firewall/0040755000567100000120000000000007701233264012353 5ustar jcameronwheelfirewall/firewall-lib.pl0100664000567100000120000001567007701233263015270 0ustar jcameronwheel# firewall-lib.pl # Functions for parsing iptables-save format files # - help pages do '../web-lib.pl'; &init_config(); if ($config{'save_file'}) { # Force use of a different save file, and webmin's functions $iptables_save_file = $config{'save_file'}; } else { if (-r "$module_root_directory/$gconfig{'os_type'}-lib.pl") { # Use the operating system's save file and functions do "$gconfig{'os_type'}-lib.pl"; } if (!$iptables_save_file) { # Use webmin's own save file $iptables_save_file = "$module_config_directory/iptables.save"; } } @known_tables = ( "filter", "mangle", "nat" ); @known_args = ('-p', '-m', '-s', '-d', '-i', '-o', '-f', '--dport', '--sport', '--tcp-flags', '--tcp-option', '--icmp-type', '--mac', '--limit', '--limit-burst', '--ports', '--uid-owner', '--gid-owner', '--pid-owner', '--sid-owner', '--state', '--tos', '-j', '--to-ports', '--to-destination', '--to-source', '--dports', '--sports'); # get_iptables_save([file]) # Parse the iptables save file into a list of tables # format seems to be: # *table # :chain defaultpolicy # -A chain options # COMMIT sub get_iptables_save { local (@rv, $table, %got); local $lnum = 0; open(FILE, $_[0] || ($config{'direct'} ? "iptables-save |" : $iptables_save_file)); local $cmt; while() { local $read_comment; s/\r|\n//g; if (s/#\s*(.*)$//) { $cmt .= " " if ($cmt); $cmt .= $1; $read_comment=1; } if (/^\*(\S+)/) { # Start of a new table $got{$1}++; push(@rv, $table = { 'line' => $lnum, 'eline' => $lnum, 'name' => $1, 'rules' => [ ], 'defaults' => { } }); } elsif (/^:(\S+)\s+(\S+)/) { # Default policy definition $table->{'defaults'}->{$1} = $2; } elsif (/^(\[[^\]]*\]\s+)?-A\s+(\S+)(.*)/) { # Rule definition local $rule = { 'line' => $lnum, 'eline' => $lnum, 'index' => scalar(@{$table->{'rules'}}), 'cmt' => $cmt, 'chain' => $2, 'args' => $3 }; push(@{$table->{'rules'}}, $rule); # Parse arguments foreach $a (@known_args) { local @vl; while($rule->{'args'} =~ s/\s+(!?)\s*($a)\s+(!?)\s*(([^ \-!]\S*(\s+|$))+)/ / || $rule->{'args'} =~ s/\s+(!?)\s*($a)()(\s+|$)/ /) { push(@vl, [ $1 || $3, split(/\s+/, $4) ]); } local ($aa = $a); $aa =~ s/^-+//; if ($a eq '-m') { $rule->{$aa} = \@vl if (@vl); } else { $rule->{$aa} = $vl[0]; } } } elsif (/^COMMIT/) { # Marks end of a table $table->{'eline'} = $lnum; } elsif (/\S/) { &error(&text('eiptables', "$_")); } $lnum++; if (! defined($read_comment)) { $cmt=undef; } } close(FILE); @rv = sort { $a->{'name'} cmp $b->{'name'} } @rv; local $i; map { $_->{'index'} = $i++ } @rv; return @rv; } # save_table(&table) # Updates an existing IPtable in the save file sub save_table { local $lref; if ($config{'direct'}) { # Read in the current iptables-save output $lref = &read_file_lines("iptables-save |"); } else { # Updating the save file $lref = &read_file_lines($iptables_save_file); } local @lines = ( "*$_[0]->{'name'}" ); local ($d, $r); foreach $d (keys %{$_[0]->{'defaults'}}) { push(@lines, ":$d $_[0]->{'defaults'}->{$d} [0:0]"); } foreach $r (@{$_[0]->{'rules'}}) { local $line; $line = "# $r->{'cmt'}\n" if ($r->{'cmt'}); $line .= "-A $r->{'chain'}"; foreach $a (@known_args) { local ($aa = $a); $aa =~ s/^-+//; if ($r->{$aa}) { local @al = ref($r->{$aa}->[0]) ? @{$r->{$aa}} : ( $r->{$aa} ); foreach $ag (@al) { local $n = shift(@$ag); $line .= " ".join(" ", $n ? ( $n ) : (), $a, @$ag); } } } $line .= " $r->{'args'}" if ($r->{'args'} =~ /\S/); push(@lines, $line); } push(@lines, "COMMIT"); if (defined($_[0]->{'line'})) { # Update in file splice(@$lref, $_[0]->{'line'}, $_[0]->{'eline'} - $_[0]->{'line'} + 1, @lines); } else { # Append new table to file push(@$lref, "# Generated by webmin", @lines, "# Completed"); } if ($config{'direct'}) { # Pass new lines to iptables-restore open(SAVE, "| iptables-restore"); print SAVE map { $_."\n" } @$lref; close(SAVE); } else { # Just save the file &flush_file_lines(); } } # describe_rule(&rule) sub describe_rule { local (@c, $d); foreach $d ('p', 's', 'd', 'i', 'o', 'f', 'dport', 'sport', 'tcp-flags', 'tcp-option', 'icmp-type', 'mac', 'limit', 'limit-burst', 'ports', 'uid-owner', 'gid-owner', 'pid-owner', 'sid-owner', 'state', 'tos', 'dports', 'sports') { if ($_[0]->{$d}) { local ($n, @v) = @{$_[0]->{$d}}; @v = map { uc($_) } @v if ($d eq 'p'); local $txt = &text("desc_$d$n", map { "$_" } @v); push(@c, $txt) if ($txt); } } local $rv; if (@c) { $rv = &text('desc_conds', join(" $text{'desc_and'} ", @c)); } else { $rv = $text{'desc_always'}; } return $rv; } # create_firewall_init() # Do whatever is needed to have the firewall started at boot time sub create_firewall_init { if (defined(&enable_at_boot)) { # Use distro's function &enable_at_boot(); } else { # May need to create init script local $res = &has_command("iptables-restore"); local $ipt = &has_command("iptables"); local $start = "$res <$iptables_save_file"; local $stop = "$ipt -t filter -F\n". "$ipt -t nat -F\n". "$ipt -t mangle -F\n". "$ipt -t filter -P INPUT ACCEPT\n". "$ipt -t filter -P OUTPUT ACCEPT\n". "$ipt -t filter -P FORWARD ACCEPT\n". "$ipt -t nat -P PREROUTING ACCEPT\n". "$ipt -t nat -P POSTROUTING ACCEPT\n". "$ipt -t nat -P OUTPUT ACCEPT\n". "$ipt -t mangle -P PREROUTING ACCEPT\n". "$ipt -t mangle -P OUTPUT ACCEPT"; &foreign_require("init", "init-lib.pl"); &init::enable_at_boot("webmin-iptables", "Load IPtables save file", $start, $stop); } } # interface_choice(name, value) sub interface_choice { local @ifaces; if (&foreign_check("net")) { &foreign_require("net", "net-lib.pl"); local $i; foreach $i (&net::active_interfaces(), &net::boot_interfaces()) { push(@ifaces, $i->{'fullname'}); } @ifaces = &unique(@ifaces); } if (@ifaces) { local $rv = "\n"; $rv .= sprintf "\n", !$found ? $_[1] : ""; return $rv; } else { return ""; } } sub check_previous { my (@p,$max,$n)=@_; for ($i=0;$i<$max;$i++) { if ($n eq $p[$i]){return 1} } return -1; } sub by_string_for_iptables { my @p=("PREROUTING","INPUT","FORWARD","OUTPUT","POSTROUTING"); for ($i=0;$i<@p;$i++) { if ($a eq $p[$i]){ if (&check_previous(@p,$i,$b)){return -1;} else{ return 1;}} if ($b eq $p[$i]){ if (&check_previous(@p,$i,$b)){return 1;} else{ return -1;}} } return $a cmp $b; } 1; firewall/module.info0100664000567100000120000000051407701233277014520 0ustar jcameronwheelcategory=net desc_ru_SU=Межсетевой экран (firewall) longdesc=Configure a Linux firewall using iptables. Allows the editing of all tables, chains, rules and options. os_support=*-linux desc=Linux Firewall desc_de=Linux-Firewall name=Firewall depends=1.100 version=1.100 desc_ru_RU=лЕФЯЕРЕБНИ ЩЙПЮМ (firewall) desc_ca=Tallafocs Linux firewall/images/0040775000567100000120000000000007701233300013611 5ustar jcameronwheelfirewall/images/icon.gif0100664000567100000120000000554607701233263015247 0ustar jcameronwheelGIF89a00ГNХ·├nXpTD╨`@4~╪M┴6'╪F░,НУъMюB╓▓VF©>X7,│D,╤l┘$Яо-╪:╜~gч╓U!╢·Д╖EХ≤╔&^├≤b+!╓"╡RЖч^uт╫5е╕├ъ┤■>╔S,$нй╒аk И╡H╨VF⌡5╬~6┘╝░╨.╨fЖчbb&²Оа┌÷-yлж│╗з▓.цT═? ╪*N&·┼nbФ╝m╬╤▓ ┘аy+Рз>Пф&╓5u╡▀oЙЙ╬╨b ж┼JмmЁG9R"jР└╕j.╬┌╕ф╠▐ Z,▓#Й╙²╦╝▄Й╦o╗BяwЙ╨┌▒╬] ё ╤-ДД╥eH9x4Рмv╨rN╝ж b═bPч·bЖ~."vь┬╡4ПфPбf║a)Д▓v^├▐╡╡Lпw√7+НюZ╠-ж░Йхf ·,бv^ьlяv╞:НцrВШй B*Е║8╣╕┘k ╠&к\Ц╖dаUзпbj:.М╦O╨bO─dQ╝2&█-!╤б▌r▌>*╙Z(с├/f╕ z╙,≤V>iN?Ю■!╓&· ≥ ╤°$щ≈T╝J&Сь]шж╚n╟o1 2"v ╢\еFб√zБ┌▄$б┼╒ uZI╡D╪═┐j@4м~@═sZХ╗4зv∙G% bNnH:лf,00ЧK∙╡cG═A┐ц \╟к▐ ф(9pбy─╨tB7═S y]╨╙1р│RY╗,╗0Аа├|4g└dy ■(│K╥Рt√Хти G┌ЗY╨@a╘└ЁЛbЖ░ :М,║╠,G▌ЬЦзO╝ (а4а▄ы╝√J1<▄'х" H<мНD┤.ш▒l░t~е▓мЛQЗ0АГ═²6KM4Бб┘─е═╗╪Ндб╥g6,Т:ЫмФвl ┼1e6jd╒╘ю]-|Ь┬G@░8A▌H`v#gбG╬КА┬╜ЮAтП3⌡≈x>ч√ZюLeAьеYTч%Ёвяa┐Чcqcэ┐[╤╡∙Ь(╞M▀$d▄▒▒tN┼╔s▓╬{ТH⌡1 FЭ│ия═2юnP@┌ ╨А`╡║D█╩≤@⌡s▓╦∙EL3QB┐ DД─]BЫu└ХyЮz╤\─-nХ%RC>TF@┤L%┌п@─Iп@ %5h╢я.─ч▀╤°wи%╤Э╢сM 8т░А3rмV≥8п%╓Aп ГyаqP├┘hC∙0RZr!▌≈liH─8Б8вхV9▓f ы≤gк⌡╓1y°yX■┴V²эИ39√ь┬lcfG@<▓hBF─c%ЕWzА5TЧ ьq╘├Б]0┐ЮАг╦BqHЁ⌠╒хцБH┌≤°3░■0╥ ═╝▓▒uэA │пб?@ Т ÷ха_д3\PIьрm ∙╔0ёЧV┴Ч└$ёKXб[╗Ж !─═й┼r┌ t╠ ╡Д4.┬бH■╟ Б-| Л│ H│&Ж═o─VWAt9─(Xэ┬0╚ы┬CGrю▒H┌@ХЮжЬ<Ю╠фF* ░@ ъ╦▌²═"┬бцх-Ыю*▀8▒#!HGLBa?Ю├5ф CxB ф10ПЮ▒╞H╒QрЕ─|°(▄█ю╝═Ж█я▌┤V0╛┌<┬A4÷▄`ХА Ип┐,цП┼╛ёИ7╒G─FH"{п╟┌4╬Я█qТ╒дЮф,f▒│zЖА·}ЧC╤░▌V0А÷Lе З░~╗с≤╛a█MпА╘╟G▌Ю6p(S cV 6\С OЮа6D░]╢ёМ┌JК║ i╙ Z ┘<═Г┬╣Ag&u≥юА┼1▄║√шХю!,@тkЙ!╗И─,`!OT ╗G0x═┌0╓A╕Ю╛)≥fc$²фB :Ьi ╤ 6╟hг╓й┐l║KM├\=▀5╧$еHhg▓Mqa▄╘аWй┐'▄"╟│Raq─╣>a}пSЪя▄dю╒п2├0%`≥a▄┤ ╦@Hpжю+(╛Fq─°═∙PЧ╘рUХБ∙pA,▀ыCхB@PNбiE.л├tИJ8Dp┬` bB╗k;Д ▄J▄ю CX┘║("╨8│,~эp─⌠v5ЩrNdAаHютЮ┴З&ёмЬгa├Кrв|f- j┬┌r≤д1с╔у ▄/ :Xц─p┬@Uх╟*▓Я▀*┐.≤ю ╕ю▌)т┌ ╣Pц2Zk■бbV(└5┬аV<═Ы@рi jМПд?Ч▒▄ ╚&D-D<┘тBи╪XFб╩XXXю @{<с≈MБгAnф/ЖЯ U■Ыю0EЧРю┴°║ Lю'hA▀(/умP▒uА┘^o╞7╘а<░я▌<ЪБ═Ю─7РПS╪#ч┬╢7┌░┌< Tю>а ╧▌Ы o╝└6c│▒▒$i$rh┤*м18А╥ьц3ТQ▄ZCbпг6П┌┐юн²@l7Wa╒пA,2┬X░b cп┤ъяj'4│$0┤9 яКnБшh├0й═ eЭ:k^Ё╠┘P▐1╦"xА Eф│d╪#пD─mhшоxF╞ВqО;@й² *`Cщgh╩E░├≥йcАHц8Ю GГ{ъьж6SЧ}╪@эбьv░П:╦<Ь@1'jЮzт┐БЛ╧юХ9 Ъ─ ╟vлАОL╪`вЗ@B√▌├╕/╪sh8>Б░▌)░xУB ░P;firewall/images/up.gif0100644000567100000120000000014707701233263014731 0ustar jcameronwheelGIF89a║дддrrrЪЪЪ!ЧMade with GIMP!Ы ,&°▐╘╟ ┌|'йЫЛеIoн|b%■бe√а┌RGК╟;SУsЁf;firewall/images/down.gif0100644000567100000120000000015407701233263015252 0ustar jcameronwheelGIF89a║дддrrrЪЪЪ!ЧMade with GIMP!Ы ,+°▐╘⌡@"IМаUЁыi°ВeJ┐bAЗс ┐I ┤m.╠╜кdN┌;firewall/images/gap.gif0100644000567100000120000000011107701233263015043 0ustar jcameronwheelGIF89a─ЪЪЪЪЪЪ!ЧMade with GIMP!Ы ,└▐╘кМё°╢з▀Ё>;firewall/images/before.gif0100644000567100000120000000012407701233263015542 0ustar jcameronwheelGIF89a║ЪЪЪJ╘ЪЪ!Ы,%└▐iаМ-√≤╢R╣0n╧ьsuihz┼l ╕╚Л╡bЭФ];firewall/images/after.gif0100664000567100000120000000012207701233263015401 0ustar jcameronwheelGIF89a║ЪЪЪJ╘ЪЪЪЪЪ!Ы ,#└▐╘к!zQ:ho╣4┐·│мCb#╧²╘╢NЕ▀:бLв╢┤;firewall/images/smallicon.gif0100664000567100000120000000265207701233263016273 0ustar jcameronwheelGIF87aГtфQГ╛N╜Ц²)`≥┘╫:/{°7╬╩Tрl ╙Ц]цEк^j'°."x╩f!n╖Zсeш┐дi t*"⌠Б■$Иё шzгT╦k v0'╓оa░╩/l|И╘'╣╬S≥?2hёK²' ┤&█┐▀&o yoРоMe╞$╔ ║?─цf$Э╞bтNТз_≥юдuDЫs╨PAеO╛ХЁq_└≤└"┘7'z╫з▒L╠!аqЖp╘\▀ ╪ZIVниXw╛2 ╨╟TС÷ m╕ъ▓▓;&ккw╥╓8b!Z$jёк\JVV|/'g╢K=═╖'Zы▄ьgS╥WЦ║9╖A0n╠z1(Йd╦Kю─\юFаB╖L=ю@╘C ┴УщTб┐┤$u╝n4)gГt-%╓8& ёо\n'├Пw`╚Од[║^≈2q>2Л╫y╠WF╪╕2╗аK■ ■у~кxм╧╨a*Рlеk чX©WFй▒}╢2sc#╤Оi╪EшUч P▌гтyj$╡W©N?ЁЛf▀⌡ ┤6,д░ Щf"╟ИcЬf░0 °ыmXж┬7⌠ ╪c ┬,Ч┴Лjб╜`╦┌х|=⌠Т║й╣a_DРК@cк╫эrKЁD`F?┐▌ вБC "└Ю Bю╩┤lQн- @ 4\┐ёЁ╓к┐%I╓"─╘╦Б┼4SпHK-Х└╒ Ч,╟элLtq▌#ul#L@;firewall/lang/0040775000567100000120000000000007701233300013265 5ustar jcameronwheelfirewall/lang/old-en0100664000567100000120000000560307701233263014377 0ustar jcameronwheelindex_title=IPTables Firewall index_eiptables=The command $1 was not found on your system. You need to install the IPtables package to use this module. index_ekernel=An error occured listing the current IPtables configuration : $1 Your kernel may not have IPtables support compiled in. index_header=Firewall script $1 index_add=Add a new firewall rule index_type=Entry type index_table=IP table index_chain=IP chain index_desc=Description index_move=Move index_rule=Firewall rule index_var=Variable index_script=Shell script index_none=There are no rules in your firewall script. index_apply=Apply Firewall Configuration index_applydesc=Click this button to make the firewall configuration listed above active. Make sure that you have not blocked Webmin access to your server before doing this! desc_policy=Set default policy to $1 desc_flush=Clear all rules desc_list=List all rules desc_zero=Zero packet and byte counts desc_new=Create new chain desc_dchain=Delete chain desc_dchains=Delete all user-defined chains desc_protocol=protocol is $1 desc_protocol!=protocol is not $1 desc_source=source is $1 desc_source!=source is not $1 desc_dest=destination is $1 desc_dest!=destination is not $1 desc_in=input interface is $1 desc_in!=input interface is not $1 desc_out=output interface is $1 desc_out!=output interface is not $1 desc_fragment=packet is a fragment desc_fragment!=packet is not a fragment desc_sourceport=source port is $1 desc_sourceport!=source port is not $1 desc_destport=destination port is $1 desc_destport!=destination port is not $1 desc_tcpflags=TCP flags $2 are set desc_tcpflags!=TCP flags $2 are not set desc_syn=packet opens TCP connection desc_syn!=packet does not open TCP connection desc_tcpoption=packet uses TCP option $1 desc_tcpoption!=packet does not use TCP option $1 desc_mac=ethernet address is $1 desc_mac!=ethernet address is not $1 desc_icmptype=ICMP type is $1 desc_icmptype!=ICMP type is not $1 desc_limit=rate is less than $1 desc_limit!=rate is more than $1 desc_limitburst=burst rate is less than $1 desc_limitburst!=burst rate is more than $1 desc_port=source and destination port is $1 desc_port!=source and destination port is not $1 desc_uidowner=UID of sender is $1 desc_uidowner!=UID of sender is not $1 desc_gidowner=GID of sender is $1 desc_gidowner!=GID of sender is not $1 desc_pidowner=process ID of sender is $1 desc_pidowner!=process ID of sender is not $1 desc_sidowner=session group of sender is $1 desc_sidowner!=session group of sender is not $1 desc_state=state of connection is $1 desc_state!=state of connection is not $1 desc_tos=type of service field is $1 desc_tos!=type of service field is not $1 desc_conds=If $1 , desc_and=and desc_always=Always desc_jump_accept=accept packet desc_jump_drop=drop packet desc_jump_queue=pass packet to userspace desc_jump_return=return from chain desc_jump_masquerade=masquerade packet desc_jump=forward to chain $1 desc_nojump=do nothing firewall/lang/en0100664000567100000120000002445007701233263013624 0ustar jcameronwheelindex_title=Linux Firewall index_ecommand=The command $1 was not found on your system. Webmin needs this command to configure IPtables. index_ekernel=An error occured when checking your current IPtables configuration : $1 This may indicate that your kernel does not support IPtables. index_header=Firewall configuration from $1 index_change=Showing IPtable: index_chain_input=Incoming packets (INPUT) index_chain_output=Outgoing packets (OUTPUT) index_chain_forward=Forwarded packets (FORWARD) index_chain_prerouting=Packets before routing (PREROUTING) index_chain_postrouting=Packets after routing (POSTROUTING) index_chain=Chain $1 index_action=Action index_desc=Condition index_comm=Comment index_no_comment= index_move=Move index_none=There are no rules defined for this chain. index_policy=Set default action to: index_policy_accept=Accept index_policy_drop=Drop index_policy_queue=Userspace index_policy_return=Exit chain index_jump_accept=Accept index_jump_drop=Drop index_jump_queue=Userspace index_jump_return=Exit chain index_jump_masquerade=Masquerade index_jump_redirect=Redirect index_jump_dnat=Destination NAT index_jump_snat=Source NAT index_jump_=Do nothing index_jump=Run chain $1 index_radd=Add rule index_cdelete=Delete chain index_cclear=Clear all rules index_cadd=Add a new chain named: index_apply=Apply Configuration index_applydesc=Click this button to make the firewall configuration listed above active. Any firewall rules currently in effect will be flushed and replaced index_unapply=Revert Configuration index_unapplydesc=Click this button to reset the configuration listed above to the one that is currently active. index_table_filter=Packet filtering (filter) index_table_nat=Network address translation (nat) index_table_mangle=Packet alteration (mangle) index_existing=Webmin has detected $1 IPtables firewall rules currently in use, which are not recorded in the save file $2. These rules were probably setup from a script, which this module does not know how to read and edit.

If you want to use this module to manage your IPtables firewall, click the button below to convert the existing rules to a save file, and then disable your existing firewall script. index_saveex=Save Firewall Rules index_atboot=Enable firewall at boot time? index_headerex=Existing firewall configuration index_bootup=Activate at boot index_bootupdesc=Change this option to control whether your firewall is activated at boot time or not. index_return=rules list index_setup=No IPtables firewall has been setup yet on your system. Webmin can set one up for you, to be stored in the save file $1, with the initial settings based your selection of firewall type below.. index_auto0=Allow all traffic index_auto1=Do network address translation on external interface: index_auto2=Block all incoming connections on external interface: index_auto3=Block all except SSH and IDENT on external interface: index_auto4=Block all except SSH, IDENT, ping and high ports on interface: index_auto=Setup Firewall index_add=Add index_shorewall=Warning! It appears that Shorewall is being used to generate your system's firewall. Maybe you should use the Shorewall Firewall module instead. desc_p=protocol is $1 desc_p!=protocol is not $1 desc_s=source is $1 desc_s!=source is not $1 desc_d=destination is $1 desc_d!=destination is not $1 desc_i=input interface is $1 desc_i!=input interface is not $1 desc_o=output interface is $1 desc_o!=output interface is not $1 desc_f=packet is a fragment desc_f!=packet is not a fragment desc_sport=source port is $1 desc_sport!=source port is not $1 desc_dport=destination port is $1 desc_dport!=destination port is not $1 desc_sports=source ports are $1 desc_sports!=source ports are not $1 desc_dports=destination ports are $1 desc_dports!=destination ports are not $1 desc_tcp-flags=TCP flags $2 (of $1) are set desc_tcp-flags!=TCP flags $2 (of $1) are not set desc_tcp-option=packet uses TCP option $1 desc_tcp-option!=packet does not use TCP option $1 desc_icmp-type=ICMP type is $1 desc_icmp-type!=ICMP type is not $1 desc_mac=ethernet address is $1 desc_mac!=ethernet address is not $1 desc_limit=rate is less than $1 desc_limit!=rate is more than $1 desc_limit-burst=burst rate is less than $1 desc_limit-burst!=burst rate is more than $1 desc_ports=source and destination ports are $1 desc_ports!=source and destination ports are not $1 desc_uid-owner=sender is user $1 desc_uid-owner!=sender is not user $1 desc_gid-owner=sender is group $1 desc_gid-owner!=sender is not group $1 desc_pid-owner=process ID of sender is $1 desc_pid-owner!=process ID of sender is not $1 desc_sid-owner=session group of sender is $1 desc_sid-owner!=session group of sender is not $1 desc_state=state of connection is $1 desc_state!=state of connection is not $1 desc_tos=type of service field is $1 desc_tos!=type of service field is not $1 desc_conds=If $1 desc_and=and desc_always=Always redhat_escript=The Redhat IPtables startup script $1 was not found on your system. redhat_eoutput=An error occured getting IPtables status from the command $1. This probably indicates that your system has been configured to use IPchains instead of IPtables. gentoo_escript=The Gentoo IPtables startup script $1 was not found on your system. eiptables=Unknown IPtables save file line : $1 edit_title1=Add Rule edit_title2=Edit Rule edit_title3=Clone Rule edit_header1=Chain and action details edit_chain=Part of chain edit_cmt=Rule comment edit_jump=Action to take edit_jump_other=Run chain edit_header2=Condition details edit_desc=The action selected above will only be carried out if all the conditions below are met. edit_source=Source address or network edit_ignore=Ignored edit_is=Equals edit_not=Does not equal edit_dest=Destination address or network edit_in=Incoming interface edit_out=Outgoing interface edit_frag=Fragmentation edit_fragis=Is fragmented edit_fragnot=Is not fragmented edit_proto=Network protocol edit_sport=Source TCP or UDP port edit_dport=Destination TCP or UDP port edit_port0=Port(s) edit_port1=Port range $1 to $2 edit_ports=Source and destination port(s) edit_tcpflags=TCP flags set edit_flags=$2 out of
$1 edit_tcpoption=TCP option number is set edit_icmptype=ICMP packet type edit_mac=Ethernet address edit_limit=Packet flow rate edit_below=Below edit_above=Above edit_limitburst=Packet burst rate edit_uidowner=Sending unix user edit_gidowner=Sending unix group edit_pidowner=Sending process ID edit_sidowner=Sending process group edit_state=Connection states edit_state_new=New connection edit_state_established=Existing connection edit_state_related=Related to existing edit_state_invalid=Not part of any connection edit_tos=Type of service edit_rtoports=Target ports for redirect edit_prange=Port range $1 to $2 edit_mtoports=Source ports for masquerading edit_dnat=IPs and ports for DNAT edit_dnatip=IP range $1 to $2 edit_snat=IPs and ports for SNAT edit_any=Any edit_oifc=Other.. edit_clone=Clone rule edit_before=Before rule $1 edit_after=After rule $1 edit_args=Additional parameters save_err=Failed to save rule save_echain=Missing or invalid chain to run save_esource=Missing or invalid source address or network save_edest=Missing or invalid destination address or network save_ein=Missing or invalid incoming interface save_eout=Missing or invalid outgoing interface save_eproto=No protocol selected save_esport=Missing or invalid source port(s) save_esportfrom=Invalid range start for source ports save_esportto=Invalid range end for source ports save_esportrange=You must enter at least a start or end for the source port range save_etcpudp=Source and destination port conditions can only be used if the protocol is TCP or UDP save_edport=Missing or invalid destination port(s) save_edportfrom=Invalid range start for destination ports save_edportto=Invalid range end for destination ports save_edportrange=You must enter at least a start or end for the destination port range save_eports=Missing or invalid source and destination port(s) save_etcp1=The TCP flags condition can only be used if the protocol is TCP save_etcpflags=You must select at least one TCP flag from each row save_etcp2=The TCP option number condition can only be used if the protocol is TCP save_etcpoption=Missing or invalid TCP option number save_eicmp=The ICMP packet type condition can only be used if the protocol is ICMP save_emac=Missing or invalid ethernet address save_elimit=Missing or invalid packet flow rate save_elimitburst=Missing or invalid packet burst rate save_euidowner=Missing or invalid sending unix user save_egidowner=Missing or invalid sending unix group save_epidowner=Missing or invalid sending process ID save_esidowner=Missing or invalid sending process group ID save_ertoports=Missing or invalid redirect target port save_emtoports=Missing or invalid masquerade source port save_edipfrom=Missing or invalid starting IP address for DNAT save_edipto=Invalid ending IP address for DNAT save_edpfrom=Invalid starting port for DNAT save_edpto=Missing or invalid ending port for DNAT save_esipfrom=Missing or invalid starting IP address for SNAT save_esipto=Invalid ending IP address for SNAT save_espfrom=Invalid starting port for SNAT save_espto=Missing or invalid ending port for SNAT save_estates=No connection states selected delete_title=Delete Chain delete_rusure=Are you sure you want to delete the chain $1 ? $2 rules within it will be deleted. delete_ok=Delete Now clear_title=Clear Chain clear_rusure=Are you sure you want to delete all $2 rules from chain $1 ? new_err=Failed to create chain new_ename=Missing or invalid chain name new_etaken=A chain with this name already exists apply_err=Failed to apply configuration unapply_err=Failed to revert configuration log_create_rule=Added rule to chain $1 in table $2 log_modify_rule=Modified rule in chain $1 in table $2 log_delete_rule=Deleted rule in chain $1 in table $2 log_move_rule=Moved rule in chain $1 in table $2 log_delete_chain=Deleted chain $1 from table $2 log_clear_chain=Cleared chain $1 in table $2 log_create_chain=Created chain $1 in table $2 log_modify_chain=Set default action for chain $1 in table $2 log_apply=Applied configuration log_unapply=Reverted configuration log_setup=Set up firewall log_convert=Converted existing firewall log_bootup=Enabled firewall at boot time log_bootdown=Disabled firewall at boot time setup_eiface=No external network interface entered firewall/lang/it0100644000567100000120000002700107701233263013627 0ustar jcameronwheel# ../firewall/lang/it # Tradotto il 24 Dicembre 2002 alle 12.10 da Michele (M@Z) Azzolari - MILANO (ITALY) index_title=Linux Firewall index_ecommand=Il comando $1 non è stato trovato sul tuo sistema. Webmin ha bisogno di questo comando per configurare IPtables. index_ekernel=Si è verificato un errore rilevando la tua configurazione di IPtables: $1. Questo può indicare che il tuo kernel non supporta IPtables. index_header=Configurazione del Firewall da $1 index_change=Mostro IPtable: index_chain_input=Pacchetti in ingresso (INPUT) index_chain_output=Pacchetti in uscita (OUTPUT) index_chain_forward=Pacchetti inoltrati (FORWARD) index_chain_prerouting=Pacchetti prima del routing (PREROUTING) index_chain_postrouting=Pacchetti dopo il routing (POSTROUTING) index_chain=Chain $1 index_action=Azione index_desc=Condizione index_move=Muovi index_none=Non sono state definite regole per questa Catena. index_policy=Imposta l azione predefinita: index_policy_accept=Accetta index_policy_drop=Respingi index_policy_queue=Userspace index_policy_return=Esci dalla Catena index_jump_accept=Accetta index_jump_drop=Respingi index_jump_queue=Userspace index_jump_return=Esci dalla catena index_jump_masquerade=Mascheramento index_jump_redirect=Redirezione index_jump_dnat=Destinazione del NAT index_jump_snat=Sorgente del NAT index_jump_=Non fare niente index_jump=Esegui la Catena $1 index_radd=Aggiungi una regola index_cdelete=Cancella la Catena index_cclear=Cancella tutte le regole index_cadd=Aggiungi una Catena chiamata: index_apply=Applica la configurazione index_applydesc=Clicca per rendere attiva la configurazione elencata del firewall . Ogni regola del firwall attualmente in uso verrà eliminata e sostituita. index_unapply=Annulla la configurazione index_unapplydesc=Clicca per ritornare alla configurazione attualmente in uso. index_table_filter=Filtraggio dei pacchetti (filter) index_table_nat=Traslazione della destinazione di rete (nat) index_table_mangle=Alterazione del pacchetto (mangle) index_existing=Webmin ha rilevato $1 regole del firewall IPtables attualmente in uso che non sono salvate nel file $2. Queste regole sono probabilmente attivate da uno script che questo modulo non può modifificare.

Se vuoi che Webmin gestisca il firewall IPtables, clicca sul bottone per convertire le regole esistenti in un file e poi disabilita lo script. index_saveex=Salva le regole del firewall index_atboot=Abilito il firewall all accensione? index_headerex=Configurazione esistente del firewall index_bootup=Attiva all avvio index_bootupdesc=Cambia questa opzione per attivare il tuo firewall all avvio oppure no. index_return=lista delle regole index_setup=Sul tuo sistema non è ancora impostato il firewall IPtables. Webmin può impostarlo e salvarlo nel file $1 con le impostazioni iniziali del firewall che selezioni qui sotto.. index_auto0=Accetta tutto il traffico index_auto1=Esegui una traslazione dell indirizzo sull interfaccia esterna: index_auto2=Blocca tutte le connessioni in ingresso sull interfaccia esterna: index_auto=Imposta il firewall index_add=Aggiungi desc_p=il protocollo è $1 desc_p!=il protocollo non è $1 desc_s=la sorgente è $1 desc_s!=la sorgente non è $1 desc_d=la destinazione è $1 desc_d!=la destinazione non è $1 desc_i=l interfaccia di ingresso è $1 desc_i!=l interfaccia di ingresso non è $1 desc_o=l interfaccia di uscita è $1 desc_o!=l interfaccia di uscita non è $1 desc_f=il pacchetto è un frammento desc_f!=il pacchetto non è un frammento desc_sport=la porta sorgente è $1 desc_sport!=la porta sorgente non è $1 desc_dport=la porta di destinazione è $1 desc_dport!=la porta di destinazione non è $1 desc_sports=le porte sorgenti sono $1 desc_sports!=le porte sorgenti non sono $1 desc_dports=le porte di destinazione sono $1 desc_dports!=le porte di destinazione non sono $1 desc_tcp-flags=TCP flags $2 (di $1) sono impostate desc_tcp-flags!=TCP flags $2 (di $1) non sono impostate desc_tcp-option=il pacchetto usa l opzione TCP $1 desc_tcp-option!=il pacchetto non usa l opzione TCP $1 desc_icmp-type=il tipo ICMP è $1 desc_icmp-type!=il tipo ICMP non è $1 desc_mac=l indirizzo di rete è $1 desc_mac!=l indirizzo di rete non è $1 desc_limit=rate è minore di $1 desc_limit!=rate è maggiore di $1 desc_limit-burst=burst rate è minore di $1 desc_limit-burst!=burst rate è maggiore di $1 desc_ports=porte sorgenti e destinazione sono $1 desc_ports!=porte sorgenti e destinazione non sono $1 desc_uid-owner=l inviante è l utente $1 desc_uid-owner!=l inviante non è l utente $1 desc_gid-owner=l inviante è il gruppo $1 desc_gid-owner!=l inviante non è il gruppo $1 desc_pid-owner=l ID del processo dell inviante è $1 desc_pid-owner!=l ID del processo dell inviante non è$1 desc_sid-owner=session group dell inviante è $1 desc_sid-owner!=session group dell inviante non è $1 desc_state=lo stato della connessione è $1 desc_state!=lo stato della connessione non è $1 desc_tos=type of service field is $1 desc_tos!=type of service field is not $1 desc_conds=se $1 desc_and=e desc_always=Sempre redhat_escript=Lo script iniziale $1 delle IPtables di RedHat non è stato trovato sul tuo sistema. redhat_eoutput=Si è verificato un errore caricando la configurazione di IPtables eseguendo il comando $1. Questo indica che probabilmente sul tuo sistema è configurato IPchains e non IPtables. gentoo_escript=Lo script iniziale $1 delle IPtables di Gentoo non è stato trovato sul tuo sistema. eiptables=Riga sconosciuta salvata nel file di IPtables: $1 edit_title1=Aggiungi regola edit_title2=Modifica regola edit_title3=Dublica regola edit_header1=Dettagli delle catente e delle azioni edit_chain=Parte di una catena edit_cmt=Commento della regola edit_jump=Azione da intraprendere edit_jump_other=Esegui catena edit_header2=Dettagli delle condizioni edit_desc=Le azioni selezionate sopra saranno efficaci solo se tutte le condizioni sotto sono verificate. edit_source=Indirizzo di rete o classe della sorgente edit_ignore=Ignora edit_is=Uguale edit_not=Diverso edit_dest=Indirizzo di rete o classe della destinazione edit_in=Interfaccia di ingresso edit_out=Interfaccia di uscita edit_frag=Frammentazione edit_fragis=E frammentato edit_fragnot=Non è frammentato edit_proto=protocollo di rete edit_sport=Porte TCP o UDP della sorgente edit_dport=Porte TCP o UDP del destinatario edit_port0=Porta(e) edit_port1=Porte da $1 a $2 edit_ports=Porta(e) della sorgente e del destinatario edit_tcpflags=TCP flags set edit_flags=$2 out of
$1 edit_tcpoption=Il numero di opzione TCP è impostato edit_icmptype=Il tipo di pacchetto ICMP edit_mac=Indirizzo ethernet edit_limit=Packet flow rate edit_below=Sotto edit_above=Sopra edit_limitburst=Packet burst rate edit_uidowner=Sending unix user edit_gidowner=Sending unix group edit_pidowner=Sending process ID edit_sidowner=Sending process group edit_state=Stato delle connessioni edit_state_new=Nuova connessione edit_state_established=Connessione esistente edit_state_related=Relativa a connessione esistente edit_state_invalid=Parte di nessuna connessione edit_tos=Tipo del servizio edit_rtoports=Porta di destinazione per redirezione edit_prange=Port range $1 to $2 edit_mtoports=Porta sorgente per il mascheramento edit_dnat=IPs e porte per DNAT edit_dnatip=IP range $1 to $2 edit_snat=IPs e porte per SNAT edit_any=Nessuno edit_oifc=Altro.. edit_clone=Duplica regola edit_before=Prima della regola $1 edit_after=Dopo la regola $1 save_err=Fallito salvataggio della regola save_echain=Catena da eseguire invalida o mancante save_esource=Indirizzo o rete sorgente invalido o mancante save_edest=Indirizzo o rete di destinazione invalido o mancante save_ein=Interfaccia di ingresso invalida o mancante save_eout=Interfaccio di uscita invalida o mancante save_eproto=Nessun protocollo selezionato save_esport=Porta(e) sorgenti invalida o mancante save_esportfrom=L inizio del range delle porte di provenienza invalido save_esportto=La fine del range delle porte di provenienza invalido save_esportrange=Devi indicare almeno un inizio o una fine per il range delle porte di provenienza save_etcpudp=Le condizioni sulle porte di provenienza e di destinazione puo essere applicata solo se il protocollo è TCP o UDP save_edport=Porta(e) di destinazione invalida o mancante save_edportfrom=L inizio del range delle porte di destinazione invalido save_edportto=La fine del range delle porte di destinazione invalido save_edportrange=Devi indicare almeno un inizio o una fine per il range delle porte di destinazione save_eports=Porta(e) di provenienza o di destinazione invalida o mancante save_etcp1=Le condizioni sui flag TCP possono essere usati solo se il protocollo è TCP save_etcpflags=Devi selezionare almeno un flag TCP per ogni riga save_etcp2=Le condizioni sul numero di opzione TCP possono essere applicati solo se il protocollo è TCP save_etcpoption=Numero di opzione TCP invalida o mancante save_eicmp=Le condizioni sul tipo di pacchetto ICMP possono essere applicate solo se il protocollo è ICMP save_emac=Indirizzo di rete invalido o mancante save_elimit=Flow rate del pacchetto invalido o mancante save_elimitburst=Burst rate del pacchetto invalido o mancante save_euidowner=Missing or invalid sending unix user save_egidowner=Missing or invalid sending unix group save_epidowner=Missing or invalid sending process ID save_esidowner=Missing or invalid sending process group ID save_ertoports=Missing or invalid redirect target port save_emtoports=Missing or invalid masquerade source port save_edipfrom=Missing or invalid starting IP address for DNAT save_edipto=Indirizzo IP finale per il DNAT invalido save_edpfrom=Indirizzo IP iniziale per il DNAT invalido save_edpto=Porta finale per il DNAT mancante o invalido save_esipfrom=Indirizzo IP iniziale per SNAT invalido save_esipto=Indirizzo IP finale per SNAT invalido save_espfrom=Porta iniziale per SNAT invalida save_espto=Porta finale per SNAT mancante o invalida save_estates=Nessuno stato della connessione selezionato delete_title=Cancella catena delete_rusure=Sei sicuro di voler cancellare la catena $1 ? $2 regole contenute saranno cancellate delete_ok=Cancella ora clear_title=Pulisci la catena clear_rusure=Sei sicuro di voler cancellare tutte e $2 le regole della catena $1 ? new_err=Fallita la creazione della catena new_ename=Nome della catena invalida o mancante new_etaken=Esiste già una catena con lo stesso nome apply_err=Fallita l'applicazione della configurazione unapply_err=Fallito il ripristino della configurazione log_create_rule=Aggiunta la regola alla catena $1 nella tabella $2 log_modify_rule=Modificate regola nella catena $1 nella tabella $2 log_delete_rule=Cancellata la regola nella catena $1 nella tabella $2 log_move_rule=Spostata la regola nella catena $1 nella tabella $2 log_delete_chain=Cancellata la catena $1 nella tabella $2 log_clear_chain=Pulita la catena $1 nella tabella $2 log_create_chain=Creata catena $1 nella tabella $2 log_modify_chain=Impostata l azione di default per la catena $1 nella tabella $2 log_apply=Configurazione applicata log_unapply=Configurazione ripristinata log_setup=Impostato il firewall log_convert=Firewall preesistente convertito log_bootup=Abilitato il firewall all'avvio log_bootdown=Disabilitato il firewall all'avvio setup_eiface=Nessuna interfaccia di rete esterna inserita firewall/lang/es0100644000567100000120000002561707701233263013635 0ustar jcameronwheelindex_title=Firewall index_ecommand=El comando $1 no se encontro en su sistema. Allconnections necesita este comando para configurar el firewall. index_ekernel=Ocurrio un error al comprobar su configuracion de firewall actual: esto puede indicar que su kernel no tiene soporte de Firewall index_header=Configuracion de firewall para $1 index_change=Mostrando Firewall: index_chain_input=Paquetes entrantes (INPUT) index_chain_output=Paquetes salientes (OUTPUT) index_chain_forward=Paquetes redirigidos (FORWARD) index_chain_prerouting=Paquetes antes de rutado: (PREROUTING) index_chain_postrouting=Paqutes postrutados:(POSTROUTING) index_chain=Cadena $1 index_action=Acccion index_desc=Condicion index_move=Mover index_none=No hay reglas definidas para esta cadena. index_policy=Establecer accion por defecto a: index_policy_accept=Accept index_policy_drop=Drop index_policy_queue=Userspace index_policy_return=Salir de cadena index_jump_accept=Aceptar index_jump_drop=Denegar index_jump_queue=Userspace index_jump_return=Salir de cadena index_jump_masquerade=Enmascaramiento index_jump_redirect=Redireccion index_jump_dnat=NAT Destino index_jump_snat=NAT Origen index_jump_=No hacer nada index_jump=Ejecutar cadena $1 index_radd=AЯadir regla index_cdelete=Borrar cadena index_cclear=Borrar todas las reglas index_cadd=AЯadir nueva cadean llamada: index_apply=Aplicar configuracion index_applydesc=Pulsar boton para activar la configuracion de firewall listada abajo. Cualquier regla de firewall que se aplica actualmente se eliminar y sera reemplazada index_unapply=Revertir configuracion index_unapplydesc=Pulsar boton para resetear la configuracion de firewall listada abajo a la activada actualmente. index_table_filter=Filtrador de paquetes (filter) index_table_nat=Traduccion de direccion de red (nat) index_table_mangle=alteracion de paquetes (mangle) index_existing=Allconnections ha detectado $1 regla de Firewall en uso, que no ha sido salvada en el fichero $2.Estas reglas fueron probablemente establecidas desde un script, para el que este modulo no saba como leer y escribir. Si quiere utilizar este modulo para manejar su Firewall, pulse el boton de abajo para pasar las reglas existentes a un fichero, y despues deshabilite el script existente ahora. index_saveex=Salvar Reglas de Firewall index_atboot=Habilitar firewall al arrancar? index_headerex=Configuracion firewall existente index_bootup=Activar al arrancar index_bootupdesc=Cambiar esta opcion para controlar si el Firewall se activa al arrancar o no. index_return=lista de reglas index_setup=No hay un firewall establecido en su sistema. Allconnections puede establecer uno por usted, el cual se salvara en el fichero $1, con las reglas iniciales establecidas basandose en el tipo de firewall seleccionado abajo. index_auto0=Permitir todo el trafico index_auto1=Hacer traduccion de direccion de red en la interfaz externa: index_auto2=Bloquear trafico de red en la interfaz externa: index_auto=Configurar Firewall index_add=AЯadir desc_p=protocolo es $1 desc_p!=protocol no es $1 desc_s=origen es $1 desc_s!=origen no es $1 desc_d=destino es $1 desc_d!=destino no es $1 desc_i=interfaz de entrada es $1 desc_i!=interfaz de entrada no es $1 desc_o=output interface is $1 desc_o!=output interface is not $1 desc_f=el paquete es un fragmento desc_f!=el paquete no es un fragmento desc_sport=el puerto origen es $1 desc_sport!=sel puerto origen NO es $1 desc_dport=el puerto destino es $1 desc_dport!=el puerto destino NO es $1 desc_sports=los puertos origen son desc_sports!=los puertos origen NO son $1 desc_dports=los puertos destino son $1 desc_dports!=los puertos destino no son $1 desc_tcp-flags=los flags TCP $2 (de $1) estan establecidos desc_tcp-flags!=los flags TCP $2 (de $1) NO estan establecidos desc_tcp-option=el paquete utiliza la opcion TCP $1 desc_tcp-option!=el paquete NO utiliza la opcion TCP $1 desc_icmp-type=el tipo ICMP es $1 desc_icmp-type!=el tipo ICMP no es $1 desc_mac=la direccion ethernet es $1 desc_mac!=la direccion ethernet no es$1 desc_limit=el ratio es menor que $1 desc_limit!=el ratio es mayor que $1 desc_limit-burst=el ratio de trafico es menor que $1 desc_limit-burst!=el ratio de trafico es mayor que $1 desc_ports=puertos de orgien y destino son $1 desc_ports!=puertos de origen y destino distintos de $1 desc_uid-owner=emisor es el usuario $1 desc_uid-owner!=emisor no es usuario $1 desc_gid-owner=emisor es de grupo $1 desc_gid-owner!=emisor no es del grupo $1 desc_pid-owner=ID de proceso del emisor es $1 desc_pid-owner!=ID de p $1 desc_sid-owner=el grupo de sesion emisor es $1 desc_sid-owner!=el grupo de sesion emisor NO es $1 desc_state=el estado de conexion es $1 desc_state!=el estado de conexion NO es $1 desc_tos=1el campo tipo-de-serivicio es $1 desc_tos!=el campo tipo-de-servicio NO es $1 desc_conds=Si $1 desc_and=y desc_always=Siempre redhat_escript=El script de firewall $1 no se encontro en su sistem.a redhat_eoutput=Ocurrio un error al tratar de recuperar el estado del firewall con el comando $1. Esto indica que probablemente su sistema se ha configurado para utilizar un sistema ipchains en lugar de Iptables. gentoo_escript=El script de firewall $1 no se encontro en su sistema. eiptables=Fichero de firewall desconocido linea: $1 edit_title1=AЯadir regla edit_title2=Editar regla edit_title3=Clonar regla edit_header1=Detalles de cadena y accion edit_chain=Parte de la cadena edit_jump=Accion a ejecutar edit_jump_other=Ejecutar cadena edit_header2=Detalles de condicion edit_desc=La accion seleccionada abajo solo sera llevada a cabo si todas las condiciones de aqui se cumplen. edit_source=direccion o red origen edit_ignore=Cualquiera edit_is=Igual a edit_not=Distinto de edit_dest=Direccion o red de Destino edit_in=Interfaz entrante edit_out=Interfaz saliente edit_frag=Fragmentacion edit_fragis=Esta fragmentado edit_fragnot=No esta fragmentado edit_proto=Protocolo de Red edit_sport=Puerto TCP o UDP Origen edit_dport=Puerto TCP o UDP Destino edit_port0=Puerto(s) edit_port1=Rango de puertos de $1 a $2 edit_ports=Puerto(s) de origen y destino edit_tcpflags=Flags TCP establecidos edit_flags=$2 fuera de
$1 edit_tcpoption=El numero de opcion TCP esta establecido edit_icmptype=Tipo de paquete ICMP edit_mac=Direccion Ethernet edit_limit=Ratio de flujo de paquetes edit_below=Abajo edit_above=Arriba edit_limitburst=Ratio de paquetes edit_uidowner=Usuario Unix emisor edit_gidowner=Grupo Unix emisor edit_pidowner=ID de proceso emisor edit_sidowner=Grupo de proceso emisor edit_state=Estados de conexiones edit_state_new=Nueva conexion edit_state_established=Conexion existente edit_state_related=Relacionado con existente edit_state_invalid=No es parte de ninguna conexion edit_tos=Tipo de servicio edit_rtoports=Puertos destino para redireccion edit_prange=Rango de puertos de $1 a $2 edit_mtoports=Source ports for masqueradingPuertos de origen para enmascaramiento edit_dnat=IPs y puertos para DNAT edit_dnatip=Rango de IPs de $1 a $2 edit_snat=Puertos e IPs para SNAT edit_any=Cualquiera edit_oifc=Otros... edit_clone=Clonar regla edit_before=Antes de regla $1 edit_after=Despues de regla $2 save_err=Error al salvar regla save_echain=Cadena de ejecucion no valida o no establecida save_esource=Direccion o red de origen no valida o no establecida save_edest=Direccion o red no valida o no establecida save_ein=Interfaz entrante no valido o no establecido save_eout=Interfaz saliente no valido o no establecido save_eproto=No se selecciono un protocolo save_esport=Puerto(s) origen no valido(s) o no establecido(s) save_esportfrom=Rango de inicio no valido de puertos origen save_esportto=Rango no valido de puertos destino save_esportrange=Debe introducir al menos el inicio o el final del rango de puertos origen save_etcpudp=Las condiciones de puertos TCP y UDP solo puede ser utilizada si el protocolo es TCP o UDP save_edport=Puerto(s) de destino no valido(s) o no establecido(s) save_edportfrom=Inicio de rango de puerto destino no valido save_edportto=Fin de rango de puerto destino no valido save_edportrange=Debe introducir al menos un inicio y un final en el rango de puerto de destino You must enter at least a start or end for the destination port range save_eports=Puerto origen y destino no validos o no establecidos save_etcp1=La condicion de flag TCP solo puede ser utilizada si el protocolo es TCP save_etcpflags=Debe seleccionar al menor un flag TCP por cada fila save_etcp2=La condicion de paquete TCP solo puede ser utilizada si el protocolo es TCP save_etcpoption=Numero de opcion TCP no valido o no establecido save_eicmp=La condicion de paquete ICMP solo puede ser utilizada si el protocolo es ICMP save_emac=Direccion ethernet no valida o no establecida save_elimit=Ratio de flujo de paquetes no valido o no establecido save_elimitburst=Ratio de envio de paquetes no valido o no establecido save_euidowner=Usuario Unix emisor no valido o no establecido save_egidowner=Grupo emisor Unix no valido o no establecido save_epidowner=ID de proceso emisor no valido o no establecido save_esidowner=ID de grupo de proceso emisor no valido o no establecido save_ertoports=Puerto de redireccion destino no valido o no establecido save_emtoports=Puerto de origen de enmascaramiento no valido o no establecido save_edipfrom=Final de direccion IP no valida para DNAT save_edipto=Invalid ending IP address for DNAT save_edpfrom=Puerto inicial para DNAT no valido save_edpto=Puerto final de DNAT no valido o no establecido save_esipfrom=Direccion IP para SNAT no valido o no establecida. save_esipto=Final de direccion IP no valida para SNAT save_espfrom=Puerto inicial para NAT no valido save_espto=Puerto final de NAT no valido o no establecido save_estates=No se selecciono estado de conexion delete_title=Eliminar Cadena delete_rusure=© Esta seguro de que desea eliminar la cadena $1 ? las reglas $2 de la cadena seran tambien eliminadas. delete_ok=Delete Now clear_title=Limpiar cadena clear_rusure=Are you sure you want to delete all $2 rules from chain $1 ? new_err=No se pudo crear cadena new_ename=Nombre de cadena no valido o inexistente new_etaken=Ya esxite una cadena con este nombre apply_err=No se consigui aplicar la configuracion unapply_err=No se consiguio revertir la configuracion log_create_rule=AЯadida la regla en la cadena $1 en la tabla $2 log_modify_rule=Modificada la regla en la cadena $1 en la tabla $2 log_delete_rule=Eliminada la regla en la cadena $1 en la tabla $2 log_move_rule=Movida la regla en cadena $1 en la tabla $2 log_delete_chain=Borrada la cadena $1 en la tabla $2 log_clear_chain=Vaciada la cadena $1 en la tabla $2 log_create_chain=Creada la cadena $1 en la tabla $2 log_modify_chain=Establecida la accion por defecto para la cadena $1 en la tabla $2 log_apply=Configuracion aplicada log_unapply=Configuracion Revertida log_setup=Configurar Firewall log_convert=Convertido el Firewall existente log_bootup=Habilitar Firewall al arrancar log_bootdown=Deshabilitar Firewall al arrancar setup_eiface=Nose introdujo ningun interfaz de red externo firewall/lang/ru_SU0100644000567100000120000002577107701233263014264 0ustar jcameronwheelindex_title=Межсетевой экран Linux (firewall) index_ecommand=Команда $1 в вашей системе не обнаружена. Эта команда необходима Webmin для настройки IPtables. index_ekernel=При проверке текущей конфигурации IPtables произошла ошибка : $1 Это может означать, что ядро вашей системы не поддерживает IPtables. index_header=Настройка межсетевого экрана от $1 index_change=Showing IPtable: index_chain_input=Входящие пакеты (INPUT) index_chain_output=Исходящие пакеты (OUTPUT) index_chain_forward=Перенаправляемые пакеты (FORWARD) index_chain_prerouting=Пакеты перед маршрутизацией (PREROUTING) index_chain_postrouting=Пакеты после маршрутизации (POSTROUTING) index_chain=Цепочка $1 index_action=Действие index_desc=Условие index_move=Move index_none=Для этой цепочки не определено ни одно правила. index_policy=Действие по умолчанию: index_policy_accept=Принимать index_policy_drop=Отбрасывать index_policy_queue=Userspace index_policy_return=Завершить цепочку index_jump_accept=Принимать index_jump_drop=Отбрасывать index_jump_queue=Userspace index_jump_return=Завершить цепочку index_jump_masquerade=Маскировать index_jump_redirect=Перенаправлять index_jump_dnat=NAT назначения index_jump_snat=NAT источника index_jump_=Ничего не делать index_jump=Перейти к цепочке $1 index_radd=Добавить правило index_cdelete=Удалить цепочку index_cclear=Очистить все правила index_cadd=Добавить новую цепочку с именем: index_apply=Применить конфигурацию index_applydesc=Нажатие на эту кнопку приведет к вступлению в действие вышеприведенной конфигурации межсетевого экрана. Все существующие в данный момент правила будут сброшены и заменены новыми. index_unapply=Вернуть конфигурацию index_unapplydesc=Нажатие на эту кнопку приведет к сбросу вышеприведенной конфигурации к активной в данный момент. index_table_filter=Фильтрование пакетов (filter) index_table_nat=Преобразование сетевых адресов (nat) index_table_mangle=Изменение пакетов (mangle) index_existing=Webmin обнаружил, что в данный момент $1 правил межсетевого экрана IPtables используется, но не сохранено в файле $2. Вероятно, эти правила были заданы каким-либо неизвестным данному модулю образом.

Если вы хотите использовать этот модуль для управления вашим межсетевым экраном IPtables, то сохраните существующие правила, нажав кнопку ниже, а затем отключите неизвестный данному модулю способ задания правил. index_saveex=Сохранить правила межсетевого экрана index_atboot=Включать межсетевой экран при загрузке системы? index_headerex=Существующая конфигурация межсетевого экрана index_bootup=Включать при загрузке index_bootupdesc=Определяет будет ли межсетевой экран включен при загрузке системы или нет. index_return=списку правил index_setup=В данный момент межсетевой экран IPtables на вашей машине не настроен. Webmin поможет вам настроить его на основе выбранного вами типа. Конфигурация будет сохранена в файле $1. index_auto0=Разрешить весь трафик index_auto1=Преобразовывать сетевые адреса на внешнем интерфейсе: index_auto2=Блокировать все входящие соединения на внешнем интерфейсе: index_auto=Настроить межсетевой экран index_add=Добавить desc_p=протокол $1 desc_p!=протокол не $1 desc_s=источник $1 desc_s!=источник не $1 desc_d=назначение $1 desc_d!=назначение не $1 desc_i=входящий интерфейс $1 desc_i!=входящий интерфейс не $1 desc_o=исходящий интерфейс $1 desc_o!=исходящий интерфейс не $1 desc_f=пакет является фрагментом desc_f!=пакет не является фрагментом desc_sport=порт источника $1 desc_sport!=порт источника не $1 desc_dport=порт назначения $1 desc_dport!=порт назначения не $1 desc_sports=порты источника $1 desc_sports!=порты источника не $1 desc_dports=порты назначения $1 desc_dports!=порты назначения не $1 desc_tcp-flags=флаги TCP $2 (из $1) установлены desc_tcp-flags!=флаги TCP $2 (из $1) не установлены desc_tcp-option=пакет с опцией TCP $1 desc_tcp-option!=пакет без опции TCP $1 desc_icmp-type=тип ICMP $1 desc_icmp-type!=тип ICMP не $1 desc_mac=адрес ethernet $1 desc_mac!=адрес ethernet не $1 desc_limit=скорость ниже $1 desc_limit!=скорость выше $1 desc_limit-burst=пиковая скорость ниже $1 desc_limit-burst!=пиковая скорость выше $1 desc_ports=порты источника и назначения $1 desc_ports!=порты источника и назначения не $1 desc_uid-owner=отправитель - пользователь $1 desc_uid-owner!=отправитель - не пользователь $1 desc_gid-owner=отправитель - группа $1 desc_gid-owner!=отправитель - не группа $1 desc_pid-owner=ID процесса отправителя $1 desc_pid-owner!=ID процесса отправителя не $1 desc_sid-owner=группа сеанса отправителя $1 desc_sid-owner!=группа сеанса отправителя не $1 desc_state=состояние соединения $1 desc_state!=состояние соединения не $1 desc_tos=поле типа службы $1 desc_tos!=поле типа службы не $1 desc_conds=Если $1 desc_and=и desc_always=Всегда redhat_escript=Сценарий Redhat для запуска IPtables $1 в вашей системе не обнаружен. redhat_eoutput=При получении состояния IPtables с помощью команды $1 произошла ошибка. Возможно ваша система настроена на использование IPchains вместо IPtables. redhat_escript=Сценарий ASPLinux для запуска IPtables $1 в вашей системе не обнаружен. redhat_eoutput=При получении состояния IPtables с помощью команды $1 произошла ошибка. Возможно ваша система настроена на использование IPchains вместо IPtables. gentoo_escript=Сценарий Gentoo для запуска IPtables $1 в вашей системе не обнаружен. eiptables=Неизвестная строка в файле сохраненной конфигурации IPtables : $1 edit_title1=Добавление правила edit_title2=Изменение правила edit_title3=Копирование правила edit_header1=Настройка цепочки и действий edit_chain=Часть цепочки edit_cmt=Комментарий к правилу edit_jump=Действие edit_jump_other=Перейти к цепочке edit_header2=Настройка условия edit_desc=Выбранное выше действие будет выполняться только если соблюдены все нижеприведенные условия. edit_source=Адрес или сеть источника edit_ignore=Игнорируется edit_is=Равно edit_not=Не равно edit_dest=Адрес или сеть назначения edit_in=Входящий интерфейс edit_out=Исходящий интерфейс edit_frag=Фрагментация edit_fragis=Фрагментирован edit_fragnot=Не фрагментирован edit_proto=Сетевой протокол edit_sport=Порт TCP или UDP источника edit_dport=Порт TCP или UDP назначения edit_port0=Порт(ы) edit_port1=Диапазон портов от $1 до $2 edit_ports=Порт(ы) источника и назначения edit_tcpflags=Установленные флаги TCP edit_flags=$2 из
$1 edit_tcpoption=Установлена опция TCP с номером edit_icmptype=Тип пакета ICMP edit_mac=Адрес ethernet edit_limit=Скорость прохождения пакетов edit_below=Ниже edit_above=Выше edit_limitburst=Пиковая скорость пакетов edit_uidowner=Отправлено пользователем unix edit_gidowner=Отправлено группой unix edit_pidowner=Отправлено процессом с ID edit_sidowner=Отправлено группой процессов edit_state=Состояния соединения edit_state_new=Новое соединение edit_state_established=Существующее соединение edit_state_related=Связано с существующим edit_state_invalid=Не является частью соединения edit_tos=Тип службы edit_rtoports=Порты назначения для перенаправления edit_prange=Диапазон портов от $1 до $2 edit_mtoports=Порты источника для маскирования edit_dnat=Адреса IP и порты для DNAT edit_dnatip=Диапазон адресов IP от $1 до $2 edit_snat=Адреса IP и порты для SNAT edit_any=Любой edit_oifc=Другой.. edit_clone=Скопировать правило edit_before=Перед правилом $1 edit_after=После правила $1 save_err=Не удалось сохранить правило save_echain=Цепочка для перехода не указана или указана неверно save_esource=Адрес или сеть источника не указана или указана неверно save_edest=Адрес или сеть назначения не указана или указана неверно save_ein=Входящий интерфейс не указан или указан неверно save_eout=Исходящий интерфейс не указан или указан неверно save_eproto=Не выбран протокол save_esport=Порт(ы) источника не указан или указан неверно save_esportfrom=Неверное начало диапазона для портов источника save_esportto=Неверный конец диапазона для портов источника save_esportrange=Необходимо указать начало и конец диапазона портов источника save_etcpudp=Условия портов источника и назначения могут быть использованы только для протоколов TCP или UDP save_edport=Порт(ы) назначения не указан или указан неверно save_edportfrom=Неверное начало диапазона для портов назначения save_edportto=Неверный конец диапазона для портов назначения save_edportrange=Необходимо указать начало и конец диапазона портов назначения save_eports=Порты источника и назначения не указаны или указаны неверно save_etcp1=Условие флагов TCP может быть использовано только для протокола TCP save_etcpflags=Для каждого ряда необходимо выбрать хотя бы один флаг TCP save_etcp2=Условие номера опции TCP может быть использовано только с протоколом TCP save_etcpoption=Номер опции TCP не указан или указан неверно save_eicmp=Условие типа пакета ICMP может быть использовано только с протоколом ICMP save_emac=Адрес ethernet не указан или указан неверно save_elimit=Скорость прохождения пакетов не указана или указана неверно save_elimitburst=Пиковая скорость пакетов не указана или указана неверно save_euidowner=Пользователь unix не указан или указан неверно save_egidowner=Группа unix не указана или указана неверно save_epidowner=ID посылающего процесса не указан или указан неверно save_esidowner=ID группы посылающего процесса не указан или указан неверно save_ertoports=Порт назначения перенаправления не указан или указан неверно save_emtoports=Порт маскирования источника не указан или указан неверно save_edipfrom=Начальный адрес IP для DNAT не указан или указан неверно save_edipto=Конечный адрес IP для DNAT не указан или указан неверно save_edpfrom=Начальный порт для DNAT не указан или указан неверно save_edpto=Конечный порт для DNAT не указан или указан неверно save_esipfrom=Начальный адрес IP для SNAT не указан или указан неверно save_esipto=Конечный адрес IP для SNAT не указан или указан неверно save_espfrom=Начальный порт для SNAT не указан или указан неверно save_espto=Конечный порт для SNAT не указан или указан неверно save_estates=Не выбраны состояния соединения delete_title=Удаление цепочки delete_rusure=Удалить цепочку $1 ? Вместе с цепочкой будет удалено $2 правил. delete_ok=Удалить clear_title=Очистка цепочки clear_rusure=Удалить $2 правил из цепочки $1 ? new_err=Не удалось создать цепочку new_ename=Название цепочки не указано или указано неверно new_etaken=Цепочка с этим именем уже существует apply_err=Не удалось применить конфигурацию unapply_err=Не удалось вернуть конфигурацию log_create_rule=Добавлено правило в цепочку $1 таблицы $2 log_modify_rule=Изменено правило в цепочке $1 таблицы $2 log_delete_rule=Удалено правило $1 таблицы $2 log_move_rule=Перемещено правило $1 в таблице $2 log_delete_chain=Из таблицы $2 удалено цепочка $1 log_clear_chain=Очищена цепочка $1 таблицы $2 log_create_chain=В таблице $2 создана цепочка $1 log_modify_chain=Для цепочки $1 таблицы $2 задано действие по умолчанию log_apply=Конфигурация применена log_unapply=Конфигурация сброшена log_setup=Межсетевой экран настроен log_convert=Существующий межсетевой экран преобразован log_bootup=Разрешено включение межсетевого экран при загрузке log_bootdown=Запрещено включение межсетевого экран при загрузке setup_eiface=Не указан внешний сетевой интерфейс firewall/lang/ru_RU0100664000567100000120000002536507701233263014264 0ustar jcameronwheellog_delete_rule=сДЮКЕМН ОПЮБХКН $1 РЮАКХЖШ $2 desc_tcp-option=ОЮЙЕР Я НОЖХЕИ TCP $1 desc_sid-owner!=ЦПСООЮ ЯЕЮМЯЮ НРОПЮБХРЕКЪ МЕ $1 save_esidowner=ID ЦПСООШ ОНЯШКЮЧЫЕЦН ОПНЖЕЯЯЮ МЕ СЙЮГЮМ ХКХ СЙЮГЮМ МЕБЕПМН desc_pid-owner!=ID ОПНЖЕЯЯЮ НРОПЮБХРЕКЪ МЕ $1 index_existing=Webmin НАМЮПСФХК, ВРН Б ДЮММШИ ЛНЛЕМР $1 ОПЮБХК ЛЕФЯЕРЕБНЦН ЩЙПЮМЮ IPtables ХЯОНКЭГСЕРЯЪ, МН МЕ ЯНУПЮМЕМН Б ТЮИКЕ $2. бЕПНЪРМН, ЩРХ ОПЮБХКЮ АШКХ ГЮДЮМШ ЙЮЙХЛ-КХАН МЕХГБЕЯРМШЛ ДЮММНЛС ЛНДСКЧ НАПЮГНЛ.

еЯКХ БШ УНРХРЕ ХЯОНКЭГНБЮРЭ ЩРНР ЛНДСКЭ ДКЪ СОПЮБКЕМХЪ БЮЬХЛ ЛЕФЯЕРЕБШЛ ЩЙПЮМНЛ IPtables, РН ЯНУПЮМХРЕ ЯСЫЕЯРБСЧЫХЕ ОПЮБХКЮ, МЮФЮБ ЙМНОЙС МХФЕ, Ю ГЮРЕЛ НРЙКЧВХРЕ МЕХГБЕЯРМШИ ДЮММНЛС ЛНДСКЧ ЯОНЯНА ГЮДЮМХЪ ОПЮБХК. eiptables=мЕХГБЕЯРМЮЪ ЯРПНЙЮ Б ТЮИКЕ ЯНУПЮМЕММНИ ЙНМТХЦСПЮЖХХ IPtables : $1 desc_limit!=ЯЙНПНЯРЭ БШЬЕ $1 desc_gid-owner!=НРОПЮБХРЕКЭ - МЕ ЦПСООЮ $1 new_err=мЕ СДЮКНЯЭ ЯНГДЮРЭ ЖЕОНВЙС save_elimitburst=оХЙНБЮЪ ЯЙНПНЯРЭ ОЮЙЕРНБ МЕ СЙЮГЮМЮ ХКХ СЙЮГЮМЮ МЕБЕПМН edit_in=бУНДЪЫХИ ХМРЕПТЕИЯ save_edipfrom=мЮВЮКЭМШИ ЮДПЕЯ IP ДКЪ DNAT МЕ СЙЮГЮМ ХКХ СЙЮГЮМ МЕБЕПМН edit_dnat=юДПЕЯЮ IP Х ОНПРШ ДКЪ DNAT edit_dnatip=дХЮОЮГНМ ЮДПЕЯНБ IP НР $1 ДН $2 index_atboot=бЙКЧВЮРЭ ЛЕФЯЕРЕБНИ ЩЙПЮМ ОПХ ГЮЦПСГЙЕ ЯХЯРЕЛШ? edit_not=мЕ ПЮБМН edit_is=пЮБМН edit_rtoports=оНПРШ МЮГМЮВЕМХЪ ДКЪ ОЕПЕМЮОПЮБКЕМХЪ edit_frag=тПЮЦЛЕМРЮЖХЪ desc_dports=ОНПРШ МЮГМЮВЕМХЪ $1 save_euidowner=оНКЭГНБЮРЕКЭ unix МЕ СЙЮГЮМ ХКХ СЙЮГЮМ МЕБЕПМН desc_mac!=ЮДПЕЯ ethernet МЕ $1 unapply_err=мЕ СДЮКНЯЭ БЕПМСРЭ ЙНМТХЦСПЮЖХЧ save_err=мЕ СДЮКНЯЭ ЯНУПЮМХРЭ ОПЮБХКН index_jump_drop=нРАПЮЯШБЮРЭ index_chain_forward=оЕПЕМЮОПЮБКЪЕЛШЕ ОЮЙЕРШ (FORWARD) desc_tcp-flags=ТКЮЦХ TCP $2 (ХГ $1) СЯРЮМНБКЕМШ desc_gid-owner=НРОПЮБХРЕКЭ - ЦПСООЮ $1 index_jump_redirect=оЕПЕМЮОПЮБКЪРЭ index_cadd=дНАЮБХРЭ МНБСЧ ЖЕОНВЙС Я ХЛЕМЕЛ: log_move_rule=оЕПЕЛЕЫЕМН ОПЮБХКН $1 Б РЮАКХЖЕ $2 edit_oifc=дПСЦНИ.. save_edipto=йНМЕВМШИ ЮДПЕЯ IP ДКЪ DNAT МЕ СЙЮГЮМ ХКХ СЙЮГЮМ МЕБЕПМН save_eicmp=сЯКНБХЕ РХОЮ ОЮЙЕРЮ ICMP ЛНФЕР АШРЭ ХЯОНКЭГНБЮМН РНКЭЙН Я ОПНРНЙНКНЛ ICMP gentoo_escript=яЖЕМЮПХИ Gentoo ДКЪ ГЮОСЯЙЮ IPtables $1 Б БЮЬЕИ ЯХЯРЕЛЕ МЕ НАМЮПСФЕМ. save_esportrange=мЕНАУНДХЛН СЙЮГЮРЭ МЮВЮКН Х ЙНМЕЖ ДХЮОЮГНМЮ ОНПРНБ ХЯРНВМХЙЮ index_jump_masquerade=лЮЯЙХПНБЮРЭ log_modify_chain=дКЪ ЖЕОНВЙХ $1 РЮАКХЖШ $2 ГЮДЮМН ДЕИЯРБХЕ ОН СЛНКВЮМХЧ save_esipto=йНМЕВМШИ ЮДПЕЯ IP ДКЪ SNAT МЕ СЙЮГЮМ ХКХ СЙЮГЮМ МЕБЕПМН index_jump_snat=NAT ХЯРНВМХЙЮ index_cclear=нВХЯРХРЭ БЯЕ ОПЮБХКЮ desc_ports!=ОНПРШ ХЯРНВМХЙЮ Х МЮГМЮВЕМХЪ МЕ $1 save_edportfrom=мЕБЕПМНЕ МЮВЮКН ДХЮОЮГНМЮ ДКЪ ОНПРНБ МЮГМЮВЕМХЪ index_jump_return=гЮБЕПЬХРЭ ЖЕОНВЙС save_edportrange=мЕНАУНДХЛН СЙЮГЮРЭ МЮВЮКН Х ЙНМЕЖ ДХЮОЮГНМЮ ОНПРНБ МЮГМЮВЕМХЪ desc_sport!=ОНПР ХЯРНВМХЙЮ МЕ $1 save_esportfrom=мЕБЕПМНЕ МЮВЮКН ДХЮОЮГНМЮ ДКЪ ОНПРНБ ХЯРНВМХЙЮ edit_below=мХФЕ save_ertoports=оНПР МЮГМЮВЕМХЪ ОЕПЕМЮОПЮБКЕМХЪ МЕ СЙЮГЮМ ХКХ СЙЮГЮМ МЕБЕПМН index_saveex=яНУПЮМХРЭ ОПЮБХКЮ ЛЕФЯЕРЕБНЦН ЩЙПЮМЮ edit_out=хЯУНДЪЫХИ ХМРЕПТЕИЯ edit_pidowner=нРОПЮБКЕМН ОПНЖЕЯЯНЛ Я ID save_emac=юДПЕЯ ethernet МЕ СЙЮГЮМ ХКХ СЙЮГЮМ МЕБЕПМН desc_f!=ОЮЙЕР МЕ ЪБКЪЕРЯЪ ТПЮЦЛЕМРНЛ redhat_escript=яЖЕМЮПХИ ASPLinux ДКЪ ГЮОСЯЙЮ IPtables $1 Б БЮЬЕИ ЯХЯРЕЛЕ МЕ НАМЮПСФЕМ. save_edpto=йНМЕВМШИ ОНПР ДКЪ DNAT МЕ СЙЮГЮМ ХКХ СЙЮГЮМ МЕБЕПМН desc_mac=ЮДПЕЯ ethernet $1 index_bootup=бЙКЧВЮРЭ ОПХ ГЮЦПСГЙЕ edit_prange=дХЮОЮГНМ ОНПРНБ НР $1 ДН $2 clear_title=нВХЯРЙЮ ЖЕОНВЙХ index_none=дКЪ ЩРНИ ЖЕОНВЙХ МЕ НОПЕДЕКЕМН МХ НДМН ОПЮБХКЮ. desc_tcp-option!=ОЮЙЕР АЕГ НОЖХХ TCP $1 setup_eiface=мЕ СЙЮГЮМ БМЕЬМХИ ЯЕРЕБНИ ХМРЕПТЕИЯ index_table_mangle=хГЛЕМЕМХЕ ОЮЙЕРНБ (mangle) index_change=Showing IPtable: edit_flags=$2 ХГ
$1 desc_uid-owner!=НРОПЮБХРЕКЭ - МЕ ОНКЭГНБЮРЕКЭ $1 edit_icmptype=рХО ОЮЙЕРЮ ICMP index_bootupdesc=нОПЕДЕКЪЕР АСДЕР КХ ЛЕФЯЕРЕБНИ ЩЙПЮМ БЙКЧВЕМ ОПХ ГЮЦПСГЙЕ ЯХЯРЕЛШ ХКХ МЕР. index_ekernel=оПХ ОПНБЕПЙЕ РЕЙСЫЕИ ЙНМТХЦСПЮЖХХ IPtables ОПНХГНЬКЮ НЬХАЙЮ : $1 щРН ЛНФЕР НГМЮВЮРЭ, ВРН ЪДПН БЮЬЕИ ЯХЯРЕЛШ МЕ ОНДДЕПФХБЮЕР IPtables. desc_and=Х edit_port0=оНПР(Ш) desc_state!=ЯНЯРНЪМХЕ ЯНЕДХМЕМХЪ МЕ $1 edit_port1=дХЮОЮГНМ ОНПРНБ НР $1 ДН $2 edit_tos=рХО ЯКСФАШ index_apply=оПХЛЕМХРЭ ЙНМТХЦСПЮЖХЧ index_chain_postrouting=оЮЙЕРШ ОНЯКЕ ЛЮПЬПСРХГЮЖХХ (POSTROUTING) edit_mtoports=оНПРШ ХЯРНВМХЙЮ ДКЪ ЛЮЯЙХПНБЮМХЪ save_epidowner=ID ОНЯШКЮЧЫЕЦН ОПНЖЕЯЯЮ МЕ СЙЮГЮМ ХКХ СЙЮГЮМ МЕБЕПМН redhat_eoutput=оПХ ОНКСВЕМХХ ЯНЯРНЪМХЪ IPtables Я ОНЛНЫЭЧ ЙНЛЮМДШ $1 ОПНХГНЬКЮ НЬХАЙЮ. бНГЛНФМН БЮЬЮ ЯХЯРЕЛЮ МЮЯРПНЕМЮ МЮ ХЯОНКЭГНБЮМХЕ IPchains БЛЕЯРН IPtables. index_desc=сЯКНБХЕ edit_state_new=мНБНЕ ЯНЕДХМЕМХЕ index_applydesc=мЮФЮРХЕ МЮ ЩРС ЙМНОЙС ОПХБЕДЕР Й БЯРСОКЕМХЧ Б ДЕИЯРБХЕ БШЬЕОПХБЕДЕММНИ ЙНМТХЦСПЮЖХХ ЛЕФЯЕРЕБНЦН ЩЙПЮМЮ. бЯЕ ЯСЫЕЯРБСЧЫХЕ Б ДЮММШИ ЛНЛЕМР ОПЮБХКЮ АСДСР ЯАПНЬЕМШ Х ГЮЛЕМЕМШ МНБШЛХ. index_policy_queue=Userspace new_ename=мЮГБЮМХЕ ЖЕОНВЙХ МЕ СЙЮГЮМН ХКХ СЙЮГЮМН МЕБЕПМН delete_title=сДЮКЕМХЕ ЖЕОНВЙХ index_table_nat=оПЕНАПЮГНБЮМХЕ ЯЕРЕБШУ ЮДПЕЯНБ (nat) log_apply=йНМТХЦСПЮЖХЪ ОПХЛЕМЕМЮ index_policy_accept=оПХМХЛЮРЭ desc_o!=ХЯУНДЪЫХИ ХМРЕПТЕИЯ МЕ $1 index_jump=оЕПЕИРХ Й ЖЕОНВЙЕ $1 edit_after=оНЯКЕ ОПЮБХКЮ $1 desc_sports!=ОНПРШ ХЯРНВМХЙЮ МЕ $1 edit_gidowner=нРОПЮБКЕМН ЦПСООНИ unix save_edpfrom=мЮВЮКЭМШИ ОНПР ДКЪ DNAT МЕ СЙЮГЮМ ХКХ СЙЮГЮМ МЕБЕПМН desc_d=МЮГМЮВЕМХЕ $1 log_clear_chain=нВХЫЕМЮ ЖЕОНВЙЮ $1 РЮАКХЖШ $2 save_esportto=мЕБЕПМШИ ЙНМЕЖ ДХЮОЮГНМЮ ДКЪ ОНПРНБ ХЯРНВМХЙЮ desc_icmp-type!=РХО ICMP МЕ $1 desc_f=ОЮЙЕР ЪБКЪЕРЯЪ ТПЮЦЛЕМРНЛ edit_source=юДПЕЯ ХКХ ЯЕРЭ ХЯРНВМХЙЮ desc_i=БУНДЪЫХИ ХМРЕПТЕИЯ $1 index_auto=мЮЯРПНХРЭ ЛЕФЯЕРЕБНИ ЩЙПЮМ desc_always=бЯЕЦДЮ desc_o=ХЯУНДЪЫХИ ХМРЕПТЕИЯ $1 desc_p=ОПНРНЙНК $1 edit_snat=юДПЕЯЮ IP Х ОНПРШ ДКЪ SNAT log_bootdown=гЮОПЕЫЕМН БЙКЧВЕМХЕ ЛЕФЯЕРЕБНЦН ЩЙПЮМ ОПХ ГЮЦПСГЙЕ log_convert=яСЫЕЯРБСЧЫХИ ЛЕФЯЕРЕБНИ ЩЙПЮМ ОПЕНАПЮГНБЮМ desc_s=ХЯРНВМХЙ $1 desc_sid-owner=ЦПСООЮ ЯЕЮМЯЮ НРОПЮБХРЕКЪ $1 index_setup=б ДЮММШИ ЛНЛЕМР ЛЕФЯЕРЕБНИ ЩЙПЮМ IPtables МЮ БЮЬЕИ ЛЮЬХМЕ МЕ МЮЯРПНЕМ. Webmin ОНЛНФЕР БЮЛ МЮЯРПНХРЭ ЕЦН МЮ НЯМНБЕ БШАПЮММНЦН БЮЛХ РХОЮ. йНМТХЦСПЮЖХЪ АСДЕР ЯНУПЮМЕМЮ Б ТЮИКЕ $1. edit_cmt=йНЛЛЕМРЮПХИ Й ОПЮБХКС edit_state_related=яБЪГЮМН Я ЯСЫЕЯРБСЧЫХЛ desc_conds=еЯКХ $1 save_esource=юДПЕЯ ХКХ ЯЕРЭ ХЯРНВМХЙЮ МЕ СЙЮГЮМЮ ХКХ СЙЮГЮМЮ МЕБЕПМН desc_sports=ОНПРШ ХЯРНВМХЙЮ $1 edit_jump_other=оЕПЕИРХ Й ЖЕОНВЙЕ edit_limit=яЙНПНЯРЭ ОПНУНФДЕМХЪ ОЮЙЕРНБ index_chain=жЕОНВЙЮ $1 save_emtoports=оНПР ЛЮЯЙХПНБЮМХЪ ХЯРНВМХЙЮ МЕ СЙЮГЮМ ХКХ СЙЮГЮМ МЕБЕПМН log_setup=лЕФЯЕРЕБНИ ЩЙПЮМ МЮЯРПНЕМ log_modify_rule=хГЛЕМЕМН ОПЮБХКН Б ЖЕОНВЙЕ $1 РЮАКХЖШ $2 desc_p!=ОПНРНЙНК МЕ $1 index_move=Move desc_uid-owner=НРОПЮБХРЕКЭ - ОНКЭГНБЮРЕКЭ $1 apply_err=мЕ СДЮКНЯЭ ОПХЛЕМХРЭ ЙНМТХЦСПЮЖХЧ index_radd=дНАЮБХРЭ ОПЮБХКН index_ecommand=йНЛЮМДЮ $1 Б БЮЬЕИ ЯХЯРЕЛЕ МЕ НАМЮПСФЕМЮ. щРЮ ЙНЛЮМДЮ МЕНАУНДХЛЮ Webmin ДКЪ МЮЯРПНИЙХ IPtables. edit_ports=оНПР(Ш) ХЯРНВМХЙЮ Х МЮГМЮВЕМХЪ index_title=лЕФЯЕРЕБНИ ЩЙПЮМ Linux (firewall) save_egidowner=цПСООЮ unix МЕ СЙЮГЮМЮ ХКХ СЙЮГЮМЮ МЕБЕПМН edit_state=яНЯРНЪМХЪ ЯНЕДХМЕМХЪ edit_tcpoption=сЯРЮМНБКЕМЮ НОЖХЪ TCP Я МНЛЕПНЛ edit_tcpflags=сЯРЮМНБКЕММШЕ ТКЮЦХ TCP index_unapply=бЕПМСРЭ ЙНМТХЦСПЮЖХЧ index_chain_prerouting=оЮЙЕРШ ОЕПЕД ЛЮПЬПСРХГЮЖХЕИ (PREROUTING) desc_icmp-type=РХО ICMP $1 index_cdelete=сДЮКХРЭ ЖЕОНВЙС desc_i!=БУНДЪЫХИ ХМРЕПТЕИЯ МЕ $1 desc_limit=ЯЙНПНЯРЭ МХФЕ $1 save_estates=мЕ БШАПЮМШ ЯНЯРНЪМХЪ ЯНЕДХМЕМХЪ edit_above=бШЬЕ desc_dports!=ОНПРШ МЮГМЮВЕМХЪ МЕ $1 index_chain_input=бУНДЪЫХЕ ОЮЙЕРШ (INPUT) save_elimit=яЙНПНЯРЭ ОПНУНФДЕМХЪ ОЮЙЕРНБ МЕ СЙЮГЮМЮ ХКХ СЙЮГЮМЮ МЕБЕПМН index_jump_dnat=NAT МЮГМЮВЕМХЪ save_edportto=мЕБЕПМШИ ЙНМЕЖ ДХЮОЮГНМЮ ДКЪ ОНПРНБ МЮГМЮВЕМХЪ save_etcp1=сЯКНБХЕ ТКЮЦНБ TCP ЛНФЕР АШРЭ ХЯОНКЭГНБЮМН РНКЭЙН ДКЪ ОПНРНЙНКЮ TCP edit_chain=вЮЯРЭ ЖЕОНВЙХ save_etcp2=сЯКНБХЕ МНЛЕПЮ НОЖХХ TCP ЛНФЕР АШРЭ ХЯОНКЭГНБЮМН РНКЭЙН Я ОПНРНЙНКНЛ TCP save_etcpudp=сЯКНБХЪ ОНПРНБ ХЯРНВМХЙЮ Х МЮГМЮВЕМХЪ ЛНЦСР АШРЭ ХЯОНКЭГНБЮМШ РНКЭЙН ДКЪ ОПНРНЙНКНБ TCP ХКХ UDP index_policy_return=гЮБЕПЬХРЭ ЖЕОНВЙС log_bootup=пЮГПЕЬЕМН БЙКЧВЕМХЕ ЛЕФЯЕРЕБНЦН ЩЙПЮМ ОПХ ГЮЦПСГЙЕ desc_ports=ОНПРШ ХЯРНВМХЙЮ Х МЮГМЮВЕМХЪ $1 index_chain_output=хЯУНДЪЫХЕ ОЮЙЕРШ (OUTPUT) desc_state=ЯНЯРНЪМХЕ ЯНЕДХМЕМХЪ $1 log_create_chain=б РЮАКХЖЕ $2 ЯНГДЮМЮ ЖЕОНВЙЮ $1 desc_tcp-flags!=ТКЮЦХ TCP $2 (ХГ $1) МЕ СЯРЮМНБКЕМШ edit_dport=оНПР TCP ХКХ UDP МЮГМЮВЕМХЪ edit_mac=юДПЕЯ ethernet desc_dport!=ОНПР МЮГМЮВЕМХЪ МЕ $1 edit_title1=дНАЮБКЕМХЕ ОПЮБХКЮ edit_title2=хГЛЕМЕМХЕ ОПЮБХКЮ save_espto=йНМЕВМШИ ОНПР ДКЪ SNAT МЕ СЙЮГЮМ ХКХ СЙЮГЮМ МЕБЕПМН edit_title3=йНОХПНБЮМХЕ ОПЮБХКЮ edit_proto=яЕРЕБНИ ОПНРНЙНК save_eports=оНПРШ ХЯРНВМХЙЮ Х МЮГМЮВЕМХЪ МЕ СЙЮГЮМШ ХКХ СЙЮГЮМШ МЕБЕПМН index_return=ЯОХЯЙС ОПЮБХК desc_limit-burst!=ОХЙНБЮЪ ЯЙНПНЯРЭ БШЬЕ $1 log_unapply=йНМТХЦСПЮЖХЪ ЯАПНЬЕМЮ save_eout=хЯУНДЪЫХИ ХМРЕПТЕИЯ МЕ СЙЮГЮМ ХКХ СЙЮГЮМ МЕБЕПМН edit_limitburst=оХЙНБЮЪ ЯЙНПНЯРЭ ОЮЙЕРНБ desc_limit-burst=ОХЙНБЮЪ ЯЙНПНЯРЭ МХФЕ $1 edit_sport=оНПР TCP ХКХ UDP ХЯРНВМХЙЮ edit_state_established=яСЫЕЯРБСЧЫЕЕ ЯНЕДХМЕМХЕ save_etcpflags=дКЪ ЙЮФДНЦН ПЪДЮ МЕНАУНДХЛН БШАПЮРЭ УНРЪ АШ НДХМ ТКЮЦ TCP index_table_filter=тХКЭРПНБЮМХЕ ОЮЙЕРНБ (filter) edit_clone=яЙНОХПНБЮРЭ ОПЮБХКН edit_ignore=хЦМНПХПСЕРЯЪ save_esipfrom=мЮВЮКЭМШИ ЮДПЕЯ IP ДКЪ SNAT МЕ СЙЮГЮМ ХКХ СЙЮГЮМ МЕБЕПМН save_echain=жЕОНВЙЮ ДКЪ ОЕПЕУНДЮ МЕ СЙЮГЮМЮ ХКХ СЙЮГЮМЮ МЕБЕПМН desc_dport=ОНПР МЮГМЮВЕМХЪ $1 index_headerex=яСЫЕЯРБСЧЫЮЪ ЙНМТХЦСПЮЖХЪ ЛЕФЯЕРЕБНЦН ЩЙПЮМЮ log_create_rule=дНАЮБКЕМН ОПЮБХКН Б ЖЕОНВЙС $1 РЮАКХЖШ $2 edit_sidowner=нРОПЮБКЕМН ЦПСООНИ ОПНЖЕЯЯНБ save_edport=оНПР(Ш) МЮГМЮВЕМХЪ МЕ СЙЮГЮМ ХКХ СЙЮГЮМ МЕБЕПМН edit_before=оЕПЕД ОПЮБХКНЛ $1 save_eproto=мЕ БШАПЮМ ОПНРНЙНК save_ein=бУНДЪЫХИ ХМРЕПТЕИЯ МЕ СЙЮГЮМ ХКХ СЙЮГЮМ МЕБЕПМН desc_sport=ОНПР ХЯРНВМХЙЮ $1 edit_header1=мЮЯРПНИЙЮ ЖЕОНВЙХ Х ДЕИЯРБХИ index_auto0=пЮГПЕЬХРЭ БЕЯЭ РПЮТХЙ edit_header2=мЮЯРПНИЙЮ СЯКНБХЪ log_delete_chain=хГ РЮАКХЖШ $2 СДЮКЕМН ЖЕОНВЙЮ $1 index_auto1=оПЕНАПЮГНБШБЮРЭ ЯЕРЕБШЕ ЮДПЕЯЮ МЮ БМЕЬМЕЛ ХМРЕПТЕИЯЕ: edit_desc=бШАПЮММНЕ БШЬЕ ДЕИЯРБХЕ АСДЕР БШОНКМЪРЭЯЪ РНКЭЙН ЕЯКХ ЯНАКЧДЕМШ БЯЕ МХФЕОПХБЕДЕММШЕ СЯКНБХЪ. edit_state_invalid=мЕ ЪБКЪЕРЯЪ ВЮЯРЭЧ ЯНЕДХМЕМХЪ index_auto2=аКНЙХПНБЮРЭ БЯЕ БУНДЪЫХЕ ЯНЕДХМЕМХЪ МЮ БМЕЬМЕЛ ХМРЕПТЕИЯЕ: save_edest=юДПЕЯ ХКХ ЯЕРЭ МЮГМЮВЕМХЪ МЕ СЙЮГЮМЮ ХКХ СЙЮГЮМЮ МЕБЕПМН index_action=дЕИЯРБХЕ desc_tos=ОНКЕ РХОЮ ЯКСФАШ $1 edit_fragnot=мЕ ТПЮЦЛЕМРХПНБЮМ save_esport=оНПР(Ш) ХЯРНВМХЙЮ МЕ СЙЮГЮМ ХКХ СЙЮГЮМ МЕБЕПМН edit_fragis=тПЮЦЛЕМРХПНБЮМ new_etaken=жЕОНВЙЮ Я ЩРХЛ ХЛЕМЕЛ СФЕ ЯСЫЕЯРБСЕР edit_uidowner=нРОПЮБКЕМН ОНКЭГНБЮРЕКЕЛ unix edit_any=кЧАНИ index_jump_=мХВЕЦН МЕ ДЕКЮРЭ edit_jump=дЕИЯРБХЕ delete_rusure=сДЮКХРЭ ЖЕОНВЙС $1 ? бЛЕЯРЕ Я ЖЕОНВЙНИ АСДЕР СДЮКЕМН $2 ОПЮБХК. desc_pid-owner=ID ОПНЖЕЯЯЮ НРОПЮБХРЕКЪ $1 index_header=мЮЯРПНИЙЮ ЛЕФЯЕРЕБНЦН ЩЙПЮМЮ НР $1 index_policy=дЕИЯРБХЕ ОН СЛНКВЮМХЧ: index_jump_accept=оПХМХЛЮРЭ index_policy_drop=нРАПЮЯШБЮРЭ edit_dest=юДПЕЯ ХКХ ЯЕРЭ МЮГМЮВЕМХЪ save_espfrom=мЮВЮКЭМШИ ОНПР ДКЪ SNAT МЕ СЙЮГЮМ ХКХ СЙЮГЮМ МЕБЕПМН index_unapplydesc=мЮФЮРХЕ МЮ ЩРС ЙМНОЙС ОПХБЕДЕР Й ЯАПНЯС БШЬЕОПХБЕДЕММНИ ЙНМТХЦСПЮЖХХ Й ЮЙРХБМНИ Б ДЮММШИ ЛНЛЕМР. delete_ok=сДЮКХРЭ save_etcpoption=мНЛЕП НОЖХХ TCP МЕ СЙЮГЮМ ХКХ СЙЮГЮМ МЕБЕПМН index_add=дНАЮБХРЭ clear_rusure=сДЮКХРЭ $2 ОПЮБХК ХГ ЖЕОНВЙХ $1 ? desc_s!=ХЯРНВМХЙ МЕ $1 desc_tos!=ОНКЕ РХОЮ ЯКСФАШ МЕ $1 desc_d!=МЮГМЮВЕМХЕ МЕ $1 index_jump_queue=Userspace firewall/lang/ca0100644000567100000120000002672007701233263013605 0ustar jcameronwheelindex_title=Tallafocs Linux index_ecommand=No s'ha trobat al sistema l'ordre $1. Webmin necessita aquesta ordre per configurar IPtables. index_ekernel=S'ha produОt un error en comprovar la configuraciС actual d'IPtables: $1 AixР pot indicar que el kernel no suporta IPtables. index_header=ConfiguraciС del tallafocs de $1 index_change=Mostrant IPtable: index_chain_input=Paquets d'entrada (INPUT) index_chain_output=Paquets de sortida (OUTPUT) index_chain_forward=Paquets reenviats (FORWARD) index_chain_prerouting=Paquets abans de l'encaminament (PREROUTING) index_chain_postrouting=Paquets desprИs de l'encaminament (POSTROUTING) index_chain=Cadena $1 index_action=AcciС index_desc=CondiciС index_comm=Comentari index_no_comment= index_move=DesplaГa index_none=No hi ha cap regla definida per a aquesta cadena. index_policy=Estableix l'acciС per defecte a: index_policy_accept=Accepta index_policy_drop=Destrueix index_policy_queue=Espai d'usuari index_policy_return=a la Cadena de sortida index_jump_accept=Accepta index_jump_drop=Destrueix index_jump_queue=Userspace index_jump_return=a la Cadena de sortida index_jump_masquerade=Mascarada index_jump_redirect=Redirecciona index_jump_dnat=DestinaciС NAT index_jump_snat=Font NAT index_jump_=No facis res index_jump=Executa la cadena $1 index_radd=Afegeix regla index_cdelete=Suprimeix la cadena index_cclear=Buida totes les regles index_cadd=Afegeix una nova cadena anomenada: index_apply=Aplica la ConfiguraciС index_applydesc=Fes clic sobre aquest botС per fer que la configuraciС del tallafocs llistada a sobre sigui activa. Totes les regles que estiguin actualment en efecte seran descartades i reemplaГades. index_unapply=Reverteix la ConfiguraciС index_unapplydesc=Fes clic sobre aquest botС per reiniciar la configuraciС llistada a sobre amb els valors de la que estЮ actualment activa. index_table_filter=Filtratge de paquets (filter) index_table_nat=TraducciС d'adreces de xarxa (nat) index_table_mangle=AlteraciС de paquets (mangle) index_existing=Webmin ha detectat $1 regles de tallafocs IPtables actualment en Зs, que no seran enregistrades al fitxer $2. Segurament, aquestes regles van ser configurades des d'un script, que aquest mРdul no sap llegir ni editar.

Si vols utilitzar aquest mРdul per gestionar el tallafocs IPtables, fes clic sobre el botС de sota per convertir les regles existents a un fitxer, i desactivar llavors el teu script del tallafocs. index_saveex=Desa les Regles del Tallafocs index_atboot=Activa el tallafocs en engegar el sistema index_headerex=ConfiguraciС existent del tallafocs index_bootup=Activa'l en engegar index_bootupdesc=Canvia aquesta opciС per controlar si el tallafocs s'ha d'activar en engegar el sistema o no. index_return=a la llista de regles index_setup=Encara no s'ha configurat cap tallafocs IPtables al sistema. Webmin te'n pot configurar un i desar-lo al fitxer $1, amb uns valors inicials basats en el tipus de tallafocs seleccionat mИs avall... index_auto0=Permet tot el trЮnsit index_auto1=Executa traducciС d'adreces de xarxa sobre la interfМcie externa: index_auto2=Bloqueja totes les connexions d'entrada sobre la interfМcie externa: index_auto=Configura el Tallafocs index_add=Afegeix index_shorewall=AtenciС! Sembla que s'estЮ utilitzant Shorewall per generar el tallafocs del sistema. Pot ser que hagis d'utilitzar el mРdul de Tallafocs Shorewall en lloc d'aquest. desc_p=el protocol Иs $1 desc_p!=el protocol no Иs $1 desc_s=l'origen Иs $1 desc_s!=l'origen no Иs $1 desc_d=la destinaciС Иs $1 desc_d!=la destinaciС Иs $1 desc_i=la interfМcie d'entrada Иs $1 desc_i!=la interfМcie d'entrada no Иs $1 desc_o=la interfМcie de sortida Иs $1 desc_o!=la interfМcie de sortida no Иs $1 desc_f=el paquet Иs un fragment desc_f!=el paquet no Иs un fragment desc_sport=el port origen Иs $1 desc_sport!=el port origen no Иs $1 desc_dport=el port de destinaciС Иs $1 desc_dport!=el port de destinaciС no Иs $1 desc_sports=els ports fon sСn $1 desc_sports!=els ports font no sСn $1 desc_dports=els ports destМ sСn $1 desc_dports!=els ports destМ no sСn $1 desc_tcp-flags=Les banderes TCP $2 (de $1) estan establertes desc_tcp-flags!=Les banderes TCP $2 (de $1) no estan establertes desc_tcp-option=el paquet utilitza l'opciС TCP $1 desc_tcp-option!=el paquet no utilitza l'opciС TCP $1 desc_icmp-type=el tipus ICMP Иs $1 desc_icmp-type!=el tipus ICMP no Иs $1 desc_mac=l'adreГa ethernet Иs $1 desc_mac!=l'adreГa ethernet no Иs $1 desc_limit=el ritme Иs menor que $1 desc_limit!=el ritme Иs major que $1 desc_limit-burst=el ritme inicial Иs menor que $1 desc_limit-burst!=el ritme inicial Иs major que $1 desc_ports=els ports origen i destinaciС sСn $1 desc_ports!=els ports origen i destinaciС no sСn $1 desc_uid-owner=el remitent Иs l'usuari $1 desc_uid-owner!=el remitent no Иs l'usuari $1 desc_gid-owner=el remitent Иs el grup $1 desc_gid-owner!=el remitent no Иs el grup $1 desc_pid-owner=l'ID del procИs del remitent Иs $1 desc_pid-owner!=l'ID del procИs del remitent no Иs $1 desc_sid-owner=el grup de sessiС el remitent Иs $1 desc_sid-owner!=el grup de sessiС del remitent no Иs $1 desc_state=l'estat de la connexiС Иs $1 desc_state!=l'estat de la connexiС no Иs $1 desc_tos=el camp del tipus de servei Иs $1 desc_tos!=el camp del tipus de servei no Иs $1 desc_conds=Si $1 desc_and=i desc_always=Sempre redhat_escript=No s'ha trobat al sistema el script d'inici d'IPTables de Redhat. redhat_eoutput=S'ha produОt un eror en buscar l'estat d'IPtables amb l'ordre $1. AixР probablement indica que el sistema estЮ configurat per utilitzar IPchains en lloc d'IPtables. gentoo_escript=No s'ha trobat al sistema el script $1 d'inici d'IPtables Gentoo. eiptables=LМnia del fitxer d'IPtables desconeguda: $1 edit_title1=AddiciС de Regla edit_title2=EdiciС de Regla edit_title3=ClonaciС de Regla edit_header1=Detalls de la cadena i l'acciС edit_chain=Part de la cadena edit_cmt=Comentari de la regla edit_jump=AcciС a prendre edit_jump_other=Executa la cadena edit_header2=Detalls de la condiciС edit_desc=L'acciС seleccionada mИs amunt es durЮ a terme nomИs si es compleixen totes les condicions. edit_source=AdreГa o xarxa origen edit_ignore=Ignorada edit_is=Igual que edit_not=Diferent de edit_dest=AdreГa o xarxa de destinaciС edit_in=InterfМcie d'entrada edit_out=InterfМcie de sortida edit_frag=FragmentaciС edit_fragis=EstЮ fragmentat edit_fragnot=No estЮ fragmentat edit_proto=Protocol de xarxa edit_sport=Port origen TCP o UDP edit_dport=Port destМ TCP o UDP edit_port0=Port(s) edit_port1=Rang del port $1 a $2 edit_ports=Port(s) d'origen i destinaciС edit_tcpflags=Banderes TCP establertes edit_flags=$2 de
$1 edit_tcpoption=El nЗmero d'opciС TCP estЮ establert edit_icmptype=Tipus de paquet ICMP edit_mac=AdreГa Ethernet edit_limit=Ritme de flux dels paquets edit_below=Per sota de edit_above=Per sobre de edit_limitburst=Ritme inicial de flux dels paquets edit_uidowner=Usuari unix remitent edit_gidowner=Grup unix remitent edit_pidowner=ID del proces remitent edit_sidowner=Grup del procИs remitent edit_state=Estats de connexiС edit_state_new=ConnexiС nova edit_state_established=ConnexiС existent edit_state_related=Relacionada amb l'existent edit_state_invalid=No Иs part de cap connexiС edit_tos=Tipus de servei edit_rtoports=Ports objectiu per a redireccionar edit_prange=Rang del port $1 a $2 edit_mtoports=Ports origen per a la mascarada edit_dnat=IPs i ports de DNAT edit_dnatip=Rang IP $1 a $2 edit_snat=Ports i IPs de SNAT edit_any=Qualsevol edit_oifc=Altres edit_clone=Clona la regla edit_before=Abans de la regla $1 edit_after=DesprИs de la regla $1 edit_args=ParЮmetres addicionals save_err=No he pogut desar la regla save_echain=Hi falta la cadena a executar o bИ Иs invЮlida save_esource=Hi falta l'adreГa o xarxa origen o bИ Иs invЮlida save_edest=Hi falta la xarxa o adreГa de destinaciС o bИ Иs invЮlida save_ein=Hi falta la interfМcie d'entrada o bИ Иs invЮlida save_eout=Hi falta la interfМcie de sortida o bИ Иs invЮlida save_eproto=No hi ha cap protocol seleccionat save_esport=Hi falten els ports d║origen o bИ sСn invЮlids save_esportfrom=Rang inicial dels ports origen invЮlid save_esportto=Rang final dels ports origen invЮlid save_esportrange=Has d'introduir almenys un rang inicial o final per als ports d'origen save_etcpudp=Les condicions dels ports origen i destinaciС nomИs es poden utilitzar si el protocol Иs TCP o UDP save_edport=Hi falten els ports de destinaciС o bИ sСn invЮlids save_edportfrom=Rang inicial dels ports de destinaciС invЮlid save_edportto=Rang final dels ports de destinaciС invЮlid save_edportrange=Has d'introduir almenys un rang inicial o final per als ports de destinaciС save_eports=Hi falten els ports origen i destinaciС o bИ sСn invЮlids save_etcp1=La condiciС de banderes TCP nomИs es pot utilitzar si el protocol Иs TCP save_etcpflags=Has de seleccionar almenys una bandera TCP de cada fila save_etcp2=La condiciС de nЗmero d'opciС TCP nomИs es pot utilitzar si el protocol Иs TCP save_etcpoption=Hi falta el nЗmero d'opciС TCP save_eicmp=La condiciС de tipus de paquet ICMP nomИs es pot utilitzar si el protocolИs ICMP save_emac=Hi falta l'adreГa Ethernet o bИ Иs invЮlida save_elimit=Hi falta el ritme de flux dels paquets o bИ Иs invЮlid save_elimitburst=Hi falta el ritme inicial de flux dels paquets o bИ Иs invЮlid save_euidowner=Hi falta l'usuari unix remitent o bИ Иs invЮlid save_egidowner=Hi falta el grup unix remitent o bИ Иs invЮlid save_epidowner=Hi falta l'ID del procИs remitent o bИ Иs invЮlid save_esidowner=Hi falta l'ID de grup del procИs remitent o bИ Иs invЮlid save_ertoports=Hi falten els ports objectius per a redireccionar o bИ sСn invЮlids save_emtoports=Hi falten els ports origen per a la mascarada o bИ sСn invЮlids save_edipfrom=Hi falten les adreces IP inicials per a DNAT o bИ sСn invЮlides save_edipto=Hi falten les adreces IP finals per a DNAT o bИ sСn invЮlides save_edpfrom=Port inicial per a DNAT invЮlid save_edpto=Hi falta el port final per a DNAT o bИ Иs Иs invЮlid save_esipfrom=Hi falta l'adreГa IP inicial de SNAT o bИ Иs invЮlida save_esipto=Hi falta l'adreГa IP final de SNAT o bИ Иs invЮlida save_espfrom=Port inicial de SNAT invЮlid save_espto=Hi falta el port final de SNAT o bИ Иs invЮlid save_estates=No has seleccionat cap estat de connexiС delete_title=SupressiС de Cadena delete_rusure=Segur que vols suprimir la cadena $1? Se'n suprimiran les $2 regles que contИ. delete_ok=Suprimeix-ho ara clear_title=Buidatge de Cadena clear_rusure=Segur que vols suprimir totes les $2 regles de la cadena $1? new_err=No he pogut crear la cadena new_ename=Hi falta el nom de la cadena o bИ Иs invЮlid new_etaken=Ja existeix una cadena amb aquest nom apply_err=No he pogut aplicar la configuraciС unapply_err=No he pogut restaurar la configuraciС log_create_rule=He afegit la regla a la cadena $1 de la taula $2 log_modify_rule=He modificat la regla de la cadena $1 a la taula $2 log_delete_rule=He suprimit la regla de la cadena $1 a la taula $2 log_move_rule=He desplaГat la regla de la cadena $1 de la taula $2 log_delete_chain=He suprimit la cadena $1 de la taula $2 log_clear_chain=He esborrat la cadena $1 de la taula $2 log_create_chain=He creat la cadena $1 a la taula $2 log_modify_chain=He establert l'acciС per defecte de la cadena $1 a la taula $2 log_apply=He aplicat la configuraciС log_unapply=He restaurat configuraciС log_setup=He configurat el tallafocs log_convert=He convertit el tallafocs existent log_bootup=He activat el tallafocs en engegar log_bootdown=He desactivat el tallafocs en engegar setup_eiface=No has introduОt cap interfМcie extern de xarxa firewall/unapply.cgi0100775000567100000120000000077707701233263014543 0ustar jcameronwheel#!/usr/local/bin/perl # unapply.cgi # Revert the firewall configuration from the kernel settings require './firewall-lib.pl'; &ReadParse(); &error_setup($text{'apply_err'}); if (defined(&unapply_iptables)) { # Call distro's unapply command $err = &unapply_iptables(); } else { # Manually run iptables-save $out = &backquote_logged("iptables-save >$iptables_save_file 2>&1"); $err = "

$out
" if ($?); } &error($err) if ($err); &webmin_log("unapply"); &redirect("index.cgi?table=$in{'table'}"); firewall/redhat-linux-lib.pl0100664000567100000120000000271507701233263016063 0ustar jcameronwheel# redhat-linux-lib.pl # Deal with redhat's /etc/sysconfig/iptables save file and startup script # check_iptables() # Returns an error message if something is wrong with iptables on this system sub check_iptables { if (!-r "/etc/rc.d/init.d/iptables") { return &text('redhat_escript', "/etc/rc.d/init.d/iptables"); } local $out = `/etc/rc.d/init.d/iptables status 2>&1`; if ($out !~ /table:|INPUT|FORWARD|OUTPUT/) { return &text('redhat_eoutput', "/etc/init.d/iptables status"); } return undef; } $iptables_save_file = "/etc/sysconfig/iptables"; # apply_iptables() # Applies the current iptables configuration from the save file sub apply_iptables { local $out = &backquote_logged("cd / ; /etc/rc.d/init.d/iptables restart 2>&1"); $out =~ s/\033[^m]+m//g; return $? || $out =~ /FAILED/ ? "
$out
" : undef; } # unapply_iptables() # Writes the current iptables configuration to the save file sub unapply_iptables { $out = &backquote_logged("cd / ; /etc/rc.d/init.d/iptables save 2>&1 $out" : undef; } # started_at_boot() sub started_at_boot { &foreign_require("init", "init-lib.pl"); return &init::action_status("iptables") == 2; } sub enable_at_boot { &foreign_require("init", "init-lib.pl"); &init::enable_at_boot("iptables"); # Assumes init script exists } sub disable_at_boot { &foreign_require("init", "init-lib.pl"); &init::disable_at_boot("iptables"); } 1; firewall/help/0040775000567100000120000000000007701233263013304 5ustar jcameronwheelfirewall/help/intro.ca.html0100644000567100000120000000725007701233263015706 0ustar jcameronwheel
Tallafocs Linux

IntroducciС al mРdul

Aquest mРdul permet configurar les caracterМstiques del tallafocs IPtables que es troba a la sХrie de kernels Linux 2.4. ContrЮriament a altres programes de configuraciС de tallafocs, en lloc de crear un script shell que configura el tallafocs, llegeix i edita un fitxer en el format llegit i escrit per iptables-restore i iptables-save, respectivament.

Si ja tens al sistema un tallafocs que s'ha configurat manualment o des d'un fitxer de script, el mРdul t'oferirЮ de convertir-lo per tu a un fitxer IPtables, i crearЮ un script per executar-se en engegar el sistema que activarЮ les regles del fitxer. No obstant, si fas aixР no has des seguir editant el teu script de regles del tallafocs i l'hauries de desactivar i tambИ evitar que s'executi en engegar.

Resum d'IPtables

Cada paquet de xarxa que entra, surt o Иs reenviat pel sistema, es comprova contra una o mИs cadenes per determinar quХ li passarЮ. Cada cadena contИ zero o mИs regles, cadascuna de les quals tИ una condiciС (per determinar quins paquets la compleixen) i una acciС (per controlar quХ passa amb els paquets coincidents). Cada cadena tИ una acciС per defecte que controla quХ passa amb el paquet que no compleix cap regla.

Cada cadena Иs part d'una taula, de les quals n'hi ha actualment tres:

  • Filtratge de Paquets (filter)
    Les cadenes d'aquesta taula es poden emprar per controlar les dades que entren al sistema des d'altres hosts de la xarxa, les dades que surten del sistema per part dels usuaris i processos, i les dades reenviades per sistema si estЮ actuant com a router.

  • TraducciС d'Adreces de Xarxa (nat)
    Aquesta taula es pot emprar per establir una NAT o una mascarada, cosa Зtil si vols donar accИs a Internet a tota una xarxa de mЮquines a travИs d'una sola adreГa IP real.

  • AlteraciС de Paquets (mangle)
    Aquesta cadena Иs per a modificar paquets enviats o reenviats des del teu sistema.

A mИs a mИs de les cadenes estЮndard que sСn part de cada taula, tambИ pots crear les teves prРpies cadenes que poden ser executades per regles de les cadenes ja integrades. AixР pot ser Зtil per agrupar i compartir regles que es poden fer servir a llocs diferents.

La pЮgina principal

La pЮgina principal d'aquest mРdul llista totes les cadenes i regles d'una de les taules disponibles, seleccionades de la llista de la part superior esquerra. A sota hi ha una selecciС per a cada cadena de la taula actual, amb totes les regles de cada cadena llistades i les seves condicions descrites tant bИ com el mРdul n'Иs capaГ. Per a cada cadena, pots canviar l'acciС per defecte utilitzant la llista desplegable si la cadena Иs una de les ja integrades a la taula, o bИ suprimir-la amb el botС Suprimeix la cadena si estЮ definida per l'usuari.

Pots fer clic sobre qualsevol regla d'una cadena per editar-la, fer clic sobre les fletxes de l'esquerra per desplaГar-les amunt i avall, o fer clic sobre el botС Afegeix Regla per afegir-ne una de nova. Afegir o editar una regla et durЮ a una pЮgina on pots seleccionar l'acciС per a cada regla, i les condicions per les quals s'executa l'acciС.

Al peu de la pЮgina, hi ha un botС per fer activa la configuraciС actual del tallafocs, recarregant-la en el kernel amb l'ordre iptables-restore. A sota, hi ha un botС per fer just el contrari - prendre la configuraciС que hi ha actualment al kernel i posar-la a disposiciС de l'editor. Finalment, si la distribuciС ho suporta, hi ha un botС per canviar si el tallafocs s'activa en engegar el sistema o no.

firewall/help/intro.html0100664000567100000120000000700307701233263015322 0ustar jcameronwheel
Linux Firewall

Module introduction

This module allows you to configure the IPtables firewall features found in the 2.4 series of Linux kernels. Unlike some other firewall configuration programs, instead of creating a shell script that sets up the firewall, it reads and edits a save file in the format read and written by iptables-restore and iptables-save respectively.

If you already have a firewall on your system that has been setup manually or from a script file, the module will offer to convert it to an IPtables save file for you, and create a script to be run at boot time to activate the rules in the file. However, if you do this then you should no longer edit your firewall rules script and should disable it from running at boot time as well.

IPtables overview

Every network packet that comes into, goes out from or is forwarded by your system is checked against one or more chains to determine what will happen to it. Each chain contains zero or more rules, each of which has a condition (to determine which packets it matches) and an action (to control what happens to those matching packets). Each chain also has a default action that controls what happens to packets that do not match any rule.

Each chain is part of a table, of which there are currently three :

  • Packet filtering (filter)
    The chains in this table can be used to control data coming into your system from other hosts on the network, data sent out from your system by users and processes, and data forwarded by your system if it is acting as a router.

  • Network address translation (nat)
    This table can be used for setting up NAT or masquerading, which is useful if you want to give an entire network of machines access to the internet through only one real IP address.

  • Packet alteration (mangle)
    This chain is for modifying packets forwarded by or sent out from your system.

In addition to the standard chains that are part of each table, you can also create your own chains that can be run by rules in the build-in chains. This can be useful for grouping and sharing rules that might be used in multiple places.

The main page

The main page of this module lists all the chains and rules from one of the available tables, selected from the list in the top-left. Below is a section for each chain in the current table, with all rules in each chain listed and their conditions described to the best of the module's ability. For each chain, you can change the default action using the drop-down list if the chain is one of the build-in ones for the table, or delete it with the Delete chain button if it is user-defined.

You can click on any rule in a chain to edit it, click on the arrows on the right of each row to move it up or down, or click on the Add rule button to add a new one. Adding or editing a rule will take you to a page on which you can select the action for each rule, and the conditions for which the action is executed.

At the bottom of the page is a button for making the current firewall configuration active, by loading it into the kernel with the iptables-restore command. Below it is a button for doing the reverse - taking the configuration that is currently in the kernel and making it available for editing. Finally, if your distribution supports it, there is a button to change whether the firewall is activated at boot time or not.

firewall/index.cgi0100775000567100000120000002363607701233263014161 0ustar jcameronwheel#!/usr/local/bin/perl # index.cgi # Display current iptables firewall configuration from save file require './firewall-lib.pl'; &ReadParse(); &header($text{'index_title'}, undef, "intro", 1, 1, 0, &help_search_link("iptables", "man", "doc")); print "
\n"; # Check for iptables and iptables-restore commands foreach $c ("iptables", "iptables-restore", "iptables-save") { if (!&has_command($c)) { print "

",&text('index_ecommand', "$c"),"

\n"; print "

\n"; &footer("/", $text{'index'}); exit; } } # Check if the kernel supports iptables $out = `iptables -n -t filter -L OUTPUT 2>&1`; if ($?) { print "

",&text('index_ekernel', "

$out
"),"

\n"; print "

\n"; &footer("/", $text{'index'}); exit; } # Check if the distro supports iptables if (!$config{'direct'} && defined(&check_iptables) && ($err = &check_iptables())) { print "

$err

\n"; print "
\n"; &footer("/", $text{'index'}); exit; } # Check if firewall is being started at boot if (!$config{'direct'} && &foreign_check("init")) { local %iconfig = &foreign_config("init"); $init_support++ if ($iconfig{'init_base'}); if (defined(&started_at_boot)) { $atboot = &started_at_boot(); } else { &foreign_require("init", "init-lib.pl"); $atboot = &init::action_status("webmin-iptables") == 2; } } # Check if the save file exists. If not, check for any existing firewall # rules, and offer to create a save file from them @livetables = &get_iptables_save("iptables-save |"); &shorewall_message(\@livetables); if (!$config{'direct'} && !-s $iptables_save_file) { @tables = @livetables; foreach $t (@tables) { $rules++ if (@{$t->{'rules'}}); foreach $c (keys %{$t->{'defaults'}}) { $chains++ if ($t->{'defaults'}->{$c} ne 'ACCEPT'); } $hastable{$t->{'name'}}++; } foreach $t (@known_tables) { system("iptables -t $t -L >/dev/null") if (!$hastable{$t}); } if ($rules || $chains) { # Offer to save the current rules print &text('index_existing', $rules, "$iptables_save_file"),"

\n"; print "

\n"; print "

\n"; if ($init_support && !$atboot) { print " ", "$text{'index_atboot'}\n"; } print "

\n"; print "\n"; print "\n"; print "
$text{'index_headerex'}
";
		open(OUT, "iptables-save |");
		while() {
			print &html_escape($_);
			}
		close(OUT);
		print "
\n"; } else { # Offer to set up a firewall print &text('index_setup', "$iptables_save_file"),"

\n"; print "

\n"; print "
\n"; print " ", "$text{'index_auto0'}

\n"; foreach $a (1 .. 4) { print " ", "$text{'index_auto'.$a} ", &interface_choice("iface".$a),"

\n"; } print "

\n"; print "

\n"; if ($init_support && !$atboot) { print " ", "$text{'index_atboot'}\n"; } print "

\n"; } } else { @tables = &get_iptables_save(); if (!$config{'direct'}) { # Verify that all known tables exist, and if not add them to the # save file foreach $t (@tables) { $hastable{$t->{'name'}}++; } foreach $t (@known_tables) { if (!$hastable{$t}) { local ($missing) = &get_iptables_save( "iptables-save --table $t |"); if ($missing) { delete($missing->{'line'}); &save_table($missing); } $need_reload++; } } @tables = &get_iptables_save() if ($need_reload); } # Allow selection of a table if (!defined($in{'table'})) { foreach $t (@tables) { if (@{$t->{'rules'}}) { $in{'table'} = $t->{'index'}; last; } } } $table = $tables[$in{'table'}]; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "
\n"; print "
\n"; print "\n"; print "
\n"; # Display a table of rules for each chain foreach $c (sort by_string_for_iptables keys %{$table->{'defaults'}}) { print "
\n"; @rules = grep { lc($_->{'chain'}) eq lc($c) } @{$table->{'rules'}}; print "",$text{"index_chain_".lc($c)} || &text('index_chain', "$c"),"
\n"; print "
\n"; print "\n"; print "\n"; if (@rules) { print "\n"; print " ", ""; if ($config{'view_condition'} && $config{'view_comment'}){ print " "; print " ";} elsif ($config{'view_condition'}){ print " ";} elsif ($config{'view_comment'}){ print " ";} else{ print ""}; print " ", " ", "\n"; foreach $r (@rules) { print "\n"; local $act = $text{"index_jump_".lc($r->{'j'}->[1])} || &text('index_jump', $r->{'j'}->[1]); print "\n"; if ($config{'view_condition'} && $config{'view_comment'}){ print "\n"; print "\n"; } elsif ($config{'view_condition'}) { print "\n"; } elsif ($config{'view_comment'}) { print "\n"; } else{ print ""}; print "\n"; print "\n"; print "\n"; } print "
$text{'index_action'}$text{'index_desc'}$text{'index_comm'}$text{'index_desc'}$text{'index_comm'}$text{'index_no_comment'}$text{'index_move'}$text{'index_add'}
{'index'}'>$act",&describe_rule($r),"",$r->{'cmt'} || "
","		",&describe_rule($r),"",$r->{'cmt'} || "
","		-"; if ($r eq $rules[@rules-1]) { print ""; } else { print "{'index'}&", "down=1'>"; } if ($r eq $rules[0]) { print ""; } else { print "{'index'}&", "up=1'>"; } print "\n"; print "{'index'}'>"; print "{'index'}'>"; print "
\n"; } else { print "$text{'index_none'}
\n"; } # Show policy changing button for chains that support it, # and rule-adding button print "\n"; local $d = $table->{'defaults'}->{$c}; if ($d ne '-') { print "\n"; print "\n"; } else { print "\n"; } print "\n"; print "
\n"; print "\n"; if (@rules) { print "\n"; } print "
\n"; } # Display buttons for applying and un-applying the configuration, # and for creating an init script if possible if (!$config{'direct'}) { print "
\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; if ($init_support) { print "\n"; print "\n"; print "\n"; print "\n"; } print "
$text{'index_applydesc'}
$text{'index_unapplydesc'}
\n"; printf " %s\n", $atboot ? "checked" : "", $text{'yes'}; printf " %s\n", $atboot ? "" : "checked", $text{'no'}; print " $text{'index_bootupdesc'}
\n"; } } print "
\n"; &footer("/", $text{'index'}); sub shorewall_message { local ($filter) = grep { $_->{'name'} eq 'filter' } @{$_[0]}; if ($filter->{'defaults'}->{'shorewall'}) { print "
", &text('index_shorewall', "$gconfig{'webprefix'}/shorewall/"), "

\n"; } } firewall/old-index.cgi0100775000567100000120000000556207701233263014733 0ustar jcameronwheel#!/usr/local/bin/perl # index.cgi # Display a table of all entries from the firewall script require './firewall-lib.pl'; &header($text{'index_title'}, "", undef, 1, 1); print "

\n"; # Check if iptables is installed if (!&has_command("iptables")) { print "

",&text('index_eiptables', "iptables"),"

\n"; print "

\n"; &footer("/", $text{'index'}); exit; } # Check if the kernel supports it $out = `iptables -L 2>&1`; if ($?) { print "

",&text('index_ekernel', "

$out
"),"

\n"; print "

\n"; &footer("/", $text{'index'}); exit; } # Show existing rules print "",&text('index_header', "$firewall_rules_file"), "

\n"; @rules = &list_rules(); if (@rules) { print "$text{'index_add'}
\n"; print "\n"; print " ", " ", " ", " ", "\n"; foreach $r (@rules) { print "\n"; if ($r->{'type'} == 0) { # An iptables firewall rule print "\n"; print "\n"; print "\n"; print "\n"; } elsif ($r->{'type'} == 1) { # A variable assignment print "\n"; print "\n"; print "\n"; } elsif ($r->{'type'} == 2) { # Some other piece of script print "\n"; print "\n"; print "\n"; } print "\n"; } print "
$text{'index_type'}$text{'index_table'}$text{'index_chain'}$text{'index_desc'}$text{'index_move'}
", "$text{'index_rule'}",$r->{'table'} || $text{default},"",$r->{'chain'} || "
","		",&describe_rule($r),"", "$text{'index_var'}
$r->{'name'} = ", "$r->{'value'}$text{'index_script'}
$r->{'text'}",
			      "
"; if ($r eq $rules[@rules-1]) { print ""; } else { print "", ""; } if ($r eq $rules[0]) { print ""; } else { print "", ""; } print "
\n"; } else { print "$text{'index_none'}

\n"; } print "$text{'index_add'}
\n"; # Display button to apply firewall configuration print "

\n"; print "
\n"; print "\n"; print "\n"; print "\n"; print "
$text{'index_applydesc'}
\n"; print "
\n"; &footer("/", $text{'index'}); firewall/old-firewall-lib.pl0100664000567100000120000001705107701233263016037 0ustar jcameronwheel# firewall-lib.pl # Functions for iptables firewall configuration # - edits firewall settings in a single file # - each distro uses a different file for the settings # - may need to create init script to load firewall # - allow selection of firewall type, from os-specific list using os-specific # code (ie. redhat's low/medium/high security) # XXX support special module option # XXX support special module targets # XXX what does no -j option mean? # XXX have to load modules with -m when needed # XXX where can ! be used? do '../web-lib.pl'; &init_config(); do "$gconfig{'os_type'}-lib.pl"; if (!$firewall_rules_file) { # Use a webmin file for storing rules $firewall_rules_file = "$module_config_directory/firewall.rules"; } # list_rules() # Returns a list of iptables rules from the firewall script sub list_rules { @list_rules_cache = &parse_rules_file($firewall_rules_file) if (!defined(@list_rules_cache)); return @list_rules_cache; } # parse_rules_file(file) sub parse_rules_file { local @rv; local $lnum = 0; open(FILE, $_[0]); while() { s/\r|\n//g; s/#.*$//g; local $slnum = $lnum; while(/\\$/) { local $nl = ; s/\\$//; $nl =~ s/^\s+//; $_ .= $nl; $lnum++; } if (/^\s*(\S*iptables)(\s+.*)$/) { # Found an iptables rule local $rule = { 'file' => $_[0], 'line' => $slnum, 'eline' => $lnum, 'index' => scalar(@rv), 'type' => 0, 'command' => $1, 'args' => $2 }; # Parse action args if ($rule->{'args'} =~ s/\s+-t\s+(\S+)//) { $rule->{'table'} = $1; } if ($rule->{'args'} =~ s/\s+(-A|-D|-N|--append|--delete|--new-chain)\s+(\S+)//) { $rule->{'chain'} = $2; $rule->{'action'} = $1 =~ /^-+(.)/ ? uc($1) : undef; } elsif ($rule->{'args'} =~ s/\s+(-R|-I|--replace|--insert)\s+(\S+)\s+(\S+)//) { $rule->{'chain'} = $2; $rule->{'num'} = $3; $rule->{'action'} = $1 =~ /^-+(.)/ ? uc($1) : undef; } elsif ($rule->{'args'} =~ s/\s+(-L|-F|-Z|-X|--list|--flush|--zero|--delete-chain)(\s+([^\-\s]\S*))?//) { $rule->{'chain'} = $3; $rule->{'action'} = $1 =~ /^-+(.)/ ? uc($1) : undef; } elsif ($rule->{'args'} =~ s/\s+(-P|--policy)\s+(\S+)\s+(\S+)//) { $rule->{'chain'} = $2; $rule->{'target'} = $3; $rule->{'action'} = $1 =~ /^-+(.)/ ? uc($1) : undef; } # XXX support -E option # Parse parameter args if ($rule->{'args'} =~ s/\s+(\!?)\s*(-p|--protocol)\s+(\!?)\s*(\S+)//) { $rule->{'protocol'} = [ $1 || $3, uc($4) ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(-s|--source)\s+(\!?)\s*(\S+)//) { $rule->{'source'} = [ $1 || $3, $4 ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(-d|--destination)\s+(\!?)\s*(\S+)//) { $rule->{'dest'} = [ $1 || $3, $4 ]; } if ($rule->{'args'} =~ s/\s+(-j|--jump)\s+(\S+)//) { $rule->{'jump'} = [ undef, $2 ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(-i|--in-interface)\s+(\!?)\s*(\S+)//) { $rule->{'in'} = [ $1 || $3, $4 ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(-o|--out-interface)\s+(\!?)\s*(\S+)//) { $rule->{'out'} = [ $1 || $3, $4 ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(-f|--fragment)//) { $rule->{'fragment'} = [ $1 ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(--source-port)\s+(\!?)\s*(\S+)//) { $rule->{'sourceport'} = [ $1 || $3, $4 ]; } if ($rule->{'args'} =~ s/\s*(\!?)\s*(--destination-port)\s+(\!?)\s*(\S+)//) { $rule->{'destport'} = [ $1 || $3, $4 ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(--tcp-flags)\s+(\!?)\s*(\S+)\s+(\S+)//) { $rule->{'tcpflags'} = [ $1 || $3, $4, $5 ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(--syn)//) { $rule->{'syn'} = [ $1 ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(--tcp-option)\s+(\!?)\s*(\S+)//) { $rule->{'tcpoption'} = [ $1 || $3, $4 ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(--icmp-type)\s+(\!?)\s*(\S+)//) { $rule->{'icmptype'} = [ $1 || $3, $4 ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(--mac-source)\s+(\!?)\s*(\S+)//) { $rule->{'mac'} = [ $1 || $3, $4 ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(--limit)\s+(\!?)\s*(\S+)//) { $rule->{'limit'} = [ $1 || $3, $4 ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(--limit-burst)\s+(\!?)\s*(\S+)//) { $rule->{'limitburst'} = [ $1 || $3, $4 ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(--port)\s+(\!?)\s*(\S+)//) { $rule->{'port'} = [ $1 || $3, $4 ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(--uid-owner)\s+(\!?)\s*(\S+)//) { $rule->{'uidowner'} = [ $1 || $3, $4 ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(--gid-owner)\s+(\!?)\s*(\S+)//) { $rule->{'gidowner'} = [ $1 || $3, $4 ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(--sid-owner)\s+(\!?)\s*(\S+)//) { $rule->{'sidowner'} = [ $1 || $3, $4 ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(--pid-owner)\s+(\!?)\s*(\S+)//) { $rule->{'pidowner'} = [ $1 || $3, $4 ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(--state)\s+(\!?)\s*(\S+)//) { $rule->{'state'} = [ $1 || $3, $4 ]; } if ($rule->{'args'} =~ s/\s+(\!?)\s*(--tos)\s+(\!?)\s*(\S+)//) { $rule->{'tos'} = [ $1 || $3, $4 ]; } push(@rv, $rule); } elsif (/^\s*if\s+/) { # Found an if block local $block = { 'file' => $_[0], 'line' => $slnum, 'eline' => $lnum, 'index' => scalar(@rv), 'type' => 2, 'text' => $_ }; local $nest = 1; while() { s/\r|\n//g; $block->{'text'} .= "\n$_"; if (/^\s*if\s+/) { $nest++; } elsif (/^\s*fi(\s|$)/ && !--$nest) { last; } } push(@rv, $block); } elsif (/^\s*(for|while)\s+/) { # Found a for block local $block = { 'file' => $_[0], 'line' => $slnum, 'eline' => $lnum, 'index' => scalar(@rv), 'type' => 2, 'text' => $_ }; local $nest = 1; while() { s/\r|\n//g; $block->{'text'} .= "\n$_"; if (/^\s*(for|while)\s+/) { $nest++; } elsif (/^\s*done(\s|$)/ && !--$nest) { last; } } push(@rv, $block); } elsif (/^\s*([^\s=]+)\s*=\s*"(.*)"$/ || /^\s*([^\s=]+)\s*=\s*'(.*)'$/ || /^\s*([^\s=]+)\s*=\s*(.*)$/) { # Found a variable assignment push(@rv, { 'file' => $_[0], 'line' => $slnum, 'eline' => $lnum, 'index' => scalar(@rv), 'type' => 1, 'name' => $1, 'value' => $2 }); } elsif (/\S/) { # Some other unknown script line push(@rv, { 'file' => $_[0], 'line' => $slnum, 'eline' => $lnum, 'index' => scalar(@rv), 'type' => 2, 'text' => $_ }); } $lnum++; } close(FILE); return @rv; } # describe_rule(&rule) sub describe_rule { local $a = $_[0]->{'action'}; if ($a eq 'P') { return &text('desc_policy', $_[0]->{'target'}); } elsif ($a eq 'F') { return $text{'desc_flush'}; } elsif ($a eq 'L') { return $text{'desc_list'}; } elsif ($a eq 'Z') { return $text{'desc_zero'}; } elsif ($a eq 'N') { return $text{'desc_new'}; } elsif ($a eq 'X') { return $_[0]->{'chain'} ? $text{'desc_dchain'} : $text{'desc_dchains'}; } else { # Entry has a rule specification .. describe it local @c; foreach $d ('protocol', 'source', 'dest', 'in', 'out', 'fragment', 'sourceport', 'destport', 'tcpflags', 'syn', 'tcpoption', 'icmptype', 'mac', 'limit', 'limitburst', 'port', 'uidowner', 'gidowner', 'pidowner', 'sidowner', 'state', 'tos') { if ($_[0]->{$d}) { local ($n, @v) = @{$_[0]->{$d}}; push(@c, &text("desc_$d$n", @v)); } } local $desc; if (@c) { $desc = &text('desc_conds', join(" $text{'desc_and'} ", @c)); } else { $desc = $text{'desc_always'}; } if ($_[0]->{'jump'}) { $desc .= " ".($text{'desc_jump_'.lc($_[0]->{'jump'}->[1])} || &text('desc_jump', "$_[0]->{'jump'}->[1]")); } else { $desc .= " ".$text{'desc_nojump'}; } return $desc; } } 1; firewall/edit_rule.cgi0100775000567100000120000003502407701233263015020 0ustar jcameronwheel#!/usr/local/bin/perl # edit_rule.cgi # Display the details of one firewall rule, or allow the adding of a new one require './firewall-lib.pl'; &ReadParse(); @tables = &get_iptables_save(); $table = $tables[$in{'table'}]; if ($in{'clone'} ne '') { &header($text{'edit_title3'}, ""); %clone = %{$table->{'rules'}->[$in{'clone'}]}; $rule = \%clone; } elsif ($in{'new'}) { &header($text{'edit_title1'}, ""); $rule = { 'chain' => $in{'chain'}, 'j' => 'DROP' }; } else { &header($text{'edit_title2'}, ""); $rule = $table->{'rules'}->[$in{'idx'}]; } print "
\n"; print "
\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; # Display action section print "\n"; print "\n"; print "
$text{'edit_header1'}
\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n", $found ? "" : $rule->{'j'}->[1]; if ($table->{'name'} eq 'nat' && $rule->{'chain'} ne 'POSTROUTING') { if ($rule->{'j'}->[1] eq 'REDIRECT') { ($rtofrom, $rtoto) = split(/\-/, $rule->{'to-ports'}->[1]); } print "\n"; printf "\n"; } if ($table->{'name'} eq 'nat' && $rule->{'chain'} eq 'POSTROUTING') { if ($rule->{'j'}->[1] eq 'MASQUERADE') { ($mtofrom, $mtoto) = split(/\-/, $rule->{'to-ports'}->[1]); } print "\n"; printf "\n"; } if ($table->{'name'} eq 'nat' && $rule->{'chain'} ne 'POSTROUTING') { if ($rule->{'j'}->[1] eq 'DNAT') { if ($rule->{'to-destination'}->[1] =~ /^([0-9\.]+)(\-([0-9\.]+))?(:(\d+)(\-(\d+))?)?$/) { $dipfrom = $1; $dipto = $3; $dpfrom = $5; $dpto = $7; } } print "\n"; printf "\n"; } if ($table->{'name'} eq 'nat' && $rule->{'chain'} eq 'POSTROUTING') { if ($rule->{'j'}->[1] eq 'SNAT') { if ($rule->{'to-source'}->[1] =~ /^([0-9\.]+)(\-([0-9\.]+))?(:(\d+)(\-(\d+))?)?$/) { $sipfrom = $1; $sipto = $3; $spfrom = $5; $spto = $7; } } print "\n"; printf "\n"; } print "
$text{'edit_chain'}",$text{"index_chain_".lc($rule->{'chain'})} || &text('index_chain', "$rule->{'chain'}"),"
$text{'edit_cmt'}
$text{'edit_jump'} \n"; if ($table->{'name'} eq 'nat') { @jumps = ( undef, 'ACCEPT', 'DROP' ); if ($rule->{'chain'} eq 'POSTROUTING') { push(@jumps, 'MASQUERADE', 'SNAT'); } elsif ($rule->{'chain'} eq 'PREROUTING' || $rule->{'chain'} eq 'OUTPUT') { push(@jumps, 'REDIRECT', 'DNAT'); } } else { @jumps = ( undef, 'ACCEPT', 'DROP', 'QUEUE', 'RETURN' ); } foreach $j (@jumps) { printf " %s\n", $j, $rule->{'j'}->[1] eq $j ? "checked" : "", $text{"index_jump_".lc($j)}; $found++ if ($rule->{'j'}->[1] eq $j); } printf " %s ", $found ? "" : "checked", $text{'edit_jump_other'}; printf "
$text{'edit_rtoports'} %s\n", $rtofrom eq "" ? "checked" : "", $text{'default'}; printf "\n", $rtofrom eq "" ? "" : "checked"; print &text('edit_prange', "", ""),"
$text{'edit_mtoports'} %s\n", $mtofrom eq "" ? "checked" : "", $text{'edit_any'}; printf "\n", $mtofrom eq "" ? "" : "checked"; print &text('edit_prange', "", ""),"
$text{'edit_dnat'} %s\n", $dipfrom eq "" ? "checked" : "", $text{'default'}; printf "\n", $dipfrom eq "" ? "" : "checked"; print &text('edit_dnatip', "", ""),"\n"; print &text('edit_prange', "", ""),"
$text{'edit_snat'} %s\n", $sipfrom eq "" ? "checked" : "", $text{'default'}; printf "\n", $sipfrom eq "" ? "" : "checked"; print &text('edit_dnatip', "", ""),"\n"; print &text('edit_prange', "", ""),"

\n"; # Display conditions section print "$text{'edit_desc'}
\n"; print "\n"; print "\n"; print "
$text{'edit_header2'}
\n"; print "\n"; print "\n", $rule->{'s'}->[1]; print "\n"; print "\n", $rule->{'d'}->[1]; print "\n"; print "\n"; print "\n"; print "\n"; $f = !$rule->{'f'} ? 0 : $rule->{'f'}->[0] eq "!" ? 2 : 1; print "\n"; printf "\n", $f == 2 ? "checked" : "", $text{'edit_fragnot'}; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n", $rule->{'ports'}->[1]; print "\n"; print "\n"; print "\n"; print "\n", $rule->{'tcp-option'}->[1]; print "\n"; print "\n"; print "\n"; print "\n"; print "\n", $rule->{'mac'}->[1]; print "\n"; print "\n"; print "\n"; print "\n"; print "\n", $rule->{'limit-burst'}->[1]; if ($rule->{'chain'} eq 'OUTPUT') { print "\n"; print "\n"; print "\n", $rule->{'uid-owner'}->[1], &user_chooser_button("uidowner"); print "\n"; print "\n", $rule->{'gid-owner'}->[1], &group_chooser_button("gidowner"); print "\n"; print "\n", $rule->{'pid-owner'}->[1]; print "\n"; print "\n", $rule->{'sid-owner'}->[1]; } print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; $rule->{'args'} =~ s/^\s+//; $rule->{'args'} =~ s/\s+$//; print "\n"; printf "\n", $rule->{'args'}; print "
$text{'edit_source'}",&print_mode("source", $rule->{'s'}),"\n"; printf "
$text{'edit_dest'}",&print_mode("dest", $rule->{'d'}),"\n"; printf "
$text{'edit_in'}",&print_mode("in", $rule->{'i'}),"\n"; print &interface_choice("in", $rule->{'i'}->[1]),"
$text{'edit_out'}",&print_mode("out", $rule->{'o'}),"\n"; print &interface_choice("out", $rule->{'o'}->[1]),"
$text{'edit_frag'} %s\n", $f == 0 ? "checked" : "", $text{'edit_ignore'}; printf " %s\n", $f == 1 ? "checked" : "", $text{'edit_fragis'}; printf " %s
$text{'edit_proto'}",&print_mode("proto", $rule->{'p'}),"\n"; print &protocol_input("proto", $rule->{'p'}->[1]),"
$text{'edit_sport'}",&print_mode("sport", $rule->{'sports'} || $rule->{'sport'}),"\n"; print &port_input("sport", $rule->{'sports'}->[1] || $rule->{'sport'}->[1]), "
$text{'edit_dport'}",&print_mode("dport", $rule->{'dports'} || $rule->{'dport'}),"\n"; print &port_input("dport", $rule->{'dports'}->[1] || $rule->{'dport'}->[1]), "
$text{'edit_ports'}",&print_mode("ports", $rule->{'ports'}),"\n"; printf "
$text{'edit_tcpflags'}
",&print_mode("tcpflags", $rule->{'tcp-flags'}),"\n"; print " ",&text('edit_flags', &tcpflag_input("tcpflags0", $rule->{'tcp-flags'}->[1]), &tcpflag_input("tcpflags1", $rule->{'tcp-flags'}->[2])), "
$text{'edit_tcpoption'}",&print_mode("tcpoption", $rule->{'tcp-option'}),"\n"; printf "
$text{'edit_icmptype'}",&print_mode("icmptype", $rule->{'icmp-type'}),"\n"; print &icmptype_input("icmptype", $rule->{'icmp-type'}->[1]),"
$text{'edit_mac'}",&print_mode("mac", $rule->{'mac'}),"\n"; printf "
$text{'edit_limit'}",&print_mode("limit", $rule->{'limit'}, $text{'edit_below'}, $text{'edit_above'}),"\n"; ($n, $u) = $rule->{'limit'}->[1] =~ /^(\d+)\/(\S+)$/ ? ($1, $2) : (); print "\n"; print "/
$text{'edit_limitburst'}",&print_mode("limitburst", $rule->{'limit-burst'}, $text{'edit_below'}, $text{'edit_above'}),"\n"; printf "
$text{'edit_uidowner'}",&print_mode("uidowner", $rule->{'uid-owner'}),"\n"; printf " %s
$text{'edit_gidowner'}",&print_mode("gidowner", $rule->{'gid-owner'}),"\n"; printf " %s
$text{'edit_pidowner'}",&print_mode("pidowner", $rule->{'pid-owner'}),"\n"; printf "
$text{'edit_sidowner'}",&print_mode("sidowner", $rule->{'sid-owner'}),"\n"; printf "
$text{'edit_state'}\n"; print "
", &print_mode("state", $rule->{'state'})," 
$text{'edit_tos'}",&print_mode("tos", $rule->{'tos'}),"\n"; print &tos_input("tos", $rule->{'tos'}->[1]),"
$text{'edit_args'}
\n"; print "\n"; if ($in{'new'}) { print "\n"; } else { print "\n"; print "\n"; print "\n"; } print "
\n"; print "
\n"; &footer("index.cgi?table=$in{'table'}", $text{'index_return'}); # print_mode(name, &value) sub print_mode { local $m = !$_[1] ? 0 : $_[1]->[0] eq "!" ? 2 : 1; local $rv = "\n"; return $rv; } # port_input(name, value) sub port_input { local ($s, $e, $p); if ($_[1] =~ /^(\d*):(\d*)$/) { $s = $1; $e = $2; } else { $p = $_[1] || ""; } local $rv = sprintf " %s\n", defined($p) ? "checked" : "", $text{'edit_port0'}; $rv .= "\n"; $rv .= sprintf "\n", defined($p) ? "" : "checked"; $rv .= &text('edit_port1', "", ""); return $rv; } # tcpflag_input(name, value) sub tcpflag_input { local %flags = map { $_, 1 } split(/,/, $_[1]); local $f; local $rv = "\n"; foreach $f ('SYN', 'ACK', 'FIN', 'RST', 'URG', 'PSH') { $rv .= sprintf " %s\n", $f, $flags{$f} ? "checked" : "", "$f"; } $rv .= "\n"; return $rv; } # icmptype_input(name, value) sub icmptype_input { local ($started, @types, $major, $minor); $major = -1; open(IPTABLES, "iptables -p icmp -h |"); while() { if (/valid\s+icmp\s+types:/i) { $started = 1; } elsif (!/\S/) { $started = 0; } elsif ($started && /^\s*(\S+)/) { push(@types, $1); } } close(IPTABLES); if (@types && $_[1] !~ /^\d+$/ && $_[1] !~ /^\d+\/\d+$/) { local $rv = "\n"; return $rv; } else { return ""; } } # protocol_input(name, value) sub protocol_input { local @protos = ( 'tcp', 'udp', 'icmp', undef ); open(PROTOS, "/etc/protocols"); while() { s/\r|\n//g; s/#.*$//; push(@protos, $1) if (/^(\S+)\s+(\d+)/); } close(PROTOS); local $p; local $rv = "\n"; return $rv; } # tos_input(name, value) sub tos_input { local ($started, @opts); open(IPTABLES, "iptables -m tos -h |"); while() { if (/TOS.*options:/i) { $started = 1; } elsif ($started && /^\s+(\S+)\s+(\d+)\s+\((0x[0-9a-f]+)\)/i) { push(@opts, [ $1, $3 ]); } } close(IPTABLES); if (@opts) { local $rv = "\n"; return $rv; } else { return "\n"; } } firewall/save_policy.cgi0100775000567100000120000000444707701233263015366 0ustar jcameronwheel#!/usr/local/bin/perl # save_policy.cgi # Change the default policy for some chain require './firewall-lib.pl'; &ReadParse(); @tables = &get_iptables_save(); $table = $tables[$in{'table'}]; if ($in{'add'}) { # Redirect to the rule page for adding a rule &redirect("edit_rule.cgi?table=$in{'table'}&chain=$in{'chain'}&new=1"); } elsif ($in{'delete'} && $in{'confirm'}) { # Delete this entire chain and all rules in it &lock_file($iptables_save_file); $table->{'rules'} = [ grep { $_->{'chain'} ne $in{'chain'} } @{$table->{'rules'}} ]; delete($table->{'defaults'}->{$in{'chain'}}); &save_table($table); &unlock_file($iptables_save_file); &webmin_log("delete", "chain", undef, { 'chain' => $in{'chain'}, 'table' => $table->{'name'} }); &redirect("index.cgi?table=$in{'table'}"); } elsif ($in{'clear'} && $in{'confirm'}) { # Delete all rules from this chain &lock_file($iptables_save_file); $table->{'rules'} = [ grep { $_->{'chain'} ne $in{'chain'} } @{$table->{'rules'}} ]; &save_table($table); &unlock_file($iptables_save_file); &webmin_log("clear", "chain", undef, { 'chain' => $in{'chain'}, 'table' => $table->{'name'} }); &redirect("index.cgi?table=$in{'table'}"); } elsif ($in{'delete'} || $in{'clear'}) { # Ask for confirmation on deleting the chain $mode = $in{'delete'} ? "delete" : "clear"; &header($text{$mode.'_title'}, ""); print "
\n"; @rules = grep { $_->{'chain'} eq $in{'chain'} } @{$table->{'rules'}}; print "\n"; print "\n"; print "\n"; print "\n"; print "
",&text($mode.'_rusure', "$in{'chain'}", scalar(@rules)),"

\n"; print "\n"; print "

\n"; print "
\n"; &footer("index.cgi?table=$in{'table'}", $text{'index_return'}); } else { # Change the default for this chain &lock_file($iptables_save_file); $table->{'defaults'}->{$in{'chain'}} = $in{'policy'}; &save_table($table); &unlock_file($iptables_save_file); &webmin_log("modify", "chain", undef, { 'chain' => $in{'chain'}, 'table' => $table->{'name'} }); &redirect("index.cgi?table=$in{'table'}"); } firewall/save_rule.cgi0100775000567100000120000002366007701233263015034 0ustar jcameronwheel#!/usr/local/bin/perl # save_rule.cgi # Save, create or delete a rule in a chain require './firewall-lib.pl'; &ReadParse(); &error_setup($text{'save_err'}); @tables = &get_iptables_save(); $table = $tables[$in{'table'}]; if ($in{'new'}) { $rule = { 'chain' => $in{'chain'} }; } else { $rule = $table->{'rules'}->[$in{'idx'}]; } if ($in{'clone'}) { # Go back to the editing page &redirect("edit_rule.cgi?new=1&clone=$in{'idx'}&table=$in{'table'}&chain=$rule->{'chain'}"); } &lock_file($iptables_save_file); if ($in{'delete'}) { # Just delete this rule splice(@{$table->{'rules'}}, $in{'idx'}, 1); } else { # Validate and store inputs @mods = grep { !/^(tcp|udp|icmp|multiport|mac|limit|owner|state|tos)$/ } map { $_->[1] } @{$rule->{'m'}}; $rule->{'cmt'} = $in{'cmt'}; if ($in{'jump'} eq '*') { $in{'other'} =~ /^\S+$/ || &error($text{'save_echain'}); $rule->{'j'} = [ "", $in{'other'} ]; } elsif ($in{'jump'}) { $rule->{'j'} = [ "", $in{'jump'} ]; } else { delete($rule->{'j'}); } if ($table->{'name'} eq 'nat' && $rule->{'chain'} ne 'POSTROUTING' || $table->{'name'} eq 'nat' && $rule->{'chain'} eq 'POSTROUTING') { if ($rule->{'j'}->[1] eq 'REDIRECT' && !$in{'rtodef'}) { $in{'rtofrom'} =~ /^\d+$/ || &error($text{'save_ertoports'}); $in{'rtoto'} =~ /^\d*$/ || &error($text{'save_ertoports'}); $rule->{'to-ports'} = [ "", $in{'rtoto'} eq '' ? $in{'rtofrom'} : $in{'rtofrom'}."-".$in{'rtoto'} ]; } elsif ($rule->{'j'}->[1] eq 'MASQUERADE' && !$in{'mtodef'}) { $in{'mtofrom'} =~ /^\d+$/ || &error($text{'save_emtoports'}); $in{'mtoto'} =~ /^\d*$/ || &error($text{'save_emtoports'}); $rule->{'to-ports'} = [ "", $in{'mtoto'} eq '' ? $in{'mtofrom'} : $in{'mtofrom'}."-".$in{'mtoto'} ]; } else { delete($rule->{'to-ports'}); } } if ($table->{'name'} eq 'nat' && $rule->{'chain'} ne 'POSTROUTING') { if ($rule->{'j'}->[1] eq 'DNAT' && !$in{'dnatdef'}) { &check_ipaddress($in{'dipfrom'}) || &error($text{'save_edipfrom'}); !$in{'dipto'} || &check_ipaddress($in{'dipto'}) || &error($text{'save_edipto'}); local $v = $in{'dipfrom'}; $v .= "-".$in{'dipto'} if ($in{'dipto'}); if ($in{'dpfrom'} ne '') { $in{'dpfrom'} =~ /^\d+$/ || &error($text{'save_edpfrom'}); $in{'dpto'} =~ /^\d*$/ || &error($text{'save_edpto'}); if ($in{'dpto'} eq '') { $v .= ":".$in{'dpfrom'}; } else { $v .= ":".$in{'dpfrom'}."-".$in{'dpto'}; } } $rule->{'to-destination'} = [ "", $v ]; } else { delete($rule->{'to-destination'}); } } if ($table->{'name'} eq 'nat' && $rule->{'chain'} eq 'POSTROUTING') { if ($rule->{'j'}->[1] eq 'SNAT' && !$in{'snatdef'}) { &check_ipaddress($in{'sipfrom'}) || &error($text{'save_esipfrom'}); !$in{'sipto'} || &check_ipaddress($in{'sipto'}) || &error($text{'save_esipto'}); local $v = $in{'sipfrom'}; $v .= "-".$in{'sipto'} if ($in{'sipto'}); if ($in{'spfrom'} ne '') { $in{'spfrom'} =~ /^\d+$/ || &error($text{'save_espfrom'}); $in{'spto'} =~ /^\d*$/ || &error($text{'save_espto'}); if ($in{'spto'} eq '') { $v .= ":".$in{'spfrom'}; } else { $v .= ":".$in{'spfrom'}."-".$in{'spto'}; } } $rule->{'to-source'} = [ "", $v ]; } else { delete($rule->{'to-source'}); } } if (&parse_mode("source", $rule, "s")) { &check_ipmask($in{'source'}) || &error($text{'save_esource'}); $rule->{'s'}->[1] = $in{'source'}; } if (&parse_mode("dest", $rule, "d")) { &check_ipmask($in{'dest'}) || &error($text{'save_edest'}); $rule->{'d'}->[1] = $in{'dest'}; } if (&parse_mode("in", $rule, "i")) { $in{'in'} ne '' || $in{'in_other'} =~ /^\S+$/ || &error($text{'save_ein'}); $rule->{'i'}->[1] = $in{'in'} eq '' ? $in{'in_other'} : $in{'in'}; } if (&parse_mode("out", $rule, "o")) { $in{'out'} ne '' || $in{'out_other'} =~ /^\S+$/ || &error($text{'save_eout'}); $rule->{'o'}->[1] = $in{'out'} eq '' ? $in{'out_other'} : $in{'out'}; } if ($in{'frag'} == 0) { delete($rule->{'f'}); } elsif ($in{'frag'} == 1) { $rule->{'f'} = [ "" ]; } else { $rule->{'f'} = [ "!" ]; } if (&parse_mode("proto", $rule, "p")) { $in{'proto'} || &error($text{'save_eproto'}); $rule->{'p'}->[1] = $in{'proto'}; if (!$rule->{'p'}->[0]) { $proto = $in{'proto'}; push(@mods, $in{'proto'}) if ($proto eq 'tcp' || $proto eq 'udp' || $proto eq 'icmp' && $in{'icmptype_mode'}); } } if (&parse_mode("sport", $rule, "sport")) { $proto eq "tcp" || $proto eq "udp" || &error($text{'save_etcpudp'}); if ($in{"sport_type"} == 0) { $in{"sport"} =~ /^\S+$/ || &error($text{'save_esport'}); if ($in{"sport"} =~ /,/) { $rule->{'sports'}->[1] = $in{"sport"}; push(@mods, "multiport"); delete($rule->{'sport'}); } else { $rule->{'sport'}->[1] = $in{"sport"}; delete($rule->{'sports'}); } } else { $in{"sport_from"} =~ /^\d*$/ || &error($text{'save_esportfrom'}); $in{"sport_to"} =~ /^\d*$/ || &error($text{'save_esportto'}); $rule->{'sport'}->[1] = $in{"sport_from"}.":". $in{"sport_to"}; $rule->{'sport'}->[1] eq ":" && &error($text{'save_esportrange'}); delete($rule->{'sports'}); } } else { delete($rule->{'sports'}); } if (&parse_mode("dport", $rule, "dport")) { $proto eq "tcp" || $proto eq "udp" || &error($text{'save_etcpudp'}); if ($in{"dport_type"} == 0) { $in{"dport"} =~ /^\S+$/ || &error($text{'save_edport'}); if ($in{"dport"} =~ /,/) { $rule->{'dports'}->[1] = $in{"dport"}; push(@mods, "multiport"); delete($rule->{'dport'}); } else { $rule->{'dport'}->[1] = $in{"dport"}; delete($rule->{'dports'}); } } else { $in{"dport_from"} =~ /^\d*$/ || &error($text{'save_edportfrom'}); $in{"dport_to"} =~ /^\d*$/ || &error($text{'save_edportto'}); $rule->{'dport'}->[1] = $in{"dport_from"}.":". $in{"dport_to"}; $rule->{'dport'}->[1] eq ":" && &error($text{'save_edportrange'}); delete($rule->{'dports'}); } } else { delete($rule->{'dports'}); } if (&parse_mode("ports", $rule, "ports")) { $proto eq "tcp" || $proto eq "udp" || &error($text{'save_etcpudp'}); $in{"ports"} =~ /^\S+$/ || &error($text{'save_eports'}); $rule->{'ports'}->[1] = $in{'ports'}; push(@mods, "multiport"); } if (&parse_mode("tcpflags", $rule, "tcp-flags")) { $proto eq "tcp" || &error($text{'save_etcp1'}); local $tcp0 = join(",", split(/\0/, $in{"tcpflags0"})); local $tcp1 = join(",", split(/\0/, $in{"tcpflags1"})); $tcp0 && $tcp1 || &error($text{'save_etcpflags'}); $rule->{'tcp-flags'}->[1] = $tcp0; $rule->{'tcp-flags'}->[2] = $tcp1; } if (&parse_mode("tcpoption", $rule, "tcp-option")) { $proto eq "tcp" || &error($text{'save_etcp2'}); $in{"tcpoption"} =~ /^\d+$/ || &error($text{'save_etcpoption'}); $rule->{'tcp-option'}->[1] = $in{"tcpoption"}; } if (&parse_mode("icmptype", $rule, "icmp-type")) { $proto eq "icmp" || &error($text{'save_eicmp'}); $rule->{'icmp-type'}->[1] = $in{'icmptype'}; } if (&parse_mode("mac", $rule, "mac")) { $in{"mac"} =~ /^([0-9a-z]{2}:){5}[[0-9a-z]{2}$/i || &error($text{'save_emac'}); $rule->{'mac'}->[1] = $in{'mac'}; push(@mods, "mac"); } if (&parse_mode("limit", $rule, "limit")) { $in{'limit0'} =~ /^\d+$/ || &error($text{'save_elimit'}); $rule->{'limit'}->[1] = $in{'limit0'}."/".$in{'limit1'}; push(@mods, "limit"); } if (&parse_mode("limitburst", $rule, "limit-burst")) { $in{'limitburst'} =~ /^\d+$/ || &error($text{'save_elimitburst'}); $rule->{'limit-burst'}->[1] = $in{'limitburst'}; push(@mods, "limit"); } if ($rule->{'chain'} eq 'OUTPUT') { if (&parse_mode("uidowner", $rule, "uid-owner")) { defined(getpwnam($in{"uidowner"})) || &error($text{'save_euidowner'}); $rule->{'uid-owner'}->[1] = $in{"uidowner"}; push(@mods, "owner"); } if (&parse_mode("gidowner", $rule, "gid-owner")) { defined(getgrnam($in{"gidowner"})) || &error($text{'save_egidowner'}); $rule->{'gid-owner'}->[1] = $in{"gidowner"}; push(@mods, "owner"); } if (&parse_mode("pidowner", $rule, "pid-owner")) { $in{"pidowner"} =~ /^\d+$/ || &error($text{'save_epidowner'}); $rule->{'pid-owner'}->[1] = $in{"pidowner"}; push(@mods, "owner"); } if (&parse_mode("sidowner", $rule, "sid-owner")) { $in{"sidowner"} =~ /^\d+$/ || &error($text{'save_esidowner'}); $rule->{'sid-owner'}->[1] = $in{"sidowner"}; push(@mods, "owner"); } } if (&parse_mode("state", $rule, "state")) { @states = split(/\0/, $in{'state'}); @states || &error($text{'save_estates'}); $rule->{'state'}->[1] = join(",", @states); push(@mods, "state"); } if (&parse_mode("tos", $rule, "tos")) { $rule->{'tos'}->[1] = $in{'tos'}; push(@mods, "tos"); } # Add custom paramters # XXX ordering?? $rule->{'args'} = $in{'args'}; # Save the rule if (@mods) { $rule->{'m'} = [ map { [ "", $_ ] } &unique(@mods) ]; } else { delete($rule->{'m'}); } delete($rule->{'j'}) if (!$in{'jump'}); if ($in{'new'}) { if ($in{'before'} ne '') { splice(@{$table->{'rules'}}, $in{'before'}, 0, $rule); } elsif ($in{'after'} ne '') { splice(@{$table->{'rules'}}, $in{'after'}+1, 0, $rule); } else { push(@{$table->{'rules'}}, $rule); } } } # Write out the new save file &save_table($table); &unlock_file($iptables_save_file); &webmin_log($in{'delete'} ? "delete" : $in{'new'} ? "create" : "modify", "rule", undef, { 'chain' => $rule->{'chain'}, 'table' => $table->{'name'} }); &redirect("index.cgi?table=$in{'table'}"); # parse_mode(name, &rule, option) sub parse_mode { if ($in{"$_[0]_mode"} == 0) { delete($_[1]->{$_[2]}); return 0; } elsif ($in{"$_[0]_mode"} == 1) { $_[1]->{$_[2]} = [ "" ]; return 1; } else { $_[1]->{$_[2]} = [ "!" ]; return 1; } } sub check_ipmask { return &check_ipaddress($_[0]) || gethostbyname($_[0]) || $_[0] =~ /^([0-9\.]+)\/([0-9\.]+)$/ && (&check_ipaddress("$1") || gethostbyname("$1")) && (&check_ipaddress("$2") || $2 =~ /^\d+$/); } firewall/move.cgi0100775000567100000120000000156707701233263014017 0ustar jcameronwheel#!/usr/local/bin/perl # move.cgi # Swap two rules in some chain require './firewall-lib.pl'; &ReadParse(); &lock_file($iptables_save_file); @tables = &get_iptables_save(); $table = $tables[$in{'table'}]; $r = $table->{'rules'}; $c = $r->[$in{'idx'}]->{'chain'}; @rules = grep { lc($_->{'chain'}) eq lc($c) } @$r; $pos = &indexof($r->[$in{'idx'}], @rules); if ($in{'down'}) { # Swap with next rule in this chain $nxt = $rules[$pos+1]->{'index'}; ($r->[$in{'idx'}], $r->[$nxt]) = ($r->[$nxt], $r->[$in{'idx'}]); } else { # Swap with previous rule in this chain $prv = $rules[$pos-1]->{'index'}; ($r->[$in{'idx'}], $r->[$prv]) = ($r->[$prv], $r->[$in{'idx'}]); } &save_table($table); &unlock_file($iptables_save_file); &webmin_log("move", "rule", undef, { 'table' => $table->{'name'}, 'chain' => $r->[$in{'idx'}]->{'chain'} }); &redirect("index.cgi?table=$in{'table'}"); firewall/newchain.cgi0100775000567100000120000000114707701233263014637 0ustar jcameronwheel#!/usr/local/bin/perl # newchain.cgi # Create a new user-defined chain require './firewall-lib.pl'; &ReadParse(); @tables = &get_iptables_save(); $table = $tables[$in{'table'}]; &error_setup($text{'new_err'}); &lock_file($iptables_save_file); $in{'chain'} =~ /^\S+$/ || &error($text{'new_ename'}); $table->{'defaults'}->{$in{'chain'}} && &error($text{'new_etaken'}); $table->{'defaults'}->{$in{'chain'}} = '-'; &save_table($table); &unlock_file($iptables_save_file); &webmin_log("create", "chain", undef, { 'chain' => $in{'chain'}, 'table' => $table->{'name'} }); &redirect("index.cgi?table=$in{'table'}"); firewall/apply.cgi0100775000567100000120000000076007701233263014170 0ustar jcameronwheel#!/usr/local/bin/perl # apply.cgi # Apply the current firewall configuration require './firewall-lib.pl'; &ReadParse(); &error_setup($text{'apply_err'}); if (defined(&apply_iptables)) { # Call distro's apply command $err = &apply_iptables(); } else { # Manually run iptables-restore $out = &backquote_logged("cd / ; iptables-restore <$iptables_save_file 2>&1"); $err = "
$out
" if ($?); } &error($err) if ($err); &webmin_log("apply"); &redirect("index.cgi?table=$in{'table'}"); firewall/mandrake-linux-lib.pl0100664000567100000120000000272307701233263016375 0ustar jcameronwheel# redhat-linux-lib.pl # Deal with redhat's /etc/sysconfig/iptables save file and startup script # check_iptables() # Returns an error message if something is wrong with iptables on this system sub check_iptables { if (!-r "/etc/rc.d/init.d/iptables") { return &text('redhat_escript', "/etc/rc.d/init.d/iptables"); } local $out = `/etc/rc.d/init.d/iptables status 2>&1`; if ($out !~ /table:|INPUT|FORWARD|OUTPUT/) { return &text('redhat_eoutput', "/etc/init.d/iptables status"); } return undef; } $iptables_save_file = "/etc/sysconfig/iptables"; # apply_iptables() # Applies the current iptables configuration from the save file #sub apply_iptables #{ #local $out = &backquote_logged("cd / ; /etc/rc.d/init.d/iptables restart 2>&1"); #$out =~ s/\033[^m]+m//g; #return $? || $out =~ /FAILED/ ? "
$out
" : undef; #} # unapply_iptables() # Writes the current iptables configuration to the save file sub unapply_iptables { $out = &backquote_logged("cd / ; /etc/rc.d/init.d/iptables save 2>&1 $out" : undef; } # started_at_boot() sub started_at_boot { &foreign_require("init", "init-lib.pl"); return &init::action_status("iptables") == 2; } sub enable_at_boot { &foreign_require("init", "init-lib.pl"); &init::enable_at_boot("iptables"); # Assumes init script exists } sub disable_at_boot { &foreign_require("init", "init-lib.pl"); &init::disable_at_boot("iptables"); } 1; firewall/convert.cgi0100775000567100000120000000115707701233263014524 0ustar jcameronwheel#!/usr/local/bin/perl # convert.cgi # Convert in-kernel firewall rules to the save file, and setup a bootup script require './firewall-lib.pl'; &ReadParse(); &error_setup($text{'convert_err'}); &lock_file($iptables_save_file); if (defined(&unapply_iptables)) { # Call distro's unapply command $err = &unapply_iptables(); } else { # Manually run iptables-save $out = &backquote_logged("iptables-save >$iptables_save_file 2>&1"); $err = "
$out
" if ($?); } &error($err) if ($err); if ($in{'atboot'}) { &create_firewall_init(); } &unlock_file($iptables_save_file); &webmin_log("convert"); &redirect(""); firewall/config.info.ca0100755000567100000120000000025307701233263015056 0ustar jcameronwheeldirect=Edita directament les regles del tallafocs enlloc del fitxer,1,1-SМ,0-No view_comment=Mostra el comentari,1,1-SМ,0-No view_condition=Mostra la condiciС,1,1-SМ,0-No firewall/setup.cgi0100775000567100000120000001252107701233263014201 0ustar jcameronwheel#!/usr/local/bin/perl # setup.cgi # Setup an initial save file require './firewall-lib.pl'; &ReadParse(); &lock_file($iptables_save_file); if (defined(&unapply_iptables)) { &unapply_iptables(); } else { &backquote_logged("iptables-save >$iptables_save_file 2>&1"); } if ($in{'auto'}) { @tables = &get_iptables_save(); if ($in{'auto'} == 1) { # Add a single rule to the nat table for masquerading $iface = $in{'iface1'} || $in{'iface1_other'}; $iface || &error($text{'setup_eiface'}); ($table) = grep { $_->{'name'} eq 'nat' } @tables; push(@{$table->{'rules'}}, { 'chain' => 'POSTROUTING', 'o' => [ "", $iface ], 'j' => [ "", 'MASQUERADE' ] } ); } elsif ($in{'auto'} >= 2) { # Block all incoming traffic, except for established # connections, DNS replies and safe ICMP types # In mode 3 allow ssh and ident too # In mode 4 allow ftp, echo-request and high ports too $iface = $in{'iface'.$in{'auto'}} || $in{'iface'.$in{'auto'}.'_other'}; $iface || &error($text{'setup_eiface'}); ($table) = grep { $_->{'name'} eq 'filter' } @tables; $table->{'defaults'}->{'INPUT'} = 'DROP'; push(@{$table->{'rules'}}, { 'chain' => 'INPUT', 'i' => [ "!", $iface ], 'j' => [ "", 'ACCEPT' ], 'cmt' => 'Accept traffic from internal interfaces' }, { 'chain' => 'INPUT', 'm' => [ [ "", "tcp" ] ], 'p' => [ "", "tcp" ], 'tcp-flags' => [ "", "ACK", "ACK" ], 'j' => [ "", 'ACCEPT' ], 'cmt' => 'Accept traffic with the ACK flag set' }, { 'chain' => 'INPUT', 'm' => [ [ "", "state" ] ], 'state' => [ "", "ESTABLISHED" ], 'j' => [ "", 'ACCEPT' ], 'cmt' => 'Allow incoming data that is part of a connection we established' }, { 'chain' => 'INPUT', 'm' => [ [ "", "state" ] ], 'state' => [ "", "RELATED" ], 'j' => [ "", 'ACCEPT' ], 'cmt' => 'Allow data that is related to existing connections' }, { 'chain' => 'INPUT', 'm' => [ [ "", "udp" ] ], 'p' => [ "", "udp" ], 'sport' => [ "", 53 ], 'dport' => [ "", "1024:65535" ], 'j' => [ "", 'ACCEPT' ], 'cmt' => 'Accept responses to DNS queries' }, { 'chain' => 'INPUT', 'm' => [ [ "", "icmp" ] ], 'p' => [ [ "", "icmp" ] ], 'icmp-type' => [ "", "echo-reply" ], 'j' => [ "", 'ACCEPT' ], 'cmt' => 'Accept responses to our pings' }, { 'chain' => 'INPUT', 'm' => [ [ "", "icmp" ] ], 'p' => [ [ "", "icmp" ] ], 'icmp-type' => [ "", "destination-unreachable" ], 'j' => [ "", 'ACCEPT' ], 'cmt' => 'Accept notifications of unreachable hosts' }, { 'chain' => 'INPUT', 'm' => [ [ "", "icmp" ] ], 'p' => [ [ "", "icmp" ] ], 'icmp-type' => [ "", "source-quench" ], 'j' => [ "", 'ACCEPT' ], 'cmt' => 'Accept notifications to reduce sending speed' }, { 'chain' => 'INPUT', 'm' => [ [ "", "icmp" ] ], 'p' => [ [ "", "icmp" ] ], 'icmp-type' => [ "", "time-exceeded" ], 'j' => [ "", 'ACCEPT' ], 'cmt' => 'Accept notifications of lost packets' }, { 'chain' => 'INPUT', 'm' => [ [ "", "icmp" ] ], 'p' => [ [ "", "icmp" ] ], 'icmp-type' => [ "", "parameter-problem" ], 'j' => [ "", 'ACCEPT' ], 'cmt' => 'Accept notifications of protocol problems' } ); if ($in{'auto'} >= 3) { # Allow ssh and ident push(@{$table->{'rules'}}, { 'chain' => 'INPUT', 'm' => [ [ "", "tcp" ] ], 'p' => [ "", "tcp" ], 'dport' => [ "", "ssh" ], 'j' => [ "", 'ACCEPT' ], 'cmt' => 'Allow connections to our SSH server' }, { 'chain' => 'INPUT', 'm' => [ [ "", "tcp" ] ], 'p' => [ "", "tcp" ], 'dport' => [ "", "auth" ], 'j' => [ "", 'ACCEPT' ], 'cmt' => 'Allow connections to our IDENT server'} ); } if ($in{'auto'} == 4) { # Allow pings and most high ports push(@{$table->{'rules'}}, { 'chain' => 'INPUT', 'm' => [ [ "", "icmp" ] ], 'p' => [ [ "", "icmp" ] ], 'icmp-type' => [ "", "echo-request" ], 'j' => [ "", 'ACCEPT' ], 'cmt' => 'Respond to pings' }, { 'chain' => 'INPUT', 'm' => [ [ "", "tcp" ] ], 'p' => [ "", "tcp" ], 'dport' => [ "", "2049:2050" ], 'j' => [ "", 'DROP' ], 'cmt' => 'Protect our NFS server' }, { 'chain' => 'INPUT', 'm' => [ [ "", "tcp" ] ], 'p' => [ "", "tcp" ], 'dport' => [ "", "6000:6063" ], 'j' => [ "", 'DROP' ], 'cmt' => 'Protect our X11 display server' }, { 'chain' => 'INPUT', 'm' => [ [ "", "tcp" ] ], 'p' => [ "", "tcp" ], 'dport' => [ "", "7000:7010" ], 'j' => [ "", 'DROP' ], 'cmt' => 'Protect our X font server' }, { 'chain' => 'INPUT', 'm' => [ [ "", "tcp" ] ], 'p' => [ "", "tcp" ], 'dport' => [ "", "1024:63353" ], 'j' => [ "", 'ACCEPT' ], 'cmt' => 'Allow connections to unprivileged ports' }, ); } } &save_table($table); } if ($in{'atboot'}) { &create_firewall_init(); } &unlock_file($iptables_save_file); &webmin_log("setup"); &redirect(""); firewall/config.info0100664000567100000120000000035707701233263014500 0ustar jcameronwheelsave_file=IPtables save file to edit,3,Use operating system or Webmin default direct=Directly edit firewall rules instead of save file?,1,1-Yes,0-No view_comment=Display comment?,1,1-Yes,0-No view_condition=Display condition?,1,1-Yes,0-No firewall/gentoo-linux-lib.pl0100664000567100000120000000120407701233264016100 0ustar jcameronwheel# gentoo-linux-lib.pl # Deal with gentoo's IPtables save file # check_iptables() # Returns an error message if something is wrong with iptables on this system sub check_iptables { if (!-r "/etc/init.d/iptables") { return &text('gentoo_escript', "/etc/init.d/iptables"); } return undef; } local %iptconf; &read_env_file("/etc/conf.d/iptables", \%iptconf); $iptables_save_file = $iptconf{'IPTABLES_SAVE'}; # apply_iptables() # Applies the current iptables configuration from the save file sub apply_iptables { local $out = &backquote_logged("cd / ; /etc/init.d/iptables restart 2>&1"); return $? ? "
$out
" : undef; } 1; firewall/config0100664000567100000120000000005107701233264013536 0ustar jcameronwheeldirect=0 view_comment=0 view_condition=1 firewall/debian-linux-lib.pl0100664000567100000120000000225007701233264016031 0ustar jcameronwheel# debians-linux-lib.pl # Deal with debian's iptables save file and startup script # check_iptables() # Returns an error message if something is wrong with iptables on this system sub check_iptables { if (!-r "/etc/init.d/iptables") { return &text('debian_escript', "/etc/init.d/iptables"); } return undef; } $iptables_save_file = "/var/lib/iptables/active"; # apply_iptables() # Applies the current iptables configuration from the save file sub apply_iptables { local $out = &backquote_logged("cd / ; /etc/init.d/iptables start 2>&1"); return $? ? "
$out
" : undef; } # unapply_iptables() # Writes the current iptables configuration to the save file sub unapply_iptables { $out = &backquote_logged("cd / ; /etc/init.d/iptables save active 2>&1 $out" : undef; } # started_at_boot() sub started_at_boot { &foreign_require("init", "init-lib.pl"); return &init::action_status("iptables") == 2; } sub enable_at_boot { &foreign_require("init", "init-lib.pl"); &init::enable_at_boot("iptables"); # Assumes init script exists } sub disable_at_boot { &foreign_require("init", "init-lib.pl"); &init::disable_at_boot("iptables"); } 1; firewall/log_parser.pl0100644000567100000120000000112307701233264015037 0ustar jcameronwheel# log_parser.pl # Functions for parsing this module's logs do 'firewall-lib.pl'; # parse_webmin_log(user, script, action, type, object, ¶ms) # Converts logged information from this module into human-readable form sub parse_webmin_log { local ($user, $script, $action, $type, $object, $p) = @_; if ($type eq "rule") { return &text("log_${action}_rule", "$p->{'chain'}", "$p->{'table'}"); } elsif ($type eq "chain") { return &text("log_${action}_chain", "$p->{'chain'}", "$p->{'table'}"); } else { return $text{"log_$action"}; } } firewall/bootup.cgi0100775000567100000120000000064307701233264014354 0ustar jcameronwheel#!/usr/local/bin/perl # bootup.cgi # Enable or disable iptables at boot time require './firewall-lib.pl'; &ReadParse(); if ($in{'boot'}) { &create_firewall_init(); } elsif (defined(&disable_at_boot)) { &disable_at_boot(); } else { &foreign_require("init", "init-lib.pl"); &init::disable_at_boot("webmin-iptables"); } &webmin_log($in{'boot'} ? "bootup" : "bootdown"); &redirect("index.cgi?table=$in{'table'}");