diff options
| -rwxr-xr-x | perl-install/standalone/draknet | 4 | ||||
| -rw-r--r-- | perl-install/tinyfirewall.pm | 156 |
2 files changed, 59 insertions, 101 deletions
diff --git a/perl-install/standalone/draknet b/perl-install/standalone/draknet index 722502cfa..cb077ccf4 100755 --- a/perl-install/standalone/draknet +++ b/perl-install/standalone/draknet @@ -18,15 +18,11 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -#use Data::Dumper; - use lib qw(/usr/lib/libDrakX); use interactive; use standalone; use netconnect; -#use common qw(:common :file :functional :system); -#use my_gtk; use c; my $xpm_path="/usr/share/libDrakX/pixmaps"; diff --git a/perl-install/tinyfirewall.pm b/perl-install/tinyfirewall.pm index 4ff57387c..5d6d55437 100644 --- a/perl-install/tinyfirewall.pm +++ b/perl-install/tinyfirewall.pm @@ -8,7 +8,6 @@ use run_program; use netconnect; use network; use my_gtk qw(:helpers :wrappers); -use Data::Dumper; my @messages = (_("tinyfirewall configurator @@ -105,7 +104,6 @@ sub ReadConfig $default_config_file ||= "/usr/share/Bastille/bastille-firewall.cfg"; -e $config_file or cp($default_config_file, $config_file); add2hash(\%settings, { getVarsFromSh("$config_file") }); - print Data::Dumper->Dump ( [%settings], ["plop"]) . "\n"; } my $GetNetworkInfo = sub { @@ -128,24 +126,27 @@ my $GetNetworkInfo = sub { map { my $i=$_; my $f=$i; $f=~s/[0-9]+/\\\+/; if_(and_( map {$settings{$_} !~ /$i/ and $settings{$_} !~ /$f/ } ('TRUSTED_IFACES', 'PUBLIC_IFACES', 'INTERNAL_IFACES')), $i) } (@interfaces) )); - print Data::Dumper->Dump ( [%settings], ["plop"]) . "\n"; }; sub DoInterface { my ($in)=@_; $::isWizard=1; + my $popimapno = sub { $_[0] or return; mapn { $settings{$_->[0]} = $_->[1] } ( +[ qw(FORCE_PASV_FTP TCP_BLOCKED_SERVICES UDP_BLOCKED_SERVICES ICMP_ALLOWED_TYPES ENABLE_SRC_ADDR_VERIFY IP_MASQ_NETWORK IP_MASQ_MODULES REJECT_METHOD) ] , +[ "N", "6000:6020", "2049", "destination-unreachable echo-reply time-exceeded" , "Y", "", "", "DENY"; ]); } my @struct = ( [$GetNetworkInfo], [], - [undef , undef, undef, "http no", "http yes", ["tcp", "80"], ["tcp", "443"]], - [undef , undef, undef, "dns no", "dns yes", ["tcp", "53"], ["udp", "53"]], - [undef , undef, undef, "ssh no", "ssh yes", ["tcp", "22"]], - [undef , undef, undef, "telnet no", "telnet yes", ["tcp", "23"]], - [undef , undef, undef, "ftp no", "ftp yes", ["tcp", "20"],["tcp", "21"]], - [undef , undef, undef, "smtp no", "smtp yes", ["tcp", "25"]], - [undef , undef, undef, "popimap no", "popimap yes", ["tcp", "109"], ["tcp", "110"], ["tcp", "143"]], - [undef , _("No I don't need DHCP"), _("Yes I need DHCP"), "dhcp no", "dhcp yes", [$settings{DHCP_IFACES}]], - [undef , _("No I don't need NTP"), _("Yes I need NTP"), "ntp no", "ntp yes", ] + [undef , undef, undef, undef, ["tcp", "80"], ["tcp", "443"]], + [undef , undef, undef, undef, ["tcp", "53"], ["udp", "53"]], + [undef , undef, undef, undef, ["tcp", "22"]], + [undef , undef, undef, undef, ["tcp", "23"]], + [undef , undef, undef, undef, ["tcp", "20"],["tcp", "21"]], + [undef , undef, undef, undef, ["tcp", "25"]], + [undef , undef, undef, $popimapno, ["tcp", "109"], ["tcp", "110"], ["tcp", "143"]], + [undef , _("No I don't need DHCP"), _("Yes I need DHCP"), , [$settings{DHCP_IFACES}]], + [undef , _("No I don't need NTP"), _("Yes I need NTP"), , ] + [undef , _("Don't Save"), _("Save & Quit"), , , ] ); !Kernel22() and pop @struct, pop @struct; for (my $i=0;$i<@struct;$i++) { @@ -161,10 +162,11 @@ sub DoInterface { my $no = $l->[1] ? $l->[1] : _("No (firewall this off from the internet)"); my $yes = $l->[2] ? $l->[2] : _("Yes (allow this through the firewall)"); if (my $e = $in->ask_from_list(_("Firewall Configuration Wizard"), - $messages[$i], - [ $yes, $no ], or_( map { if_($_, CheckService($_->[0], $_->[1])) } (@$l[5..7])) ? $yes : $no - )) { - WidgetHandler($i, $e =~ /Yes/) + $messages[$i], + [ $yes, $no ], or_( map { if_($_, CheckService($_->[0], $_->[1])) } (@$l[4..6])) ? $yes : $no + )) { + map { if_($_, Service ($e=~/Yes/, $_->[0], $_->[1]) } (@$struct[$i][4..6]); + $struct[$i][3] and $struct[$i][3]->($e=~/Yes/); } else { prev: $i = $i-2 >= -1 ? $i-2 : -1; @@ -172,6 +174,44 @@ sub DoInterface { } } + +sub Service { + my ($add, $protocol, $port) = @_; + if ($add) { + map { $_ eq $port and return } (split (' ', $settings{uc($protocol) . "_PUBLIC_SERVICES"})); + $settings{uc($protocol) . "_PUBLIC_SERVICES"} .= " " . $port; + } else { + $settings{uc($protocol) . "_PUBLIC_SERVICES"} = + join( ' ', map { if_($service ne $port, $service)} (split (' ', $settings{uc($protocol) . "_PUBLIC_SERVICES"})) ); + } +} + +sub AddService +####################### +## adds a port to [TCP|UDP]_PUBLIC_SERVICES if it's not already there +{ + + my @old_services; + + + foreach my $service (@old_services) + { + $port_active = 1 if ($service eq $port); + } + + $settings{TCP_PUBLIC_SERVICES} .= " " + if ($settings{TCP_PUBLIC_SERVICES} and ($protocol eq "tcp") and (!$port_active)); + + $settings{UDP_PUBLIC_SERVICES} .= " " + if ($settings{UDP_PUBLIC_SERVICES} and ($protocol eq "udp") and (!$port_active)); + + $settings{TCP_PUBLIC_SERVICES} .= $port + if (!$port_active and ($protocol eq "tcp")); + + $settings{UDP_PUBLIC_SERVICES} .= $port + if (!$port_active and ($protocol eq "udp")); +} + sub WidgetHandler { my ($i, $e)=@_; @@ -191,88 +231,10 @@ sub WidgetHandler { return 0; } - if ($togglebutton->active) - { - if ($data eq "http no") - { - RemoveService ("tcp", "80"); - RemoveService ("tcp", "443"); - } - - elsif ($data eq "http yes") - { - AddService ("tcp", "80"); - AddService ("tcp", "443"); - } - - elsif ($data eq "dns no") - { - RemoveService ("tcp", "53"); - RemoveService ("udp", "53"); - } - - elsif ($data eq "dns yes") - { - AddService ("tcp", "53"); - AddService ("udp", "53"); - } - elsif ($data eq "ssh no") - { - RemoveService ("tcp", "22"); - } - elsif ($data eq "ssh yes") - { - AddService ("tcp", "22"); - } - elsif ($data eq "telnet no") - { - RemoveService ("tcp", "23"); - } - elsif ($data eq "telnet yes") - { - AddService ("tcp", "23"); - } - elsif ($data eq "ftp no") - { - RemoveService ("tcp", "20"); - RemoveService ("tcp", "21"); - } - elsif ($data eq "ftp yes") - { - AddService ("tcp", "20"); - AddService ("tcp", "21"); - } - elsif ($data eq "smtp no") - { - RemoveService ("tcp", "25"); - } - elsif ($data eq "smtp yes") - { - AddService ("tcp", "25"); - } - elsif ($data eq "popimap no") - { - RemoveService ("tcp", "109"); - RemoveService ("tcp", "110"); - RemoveService ("tcp", "143"); + [undef , _("No I don't need DHCP"), _("Yes I need DHCP"), "dhcp no", "dhcp yes", [$settings{DHCP_IFACES}]], + [undef , _("No I don't need NTP"), _("Yes I need NTP"), "ntp no", "ntp yes", ] + [undef , _("Don't Save"), _("Save & Quit"), , , ] - - } - elsif ($data eq "popimap yes") - { - AddService ("tcp", "109"); - AddService ("tcp", "110"); - AddService ("tcp", "143"); - - $settings{FORCE_PASV_FTP} = "N"; - $settings{TCP_BLOCKED_SERVICES} = "6000:6020"; - $settings{UDP_BLOCKED_SERVICES} = "2049"; - $settings{ICMP_ALLOWED_TYPES} = "destination-unreachable echo-reply time-exceeded"; - $settings{ENABLE_SRC_ADDR_VERIFY} = "Y"; - $settings{IP_MASQ_NETWORK} = ""; - $settings{IP_MASQ_MODULES} = ""; - $settings{REJECT_METHOD} = "DENY"; - } elsif ($data eq "dhcp yes") { return if $settings{DHCP_IFACES}; # variable already has something |