cmaffio/pannello
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Aggiunta gestione regole in ingresso

Browse Source
This commit is contained in:
cmaffio
2016-06-21 16:23:20 +02:00
parent 3b97704f6d
commit da3fe71d69
9 changed files with 733 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/function.php
View File

@@ -657,8 +657,8 @@ class html {
print "\t</tr>\n"; print "\t</tr>\n";
} }
public function riga () { public function riga ($size=15) {
print "\t<tr><td class=\"spaziov\" colspan=\"$this->size\"><img src=\"".$this->conf['base_url']."/img/spazio.gif\"></td></tr>\n"; print "\t<tr><td style=\"height:".$size."px;\" colspan=\"$this->size\"></td></tr>\n";
} }
public function close () { public function close () {

9
firewall/firewall_azzera.php Executable file
View File

@@ -0,0 +1,9 @@
<?php
include_once ("../core/config.php");
include_once ("firewall_library.php");
azzera();
genera();
?>

26
firewall/firewall_gest.php
View File

@@ -73,6 +73,32 @@ if (isset($_GET['id'])) {
$testo = "Confermate la disattivazione della regola?"; $testo = "Confermate la disattivazione della regola?";
break; break;
case "vpn_rm":
$query = "DELETE FROM firewall_vpn WHERE id = $id";
$testo = "Confermate la rimozione della regola da quelle disponibili?";
break;
case "vpn_up":
$query = "UPDATE firewall_vpn SET attivo = 1 WHERE id = $id";
$testo = "Confermate l'attivazione della regola?";
break;
case "vpn_down":
$query = "UPDATE firewall_vpn SET attivo = 0 WHERE id = $id";
$testo = "Confermate la disattivazione della regola?";
break;
case "regolaint_rm":
$query = "DELETE FROM firewall_versointerno WHERE id = $id";
$testo = "Confermate la rimozione della regola da quelle disponibili?";
break;
case "regolaint_up":
$query = "UPDATE firewall_versointerno SET attivo = 1 WHERE id = $id";
$testo = "Confermate l'attivazione della regola?";
break;
case "regolaint_down":
$query = "UPDATE firewall_versointerno SET attivo = 0 WHERE id = $id";
$testo = "Confermate la disattivazione della regola?";
break;
default: default:
$testo = "Regola non implementata"; $testo = "Regola non implementata";

136
firewall/firewall_library.php
View File

@@ -1,9 +1,6 @@
<?php <?php
function genera () { function genera () {
// $file_in = "/etc/sysconfig/scripts/SuSEfirewall2-custom";
// $file_in = "tmp/fw.new";
// $file_out = "tmp/fw.new";
$FW_conf = carica_conf ("Firewall"); $FW_conf = carica_conf ("Firewall");
$FW = file ($FW_conf['file_in']); $FW = file ($FW_conf['file_in']);
@@ -34,13 +31,9 @@ function genera () {
array_push($dopo, $riga); array_push($dopo, $riga);
break; break;
} }
} }
$nuove_ext = genera_ext (); $nuove_ext = genera_ext ();
$cancellare = array_diff($vecchie_u, $nuove_ext[0]); $cancellare = array_diff($vecchie_u, $nuove_ext[0]);
$aggiungere = array_diff($nuove_ext[0], $vecchie_u); $aggiungere = array_diff($nuove_ext[0], $vecchie_u);
@@ -52,15 +45,108 @@ function genera () {
elimina ($regola); elimina ($regola);
} }
$new = array_merge($prima,$nuove_ext[1], $dopo); $nuove_int = genera_int ();
$cancellare = array_diff($vecchie_i, $nuove_int[0]);
$aggiungere = array_diff($nuove_int[0], $vecchie_i);
foreach ($aggiungere as $regola) {
exec ($nuove_int[2][$regola]);
}
foreach ($cancellare as $regola) {
elimina ($regola);
}
$new = array_merge($prima,$nuove_ext[1],$nuove_int[1],$dopo);
file_put_contents ($FW_conf['file_out'], $new, LOCK_EX); file_put_contents ($FW_conf['file_out'], $new, LOCK_EX);
$comando = "sudo cp ".$FW_conf['file_out']." ".$FW_conf['file_in']; $comando = "sudo cp ".$FW_conf['file_out']." ".$FW_conf['file_in'];
exec ($comando); exec ($comando);
} }
function genera_ext () { function genera_int () {
global $UTENTE, $DB_ID, $CONF, $FW_conf; global $UTENTE, $DB_ID, $CONF, $FW_conf;
$query = " SELECT
firewall_versointerno_regole.id,
firewall_versointerno_regole.stato,
firewall_versointerno.proto,
firewall_versointerno.int_port,
firewall_versointerno.fw_port,
proxy_pool.ip AS int_ip,
firewall_vpn.ip AS ext_ip
FROM
firewall_versointerno_regole
JOIN
firewall_versointerno
ON
firewall_versointerno_regole.id_firewall_versointerno = firewall_versointerno.id
JOIN
firewall_macchine
ON
firewall_versointerno.id_firewall_macchine = firewall_macchine.id
JOIN
proxy_pool
ON
firewall_macchine.id_proxy_pool = proxy_pool.id
JOIN
firewall_vpn
ON
firewall_versointerno.id_firewall_vpn = firewall_vpn.id
WHERE
firewall_versointerno_regole.attivo = 1
AND
firewall_versointerno_regole.stato > 0
GROUP BY
firewall_versointerno_regole.id_firewall_versointerno
";
$nomi = array ();
$file = array ();
$esegui = array ();
$res = mysql_query( $query, $DB_ID );
while ($dato = mysql_fetch_array ( $res )) {
$id = $dato['id'];
$proto = $dato['proto'];
$stato = $dato['stato'];
$int_port = $dato['int_port'];
$ext_port = $dato['fw_port'];
$int_ip = $dato['int_ip'];
$ext_ip = $dato['ext_ip'];
$portaIN = $FW_conf['portaIN'];
array_push($nomi, "REGOLA-I$id");
if ($stato == 2) $perm = "PERMANENTE"; else $perm = "";
$regola = "### START REGOLA-I$id $perm ###\n";
$regola .= "iptables -I PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port\n";
$regola .= "iptables -N REGOLA-I$id\n";
$regola .= "iptables -I REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT\n";
$regola .= "iptables -I REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT\n";
$regola .= "iptables -I FORWARD -j REGOLA-I$id\n";
$regola .= "### STOP REGOLA-I$id $perm ###\n";
array_push($file, $regola);
$regola .= "sudo iptables -I PREROUTING -t nat -p $proto -i $portaIN --dport $ext_port -j DNAT --to $int_ip:$int_port; ";
$regola .= "sudo iptables -N REGOLA-I$id; ";
$regola .= "sudo iptables -I REGOLA-I$id -p $proto -i $portaIN -s $ext_ip -d $int_ip --dport $int_port -j ACCEPT; ";
$regola .= "sudo iptables -I REGOLA-I$id -p $proto -o $portaIN -d $ext_ip -s $int_ip --sport $int_port -j ACCEPT; ";
$regola .= "sudo iptables -I FORWARD -j REGOLA-I$id; ";
$esegui['REGOLA-I'.$id] = $regola;
}
$ritorna[0] = $nomi;
$ritorna[1] = $file;
$ritorna[2] = $esegui;
return $ritorna;
}
function genera_ext () {
global $UTENTE, $DB_ID, $CONF, $FW_conf;
$query = " SELECT $query = " SELECT
firewall_versoesterno_regole.id, firewall_versoesterno_regole.id,
@@ -70,10 +156,8 @@ function genera_ext () {
firewall_versoesterno.ext_port, firewall_versoesterno.ext_port,
proxy_pool.ip AS int_ip, proxy_pool.ip AS int_ip,
firewall_macchine_ext.ip AS ext_ip firewall_macchine_ext.ip AS ext_ip
FROM FROM
firewall_versoesterno_regole firewall_versoesterno_regole
JOIN JOIN
firewall_versoesterno firewall_versoesterno
ON ON
@@ -90,8 +174,6 @@ function genera_ext () {
firewall_macchine_ext firewall_macchine_ext
ON ON
firewall_versoesterno.id_firewall_macchine_ext = firewall_macchine_ext.id firewall_versoesterno.id_firewall_macchine_ext = firewall_macchine_ext.id
WHERE WHERE
firewall_versoesterno_regole.attivo = 1 firewall_versoesterno_regole.attivo = 1
AND AND
@@ -162,18 +244,14 @@ function genera_ext () {
$regola .= "sudo iptables -I FORWARD -j REGOLA-U$id"; $regola .= "sudo iptables -I FORWARD -j REGOLA-U$id";
$esegui['REGOLA-U'.$id] = $regola; $esegui['REGOLA-U'.$id] = $regola;
} }
$ritorna[0] = $nomi; $ritorna[0] = $nomi;
$ritorna[1] = $file; $ritorna[1] = $file;
$ritorna[2] = $esegui; $ritorna[2] = $esegui;
return $ritorna; return $ritorna;
} }
function elimina ($cerca) { function elimina ($cerca) {
exec ("sudo iptables -nL FORWARD --line-numbers | grep $cerca", $ritorno); exec ("sudo iptables -nL FORWARD --line-numbers | grep $cerca", $ritorno);
foreach (array_reverse($ritorno) as $riga) { foreach (array_reverse($ritorno) as $riga) {
$pezzi = explode (" " , $riga); $pezzi = explode (" " , $riga);
@@ -183,4 +261,28 @@ function elimina ($cerca) {
} }
} }
function azzera () {
global $UTENTE, $DB_ID, $CONF, $FW_conf;
$query = " UPDATE
firewall_versoesterno_regole
SET
stato = 0,
modifica = NOW()
WHERE
stato = 1
";
$res = mysql_query( $query, $DB_ID );
$query = " UPDATE
firewall_versointerno_regole
SET
stato = 0,
modifica = NOW()
WHERE
stato = 1
";
$res = mysql_query( $query, $DB_ID );
}
?> ?>

148
firewall/firewall_regole_versointerno.php Executable file
View File

@@ -0,0 +1,148 @@
<?php
include_once ("../core/config.php");
$UTENTE = login();
$DIRITTI = diritti('Admin');
view_top();
if (isset($_POST['id_utenti'])) {
$id_utenti = $_POST['id_utenti'];
$id_macchine = $_POST['id_macchine'];
if (isset($_POST['perm'])) {
$perm = $_POST['perm'];
} else {
$perm = 0;
}
$query = " INSERT INTO
firewall_versointerno_regole
SET
id_utenti = $id_utenti,
id_firewall_versointerno = $id_macchine,
permanente = $perm,
data = NOW(),
attivo = 1
";
$res = mysql_query( $query, $DB_ID );
}
$query = " SELECT
utenti.id,
utenti.utente
FROM
utenti
JOIN
permessi
ON
permessi.id_utenti = utenti.id
JOIN
livelli
ON
livelli.nome = 'Utente'
AND
permessi.accesso <= livelli.livello
WHERE
permessi.id_moduli = ".$MODULO['id']."
AND
utenti.attivo = 1
ORDER BY
utente
";
$res_utenti = mysql_query( $query, $DB_ID );
$query = " SELECT
firewall_versointerno.id,
firewall_versointerno.nome
FROM
firewall_versointerno
WHERE
firewall_versointerno.attivo = 1
ORDER BY
nome
";
$res_macchine = mysql_query( $query, $DB_ID );
$tabella = new html (0,"90%",array(3,3,2,15,2,15,2,5,0));
?>
<form name="" method="post">
<tr>
<td colspan=2 class="spazioh"><input type="image" src="<?php print $CONF['base_url'] ?>/img/addresource.png" border="0" alt="Inserisci" /></td>
<td class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="spazioh">
<select name="id_utenti">
<option value="" selected="selected">---</option>
<?php while ($dato = mysql_fetch_array ( $res_utenti )) { ?>
<option value="<?php print $dato['id'] ?>"><?php print $dato['utente'] ?></option>
<?php } ?>
</select>
</td>
<td class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="spazioh">
<select name="id_macchine">
<option value="" selected="selected">---</option>
<?php while ($dato = mysql_fetch_array ( $res_macchine )) { ?>
<option value="<?php print $dato['id'] ?>"><?php print $dato['nome'] ?></option>
<?php } ?>
</select>
</td>
<td class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="radio"><input type="checkbox" name="perm" value="1"></td>
<td class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
</tr>
</form>
<?php
$query = " SELECT
firewall_versointerno_regole.id,
utenti.utente,
firewall_versointerno.nome,
firewall_versointerno_regole.permanente,
firewall_versointerno_regole.attivo
FROM
firewall_versointerno_regole
JOIN
utenti
ON
firewall_versointerno_regole.id_utenti = utenti.id
JOIN
firewall_versointerno
ON
firewall_versointerno_regole.id_firewall_versointerno = firewall_versointerno.id
ORDER BY
utenti.utente,
firewall_versointerno.nome
";
$res = mysql_query( $query, $DB_ID );
while ($dato = mysql_fetch_array ( $res )) {
?>
<tr>
<td rowspan=2 class="col3btn">
<?php if ($dato['attivo']) { ?>
<a href="firewall_gest.php?azione=regolaversoext_down&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/attivo.gif" ALT="Utente attivo" TITLE="Utente attivo"></a>
<?php } else { ?>
<a href="firewall_gest.php?azione=regolaversoext_up&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/non_attivo.gif" ALT="Utente non attivo" TITLE="Utente non attivo"></a>
<?php } ?>
</td>
<td rowspan=2 class="spazioh"><a href="firewall_gest.php?azione=regolaversoext_rm&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/trash.png"></a></td>
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="descrizione">Utenza</td>
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="descrizione">Regola</td>
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="radio">Perm</td>
<td rowspan=2 rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
</td>
</tr>
<tr>
<td class="textl"><?php print $dato['utente'] ?></td>
<td class="textl"><?php print $dato['nome'] ?></td>
<td class="textc"><?php if ($dato['permanente']) print "Si"; else print "No"; ?></td>
</tr>
<?php
$tabella->riga();
}
$tabella->close();
view_footer();
?>

192
firewall/firewall_regoleinterno.php Executable file
View File

@@ -0,0 +1,192 @@
<?php
include_once ("../core/config.php");
$UTENTE = login();
$DIRITTI = diritti('Admin');
view_top();
$FW_conf = carica_conf ("Firewall");
if (isset($_POST['nome'])) {
$nome = $_POST['nome'];
$vpn_id = $_POST['vpn_id'];
$fw_port = $_POST['fw_port'];
$int_id = $_POST['int_id'];
$int_port = $_POST['int_port'];
$proto = $_POST['proto'];
$query = " INSERT INTO
firewall_versointerno
SET
nome = '$nome',
id_firewall_vpn = $vpn_id,
fw_port = $fw_port,
id_firewall_macchine = $int_id,
int_port = $int_port,
proto = '$proto',
data = NOW(),
attivo = 1
";
$res = mysql_query( $query, $DB_ID );
}
$query = " SELECT
firewall_macchine.id,
proxy_pool.ip,
proxy_pool.nome
FROM
firewall_macchine
JOIN
proxy_pool
ON
firewall_macchine.id_proxy_pool = proxy_pool.id
ORDER BY
-nome DESC,
INET_ATON(ip) ASC
";
$res_macchine = mysql_query( $query, $DB_ID );
$query = " SELECT
id,
utenza,
ip,
tipo
FROM
firewall_vpn
WHERE
attivo = 1
ORDER BY
-utenza DESC,
INET_ATON(ip) ASC
";
$res_vpn = mysql_query( $query, $DB_ID );
$query = " SELECT
fw_port
FROM
firewall_versointerno
";
$res_ip = mysql_query( $query, $DB_ID );
while( $row = mysql_fetch_assoc( $res_ip) ) { $listaportefw[] = $row['fw_port']; }
$tabella = new html (0,"90%",array(3,3,2,15,2,15,5,2,15,5,2,5,2,15,0));
?>
<form name="" method="post">
<tr>
<td rowspan=2 colspan=2 class="spazioh"><input type="image" src="<?php print $CONF['base_url'] ?>/img/addresource.png" border="0" alt="Inserisci" /></td>
<td rowspan=2 class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="descrizione">Nome regola</td>
<td rowspan=2 class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="descrizione">VPN</td>
<td class="descrizione_c">Porta FW</td>
<td rowspan=2 class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="descrizione">Macchina interna</td>
<td class="descrizione_c">Porta</td>
<td rowspan=2 class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="descrizione_c">Proto</td>
<td rowspan=2 colspan=3 class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
</tr>
<tr>
<td class="colip"><input type="text" size="14" name="nome"></td>
<td class="colip">
<select name="vpn_id">
<option value="" selected="selected">---</option>
<?php while ($dato = mysql_fetch_array ( $res_vpn )) { ?>
<option value="<?php print $dato['id'] ?>"><?php if ($dato['utenza'] != "") { print $dato['utenza']; } else { print $dato['ip']; } ?></option>
<?php } ?>
</select>
</td>
<td class="colip">
<select name="fw_port">
<option value="" selected="selected">---</option>
<?php for ($i = $FW_conf['FWPort_min']; $i <= $FW_conf['FWPort_max']; $i++ ) {
if (in_array($i, $listaportefw) ) continue; ?>
<option value="<?php print $i ?>"><?php print $i ?></option>
<?php } ?>
</select>
</td>
<td class="colip">
<select name="int_id">
<option value="" selected="selected">---</option>
<?php while ($dato = mysql_fetch_array ( $res_macchine )) { ?>
<option value="<?php print $dato['id'] ?>"><?php if ($dato['nome'] != "") { print $dato['nome']; } else { print $dato['ip']; } ?></option>
<?php } ?>
</select>
</td>
<td class="colip"><input type="text" size="3" name="int_port"></td>
<td class="colip">
<select name="proto">
<option value="" selected="selected">---</option>
<option value="tcp">TCP</option>
<option value="udp">UDP</option>
</select>
</td>
</tr>
</form>
<?php
$tabella->riga();
$query = " SELECT
firewall_versointerno.id,
firewall_versointerno.nome,
firewall_versointerno.proto,
firewall_vpn.utenza,
firewall_vpn.ip AS vpn_ip,
proxy_pool.ip AS int_ip,
proxy_pool.nome AS int_nome,
firewall_versointerno.int_port,
firewall_versointerno.fw_port,
DATE_FORMAT(firewall_versointerno.data, '%d.%m.%Y %H:%i:%s') AS data,
firewall_versointerno.attivo
FROM
firewall_versointerno
JOIN
firewall_macchine
ON
firewall_versointerno.id_firewall_macchine = firewall_macchine.id
JOIN
proxy_pool
ON
firewall_macchine.id_proxy_pool = proxy_pool.id
JOIN
firewall_vpn
ON
firewall_versointerno.id_firewall_vpn = firewall_vpn.id
ORDER BY
firewall_versointerno.nome
";
$res = mysql_query( $query, $DB_ID );
while ($dato = mysql_fetch_array ( $res )) {
?>
<tr>
<td rowspan=2 class="col3btn">
<?php if ($dato['attivo']) { ?>
<a href="firewall_gest.php?azione=regolaint_down&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/attivo.gif" ALT="Regola attiva" TITLE="Regola attiva"></a>
<?php } else { ?>
<a href="firewall_gest.php?azione=regolaint_up&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/non_attivo.gif" ALT="Regola non attiva" TITLE="Regola non attiva"></a>
<?php } ?>
</td>
<td rowspan=2 class="spazioh"><a href="firewall_gest.php?azione=regolaint_rm&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/trash.png"></a></td>
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td rowspan=2 class="descrizione"><?php print $dato['nome'] ?></td>
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="descrizione"><?php print $dato['utenza'] ?></td>
<td rowspan=2 class="descrizione_c"><?php print $dato['fw_port'] ?></td>
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="descrizione"><?php print $dato['int_nome'] ?></td>
<td rowspan=2 class="descrizione_c"><?php print $dato['int_port'] ?></td>
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td rowspan=2 class="descrizione_c"><?php print $dato['proto'] ?></td>
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td rowspan=2 class="descrizione"><?php print $dato['data'] ?></td>
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
</td>
</tr>
<tr>
<td class="textl"><?php print $dato['vpn_ip'] ?></td>
<td class="textl"><?php print $dato['int_ip'] ?></td>
</tr>
<?php
$tabella->riga();
}
$tabella->close();
view_footer();
?>

6
firewall/firewall_vpn.php
View File

@@ -78,12 +78,12 @@ while ($dato = mysql_fetch_array ( $res )) {
<tr> <tr>
<td rowspan=2 class="col3btn"> <td rowspan=2 class="col3btn">
<?php if ($dato['attivo']) { ?> <?php if ($dato['attivo']) { ?>
<a href="firewall_gest.php?azione=regolaext_down&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/attivo.gif" ALT="Regola attiva" TITLE="Regola attiva"></a> <a href="firewall_gest.php?azione=vpn_down&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/attivo.gif" ALT="VPN attiva" TITLE="VPN attiva"></a>
<?php } else { ?> <?php } else { ?>
<a href="firewall_gest.php?azione=regolaext_up&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/non_attivo.gif" ALT="Regola non attiva" TITLE="Regola non attiva"></a> <a href="firewall_gest.php?azione=vpn_up&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/non_attivo.gif" ALT="VPN non attiva" TITLE="VPN non attiva"></a>
<?php } ?> <?php } ?>
</td> </td>
<td rowspan=2 class="spazioh"><a href="firewall_gest.php?azione=regolaext_rm&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/trash.png"></a></td> <td rowspan=2 class="spazioh"><a href="firewall_gest.php?azione=vpn_rm&id=<?php print $dato['id']?>"><img src="<?php print $CONF['base_url'] ?>/img/trash.png"></a></td>
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td> <td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td rowspan=2 class="descrizione"><?php print $dato['utenza'] ?></td> <td rowspan=2 class="descrizione"><?php print $dato['utenza'] ?></td>
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td> <td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>

277
firewall/index.php
View File

@@ -5,83 +5,234 @@ $UTENTE = login();
$DIRITTI = diritti('Utente'); $DIRITTI = diritti('Utente');
view_top(); view_top();
if (isset($_POST['utente'])) { if (isset($_POST['regola'])) {
$utente = $_POST['utente']; $utente = $_POST['utente'];
$modificato = 0; $modificato = 0;
$old = $new = array(); $old = $new = array();
foreach ($_POST as $id => $valore) { foreach ($_POST as $id => $valore) {
if (preg_match ("/^new-(\d+)/", $id, $ris)) $new[$ris[1]] = $valore; if (preg_match ("/^new-(\d+)/", $id, $ris)) $new[$ris[1]] = $valore;
if (preg_match ("/^old-(\d+)/", $id, $ris)) $old[$ris[1]] = $valore; if (preg_match ("/^old-(\d+)/", $id, $ris)) $old[$ris[1]] = $valore;
} }
foreach ($new as $id => $valore) { if ($_POST['regola'] == "intext") {
if ($new[$id] == $old[$id]) continue; foreach ($new as $id => $valore) {
if ($new[$id] == $old[$id]) continue;
$modificato = 1;
if ($valore >1) $modificato = 1;
$stato = 1; if ($valore >1)
else $stato = 1;
$stato = $valore; else
$stato = $valore;
$query = " SELECT
firewall_versoesterno_regole.id_firewall_versoesterno $query = " SELECT
FROM firewall_versoesterno_regole.id_firewall_versoesterno
FROM
firewall_versoesterno_regole firewall_versoesterno_regole
WHERE WHERE
firewall_versoesterno_regole.id = $id firewall_versoesterno_regole.id = $id
"; ";
$res = mysql_query( $query, $DB_ID ); $res = mysql_query( $query, $DB_ID );
$dato = mysql_fetch_array ( $res ); $dato = mysql_fetch_array ( $res );
$query = " UPDATE $query = " UPDATE
firewall_versoesterno_regole firewall_versoesterno_regole
SET SET
stato = $valore, stato = $valore,
modifica = NOW() modifica = NOW()
WHERE WHERE
id_firewall_versoesterno = ".$dato['id_firewall_versoesterno']; id_firewall_versoesterno = ".$dato['id_firewall_versoesterno'];
$res = mysql_query( $query, $DB_ID ); $res = mysql_query( $query, $DB_ID );
$query = " INSERT INTO $query = " INSERT INTO
firewall_logs firewall_logs
SET SET
id_utenti = ".$UTENTE['id'].", id_utenti = ".$UTENTE['id'].",
tabella = 'versoesterno', tabella = 'versoesterno',
id_regole = $id, id_regole = $id,
stato = $valore, stato = $valore,
data = NOW() data = NOW()
"; ";
$res = mysql_query( $query, $DB_ID ); $res = mysql_query( $query, $DB_ID );
}
} } else if ($_POST['regola'] == "extint") {
foreach ($new as $id => $valore) {
if ($new[$id] == $old[$id]) continue;
$modificato = 1;
if ($valore >1)
$stato = 1;
else
$stato = $valore;
$query = " SELECT
firewall_versointerno_regole.id_firewall_versointerno
FROM
firewall_versointerno_regole
WHERE
firewall_versointerno_regole.id = $id
";
$res = mysql_query( $query, $DB_ID );
$dato = mysql_fetch_array ( $res );
$query = " UPDATE
firewall_versointerno_regole
SET
stato = $valore,
modifica = NOW()
WHERE
id_firewall_versointerno = ".$dato['id_firewall_versointerno'];
$res = mysql_query( $query, $DB_ID );
$query = " INSERT INTO
firewall_logs
SET
id_utenti = ".$UTENTE['id'].",
tabella = 'versointerno',
id_regole = $id,
stato = $valore,
data = NOW()
";
$res = mysql_query( $query, $DB_ID );
}
}
if ($modificato) genera(); if ($modificato) genera();
} }
$tabella = new html (0,"90%",array(15,2,20,2,5,0)); $tabella = new html (0,"90%",array(15,2,30,2,5,0));
?> ?>
<form name="" method="post"> <form name="" method="post">
<input type="hidden" name="utente" value="<?php print $UTENTE['id'] ?>"> <input type="hidden" name="utente" value="<?php print $UTENTE['id'] ?>">
<input type="hidden" name="regola" value="extint">
<tr> <tr>
<td><input type="submit" value="Applica"></td> <td><input type="submit" value="Applica"></td>
<td colspan="7" class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td> <td colspan="1" class="spazioh"></td>
<td colspan="3" class="descrizione_c">Regole Esterno -> Interno</td>
<td colspan="1" class="spazioh"></td>
</tr> </tr>
<?php <?php
$tabella->riga (); $tabella->riga (10);
$query = " SELECT
firewall_versointerno_regole.id,
firewall_versointerno_regole.permanente,
firewall_versointerno_regole.stato,
firewall_versointerno.nome,
firewall_versointerno.int_port,
firewall_versointerno.fw_port,
firewall_versointerno.proto,
proxy_pool.nome AS int_nome,
proxy_pool.ip AS int_ip,
firewall_vpn.utenza,
firewall_vpn.ip AS vpn_ip
FROM
firewall_versointerno_regole
JOIN
firewall_versointerno
ON
firewall_versointerno_regole.id_firewall_versointerno = firewall_versointerno.id
JOIN
firewall_macchine
ON
firewall_versointerno.id_firewall_macchine = firewall_macchine.id
JOIN
proxy_pool
ON
firewall_macchine.id_proxy_pool = proxy_pool.id
JOIN
firewall_vpn
ON
firewall_versointerno.id_firewall_vpn = firewall_vpn.id
JOIN
utenti
ON
firewall_versointerno_regole.id_utenti = utenti.id
AND
utenti.id = ".$UTENTE['id']."
WHERE
firewall_versointerno_regole.attivo = 1
ORDER BY
firewall_versointerno.nome
";
$res = mysql_query( $query, $DB_ID );
while ($dato = mysql_fetch_array ( $res )) { ?>
<tr>
<td rowspan=2 class="textl">
<input type="hidden" name="old-<?php print $dato['id'] ?>" value="<?php print $dato['stato'] ?>">
<select name="new-<?php print $dato['id'] ?>">
<option value="0" <?php if ($dato['stato'] == 0 ) print "selected" ?>>Disattivo</option>
<option value="1" <?php if ($dato['stato'] == 1 ) print "selected" ?>>Attivo</option>
<?php if ($dato['permanente']) { ?>
<option value="2" <?php if ($dato['stato'] == 2 ) print "selected" ?>>Permanente</option>
<?php } ?>
</select>
</td>
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="descrizione">Regola</td>
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td class="radio">Perm</td>
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
</tr>
<tr>
<td class="textl"><?php
print $dato['nome'].": ";
print $dato['utenza'];
print ":".$dato['fw_port']." -> ";
if ($dato['int_nome'] != "") {
print $dato['int_nome'];
} else {
print $dato['int_ip'];
}
print ":".$dato['fw_port']." (".$dato['proto'].")";;
?></td>
<td class="textc"><?php if ($dato['permanente']) print "Si"; else print "No"; ?></td>
</tr>
<?php
$tabella->riga (5);
} ?>
</form>
<?php $tabella->riga (30) ?>
<form name="" method="post">
<input type="hidden" name="utente" value="<?php print $UTENTE['id'] ?>">
<input type="hidden" name="regola" value="intext">
<tr>
<td><input type="submit" value="Applica"></td>
<td colspan="1" class="spazioh"></td>
<td colspan="3" class="descrizione_c">Regole Interno -> Esterno</td>
<td colspan="1" class="spazioh"></td>
</tr>
<?php
$tabella->riga (10);
$query = " SELECT $query = " SELECT
firewall_versoesterno_regole.id, firewall_versoesterno_regole.id,
firewall_versoesterno_regole.stato, firewall_versoesterno_regole.stato,
firewall_versoesterno.nome, firewall_versoesterno.nome,
firewall_versoesterno_regole.permanente firewall_versoesterno.int_port,
firewall_versoesterno.ext_port,
firewall_versoesterno.proto,
firewall_versoesterno_regole.permanente,
proxy_pool.nome AS int_nome,
proxy_pool.ip AS int_ip,
firewall_macchine_ext.nome AS ext_nome,
firewall_macchine_ext.ip AS ext_ip
FROM FROM
firewall_versoesterno_regole firewall_versoesterno_regole
JOIN
firewall_versoesterno
ON
firewall_versoesterno_regole.id_firewall_versoesterno = firewall_versoesterno.id
JOIN
firewall_macchine
ON
firewall_versoesterno.id_firewall_macchine = firewall_macchine.id
JOIN
proxy_pool
ON
firewall_macchine.id_proxy_pool = proxy_pool.id
JOIN JOIN
utenti utenti
ON ON
@@ -89,9 +240,9 @@ $query = " SELECT
AND AND
utenti.id = ".$UTENTE['id']." utenti.id = ".$UTENTE['id']."
JOIN JOIN
firewall_versoesterno firewall_macchine_ext
ON ON
firewall_versoesterno_regole.id_firewall_versoesterno = firewall_versoesterno.id firewall_versoesterno.id_firewall_macchine_ext = firewall_macchine_ext.id
WHERE WHERE
firewall_versoesterno_regole.attivo = 1 firewall_versoesterno_regole.attivo = 1
ORDER BY ORDER BY
@@ -119,12 +270,32 @@ while ($dato = mysql_fetch_array ( $res )) {
<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td> <td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
</tr> </tr>
<tr> <tr>
<td class="textl"><?php print $dato['nome'] ?></td> <td class="textl"><?php
print $dato['nome'].": ";
if ($dato['int_nome'] != "") {
print $dato['int_nome'];
} else {
print $dato['int_ip'];
}
print ":".$dato['int_port']." -> ";
if ($dato['ext_nome'] != "") {
print $dato['ext_nome'];
} else {
print $dato['ext_ip'];
}
print ":".$dato['ext_port']." (".$dato['proto'].")";;
?></td>
<td class="textc"><?php if ($dato['permanente']) print "Si"; else print "No"; ?></td> <td class="textc"><?php if ($dato['permanente']) print "Si"; else print "No"; ?></td>
</tr> </tr>
<?php <?php
$tabella->riga (); $tabella->riga (5);
} ?> } ?>
</form> </form>
<?php <?php
$tabella->close (); $tabella->close ();

18
firewall/tmp/fw.new
View File

@@ -1,19 +1,20 @@
fw_custom_after_chain_creation() { fw_custom_after_chain_creation() {
# REGOLE DINAMICHE # REGOLE DINAMICHE
### START REGOLA-U1 PERMANENTE ### ### START REGOLA-U1 PERMANENTE ###
iptables -N REGOLA-U1 iptables -N REGOLA-U1
iptables -I REGOLA-U1 -p tcp -o -s 192.168.1.1 --sport 25 -d 151.1.219.70 --dport 443 -j ACCEPT iptables -I REGOLA-U1 -p tcp -o -s 192.168.1.1 --sport 25 -d 151.1.219.70 --dport 443 -j ACCEPT
iptables -I REGOLA-U1 -p tcp -i -d 192.168.1.1 --dport 25 -s 151.1.219.70 --sport 443 -j ACCEPT iptables -I REGOLA-U1 -p tcp -i -d 192.168.1.1 --dport 25 -s 151.1.219.70 --sport 443 -j ACCEPT
iptables -I FORWARD -j REGOLA-U1 iptables -I FORWARD -j REGOLA-U1
### STOP REGOLA-U1 PERMANENTE ### ### STOP REGOLA-U1 PERMANENTE ###
### START REGOLA-U3 ### ### START REGOLA-I1 PERMANENTE ###
iptables -N REGOLA-U3 iptables -I PREROUTING -t nat -p tcp -i --dport 3056 -j DNAT --to 192.168.1.2:3306
iptables -I REGOLA-U3 -p udp -o -s 192.168.1.3 --sport 45 -d 151.1.219.70 --dport 6754 -j ACCEPT iptables -N REGOLA-I1
iptables -I REGOLA-U3 -p udp -i -d 192.168.1.3 --dport 45 -s 151.1.219.70 --sport 6754 -j ACCEPT iptables -I REGOLA-I1 -p tcp -i -s 10.10.40.9 -d 192.168.1.2 --dport 3306 -j ACCEPT
iptables -I FORWARD -j REGOLA-U3 iptables -I REGOLA-I1 -p tcp -o -d 10.10.40.9 -s 192.168.1.2 --sport 3306 -j ACCEPT
### STOP REGOLA-U3 ### iptables -I FORWARD -j REGOLA-I1
# FINE REGOLE DINAMICHE ### STOP REGOLA-I1 PERMANENTE ###
# FINE REGOLE DINAMICHE
@@ -39,3 +40,4 @@ fw_custom_after_finished() {
true true
} }