cmaffio/pannello
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

aggiunta gestione regole firewall in uscita

Browse Source
This commit is contained in:
cmaffio
2016-06-16 17:04:05 +02:00
parent 7089dbe2a7
commit 848720f5c5
5 changed files with 257 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
firewall/firewall_library.php Normal file
View File

@@ -0,0 +1,186 @@
<?php
function genera () {
// $file_in = "/etc/sysconfig/scripts/SuSEfirewall2-custom";
$file_in = "tmp/fw.new";
$file_out = "tmp/fw.new";
$FW = file ($file_in);
$prima = array ();
$dopo = array ();
$vecchie_u = array ();
$vecchie_i = array ();
$stato = 0;
foreach ($FW as $riga) {
switch ($stato) {
case 0:
array_push($prima, $riga);
if (preg_match('/# REGOLE DINAMICHE/', $riga)) $stato++;
break;
case 1:
if (preg_match('/START (REGOLA-U\d+)/', $riga, $trovata)) array_push($vecchie_u, $trovata[1]);
if (preg_match('/START (REGOLA-I\d+)/', $riga, $trovata)) array_push($vecchie_i, $trovata[1]);
if (preg_match('/# FINE REGOLE DINAMICHE/', $riga)) {
$stato++;
array_push($dopo, $riga);
}
break;
case 2:
array_push($dopo, $riga);
break;
}
}
$nuove_ext = genera_ext ();
$cancellare = array_diff($vecchie_u, $nuove_ext[0]);
$aggiungere = array_diff($nuove_ext[0], $vecchie_u);
foreach ($aggiungere as $regola) {
exec ($nuove_ext[2][$regola]);
}
foreach ($cancellare as $regola) {
elimina ($regola);
}
$new = array_merge($prima,$nuove_ext[1], $dopo);
file_put_contents ($file_out, $new, LOCK_EX);
}
function genera_ext () {
global $UTENTE, $DB_ID, $CONF;
$FW_conf = carica_conf ("Firewall");
$query = " SELECT
firewall_versoesterno_regole.id,
firewall_versoesterno_regole.stato,
firewall_versoesterno.proto,
firewall_versoesterno.int_port,
firewall_versoesterno.ext_port,
proxy_pool.ip AS int_ip,
firewall_macchine_ext.ip AS ext_ip
FROM
firewall_versoesterno_regole
JOIN
firewall_versoesterno
ON
firewall_versoesterno_regole.id_firewall_versoesterno = firewall_versoesterno.id
JOIN
firewall_macchine
ON
firewall_versoesterno.id_firewall_macchine = firewall_macchine.id
JOIN
proxy_pool
ON
firewall_macchine.id_proxy_pool = proxy_pool.id
JOIN
firewall_macchine_ext
ON
firewall_versoesterno.id_firewall_macchine_ext = firewall_macchine_ext.id
WHERE
firewall_versoesterno_regole.attivo = 1
AND
firewall_versoesterno_regole.stato > 0
GROUP BY
firewall_versoesterno_regole.id_firewall_versoesterno
";
$nomi = array ();
$file = array ();
$esegui = array ();
$res = mysql_query( $query, $DB_ID );
while ($dato = mysql_fetch_array ( $res )) {
$id = $dato['id'];
$proto = $dato['proto'];
$stato = $dato['stato'];
$int_port = $dato['int_port'];
$ext_port = $dato['ext_port'];
$int_ip = $dato['int_ip'];
$ext_ip = $dato['ext_ip'];
$portaIN = $FW_conf['portaIN'];
array_push($nomi, "REGOLA-U$id");
if ($stato == 2) $perm = "PERMANENTE"; else $perm = "";
if ($int_ip != "") {
$ipint1 = "-s $int_ip";
$ipint2 = "-d $int_ip";
} else {
$ipint1 = "";
$ipint2 = "";
}
if ($ext_ip != "") {
$ipext1 = "-d $ext_ip";
$ipext2 = "-s $ext_ip";
} else {
$ipext1 = "";
$ipext2 = "";
}
if ($int_port != "") {
$ptint1 = "--sport $int_port";
$ptint2 = "--dport $int_port";
} else {
$ptint1 = "";
$ptint2 = "";
}
if ($ext_port != "") {
$ptext1 = "--dport $ext_port";
$ptext2 = "--sport $ext_port";
} else {
$ptext1 = "";
$ptext2 = "";
}
$regola = "### START REGOLA-U$id $perm ###\n";
$regola .= "iptables -N REGOLA-U$id\n";
$regola .= "iptables -I REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT\n";
$regola .= "iptables -I REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT\n";
$regola .= "iptables -I FORWARD -j REGOLA-U$id\n";
$regola .= "### STOP REGOLA-U$id $perm ###\n";
array_push($file, $regola);
$regola = "sudo iptables -N REGOLA-U$id; ";
$regola .= "sudo iptables -I REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT; ";
$regola .= "sudo iptables -I REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT; ";
$regola .= "sudo iptables -I FORWARD -j REGOLA-U$id";
$esegui['REGOLA-U'.$id] = $regola;
}
$ritorna[0] = $nomi;
$ritorna[1] = $file;
$ritorna[2] = $esegui;
return $ritorna;
}
function elimina ($cerca) {
exec ("sudo iptables -nL FORWARD --line-numbers | grep $cerca", $ritorno);
foreach (array_reverse($ritorno) as $riga) {
$pezzi = explode (" " , $riga);
exec ("sudo iptables -D FORWARD ".$pezzi[0]);
exec ("sudo iptables -F $cerca");
exec ("sudo iptables -X $cerca");
}
}
?>

24
firewall/firewall_regolesterno.php
View File

@@ -10,6 +10,7 @@ if (isset($_POST['nome'])) {
$int_port = $_POST['int_port']; $int_port = $_POST['int_port'];
$ext_id = $_POST['ext_id']; $ext_id = $_POST['ext_id'];
$ext_port = $_POST['ext_port']; $ext_port = $_POST['ext_port'];
$proto = $_POST['proto'];
$query = " INSERT INTO $query = " INSERT INTO
firewall_versoesterno firewall_versoesterno
@@ -19,6 +20,7 @@ if (isset($_POST['nome'])) {
int_port = $int_port, int_port = $int_port,
id_firewall_macchine_ext = $ext_id, id_firewall_macchine_ext = $ext_id,
ext_port = $ext_port, ext_port = $ext_port,
proto = $proto,
data = NOW(), data = NOW(),
attivo = 1 attivo = 1
"; ";
@@ -55,7 +57,7 @@ $query = " SELECT
"; ";
$res_macchine_ext = mysql_query( $query, $DB_ID ); $res_macchine_ext = mysql_query( $query, $DB_ID );
$tabella = new html (0,"90%",array(3,3,2,15,2,15,5,2,15,5,2,15,0)); $tabella = new html (0,"90%",array(3,3,2,15,2,15,5,2,15,5,2,5,2,15,0));
?> ?>
<form name="" method="post"> <form name="" method="post">
<tr> <tr>
@@ -64,10 +66,12 @@ $tabella = new html (0,"90%",array(3,3,2,15,2,15,5,2,15,5,2,15,0));
<td class="descrizione">Nome regola</td> <td class="descrizione">Nome regola</td>
<td rowspan=2 class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td> <td rowspan=2 class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="descrizione">Macchina interna</td> <td class="descrizione">Macchina interna</td>
<td class="descrizione">Porta</td> <td class="descrizione_c">Porta</td>
<td rowspan=2 class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td> <td rowspan=2 class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="descrizione">Macchina esterna</td> <td class="descrizione">Macchina esterna</td>
<td class="descrizione">Porta</td> <td class="descrizione_c">Porta</td>
<td rowspan=2 class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="descrizione_c">Proto</td>
<td rowspan=2 colspan=3 class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td> <td rowspan=2 colspan=3 class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
@@ -92,6 +96,13 @@ $tabella = new html (0,"90%",array(3,3,2,15,2,15,5,2,15,5,2,15,0));
</select> </select>
</td> </td>
<td class="colip"><input type="text" size="3" name="ext_port"></td> <td class="colip"><input type="text" size="3" name="ext_port"></td>
<td class="colip">
<select name="proto">
<option value="" selected="selected">---</option>
<option value="tcp">TCP</option>
<option value="udp">UDP</option>
</select>
</td>
</tr> </tr>
</form> </form>
@@ -100,6 +111,7 @@ $tabella->riga();
$query = " SELECT $query = " SELECT
firewall_versoesterno.id, firewall_versoesterno.id,
firewall_versoesterno.nome, firewall_versoesterno.nome,
firewall_versoesterno.proto,
proxy_pool.ip AS int_ip, proxy_pool.ip AS int_ip,
proxy_pool.nome AS int_nome, proxy_pool.nome AS int_nome,
firewall_versoesterno.int_port, firewall_versoesterno.int_port,
@@ -142,10 +154,12 @@ while ($dato = mysql_fetch_array ( $res )) {
<td rowspan=2 class="descrizione"><?php print $dato['nome'] ?></td> <td rowspan=2 class="descrizione"><?php print $dato['nome'] ?></td>
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td> <td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="descrizione"><?php print $dato['int_nome'] ?></td> <td class="descrizione"><?php print $dato['int_nome'] ?></td>
<td rowspan=2 class="descrizione"><?php print $dato['int_port'] ?></td> <td rowspan=2 class="descrizione_c"><?php print $dato['int_port'] ?></td>
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td> <td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="descrizione"><?php print $dato['ext_nome'] ?></td> <td class="descrizione"><?php print $dato['ext_nome'] ?></td>
<td rowspan=2 class="descrizione"><?php print $dato['ext_port'] ?></td> <td rowspan=2 class="descrizione_c"><?php print $dato['ext_port'] ?></td>
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td rowspan=2 class="descrizione_c"><?php print $dato['proto'] ?></td>
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td> <td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td rowspan=2 class="descrizione"><?php print $dato['data'] ?></td> <td rowspan=2 class="descrizione"><?php print $dato['data'] ?></td>
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td> <td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>

9
firewall/index.php
View File

@@ -1,5 +1,6 @@
<?php <?php
include_once ("../core/config.php"); include_once ("../core/config.php");
include_once ("firewall_library.php");
$UTENTE = login(); $UTENTE = login();
$DIRITTI = diritti('Utente'); $DIRITTI = diritti('Utente');
view_top(); view_top();
@@ -7,6 +8,8 @@ view_top();
if (isset($_POST['utente'])) { if (isset($_POST['utente'])) {
$utente = $_POST['utente']; $utente = $_POST['utente'];
$modificato = 0;
$old = $new = array(); $old = $new = array();
foreach ($_POST as $id => $valore) { foreach ($_POST as $id => $valore) {
if (preg_match ("/^new-(\d+)/", $id, $ris)) $new[$ris[1]] = $valore; if (preg_match ("/^new-(\d+)/", $id, $ris)) $new[$ris[1]] = $valore;
@@ -16,6 +19,7 @@ if (isset($_POST['utente'])) {
foreach ($new as $id => $valore) { foreach ($new as $id => $valore) {
if ($new[$id] == $old[$id]) continue; if ($new[$id] == $old[$id]) continue;
$modificato = 1;
if ($valore >1) if ($valore >1)
$stato = 1; $stato = 1;
else else
@@ -51,7 +55,12 @@ if (isset($_POST['utente'])) {
data = NOW() data = NOW()
"; ";
$res = mysql_query( $query, $DB_ID ); $res = mysql_query( $query, $DB_ID );
} }
if ($modificato) genera();
} }
$tabella = new html (0,"90%",array(15,2,20,2,5,0)); $tabella = new html (0,"90%",array(15,2,20,2,5,0));

41
firewall/tmp/fw.new Normal file
View File

@@ -0,0 +1,41 @@
fw_custom_after_chain_creation() {
# REGOLE DINAMICHE
### START REGOLA-U1 ###
iptables -N REGOLA-U1
iptables -I REGOLA-U1 -p tcp -o bond0 -s 192.168.1.1 --sport 25 -d 151.1.219.70 --dport 443 -j ACCEPT
iptables -I REGOLA-U1 -p tcp -i bond0 -d 192.168.1.1 --dport 25 -s 151.1.219.70 --sport 443 -j ACCEPT
iptables -I FORWARD -j REGOLA-U1
### STOP REGOLA-U1 ###
### START REGOLA-U3 ###
iptables -N REGOLA-U3
iptables -I REGOLA-U3 -p udp -o bond0 -s 192.168.1.3 --sport 45 -d 151.1.219.70 --dport 6754 -j ACCEPT
iptables -I REGOLA-U3 -p udp -i bond0 -d 192.168.1.3 --dport 45 -s 151.1.219.70 --sport 6754 -j ACCEPT
iptables -I FORWARD -j REGOLA-U3
### STOP REGOLA-U3 ###
# FINE REGOLE DINAMICHE
true
}
fw_custom_before_port_handling() {
true
}
fw_custom_before_masq() {
true
}
fw_custom_before_denyall() {
true
}
fw_custom_after_finished() {
true
}

2
risorse/stili/stile.css
View File

@@ -32,6 +32,8 @@ td.campoc { font-family: verdana; font-size: 14px; text-align: center; vertical
td.valorec { font-family: verdana; font-size: 14px; text-align: center; vertical-align:text-top; text-decoration: none; color: #000000; } td.valorec { font-family: verdana; font-size: 14px; text-align: center; vertical-align:text-top; text-decoration: none; color: #000000; }
td.descrizione { font-family: verdana; font-size: 11px; text-align: left; width:50px; text-decoration: none; color: #8e8e8e; } td.descrizione { font-family: verdana; font-size: 11px; text-align: left; width:50px; text-decoration: none; color: #8e8e8e; }
td.descrizione_c{ font-family: verdana; font-size: 11px; text-align: center; width:50px; text-decoration: none; color: #8e8e8e; } td.descrizione_c{ font-family: verdana; font-size: 11px; text-align: center; width:50px; text-decoration: none; color: #8e8e8e; }
td.descrizione_l{ font-family: verdana; font-size: 11px; text-align: left; width:50px; text-decoration: none; color: #8e8e8e; }
td.descrizione_r{ font-family: verdana; font-size: 11px; text-align: right; width:50px; text-decoration: none; color: #8e8e8e; }
td.spaziol { font-family: verdana; font-size: 11px; text-align: left; height:1px; text-decoration: none; color: #8e8e8e; } td.spaziol { font-family: verdana; font-size: 11px; text-align: left; height:1px; text-decoration: none; color: #8e8e8e; }
td.radio { font-family: verdana; font-size: 11px; text-align: center; height:1px; text-decoration: none; color: #8e8e8e; } td.radio { font-family: verdana; font-size: 11px; text-align: center; height:1px; text-decoration: none; color: #8e8e8e; }
td.sep { font-family: verdana; font-size: 1px; text-align: left; height:1px; text-decoration: none; color: #8e8e8e; } td.sep { font-family: verdana; font-size: 1px; text-align: left; height:1px; text-decoration: none; color: #8e8e8e; }