{'edit_iif'},
|
|
&interface_choice("iif", $rule->{'iif'}, $text{'edit_if_any'}));
|
|
}
|
|
elsif ($chain_hook && $chain_hook eq 'output') {
|
|
# Outgoing interface
|
|
print &ui_table_row($text{'edit_oif'},
|
|
&interface_choice("oif", $rule->{'oif'}, $text{'edit_if_any'}));
|
|
}
|
|
else {
|
|
# Forward or unknown chain - allow both
|
|
print &ui_table_row($text{'edit_iif'},
|
|
&interface_choice("iif", $rule->{'iif'}, $text{'edit_if_any'}));
|
|
print &ui_table_row($text{'edit_oif'},
|
|
&interface_choice("oif", $rule->{'oif'}, $text{'edit_if_any'}));
|
|
}
|
|
|
|
# Addresses
|
|
print &ui_table_row($text{'edit_saddr'},
|
|
&ui_textbox("saddr", $rule->{'saddr'}, 30));
|
|
print &ui_table_row($text{'edit_daddr'},
|
|
&ui_textbox("daddr", $rule->{'daddr'}, 30));
|
|
|
|
# Protocol
|
|
print &ui_table_row($text{'edit_proto'},
|
|
&ui_select("proto", $proto_sel,
|
|
[
|
|
[ "", $text{'edit_proto_any'} ],
|
|
[ "tcp", "TCP" ],
|
|
[ "udp", "UDP" ],
|
|
[ "icmp", "ICMP" ],
|
|
[ "icmpv6", "ICMPv6" ],
|
|
]));
|
|
|
|
# Ports
|
|
print &ui_table_row($text{'edit_sport'},
|
|
&ui_textbox("sport", $rule->{'sport'}, 10));
|
|
print &ui_table_row($text{'edit_dport'},
|
|
&ui_textbox("dport", $rule->{'dport'}, 10));
|
|
|
|
# ICMP type
|
|
print &ui_table_row($text{'edit_icmp_type'},
|
|
&ui_textbox("icmp_type", $icmp_type, 20));
|
|
|
|
# Conntrack state
|
|
print &ui_table_row($text{'edit_ct_state'},
|
|
&ui_textbox("ct_state", $rule->{'ct_state'}, 30));
|
|
|
|
# TCP flags
|
|
print &ui_table_row($text{'edit_tcp_flags'},
|
|
&ui_textbox("tcp_flags", $rule->{'tcp_flags'}, 20));
|
|
print &ui_table_row($text{'edit_tcp_flags_mask'},
|
|
&ui_textbox("tcp_flags_mask", $rule->{'tcp_flags_mask'}, 20));
|
|
|
|
# Limit
|
|
print &ui_table_row($text{'edit_limit_rate'},
|
|
&ui_textbox("limit_rate", $rule->{'limit_rate'}, 20));
|
|
print &ui_table_row($text{'edit_limit_burst'},
|
|
&ui_textbox("limit_burst", $rule->{'limit_burst'}, 10));
|
|
|
|
# Log
|
|
my $log_row = &ui_checkbox("log", 1, $text{'edit_log_enable'}, $log_enabled);
|
|
$log_row .= "<br>".&text('edit_log_prefix', &ui_textbox("log_prefix", $rule->{'log_prefix'}, 20));
|
|
$log_row .= " ".&text('edit_log_level', &ui_textbox("log_level", $rule->{'log_level'}, 10));
|
|
print &ui_table_row($text{'edit_log'}, $log_row);
|
|
|
|
# Counter
|
|
print &ui_table_row($text{'edit_counter'},
|
|
&ui_checkbox("counter", 1, $text{'edit_counter_enable'}, $rule->{'counter'}));
|
|
|
|
# Raw rule (read-only)
|
|
print &ui_table_row($text{'edit_raw_rule'},
|
|
&ui_textarea("raw_rule", $rule->{'text'}, 4, 60, undef, undef,
|
|
"readonly='true'"));
|
|
|
|
print &ui_table_end();
|
|
my @buttons;
|
|
if ($in{'new'}) {
|
|
push(@buttons, [ undef, $text{'create'} ]);
|
|
} else {
|
|
push(@buttons, [ undef, $text{'save'} ]);
|
|
push(@buttons, [ 'delete', $text{'delete'} ]);
|
|
}
|
|
print &ui_form_end(\@buttons);
|
|
|
|
&ui_print_footer("index.cgi?table=$in{'table'}", $text{'index_return'});
|