📄 firewallfunctions.php
字号:
<?php
/*
* modifySaveRule
* author Bianchini Stefano
* It saves a modified rule
*/
function modifySaveRule() {
global $CONF;
global $feedback;
$command="sudo /sbin/iptables -R ".$_POST["chain"]." ".$_POST["number"];
if ($_POST["saddr"]!="") $command.=" -s ".$_POST["saddrEqDif"]." ".$_POST["saddr"];
if ($_POST["daddr"]!="") $command.=" -d ".$_POST["daddrEqDif"]." ".$_POST["daddr"];
if ($_POST["protocol"]!="") {
$command.=" -p ".$_POST["protocol"];
if (($_POST["protocol"]=="tcp") || ($_POST["protocol"]=="udp")) {
if ($_POST["sport"]!="") $command.=" --sport ".$_POST["sportEqDif"]." ".$_POST["sport"];
if ($_POST["dport"]!="") $command.=" --dport ".$_POST["dportEqDif"]." ".$_POST["dport"];
}
}
else if (($_POST["sport"]!="") || ($_POST["dport"]!="")) {
$feedback.="<span style=\"color:red;font-weight:bold;\"> <img src=\"images/warning.png\" alt=\"\" border=\"0\" align=\"absmiddle\" /> Information about port are ignored. You did't specificated protocol or protocol is not TCP or UPD.</span>";
}
if ($_POST["i"]!="") $command.=" -i ".$_POST["iEqDif"]." ".$_POST["i"];
if ($_POST["o"]!="") $command.=" -o ".$_POST["oEqDif"]." ".$_POST["o"];
//Normal target
if ($_POST["target"]!="") $command.=" -j ".$_POST["target"];
exec($command,$out,$result);
unset($out);
if ($result!=0)
$feedback.="<span style=\"color:red;font-weight:bold;\"> <img src=\"images/warning.png\" alt=\"\" border=\"0\" align=\"absmiddle\" /> Error in modify rule: maybe hostname? multi-ip not allowed! (like google.com i.e. )</span>";
else
$feedback.="<span style=\"color:green;font-weight:bold;\"> <img src=\"images/info.png\" alt=\"\" border=\"0\" align=\"absmiddle\" /> Rule successfully modify.</span>";
}
/*
* censureDifference
* author Bianchini Stefano
* It removes "!" from string
*/
function censureDifference($string) {
return str_replace("!","",$string);
}
/*
* deleteRule
* author Bianchini Stefano
* It deletes a rule from iptables filter list
*/
function deleteRule() {
global $CONF;
global $feedback;
$command="sudo ".$CONF["pathIptables"]." -D ".$_POST["chain"]." ".$_POST["number"];
exec($command,$out,$result);
unset($out);
if ($result!=0)
$feedback.="<span style=\"color:red;font-weight:bold;\"> <img src=\"images/warning.png\" alt=\"\" border=\"0\" align=\"absmiddle\" /> Error in deleting rule</span>";
else
$feedback.="<span style=\"color:green;font-weight:bold;\"> <img src=\"images/info.png\" alt=\"\" border=\"0\" align=\"absmiddle\" /> Rule successfully deleted.</span>";
}
function modifyRule() { ?>
<h3>Modify Rule</h3>
<form method="post" action="index.php?modules=firewall">
<input type="hidden" name="action" value="modifySave" />
<input type="hidden" name="number" value="<?php echo $_POST["number"];?>" />
<input type="hidden" name="chain" value="<?php echo strtoupper($_POST["chain"]);?>" />
<table width="100%" class="tableBorder" border="0" cellpadding="3" cellspacing="0">
<tr class="thfirst"><th class="thAll">Chain</th><th class="thAll">Source Ip</th><th class="thAll">Dest. Ip</th>
<th class="thAll">Protocol</th><th class="thAll">Source Port</th><th class="thAll">Dest. Port</th>
<th class="thAll">Policy</th><th class="thAll">Input Int.</th><th class="thAll">Output Int.</th></tr>
<tr class="evenrowbg" align="center"><td><strong><?=$_POST["chain"]?></strong></td>
<td align="center"><?php writeEqDif("saddr",substr($_POST["source"],0,1));?><input id="saddr" type="text" name="saddr" size="15" value="<?=censureDifference($_POST["source"])?>"/></td>
<td align="center"><?php writeEqDif("daddr",substr($_POST["destination"],0,1));?><input id="daddr" type="text" name="daddr" size="15" value="<?=censureDifference($_POST["destination"])?>"/></td>
<td><select name="protocol">
<option value="tcp" <? if ($_POST["protocol"]=="tcp") echo "selected=\"selected\"";?>>TCP</option>
<option value="udp" <? if ($_POST["protocol"]=="udp") echo "selected=\"selected\"";?>>UDP</option>
<option value="icmp" <? if ($_POST["protocol"]=="icmp") echo "selected=\"selected\"";?>>ICMP</option>
<option value="" <? if (($_POST["protocol"]=="")||($_POST["protocol"]=="all")) echo "selected=\"selected\"";?>>ALL</option>
</select></td>
<td align="center"><?php writeEqDif("sport",substr($_POST["spt"],0,1));?><input id="sport" type="text" name="sport" size="4" value="<?=censureDifference($_POST["spt"])?>"/></td>
<td align="center"><?php writeEqDif("dport",substr($_POST["dpt"],0,1));?><input id="dport" type="text" name="dport" size="4" value="<?=censureDifference($_POST["dpt"])?>"/></td>
<td>
<select name="target">
<option <? if ($_POST["target"]=="ACCEPT") echo " selected=\"selected\"";?>>ACCEPT</option>
<option <? if ($_POST["target"]=="DROP") echo " selected=\"selected\"";?>>DROP</option>
<option <? if ($_POST["target"]=="REJECT") echo " selected=\"selected\"";?>>REJECT</option>
</select>
</td>
<td><?php writeEqDif("i",substr($_POST["in"],0,1));?>
<select name="i"><? writeSelectEth(censureDifference($_POST["in"])); ?></select></td>
<td><?php writeEqDif("o",substr($_POST["out"],0,1));?>
<select name="o"><? writeSelectEth(censureDifference($_POST["out"])); ?></select></td>
</tr>
<tr class="trback">
<td colspan="9" align="center">
<!--<input type="button" value="Back!" onClick="history.go(-1);" />-->
<input type="button" value="Modify" onClick="control();" />
</td>
</tr>
</table><?
}
function insertChain() {
global $CONF;
global $feedback;
$_POST["chain"]=strtoupper(escapeshellarg($_POST["chain"]));
exec("sudo ".$CONF["pathIptables"]." -N ".$_POST["chain"],$out,$result);
unset($out);
if ($result!=0)
$feedback.="<span style=\"color:red;font-weight:bold;\"> <img src=\"images/warning.png\" alt=\"\" border=\"0\" align=\"absmiddle\" /> Error in inserting a new chain.</span>";
else
$feedback.="<span style=\"color:green;font-weight:bold;\"> <img src=\"images/info.png\" alt=\"\" border=\"0\" align=\"absmiddle\" /> Chain successfully added.</span>";
}
function cleanAll() {
global $CONF;
global $feedback;
exec("sudo ".$CONF["pathIptables"]." -F",$out,$result);
unset($out);
if ($result!=0)
$feedback.="<span style=\"color:red;font-weight:bold;\"> <img src=\"images/warning.png\" alt=\"\" border=\"0\" align=\"absmiddle\" /> Error in flushing (cleaning).</span>";
else
$feedback.="<span style=\"color:green;font-weight:bold;\"> <img src=\"images/info.png\" alt=\"\" border=\"0\" align=\"absmiddle\" /> Successfully cleaned.</span>";
}
function iptablesSave() {
global $CONF;
global $feedback;
exec("sudo /sbin/iptables-save > ".$CONF["whereToSaveIptables"],$out,$result);
unset($out);
if ($result!=0)
$feedback.="<span style=\"color:red;font-weight:bold;\"> <img src=\"images/warning.png\" alt=\"\" border=\"0\" align=\"absmiddle\" /> Error in iptables-save. Maybe you haven't permission.</span>";
else
$feedback.="<span style=\"color:green;font-weight:bold;\"> <img src=\"images/info.png\" alt=\"\" border=\"0\" align=\"absmiddle\" /> Successfully written in ".$CONF["whereToSaveIptables"]."</span>";
}
function insertRule() {
global $CONF;
global $feedback;
$command="sudo ".$CONF["pathIptables"]." -A ".$_POST["chain"];
if ($_POST["saddr"]!="") $command.=" -s ".$_POST["saddrEqDif"]." ".$_POST["saddr"];
if ($_POST["daddr"]!="") $command.=" -d ".$_POST["daddrEqDif"]." ".$_POST["daddr"];
if ($_POST["protocol"]!="") {
$command.=" -p ".$_POST["protocol"];
if (($_POST["protocol"]=="tcp") || ($_POST["protocol"]=="udp")) {
if ($_POST["sport"]!="") $command.=" --sport ".$_POST["sportEqDif"]." ".$_POST["sport"];
if ($_POST["dport"]!="") $command.=" --dport ".$_POST["dportEqDif"]." ".$_POST["dport"];
}
}
else if (($_POST["sport"]!="") || ($_POST["dport"]!="")) {
$feedback.="<span style=\"color:red;font-weight:bold;\"> <img src=\"images/warning.png\" alt=\"\" border=\"0\" align=\"absmiddle\" /> Information about port are ignored. You did't specificated protocol or protocol is not TCP or UPD.</span>";
}
if ($_POST["i"]!="") $command.=" -i ".$_POST["iEqDif"]." ".$_POST["i"];
if ($_POST["o"]!="") $command.=" -o ".$_POST["oEqDif"]." ".$_POST["o"];
//For logging rule
if ($_POST["log"]!="") $commandLog=$command." -j LOG";
//Normal target
if ($_POST["target"]!="") $command.=" -j ".$_POST["target"];
escapeshellarg($command);
exec($command,$output,$result);
unset($output); //i don't need this
//Maybe i have to log something
if (!empty($commandLog)) {
escapeshellarg($commandLog);
exec($commandLog);
}
if ($result!=0) $feedback="<span style=\"color:red;font-weight:bold;\"> <img src=\"images/warning.png\" alt=\"\" border=\"0\" align=\"absmiddle\" /> Some errors happened inserting a new rule</span>";
else $feedback="<span style=\"color:green;font-weight:bold;\"> <img src=\"images/info.png\" alt=\"\" border=\"0\" align=\"absmiddle\" /> Rule written. Check rule's list.</span>";
//echo $command;
}
/*
* writeEqDif
* author Bianchini Stefano
* It write a select for choose "!" or "="
* @PARAM $field Name of field
* @PARAM $selected (opz) i use this only in modify mode
*/
function writeEqDif($field,$selected="") {?>
<select name="<?=$field?>EqDif">
<option value="" <? if ($selected!="!") echo " selected=\"selected\"";?>> = </option>
<option value="!" <? if ($selected=="!") echo " selected=\"selected\"";?>> ! </option>
</select>
<?
}
/*
* writeSelectEth
* author Bianchini Stefano
* It write a select for choose net interface
* @PARAM $selected (opz) i use this only in modify mode
*/
function writeSelectEth($selected="") {
$list=netInterfaces();
echo "<option value=\"\">All int.</option>\n";
foreach ($list as $interfaccia) {
echo "<option value=\"$interfaccia\"";
if ($selected==$interfaccia) echo " selected=\"selected\"";
echo ">$interfaccia</option>\n";
}
}
function netInterfaces(){
/*
* Author: Espinho
* Funzione che fa una chiamata a ifconfig e ne preleva le interfacce di rete
* e le ritorna in un array
*/
$interfaces = array();
$pattern = "/^([a-z0-9:]+)\s+Link encap:/";
exec("sudo /sbin/ifconfig",$output);
foreach($output as $riga)
if(preg_match($pattern,$riga,$result))
$interfaces[] = $result[1];
return $interfaces;
}
function firewallToArray(){
global $CONF;
/*
* Author: Espinho
* Funzione che fa una chiamata a "iptables -L -vn --line-numbers e ne preleva le catene(chain),
* le regole(rules) e le propriet⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -