terminata sistemazione sezione firewall

firewall/firewall_aggiorna.php

@@ -0,0 +1,15 @@
+<?php
+$base_dir  = __DIR__;
+
+include_once ("$base_dir/../core/config.php");
+include_once ("$base_dir/firewall_library.php");
+
+$FW_conf = carica_conf ("Firewall");
+
+if ($FW_conf['aggiornamento']) {
+	print "Eseguo aggiornamento\n";
+	genera();
+	disattiva_aggiornamento ();
+}
+
+?>

firewall/firewall_library.php

@@ -6,8 +6,14 @@ function attiva_aggiornamento () {
 	mysql_query( $query, $DB_ID );
 }
 
-function genera () {
+function disattiva_aggiornamento () {
+	global $DB_ID;
 
+	$query = "UPDATE firewall_conf SET valore = 0 WHERE variabile = 'aggiornamento'";
+	mysql_query( $query, $DB_ID );
+}
+
+function genera () {
 	$FW_conf = carica_conf ("Firewall");
 
 	$FW 		= file ($FW_conf['file_in']);
@@ -57,23 +63,27 @@ function genera () {
 	$aggiungere 	= array_diff($nuove_int[0], $vecchie_i);
 
 	foreach ($aggiungere as $regola) {
+		print "Attivata $regola\n";
 		exec ($nuove_int[2][$regola]);
 	}
 
 	foreach ($cancellare as $regola) {
+		print "Disattivata $regola\n";
 		elimina ($regola);
 	}
 
 
 	$new = array_merge($prima,$nuove_ext[1],$nuove_int[1],$dopo);
 	file_put_contents ($FW_conf['file_out'], $new, LOCK_EX);
-	$comando = "sudo cp ".$FW_conf['file_out']." ".$FW_conf['file_in'];
+	$comando = "cp ".$FW_conf['file_out']." ".$FW_conf['file_in'];
 	exec ($comando);
 }
 
 function genera_int () {
-	global $UTENTE, $DB_ID, $CONF, $FW_conf;
+	global $UTENTE, $DB_ID, $CONF;
 
+	$FW_conf = carica_conf ("Firewall");
+	
 	$query = "	SELECT
 				firewall_versointerno_regole.id,
 				firewall_versointerno_regole.stato,
@@ -111,6 +121,7 @@ function genera_int () {
 	$nomi 		= array ();
 	$file 		= array ();
 	$esegui 	= array ();
+	$portaIN	= $FW_conf['portaIN'];
 
 	$res = mysql_query( $query, $DB_ID );
 	while ($dato = mysql_fetch_array ( $res )) {
@@ -121,7 +132,6 @@ function genera_int () {
 				$ext_port 	= $dato['fw_port'];
 				$int_ip 	= $dato['int_ip'];
 				$ext_ip 	= $dato['ext_ip'];
-				$portaIN	= $FW_conf['portaIN'];
 
 				array_push($nomi, "REGOLA-I$id");
 
@@ -137,11 +147,11 @@ function genera_int () {
 
 				array_push($file, $regola);
 			
-				$regola .= "sudo iptables -I PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port; ";
+				$regola  = "iptables -I PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port; ";
-        			$regola .= "sudo iptables -N REGOLA-I$id; ";
+        			$regola .= "iptables -N REGOLA-I$id; ";
-				$regola .= "sudo iptables -I REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT; ";
+				$regola .= "iptables -I REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT; ";
-				$regola .= "sudo iptables -I REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT; ";
+				$regola .= "iptables -I REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT; ";
-				$regola .= "sudo iptables -I FORWARD -j REGOLA-I$id; ";
+				$regola .= "iptables -I FORWARD -j REGOLA-I$id; ";
 
 				$esegui['REGOLA-I'.$id] = $regola;
 	}
@@ -153,7 +163,9 @@ function genera_int () {
 }
 
 function genera_ext () {
-	global $UTENTE, $DB_ID, $CONF, $FW_conf;
+	global $UTENTE, $DB_ID, $CONF;
+
+	$FW_conf = carica_conf ("Firewall");
 
 	$query = "	SELECT
 				firewall_versoesterno_regole.id,
@@ -192,6 +204,7 @@ function genera_ext () {
 	$nomi 		= array ();
 	$file 		= array ();
 	$esegui 	= array ();
+	$portaIN	= $FW_conf['portaIN'];
 
 	$res = mysql_query( $query, $DB_ID );
 	while ($dato = mysql_fetch_array ( $res )) {
@@ -202,33 +215,32 @@ function genera_ext () {
 				$ext_port 	= $dato['ext_port'];
 				$int_ip 	= $dato['int_ip'];
 				$ext_ip 	= $dato['ext_ip'];
-				$portaIN	= $FW_conf['portaIN'];
 
 				array_push($nomi, "REGOLA-U$id");
 
 				if ($stato == 2) $perm = "PERMANENTE"; else $perm = "";
-				if ($int_ip != "") { 
+				if ($int_ip != "" && $int_ip != 0) { 
 					$ipint1 = "-s $int_ip"; 
 					$ipint2 = "-d $int_ip"; 
 				} else {
 					$ipint1 = "";
 					$ipint2 = "";
 				}
-				if ($ext_ip != "") { 
+				if ($ext_ip != "" && $ext_ip != 0) { 
 					$ipext1 = "-d $ext_ip"; 
 					$ipext2 = "-s $ext_ip"; 
 				} else {
 					$ipext1 = "";
 					$ipext2 = "";
 				}
-				if ($int_port != "") {
+				if ($int_port != "" && $int_port != 0) {
 					$ptint1 = "--sport $int_port"; 
 					$ptint2 = "--dport $int_port"; 
 				} else {
 					$ptint1 = "";
 					$ptint2 = "";
 				}
-				if ($ext_port != "") {
+				if ($ext_port != "" && $ext_port != 0) {
 					$ptext1 = "--dport $ext_port"; 
 					$ptext2 = "--sport $ext_port"; 
 				} else {
@@ -245,10 +257,10 @@ function genera_ext () {
 
 				array_push($file, $regola);
 				
-				$regola  = "sudo iptables -N REGOLA-U$id; ";
+				$regola  = "iptables -N REGOLA-U$id; ";
-				$regola .= "sudo iptables -I REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT; ";
+				$regola .= "iptables -I REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT; ";
-				$regola .= "sudo iptables -I REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT; ";
+				$regola .= "iptables -I REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT; ";
-				$regola .= "sudo iptables -I FORWARD -j REGOLA-U$id";
+				$regola .= "iptables -I FORWARD -j REGOLA-U$id";
 
 				$esegui['REGOLA-U'.$id] = $regola;
 	}
@@ -259,12 +271,12 @@ function genera_ext () {
 }
 
 function elimina ($cerca) {
-	exec ("sudo iptables -nL FORWARD --line-numbers | grep $cerca", $ritorno);
+	exec ("iptables -nL FORWARD --line-numbers | grep $cerca", $ritorno);
 	foreach (array_reverse($ritorno) as $riga) {
 		$pezzi = explode (" " , $riga);
-		exec ("sudo iptables -D FORWARD ".$pezzi[0]);
+		exec ("iptables -D FORWARD ".$pezzi[0]);
-		exec ("sudo iptables -F $cerca");
+		exec ("iptables -F $cerca");
-		exec ("sudo iptables -X $cerca");
+		exec ("iptables -X $cerca");
 	}
 }