Thread: IPCop
View Single Post
  #15  
Old 10th March 2008, 04:35
Elixa Elixa is offline
Junior Member
 
Join Date: Mar 2008
Posts: 6
Thanks: 0
Thanked 3 Times in 3 Posts
Default

Leszek - The only thing I'd need is an interface for setting/changing Ip Tables firewall rules. Does anyone know of an extension for IP-Cop (or some other way),which makes it possible?

--------------------------------------------------

Answer ... you need these two addons … for your IPCOP

1. BlockOutTraffic-3.0.0-GUI-b2

This addon is complicated & confusing in its rule writing ... but unlike its title suggests ... it is not just for blocking Out-Bound-Traffic. This addon has no major bugs … installs perfectly on most versions of IPCOP … and is a complete by-directional rule writer. As an extra BONUS (one of the few that can) … this addon handles every kind of IP format range. You can be very specific with your rules. Many have asked similar questions about how to block certain IP-ranges within their intranets. With this addon you can rule in or out almost anything.

Note. For those taking this addon to the extreme … IP-Tables may only handle about 2500 rules before the rules go crazy … found this out personally using “BlockOutTraffic-3.0.0-GUI-b2” and “Iptablesgui-ipcop-0.1.0.

2. Iptablesgui-ipcop-0.1.0

With this addon you can see … in near real-time (as fast as you can click it)… exactly how your rules appear in IP-Tables. Modify the rules in BlockOutTraffic and then view this addon to see how they look. This is a very handy addon, overall … less any outside connections attempts (see below).

--------------------------------------------------

Iptablesgui --- For the more serious IPCOP users … References to an update within the cgi page … that doesn’t exist from the parent company … could be removed. Removing the update reference calls from the page increases the refresh speed of the page a little … and perhaps improves security of your IPCOP as well.

After you have successfully installed “Iptablesgui-ipcop-0.1.0” …

If you leave your iptablesgui.cgi … default, the way it is … when you refresh the Iptablesgui page …

… your IPCOP will try to make a connection to … 87.169.30.220 "p57A91EDC.dip0.t-ipconnect.de"

If you modify “iptablesgui.cgi” … IPCOP will not make any UN-necessary outside connections when refreshing the Iptablesgui page!!! Below … is a copy of “iptablesgui.cgi” with REM Statements “#” inserted before the update checks.

cd /home/httpd/cgi-bin
edit “iptablesgui.cgi”

Start modification … Replace the entire contents with …
--------------------------------------------------





#!/usr/bin/perl
#
################################################## ##############################
#
# IPCop iptables Web-Iface
#
# Copyright (C) 2007 Olaf (weizen_42) Westrik
#
# This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110, USA
#
#
# Dieses Programm ist freie Software. Sie können es unter den Bedingungen der GNU General Public License, wie von der Free Software Foundation veröffentlicht, weitergeben und/oder modifizieren, entweder gemäß Version 2 der Lizenz oder (nach Ihrer Option) jeder späteren Version.
#
# Die Veröffentlichung dieses Programms erfolgt in der Hoffnung, daß es Ihnen von Nutzen sein wird, aber OHNE IRGENDEINE GARANTIE, sogar ohne die implizite Garantie der MARKTREIFE oder der VERWENDBARKEIT FÜR EINEN BESTIMMTEN ZWECK. Details finden Sie in der GNU General Public License.
#
# Sie sollten ein Exemplar der GNU General Public License zusammen mit diesem Programm erhalten haben. Falls nicht, schreiben Sie an die Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110, USA.
#
################################################## ##############################
#
# For support post / read in http://www.ipcop-forum.de
#
# $Id: iptablesgui.cgi 161 2007-05-18 14:07:45Z weizen_42 $
#
# 2007-03 created by weizen_42
#

use strict;

# enable only the following on debugging purpose
use warnings;
use CGI::Carp 'fatalsToBrowser';

use LWP::UserAgent;

require '/var/ipcop/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";

my $version = 'v0.1.0';
my $debug = 0;

##########
##################################################
## checking for new version
##my $addonname = 'iptablesgui';
##my $onlineversion = '';
##my $onlinelink = '';
##my $timestamplastcheck = '/var/ipcop/iptablesgui/lastcheck';
##my $flagdonotcheck = '/var/ipcop/iptablesgui/noversioncheck';
##################################################
##########

my $option_table = '';

my %cgiparams=();
$cgiparams{'ACTION'} = ''; # refresh
$cgiparams{'TABLE'} = 'filter'; # filter / mangle / nat / raw
$cgiparams{'CHAIN'} = '';
&Header::getcgihash(\%cgiparams);


if ( $cgiparams{'ACTION'} eq $Lang::tr{'refresh'} )
{
}
$cgiparams{'CHAIN'} = '' if ( $cgiparams{'TABLE'} eq 'BOT_FAQ_#11' );


&Header::showhttpheaders();
&Header::openpage($Lang::tr{'iptablesgui title'}, 1, '');
&Header::openbigbox('100%', 'left');

# Found this usefull piece of code in BlockOutTraffic AddOn 8-)
# fwrules.cgi
###############
# DEBUG DEBUG
if ( $debug )
{
&Header::openbox('100%', 'left', 'DEBUG');
my $debugCount = 0;
foreach my $line (sort keys %cgiparams) {
print "$line = $cgiparams{$line}<br />\n";
$debugCount++;
}
print "&nbsp;Count: $debugCount\n";
&Header::closebox();
}
# DEBUG DEBUG
###############

##########
##################################################
##
## Check for new version
##
##&checkfornewversion($addonname, $version);
##if ( $onlineversion ne '' )
##{
## &Header::openbox('100%', 'left', $Lang::tr{'info'});
## print <<END
##<table width="100%"><tr>
##<td>$Lang::tr{'iptablesgui newversion'} <a href="$onlinelink" target="_blank"><b>$onlineversion</b></a></td>
##</tr></table>
##END
##;
## &Header::closebox();
##}
##################################################
##########


foreach my $table ( ("filter", "mangle", "nat", "raw", "BOT_FAQ_#11") )
{
if ( $cgiparams{'TABLE'} eq $table )
{
$option_table = $option_table ."<option value='$table' selected='selected'>$table</option>";
}
else
{
$option_table = $option_table ."<option value='$table'>$table</option>";
}
}

&Header::openbox('100%', 'left', $Lang::tr{'iptablesgui title'});

print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>
<tr><td width='20%' class='base'>Table:</td><td colspan='3'><select name='TABLE'>$option_table</select></td></tr>
<tr><td width='20%' class='base'>Chain:&nbsp;<img src='/blob.gif' alt='*' /></td><td colspan='3'><input type='text' name='CHAIN' value='$cgiparams{'CHAIN'}' size='20' /></td></tr>
</table>
<hr />
<table width='100%'>
<tr>
<td width='70%' class='base' valign='top'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td>
<td width='30%'><input type='submit' name='ACTION' value='$Lang::tr{'refresh'}' /></td>
</tr>
</table>
<hr />
END
;

my $output = '';
if ( ($cgiparams{'TABLE'} eq 'BOT_FAQ_#11') || ($cgiparams{'CHAIN'} eq '') )
{
$output = `/usr/local/bin/iptableswrapper $cgiparams{'TABLE'} 2>&1`;
}
else
{
$output = `/usr/local/bin/iptableswrapper chain $cgiparams{'TABLE'} $cgiparams{'CHAIN'} 2>&1`;
}
$output = &Header::cleanhtml($output);

(my @lines) = split(/\n/, $output);

print "<pre>";
foreach my $line ( @lines )
{
$line = substr($line, 0, rindex($line, ' ', 120)) . "\n" . substr($line, rindex($line, ' ', 120)) if ( length($line) > 120 );
print $line ."\n";
}
print "</pre>";

print <<END
<hr />
<table width='100%'>
<tr>
<td>&nbsp;</td>
<td align='right'>
<b><small><a href="http://www.ban-solms.de/t/IPCop.html" target="_blank">iptablesgui $version</a></small></b>
</td>
</tr>
</table>
</form>
END
;
&Header::closebox();

&Header::closebigbox();
&Header::closepage();

##########
##################################################
##sub checkfornewversion
##{
## my $addon = shift;
## my $version = shift;
## $onlineversion = '';
##
## if ( -e $flagdonotcheck )
## {
## return;
## }
##
## # only check if we are online and last check was some time ago
## if ( (! -e '/var/ipcop/red/active') || (-e $timestamplastcheck) && (int(-M $timestamplastcheck) < 5) )
## {
## return;
## }
##

###workaround to suppress a warning when a variable is used only once
## my @dummy = ( $General::version );
## undef (@dummy);
##
## my $ua = LWP::UserAgent->new;
## $ua->timeout(120);
## $ua->agent("Mozilla/4.0 (compatible; IPCop $General::version; $version)");
## my $content = $ua->get("http://ipcop-addons.ath.cx/version/$addon");
##
## if ( $content->is_success )
## {
## # compare the versions, format is v1.2.3
## $content->content =~ /v(\d+).(\d+).(\d+)/;
## my $ver1 = $1;
## my $ver2 = $2;
## my $ver3 = $3;
##
## $version =~ /v(\d+).(\d+).(\d+)/;
##
## if ( ($ver1 > $1) || (($ver1 == $1) && ($ver2 > $2)) || (($ver1 == $1) && ($ver2 == $2) && ($ver3 > $3)) )
## {
## $onlineversion = "v$ver1.$ver2.$ver3";
##
## $content->content =~ /http(.*)/;
## $onlinelink = "http$1";
## }
## else
## {
## # no news, recheck in a couple of days
## system("touch $timestamplastcheck");
## }
## }
##}
##################################################
##########




--------------------------------------------------
End modification … Replace the entire contents with …
Reply With Quote