diff options
-rw-r--r-- | etc/inc/config.inc | 4 | ||||
-rw-r--r-- | etc/inc/filter.inc | 4 | ||||
-rw-r--r-- | etc/inc/functions.inc | 15 | ||||
-rw-r--r-- | etc/inc/interfaces.inc | 308 | ||||
-rw-r--r-- | etc/inc/vpn.inc | 4 | ||||
-rwxr-xr-x | usr/local/www/diag_logs.php | 26 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_out_edit.php | 88 | ||||
-rwxr-xr-x | usr/local/www/vpn_ipsec.php | 6 | ||||
-rwxr-xr-x | usr/local/www/vpn_ipsec_edit.php | 6 |
9 files changed, 239 insertions, 222 deletions
diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 58202aa..1bc8c16 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -1,8 +1,10 @@ <?php /* config.inc - part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2004 Scott Ullrich + All rights reserved. + originally part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index db99cee..d1c95c9 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1,8 +1,10 @@ <?php /* filter.inc - part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2004 Scott Ullrich + All rights reserved. + originally part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. diff --git a/etc/inc/functions.inc b/etc/inc/functions.inc index d450dbb..0aaa828 100644 --- a/etc/inc/functions.inc +++ b/etc/inc/functions.inc @@ -1,21 +1,23 @@ <?php /* functions.inc - part of m0n0wall (http://m0n0.ch/wall) - + Copyright (C) 2004 Scott Ullrich + All rights reserved. + + originally part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -33,7 +35,6 @@ require_once("system.inc"); require_once("interfaces.inc"); require_once("services.inc"); require_once("filter.inc"); -/* require_once("shaper.inc"); */ require_once("vpn.inc"); require_once("captiveportal.inc"); require_once("openvpn.inc"); diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 00331c1..c05e947 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1,21 +1,23 @@ <?php /* interfaces.inc - part of m0n0wall (http://m0n0.ch/wall) - + Copyright (C) 2004 Scott Ullrich + All rights reserved. + + originally part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -35,73 +37,73 @@ function interfaces_loopback_configure() { global $config, $g; mwexec("/sbin/ifconfig lo0 127.0.0.1"); - + return 0; } function interfaces_vlan_configure() { global $config, $g; - + if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) { - + /* load the VLAN module */ mwexec("/sbin/kldload if_vlan"); - + /* devices with native VLAN support */ $vlan_native_supp = explode(" ", "bge em gx nge ti txp"); - + /* devices with long frame support */ $vlan_long_supp = explode(" ", "dc fxp sis ste tl tx xl"); - + $i = 0; - + foreach ($config['vlans']['vlan'] as $vlan) { - - $cmd = "/sbin/ifconfig vlan{$i} create vlan " . - escapeshellarg($vlan['tag']) . " vlandev " . + + $cmd = "/sbin/ifconfig vlan{$i} create vlan " . + escapeshellarg($vlan['tag']) . " vlandev " . escapeshellarg($vlan['if']); - + /* get driver name */ for ($j = 0; $j < strlen($vlan['if']); $j++) { if ($vlan['if'][$j] >= '0' && $vlan['if'][$j] <= '9') break; } $drvname = substr($vlan['if'], 0, $j); - + if (in_array($drvname, $vlan_native_supp)) $cmd .= " link0"; else if (in_array($drvname, $vlan_long_supp)) $cmd .= " mtu 1500"; - + mwexec($cmd); - + /* make sure the parent interface is up */ mwexec("/sbin/ifconfig " . escapeshellarg($vlan['if']) . " up"); - + $i++; } } - + return 0; } function interfaces_lan_configure() { global $config, $g; - + if ($g['booting']) echo "Configuring LAN interface... "; - + $lancfg = $config['interfaces']['lan']; - + /* wireless configuration? */ if (is_array($lancfg['wireless'])) interfaces_wireless_configure($lancfg['if'], $lancfg['wireless']); - + /* MAC spoofing? */ if ($lancfg['spoofmac']) - mwexec("/sbin/ifconfig " . escapeshellarg($lancfg['if']) . + mwexec("/sbin/ifconfig " . escapeshellarg($lancfg['if']) . " link " . escapeshellarg($lancfg['spoofmac'])); - + /* media */ if ($lancfg['media'] || $lancfg['mediaopt']) { $cmd = "/sbin/ifconfig " . escapeshellarg($lancfg['if']); @@ -111,115 +113,115 @@ function interfaces_lan_configure() { $cmd .= " mediaopt " . escapeshellarg($lancfg['mediaopt']); mwexec($cmd); } - - mwexec("/sbin/ifconfig " . escapeshellarg($lancfg['if']) . " " . + + mwexec("/sbin/ifconfig " . escapeshellarg($lancfg['if']) . " " . escapeshellarg($lancfg['ipaddr'] . "/" . $lancfg['subnet'])); - + if (!$g['booting']) { /* make new hosts file */ system_hosts_generate(); - + /* reconfigure static routes (kernel may have deleted them) */ system_routing_configure(); - + /* reload ipfilter (address may have changed) */ filter_configure(); - + /* reload shaper (subnet may have changed) */ shaper_configure(); - + /* reload IPsec tunnels */ vpn_ipsec_configure(); - + /* reload dhcpd (gateway may have changed) */ services_dhcpd_configure(); - + /* reload dnsmasq */ services_dnsmasq_configure(); - + /* reload webgui */ system_webgui_start(); - + /* reload captive portal */ captiveportal_configure(); } - + if ($g['booting']) echo "done\n"; - + return 0; } function interfaces_optional_configure() { global $config, $g; global $bridgeconfig; - + /* Reset bridge configuration. Interfaces will add to it. */ $bridgeconfig = ""; - + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { interfaces_optional_configure_if($i); } - + if ($bridgeconfig) { /* Set the system bridge configuration and enable bridging. */ mwexec("/sbin/sysctl net.link.ether.bridge_cfg=" . $bridgeconfig); - + if (isset($config['bridge']['filteringbridge'])) mwexec("/sbin/sysctl net.link.ether.bridge_ipf=1"); - + mwexec("/sbin/sysctl net.link.ether.bridge=1"); } else { mwexec("/sbin/sysctl net.link.ether.bridge_ipf=0"); mwexec("/sbin/sysctl net.link.ether.bridge=0"); } - + if (!$g['booting']) { /* reconfigure static routes (kernel may have deleted them) */ system_routing_configure(); - + /* reload ipfilter (address may have changed) */ filter_configure(); - + /* reload shaper (address may have changed) */ shaper_configure(); - + /* reload IPsec tunnels */ vpn_ipsec_configure(); - + /* reload dhcpd (interface enabled/disabled/bridged status may have changed) */ services_dhcpd_configure(); - + /* restart dnsmasq */ services_dnsmasq_configure(); } - + return 0; } function interfaces_optional_configure_if($opti) { global $config, $g; global $bridgeconfig; - + $optcfg = $config['interfaces']['opt' . $opti]; - + if ($g['booting']) { $optdescr = ""; if ($optcfg['descr']) $optdescr = " ({$optcfg['descr']})"; echo "Configuring OPT{$opti}{$optdescr} interface... "; } - + if (isset($optcfg['enable'])) { /* wireless configuration? */ if (is_array($optcfg['wireless'])) interfaces_wireless_configure($optcfg['if'], $optcfg['wireless']); - + /* MAC spoofing? */ if ($optcfg['spoofmac']) - mwexec("/sbin/ifconfig " . escapeshellarg($optcfg['if']) . + mwexec("/sbin/ifconfig " . escapeshellarg($optcfg['if']) . " link " . escapeshellarg($optcfg['spoofmac'])); - + /* media */ if ($optcfg['media'] || $optcfg['mediaopt']) { $cmd = "/sbin/ifconfig " . escapeshellarg($optcfg['if']); @@ -229,53 +231,53 @@ function interfaces_optional_configure_if($opti) { $cmd .= " mediaopt " . escapeshellarg($optcfg['mediaopt']); mwexec($cmd); } - + /* OpenVPN configuration? */ if (isset($optcfg['ovpn'])) { if (strstr($if, "tap")) ovpn_link_tap(); } - + /* bridged? */ if ($optcfg['bridge']) { - mwexec("/sbin/ifconfig " . escapeshellarg($optcfg['if']) . + mwexec("/sbin/ifconfig " . escapeshellarg($optcfg['if']) . " delete up"); - + if ($bridgeconfig != "") $bridgeconfig .= ","; - + $bridgeconfig .= $optcfg['if'] . ":" . $opti . "," . $config['interfaces'][$optcfg['bridge']]['if'] . ":" . $opti; } else { - mwexec("/sbin/ifconfig " . escapeshellarg($optcfg['if']) . " " . + mwexec("/sbin/ifconfig " . escapeshellarg($optcfg['if']) . " " . escapeshellarg($optcfg['ipaddr'] . "/" . $optcfg['subnet'])); } } else { - mwexec("/sbin/ifconfig " . escapeshellarg($optcfg['if']) . + mwexec("/sbin/ifconfig " . escapeshellarg($optcfg['if']) . " delete down"); } - + if ($g['booting']) echo "done\n"; - + return 0; } function interfaces_wireless_configure($if, $wlcfg) { global $config, $g; - + /* wireless configuration */ - $ifcargs = escapeshellarg($if) . - " ssid " . escapeshellarg($wlcfg['ssid']) . " channel " . + $ifcargs = escapeshellarg($if) . + " ssid " . escapeshellarg($wlcfg['ssid']) . " channel " . escapeshellarg($wlcfg['channel']) . " "; - + if ($wlcfg['stationname']) $ifcargs .= "stationname " . escapeshellarg($wlcfg['stationname']) . " "; - + if (isset($wlcfg['wep']['enable']) && is_array($wlcfg['wep']['key'])) { $ifcargs .= "wepmode on "; - + $i = 1; foreach ($wlcfg['wep']['key'] as $wepkey) { $ifcargs .= "wepkey " . escapeshellarg("{$i}:{$wepkey['value']}") . " "; @@ -287,7 +289,7 @@ function interfaces_wireless_configure($if, $wlcfg) { } else { $ifcargs .= "wepmode off "; } - + switch ($wlcfg['mode']) { case 'hostap': if (strstr($if, "wi")) @@ -308,31 +310,31 @@ function interfaces_wireless_configure($if, $wlcfg) { $ifcargs .= "-mediaopt adhoc "; break; } - + $ifcargs .= "up"; - + mwexec("/sbin/ifconfig " . $ifcargs); - + return 0; } function interfaces_wan_configure() { global $config, $g; - + $wancfg = $config['interfaces']['wan']; - + if ($g['booting']) echo "Configuring WAN interface... "; else { /* kill dhclient */ killbypid("{$g['varrun_path']}/dhclient.pid"); - + /* kill PPPoE client (mpd) */ killbypid("{$g['varrun_path']}/mpd.pid"); - + /* wait for processes to die */ sleep(2); - + /* remove dhclient.conf, if it exists */ if (file_exists("{$g['varetc_path']}/dhclient.conf")) { unlink("{$g['varetc_path']}/dhclient.conf"); @@ -350,19 +352,19 @@ function interfaces_wan_configure() { unlink("{$g['vardb_path']}/wanip"); } } - + /* remove all addresses first */ while (mwexec("/sbin/ifconfig " . escapeshellarg($wancfg['if']) . " -alias") == 0); mwexec("/sbin/ifconfig " . escapeshellarg($wancfg['if']) . " down"); - + /* wireless configuration? */ if (is_array($wancfg['wireless'])) interfaces_wireless_configure($wancfg['if'], $wancfg['wireless']); - + if ($wancfg['spoofmac']) - mwexec("/sbin/ifconfig " . escapeshellarg($wancfg['if']) . + mwexec("/sbin/ifconfig " . escapeshellarg($wancfg['if']) . " link " . escapeshellarg($wancfg['spoofmac'])); - + /* media */ if ($wancfg['media'] || $wancfg['mediaopt']) { $cmd = "/sbin/ifconfig " . escapeshellarg($wancfg['if']); @@ -372,67 +374,67 @@ function interfaces_wan_configure() { $cmd .= " mediaopt " . escapeshellarg($wancfg['mediaopt']); mwexec($cmd); } - + switch ($wancfg['ipaddr']) { - + case 'dhcp': interfaces_wan_dhcp_configure(); break; - + case 'pppoe': interfaces_wan_pppoe_configure(); break; - + case 'pptp': interfaces_wan_pptp_configure(); break; - + case 'bigpond': /* just configure DHCP for now; fire up bpalogin when we've got the lease */ interfaces_wan_dhcp_configure(); break; - + default: - mwexec("/sbin/ifconfig " . escapeshellarg($wancfg['if']) . " " . + mwexec("/sbin/ifconfig " . escapeshellarg($wancfg['if']) . " " . escapeshellarg($wancfg['ipaddr'] . "/" . $wancfg['subnet'])); - + /* install default route */ mwexec("/sbin/route delete default"); mwexec("/sbin/route add default " . escapeshellarg($wancfg['gateway'])); - + /* resync ipfilter (done automatically for DHCP/PPPoE/PPTP) */ filter_resync(); } - + if (!$g['booting']) { /* reconfigure static routes (kernel may have deleted them) */ system_routing_configure(); - + /* reload ipfilter */ filter_configure(); - + /* reload shaper */ shaper_configure(); - + /* reload ipsec tunnels */ vpn_ipsec_configure(); - + /* restart ez-ipupdate */ services_dyndns_configure(); - + /* restart dnsmasq */ services_dnsmasq_configure(); } - + if ($g['booting']) echo "done\n"; - + return 0; } function interfaces_wan_dhcp_configure() { global $config, $g; - + $wancfg = $config['interfaces']['wan']; /* generate dhclient.conf */ @@ -441,9 +443,9 @@ function interfaces_wan_dhcp_configure() { printf("Error: cannot open dhclient.conf in interfaces_wan_dhcp_configure().\n"); return 1; } - + $dhclientconf = ""; - + if ($wancfg['dhcphostname']) { $dhclientconf .= <<<EOD send dhcp-client-identifier "{$wancfg['dhcphostname']}"; @@ -456,29 +458,29 @@ EOD; fwrite($fd, $dhclientconf); fclose($fd); - + /* fire up dhclient - don't wait for the lease (-nw) */ mwexec("/sbin/dhclient -nw -cf {$g['varetc_path']}/dhclient.conf " . escapeshellarg($wancfg['if']) . " &"); - + return 0; } function interfaces_wan_pppoe_configure() { global $config, $g; - + $wancfg = $config['interfaces']['wan']; $pppoecfg = $config['pppoe']; - + /* generate mpd.conf */ $fd = fopen("{$g['varetc_path']}/mpd.conf", "w"); if (!$fd) { printf("Error: cannot open mpd.conf in interfaces_wan_pppoe_configure().\n"); return 1; } - + $idle = 0; - + if (isset($pppoecfg['ondemand'])) { $ondemand = "enable"; if ($pppoecfg['timeout']) @@ -486,7 +488,7 @@ function interfaces_wan_pppoe_configure() { } else { $ondemand = "disable"; } - + $mpdconf = <<<EOD pppoe: new -i ng0 pppoe pppoe @@ -496,14 +498,14 @@ pppoe: set iface up-script /usr/local/sbin/ppp-linkup EOD; - + if (isset($pppoecfg['ondemand'])) { $mpdconf .= <<<EOD set iface addrs 10.0.0.1 10.0.0.2 EOD; } - + $mpdconf .= <<<EOD set bundle disable multilink set bundle authname "{$pppoecfg['username']}" @@ -524,14 +526,14 @@ EOD; fwrite($fd, $mpdconf); fclose($fd); - + /* generate mpd.links */ $fd = fopen("{$g['varetc_path']}/mpd.links", "w"); if (!$fd) { printf("Error: cannot open mpd.links in interfaces_wan_pppoe_configure().\n"); return 1; } - + $mpdconf = <<<EOD pppoe: set link type pppoe @@ -544,28 +546,28 @@ EOD; fwrite($fd, $mpdconf); fclose($fd); - + /* fire up mpd */ mwexec("/usr/local/sbin/mpd -b -d {$g['varetc_path']} -p {$g['varrun_path']}/mpd.pid pppoe"); - + return 0; } function interfaces_wan_pptp_configure() { global $config, $g; - + $wancfg = $config['interfaces']['wan']; $pptpcfg = $config['pptp']; - + /* generate mpd.conf */ $fd = fopen("{$g['varetc_path']}/mpd.conf", "w"); if (!$fd) { printf("Error: cannot open mpd.conf in interfaces_wan_pptp_configure().\n"); return 1; } - + $idle = 0; - + if (isset($pptpcfg['ondemand'])) { $ondemand = "enable"; if ($pptpcfg['timeout']) @@ -573,7 +575,7 @@ function interfaces_wan_pptp_configure() { } else { $ondemand = "disable"; } - + $mpdconf = <<<EOD pptp: new -i ng0 pptp pptp @@ -583,14 +585,14 @@ pptp: set iface up-script /usr/local/sbin/ppp-linkup EOD; - + if (isset($pptpcfg['ondemand'])) { $mpdconf .= <<<EOD set iface addrs {$pptpcfg['local']} {$pptpcfg['remote']} EOD; } - + $mpdconf .= <<<EOD set bundle disable multilink set bundle authname "{$pptpcfg['username']}" @@ -610,14 +612,14 @@ EOD; fwrite($fd, $mpdconf); fclose($fd); - + /* generate mpd.links */ $fd = fopen("{$g['varetc_path']}/mpd.links", "w"); if (!$fd) { printf("Error: cannot open mpd.links in interfaces_wan_pptp_configure().\n"); return 1; } - + $mpdconf = <<<EOD pptp: set link type pptp @@ -630,52 +632,52 @@ EOD; fwrite($fd, $mpdconf); fclose($fd); - + /* configure interface */ - mwexec("/sbin/ifconfig " . escapeshellarg($wancfg['if']) . " " . + mwexec("/sbin/ifconfig " . escapeshellarg($wancfg['if']) . " " . escapeshellarg($pptpcfg['local'] . "/" . $pptpcfg['subnet'])); - + /* fire up mpd */ mwexec("/usr/local/sbin/mpd -b -d {$g['varetc_path']} -p {$g['varrun_path']}/mpd.pid pptp"); - + return 0; } function interfaces_wan_bigpond_configure($curwanip) { global $config, $g; - + $bpcfg = $config['bigpond']; - + if (!$curwanip) { /* IP address not configured yet, exit */ return 0; } - + /* kill bpalogin */ killbyname("bpalogin"); - + /* wait a moment */ sleep(1); - + /* get the default domain */ $nfd = @fopen("{$g['varetc_path']}/defaultdomain.conf", "r"); if ($nfd) { $defaultdomain = trim(fgets($nfd)); fclose($nfd); } - + /* generate bpalogin.conf */ $fd = fopen("{$g['varetc_path']}/bpalogin.conf", "w"); if (!$fd) { printf("Error: cannot open bpalogin.conf in interfaces_wan_bigpond_configure().\n"); return 1; } - + if (!$bpcfg['authserver']) $bpcfg['authserver'] = "dce-server"; if (!$bpcfg['authdomain']) $bpcfg['authdomain'] = $defaultdomain; - + $bpconf = <<<EOD username {$bpcfg['username']} password {$bpcfg['password']} @@ -690,46 +692,46 @@ EOD; fwrite($fd, $bpconf); fclose($fd); - + /* fire up bpalogin */ mwexec("/usr/local/sbin/bpalogin -c {$g['varetc_path']}/bpalogin.conf"); - + return 0; } function get_real_wan_interface() { global $config, $g; - + $wancfg = $config['interfaces']['wan']; - + $wanif = $wancfg['if']; if (($wancfg['ipaddr'] == "pppoe") || ($wancfg['ipaddr'] == "pptp")) { $wanif = $g['pppoe_interface']; } - + return $wanif; } function get_current_wan_address() { global $config, $g; - + $wancfg = $config['interfaces']['wan']; - + if (in_array($wancfg['ipaddr'], array('pppoe','dhcp','pptp','bigpond'))) { /* dynamic WAN IP address, find out which one */ $wanif = get_real_wan_interface(); - + /* get interface info with netstat */ exec("/usr/bin/netstat -nWI " . escapeshellarg($wanif) . " -f inet", $ifinfo); - + if (isset($ifinfo[1])) { $aif = preg_split("/\s+/", $ifinfo[1]); $curwanip = chop($aif[3]); - + if ($curwanip && is_ipaddr($curwanip) && ($curwanip != "0.0.0.0")) return $curwanip; } - + return null; } else { /* static WAN IP address */ diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 213aeeb..f90de3f 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -1,8 +1,10 @@ <?php /* vpn.inc - part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2004 Scott Ullrich + All rights reserved. + originally part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. diff --git a/usr/local/www/diag_logs.php b/usr/local/www/diag_logs.php index 5be7a17..31b0a99 100755 --- a/usr/local/www/diag_logs.php +++ b/usr/local/www/diag_logs.php @@ -1,22 +1,24 @@ #!/usr/local/bin/php -<?php +<?php /* diag_logs.php - part of m0n0wall (http://m0n0.ch/wall) - + Copyright (C) 2004 Scott Ullrich + All rights reserved. + + originally part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -45,11 +47,11 @@ function dump_clog($logfile, $tail, $withorig = true) { $sor = isset($config['syslog']['reverse']) ? "-r" : ""; exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); - + foreach ($logarr as $logent) { $logent = preg_split("/\s+/", $logent, 6); echo "<tr valign=\"top\">\n"; - + if ($withorig) { echo "<td class=\"listlr\" nowrap>" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "</td>\n"; echo "<td class=\"listr\">" . htmlspecialchars($logent[4] . " " . $logent[5]) . "</td>\n"; @@ -83,11 +85,11 @@ function dump_clog($logfile, $tail, $withorig = true) { <li class="tabinact"><a href="diag_logs_settings.php">Settings</a></li> </ul> </td></tr> - <tr> + <tr> <td class="tabcont"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> - <tr> - <td colspan="2" class="listtopic"> + <tr> + <td colspan="2" class="listtopic"> Last <?=$nentries;?> system log entries</td> </tr> <?php dump_clog("/var/log/system.log", $nentries); ?> diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index 723de78..0d4c991 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -1,22 +1,24 @@ #!/usr/local/bin/php -<?php +<?php /* firewall_nat_out_edit.php - part of m0n0wall (http://m0n0.ch/wall) - + Copyright (C) 2004 Scott Ullrich + All rights reserved. + + originally part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -33,7 +35,7 @@ require("guiconfig.inc"); if (!is_array($config['nat']['advancedoutbound']['rule'])) $config['nat']['advancedoutbound']['rule'] = array(); - + $a_out = &$config['nat']['advancedoutbound']['rule']; nat_out_rules_sort(); @@ -74,19 +76,19 @@ if (isset($id) && $a_out[$id]) { } if ($_POST) { - + if ($_POST['destination_type'] == "any") { $_POST['destination'] = "any"; $_POST['destination_subnet'] = 24; } - + unset($input_errors); $pconfig = $_POST; /* input validation */ $reqdfields = explode(" ", "interface source source_subnet destination destination_subnet"); $reqdfieldsn = explode(",", "Interface,Source,Source bit count,Destination,Destination bit count"); - + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if ($_POST['source'] && !is_ipaddr($_POST['source'])) { @@ -106,7 +108,7 @@ if ($_POST) { if ($_POST['target'] && !is_ipaddr($_POST['target'])) { $input_errors[] = "A valid target IP address must be specified."; } - + /* check for existing entries */ $osn = gen_subnet($_POST['source'], $_POST['source_subnet']) . "/" . $_POST['source_subnet']; if ($_POST['destination_type'] == "any") @@ -114,7 +116,7 @@ if ($_POST) { else $ext = gen_subnet($_POST['destination'], $_POST['destination_subnet']) . "/" . $_POST['destination_subnet']; - + if ($_POST['target']) { /* check for clashes with 1:1 NAT (Server NAT is OK) */ if (is_array($config['nat']['onetoone'])) { @@ -126,14 +128,14 @@ if ($_POST) { } } } - + foreach ($a_out as $natent) { if (isset($id) && ($a_out[$id]) && ($a_out[$id] === $natent)) continue; - + if (!$natent['interface']) $natent['interface'] == "wan"; - + if (($natent['interface'] == $_POST['interface']) && ($natent['source']['network'] == $osn)) { if (isset($natent['destination']['not']) == isset($_POST['destination_not'])) { if ((isset($natent['destination']['any']) && ($ext == "any")) || @@ -151,24 +153,24 @@ if ($_POST) { $natent['descr'] = $_POST['descr']; $natent['target'] = $_POST['target']; $natent['interface'] = $_POST['interface']; - + if ($ext == "any") $natent['destination']['any'] = true; else $natent['destination']['network'] = $ext; - + if (isset($_POST['destination_not']) && $ext != "any") $natent['destination']['not'] = true; - + if (isset($id) && $a_out[$id]) $a_out[$id] = $natent; else $a_out[] = $natent; - + touch($d_natconfdirty_path); - + write_config(); - + header("Location: firewall_nat_out.php"); exit; } @@ -216,7 +218,7 @@ function typesel_change() { $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; } foreach ($interfaces as $iface => $ifacename): ?> - <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> + <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> <?=htmlspecialchars($ifacename);?> </option> <?php endforeach; ?> @@ -224,12 +226,12 @@ function typesel_change() { <span class="vexpl">Choose which interface this rule applies to.<br> Hint: in most cases, you'll want to use WAN here.</span></td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">Source</td> <td width="78%" class="vtable"> <input name="source" type="text" class="formfld" id="source" size="20" value="<?=htmlspecialchars($pconfig['source']);?>"> - - / + + / <select name="source_subnet" class="formfld" id="source_subnet"> <?php for ($i = 32; $i >= 0; $i--): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['source_subnet']) echo "selected"; ?>> @@ -240,7 +242,7 @@ function typesel_change() { <br> <span class="vexpl">Enter the source network for the outbound NAT mapping.</span></td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">Destination</td> <td width="78%" class="vtable"> <input name="destination_not" type="checkbox" id="destination_not" value="yes" <?php if ($pconfig['destination_not']) echo "checked"; ?>> @@ -248,22 +250,22 @@ function typesel_change() { Use this option to invert the sense of the match.<br> <br> <table border="0" cellspacing="0" cellpadding="0"> - <tr> + <tr> <td>Type: </td> <td><select name="destination_type" class="formfld" onChange="typesel_change()"> - <option value="any" <?php if ($pconfig['destination'] == "any") echo "selected"; ?>> + <option value="any" <?php if ($pconfig['destination'] == "any") echo "selected"; ?>> any</option> - <option value="network" <?php if ($pconfig['destination'] != "any") echo "selected"; ?>> + <option value="network" <?php if ($pconfig['destination'] != "any") echo "selected"; ?>> Network</option> </select></td> </tr> - <tr> + <tr> <td>Address: </td> <td><input name="destination" type="text" class="formfld" id="destination" size="20" value="<?=htmlspecialchars($pconfig['destination']);?>"> - / + / <select name="destination_subnet" class="formfld" id="destination_subnet"> <?php for ($i = 32; $i >= 0; $i--): ?> - <option value="<?=$i;?>" <?php if ($i == $pconfig['destination_subnet']) echo "selected"; ?>> + <option value="<?=$i;?>" <?php if ($i == $pconfig['destination_subnet']) echo "selected"; ?>> <?=$i;?> </option> <?php endfor; ?> @@ -271,31 +273,31 @@ function typesel_change() { </tr> <tr> <td> </td> - <td><span class="vexpl">Enter the destination network for + <td><span class="vexpl">Enter the destination network for the outbound NAT mapping.</span></td> </tr> </table></td> </tr> - <tr> + <tr> <td valign="top" class="vncell">Target</td> <td class="vtable"> <input name="target" type="text" class="formfld" id="target" size="20" value="<?=htmlspecialchars($pconfig['target']);?>"> <br> <span class="vexpl">Packets matching this rule will be mapped to the IP address given here. Leave blank to use the selected interface's IP address.</span></td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell">Description</td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> - <br> <span class="vexpl">You may enter a description here + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> + <br> <span class="vexpl">You may enter a description here for your reference (not parsed).</span></td> </tr> - <tr> + <tr> <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save"> <?php if (isset($id) && $a_out[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> + <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index edbcd7d..f34c897 100755 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -2,11 +2,13 @@ <?php /* vpn_ipsec.php - part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2004 Scott Ullrich + All rights reserved. + originally part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: diff --git a/usr/local/www/vpn_ipsec_edit.php b/usr/local/www/vpn_ipsec_edit.php index 51fccd5..5043cd8 100755 --- a/usr/local/www/vpn_ipsec_edit.php +++ b/usr/local/www/vpn_ipsec_edit.php @@ -2,11 +2,13 @@ <?php /* vpn_ipsec_edit.php - part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2004 Scott Ullrich + All rights reserved. + originally part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: |