firewall web interface

web/add/firewall/index.php

@@ -0,0 +1,76 @@
+<?php
+// Init
+error_reporting(NULL);
+ob_start();
+session_start();
+$TAB = 'FIREWALL';
+
+// Main include
+include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
+
+// Check user
+if ($_SESSION['user'] != 'admin') {
+    header("Location: /list/user");
+    exit;
+}
+
+// Check POST request
+if (!empty($_POST['ok'])) {
+
+    // Check empty fields
+    if (empty($_POST['v_action'])) $errors[] = __('action');
+    if (empty($_POST['v_protocol'])) $errors[] = __('protocol');
+    if (empty($_POST['v_port'])) $errors[] = __('port');
+    if (empty($_POST['v_ip'])) $errors[] = __('ip address');
+    if (!empty($errors[0])) {
+        foreach ($errors as $i => $error) {
+            if ( $i == 0 ) {
+                $error_msg = $error;
+            } else {
+                $error_msg = $error_msg.", ".$error;
+            }
+        }
+        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
+    }
+
+    // Protect input
+    $v_action = escapeshellarg($_POST['v_action']);
+    $v_protocol = escapeshellarg($_POST['v_protocol']);
+    $v_port = str_replace(" ",",", $_POST['v_port']);
+    $v_port = preg_replace('/\,+/', ',', $v_port);
+    $v_port = trim($v_port, ",");
+    $v_port = escapeshellarg($v_port);
+    $v_ip = escapeshellarg($_POST['v_ip']);
+    $v_comment = escapeshellarg($_POST['v_comment']);
+
+    // Add firewall rule
+    if (empty($_SESSION['error_msg'])) {
+        exec (VESTA_CMD."v-add-sys-firewall-rule ".$v_action." ".$v_protocol." ".$v_port."  ".$v_ip." ".$v_comment, $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+    }
+
+    // Flush field values on success
+    if (empty($_SESSION['error_msg'])) {
+        $_SESSION['ok_msg'] = __('RULE_CREATED_OK');
+        unset($v_port);
+        unset($v_ip);
+        unset($v_comment);
+    }
+}
+
+// Header
+include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+
+// Panel
+top_panel($user,$TAB);
+
+// Display body
+include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_firewall.html');
+
+// Flush session messages
+unset($_SESSION['error_msg']);
+unset($_SESSION['ok_msg']);
+
+// Footer
+include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');

web/bulk/firewall/index.php

@@ -0,0 +1,36 @@
+<?php
+// Init
+error_reporting(NULL);
+ob_start();
+session_start();
+
+// Main include
+include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
+
+// Check user
+if ($_SESSION['user'] != 'admin') {
+    header("Location: /list/user");
+    exit;
+}
+
+
+$rule = $_POST['rule'];
+$action = $_POST['action'];
+
+switch ($action) {
+    case 'delete': $cmd='v-delete-sys-firewall-rule';
+        break;
+    case 'suspend': $cmd='v-suspend-sys-firewall-rule';
+        break;
+    case 'unsuspend': $cmd='v-unsuspend-sys-firewall-rule';
+        break;
+    default: header("Location: /list/firewall/"); exit;
+}
+
+foreach ($rule as $value) {
+    $value = escapeshellarg($value);
+    exec (VESTA_CMD.$cmd." ".$value, $output, $return_var);
+    $restart = 'yes';
+}
+
+header("Location: /list/firewall/");

web/delete/firewall/index.php

@@ -0,0 +1,30 @@
+<?php
+// Init
+error_reporting(NULL);
+ob_start();
+session_start();
+
+// Main include
+include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
+
+// Check user
+if ($_SESSION['user'] != 'admin') {
+    header("Location: /list/user");
+    exit;
+}
+
+if (!empty($_GET['rule'])) {
+    $v_rule = escapeshellarg($_GET['rule']);
+    exec (VESTA_CMD."v-delete-sys-firewall-rule ".$v_rule, $output, $return_var);
+}
+check_return_code($return_var,$output);
+unset($output);
+
+$back = $_SESSION['back'];
+if (!empty($back)) {
+    header("Location: ".$back);
+    exit;
+}
+
+header("Location: /list/firewall/");
+exit;

web/edit/firewall/index.php

@@ -0,0 +1,87 @@
+<?php
+// Init
+error_reporting(NULL);
+ob_start();
+session_start();
+$TAB = 'FIREWALL';
+
+// Main include
+include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
+
+// Check user
+if ($_SESSION['user'] != 'admin') {
+    header("Location: /list/user");
+    exit;
+}
+
+// Check ip argument
+if (empty($_GET['rule'])) {
+    header("Location: /list/firewall/");
+    exit;
+}
+
+// List rule
+$v_rule = escapeshellarg($_GET['rule']);
+exec (VESTA_CMD."v-list-sys-firewall-rule ".$v_rule." 'json'", $output, $return_var);
+check_return_code($return_var,$output);
+$data = json_decode(implode('', $output), true);
+unset($output);
+
+// Parse rule
+$v_rule = $_GET['rule'];
+$v_action = $data[$v_rule]['ACTION'];
+$v_protocol = $data[$v_rule]['PROTOCOL'];
+$v_port = $data[$v_rule]['PORT'];
+$v_ip = $data[$v_rule]['IP'];
+$v_comment = $data[$v_rule]['COMMENT'];
+$v_date = $data[$v_rule]['DATE'];
+$v_time = $data[$v_rule]['TIME'];
+$v_suspended = $data[$v_rule]['SUSPENDED'];
+if ( $v_suspended == 'yes' ) {
+    $v_status =  'suspended';
+} else {
+    $v_status =  'active';
+}
+
+// Check POST request
+if (!empty($_POST['save'])) {
+    $v_rule = escapeshellarg($_GET['rule']);
+    $v_action = escapeshellarg($_POST['v_action']);
+    $v_protocol = escapeshellarg($_POST['v_protocol']);
+    $v_port = escapeshellarg($_POST['v_port']);
+    $v_ip = escapeshellarg($_POST['v_ip']);
+    $v_comment = escapeshellarg($_POST['v_comment']);
+
+    // Change Status
+    exec (VESTA_CMD."v-change-sys-firewall-rule ".$v_rule." ".$v_action." ".$v_protocol." ".$v_port." ".$v_ip." ".$v_comment, $output, $return_var);
+    check_return_code($return_var,$output);
+    unset($output);
+
+    $v_rule = $_GET['v_rule'];
+    $v_action = $_POST['v_action'];
+    $v_protocol = $_POST['v_protocol'];
+    $v_port = $_POST['v_port'];
+    $v_ip = $_POST['v_ip'];
+    $v_comment = $_POST['v_comment'];
+
+    // Set success message
+    if (empty($_SESSION['error_msg'])) {
+        $_SESSION['ok_msg'] = __('Changes has been saved.');
+    }
+}
+
+// Header
+include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+
+// Panel
+top_panel($user,$TAB);
+
+// Display body
+include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_firewall.html');
+
+// Flush session messages
+unset($_SESSION['error_msg']);
+unset($_SESSION['ok_msg']);
+
+// Footer
+include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');

web/list/firewall/index.php

@@ -0,0 +1,33 @@
+<?php
+session_start();
+
+$TAB = 'FIREWALL';
+
+// Main include
+include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
+
+// Check user
+if ($_SESSION['user'] != 'admin') {
+    header("Location: /list/user");
+    exit;
+}
+
+// Header
+include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+
+// Panel
+top_panel($user,$TAB);
+
+// Data
+exec (VESTA_CMD."v-list-sys-firewall json", $output, $return_var);
+$data = json_decode(implode('', $output), true);
+$data = array_reverse($data, true);
+unset($output);
+include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_firewall.html');
+
+// Back uri
+$_SESSION['back'] = $_SERVER['REQUEST_URI'];
+
+// Footer
+include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
+

web/templates/admin/add_firewall.html

@@ -0,0 +1,121 @@
+            <?php
+                $back = $_SESSION['back'];
+                if (empty($back)) {
+                    $back = "location.href='/list/firewall/'";
+                } else {
+                    $back = "location.href='".$back."'";
+                }
+            ?>
+            <table class="submenu">
+                <tr>
+                    <td style="padding: 20px 10px;" ><a class="name"><b><?php print __('Adding Firewall Rule');?></b></a>
+                        <?php
+                            if (!empty($_SESSION['error_msg'])) {
+                                echo "<span class=\"vst-error\"> → ".$_SESSION['error_msg']."</span>";
+                            } else {
+                                if (!empty($_SESSION['ok_msg'])) {
+                                    echo "<span class=\"vst-ok\"> → ".$_SESSION['ok_msg']."</span>";
+                                }
+                            }
+                        ?>
+                    </td>
+                </tr>
+            </table>
+        </div>
+
+        <form id="vstobjects" name="v_add_ip" method="post">
+            <script type="text/javascript">
+                function elementHideShow(elementToHideOrShow) {
+                    var el = document.getElementById(elementToHideOrShow);
+                    if (el.style.display == "block") {
+                        el.style.display = "none";
+                    } else {
+                        el.style.display = "block";
+                    }
+                }
+            </script>
+
+            <table class='data'>
+                <tr class="data-add">
+                    <td class="data-dotted">
+                        <table class="data-col1">
+                            <tr><td></td></tr>
+                        </table>
+                    </td>
+                    <td class="data-dotted">
+                        <table class="data-col2" width="600px">
+                            <tr>
+                                <td class="vst-text step-top">
+                                    <?php print __('Action') ?> 
+                                </td>
+                            </tr>
+                            <tr>
+                                <td>
+                                    <select class="vst-list" name="v_action">
+                                        <option value="DROP" <?php if ((!empty($v_action)) && ( $v_action == "'DROP'" )) echo 'selected'?>><?php print __('DROP') ?></option>
+                                        <option value="ACCEPT" <?php if ((!empty($v_action)) && ( $v_action == "'ACCEPT'" )) echo 'selected'?>><?php print __('ACCEPT') ?></option>
+                                    </select>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td class="vst-text input-label">
+                                    <?php print __('Protocol') ?> 
+                                </td>
+                            </tr>
+                            <tr>
+                                <td>
+                                    <select class="vst-list" name="v_protocol">
+                                        <option value="TCP" <?php if ((!empty($v_protocol)) && ( $v_protocol == "'TCP'" )) echo 'selected'?>><?php print __('TCP') ?></option>
+                                        <option value="UDP" <?php if ((!empty($v_protocol)) && ( $v_protocol == "'UDP'" )) echo 'selected'?>><?php print __('UDP') ?></option>
+                                        <option value="ICMP" <?php if ((!empty($v_protocol)) && ( $v_protocol == "'ICMP'" )) echo 'selected'?>><?php print __('ICMP') ?></option>
+                                    </select>
+                                </td>
+                            </tr>
+
+
+                            <tr>
+                                <td class="vst-text input-label">
+                                    <?php print __('Port');?> <span class="optional">(<?php print __('ranges are acceptable');?>)</span>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td>
+                                    <input type="text" size="20" class="vst-input" name="v_port" <?php if (!empty($v_port)) echo "value=".$v_port; ?>>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td class="vst-text input-label">
+                                    <?php print __('IP Address');?> <span class="optional">(<?php print __('CDIR format is supported');?>)</span>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td>
+                                    <input type="text" size="20" class="vst-input" name="v_ip" <?php if (!empty($v_ip)) echo "value=".$v_ip; ?>>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td class="vst-text input-label">
+                                    <?php print __('Comment');?> <span class="optional">(<?php print __('optional');?>)</span>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td>
+                                    <input type="text" size="20" class="vst-input" name="v_comment" maxlength="8" <?php if (!empty($v_comment)) echo "value=".$v_comment; ?>>
+                                </td>
+                            </tr>
+
+                        </table>
+                        <table class="data-col2">
+                            <tr>
+                                <td class="step-top" width="116px">
+                                    <input type="submit" name="ok" value="<?php print __('Add');?>" class="button">
+                                </td>
+                                <td class="step-top">
+                                    <input type="button" class="button" value="<?php print __('Back');?>" onclick="<?php echo $back ?>">
+                                </td>
+                            </tr>
+                        </table>
+                    </td>
+                </tr>
+            </table>
+        </from>

web/templates/admin/edit_firewall.html

@@ -0,0 +1,125 @@
+            <?php
+                $back = $_SESSION['back'];
+                if (empty($back)) {
+                    $back = "location.href='/list/firewall/'";
+                } else {
+                    $back = "location.href='".$back."'";
+                }
+            ?> 
+            <table class="submenu">
+                <tr>
+                    <td style="padding: 20px 10px;" ><a class="name"><b><?php print __('Editing Firewall Rule');?></b></a>
+                        <?php
+                            if (!empty($_SESSION['error_msg'])) {
+                                echo "<span class=\"vst-error\"> → ".$_SESSION['error_msg']."</span>";
+                            } else {
+                                if (!empty($_SESSION['ok_msg'])) {
+                                    echo "<span class=\"vst-ok\"> → ".$_SESSION['ok_msg']."</span>";
+                                }
+                            }
+                        ?> 
+                    </td>
+                </tr>
+            </table>
+        </div>
+
+        <form id="vstobjects" name="v_edit_firewall" method="post">
+
+            <script type="text/javascript">
+                function elementHideShow(elementToHideOrShow) {
+                    var el = document.getElementById(elementToHideOrShow);
+                    if (el.style.display == "block") {
+                        el.style.display = "none";
+                    } else {
+                        el.style.display = "block";
+                    }
+                }
+            </script>
+
+            <table class='data'>
+                <tr class="data-add">
+                    <td class="data-dotted">
+                        <table class="data-col1">
+                            <tr>
+                                <td>
+                                    <a class="data-date"><?php echo strftime("%d %b %Y", strtotime($v_date))?></a><br>
+                                    <a class="data-date"><?php echo $v_time?></a>
+                                </td>
+                            </tr>
+                            <tr><td class="data-<?php echo $v_status ?>"><b><?php echo __($v_status) ?></b></td></tr>
+                        </table>
+                    </td>
+                    <td class="data-dotted">
+                        <table class="data-col2" width="600px">
+                            <tr>
+                                <td class="vst-text step-top">
+                                    <?php print __('Action'); ?> 
+                                </td>
+                            </tr>
+                            <tr>
+                                <td>
+                                    <select class="vst-list" name="v_action">
+                                        <option value="DROP" <?php if ((!empty($v_action)) && ( $v_action == "DROP" )) echo 'selected'?>><?php print __('DROP') ?></option>
+                                        <option value="ACCEPT" <?php if ((!empty($v_action)) && ( $v_action == "ACCEPT" )) echo 'selected'?>><?php print __('ACCEPT') ?></option>
+                                    </select>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td class="vst-text input-label">
+                                    <?php print __('Protocol') ?> 
+                                </td>
+                            </tr>
+                            <tr>
+                                <td>
+                                    <select class="vst-list" name="v_protocol">
+                                        <option value="TCP" <?php if ((!empty($v_protocol)) && ( $v_protocol == "TCP" )) echo 'selected'?>><?php print __('TCP') ?></option>
+                                        <option value="UDP" <?php if ((!empty($v_protocol)) && ( $v_protocol == "UDP" )) echo 'selected'?>><?php print __('UDP') ?></option>
+                                        <option value="ICMP" <?php if ((!empty($v_protocol)) && ( $v_protocol == "ICMP" )) echo 'selected'?>><?php print __('ICMP') ?></option>
+                                    </select>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td class="vst-text input-label">
+                                    <?php print __('Port');?> <span class="optional">(<?php print __('ranges are acceptable');?>)</span>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td>
+                                    <input type="text" size="20" class="vst-input" name="v_port" <?php if (isset($v_port)) echo "value=".$v_port; ?>>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td class="vst-text input-label">
+                                    <?php print __('IP Address');?> <span class="optional">(<?php print __('CDIR format is supported');?>)</span>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td>
+                                    <input type="text" size="20" class="vst-input" name="v_ip" <?php if (!empty($v_ip)) echo "value=".$v_ip; ?>>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td class="vst-text input-label">
+                                    <?php print __('Comment');?> <span class="optional">(<?php print __('optional');?>)</span>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td>
+                                    <input type="text" size="20" class="vst-input" name="v_comment" maxlength="8" <?php if (!empty($v_comment)) echo "value=".$v_comment; ?>>
+                                </td>
+                            </tr>
+                        </table>
+                        <table class="data-col2">
+                            <tr>
+                                <td class="step-top" width="116px">
+                                    <input type="submit" class="button" name="save" value="<?php print __('Save');?>">
+                                </td>
+                                <td class="step-top">
+                                    <input type="button" class="button" value="<?php print __('Back');?>" onclick="<?php echo $back ?>">
+                                </td>
+                            </tr>
+                        </table>
+                    </td>
+                </tr>
+            </table>
+        </form>

web/templates/admin/list_firewall.html

@@ -0,0 +1,91 @@
+            <table class="submenu">
+                <tr>
+                    <td class="wrapper">
+                        <div class="submenu-button-block">
+                            <button class="submenu-button-main" onclick="location.href='/add/firewall/'"> <?php print __('Add Rule');?> </button>
+                        </div>
+                        <div class="submenu-search-block">
+                            <form action="/search/" method="get">
+                            <input type="text" name="q" class="submenu-search-field">
+                            <input type="submit" value="<?php print __('Search');?>" class="submenu-button-search">
+                            </form>
+                        </div>
+                        <div class="submenu-select-block">
+                            <form action="/bulk/firewall/" method="post" id="objects">
+                            <a class="submenu-select-link" href='javascript:checkedAll("objects");'> <?php print __('toggle all');?> </a>
+                            <select class="submenu-select-dropdown" name="action">
+                                <option value=""><?php print __('apply to selected');?></option>
+                                <option value="delete"><?php print __('delete');?></option>
+                            </select>
+                            <input type="submit" name="ok" value="›" class="submenu-button-select">
+                        </div>
+                        <?php display_error_block(); ?> 
+                    </td>
+                </tr>
+            </table>
+        </div>
+
+        <div id="vstobjects">
+                <table class="data">
+                    <?php
+                        foreach ($data as $key => $value) {
+                            ++$i;
+                            if ($data[$key]['SUSPENDED'] == 'yes') {
+                                $status = 'suspended';
+                                $spnd_action = 'unsuspend' ;
+                                $spnd_confirmation = 'UNSUSPEND_RULE_CONFIRMATION' ;
+                            } else {
+                                $status = 'active';
+                                $spnd_action = 'suspend' ;
+                                $spnd_confirmation = 'UNSUSPEND_RULE_CONFIRMATION' ;
+                            }
+                    ?> 
+                    <tr class="data-row">
+                        <td class="data-dotted">
+                            <table class="data-col1">
+                                <tr><td><input type="checkbox" class="ch-toggle" name="rule[]" value="<?php echo $data[$key]['RULE']?>" > </td></tr>
+                                <tr><td></td></tr>
+                            </table>
+                        </td>
+                        <td class="data-dotted">
+                            <a id="delete_link_<?php echo $i ?>" class="data-controls do_delete">
+                                <span class="do_delete">
+                                    <img src="/images/delete.png" width="7px" height="7px">
+                                    <?php print __('delete');?>
+                                    <input type="hidden" name="delete_url" value="/delete/firewall/?rule=<?php echo $data[$key]['RULE'] ?>"/>
+                                    <div id="delete_dialog_<?php echo $i ?>" class="confirmation-text-delete hidden" title="<?php print __('Confirmation');?>">
+                                        <p class="counter-value"><?php print __('DELETE_RULE_CONFIRMATION',$data[$key]['RULE']);?></p>
+                                    </div>
+                                </span>
+                            </a>
+                            <a href="/edit/firewall/?rule=<?php echo $data[$key]['RULE'] ?>" class="data-controls">
+                                <span>
+                                    <img src="/images/edit.png" width="8px" height="8px">
+                                    <?php print __('edit');?> 
+                                </span>
+                            </a>
+                            <table class="data-col5">
+                                <tr>
+                                    <td class="log" width="119px"><b><?php echo $data[$key]['ACTION'] ?></b></td>
+                                    <td class="log" width="119px"><?php echo $data[$key]['PROTOCOL']?> <?php if (!empty($data[$key]['COMMENT'])) echo '/ ' . $data[$key]['COMMENT'] ?></td>
+                                    <td class="log" width="232px"><?php echo $data[$key]['PORT'] ?></td>
+                                    <td class="log" ><?php echo $data[$key]['IP'] ?></td>
+                                </tr>
+                            </table>
+                        </td>
+                    </tr>
+                    <?php
+                        }
+                    ?> 
+                </table>
+            </form>
+            <div class="data-count">
+                <?php
+                    if ( $i == 1) {
+                        echo __('1 rule');
+                    } else {
+                        echo __('%s rules',$i);
+                    }
+                ?> 
+            </div>
+        </div>