~vcs-imports/ipfire/ipfire-2.x

« back to all changes in this revision

Viewing changes to src/misc-progs/setdmzholes.c

  • Committer: ipfire
  • Date: 2006-02-15 21:15:54 UTC
  • Revision ID: git-v1:cd1a2927226c734d96478e12bb768256fb64a06a


git-svn-id: http://svn.ipfire.org/svn/ipfire/IPFire/source@16 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
/* SmoothWall helper program - setdmzhole
 
2
 *
 
3
 * This program is distributed under the terms of the GNU General Public
 
4
 * Licence.  See the file COPYING for details.
 
5
 *
 
6
 * (c) Daniel Goscomb, 2001
 
7
 * 
 
8
 * Modifications and improvements by Lawrence Manning.
 
9
 *
 
10
 * 10/04/01 Aslak added protocol support
 
11
 * This program reads the list of ports to forward and setups iptables
 
12
 * and rules in ipmasqadm to enable them.
 
13
 * 
 
14
 * $Id: setdmzholes.c,v 1.5.2.3 2005/10/18 17:05:27 franck78 Exp $
 
15
 * 
 
16
 */
 
17
#include "libsmooth.h"
 
18
#include <stdio.h>
 
19
#include <string.h>
 
20
#include <stdlib.h>
 
21
#include "setuid.h"
 
22
 
 
23
FILE *fwdfile = NULL;
 
24
 
 
25
void exithandler(void)
 
26
{
 
27
        if (fwdfile)
 
28
                fclose(fwdfile);
 
29
}
 
30
 
 
31
int main(void)
 
32
{
 
33
        int count;
 
34
        char *protocol;
 
35
        char *locip;
 
36
        char *remip;
 
37
        char *remport;
 
38
        char *enabled;
 
39
        char *src_net;
 
40
        char *dst_net;
 
41
        char s[STRING_SIZE];
 
42
        char *result;
 
43
        struct keyvalue *kv = NULL;
 
44
        char orange_dev[STRING_SIZE] = "";
 
45
        char blue_dev[STRING_SIZE] = "";
 
46
        char green_dev[STRING_SIZE] = "";
 
47
        char *idev;
 
48
        char *odev;
 
49
        char command[STRING_SIZE];
 
50
 
 
51
        if (!(initsetuid()))
 
52
                exit(1);
 
53
 
 
54
        atexit(exithandler);
 
55
 
 
56
        kv=initkeyvalues();
 
57
        if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))
 
58
        {
 
59
                fprintf(stderr, "Cannot read ethernet settings\n");
 
60
                exit(1);
 
61
        }
 
62
 
 
63
        if (!findkey(kv, "GREEN_DEV", green_dev))
 
64
        {
 
65
                fprintf(stderr, "Cannot read GREEN_DEV\n");
 
66
                exit(1);
 
67
        }
 
68
        findkey(kv, "BLUE_DEV", blue_dev);
 
69
        findkey(kv, "ORANGE_DEV", orange_dev);
 
70
 
 
71
        if (!(fwdfile = fopen(CONFIG_ROOT "/dmzholes/config", "r")))
 
72
        {
 
73
                fprintf(stderr, "Couldn't open dmzholes settings file\n");
 
74
                exit(1);
 
75
        }
 
76
 
 
77
        safe_system("/sbin/iptables -F DMZHOLES");
 
78
 
 
79
        while (fgets(s, STRING_SIZE, fwdfile) != NULL)
 
80
        {
 
81
                if (s[strlen(s) - 1] == '\n')
 
82
                        s[strlen(s) - 1] = '\0';
 
83
                result = strtok(s, ",");
 
84
                
 
85
                count = 0;
 
86
                protocol = NULL;
 
87
                locip = NULL; remip = NULL;
 
88
                remport = NULL;
 
89
                enabled = NULL;
 
90
                src_net = NULL;
 
91
                dst_net = NULL;
 
92
                idev = NULL;
 
93
                odev = NULL;
 
94
                
 
95
                while (result)
 
96
                {
 
97
                        if (count == 0)
 
98
                                protocol = result;
 
99
                        else if (count == 1)
 
100
                                locip = result;
 
101
                        else if (count == 2)
 
102
                                remip = result;
 
103
                        else if (count == 3)
 
104
                                remport = result;
 
105
                        else if (count == 4)
 
106
                                enabled = result;
 
107
                        else if (count == 5)
 
108
                                src_net = result;
 
109
                        else if (count == 6)
 
110
                                dst_net = result;
 
111
                        count++;
 
112
                        result = strtok(NULL, ",");
 
113
                }
 
114
 
 
115
                if (!(protocol && locip && remip && remport && enabled))
 
116
                {
 
117
                        fprintf(stderr, "Bad line:\n");
 
118
                        break;
 
119
                }
 
120
 
 
121
                if (!VALID_PROTOCOL(protocol))
 
122
                {
 
123
                        fprintf(stderr, "Bad protocol: %s\n", protocol);
 
124
                        exit(1);
 
125
                }
 
126
                if (!VALID_IP_AND_MASK(locip))
 
127
                {
 
128
                        fprintf(stderr, "Bad local IP: %s\n", locip);
 
129
                        exit(1);
 
130
                }
 
131
                if (!VALID_IP_AND_MASK(remip))
 
132
                {
 
133
                        fprintf(stderr, "Bad remote IP: %s\n", remip);
 
134
                        exit(1);
 
135
                }
 
136
                if (!VALID_PORT_RANGE(remport))
 
137
                {
 
138
                        fprintf(stderr, "Bad remote port: %s\n", remport);
 
139
                        exit(1);
 
140
                }
 
141
                
 
142
                if (!src_net) { src_net = strdup ("orange");}
 
143
                if (!dst_net) { dst_net = strdup ("green");}
 
144
                
 
145
                if (!strcmp(src_net, "blue"))   { idev = blue_dev; }
 
146
                if (!strcmp(src_net, "orange")) { idev = orange_dev; }
 
147
                if (!strcmp(dst_net, "blue"))   { odev = blue_dev; }
 
148
                if (!strcmp(dst_net, "green"))  { odev = green_dev; }
 
149
                
 
150
                if (!strcmp(enabled, "on") && strlen(idev) && strlen (odev))
 
151
                {
 
152
                        char *ctr;
 
153
                        /* If remport contains a - we need to change it to a : */
 
154
                        if ((ctr = strchr(remport,'-')) != NULL){*ctr = ':';}
 
155
                        memset(command, 0, STRING_SIZE);
 
156
                        snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A DMZHOLES -p %s -i %s -o %s -s %s -d %s --dport %s -j ACCEPT", protocol, idev, odev, locip, remip, remport);
 
157
                        safe_system(command);
 
158
                }
 
159
        }
 
160
 
 
161
        return 0;
 
162
}