Gecko [ 122.154.134.11 ]

Name	Size	Permission
help	[ DIR ]	drwxr-xr-x
images	[ DIR ]	drwxr-xr-x
lang	[ DIR ]	drwxr-xr-x
CHANGELOG	2.69 KB	-rw-r--r--
acl_security.pl	1.41 KB	-rwxr-xr-x
apply.cgi	512 B	-rwxr-xr-x
backup_config.pl	649 B	-rwxr-xr-x
bootup.cgi	600 B	-rwxr-xr-x
cgi_args.pl	430 B	-rwxr-xr-x
cluster.cgi	2.08 KB	-rwxr-xr-x
cluster_add.cgi	2.19 KB	-rwxr-xr-x
cluster_delete.cgi	651 B	-rwxr-xr-x
coherent-linux-lib.pl	1.54 KB	-rwxr-xr-x
config	83 B	-rw-r--r--
config.info	1.23 KB	-rw-r--r--
config.info.bg	1.51 KB	-rw-r--r--
config.info.bg.UTF-8	2.47 KB	-rw-r--r--
config.info.ca	1.48 KB	-rw-r--r--
config.info.ca.UTF-8	1.5 KB	-rw-r--r--
config.info.cz	948 B	-rw-r--r--
config.info.cz.UTF-8	1012 B	-rw-r--r--
config.info.de	1.45 KB	-rw-r--r--
config.info.de.UTF-8	1.45 KB	-rw-r--r--
config.info.fr	766 B	-rw-r--r--
config.info.fr.UTF-8	765 B	-rw-r--r--
config.info.ja_JP.UTF-8	421 B	-rw-r--r--
config.info.ja_JP.euc	362 B	-rw-r--r--
config.info.nl	1007 B	-rw-r--r--
config.info.nl.UTF-8	1006 B	-rw-r--r--
config.info.no	1.01 KB	-rw-r--r--
config.info.no.UTF-8	1.01 KB	-rw-r--r--
config.info.pl	1021 B	-rw-r--r--
config.info.pl.UTF-8	1.01 KB	-rw-r--r--
config.info.pt_BR	1.11 KB	-rw-r--r--
config.info.pt_BR.UTF-8	1.1 KB	-rw-r--r--
config.info.ru.UTF-8	1.36 KB	-rw-r--r--
config.info.ru_RU	934 B	-rw-r--r--
config.info.ru_RU.UTF-8	1.36 KB	-rw-r--r--
config.info.ru_SU	934 B	-rw-r--r--
config.info.sk	972 B	-rw-r--r--
config.info.sk.UTF-8	1021 B	-rw-r--r--
config.info.tr	858 B	-rw-r--r--
convert.cgi	756 B	-rwxr-xr-x
debian-linux-lib.pl	3.98 KB	-rwxr-xr-x
defaultacl	100 B	-rw-r--r--
edit_rule.cgi	14.47 KB	-rwxr-xr-x
firewall-lib.pl	15.09 KB	-rwxr-xr-x
firewall4-lib.pl	1.69 KB	-rwxr-xr-x
firewall6-lib.pl	1.65 KB	-rwxr-xr-x
gentoo-linux-lib.pl	722 B	-rwxr-xr-x
index.cgi	17.47 KB	-rwxr-xr-x
install_check.pl	575 B	-rwxr-xr-x
log_parser.pl	835 B	-rwxr-xr-x
mandrake-linux-lib.pl	1.69 KB	-rwxr-xr-x
module.info	207 B	-rw-r--r--
module.info.ca	149 B	-rw-r--r--
module.info.ca.UTF-8	162 B	-rw-r--r--
module.info.cz	24 B	-rw-r--r--
module.info.cz.UTF-8	30 B	-rw-r--r--
module.info.de	159 B	-rw-r--r--
module.info.de.UTF-8	171 B	-rw-r--r--
module.info.es	26 B	-rw-r--r--
module.info.es.UTF-8	32 B	-rw-r--r--
module.info.hu	32 B	-rw-r--r--
module.info.hu.UTF-8	39 B	-rw-r--r--
module.info.ja_JP.UTF-8	48 B	-rw-r--r--
module.info.ja_JP.euc	38 B	-rw-r--r--
module.info.ms_MY	164 B	-rw-r--r--
module.info.ms_MY.UTF-8	176 B	-rw-r--r--
module.info.nl	23 B	-rw-r--r--
module.info.nl.UTF-8	29 B	-rw-r--r--
module.info.no	23 B	-rw-r--r--
module.info.no.UTF-8	29 B	-rw-r--r--
module.info.pl	137 B	-rw-r--r--
module.info.pl.UTF-8	153 B	-rw-r--r--
module.info.pt_BR	26 B	-rw-r--r--
module.info.pt_BR.UTF-8	32 B	-rw-r--r--
module.info.ru.UTF-8	57 B	-rw-r--r--
module.info.ru_RU	39 B	-rw-r--r--
module.info.ru_RU.UTF-8	60 B	-rw-r--r--
module.info.ru_SU	39 B	-rw-r--r--
module.info.sk	24 B	-rw-r--r--
module.info.sk.UTF-8	30 B	-rw-r--r--
move.cgi	1.29 KB	-rwxr-xr-x
newchain.cgi	898 B	-rwxr-xr-x
open-ports.pl	3.4 KB	-rwxr-xr-x
redhat-linux-lib.pl	2.14 KB	-rwxr-xr-x
save_policy.cgi	7.15 KB	-rwxr-xr-x
save_rule.cgi	12.11 KB	-rwxr-xr-x
save_rule6.cgi	12.04 KB	-rwxr-xr-x
setup.cgi	9.36 KB	-rwxr-xr-x
setup6.cgi	8.12 KB	-rwxr-xr-x
trustix-linux-lib.pl	2.14 KB	-rwxr-xr-x
unapply.cgi	609 B	-rwxr-xr-x

Code Editor : setup6.cgi

#!/usr/bin/perl
# setup.cgi
# Setup an initial save file

require './firewall-lib.pl';
require './firewall6-lib.pl';
&ReadParse();
$access{'setup'} || &error($text{'setup_ecannot'});

&lock_file($ip6tables_save_file);
if ($in{'reset'}) {
	# Clear out all rules
	foreach $t ("filter", "nat", "mangle") {
		&system_logged("ip6tables -t $t -P INPUT ACCEPT >/dev/null 2>&1");
		&system_logged("ip6tables -t $t -P OUTPUT ACCEPT >/dev/null 2>&1");
		&system_logged("ip6tables -t $t -P FORWARD ACCEPT >/dev/null 2>&1");
		&system_logged("ip6tables -t $t -P PREROUTING ACCEPT >/dev/null 2>&1");
		&system_logged("ip6tables -t $t -P POSTROUTING ACCEPT >/dev/null 2>&1");
		&system_logged("ip6tables -t $t -F >/dev/null 2>&1");
		&system_logged("ip6tables -t $t -X >/dev/null 2>&1");
		}
	}

# Save all existing active rules
if (defined(&unapply_ip6tables)) {
	&unapply_ip6tables();
	}
else {
	&backquote_logged("ip6tables-save >$ip6tables_save_file 2>&1");
	}

# Get important variable ports
&get_miniserv_config(\%miniserv);
$webmin_port = $miniserv{'port'} || 10000;
$webmin_port2 = $webmin_port + 10;
$usermin_port = undef;
if (&foreign_installed("usermin")) {
	&foreign_require("usermin", "usermin-lib.pl");
	&usermin::get_usermin_miniserv_config(\%uminiserv);
	$usermin_port = $uminiserv{'port'};
	}
$usermin_port ||= 20000;
$ssh_port = undef;
if (&foreign_installed("sshd")) {
	&foreign_require("sshd", "sshd-lib.pl");
	$conf = &sshd::get_sshd_config();
	$ssh_port = &sshd::find_value("Port", $conf);
	}
$ssh_port ||= 22;

if ($in{'auto'}) {
	@tables = &get_iptables_save();
	if ($in{'auto'} == 1) {
		# Add a single rule to the nat table for masquerading
		$iface = $in{'iface1'} eq 'other' ? $in{'iface1_other'}
						  : $in{'iface1'};
		$iface || &error($text{'setup_eiface'});
		($table) = grep { $_->{'name'} eq 'nat' } @tables;
		$table ||= { 'name' => 'nat',
			     'rules' => [ ],
			     'defaults' => { } };
		push(@{$table->{'rules'}},
		     	{ 'chain' => 'POSTROUTING',
			  'o' => [ "", $iface ],
			  'j' => [ "", 'MASQUERADE' ] } );
		}
	elsif ($in{'auto'} >= 2) {
		# Block all incoming traffic, except for established
		# connections, DNS replies and safe ICMP types
		# In mode 3 allow ssh and ident too
		# In mode 4 allow ftp, echo-request and high ports too
		$iface = $in{'iface'.$in{'auto'}} eq 'other' ?
				 $in{'iface'.$in{'auto'}.'_other'} :
				 $in{'iface'.$in{'auto'}};
		$iface || &error($text{'setup_eiface'});
		($table) = grep { $_->{'name'} eq 'filter' } @tables;
		$table ||= { 'name' => 'nat',
			     'rules' => [ ],
			     'defaults' => { } };
		$table->{'defaults'}->{'INPUT'} = 'DROP';
		push(@{$table->{'rules'}},
		     { 'chain' => 'INPUT',
		       'i' => [ "!", $iface ],
		       'j' => [ "", 'ACCEPT' ],
		       'cmt' => 'Accept traffic from internal interfaces' },
		     { 'chain' => 'INPUT',
		       'm' => [ [ "", "tcp" ] ],
		       'p' => [ "", "tcp" ],
		       'tcp-flags' => [ "", "ACK", "ACK" ],
		       'j' => [ "", 'ACCEPT' ],
		       'cmt' => 'Accept traffic with the ACK flag set' },
		     { 'chain' => 'INPUT',
		       'm' => [ [ "", "state" ] ],
		       'state' => [ "", "ESTABLISHED" ],
		       'j' => [ "", 'ACCEPT' ],
		       'cmt' => 'Allow incoming data that is part of a connection we established' },
		     { 'chain' => 'INPUT',
		       'm' => [ [ "", "state" ] ],
		       'state' => [ "", "RELATED" ],
		       'j' => [ "", 'ACCEPT' ],
		       'cmt' => 'Allow data that is related to existing connections' },
		     { 'chain' => 'INPUT',
		       'm' => [ [ "", "udp" ] ],
		       'p' => [ "", "udp" ],
		       'sport' => [ "", 53 ],
		       'dport' => [ "", "1024:65535" ],
		       'j' => [ "", 'ACCEPT' ],
		       'cmt' => 'Accept responses to DNS queries' },
			);
		if ($in{'auto'} >= 3) {
			# Allow ssh and ident
			push(@{$table->{'rules'}},
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", $ssh_port ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to our SSH server' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", "auth" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to our IDENT server'}
				);
			}
		if ($in{'auto'} >= 4) {
			# Allow pings
			push(@{$table->{'rules'}},
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "icmpv6" ] ],
			       'p' => [ [ "", "icmpv6" ] ],
			       'icmpv6-type' => [ "", "echo-request" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Respond to pings' }, );
			}
		if ($in{'auto'} == 4) {
			# Allow pings and most high ports
			push(@{$table->{'rules'}},
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", "2049:2050" ],
			       'j' => [ "", 'DROP' ],
			       'cmt' => 'Protect our NFS server' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", "6000:6063" ],
			       'j' => [ "", 'DROP' ],
			       'cmt' => 'Protect our X11 display server' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", "7000:7010" ],
			       'j' => [ "", 'DROP' ],
			       'cmt' => 'Protect our X font server' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", "1024:65535" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to unprivileged ports' },
				);
			}
		if ($in{'auto'} == 5) {
			# Allow typical hosting server ports
			push(@{$table->{'rules'}},
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", "53" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow DNS zone transfers' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "udp" ] ],
			       'p' => [ "", "udp" ],
			       'dport' => [ "", "53" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow DNS queries' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", "80" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to webserver' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", "443" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow SSL connections to webserver' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ], [ "", "multiport" ] ],
			       'p' => [ "", "tcp" ],
			       'dports' => [ "", "25,587" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to mail server' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", "20:21" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to FTP server' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ], [ "", "multiport" ] ],
			       'p' => [ "", "tcp" ],
			       'dports' => [ "", "110,995" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to POP3 server' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ], [ "", "multiport" ] ],
			       'p' => [ "", "tcp" ],
			       'dports' => [ "", "143,220,993" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to IMAP server' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "",$webmin_port.":".$webmin_port2 ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to Webmin' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", $usermin_port ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to Usermin' },
				);
			}
		}
	&run_before_command();
	&save_table($table);
	&run_after_command();
	&copy_to_cluster();
	}

if ($in{'atboot'}) {
	&create_firewall_init();
	}
&unlock_file($ip6tables_save_file);

&webmin_log("setup");
&redirect("");

${this.title}

Code Editor : setup6.cgi