├── .clang-format ├── .gitattributes ├── .github └── workflows │ └── builds.yml ├── .gitignore ├── AUTHORS ├── COPYING ├── ChangeLog ├── INSTALL ├── Makefile.am ├── NEWS ├── README ├── README.md ├── TODO ├── autogen.sh ├── config ├── Makefile.am ├── config.conf.sample └── vuurmuur_conf.conf.sample ├── configure.ac ├── debian ├── .keep ├── Makefile.am ├── changelog ├── compat ├── control ├── copyright ├── default │ └── vuurmuur ├── preinst ├── rules ├── vuurmuur.init ├── vuurmuur.logrotate ├── vuurmuur0.dirs ├── vuurmuur0.files └── vuurmuur0.shlibs ├── doc ├── INSTALL ├── INSTALL-RU ├── INSTALL-RU.DEBIAN ├── INSTALL-RU.MANDRAKE ├── INSTALL-RU.SUSE ├── INSTALL.DEBIAN ├── INSTALL.MANDRAKE ├── INSTALL.SLACKWARE ├── INSTALL.SUSE ├── Makefile.am ├── README └── README-RU ├── help ├── .deps │ └── vuurmuur.hlp.Po ├── Makefile.am ├── vuurmuur-fr.hlp ├── vuurmuur-ru.UTF-8.hlp ├── vuurmuur-ru.hlp └── vuurmuur.hlp ├── include ├── Makefile.am └── vuurmuur.h ├── installer ├── install.sh ├── package │ ├── libvuurmuur-0.7.ebuild │ ├── libvuurmuur-plugin-0.7.patch │ ├── slack-desc │ ├── vuurmuur-0.7.ebuild │ ├── vuurmuur.SlackBuild │ ├── vuurmuur.spec │ └── vuurmuur_conf-0.7.ebuild └── zones │ ├── dmz │ └── zone.config │ ├── inet │ ├── networks │ │ └── world │ │ │ └── network.config │ └── zone.config │ ├── lan │ └── zone.config │ └── vpn │ └── zone.config ├── lib ├── Makefile.am ├── backendapi.c ├── blocklist.c ├── config.c ├── conntrack.c ├── conntrack.h ├── filter.c ├── hash.c ├── icmp.c ├── icmp.h ├── info.c ├── interfaces.c ├── io.c ├── iptcap.c ├── libvuurmuur.c ├── linkedlist.c ├── log.c ├── proc.c ├── rules.c ├── services.c ├── shape.c ├── strlcatu.c ├── strlcpyu.c ├── textdir │ ├── Makefile.am │ ├── textdir.conf │ ├── textdir.conf.debian │ ├── textdir.h │ ├── textdir_ask.c │ ├── textdir_list.c │ ├── textdir_plugin.c │ ├── textdir_plugin.h │ └── textdir_tell.c ├── util.c └── zones.c ├── man ├── Makefile.am ├── en │ ├── Makefile.am │ ├── vuurmuur.8 │ ├── vuurmuur_conf.8 │ ├── vuurmuur_log.8 │ └── vuurmuur_script.8 └── ru │ ├── Makefile.am │ ├── vuurmuur.8 │ ├── vuurmuur_conf.8 │ ├── vuurmuur_log.8 │ └── vuurmuur_script.8 ├── po ├── ChangeLog ├── LINGUAS ├── Makefile.in.in ├── Makevars ├── POTFILES.in ├── boldquot.sed ├── de.po ├── en@boldquot.header ├── en@boldquot.po ├── en@quot.header ├── en@quot.po ├── fr.po ├── insert-header.sin ├── nb.po ├── nl.po ├── no.po ├── pt_BR.po ├── quot.sed ├── remove-potcdate.sin ├── ru.po └── stamp-po ├── scripts ├── Makefile.am ├── rc.vuurmuur ├── vuurmuur-config-setup.sh ├── vuurmuur-initd.sh ├── vuurmuur-initd.sh.suse ├── vuurmuur-logrotate ├── vuurmuur-searchlog.sh └── vuurmuur-wizard.sh ├── services ├── Makefile.am ├── aim ├── boxbackup ├── cvs ├── dns ├── ftp ├── git ├── http ├── https ├── icq ├── ident ├── imap ├── imaps ├── irc ├── jabber ├── ldap ├── lisa ├── msn ├── mysql ├── news ├── nfs ├── ntp ├── pcanywhere ├── ping ├── pop3 ├── pop3s ├── pptp ├── razor ├── rdp ├── rsync ├── samba ├── sixxs ├── smtp ├── snmp ├── snmp-trap ├── socks ├── squid-proxy ├── ssh ├── svn ├── syslog ├── telnet ├── tinc ├── traceroute ├── upnp ├── usermin ├── vnc ├── webmin ├── whois ├── windowsmedia └── yahoo ├── vuurmuur ├── Makefile.am ├── createrule.c ├── main.h ├── misc.c ├── reload.c ├── rules.c ├── ruleset.c ├── shape.c └── vuurmuur.c ├── vuurmuur_conf ├── Makefile.am ├── bw_sec.c ├── common_strings.h ├── config.c ├── config_section.c ├── conn_sec.c ├── filter.c ├── gettext.h ├── gui.c ├── gui.h ├── help.c ├── if_sec.c ├── logview_section.c ├── main.h ├── mainmenu.c ├── navigation.c ├── rules_form.c ├── services_section.c ├── stat_sec.c ├── statevent.c ├── sys_sec.c ├── templates.c ├── topmenu.c ├── vuurmuur_conf.c └── zones_section.c ├── vuurmuur_log ├── Makefile.am ├── conntrack.c ├── conntrack.h ├── logfile.c ├── logfile.h ├── nflog.c ├── nflog.h ├── stats.c ├── stats.h ├── vuurmuur_ipc.c ├── vuurmuur_ipc.h ├── vuurmuur_log.c └── vuurmuur_log.h └── vuurmuur_script ├── Makefile.am ├── backendcheck.c ├── backendcheck.h ├── script_add.c ├── script_apply.c ├── script_delete.c ├── script_dev.c ├── script_list.c ├── script_modify.c ├── script_print.c ├── script_rename.c ├── script_unblock.c ├── vuurmuur_script.c └── vuurmuur_script.h /.clang-format: -------------------------------------------------------------------------------- 1 | --- 2 | Language: Cpp 3 | # BasedOnStyle: LLVM 4 | AccessModifierOffset: -2 5 | AlignAfterOpenBracket: DontAlign 6 | AlignConsecutiveAssignments: false 7 | AlignConsecutiveDeclarations: false 8 | AlignEscapedNewlines: Right 9 | AlignOperands: true 10 | AlignTrailingComments: true 11 | AllowAllParametersOfDeclarationOnNextLine: false 12 | AllowShortBlocksOnASingleLine: false 13 | AllowShortCaseLabelsOnASingleLine: false 14 | AllowShortFunctionsOnASingleLine: None 15 | AllowShortIfStatementsOnASingleLine: false 16 | AllowShortLoopsOnASingleLine: false 17 | AlwaysBreakAfterDefinitionReturnType: None 18 | AlwaysBreakAfterReturnType: None 19 | AlwaysBreakBeforeMultilineStrings: false 20 | AlwaysBreakTemplateDeclarations: false 21 | BinPackArguments: true 22 | BinPackParameters: true 23 | BraceWrapping: 24 | AfterClass: false 25 | AfterControlStatement: false 26 | AfterEnum: true 27 | AfterFunction: true 28 | AfterNamespace: false 29 | AfterObjCDeclaration: false 30 | AfterStruct: false 31 | AfterUnion: false 32 | AfterExternBlock: false 33 | BeforeCatch: false 34 | BeforeElse: false 35 | IndentBraces: false 36 | SplitEmptyFunction: true 37 | SplitEmptyRecord: true 38 | SplitEmptyNamespace: true 39 | BreakBeforeBinaryOperators: None 40 | BreakBeforeBraces: Custom 41 | BreakBeforeInheritanceComma: false 42 | BreakBeforeTernaryOperators: true 43 | BreakConstructorInitializersBeforeComma: false 44 | BreakConstructorInitializers: BeforeColon 45 | BreakAfterJavaFieldAnnotations: false 46 | BreakStringLiterals: true 47 | ColumnLimit: 80 48 | CommentPragmas: '^ IWYU pragma:' 49 | CompactNamespaces: false 50 | ConstructorInitializerAllOnOneLineOrOnePerLine: false 51 | ConstructorInitializerIndentWidth: 4 52 | ContinuationIndentWidth: 8 53 | Cpp11BracedListStyle: true 54 | DerivePointerAlignment: false 55 | DisableFormat: false 56 | ExperimentalAutoDetectBinPacking: false 57 | FixNamespaceComments: true 58 | ForEachMacros: 59 | - foreach 60 | - Q_FOREACH 61 | - BOOST_FOREACH 62 | - TAILQ_FOREACH 63 | IncludeBlocks: Preserve 64 | IncludeCategories: 65 | - Regex: '^"(llvm|llvm-c|clang|clang-c)/' 66 | Priority: 2 67 | - Regex: '^(<|"(gtest|gmock|isl|json)/)' 68 | Priority: 3 69 | - Regex: '.*' 70 | Priority: 1 71 | IncludeIsMainRegex: '(Test)?$' 72 | IndentCaseLabels: true 73 | IndentPPDirectives: None 74 | IndentWidth: 4 75 | IndentWrappedFunctionNames: false 76 | JavaScriptQuotes: Leave 77 | JavaScriptWrapImports: true 78 | KeepEmptyLinesAtTheStartOfBlocks: true 79 | MacroBlockBegin: '' 80 | MacroBlockEnd: '' 81 | MaxEmptyLinesToKeep: 1 82 | NamespaceIndentation: None 83 | ObjCBlockIndentWidth: 2 84 | ObjCSpaceAfterProperty: false 85 | ObjCSpaceBeforeProtocolList: true 86 | PenaltyBreakAssignment: 2 87 | PenaltyBreakBeforeFirstCallParameter: 19 88 | PenaltyBreakComment: 300 89 | PenaltyBreakFirstLessLess: 120 90 | PenaltyBreakString: 1000 91 | PenaltyExcessCharacter: 1000000 92 | PenaltyReturnTypeOnItsOwnLine: 60 93 | PointerAlignment: Right 94 | RawStringFormats: 95 | - Language: TextProto 96 | Delimiters: 97 | - 'pb' 98 | BasedOnStyle: google 99 | ReflowComments: true 100 | SortIncludes: false 101 | SortUsingDeclarations: true 102 | SpaceAfterCStyleCast: false 103 | SpaceAfterTemplateKeyword: true 104 | SpaceBeforeAssignmentOperators: true 105 | SpaceBeforeParens: ControlStatements 106 | SpaceInEmptyParentheses: false 107 | SpacesBeforeTrailingComments: 1 108 | SpacesInAngles: false 109 | SpacesInContainerLiterals: true 110 | SpacesInCStyleCastParentheses: false 111 | SpacesInParentheses: false 112 | SpacesInSquareBrackets: false 113 | Standard: Cpp11 114 | TabWidth: 8 115 | UseTab: Never 116 | ... 117 | 118 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | *.po diff=po 2 | -------------------------------------------------------------------------------- /.github/workflows/builds.yml: -------------------------------------------------------------------------------- 1 | name: builds 2 | 3 | on: 4 | - push 5 | - pull_request 6 | 7 | permissions: read-all 8 | 9 | env: 10 | DEFAULT_CFLAGS: "-Wall -Wextra -Werror -Wno-unused-parameter -Wno-unused-function" 11 | 12 | # Apt sometimes likes to ask for user input, this will prevent that. 13 | DEBIAN_FRONTEND: "noninteractive" 14 | 15 | jobs: 16 | ubuntu-2004: 17 | name: Ubuntu 20.04 18 | runs-on: ubuntu-latest 19 | container: ubuntu:20.04 20 | steps: 21 | - uses: actions/checkout@v3.1.0 22 | - name: Install system dependencies 23 | run: | 24 | apt update 25 | apt-get upgrade -y 26 | apt-get -y install make \ 27 | autoconf \ 28 | build-essential \ 29 | autoconf \ 30 | automake \ 31 | dpkg-dev \ 32 | debhelper \ 33 | libtool \ 34 | make \ 35 | pkg-config \ 36 | libnetfilter-conntrack-dev \ 37 | libnetfilter-log-dev \ 38 | libmnl-dev \ 39 | libncurses5-dev \ 40 | libncursesw5-dev 41 | - run: ./autogen.sh 42 | - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --prefix=/usr --sysconfdir=/etc 43 | - run: make -j2 44 | - run: make install 45 | - run: make distcheck 46 | - run: vuurmuur -V 47 | - run: dpkg-buildpackage 48 | 49 | ubuntu-2204: 50 | name: Ubuntu 22.04 51 | runs-on: ubuntu-latest 52 | container: ubuntu:22.04 53 | steps: 54 | - uses: actions/checkout@v3.1.0 55 | - name: Install system dependencies 56 | run: | 57 | apt update 58 | apt-get upgrade -y 59 | apt-get -y install make \ 60 | autoconf \ 61 | build-essential \ 62 | autoconf \ 63 | automake \ 64 | dpkg-dev \ 65 | debhelper \ 66 | libtool \ 67 | make \ 68 | pkg-config \ 69 | libnetfilter-conntrack-dev \ 70 | libnetfilter-log-dev \ 71 | libmnl-dev \ 72 | libncurses5-dev \ 73 | libncursesw5-dev 74 | - run: ./autogen.sh 75 | - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --prefix=/usr --sysconfdir=/etc 76 | - run: make -j2 77 | - run: make install 78 | - run: make distcheck 79 | - run: vuurmuur -V 80 | - run: dpkg-buildpackage 81 | 82 | ubuntu-2204-installer: 83 | name: Ubuntu 22.04 Installer 84 | runs-on: ubuntu-latest 85 | container: ubuntu:22.04 86 | steps: 87 | - uses: actions/checkout@v3.1.0 88 | - name: Install system dependencies 89 | run: | 90 | apt update 91 | apt-get upgrade -y 92 | apt-get -y install make \ 93 | autoconf \ 94 | build-essential \ 95 | autoconf \ 96 | automake \ 97 | libtool \ 98 | gettext \ 99 | make \ 100 | pkg-config \ 101 | libnetfilter-conntrack-dev \ 102 | libnetfilter-log-dev \ 103 | libmnl-dev \ 104 | libncurses5-dev \ 105 | libncursesw5-dev 106 | - run: installer/install.sh --defaults --install --build-update 107 | - run: installer/install.sh --defaults --upgrade --build-update 108 | 109 | ubuntu-2404-sb: 110 | name: Ubuntu 24.04 scan-buid 111 | runs-on: ubuntu-latest 112 | container: ubuntu:24.04 113 | steps: 114 | - uses: actions/checkout@v3.1.0 115 | - name: Install system dependencies 116 | run: | 117 | apt update 118 | apt-get upgrade -y 119 | apt-get -y install make \ 120 | autoconf \ 121 | build-essential \ 122 | autoconf \ 123 | automake \ 124 | clang-tools-18 \ 125 | python3-clang-18 \ 126 | dpkg-dev \ 127 | debhelper \ 128 | libtool \ 129 | make \ 130 | pkg-config \ 131 | libnetfilter-conntrack-dev \ 132 | libnetfilter-log-dev \ 133 | libmnl-dev \ 134 | libncurses5-dev \ 135 | libncursesw5-dev 136 | - run: ./autogen.sh 137 | - run: CC=clang-18 CFLAGS="${DEFAULT_CFLAGS}" scan-build-18 ./configure --with-widec=no 138 | - run: CC=clang-18 scan-build-18 --status-bugs make -j2 139 | - run: make clean 140 | - run: CC=clang-18 CFLAGS="${DEFAULT_CFLAGS}" scan-build-18 ./configure --with-widec=yes 141 | - run: CC=clang-18 scan-build-18 --status-bugs make -j2 142 | 143 | centos-9-stream: 144 | name: CentOS 9 Stream 145 | runs-on: ubuntu-latest 146 | container: quay.io/centos/centos:stream9 147 | steps: 148 | - uses: actions/checkout@v3.1.0 149 | - name: Install system dependencies 150 | run: | 151 | dnf -y install dnf-plugins-core epel-release 152 | dnf config-manager --set-enabled crb 153 | dnf -y install \ 154 | autoconf \ 155 | automake \ 156 | file-devel \ 157 | gcc \ 158 | gcc-c++ \ 159 | gettext-devel \ 160 | git \ 161 | libmnl-devel \ 162 | libtool \ 163 | libnfnetlink-devel \ 164 | libnetfilter_conntrack-devel \ 165 | libnetfilter_queue-devel \ 166 | libtool \ 167 | make \ 168 | ncurses-devel \ 169 | pkgconfig \ 170 | sudo \ 171 | which 172 | - run: | 173 | git clone https://git.netfilter.org/libnetfilter_log/ 174 | cd libnetfilter_log 175 | bash autogen.sh 176 | ./configure --prefix=/usr 177 | make 178 | make install 179 | cd .. 180 | - run: ./autogen.sh 181 | - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --prefix=/usr --sysconfdir=/etc 182 | - run: make -j2 183 | - run: make install 184 | - run: make distcheck 185 | - run: ldconfig /usr/lib 186 | - run: vuurmuur -V 187 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.o 2 | *.lo 3 | *.la 4 | *.a 5 | *.gmo 6 | *~ 7 | configure 8 | Makefile 9 | Makefile.in 10 | config.guess 11 | config.h.in 12 | config.log 13 | config.rpath 14 | config.status 15 | config.sub 16 | depcomp 17 | install-sh 18 | libtool 19 | ltmain.sh 20 | missing 21 | autom4te.cache 22 | .libs 23 | .deps 24 | stamp-h1 25 | 26 | installer/install.log 27 | installer/vm_tmplog.* 28 | vm_tmplog.* 29 | 30 | # our binaries 31 | vuurmuur/vuurmuur 32 | vuurmuur_conf/vuurmuur_conf 33 | vuurmuur_log/vuurmuur_log 34 | vuurmuur_script/vuurmuur_script 35 | 36 | # autogenerated po stuff 37 | po/POTFILES 38 | po/*.pot 39 | po/Rules-quot 40 | po/en@boldquot.insert-header 41 | po/en@quot.insert-header 42 | po/remove-potcdate.sed 43 | ABOUT-NLS 44 | 45 | # config.h is autogenerated 46 | config.h 47 | 48 | # m4 files are generated 49 | aclocal.m4 50 | compile 51 | m4 52 | 53 | # ctags 54 | TAGS 55 | 56 | *.tar.gz 57 | *.log 58 | *.plist 59 | 60 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | Vuurmuur was written by Victor Julien and others. See http://www.vuurmuur.org/trac/wiki/Credits for more info. 2 | 3 | -------------------------------------------------------------------------------- /ChangeLog: -------------------------------------------------------------------------------- 1 | 2016-12-31 gettextize 2 | 3 | * m4/gettext.m4: New file, from gettext-0.19.7. 4 | * m4/iconv.m4: New file, from gettext-0.19.7. 5 | * m4/lib-ld.m4: New file, from gettext-0.19.7. 6 | * m4/lib-link.m4: New file, from gettext-0.19.7. 7 | * m4/lib-prefix.m4: New file, from gettext-0.19.7. 8 | * m4/nls.m4: New file, from gettext-0.19.7. 9 | * m4/po.m4: New file, from gettext-0.19.7. 10 | * m4/progtest.m4: New file, from gettext-0.19.7. 11 | * Makefile.am (SUBDIRS): Add po. 12 | (EXTRA_DIST): New variable. 13 | * configure.ac (AC_OUTPUT): Add po/Makefile.in. 14 | 15 | -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | # not a GNU package. You can remove this line, if 2 | # have all needed files, that a GNU package needs 3 | AUTOMAKE_OPTIONS = foreign 1.4 4 | 5 | SUBDIRS = po include lib vuurmuur vuurmuur_log vuurmuur_script vuurmuur_conf scripts services config man debian help doc 6 | 7 | ACLOCAL_AMFLAGS = -I m4 8 | 9 | EXTRA_DIST = config.rpath installer 10 | -------------------------------------------------------------------------------- /NEWS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/NEWS -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/README -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Vuurmuur 2 | ======== 3 | 4 | Introduction 5 | ------------ 6 | 7 | Vuurmuur is an iptables manager with a Ncurses GUI for easy management over SSH. 8 | 9 | Installation 10 | ------------ 11 | 12 | https://vuurmuur.org/pages/doc/installation/ 13 | 14 | User Guide 15 | ---------- 16 | 17 | https://www.vuurmuur.org/pages/doc/ 18 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/TODO -------------------------------------------------------------------------------- /autogen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | libtoolize --copy -f 4 | # gettextize wrapping to prevent the need for user input 5 | # ripped from: http://cvs.saout.de/lxr/saout/source/cryptsetup/setup-gettext 6 | sed 's:read .*< /dev/tty::' `which gettextize` > .temp-gettextize 7 | chmod +x .temp-gettextize 8 | echo n | ./.temp-gettextize --copy --force --no-changelog || abort 9 | rm -f .temp-gettextize 10 | # hack around an issue on Ubuntu 10.04: on the AC_OUTPUT line we'd see two 11 | # times a mention of intl/Makefile causing the commands below to fail. 12 | # Couldn't figure out how to make autotools behave, so hacking around it. 13 | sed -i 's/intl\/Makefile intl\/Makefile/intl\/Makefile/g' configure.ac 14 | aclocal -I m4 15 | autoheader 16 | automake --copy --add-missing 17 | autoconf 18 | 19 | -------------------------------------------------------------------------------- /config/Makefile.am: -------------------------------------------------------------------------------- 1 | configsampledir = $(datadir)/vuurmuur/config 2 | configsample_DATA = config.conf.sample vuurmuur_conf.conf.sample 3 | EXTRA_DIST = $(configsample_DATA) 4 | -------------------------------------------------------------------------------- /config/config.conf.sample: -------------------------------------------------------------------------------- 1 | # vuurmuur config file 2 | 3 | # Which plugin to use for which type of data. 4 | SERVICES_BACKEND="textdir" 5 | ZONES_BACKEND="textdir" 6 | INTERFACES_BACKEND="textdir" 7 | RULES_BACKEND="textdir" 8 | 9 | # Location of the sysctl-command (full path). 10 | SYSCTL="/sbin/sysctl" 11 | 12 | # Location of the iptables-command (full path). 13 | IPTABLES="/sbin/iptables" 14 | 15 | # Location of the iptables-restore-command (full path). 16 | IPTABLES_RESTORE="/sbin/iptables-restore" 17 | 18 | # Location of the tc-command (full path). 19 | TC="/sbin/tc" 20 | 21 | # Location of the ip6tables-command (full path). 22 | IP6TABLES="/sbin/ip6tables" 23 | 24 | # Location of the iptables-restore-command (full path). 25 | IP6TABLES_RESTORE="/sbin/ip6tables-restore" 26 | 27 | # Location of the modprobe-command (full path). 28 | MODPROBE="/sbin/modprobe" 29 | 30 | # Load modules if needed? (yes/no) 31 | LOAD_MODULES="Yes" 32 | 33 | # Wait after loading a module in 1/10th of a second 34 | MODULES_WAIT_TIME="0" 35 | 36 | # The directory where the logs will be written to (full path). 37 | LOGDIR="/var/log/vuurmuur" 38 | 39 | # Check the dynamic interfaces for changes? 40 | DYN_INT_CHECK="No" 41 | 42 | # Check every x seconds. 43 | DYN_INT_INTERVAL="30" 44 | 45 | # LOG_POLICY controls the logging of the default policy. 46 | LOG_POLICY="Yes" 47 | 48 | # LOG_POLICY_LIMIT sets the maximum number of logs per second. 49 | LOG_POLICY_LIMIT="20" 50 | 51 | # LOG_BLOCKLIST enables/disables logging of items on the blocklist. 52 | LOG_BLOCKLIST="Yes" 53 | 54 | # LOG_TCP_OPTIONS controls the logging of tcp options. This is. 55 | # not used by Vuurmuur itself. PSAD 1.4.x uses it for OS-detection. 56 | LOG_TCP_OPTIONS="No" 57 | 58 | # SYN_LIMIT sets the maximum number of SYN-packets per second. 59 | USE_SYN_LIMIT="Yes" 60 | SYN_LIMIT="10" 61 | SYN_LIMIT_BURST="20" 62 | 63 | # UDP_LIMIT sets the maximum number of udp 'connections' per second. 64 | USE_UDP_LIMIT="Yes" 65 | UDP_LIMIT="15" 66 | UDP_LIMIT_BURST="45" 67 | 68 | # Protect against syn-flooding? (yes/no) 69 | PROTECT_SYNCOOKIE="Yes" 70 | 71 | # Ignore echo-broadcasts? (yes/no) 72 | PROTECT_ECHOBROADCAST="Yes" 73 | 74 | # netfilter group (only applicable when RULE_NFLOG="Yes" 75 | NFGRP="9" 76 | 77 | # end of file 78 | -------------------------------------------------------------------------------- /config/vuurmuur_conf.conf.sample: -------------------------------------------------------------------------------- 1 | # vuurmuur_conf config file 2 | 3 | # Some parts of the Gui have advanced options that can be enabled by. 4 | # pressing F5. If you set this to yes, they will be enabled by default. 5 | ADVANCED_MODE="No" 6 | 7 | # The main menu can show status information about various parts of. 8 | # Vuurmuur. 9 | MAINMENU_STATUS="Yes" 10 | 11 | # NEWRULE_LOG enables logging for new rules. 12 | NEWRULE_LOG="Yes" 13 | 14 | # NEWRULE_LOGLIMIT sets the maximum number of logs per second for new rules. 15 | NEWRULE_LOGLIMIT="30" 16 | 17 | # LOGVIEW_BUFSIZE sets the buffersize (in loglines) of the logviewer for 18 | # scrolling back. 19 | LOGVIEW_BUFSIZE="1500" 20 | 21 | # The location of the iptrafvol.pl command. 22 | IPTRAFVOL="/usr/bin/iptrafvol.pl" 23 | 24 | # Background color: blue or black. 25 | BACKGROUND="black" 26 | 27 | # end of file 28 | -------------------------------------------------------------------------------- /debian/.keep: -------------------------------------------------------------------------------- 1 | # making sure otherwise empty dirs exist in the deb packages 2 | -------------------------------------------------------------------------------- /debian/Makefile.am: -------------------------------------------------------------------------------- 1 | EXTRA_DIST = changelog compat control copyright default preinst rules vuurmuur.init vuurmuur.logrotate .keep 2 | -------------------------------------------------------------------------------- /debian/compat: -------------------------------------------------------------------------------- 1 | 9 2 | -------------------------------------------------------------------------------- /debian/control: -------------------------------------------------------------------------------- 1 | Source: vuurmuur 2 | Priority: optional 3 | Maintainer: Victor Julien 4 | Section: contrib/net 5 | Standards-Version: 3.6.2.1 6 | Build-Depends: debhelper, libtool, libnfnetlink-dev, libmnl-dev, libnetfilter-log-dev, libnetfilter-conntrack-dev, libncurses5-dev 7 | 8 | Package: vuurmuur 9 | Architecture: any 10 | Depends: libnfnetlink0, libnetfilter-log1, libmnl0, libnetfilter-conntrack3, libncurses5 11 | Recommends: iptables, iproute 12 | Conflicts: vuurmuur-log 13 | Description: Iptables manager. 14 | Replaces: libvuurmuur, vuurmuur-conf 15 | -------------------------------------------------------------------------------- /debian/copyright: -------------------------------------------------------------------------------- 1 | This package was debianized by Victor Julien on 2 | Fri, 22 Jan 2005 10:00:42 +0100. 3 | 4 | Upstream Authors: 5 | Victor Julien 6 | 7 | Copyright: GNU General Public License version 2. 8 | On Debian GNU/Linux systems, the complete text of the GNU General 9 | Public License can be found in `/usr/share/common-licenses/GPL'. 10 | -------------------------------------------------------------------------------- /debian/default/vuurmuur: -------------------------------------------------------------------------------- 1 | # 2 | # Vuurmuur - firewall configuration daemon 3 | # 4 | 5 | # automatically start vuurmuur. Disabled by default to prevent you from 6 | # beeing locked out of your box. Please first configure vuurmuur (using 7 | # vuurmuur_conf). When you are done, set this value to 1, and try starting 8 | # vuurmuur again. 9 | # 10 | VUURMUUR_START=0 11 | -------------------------------------------------------------------------------- /debian/preinst: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # pre-install script for vuurmuur 4 | # (http://vuurmuur.sf.net) 5 | # 6 | # 2005-06-01 adi initial release 7 | # 2005-06-02 victor debhelper, /var/backups check, permissions, /etc/vuurmuur check, simpler backup date/time string 8 | # 2005-06-12 victor moved from libvuurmuur to vuurmuur 9 | 10 | # define constants 11 | ACTION=$1 12 | OLD_VERSION=$2 13 | 14 | # define useful functions 15 | exit_message() { 16 | echo $1 17 | exit 1 18 | } 19 | 20 | case $ACTION in 21 | upgrade) 22 | # 23 | # create a backup of a previous version of vuurmuur 24 | # 25 | if [ ! -d /var/backups ]; then 26 | mkdir /var/backups || \ 27 | exit_message "error creating /var/backups" 28 | echo "backup directory /var/backups created." 29 | fi 30 | 31 | if [ ! -d /var/backups/vuurmuur ]; then 32 | mkdir /var/backups/vuurmuur || \ 33 | exit_message "error creating /var/backups/vuurmuur" 34 | echo "backup directory /var/backups/vuurmuur created." 35 | fi 36 | 37 | BACKUP_DIR="/var/backups/vuurmuur/${OLD_VERSION}-$(date +'%Y.%m.%d-%H.%M')" 38 | 39 | if [ ! -d $BACKUP_DIR ]; then 40 | mkdir ${BACKUP_DIR} || \ 41 | exit_message "error creating ${BACKUP_DIR}" 42 | echo "backup directory ${BACKUP_DIR} created." 43 | else 44 | exit_message "error: directory ${BACKUP_DIR} already exists?! -- I am confused!" 45 | fi 46 | 47 | # set strict permissions on our backup since it contains sensitive data 48 | chmod 0700 ${BACKUP_DIR} || \ 49 | exit_message "settings permissions on backup directory failed!" 50 | echo "changed permissions of ${BACKUP_DIR} to 0700." 51 | 52 | if [ -d /etc/vuurmuur ]; then 53 | cp -a /etc/vuurmuur/* ${BACKUP_DIR} || \ 54 | exit_message "copying vuurmuur configuration failed!" 55 | echo "copied vuurmuur configuration to ${BACKUP_DIR}." 56 | else 57 | echo "no vuurmuur config found (no /etc/vuurmuur directory)!" 58 | fi 59 | ;; 60 | install) 61 | # nothing to do here?! 62 | ;; 63 | *) 64 | # whatever... (remove, ...) 65 | ;; 66 | esac 67 | 68 | # make sure dephelper can modify this script 69 | #DEBHELPER# 70 | 71 | exit 0 72 | -------------------------------------------------------------------------------- /debian/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | # Sample debian/rules that uses debhelper. 3 | # GNU copyright 1997 to 1999 by Joey Hess. 4 | 5 | # Uncomment this to turn on verbose mode. 6 | export DH_VERBOSE=1 7 | 8 | # This is the debhelper compatability version to use. 9 | export DH_COMPAT=9 10 | 11 | # hppa build failure workaround 12 | ifeq ($(DEB_BUILD_ARCH),hppa) 13 | CFLAGS=-fno-gcse 14 | endif 15 | 16 | CFLAGS = "-Wall -g3 -O0" 17 | 18 | autogen: autogen-stamp 19 | autogen-stamp: 20 | -sh autogen.sh 21 | touch $@ 22 | 23 | configure: configure-stamp 24 | configure-stamp: autogen-stamp 25 | dh_testdir 26 | # Add here commands to configure the package. 27 | CFLAGS=$(CFLAGS) ./configure --prefix=/usr \ 28 | --mandir=\$${prefix}/share/man \ 29 | --infodir=\$${prefix}/share/info \ 30 | --sysconfdir=/etc \ 31 | --with-widec=no 32 | 33 | touch configure-stamp 34 | 35 | build: configure-stamp build-stamp 36 | build-stamp: 37 | dh_testdir 38 | 39 | # Add here commands to compile the package. 40 | $(MAKE) 41 | 42 | touch build-stamp 43 | 44 | clean: 45 | dh_testdir 46 | dh_testroot 47 | rm -f build-stamp configure-stamp 48 | dh_auto_clean 49 | dh_clean 50 | 51 | install: build 52 | dh_testdir 53 | dh_testroot 54 | dh_clean -k 55 | dh_installdirs 56 | 57 | mkdir $(CURDIR)/debian/tmp 58 | # Add here commands to install the package into debian/tmp 59 | $(MAKE) install DESTDIR=$(CURDIR)/debian/vuurmuur 60 | 61 | # Build architecture-independent files here. 62 | binary-indep: 63 | dh_testdir 64 | dh_testroot 65 | dh_installdocs 66 | dh_installexamples 67 | dh_installman 68 | dh_installinfo 69 | # dh_installchangelogs -i ChangeLog 70 | dh_installchangelogs 71 | dh_compress 72 | dh_fixperms 73 | dh_installdeb 74 | dh_gencontrol 75 | dh_md5sums 76 | dh_builddeb 77 | 78 | # Build architecture-dependent files here. 79 | binary-arch: build install 80 | dh_testdir 81 | dh_testroot 82 | 83 | # setup the basic config structure 84 | install -m 700 -o root -g root -d debian/vuurmuur/etc/vuurmuur/ 85 | 86 | install -m 755 -o root -g root -d debian/vuurmuur/etc/vuurmuur/plugins 87 | install -m 600 -o root -g root lib/textdir/textdir.conf.debian debian/vuurmuur/etc/vuurmuur/plugins/textdir.conf 88 | 89 | install -m 700 -o root -g root -d debian/vuurmuur/etc/vuurmuur/interfaces 90 | install -m 600 -o root -g root debian/.keep debian/vuurmuur/etc/vuurmuur/interfaces/.keep 91 | 92 | install -m 700 -o root -g root -d debian/vuurmuur/etc/vuurmuur/zones 93 | install -m 600 -o root -g root debian/.keep debian/vuurmuur/etc/vuurmuur/zones/.keep 94 | 95 | install -m 700 -o root -g root -d debian/vuurmuur/etc/vuurmuur/services 96 | install -m 600 -o root -g root debian/.keep debian/vuurmuur/etc/vuurmuur/services/.keep 97 | 98 | install -m 700 -o root -g root -d debian/vuurmuur/etc/vuurmuur/rules 99 | install -m 600 -o root -g root debian/.keep debian/vuurmuur/etc/vuurmuur/rules/.keep 100 | 101 | install -m 600 -o root -g root config/config.conf.sample debian/vuurmuur/etc/vuurmuur/ 102 | install -m 600 -o root -g root config/config.conf.sample debian/vuurmuur/etc/vuurmuur/config.conf 103 | 104 | install -m 600 -o root -g root config/vuurmuur_conf.conf.sample debian/vuurmuur/etc/vuurmuur/ 105 | install -m 600 -o root -g root config/vuurmuur_conf.conf.sample debian/vuurmuur/etc/vuurmuur/vuurmuur_conf.conf 106 | 107 | # install -m 700 -o root -g root -d debian/vuurmuur/usr/share/vuurmuur/scripts/ 108 | 109 | # install -m 700 -o root -g root -d debian/vuurmuur/usr/share/vuurmuur/services/ 110 | install -m 600 -o root -g root services/* debian/vuurmuur/etc/vuurmuur/services/ 111 | 112 | install -m 700 -o root -g root -d debian/vuurmuur/var/log/vuurmuur/ 113 | install -m 600 -o root -g root debian/.keep debian/vuurmuur/var/log/vuurmuur/.keep 114 | 115 | mkdir -p $(CURDIR)/debian/vuurmuur/etc/default 116 | install -m 644 -p $(CURDIR)/debian/default/vuurmuur $(CURDIR)/debian/vuurmuur/etc/default/ 117 | 118 | dh_movefiles -a 119 | # dh_installdebconf 120 | dh_installdocs -a 121 | 122 | dh_installmenu -a 123 | dh_installlogrotate 124 | dh_installinit 125 | # dh_installcron -a 126 | dh_installman -a 127 | dh_installinfo -a 128 | # dh_installchangelogs -a ChangeLog 129 | dh_link -a 130 | # dh_strip -a 131 | dh_compress -a 132 | dh_fixperms -a 133 | dh_makeshlibs -a 134 | dh_installdeb -a 135 | # dh_shlibdeps -a 136 | dh_gencontrol -a 137 | dh_md5sums -a 138 | dh_builddeb -a 139 | 140 | binary: binary-indep binary-arch 141 | .PHONY: build clean binary-indep binary-arch binary install configure 142 | -------------------------------------------------------------------------------- /debian/vuurmuur.init: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This is an implementation of a start-script for Vuurmuur. 4 | # 5 | # (c) 2004 Victor Julien, released under GPL. 6 | 7 | ### BEGIN INIT INFO 8 | # Provides: vuurmuur 9 | # Required-Start: $syslog $network $local_fs 10 | # Required-Stop: $syslog $network $local_fs 11 | # Should-Start: 12 | # Should-Stop: 13 | # Default-Start: 1 2 3 4 5 14 | # Default-Stop: 0 6 15 | # Short-Description: Starts the Vuurmuur Firewall. 16 | # Description: Vuurmuur is a middle-end and frontend for netfilter. 17 | ### END INIT INFO 18 | 19 | # Make RedHat happy: 20 | # 21 | # chkconfig: 345 91 9 22 | # Description: Vuurmuur is a firewall. 23 | # 24 | 25 | # check for a defaults file 26 | if [ -e /etc/default/vuurmuur ]; then 27 | source /etc/default/vuurmuur 28 | else 29 | echo "No defaults found in /etc/default! Not starting vuurmuur" 30 | exit 1 31 | fi 32 | 33 | # check if VUURMUUR_START is set in defaults file and if it is set to start 34 | # vuurmuur by default 35 | if [ $VUURMUUR_START ]; then 36 | if [ $VUURMUUR_START -ne 1 ]; then 37 | echo "Starting vuurmuur disabled in /etc/default/vuurmuur! Not starting vuurmuur" 38 | exit 0 39 | fi 40 | fi 41 | 42 | # where do the executables reside? NOTE: no trailing slash 43 | VUURMUUR_LOCATION=/usr/bin 44 | 45 | # space separated list of modules to load on start, or 'none' if none ;-) 46 | MODULES_TO_LOAD="ip_tables iptable_filter iptable_mangle iptable_nat nf_conntrack_ipv4 nf_conntrack_ftp nf_nat nf_nat_ftp" 47 | #MODULES_TO_LOAD="none" 48 | 49 | PATH=/bin:/usr/bin:/sbin:/usr/sbin 50 | 51 | case "$1" in 52 | start) 53 | echo "Starting firewall: Vuurmuur:" 54 | 55 | echo -n -e "\tLoading modules:\t" 56 | if [ "$MODULES_TO_LOAD" == "none" ]; then 57 | echo "disabled." 58 | else 59 | # load the modules 60 | for MODULE in `echo $MODULES_TO_LOAD`; do 61 | modprobe $MODULE 62 | echo -n "$MODULE " 63 | done 64 | echo "" 65 | fi 66 | 67 | echo -n -e "\tLoading Vuurmuur:\t" 68 | # start vuurmuur 69 | if [ ! -f /var/run/vuurmuur.pid ]; then 70 | $VUURMUUR_LOCATION/vuurmuur -D 71 | RESULT="$?" 72 | if [ "$RESULT" = "0" ]; then 73 | echo "ok." 74 | else 75 | echo "FAILED, please check /var/log/vuurmuur/error.log." 76 | fi 77 | else 78 | PID=`cat /var/run/vuurmuur.pid | cut -d " " -f 1` 79 | echo "FAILED: already running at pid $PID." 80 | fi 81 | 82 | echo -n -e "\tLoading Vuurmuur_log:\t" 83 | # start vuurmuur_log 84 | if [ ! -f /var/run/vuurmuur_log.pid ]; then 85 | $VUURMUUR_LOCATION/vuurmuur_log 86 | RESULT="$?" 87 | if [ "$RESULT" = "0" ]; then 88 | echo "ok." 89 | else 90 | echo "FAILED." 91 | fi 92 | else 93 | PID=`cat /var/run/vuurmuur_log.pid | cut -d " " -f 1` 94 | echo "FAILED: already running at pid $PID." 95 | fi 96 | 97 | echo "Starting firewall: Vuurmuur: done" 98 | ;; 99 | stop) 100 | echo "Stopping firewall Vuurmuur:" 101 | echo -n -e "\tVuurmuur:\t" 102 | if [ $(pidof vuurmuur) ]; then 103 | kill -s INT `pidof vuurmuur` 104 | echo "stopped." 105 | else 106 | echo "not running." 107 | fi 108 | echo -n -e "\tVuurmuur_log:\t" 109 | if [ $(pidof vuurmuur_log) ]; then 110 | kill -s INT `pidof vuurmuur_log` 111 | echo "stopped." 112 | else 113 | echo "not running." 114 | fi 115 | echo "Stopping firewall Vuurmuur: done." 116 | ;; 117 | force-reload|restart) 118 | $0 stop 119 | $0 start 120 | ;; 121 | *) 122 | echo "Usage: /etc/init.d/vuurmuur {start|stop|restart|force-reload}" 123 | exit 1 124 | esac 125 | 126 | exit 0 127 | -------------------------------------------------------------------------------- /debian/vuurmuur.logrotate: -------------------------------------------------------------------------------- 1 | # logrotate for vuurmuur 2 | /var/log/vuurmuur/*.log { 3 | rotate 4 4 | weekly 5 | compress 6 | delaycompress 7 | missingok 8 | postrotate 9 | /bin/kill -HUP `pidof vuurmuur_log` 10 | endscript 11 | } 12 | -------------------------------------------------------------------------------- /debian/vuurmuur0.dirs: -------------------------------------------------------------------------------- 1 | usr/lib 2 | usr/include 3 | -------------------------------------------------------------------------------- /debian/vuurmuur0.files: -------------------------------------------------------------------------------- 1 | usr/lib/lib*.so.0* 2 | -------------------------------------------------------------------------------- /debian/vuurmuur0.shlibs: -------------------------------------------------------------------------------- 1 | libvuurmuur 0.6 vuurmuur0 (>= 0.6.0-1) 2 | -------------------------------------------------------------------------------- /doc/INSTALL: -------------------------------------------------------------------------------- 1 | Installation instructions for Vuurmuur 2 | ====================================== 3 | 4 | Unpack the installer package with: 5 | gzip -cd Vuurmuur-0.8rc2.tar.gz | tar -xvf - 6 | 7 | After this run install.sh like this: 8 | 'sh install.sh --install' for a new installation. 9 | 'sh install.sh --upgrade' for upgrading an installation. 10 | 11 | During the installation you will be asked a number of questions. Pressing 12 | will select the default. This is recommended. The default value is printed between 13 | the braces after the question. If you are sure you want to select all the default 14 | options you can run the installer like this: 15 | 'sh install.sh --install --defaults' 16 | 17 | This will install Vuurmuur into '/usr' (/usr/bin, /usr/lib, /usr/include, /usr/share/vuurmuur) 18 | and will use '/etc/vuurmuur' as configdir and '/var/log/vuurmuur' as logdir. 19 | 20 | New (versions of) services will be installed in the services map in $PREFIX/share/vuurmuur. 21 | Please copy them to your services map if you need them. 22 | 23 | If anything goes wrong see the install.log. It will (hopefully) contain pointers 24 | to what went wrong. Please contact me at victor@vuurmuur.org if you run into trouble. 25 | 26 | 27 | TROUBLESHOOTING: 28 | 29 | - If building vuurmuur_conf fails with a message of an missing macro AM_GNU_GETTEXT, then 30 | make sure gettext is installed. 31 | -------------------------------------------------------------------------------- /doc/INSTALL-RU: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/doc/INSTALL-RU -------------------------------------------------------------------------------- /doc/INSTALL-RU.DEBIAN: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/doc/INSTALL-RU.DEBIAN -------------------------------------------------------------------------------- /doc/INSTALL-RU.MANDRAKE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/doc/INSTALL-RU.MANDRAKE -------------------------------------------------------------------------------- /doc/INSTALL-RU.SUSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/doc/INSTALL-RU.SUSE -------------------------------------------------------------------------------- /doc/INSTALL.DEBIAN: -------------------------------------------------------------------------------- 1 | Instructions for creating Debian packages for Vuurmuur 2 | ====================================================== 3 | 4 | Dependencies: 5 | libtool 6 | debhelper 7 | automake 8 | autoconf 9 | gcc 10 | g++ 11 | libc6-dev 12 | libncurses5-dev 13 | 14 | First unpack the installer package with: 15 | gzip -cd Vuurmuur-0.8rc2.tar.gz | tar -xvf - 16 | 17 | Then go to the vuurmuur directory and run: 'dpkg-buildpackage' 18 | If all goes well go back one directorylevel and you will see something 19 | like: 'vuurmuur_0.8~rc2-1_i386.deb' 20 | 21 | Now install this deb using 'dpkg --install vuurmuur_0.8~rc2-1_i386.deb'. 22 | 23 | Done! 24 | 25 | Now try to run vuurmuur_conf first, as it will enable you to configure Vuurmuur. 26 | 27 | 28 | Please contact me at victor@vuurmuur.org if you run into trouble. Please append as 29 | much information and output to your mail as possible. 30 | 31 | -------------------------------------------------------------------------------- /doc/INSTALL.MANDRAKE: -------------------------------------------------------------------------------- 1 | Installation instructions for Mandrake Linux 2 | ============================================ 3 | 4 | Installing Vuurmuur on Mandrake Linux 10.1 requires some extra 5 | attention. This because for some reason Mandrake decided not to 6 | include two basic tools into the free edition of Mandrake. 7 | 8 | For successfully building and installing Vuurmuur on Mandrake 10.1 9 | you need to install at least the following packages: 10 | 11 | libtool 12 | automake 13 | autoconf 14 | glibc-devel 15 | libgpm1-devel 16 | libncurses5-devel 17 | libbinutils 18 | binutils 19 | gcc-cpp 20 | gcc 21 | m4 22 | gettext 23 | gettext-devel 24 | libgettextmisc 25 | 26 | At least two of these packages are not in the free edition. I read 27 | they are on CD4... 28 | 29 | However, you can download them from here: 30 | ftp://ftp.linux.cz/pub/linux/mandrakelinux/official/10.1/i586/media/main/ 31 | 32 | If you have installed these, you can follow the normal installation 33 | procedure. 34 | -------------------------------------------------------------------------------- /doc/INSTALL.SLACKWARE: -------------------------------------------------------------------------------- 1 | Building Vuurmuur on Slackware 2 | ============================================ 3 | 4 | I. Needed Packages 5 | II. Install from the Source (automatic) 6 | III. Install from source (manual) 7 | IV. Configuration 8 | 9 | 10 | I. Needed Packages: 11 | ------------------ 12 | 13 | To install Vuurmuur on SlackWare, please check these packages are installed: 14 | 15 | autoconf : /d/autoconf-x.xx-noarch-1 16 | automake : /d/automake-x.x.x-noarch-1 17 | binutils : /d/binutils-x.x.x.x.x-i486-3 18 | gcc : /d/gcc-x.x.x-i486-1 19 | gcc-g++ : /d/gcc-g++-x.x.x-i486-1 20 | gettext : /a/gettext-x.x.x-i486-1 21 | gettext-tools : /d/gettext-tools-x.x.x-i486-1 22 | kernel-headers : /d/kernel-headers-x.x.x-i386-1 23 | libtool : /d/libtool-x.x.x-i486-1 24 | m4 : /d/m4-x.x.x-i486-1 25 | make : /d/make-x.xx-i386-1 26 | ncurses : /l/ncurses-x.x-i486-2 27 | perl : /d/perl-x.x.x-i486-1 28 | 29 | (Install from CD or download from ftp.slackware.com or mirror 30 | (cf http://www.slackware.com/getslack/ ) ) 31 | 32 | II. Install from source (automatic): 33 | ----------------------------------- 34 | 35 | Installing from source is an easy task with the install script: 36 | 37 | 1. download the archive, e.g. Vuurmuur-0.5.68.tar.gz, and store it on your disk 38 | 2. log as root 39 | 3. unpack the archive with the command 40 | # tar -xvzf Vuurmuur-0.5.68.tar.gz 41 | 4. enter the directory Vuurmuur-0.5.68 42 | # cd Vuurmuur-0.5.68 43 | 5. Now run the install script: 44 | # sh ./install.sh --install 45 | 6. Specify '/usr/local' as the install directory (/usr is the default one) 46 | 7. Specify '/etc' as the config directory (which is the default one) 47 | 8. Specify '/var/log/vuurmuur' as the logs directory (which is the default one) 48 | 9. After some waiting you should get a success message. If errors 49 | occurs, check the logs files or try the manual way. 50 | 51 | III. Install from source (manual): 52 | --------------------------------- 53 | 54 | 1. download the archive, e.g. Vuurmuur-0.5.68.tar.gz, and store it on your disk 55 | 2. log as root 56 | 3. unpack the archive with the command 57 | # tar -xvzf Vuurmuur-0.5.68.tar.gz 58 | 4. enter the directory Vuurmuur-0.5.68 59 | # cd Vuurmuur-0.5.68 60 | 5. unpack the archives with the command 61 | # sh ./install.sh --unpack 62 | 6a. enter the 'libvuurmuur' directory 63 | 6b. run the configure script, make then install 64 | # cd libvuurmuur 65 | # ./configure --prefix=/usr/local --sysconfdir=/etc 66 | # make 67 | # make install 68 | # cd .. 69 | 7a. enter the 'vuurmuur' directory 70 | 7b. run the configure script, make then install 71 | # cd vuurmuur 72 | # ./configure --prefix=/usr/local --sysconfdir=/etc \ 73 | --with-libvuurmuur-includes=/usr/local/include \ 74 | --with-libvuurmuur-libraries=/usr/local/lib 75 | # make 76 | # make install 77 | # cd .. 78 | ( hey...why do you think an install.sh script exists ;-) ) 79 | 80 | 8a. enter the 'vuurmuur_conf' directory 81 | 8b. run the configure script, make then install 82 | # cd vuurmuur_conf 83 | # ./configure --prefix=/usr/local --sysconfdir=/etc \ 84 | --with-libvuurmuur-includes=/usr/local/include \ 85 | --with-libvuurmuur-libraries=/usr/local/lib 86 | # make 87 | # make install 88 | # cd .. 89 | 90 | IV. Configuration: 91 | ----------------- 92 | 93 | Copy the 'rc.vuurmuur' script into /etc/rc.d 94 | This script could be found in /usr/local/share/vuurmuur/scripts 95 | 96 | add in the /etc/rc.d/rc.local script: 97 | ------------------------------------------ 98 | if [ -x /etc/rc.d/rc.vuurmuur ]; then 99 | /etc/rc.d/rc.vuurmuur start 100 | fi 101 | ------------------------------------------ 102 | 103 | And last you could install the logrotate script. 104 | Simply copy /usr/local/share/vuurmuur/scripts/vuurmuur-logrotate 105 | into /etc/logrotate.d/ -------------------------------------------------------------------------------- /doc/INSTALL.SUSE: -------------------------------------------------------------------------------- 1 | Building Vuurmuur on SUSE Linux 9.1 Personal 2 | ============================================ 3 | 4 | By default Suse 9.1 Personal doesn't have all the tools installed 5 | needed to build and install Vuurmuur. You need to install at least 6 | the packages below. They can be downloaded from the Suse ftp-server. 7 | 8 | Url: 9 | ftp://ftp.suse.com/pub/suse/i386/9.1/suse/i586/ 10 | ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/ 11 | 12 | 13 | These are the packages that are needed (in-order): 14 | 15 | ftp://ftp.suse.com/pub/suse/i386/9.1/suse/i586/automake-1.8.3-23.i586.rpm 16 | ftp://ftp.suse.com/pub/suse/i386/9.1/suse/i586/m4-1.4o-622.i586.rpm 17 | ftp://ftp.suse.com/pub/suse/i386/9.1/suse/i586/autoconf-2.59-75.i586.rpm 18 | 19 | ftp://ftp.suse.com/pub/suse/i386/9.1/suse/i586/libtool-1.5.2-56.i586.rpm 20 | ftp://ftp.suse.com/pub/suse/i386/9.1/suse/i586/make-3.80-184.i586.rpm 21 | 22 | ftp://ftp.suse.com/pub/suse/i386/9.1/suse/i586/glibc-devel-2.3.3-98.i586.rpm 23 | ftp://ftp.suse.com/pub/suse/i386/9.1/suse/i586/gcc-3.3.3-41.i586.rpm 24 | 25 | ftp://ftp.suse.com/pub/suse/i386/9.1/suse/i586/ncurses-5.4-59.i586.rpm 26 | ftp://ftp.suse.com/pub/suse/i386/9.1/suse/i586/ncurses-devel-5.4-59.i586.rpm 27 | 28 | Also needed gettext: 29 | ftp://ftp.suse.com/pub/suse/i386/9.1/suse/i586/gettext-0.14.1-30.i586.rpm 30 | 31 | Install them using 'rpm -ivh '. 32 | 33 | After this follow the install procedure as described in INSTALL. 34 | -------------------------------------------------------------------------------- /doc/Makefile.am: -------------------------------------------------------------------------------- 1 | docsdir = $(datadir)/doc/vuurmuur 2 | docs_DATA = INSTALL.DEBIAN \ 3 | INSTALL.MANDRAKE \ 4 | INSTALL.SUSE \ 5 | INSTALL.SLACKWARE \ 6 | README INSTALL 7 | docsrudir = $(datadir)/doc/vuurmuur/ru 8 | docsru_DATA = INSTALL-RU \ 9 | INSTALL-RU.DEBIAN \ 10 | INSTALL-RU.MANDRAKE \ 11 | INSTALL-RU.SUSE \ 12 | README-RU 13 | EXTRA_DIST = $(docs_DATA) $(docsru_DATA) 14 | 15 | -------------------------------------------------------------------------------- /doc/README: -------------------------------------------------------------------------------- 1 | Please refer to INSTALL for information on installing Vuurmuur. 2 | 3 | Other documentation is currently only available online. Please visit 4 | https://www.vuurmuur.org/ 5 | 6 | -------------------------------------------------------------------------------- /doc/README-RU: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/doc/README-RU -------------------------------------------------------------------------------- /help/.deps/vuurmuur.hlp.Po: -------------------------------------------------------------------------------- 1 | # dummy 2 | -------------------------------------------------------------------------------- /help/Makefile.am: -------------------------------------------------------------------------------- 1 | vuurmuur_helpdir = $(datadir)/vuurmuur/help 2 | vuurmuur_help_DATA = vuurmuur-fr.hlp vuurmuur-ru.hlp vuurmuur-ru.UTF-8.hlp vuurmuur.hlp 3 | EXTRA_DIST = $(vuurmuur_help_DATA) 4 | 5 | -------------------------------------------------------------------------------- /help/vuurmuur-fr.hlp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/help/vuurmuur-fr.hlp -------------------------------------------------------------------------------- /help/vuurmuur-ru.hlp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/help/vuurmuur-ru.hlp -------------------------------------------------------------------------------- /include/Makefile.am: -------------------------------------------------------------------------------- 1 | include_HEADERS = vuurmuur.h 2 | 3 | -------------------------------------------------------------------------------- /installer/package/libvuurmuur-0.7.ebuild: -------------------------------------------------------------------------------- 1 | # Copyright 1999-2005 Gentoo Foundation 2 | # Distributed under the terms of the GNU General Public License v2 3 | # $Header: $ 4 | # Made by Tiger!P 5 | 6 | MY_PKG_NAME="Vuurmuur" 7 | DESCRIPTION="iptables frontend. Common library and plugins." 8 | HOMEPAGE="http://www.vuurmuur.org" 9 | SRC_URI="mirror://sourceforge/vuurmuur/${MY_PKG_NAME}-${PV}.tar.gz" 10 | 11 | LICENSE="GPL-2" 12 | SLOT="0" 13 | KEYWORDS="~x86 ~ppc" 14 | IUSE="" 15 | 16 | DEPEND="" 17 | RDEPEND="net-firewall/iptables" 18 | 19 | src_unpack() { 20 | unpack ${A} || die "Unpacking of ${A} did not succeed" 21 | cd ${MY_PKG_NAME}-${PV} || die "Changing to the ${MY_PKG_NAME}-${PV} directory failed" 22 | #einfo "pwd: ${PWD}" 23 | # Because we need to unpack something from the just unpacked file, we do it 24 | # like a shell command 25 | einfo "Unpacking ${P}.tar.gz" 26 | gzip -cd ${P}.tar.gz | tar xf - || die "Unpacking of ${P}.tar.gz failed" 27 | #unpack ${P}.tar.gz || die "Unpacking of ${P}.tar.gz failed" 28 | #einfo "pwd: ${PWD}" 29 | } 30 | 31 | src_compile() { 32 | #einfo "pwd: ${PWD}" 33 | cd ${WORKDIR}/${MY_PKG_NAME}-${PV}/${P} || die 34 | libtoolize -f 35 | aclocal 36 | autoheader 37 | automake 38 | autoconf 39 | #./configure --prefix=/usr --sysconfdir=/etc 40 | econf --with-plugindir=/usr/lib/vuurmuur \ 41 | --with-shareddir=/usr/share/vuurmuur || die "The configure script failed" 42 | emake || die "Making did not succeed" 43 | } 44 | 45 | src_install() { 46 | #einfo "pwd: ${PWD}" 47 | cd ${WORKDIR}/${MY_PKG_NAME}-${PV}/${P} || die "Could not change dirs" 48 | einstall 49 | insinto /etc/vuurmuur/plugins 50 | doins plugins/textdir/textdir.conf 51 | } 52 | 53 | -------------------------------------------------------------------------------- /installer/package/libvuurmuur-plugin-0.7.patch: -------------------------------------------------------------------------------- 1 | --- libvuurmuur-0.7/src/backendapi.c 2009-03-22 14:22:18.000000000 +0100 2 | +++ libvuurmuur-0.7/src/backendapi.c.modified 2009-11-02 17:07:15.000000000 +0100 3 | @@ -134,7 +134,7 @@ 4 | return(-1); 5 | } 6 | 7 | - if(snprintf(plugin_location, sizeof(plugin_location), "%s/plugins/lib%s.so", conf.plugdir, plugin_name) >= (int)sizeof(plugin_location)) 8 | + if(snprintf(plugin_location, sizeof(plugin_location), "%s/lib%s.so", conf.plugdir, plugin_name) >= (int)sizeof(plugin_location)) 9 | { 10 | (void)vrprint.error(-1, "Internal Error", "pluginpath " 11 | "overflow (in: %s:%d).", __FUNC__, __LINE__); 12 | diff -urN libvuurmuur-0.7/configure.in libvuurmuur-0.7.modified/configure.in 13 | --- libvuurmuur-0.7/configure.in 2007-05-08 19:48:12.000000000 +0200 14 | +++ libvuurmuur-0.7.modified/configure.in 2009-09-04 08:37:41.000000000 +0200 15 | @@ -17,10 +19,12 @@ 16 | [plugindir="$withval"],[plugindir=no]) 17 | 18 | if test "$plugindir" != "no"; then 19 | - CPPFLAGS="${CPPFLAGS} -DPLUGINDIR=\"${plugindir}\"" 20 | + VUURMUUR_PLUGIN_DIR="${plugindir}" 21 | else 22 | - CPPFLAGS="${CPPFLAGS} -DPLUGINDIR=\"${libdir}/vuurmuur\"" 23 | + VUURMUUR_PLUGIN_DIR="${libdir}/vuurmuur" 24 | fi 25 | +CPPFLAGS="${CPPFLAGS} -DPLUGINDIR=\"$VUURMUUR_PLUGIN_DIR\"" 26 | +AC_SUBST(VUURMUUR_PLUGIN_DIR) 27 | 28 | # shared dir option for rpm building 29 | AC_ARG_WITH(shareddir, 30 | diff -urN libvuurmuur-0.7/Makefile.am libvuurmuur-0.7.modified/Makefile.am 31 | --- libvuurmuur-0.7/Makefile.am 2007-05-08 19:48:12.000000000 +0200 32 | +++ libvuurmuur-0.7.modified/Makefile.am 2009-09-03 13:04:03.000000000 +0200 33 | @@ -2,4 +2,6 @@ 34 | # have all needed files, that a GNU package needs 35 | AUTOMAKE_OPTIONS = foreign 1.4 36 | 37 | +ACLOCAL_AMFLAGS = -I m4 38 | + 39 | SUBDIRS = src plugins doc 40 | diff -urN libvuurmuur-0.7/plugins/textdir/Makefile.am libvuurmuur-0.7.modified/plugins/textdir/Makefile.am 41 | --- libvuurmuur-0.7/plugins/textdir/Makefile.am 2009-03-22 14:53:21.000000000 +0100 42 | +++ libvuurmuur-0.7.modified/plugins/textdir/Makefile.am 2009-09-04 08:38:05.000000000 +0200 43 | @@ -1,6 +1,6 @@ 44 | # textdir plugin 45 | 46 | -libdir = "${exec_prefix}/lib/vuurmuur/plugins" 47 | +libdir = @VUURMUUR_PLUGIN_DIR@ 48 | 49 | lib_LTLIBRARIES = libtextdir.la 50 | -------------------------------------------------------------------------------- /installer/package/slack-desc: -------------------------------------------------------------------------------- 1 | # HOW TO EDIT THIS FILE: 2 | # The "handy ruler" below makes it easier to edit a package description. Line 3 | # up the first '|' above the ':' following the base package name, and the '|' 4 | # on the right side marks the last column you can put a character in. You must 5 | # make exactly 11 lines for the formatting to be correct. It's also 6 | # customary to leave one space after the ':'. 7 | 8 | |-----handy-ruler----------------------------------------------------| 9 | vuurmuur: Vuurmuur-0.6 10 | vuurmuur: 11 | vuurmuur: Vuurmuur is a powerful middle-end/front-end for netfilter/iptables 12 | vuurmuur: aimed at system-administrators who need a decent firewall, but 13 | vuurmuur: don't have netfilter specific knowledge. It is distributed under 14 | vuurmuur: the terms of the GNU GPL. 15 | vuurmuur: 16 | vuurmuur: Documentations available 17 | vuurmuur: http://vuurmuur.sourceforge.net/ 18 | vuurmuur: http://www.vuurmuur.org/ 19 | vuurmuur: 20 | 21 | -------------------------------------------------------------------------------- /installer/package/vuurmuur-0.7.ebuild: -------------------------------------------------------------------------------- 1 | # Copyright 1999-2005 Gentoo Foundation 2 | # Distributed under the terms of the GNU General Public License v2 3 | # $Header: $ 4 | # Made by Tiger!P 5 | 6 | MY_PKG_NAME="Vuurmuur" 7 | DESCRIPTION="Iptables frontend. Rule- and logdaemons and commandline utils." 8 | HOMEPAGE="http://www.vuurmuur.org" 9 | SRC_URI="mirror://sourceforge/vuurmuur/${MY_PKG_NAME}-${PV}.tar.gz" 10 | 11 | LICENSE="GPL-2" 12 | SLOT="0" 13 | KEYWORDS="~x86 ~ppc" 14 | IUSE="" 15 | 16 | DEPEND="" 17 | RDEPEND="net-firewall/iptables 18 | =net-libs/libvuurmuur-${PV}" 19 | 20 | src_unpack() { 21 | unpack ${A} || die "Unpacking of ${A} did not succeed" 22 | cd ${MY_PKG_NAME}-${PV} || die "Changing to the ${MY_PKG_NAME}-${PV} directory failed" 23 | # Because we need to unpack something from the just unpacked file, we do it 24 | # like a shell command 25 | einfo "Unpacking ${P}.tar.gz" 26 | gzip -cd ${P}.tar.gz | tar xf - || die "Unpacking of ${P}.tar.gz failed" 27 | } 28 | 29 | src_compile() { 30 | cd ${WORKDIR}/${MY_PKG_NAME}-${PV}/${P} || die 31 | libtoolize -f 32 | aclocal 33 | autoheader 34 | automake 35 | autoconf 36 | econf --with-libvuurmuur-includes=/usr/include \ 37 | --with-libvuurmuur-libraries=/usr/lib || die "The configure script failed" 38 | emake || die "Making did not succeed" 39 | } 40 | 41 | src_install() { 42 | cd ${WORKDIR}/${MY_PKG_NAME}-${PV}/${P} || die "Could not change dirs" 43 | einstall 44 | # TODO Still need to install the init.d script as a real script in the real 45 | # place and also warn the user to enable it when needed. 46 | doinitd ${FILESDIR}/vuurmuur 47 | ewarn "Start the vuurmuur service before using it" 48 | diropts -m0700 49 | dodir /etc/vuurmuur 50 | dodir /etc/vuurmuur/textdir/interface 51 | dodir /etc/vuurmuur/textdir/services 52 | dodir /etc/vuurmuur/textdir/rules 53 | insopts -m0600 54 | insinto /etc/logrotate.d 55 | newins scripts/vuurmuur-logrotate vuurmuur 56 | insinto /etc/vuurmuur 57 | newins skel/etc/vuurmuur/config.conf.sample config.conf 58 | cd .. 59 | insinto /etc/vuurmuur/textdir 60 | doins -r zones 61 | dodir /etc/vuurmuur/textdir/zones/dmz/networks 62 | dodir /etc/vuurmuur/textdir/zones/ext/networks/internet/hosts 63 | dodir /etc/vuurmuur/textdir/zones/ext/networks/internet/groups 64 | dodir /etc/vuurmuur/textdir/zones/lan/networks 65 | dodir /etc/vuurmuur/textdir/zones/vpn/networks 66 | } 67 | 68 | -------------------------------------------------------------------------------- /installer/package/vuurmuur.spec: -------------------------------------------------------------------------------- 1 | %define name vuurmuur 2 | %define version 0.8.2 3 | %define release 1 4 | %define root_prefix_vm %{_prefix}/ 5 | # %define conf_prefix_vm %{_sysconfdir}/ 6 | %define conf_prefix_vm /etc/ 7 | %define share_prefix %{_datadir}/ 8 | %define logdir /var/log/%{name}/ 9 | %define locale_prefix %{share_prefix}locale/ 10 | %define docdir %{_defaultdocdir}/ 11 | 12 | Name: %{name} 13 | Version: %{version} 14 | Release: %{release}%{?dist} 15 | Vendor: Victor Julien 16 | License: GNU GPL 17 | URL: https://www.vuurmuur.org/ 18 | Group: System Environment/Daemons 19 | Summary: middle and front-end for netfilter/iptables with ncurses interface 20 | BuildRoot: %{_tmppath}/%{name}-%{version}-root 21 | Packager: Victor Julien 22 | Source0: %{name}-%{version}.tar.gz 23 | Requires: iptables, libnetfilter_log, libnetfilter_conntrack, libmnl, ncurses 24 | 25 | %define root_prefix ${RPM_BUILD_ROOT}%{root_prefix_vm} 26 | %define conf_prefix ${RPM_BUILD_ROOT}%{conf_prefix_vm} 27 | 28 | %description 29 | Vuurmuur is a powerful middle-end/front-end for netfilter/iptables aimed 30 | at system-administrators who need a decent firewall, but don't have netfilter 31 | specific knowledge. 32 | The program is basicly split into three pieces. One piece (the middle-end) 33 | converts humanly-readable rules, hosts, groups, networks, zones, interfaces 34 | and services into a iptables ruleset (or optional into a bash-script). The 35 | second part is a little daemon that converts the netfiler logs to easy 36 | readable logs, that reflect all the predefined objects described above. The 37 | third part is a Ncurses-based Gui (the front-end) in which one can manage 38 | the firewall. Most important here is the real-time feedback. Logs can be 39 | viewed in real-time, using colours for easy interpretation. Also, the current 40 | connections can be viewed in real-time. Filtering possibilities make it easy 41 | to monitor specific hosts or services. 42 | 43 | %prep 44 | %setup 45 | 46 | %build 47 | libtoolize --copy -f 48 | aclocal -I m4 49 | autoheader 50 | automake --copy --add-missing 51 | autoconf 52 | %configure --prefix=%{root_prefix_vm} \ 53 | --sysconfdir=%{conf_prefix_vm} 54 | make 55 | 56 | 57 | %install 58 | %makeinstall prefix=%{root_prefix} 59 | mkdir -p -m 0700 %{conf_prefix}%{name}/plugins \ 60 | %{conf_prefix}%{name}/interfaces \ 61 | %{conf_prefix}%{name}/services \ 62 | %{conf_prefix}%{name}/zones \ 63 | %{conf_prefix}%{name}/rules \ 64 | %{conf_prefix}init.d \ 65 | ${RPM_BUILD_ROOT}%{logdir} \ 66 | %{root_prefix} 67 | 68 | touch %{conf_prefix}%{name}/plugins/textdir.conf \ 69 | %{conf_prefix}%{name}/rules/rules.conf \ 70 | %{conf_prefix}%{name}/rules/blocklist.conf \ 71 | %{conf_prefix}%{name}/config.conf 72 | echo "LOCATION=\"%{conf_prefix_vm}%{name}\"" > %{conf_prefix}%{name}/plugins/textdir.conf 73 | if [ %{root_prefix_vm} != %{_prefix}/ ]; then 74 | mv %{root_prefix}share ${RPM_BUILD_ROOT}%{_prefix} 75 | fi 76 | find $RPM_BUILD_ROOT -name "*.la" -delete 77 | 78 | # if [ %{share_prefix}doc/ != %{docdir} ]; then 79 | # mkdir -p -m 0700 ${RPM_BUILD_ROOT}%{docdir} 80 | # mv ${RPM_BUILD_ROOT}%{share_prefix}doc/%{name} ${RPM_BUILD_ROOT}%{docdir} 81 | # fi 82 | #PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$PATH" 83 | #scr_suffix="" 84 | #if [ -f /etc/*-release ]; then 85 | # case $(cat /etc/*-release) in 86 | # *[sS][uU][sS][eE]*) 87 | # scr_suffix=".suse" 88 | # ;; 89 | # *[mM][aA][nN][dD][rR]*) 90 | # scr_suffix=".mandr" 91 | # ;; 92 | # *[fF][eE][dD][oO][rR][aA]*) 93 | # scr_suffix=".fc" 94 | # ;; 95 | # esac 96 | #else 97 | # if [ $(which insserv) ]; then 98 | # scr_suffix=".suse" 99 | # fi 100 | #fi 101 | IPTABLES="/usr/sbin/iptables" 102 | IP6TABLES="/usr/sbin/ip6tables" 103 | IPTABLESR="/usr/sbin/iptables-restore" 104 | IP6TABLESR="/usr/sbin/ip6tables-restore" 105 | TC="/usr/sbin/tc" 106 | MODPROBE="/usr/sbin/modprobe" 107 | 108 | sed -e 's|=\/usr\/|='%{root_prefix_vm}'|' \ 109 | ${RPM_BUILD_ROOT}%{share_prefix}%{name}/scripts/vuurmuur-initd.sh > %{conf_prefix}init.d/%{name} 110 | sed -e 's|^\(IPTABLES=\).*|\1\"'$IPTABLES'\"| 111 | s|^\(IPTABLES_RESTORE=\).*|\1\"'$IPTABLESR'\"| 112 | s|^\(IP6TABLES=\).*|\1\"'$IP6TABLES'\"| 113 | s|^\(IP6TABLES_RESTORE=\).*|\1\"'$IP6TABLESR'\"| 114 | s|^\(TC=\).*|\1\"'$TC'\"| 115 | s|^\(MODPROBE=\).*|\1\"'$MODPROBE'\"| 116 | s|^\(LOGDIR=\).*|\1\"'%{logdir}'\"| 117 | ' ${RPM_BUILD_ROOT}%{share_prefix}%{name}/config/config.conf.sample > %{conf_prefix}%{name}/config.conf 118 | cp ${RPM_BUILD_ROOT}%{share_prefix}%{name}/services/* %{conf_prefix}%{name}/services/ 119 | cp -r --preserve=mode ${RPM_BUILD_DIR}/%{name}-%{version}/installer/zones/* %{conf_prefix}%{name}/zones/ 120 | 121 | chmod 0744 %{conf_prefix}init.d/%{name} 122 | chmod 0600 %{conf_prefix}%{name}/rules/blocklist.conf \ 123 | %{conf_prefix}%{name}/rules/rules.conf \ 124 | %{conf_prefix}%{name}/plugins/textdir.conf \ 125 | %{conf_prefix}%{name}/config.conf 126 | 127 | %pre 128 | 129 | %post 130 | #chkconfig --add vuurmuur 131 | #/etc/init.d/vuurmuur start > /dev/null 2>&1 || : 132 | 133 | %preun 134 | /etc/init.d/vuurmuurin stop > /dev/null 2>&1 || : 135 | chkconfig --del vuurmuur 136 | 137 | %postun 138 | 139 | 140 | %clean 141 | [ "${RPM_BUILD_ROOT}" != "/" ] && [ -d ${RPM_BUILD_ROOT} ] && rm -rf ${RPM_BUILD_ROOT} 142 | 143 | 144 | %files 145 | %defattr(-, root, root) 146 | %config(noreplace) %{conf_prefix_vm}%{name}/plugins/ 147 | %config(noreplace) %{conf_prefix_vm}%{name}/interfaces/ 148 | %config(noreplace) %{conf_prefix_vm}%{name}/rules/ 149 | %config(noreplace) %{conf_prefix_vm}%{name}/zones/ 150 | %config(noreplace) %{conf_prefix_vm}%{name}/services/* 151 | %config(noreplace) %{conf_prefix_vm}%{name}/config.conf 152 | %config /etc/init.d/%{name} 153 | %{root_prefix_vm}include/vuurmuur.h 154 | %{root_prefix_vm}bin/%{name} 155 | %{root_prefix_vm}bin/%{name}_log 156 | %{root_prefix_vm}bin/%{name}_script 157 | %{root_prefix_vm}bin/%{name}_conf 158 | %{_libdir}/libvuurmuur.a 159 | %{_libdir}/libvuurmuur.so 160 | %{_libdir}/libvuurmuur.so.0 161 | %{_libdir}/libvuurmuur.so.0.6.0 162 | %{_mandir}/man8/vuurmuur.8* 163 | %{_mandir}/man8/vuurmuur_log.8* 164 | %{_mandir}/man8/vuurmuur_script.8* 165 | %{_mandir}/man8/vuurmuur_conf.8* 166 | %{_mandir}/ru/man8/vuurmuur.8* 167 | %{_mandir}/ru/man8/vuurmuur_log.8* 168 | %{_mandir}/ru/man8/vuurmuur_script.8* 169 | %{_mandir}/ru/man8/vuurmuur_conf.8* 170 | %{locale_prefix}/*/LC_MESSAGES/%{name}.mo 171 | %doc %{docdir}%{name}/ 172 | %dir %{logdir} 173 | %{share_prefix}%{name}/ 174 | 175 | 176 | %changelog 177 | 178 | -------------------------------------------------------------------------------- /installer/package/vuurmuur_conf-0.7.ebuild: -------------------------------------------------------------------------------- 1 | # Copyright 1999-2005 Gentoo Foundation 2 | # Distributed under the terms of the GNU General Public License v2 3 | # $Header: $ 4 | # Made by Tiger!P 5 | 6 | MY_PKG_NAME="Vuurmuur" 7 | DESCRIPTION="Iptables frontend. Ncurses GUI, for administration and monitoring." 8 | HOMEPAGE="http://www.vuurmuur.org" 9 | SRC_URI="mirror://sourceforge/vuurmuur/${MY_PKG_NAME}-${PV}.tar.gz" 10 | 11 | LICENSE="GPL-2" 12 | SLOT="0" 13 | KEYWORDS="~x86 ~ppc" 14 | IUSE="" 15 | 16 | DEPEND="" 17 | RDEPEND="net-firewall/iptables 18 | =net-libs/libvuurmuur-${PV} 19 | =net-firewall/vuurmuur-${PV} 20 | >=sys-libs/ncurses-5" 21 | 22 | src_unpack() { 23 | unpack ${A} || die "Unpacking of ${A} did not succeed" 24 | cd ${MY_PKG_NAME}-${PV} || die "Changing to the ${MY_PKG_NAME}-${PV} directory failed" 25 | #einfo "pwd: ${PWD}" 26 | # Because we need to unpack something from the just unpacked file, we do it 27 | # like a shell command 28 | einfo "Unpacking ${P}.tar.gz" 29 | gzip -cd ${P}.tar.gz | tar xf - || die "Unpacking of ${P}.tar.gz failed" 30 | #unpack ${P}.tar.gz || die "Unpacking of ${P}.tar.gz failed" 31 | #einfo "pwd: ${PWD}" 32 | } 33 | 34 | src_compile() { 35 | #einfo "pwd: ${PWD}" 36 | cd ${WORKDIR}/${MY_PKG_NAME}-${PV}/${P} || die 37 | libtoolize -f 38 | aclocal 39 | autoheader 40 | automake 41 | autoconf 42 | econf --with-libvuurmuur-includes=/usr/include \ 43 | --with-libvuurmuur-libraries=/usr/lib --with-localedir=/usr/share/locale \ 44 | --with-widec=yes \ 45 | || die "The configure script failed" 46 | emake || die "Making did not succeed" 47 | } 48 | 49 | src_install() { 50 | #einfo "pwd: ${PWD}" 51 | cd ${WORKDIR}/${MY_PKG_NAME}-${PV}/${P} || die "Could not change dirs" 52 | einstall 53 | } 54 | 55 | -------------------------------------------------------------------------------- /installer/zones/dmz/zone.config: -------------------------------------------------------------------------------- 1 | # begin of file 2 | 3 | ACTIVE="Yes" 4 | COMMENT="DMZ: De-Militarized Zone. Put your DMZ in here. A DMZ is well suited for public accessible servers (e.g. mailserver) or untrusted clients (e.g. laptops)." 5 | 6 | # end of file 7 | -------------------------------------------------------------------------------- /installer/zones/inet/networks/world/network.config: -------------------------------------------------------------------------------- 1 | # begin of file 2 | 3 | ACTIVE="Yes" 4 | NETWORK="0.0.0.0" 5 | NETMASK="0.0.0.0" 6 | INTERFACE="" 7 | COMMENT="The internet." 8 | 9 | # end of file 10 | -------------------------------------------------------------------------------- /installer/zones/inet/zone.config: -------------------------------------------------------------------------------- 1 | # begin of file 2 | 3 | ACTIVE="Yes" 4 | COMMENT="Ext. External networks. Put in the network(s) external to your organisation or home, like internet." 5 | 6 | # end of file 7 | -------------------------------------------------------------------------------- /installer/zones/lan/zone.config: -------------------------------------------------------------------------------- 1 | # begin of file 2 | 3 | ACTIVE="Yes" 4 | COMMENT="Lan: Local Area Network. Put your LAN-network in here." 5 | 6 | # end of file 7 | -------------------------------------------------------------------------------- /installer/zones/vpn/zone.config: -------------------------------------------------------------------------------- 1 | # begin of file 2 | 3 | ACTIVE="Yes" 4 | COMMENT="VPN. Virtual Private Network. Put the networks that are accessible through VPN-connections in here." 5 | 6 | # end of file 7 | -------------------------------------------------------------------------------- /lib/Makefile.am: -------------------------------------------------------------------------------- 1 | lib_LTLIBRARIES = libvuurmuur.la 2 | libvuurmuur_la_LDFLAGS = -version-info 6:0:6 3 | libvuurmuur_la_LIBADD = textdir/libtextdir.la $(NFNETLINK_LIBS) $(LIBMNL_LIBS) $(LIBNETFILTER_CONNTRACK_LIBS) 4 | 5 | libvuurmuur_la_SOURCES = \ 6 | backendapi.c \ 7 | blocklist.c \ 8 | config.c \ 9 | conntrack.c conntrack.h \ 10 | filter.c \ 11 | hash.c \ 12 | icmp.c icmp.h \ 13 | info.c \ 14 | interfaces.c \ 15 | io.c \ 16 | iptcap.c \ 17 | libvuurmuur.c \ 18 | linkedlist.c \ 19 | log.c \ 20 | proc.c \ 21 | rules.c \ 22 | services.c \ 23 | shape.c \ 24 | strlcatu.c \ 25 | strlcpyu.c \ 26 | util.c \ 27 | zones.c 28 | 29 | AM_CFLAGS = -DLIBDIR=$(libdir) -DSYSCONFDIR=$(sysconfdir) 30 | noinst_HEADERS = conntrack.h icmp.h 31 | SUBDIRS=textdir 32 | 33 | -------------------------------------------------------------------------------- /lib/conntrack.h: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2002-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | #ifndef __CONNTRACK_H__ 22 | #define __CONNTRACK_H__ 23 | 24 | /* 25 | UNDEFINED=0, 26 | TCP_ESTABLISHED, 27 | UDP_ESTABLISHED, 28 | SYN_SENT, 29 | SYN_RECV, 30 | FIN_WAIT, 31 | TIME_WAIT, 32 | CLOSE, 33 | CLOSE_WAIT, 34 | UNREPLIED, 35 | NONE, 36 | */ 37 | 38 | char *conn_status[] = { 39 | "UNDEFINED", 40 | "TCP_ESTABLISHED", 41 | "UDP_ESTABLISHED", 42 | "SYN_SENT", 43 | "SYN_RECV", 44 | "FIN_WAIT", 45 | "TIME_WAIT", 46 | "CLOSE", 47 | "CLOSE_WAIT", 48 | "UNREPLIED", 49 | "NONE", 50 | "ERROR", 51 | }; 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /lib/filter.c: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2002-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | #include "config.h" 22 | #include "vuurmuur.h" 23 | 24 | void vrmr_filter_setup(struct vrmr_filter *filter) 25 | { 26 | assert(filter); 27 | 28 | memset(filter, 0, sizeof(struct vrmr_filter)); 29 | } 30 | 31 | void vrmr_filter_cleanup(struct vrmr_filter *filter) 32 | { 33 | assert(filter); 34 | 35 | if (filter->reg_active == TRUE) { 36 | /* first remove old regex */ 37 | regfree(&filter->reg); 38 | /* set reg_active to false */ 39 | filter->reg_active = FALSE; 40 | } 41 | 42 | memset(filter, 0, sizeof(struct vrmr_filter)); 43 | } 44 | -------------------------------------------------------------------------------- /lib/icmp.c: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2002-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | #include "config.h" 22 | #include "vuurmuur.h" 23 | #include "icmp.h" 24 | 25 | int vrmr_get_icmp_name_short( 26 | int type, int code, char *name, size_t size, int only_code) 27 | { 28 | int i = 0, k = 0; 29 | 30 | assert(name); 31 | 32 | /* type validation */ 33 | if (type < 0 || type > 255) { 34 | snprintf(name, size, "illegal icmp (%d.%d)", type, code); 35 | return (0); 36 | } 37 | #ifndef HAVE_IPV6 38 | else if (type > 40 && type <= 255) { 39 | snprintf(name, size, "reserved icmp (%d.%d)", type, code); 40 | return (0); 41 | } 42 | #endif /* HAVE_IPV6 */ 43 | 44 | /* loop trough vrmr_icmp_types until we reach the end (-1) */ 45 | for (i = 0; vrmr_icmp_types[i].type != -1; i++) { 46 | if (vrmr_icmp_types[i].type == type) { 47 | if (vrmr_icmp_types[i].has_code == 1) { 48 | /* 49 | if we called with code == -1, it means we don't want to know 50 | about the code 51 | */ 52 | if (code == -1) { 53 | (void)strlcpy(name, vrmr_icmp_types[i].short_name, size); 54 | return (0); 55 | } 56 | 57 | /* 58 | now look for the code 59 | */ 60 | for (k = 0; vrmr_icmp_codes[k].type != -1; k++) { 61 | if (vrmr_icmp_codes[k].type == type) { 62 | if (vrmr_icmp_codes[k].code == code) { 63 | if (only_code == 0) { 64 | snprintf(name, size, "%s(%s)", 65 | vrmr_icmp_types[i].short_name, 66 | vrmr_icmp_codes[k].short_name); 67 | } else { 68 | (void)strlcpy(name, 69 | vrmr_icmp_codes[k].short_name, size); 70 | } 71 | 72 | return (0); 73 | } 74 | } 75 | } 76 | /* if we get here, the code was not found */ 77 | snprintf(name, size, "%s(err:%d)", 78 | vrmr_icmp_types[i].short_name, code); 79 | return (0); 80 | } else { 81 | (void)strlcpy(name, vrmr_icmp_types[i].short_name, size); 82 | return (0); 83 | } 84 | } 85 | } 86 | snprintf(name, size, "unknown icmp (%d.%d)", type, code); 87 | 88 | return (0); 89 | } 90 | 91 | // return 1 if found 92 | // 0 if done 93 | int vrmr_list_icmp_types(int *type, int *has_code, int *number) 94 | { 95 | if (vrmr_icmp_types[*number].type != -1) { 96 | // fprintf(stdout, "icmp type: %d(%d), %s\n", *type, 97 | // vrmr_icmp_types[*number].type, vrmr_icmp_types[*number].short_name); 98 | 99 | *type = vrmr_icmp_types[*number].type; 100 | *has_code = vrmr_icmp_types[*number].has_code; 101 | 102 | *number = *number + 1; 103 | 104 | return (1); 105 | } else 106 | return (0); 107 | } 108 | 109 | // return 1 if found 110 | // 0 if done 111 | int vrmr_list_icmp_codes(int type, int *code, int *number) 112 | { 113 | // find the first of our type 114 | if (vrmr_icmp_codes[*number].type < type) { 115 | // fprintf(stdout, "find first type match\n"); 116 | 117 | while (vrmr_icmp_codes[*number].type != type && 118 | vrmr_icmp_codes[*number].type != -1) 119 | *number = *number + 1; 120 | 121 | // fprintf(stdout, "number: %d (%d %d)\n", *number, type, 122 | // vrmr_icmp_codes[*number].type); 123 | } 124 | 125 | if (vrmr_icmp_codes[*number].type != -1) { 126 | // fprintf(stdout, "type match\n"); 127 | 128 | if (vrmr_icmp_codes[*number].type == type) { 129 | *code = vrmr_icmp_codes[*number].code; 130 | 131 | *number = *number + 1; 132 | 133 | return (1); 134 | } 135 | 136 | return (0); 137 | } else 138 | return (0); 139 | } 140 | -------------------------------------------------------------------------------- /lib/proc.c: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2002-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | #include "config.h" 22 | #include "vuurmuur.h" 23 | 24 | int vrmr_read_proc_entry(const char *proc_entry, int *value) 25 | { 26 | int retval = 0, result = 0; 27 | FILE *fp = NULL; 28 | size_t entry_length = 0, i = 0, j = 0; 29 | 30 | vrmr_debug(HIGH, "** start **"); 31 | 32 | entry_length = strlen(proc_entry); 33 | if (entry_length >= VRMR_MAX_PROC_ENTRY_LENGHT) { 34 | vrmr_error(-1, "Error", "proc_entry is too long (%d, max: %d)", 35 | (int)entry_length, VRMR_MAX_PROC_ENTRY_LENGHT); 36 | return (-1); 37 | } 38 | 39 | for (i = 0, j = 0; i <= entry_length; i++) { 40 | if (proc_entry[i] != '*') { 41 | j++; 42 | } else { 43 | vrmr_error(-1, "Error", "Opening '%s' failed: %s", proc_entry, 44 | strerror(errno)); 45 | return (-1); 46 | } 47 | } 48 | 49 | if (retval >= 0) { 50 | fp = fopen(proc_entry, "r"); 51 | if (!fp) { 52 | vrmr_error(-1, "Error", "Opening '%s' failed: %s", proc_entry, 53 | strerror(errno)); 54 | return (-1); 55 | } else { 56 | /* just read the first character */ 57 | result = fgetc(fp); 58 | result = result - 48; 59 | 60 | fclose(fp); 61 | *value = result; 62 | } 63 | } 64 | 65 | return (retval); 66 | } 67 | 68 | int vrmr_set_proc_entry(struct vrmr_config *cnf, const char *proc_entry, 69 | int proc_set, const char *who) 70 | { 71 | size_t i = 0, j = 0, entry_length = 0; 72 | int retval = 0; 73 | FILE *fp = NULL; 74 | 75 | char entry[VRMR_MAX_PROC_ENTRY_LENGHT] = "", 76 | entry_last[VRMR_MAX_PROC_ENTRY_LENGHT] = "", 77 | total_entry[VRMR_MAX_PROC_ENTRY_LENGHT * 2] = ""; 78 | int proc_int = 0; 79 | 80 | assert(cnf); 81 | 82 | /* first check if we have an '*' in the proc_entry */ 83 | entry_length = strlen(proc_entry); 84 | if (entry_length >= VRMR_MAX_PROC_ENTRY_LENGHT) { 85 | vrmr_error(-1, "Error", "proc_entry is too long (%d, max: %d)", 86 | (int)entry_length, VRMR_MAX_PROC_ENTRY_LENGHT); 87 | return (-1); 88 | } 89 | 90 | for (i = 0, j = 0; i <= entry_length; i++) { 91 | if (proc_entry[i] != '*') { 92 | if (proc_int == 0) 93 | entry[i] = proc_entry[i]; 94 | 95 | if (proc_int == 1) { 96 | entry_last[j] = proc_entry[i]; 97 | j++; 98 | } 99 | } else { 100 | entry[i] = '\0'; 101 | proc_int = 1; 102 | } 103 | } 104 | 105 | if (proc_int == 1) { 106 | if (who == NULL) { 107 | vrmr_error(-1, "Error", "No 'who' supplied"); 108 | return (-1); 109 | } 110 | 111 | snprintf(total_entry, sizeof(total_entry), "%s%s%s", entry, who, 112 | entry_last); 113 | if (!cnf->bash_out) { 114 | fp = fopen(total_entry, "w"); 115 | if (!fp) { 116 | vrmr_error(-1, "Error", "opening proc entry '%s' failed: %s", 117 | total_entry, strerror(errno)); 118 | retval = -1; 119 | } else { 120 | /* TODO: returncode */ 121 | fputc(proc_set + 48, fp); 122 | vrmr_debug(MEDIUM, 123 | "setting '%d' to proc entry '%s' succesfull.", proc_set, 124 | total_entry); 125 | 126 | fclose(fp); 127 | } 128 | } else { 129 | /* for bash output */ 130 | fprintf(stdout, "echo \"%d\" > %s\n", proc_set, total_entry); 131 | } 132 | 133 | } else { 134 | if (!cnf->bash_out) { 135 | if (!(fp = fopen(proc_entry, "w"))) { 136 | vrmr_error(-1, "Error", "Opening proc entry '%s' failed: %s", 137 | proc_entry, strerror(errno)); 138 | retval = -1; 139 | } else { 140 | /* TODO: returncode */ 141 | fputc(proc_set + 48, fp); 142 | vrmr_info("Info", "Setting '%d' to proc entry '%s' succesfull.", 143 | proc_set, proc_entry); 144 | 145 | fclose(fp); 146 | } 147 | } else { 148 | /* for bash output */ 149 | fprintf(stdout, "echo \"%d\" > %s\n", proc_set, proc_entry); 150 | } 151 | } 152 | 153 | return (retval); 154 | } 155 | -------------------------------------------------------------------------------- /lib/shape.c: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2002-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | #include "config.h" 22 | #include "vuurmuur.h" 23 | 24 | int vrmr_is_shape_rule(/*@null@*/ struct vrmr_rule_options *opt) 25 | { 26 | if (opt != NULL && 27 | (opt->bw_in_min > 0 || opt->bw_in_max > 0 || opt->bw_out_min > 0 || 28 | opt->bw_out_max > 0 || opt->prio > 0)) { 29 | return (1); 30 | } 31 | 32 | return (0); 33 | } 34 | 35 | int vrmr_is_shape_incoming_rule(/*@null@*/ struct vrmr_rule_options *opt) 36 | { 37 | if (opt != NULL && 38 | (opt->bw_in_min > 0 || opt->bw_in_max > 0 || opt->prio > 0)) { 39 | return (1); 40 | } 41 | 42 | return (0); 43 | } 44 | 45 | int vrmr_is_shape_outgoing_rule(/*@null@*/ struct vrmr_rule_options *opt) 46 | { 47 | if (opt != NULL && 48 | (opt->bw_out_min > 0 || opt->bw_out_max > 0 || opt->prio > 0)) { 49 | return (1); 50 | } 51 | 52 | return (0); 53 | } 54 | 55 | int vrmr_is_shape_interface(/*@null@*/ struct vrmr_interface *iface_ptr) 56 | { 57 | if (iface_ptr != NULL && iface_ptr->shape == TRUE && 58 | iface_ptr->device_virtual == FALSE && iface_ptr->up == TRUE) { 59 | return (1); 60 | } 61 | 62 | return (0); 63 | } 64 | -------------------------------------------------------------------------------- /lib/strlcatu.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1998 Todd C. Miller 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 3. The name of the author may not be used to endorse or promote products 14 | * derived from this software without specific prior written permission. 15 | * 16 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 17 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 18 | * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 19 | * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 20 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 21 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 22 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 23 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 24 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 25 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | 28 | /* $Id: strlcatu.c,v 1.4 2003/10/20 15:03:27 chrisgreen Exp $ */ 29 | 30 | #ifdef HAVE_CONFIG_H 31 | #include "config.h" 32 | #endif 33 | 34 | #ifndef HAVE_STRLCAT 35 | 36 | #if defined(LIBC_SCCS) && !defined(lint) 37 | static char *rcsid = 38 | "$OpenBSD: strlcat.c,v 1.5 2001/01/13 16:17:24 millert Exp $"; 39 | #endif /* LIBC_SCCS and not lint */ 40 | 41 | #include 42 | #include 43 | 44 | #include 45 | 46 | /* 47 | * Appends src to string dst of size siz (unlike strncat, siz is the 48 | * full size of dst, not space left). At most siz-1 characters 49 | * will be copied. Always NUL terminates (unless siz <= strlen(dst)). 50 | * Returns strlen(initial dst) + strlen(src); if retval >= siz, 51 | * truncation occurred. 52 | */ 53 | size_t strlcat(char *dst, const char *src, size_t siz) 54 | { 55 | register char *d = dst; 56 | register const char *s = src; 57 | register size_t n = siz; 58 | size_t dlen; 59 | 60 | /* Find the end of dst and adjust bytes left but don't go past end */ 61 | while (n-- != 0 && *d != '\0') 62 | d++; 63 | dlen = d - dst; 64 | n = siz - dlen; 65 | 66 | if (n == 0) 67 | return (dlen + strlen(s)); 68 | while (*s != '\0') { 69 | if (n != 1) { 70 | *d++ = *s; 71 | n--; 72 | } 73 | s++; 74 | } 75 | *d = '\0'; 76 | 77 | return (dlen + (s - src)); /* count does not include NUL */ 78 | } 79 | #endif 80 | -------------------------------------------------------------------------------- /lib/strlcpyu.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1998 Todd C. Miller 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 3. The name of the author may not be used to endorse or promote products 14 | * derived from this software without specific prior written permission. 15 | * 16 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 17 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 18 | * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 19 | * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 20 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 21 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 22 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 23 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 24 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 25 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | 28 | /* $Id: strlcpyu.c,v 1.4 2003/10/20 15:03:27 chrisgreen Exp $ */ 29 | 30 | #ifdef HAVE_CONFIG_H 31 | #include "config.h" 32 | #endif 33 | 34 | #ifndef HAVE_STRLCPY 35 | 36 | #if defined(LIBC_SCCS) && !defined(lint) 37 | static char *rcsid = 38 | "$OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $"; 39 | #endif /* LIBC_SCCS and not lint */ 40 | 41 | #include 42 | #include 43 | 44 | #include 45 | 46 | /* 47 | * Copy src to string dst of size siz. At most siz-1 characters 48 | * will be copied. Always NUL terminates (unless siz == 0). 49 | * Returns strlen(src); if retval >= siz, truncation occurred. 50 | */ 51 | size_t strlcpy(char *dst, const char *src, size_t siz) 52 | { 53 | register char *d = dst; 54 | register const char *s = src; 55 | register size_t n = siz; 56 | 57 | /* Copy as many bytes as will fit */ 58 | if (n != 0 && --n != 0) { 59 | do { 60 | if ((*d++ = *s++) == 0) 61 | break; 62 | } while (--n != 0); 63 | } 64 | 65 | /* Not enough room in dst, add NUL and traverse rest of src */ 66 | if (n == 0) { 67 | if (siz != 0) 68 | *d = '\0'; /* NUL-terminate dst */ 69 | while (*s++) 70 | ; 71 | } 72 | 73 | return (s - src - 1); /* count does not include NUL */ 74 | } 75 | #endif 76 | -------------------------------------------------------------------------------- /lib/textdir/Makefile.am: -------------------------------------------------------------------------------- 1 | # textdir plugin 2 | libdir = @VUURMUUR_PLUGIN_DIR@ 3 | noinst_LTLIBRARIES = libtextdir.la 4 | libtextdir_la_SOURCES = \ 5 | textdir_ask.c \ 6 | textdir_list.c \ 7 | textdir_plugin.c \ 8 | textdir_tell.c 9 | noinst_HEADERS = textdir_plugin.h textdir.h 10 | EXTRA_DIST = textdir.conf textdir.conf.debian 11 | 12 | -------------------------------------------------------------------------------- /lib/textdir/textdir.conf: -------------------------------------------------------------------------------- 1 | LOCATION=/etc/vuurmuur/ 2 | -------------------------------------------------------------------------------- /lib/textdir/textdir.conf.debian: -------------------------------------------------------------------------------- 1 | LOCATION=/etc/vuurmuur/ 2 | -------------------------------------------------------------------------------- /lib/textdir/textdir.h: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2002-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | #ifndef __TEXTDIR_H__ 22 | #define __TEXTDIR_H__ 23 | 24 | void textdir_init(void); 25 | 26 | #endif /* __TEXTDIR_H__ */ 27 | -------------------------------------------------------------------------------- /lib/textdir/textdir_ask.c: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2002-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | #include "textdir_plugin.h" 22 | 23 | /* 24 | asking from and telling to the backend (TODO: name) 25 | 26 | returns 27 | -1 error 28 | */ 29 | int ask_textdir(void *backend, const char *name, const char *question, 30 | char *answer, size_t max_answer, enum vrmr_objecttypes type, int multi) 31 | { 32 | int retval = 0; 33 | char *file_location = NULL; 34 | char line[MAX_LINE_LENGTH] = "", variable[64] = "", value[512] = ""; 35 | size_t line_pos = 0, val_pos = 0; 36 | size_t line_length = 0; 37 | size_t len = 0; 38 | 39 | assert(backend && name && question); 40 | 41 | vrmr_debug( 42 | HIGH, "question: %s, name: %s, multi: %d", question, name, multi); 43 | 44 | struct textdir_backend *tb = (struct textdir_backend *)backend; 45 | if (!tb->backend_open) { 46 | vrmr_error(-1, "Error", "backend not opened yet"); 47 | return (-1); 48 | } 49 | 50 | /* determine the location of the file */ 51 | if (!(file_location = get_filelocation(backend, name, type))) 52 | return (-1); 53 | 54 | /* check if we are clean */ 55 | if (tb->file != NULL && multi == 0) { 56 | vrmr_warning("Warning", 57 | "the last 'multi' call to '%s' probably failed, because the " 58 | "file is still open when it shouldn't", 59 | name); 60 | 61 | fclose(tb->file); 62 | tb->file = NULL; 63 | } 64 | 65 | /* now open and read the file, but only if it is not already open */ 66 | if (tb->file == NULL) { 67 | if (!(tb->file = vuurmuur_fopen(tb->cfg, file_location, "r"))) { 68 | vrmr_error(-1, "Error", "Unable to open file '%s'.", file_location); 69 | 70 | free(file_location); 71 | return (-1); 72 | } 73 | } 74 | 75 | /* start (or continue) looping trough the file */ 76 | while (fgets(line, (int)sizeof(line), tb->file) != NULL) { 77 | line_length = strlen(line); 78 | if (line_length > MAX_LINE_LENGTH) { 79 | vrmr_error(-1, "Error", 80 | "line is longer than allowed (line: %d, max: %d)", 81 | (int)line_length, MAX_LINE_LENGTH); 82 | 83 | free(file_location); 84 | fclose(tb->file); 85 | tb->file = NULL; 86 | return (-1); 87 | } 88 | 89 | /* first check if the line is a comment. */ 90 | if (line_length == 0 || line[0] == '#' || line[0] == ' ' || 91 | line[0] == '\0' || line[0] == '\n' || line[0] == '\t') { 92 | /* continue with the next line, its a comment or an empty line. */ 93 | continue; 94 | } 95 | 96 | /* look for the occurance of the = separator */ 97 | char *val = strchr(line, '='); 98 | if (val == NULL) { 99 | /* not a valid line, ignore */ 100 | continue; 101 | } 102 | 103 | /* val - line = var len */ 104 | size_t var_len = val - line + 1; 105 | if (var_len > (sizeof(variable) - 1)) { 106 | /* invalid line, ignore */ 107 | continue; 108 | } 109 | strlcpy(variable, line, var_len); 110 | vrmr_debug(LOW, "variable %s", variable); 111 | 112 | /* now see if this was what we were looking for */ 113 | if (strcasecmp(question, variable) != 0) { 114 | /* nope, ignore line */ 115 | continue; 116 | } 117 | 118 | /* skip pass the '=' char */ 119 | val++; 120 | 121 | size_t val_len = strlen(val); 122 | 123 | /* copy the value into "value" */ 124 | val_pos = 0; 125 | line_pos = 0; 126 | 127 | while (val[line_pos] != '\0' && val[line_pos] != '\n' && 128 | line_pos < val_len && val_pos < max_answer) { 129 | /* if the first character is a '"' we strip it. */ 130 | if ((val_pos == 0) && (val[line_pos] == '\"')) 131 | line_pos++; 132 | 133 | /* otherwise copy the char */ 134 | else { 135 | value[val_pos] = val[line_pos]; 136 | 137 | line_pos++; 138 | val_pos++; 139 | } 140 | } 141 | 142 | /* if the last character is a '"' we strip it. */ 143 | if (val_pos > 0 && value[val_pos - 1] == '\"') 144 | value[val_pos - 1] = '\0'; 145 | else 146 | value[val_pos] = '\0'; 147 | 148 | vrmr_debug( 149 | MEDIUM, "question '%s' matched, value: '%s'", question, value); 150 | 151 | /* copy back the value to "answer" */ 152 | len = strlcpy(answer, value, max_answer); 153 | if (len >= max_answer) { 154 | vrmr_error(-1, "Error", 155 | "buffer overrun when reading file '%s', question '%s': len " 156 | "%u, max: %u", 157 | file_location, question, (int)len, (int)max_answer); 158 | 159 | free(file_location); 160 | fclose(tb->file); 161 | tb->file = NULL; 162 | return (-1); 163 | } 164 | 165 | /* only return when bigger than 0 */ 166 | if (strlen(answer) > 0) 167 | retval = 1; 168 | 169 | /* break out of the loop so when we call multi again we continue where 170 | * we were */ 171 | break; 172 | } 173 | 174 | /* cleanup */ 175 | if ((multi == 1 && retval != 1) || multi == 0) { 176 | vrmr_debug(HIGH, "close the file."); 177 | 178 | if (fclose(tb->file) != 0) { 179 | vrmr_error(-1, "Error", "closing file '%s' failed: %s", 180 | file_location, strerror(errno)); 181 | retval = -1; 182 | } 183 | tb->file = NULL; 184 | } 185 | 186 | /* cleanup filelocation */ 187 | free(file_location); 188 | 189 | vrmr_debug(HIGH, "at exit: tb->file: %p (retval: %d).", tb->file, retval); 190 | vrmr_debug(HIGH, "** end **, retval=%d", retval); 191 | 192 | return (retval); 193 | } 194 | -------------------------------------------------------------------------------- /lib/textdir/textdir_plugin.h: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2002-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | #ifndef __TEXTDIR_PLUGIN_H__ 22 | #define __TEXTDIR_PLUGIN_H__ 23 | 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | 30 | #define MAX_LINE_LENGTH 512 31 | 32 | #define MAX_RULE_NAME 32 33 | 34 | struct textdir_backend { 35 | /* 0: if backend is closed, 1: open */ 36 | bool backend_open; 37 | 38 | /* not yet used */ 39 | bool writable; 40 | 41 | DIR *zone_p; 42 | DIR *network_p; 43 | DIR *host_p; 44 | DIR *group_p; 45 | 46 | DIR *service_p; 47 | 48 | DIR *interface_p; 49 | 50 | DIR *rule_p; 51 | 52 | FILE *file; 53 | 54 | char cur_zone[VRMR_MAX_ZONE], cur_network[VRMR_MAX_NETWORK], 55 | cur_host[VRMR_MAX_HOST]; 56 | 57 | char interface[VRMR_MAX_INTERFACE]; 58 | 59 | char rule[MAX_RULE_NAME]; 60 | 61 | char textdirlocation[512]; 62 | 63 | void *plugin_handle; 64 | 65 | /* regexes for checking the names */ 66 | regex_t *zonename_reg; 67 | regex_t *servicename_reg; 68 | regex_t *interfacename_reg; 69 | 70 | /* Vuurmuur configuration. Some libvuurmuur functions need this to 71 | * do their work, but we shouldn't be accessing it ourselves. */ 72 | const struct vrmr_config *cfg; 73 | }; 74 | 75 | char *get_filelocation( 76 | void *backend, const char *name, const enum vrmr_objecttypes type); 77 | int ask_textdir(void *backend, const char *name, const char *question, 78 | char *answer, size_t max_answer, enum vrmr_objecttypes type, int multi); 79 | int tell_textdir(void *backend, const char *name, const char *question, 80 | const char *answer, int overwrite, enum vrmr_objecttypes type); 81 | int open_textdir(void *backend, int mode, enum vrmr_backend_types type); 82 | int close_textdir(void *backend, enum vrmr_backend_types type); 83 | char *list_textdir( 84 | void *backend, char *name, int *zonetype, enum vrmr_backend_types type); 85 | int init_textdir(void *backend, enum vrmr_backend_types type); 86 | int add_textdir(void *backend, const char *name, enum vrmr_objecttypes type); 87 | int del_textdir(void *backend, const char *name, enum vrmr_objecttypes type, 88 | int recurs); 89 | int rename_textdir(void *backend, const char *name, const char *newname, 90 | enum vrmr_objecttypes type); 91 | int conf_textdir(void *backend); 92 | int setup_textdir(const struct vrmr_config *vuurmuur_config, void **backend); 93 | 94 | #endif 95 | -------------------------------------------------------------------------------- /lib/util.c: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2002-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | #include "config.h" 22 | #include "vuurmuur.h" 23 | 24 | char *vrmr_get_string(const char *fmt, ...) 25 | { 26 | va_list ap; 27 | char str[2048] = ""; 28 | 29 | va_start(ap, fmt); 30 | vsnprintf(str, sizeof(str), fmt, ap); 31 | va_end(ap); 32 | 33 | return (strdup(str)); 34 | } 35 | 36 | char *vrmr_get_len_string(size_t max, const char *fmt, ...) 37 | { 38 | va_list ap; 39 | char str[2048] = ""; 40 | char *ptr = NULL; 41 | size_t len = 0; 42 | 43 | va_start(ap, fmt); 44 | vsnprintf(str, sizeof(str), fmt, ap); 45 | va_end(ap); 46 | 47 | len = strlen(str) + 1; 48 | if (len > max) 49 | len = max; 50 | 51 | ptr = malloc(len); 52 | if (ptr == NULL) 53 | return (NULL); 54 | 55 | strlcpy(ptr, str, len); 56 | 57 | return (ptr); 58 | } 59 | -------------------------------------------------------------------------------- /man/Makefile.am: -------------------------------------------------------------------------------- 1 | SUBDIRS = en ru 2 | -------------------------------------------------------------------------------- /man/en/Makefile.am: -------------------------------------------------------------------------------- 1 | manfiles = \ 2 | vuurmuur.8 \ 3 | vuurmuur_log.8 \ 4 | vuurmuur_script.8 \ 5 | vuurmuur_conf.8 6 | 7 | man_MANS = $(manfiles) 8 | EXTRA_DIST = $(manfiles) 9 | -------------------------------------------------------------------------------- /man/en/vuurmuur.8: -------------------------------------------------------------------------------- 1 | .\" Generated by help2man 1.35, customized with ManEdit. 2 | .TH "VUURMUUR" "8" "October 2006" "Vuurmuur 0.5.72" "User Commands" 3 | .SH "NAME" 4 | Vuurmuur \- rule creating daemon/commandline tool of the Vuurmuur IPTables frontend. 5 | .SH "SYNOPSIS" 6 | .B vuurmuur \fB[\-cvhdbkDnLCFt]\fR \fB[\-c\fR \fIconfig\-file\fR\fB] [\-d\fR \fIdebug\-level\fR\fB] [\-L\fR \fIloglevel\fR\fB]\fR 7 | .SH "OPTIONS" 8 | .TP 9 | \fB\-b\fR, \fB\-\-bash\fR 10 | gives a bashscript output 11 | .TP 12 | \fB\-d\fR, \fB\-\-debug\fR 13 | enables debugging (1 low, 3 high) 14 | .TP 15 | \fB\-c\fR, \fB\-\-configfile\fR 16 | use the given configfile 17 | .TP 18 | \fB\-h\fR, \fB\-\-help\fR 19 | gives this help 20 | .TP 21 | \fB\-V\fR, \fB\-\-version\fR 22 | gives the version 23 | .TP 24 | \fB\-D\fR, \fB\-\-daemon\fR 25 | vuurmuur starts and goes into daemon\-mode. 26 | .TP 27 | \fB\-l\fR 28 | deprecated option, see \fB\-D\fR. 29 | .TP 30 | \fB\-L\fR, \fB\-\-loglevel\fR 31 | specify the loglevel for use with syslog. 32 | .TP 33 | \fB\-v\fR, \fB\-\-verbose\fR 34 | verbose mode. 35 | .TP 36 | \fB\-n\fR, \fB\-\-foreground\fR 37 | for use with \fB\-D\fR, it goes into the loop without daemonizing. 38 | .TP 39 | \fB\-C\fR, \fB\-\-clear\-vuurmuur\fR 40 | clear vuurmuur iptables rules and set policy to ACCEPT. PRE\-VRMR\-CHAINS still presents. Use with care! 41 | .TP 42 | \fB\-F\fR, \fB\-\-clear\-all\fR 43 | clear all iptables rules and set policy to ACCEPT. PRE\-VRMR\-CHAINS (and others) cleared. Use with care! 44 | .TP 45 | \fB\-k\fR, \fB\-\-keep\fR 46 | keep the iptables ruleset file \fBiptables\-restore(8)\fR loads into the system. Useful for debugging. The file can be found in /tmp/ 47 | .TP 48 | \fB\-t\fR, \fB\-\-no\-check\fR 49 | don't check for iptables capabilities, asume all are supported. 50 | .SH "COPYRIGHT" 51 | Copyright \(co 2002\-2006 by Victor Julien 52 | .SH "SEE ALSO" 53 | The full documentation for 54 | .B Vuurmuur_conf 55 | is maintained as a wiki at http://wiki.vuurmuur.org/ 56 | 57 | .BR vuurmuur_log (8), 58 | .BR vuurmuur_script (8), 59 | .BR vuurmuur_conf (8) 60 | -------------------------------------------------------------------------------- /man/en/vuurmuur_conf.8: -------------------------------------------------------------------------------- 1 | .\" Generated by help2man 1.35, customized with ManEdit. 2 | .TH "VUURMUUR_CONF" "8" "October 2006" "Vuurmuur_conf 0.5.72" "User Commands" 3 | .SH "NAME" 4 | Vuurmuur_conf \- ncurses GUI for administration of the Vuurmuur IPTables frontend. 5 | .SH "SYNOPSIS" 6 | .B vuurmuur_conf \fB[\-cvhd]\fR \fB[\-c\fR \fIconfig\-file\fR\fB] [\-d\fR \fIdebug\-level\fR\fB]\fR 7 | 8 | .SH "OPTIONS" 9 | .TP 10 | \fB\-h\fR, \fB\-\-help\fR 11 | prints the possible commandline options 12 | .TP 13 | \fB\-c\fR, \fB\-\-configfile\fR 14 | use the given configfile instead of the default file 15 | .TP 16 | \fB\-d\fR, \fB\-\-debug\fR 17 | enable debugging (1 = low, 3 = high), the info will be printed to the debug.log 18 | .TP 19 | \fB\-V\fR, \fB\-\-version\fR 20 | gives the version 21 | .SH "COPYRIGHT" 22 | Copyright \(co 2002\-2006 by Victor Julien 23 | .SH "SEE ALSO" 24 | The full documentation for 25 | .B Vuurmuur_conf 26 | is maintained as a wiki at http://wiki.vuurmuur.org/ 27 | 28 | .BR vuurmuur (8), 29 | .BR vuurmuur_log (8), 30 | .BR vuurmuur_script (8) 31 | -------------------------------------------------------------------------------- /man/en/vuurmuur_log.8: -------------------------------------------------------------------------------- 1 | .\" Generated by help2man 1.35, customized with ManEdit. 2 | .TH "VUURMUUR_LOG" "8" "October 2006" "Vuurmuur_log 0.5.72" "User Commands" 3 | .SH "NAME" 4 | Vuurmuur_log \- log parsing daemon of the Vuurmuur IPTables frontend. 5 | .SH "SYNOPSIS" 6 | .B vuurmuur_log \fB[\-cvhdnV]\fR \fB[\-c\fR \fIconfig\-file\fR\fB] [\-d\fR \fIdebug\-level\fR\fB]\fR 7 | 8 | .SH "OPTIONS" 9 | .TP 10 | \fB\-h\fR, \fB\-\-help\fR 11 | prints the possible commandline options 12 | .TP 13 | \fB\-c\fR, \fB\-\-configfile\fR 14 | use the given configfile instead of the default file 15 | .TP 16 | \fB\-d\fR, \fB\-\-debug\fR 17 | enable debugging (1 = low, 3 = high), the info will be printed to the debug.log 18 | .TP 19 | \fB\-V\fR, \fB\-\-version\fR 20 | gives the version 21 | .TP 22 | \fB\-n\fR, \fB\-\-nodaemon\fR 23 | don't go into the background when started 24 | .SH "COPYRIGHT" 25 | Copyright \(co 2002\-2006 by Victor Julien 26 | .SH "SEE ALSO" 27 | The full documentation for 28 | .B Vuurmuur_conf 29 | is maintained as a wiki at http://wiki.vuurmuur.org/ 30 | 31 | .BR vuurmuur (8), 32 | .BR vuurmuur_script (8), 33 | .BR vuurmuur_conf (8) 34 | -------------------------------------------------------------------------------- /man/en/vuurmuur_script.8: -------------------------------------------------------------------------------- 1 | .\" Generated by help2man 1.35, customized with ManEdit. 2 | .TH "VUURMUUR_SCRIPT" "8" "October 2006" "Vuurmuur_script 0.5.72" "User Commands" 3 | .SH "NAME" 4 | Vuurmuur_script \- scriptable commandline tool for administration of the Vuurmuur IPTables frontend. 5 | .SH "SYNOPSIS" 6 | .B vuurmuur_script \fB[\-cvdhCDRMLPognzisrAOVS] [\-d\fR \fIdebug\-level\fR\fB] [\-o\fR \fIhost\fR\fB] [\-g\fR \fIgroup\fR\fB] [\-n\fR \fInetwork\fR\fB] [\-z\fR \fIzone\fR\fB] [\-s\fR \fIservice\fR\fB] [\-i\fR \fIinterface\fR\fB] [\-r\fR \fIruleset\fR\fB] [\-V\fR \fIvariable\-name\fR\fB] [\-S\fR \fIvalue\fR\fB]\fR 7 | 8 | .SH "OPTIONS" 9 | .TP 10 | \fB\-d\fR [1 \- 3] 11 | enables debugging, 1 low, 3 high 12 | .TP 13 | \fB\-h\fR, \fB\-\-help\fR 14 | gives this help 15 | .TP 16 | \fB\-v\fR, \fB\-\-verbose\fR 17 | verbose mode. 18 | .SS "Commands:" 19 | .TP 20 | \fB\-\-block\fR 21 | block host/group or ipaddress. 22 | .TP 23 | \fB\-\-unblock\fR 24 | unblock host/group or ipaddress. 25 | .TP 26 | \fB\-\-list\-blocked\fR 27 | list the hosts/group and ipaddresses that are blocked. 28 | .TP 29 | \fB\-\-reload\fR 30 | make Vuurmuur reload it's config. 31 | .TP 32 | \fB\-C\fR, \fB\-\-create\fR 33 | create object. 34 | .TP 35 | \fB\-D\fR, \fB\-\-delete\fR 36 | delete object. 37 | .TP 38 | \fB\-R\fR, \fB\-\-rename\fR 39 | rename object. 40 | .TP 41 | \fB\-M\fR, \fB\-\-modify\fR 42 | modify object. 43 | .TP 44 | \fB\-L\fR, \fB\-\-list\fR 45 | list objects. 46 | .TP 47 | \fB\-P\fR, \fB\-\-print\fR 48 | print data of object. 49 | .SS "Object:" 50 | .TP 51 | \fB\-o\fR, \fB\-\-host\fR 52 | host. 53 | .TP 54 | \fB\-g\fR, \fB\-\-group\fR 55 | group. 56 | .TP 57 | \fB\-n\fR, \fB\-\-network\fR 58 | network. 59 | .TP 60 | \fB\-z\fR, \fB\-\-zone\fR 61 | zone. 62 | .TP 63 | \fB\-s\fR, \fB\-\-service\fR 64 | service. 65 | .TP 66 | \fB\-i\fR, \fB\-\-interface\fR 67 | interface. 68 | .TP 69 | \fB\-r\fR, \fB\-\-rule\fR 70 | rule. 71 | .TP 72 | \fB\-V\fR, \fB\-\-variable\fR 73 | variable to modify/print. 74 | .TP 75 | \fB\-S\fR, \fB\-\-set\fR 76 | value to set on modify, 77 | or new name when renaming. 78 | .TP 79 | \fB\-A\fR, \fB\-\-append\fR 80 | append the variable on modify 81 | .TP 82 | \fB\-O\fR, \fB\-\-overwrite\fR 83 | overwrite the variable on modify 84 | .TP 85 | \fB\-\-rule\-numbers\fR 86 | print rule numbers 87 | .TP 88 | \fB\-\-apply\fR 89 | try to apply the changes directly to Vuurmuur 90 | .TP 91 | \fB\-\-no\-apply\fR 92 | don't try to apply the changes to Vuurmuur 93 | .SH "EXAMPLES" 94 | .TP 95 | .B Gives a list of all groups: 96 | \fBvuurmuur_script\fR \-\-list \-\-group any 97 | 98 | .TP 99 | .B Gives a list of all groups in network localnet.lan: 100 | \fBvuurmuur_script\fR \-\-list \-\-group localnet.lan 101 | 102 | .TP 103 | .B Print content of host server.localnet.lan: 104 | \fBvuurmuur_script\fR \-\-print \-\-host server.localnet.lan 105 | 106 | .TP 107 | .B Create an empty host: 108 | \fBvuurmuur_script\fR \-\-create \-\-host pc1.localnet.lan 109 | 110 | .TP 111 | .B Set the host to active: 112 | \fBvuurmuur_script\fR \-\-modify \-\-host pc1.localnet.lan \-\-variable ACTIVE \-\-set Yes 113 | 114 | .TP 115 | .B Set the ipaddress of the new host: 116 | \fBvuurmuur_script\fR \-\-modify \-\-host pc1.localnet.lan \-\-variable IPADDRESS \-\-set 192.168.1.15 117 | 118 | .TP 119 | .B Append a rule to the rules list: 120 | \fBvuurmuur_script\fR \-M \-r rules \-V RULE \-S "accept service ftp from pc1.localnet.lan to firewall" \-A 121 | 122 | .TP 123 | .B Add the ipaddress 1.2.3.4 to the blocklist: 124 | \fBvuurmuur_script\fR \-\-block 1.2.3.4 125 | 126 | .TP 127 | .B Remove an ipaddress from the blocklist: 128 | \fBvuurmuur_script\fR \-\-unblock 1.2.3.4 129 | .SH "COPYRIGHT" 130 | Copyright \(co 2002\-2006 by Victor Julien 131 | .SH "SEE ALSO" 132 | The full documentation for 133 | .B Vuurmuur_conf 134 | is maintained as a wiki at http://wiki.vuurmuur.org/ 135 | 136 | .BR vuurmuur (8), 137 | .BR vuurmuur_log (8), 138 | .BR vuurmuur_conf (8) 139 | -------------------------------------------------------------------------------- /man/ru/Makefile.am: -------------------------------------------------------------------------------- 1 | # ripped from xine-ui package 2 | mansubdir=/ru/man8 3 | man_MANS = vuurmuur.8 vuurmuur_log.8 vuurmuur_script.8 vuurmuur_conf.8 4 | EXTRA_DIST = $(man_MANS) 5 | 6 | install-man8: 7 | $(mkinstalldirs) $(DESTDIR)$(mandir)$(mansubdir) 8 | @list='$(man1_MANS)'; \ 9 | l2='$(man_MANS)'; for i in $$l2; do \ 10 | case "$$i" in \ 11 | *.8*) list="$$list $$i" ;; \ 12 | esac; \ 13 | done; \ 14 | for i in $$list; do \ 15 | if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ 16 | else file=$$i; fi; \ 17 | ext=`echo $$i | sed -e 's/^.*\\.//'`; \ 18 | inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ 19 | inst=`echo $$inst | sed '$(transform)'`.$$ext; \ 20 | echo " $(INSTALL_DATA) $$file $(DESTDIR)$(mandir)$(mansubdir)/$$inst"; \ 21 | $(INSTALL_DATA) $$file $(DESTDIR)$(mandir)$(mansubdir)/$$inst; \ 22 | done 23 | 24 | uninstall-man8: 25 | @list='$(man1_MANS)'; \ 26 | l2='$(man_MANS)'; for i in $$l2; do \ 27 | case "$$i" in \ 28 | *.8*) list="$$list $$i" ;; \ 29 | esac; \ 30 | done; \ 31 | for i in $$list; do \ 32 | ext=`echo $$i | sed -e 's/^.*\\.//'`; \ 33 | inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ 34 | inst=`echo $$inst | sed '$(transform)'`.$$ext; \ 35 | echo " rm -f $(DESTDIR)$(mandir)$(mansubdir)/$$inst"; \ 36 | rm -f $(DESTDIR)$(mandir)$(mansubdir)/$$inst; \ 37 | done 38 | -------------------------------------------------------------------------------- /man/ru/vuurmuur.8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/man/ru/vuurmuur.8 -------------------------------------------------------------------------------- /man/ru/vuurmuur_conf.8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/man/ru/vuurmuur_conf.8 -------------------------------------------------------------------------------- /man/ru/vuurmuur_log.8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/man/ru/vuurmuur_log.8 -------------------------------------------------------------------------------- /man/ru/vuurmuur_script.8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/man/ru/vuurmuur_script.8 -------------------------------------------------------------------------------- /po/ChangeLog: -------------------------------------------------------------------------------- 1 | 2005-03-31 gettextize 2 | 3 | * Makefile.in.in: New file, from gettext-0.14.1. 4 | * Rules-quot: New file, from gettext-0.14.1. 5 | * boldquot.sed: New file, from gettext-0.14.1. 6 | * en@boldquot.header: New file, from gettext-0.14.1. 7 | * en@quot.header: New file, from gettext-0.14.1. 8 | * insert-header.sin: New file, from gettext-0.14.1. 9 | * quot.sed: New file, from gettext-0.14.1. 10 | * remove-potcdate.sin: New file, from gettext-0.14.1. 11 | 12 | -------------------------------------------------------------------------------- /po/LINGUAS: -------------------------------------------------------------------------------- 1 | # list of available translations 2 | nl ru en@quot en@boldquot pt_BR de fr no nb 3 | -------------------------------------------------------------------------------- /po/Makevars: -------------------------------------------------------------------------------- 1 | # Makefile variables for PO directory in any package using GNU gettext. 2 | 3 | # Usually the message domain is the same as the package name. 4 | DOMAIN = $(PACKAGE) 5 | 6 | # These two variables depend on the location of this directory. 7 | subdir = po 8 | top_builddir = .. 9 | 10 | # These options get passed to xgettext. 11 | XGETTEXT_OPTIONS = --keyword=_ --keyword=N_ --add-comments=TRANSLATORS 12 | 13 | # This is the copyright holder that gets inserted into the header of the 14 | # $(DOMAIN).pot file. Set this to the copyright holder of the surrounding 15 | # package. (Note that the msgstr strings, extracted from the package's 16 | # sources, belong to the copyright holder of the package.) Translators are 17 | # expected to transfer the copyright for their translations to this person 18 | # or entity, or to disclaim their copyright. The empty string stands for 19 | # the public domain; in this case the translators are expected to disclaim 20 | # their copyright. 21 | COPYRIGHT_HOLDER = Victor Julien 22 | 23 | # This tells whether or not to prepend "GNU " prefix to the package 24 | # name that gets inserted into the header of the $(DOMAIN).pot file. 25 | # Possible values are "yes", "no", or empty. If it is empty, try to 26 | # detect it automatically by scanning the files in $(top_srcdir) for 27 | # "GNU packagename" string. 28 | PACKAGE_GNU = 29 | 30 | # This is the email address or URL to which the translators shall report 31 | # bugs in the untranslated strings: 32 | # - Strings which are not entire sentences, see the maintainer guidelines 33 | # in the GNU gettext documentation, section 'Preparing Strings'. 34 | # - Strings which use unclear terms or require additional context to be 35 | # understood. 36 | # - Strings which make invalid assumptions about notation of date, time or 37 | # money. 38 | # - Pluralisation problems. 39 | # - Incorrect English spelling. 40 | # - Incorrect formatting. 41 | # It can be your email address, or a mailing list address where translators 42 | # can write to without being subscribed, or the URL of a web page through 43 | # which the translators can contact you. 44 | MSGID_BUGS_ADDRESS = https://www.vuurmuur.org/ 45 | 46 | # This is the list of locale categories, beyond LC_MESSAGES, for which the 47 | # message catalogs shall be used. It is usually empty. 48 | EXTRA_LOCALE_CATEGORIES = 49 | 50 | # This tells whether the $(DOMAIN).pot file contains messages with an 'msgctxt' 51 | # context. Possible values are "yes" and "no". Set this to yes if the 52 | # package uses functions taking also a message context, like pgettext(), or 53 | # if in $(XGETTEXT_OPTIONS) you define keywords with a context argument. 54 | USE_MSGCTXT = no 55 | 56 | # These options get passed to msgmerge. 57 | # Useful options are in particular: 58 | # --previous to keep previous msgids of translated messages, 59 | # --quiet to reduce the verbosity. 60 | MSGMERGE_OPTIONS = 61 | 62 | # These options get passed to msginit. 63 | # If you want to disable line wrapping when writing PO files, add 64 | # --no-wrap to MSGMERGE_OPTIONS, XGETTEXT_OPTIONS, and 65 | # MSGINIT_OPTIONS. 66 | MSGINIT_OPTIONS = 67 | 68 | # This tells whether or not to regenerate a PO file when $(DOMAIN).pot 69 | # has changed. Possible values are "yes" and "no". Set this to no if 70 | # the POT file is checked in the repository and the version control 71 | # program ignores timestamps. 72 | PO_DEPENDS_ON_POT = yes 73 | 74 | # This tells whether or not to forcibly update $(DOMAIN).pot and 75 | # regenerate PO files on "make dist". Possible values are "yes" and 76 | # "no". Set this to no if the POT file and PO files are maintained 77 | # externally. 78 | DIST_DEPENDS_ON_UPDATE_PO = yes 79 | -------------------------------------------------------------------------------- /po/POTFILES.in: -------------------------------------------------------------------------------- 1 | # list of source files containing translateble strings 2 | # (c) Victor Julien 3 | 4 | vuurmuur_conf/bw_sec.c 5 | vuurmuur_conf/config.c 6 | vuurmuur_conf/config_section.c 7 | vuurmuur_conf/conn_sec.c 8 | vuurmuur_conf/help.c 9 | vuurmuur_conf/if_sec.c 10 | vuurmuur_conf/logview_section.c 11 | vuurmuur_conf/main.h 12 | vuurmuur_conf/mainmenu.c 13 | vuurmuur_conf/navigation.c 14 | vuurmuur_conf/rules_form.c 15 | vuurmuur_conf/services_section.c 16 | vuurmuur_conf/stat_sec.c 17 | vuurmuur_conf/sys_sec.c 18 | vuurmuur_conf/templates.c 19 | vuurmuur_conf/topmenu.c 20 | vuurmuur_conf/vuurmuur_conf.c 21 | vuurmuur_conf/zones_section.c 22 | vuurmuur_conf/common_strings.h 23 | vuurmuur_conf/filter.c 24 | vuurmuur_conf/gui.c 25 | vuurmuur_conf/statevent.c 26 | -------------------------------------------------------------------------------- /po/boldquot.sed: -------------------------------------------------------------------------------- 1 | s/"\([^"]*\)"/“\1”/g 2 | s/`\([^`']*\)'/‘\1’/g 3 | s/ '\([^`']*\)' / ‘\1’ /g 4 | s/ '\([^`']*\)'$/ ‘\1’/g 5 | s/^'\([^`']*\)' /‘\1’ /g 6 | s/“”/""/g 7 | s/“/“/g 8 | s/”/”/g 9 | s/‘/‘/g 10 | s/’/’/g 11 | -------------------------------------------------------------------------------- /po/de.po: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/po/de.po -------------------------------------------------------------------------------- /po/en@boldquot.header: -------------------------------------------------------------------------------- 1 | # All this catalog "translates" are quotation characters. 2 | # The msgids must be ASCII and therefore cannot contain real quotation 3 | # characters, only substitutes like grave accent (0x60), apostrophe (0x27) 4 | # and double quote (0x22). These substitutes look strange; see 5 | # https://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html 6 | # 7 | # This catalog translates grave accent (0x60) and apostrophe (0x27) to 8 | # left single quotation mark (U+2018) and right single quotation mark (U+2019). 9 | # It also translates pairs of apostrophe (0x27) to 10 | # left single quotation mark (U+2018) and right single quotation mark (U+2019) 11 | # and pairs of quotation mark (0x22) to 12 | # left double quotation mark (U+201C) and right double quotation mark (U+201D). 13 | # 14 | # When output to an UTF-8 terminal, the quotation characters appear perfectly. 15 | # When output to an ISO-8859-1 terminal, the single quotation marks are 16 | # transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to 17 | # grave/acute accent (by libiconv), and the double quotation marks are 18 | # transliterated to 0x22. 19 | # When output to an ASCII terminal, the single quotation marks are 20 | # transliterated to apostrophes, and the double quotation marks are 21 | # transliterated to 0x22. 22 | # 23 | # This catalog furthermore displays the text between the quotation marks in 24 | # bold face, assuming the VT100/XTerm escape sequences. 25 | # 26 | -------------------------------------------------------------------------------- /po/en@quot.header: -------------------------------------------------------------------------------- 1 | # All this catalog "translates" are quotation characters. 2 | # The msgids must be ASCII and therefore cannot contain real quotation 3 | # characters, only substitutes like grave accent (0x60), apostrophe (0x27) 4 | # and double quote (0x22). These substitutes look strange; see 5 | # https://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html 6 | # 7 | # This catalog translates grave accent (0x60) and apostrophe (0x27) to 8 | # left single quotation mark (U+2018) and right single quotation mark (U+2019). 9 | # It also translates pairs of apostrophe (0x27) to 10 | # left single quotation mark (U+2018) and right single quotation mark (U+2019) 11 | # and pairs of quotation mark (0x22) to 12 | # left double quotation mark (U+201C) and right double quotation mark (U+201D). 13 | # 14 | # When output to an UTF-8 terminal, the quotation characters appear perfectly. 15 | # When output to an ISO-8859-1 terminal, the single quotation marks are 16 | # transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to 17 | # grave/acute accent (by libiconv), and the double quotation marks are 18 | # transliterated to 0x22. 19 | # When output to an ASCII terminal, the single quotation marks are 20 | # transliterated to apostrophes, and the double quotation marks are 21 | # transliterated to 0x22. 22 | # 23 | -------------------------------------------------------------------------------- /po/fr.po: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/po/fr.po -------------------------------------------------------------------------------- /po/insert-header.sin: -------------------------------------------------------------------------------- 1 | # Sed script that inserts the file called HEADER before the header entry. 2 | # 3 | # Copyright (C) 2001 Free Software Foundation, Inc. 4 | # Written by Bruno Haible , 2001. 5 | # This file is free software; the Free Software Foundation gives 6 | # unlimited permission to use, copy, distribute, and modify it. 7 | # 8 | # At each occurrence of a line starting with "msgid ", we execute the following 9 | # commands. At the first occurrence, insert the file. At the following 10 | # occurrences, do nothing. The distinction between the first and the following 11 | # occurrences is achieved by looking at the hold space. 12 | /^msgid /{ 13 | x 14 | # Test if the hold space is empty. 15 | s/m/m/ 16 | ta 17 | # Yes it was empty. First occurrence. Read the file. 18 | r HEADER 19 | # Output the file's contents by reading the next line. But don't lose the 20 | # current line while doing this. 21 | g 22 | N 23 | bb 24 | :a 25 | # The hold space was nonempty. Following occurrences. Do nothing. 26 | x 27 | :b 28 | } 29 | -------------------------------------------------------------------------------- /po/nb.po: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/po/nb.po -------------------------------------------------------------------------------- /po/nl.po: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/po/nl.po -------------------------------------------------------------------------------- /po/no.po: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/po/no.po -------------------------------------------------------------------------------- /po/pt_BR.po: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/po/pt_BR.po -------------------------------------------------------------------------------- /po/quot.sed: -------------------------------------------------------------------------------- 1 | s/"\([^"]*\)"/“\1”/g 2 | s/`\([^`']*\)'/‘\1’/g 3 | s/ '\([^`']*\)' / ‘\1’ /g 4 | s/ '\([^`']*\)'$/ ‘\1’/g 5 | s/^'\([^`']*\)' /‘\1’ /g 6 | s/“”/""/g 7 | -------------------------------------------------------------------------------- /po/remove-potcdate.sin: -------------------------------------------------------------------------------- 1 | # Sed script that removes the POT-Creation-Date line in the header entry 2 | # from a POT file. 3 | # 4 | # Copyright (C) 2002 Free Software Foundation, Inc. 5 | # Copying and distribution of this file, with or without modification, 6 | # are permitted in any medium without royalty provided the copyright 7 | # notice and this notice are preserved. This file is offered as-is, 8 | # without any warranty. 9 | # 10 | # The distinction between the first and the following occurrences of the 11 | # pattern is achieved by looking at the hold space. 12 | /^"POT-Creation-Date: .*"$/{ 13 | x 14 | # Test if the hold space is empty. 15 | s/P/P/ 16 | ta 17 | # Yes it was empty. First occurrence. Remove the line. 18 | g 19 | d 20 | bb 21 | :a 22 | # The hold space was nonempty. Following occurrences. Do nothing. 23 | x 24 | :b 25 | } 26 | -------------------------------------------------------------------------------- /po/ru.po: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inliniac/vuurmuur/58c86fab963d548d56c0b9479a177b893928faa4/po/ru.po -------------------------------------------------------------------------------- /po/stamp-po: -------------------------------------------------------------------------------- 1 | timestamp 2 | -------------------------------------------------------------------------------- /scripts/Makefile.am: -------------------------------------------------------------------------------- 1 | scriptsdir = $(datadir)/vuurmuur/scripts 2 | scripts_DATA = vuurmuur-config-setup.sh vuurmuur-initd.sh vuurmuur-initd.sh.suse vuurmuur-logrotate rc.vuurmuur 3 | 4 | vcscriptsdir = $(scriptsdir) 5 | vcscripts_DATA = vuurmuur-searchlog.sh vuurmuur-wizard.sh 6 | 7 | install: 8 | install -m 755 -d "$(DESTDIR)$(vcscriptsdir)" 9 | install -m 700 "$(top_srcdir)/scripts/vuurmuur-wizard.sh" "$(DESTDIR)$(vcscriptsdir)" 10 | install -m 700 "$(top_srcdir)/scripts/vuurmuur-searchlog.sh" "$(DESTDIR)$(vcscriptsdir)" 11 | install -m 700 "$(top_srcdir)/scripts/vuurmuur-initd.sh" "$(DESTDIR)$(vcscriptsdir)" 12 | 13 | EXTRA_DIST = $(scripts_DATA) $(vcscripts_DATA) 14 | -------------------------------------------------------------------------------- /scripts/rc.vuurmuur: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This is an implementation of a start-script for Vuurmuur. 4 | # 5 | # (c) 2004-2006 Victor Julien, released under GPL. 6 | # Adapted for Slackware by Nicolas Dejardin 7 | # 8 | # where do the executables reside? NOTE: no trailing slash 9 | VUURMUUR_LOCATION=/usr/local/bin 10 | 11 | # space separated list of modules to load on start, or 'none' if none ;-) 12 | MODULES_TO_LOAD="ip_tables iptable_filter iptable_mangle iptable_nat ip_conntrack ipt_state ip_conntrack_ftp ip_nat_ftp" 13 | #MODULES_TO_LOAD="none" 14 | 15 | case "$1" in 16 | start) 17 | echo "Starting firewall: Vuurmuur:" 18 | 19 | # check if vuurmuur is configured 20 | IFNUM=`$VUURMUUR_LOCATION/vuurmuur_script --list --interface any | wc -l` 21 | if [ "$IFNUM" = "0" ]; then 22 | echo "FAILED: please configure Vuurmuur first by defining at least one interface." 23 | exit 1 24 | fi 25 | 26 | echo -n -e "\tLoading modules:\t" 27 | if [ "$MODULES_TO_LOAD" == "none" ]; then 28 | echo "disabled." 29 | else 30 | # load the modules 31 | for MODULE in `echo $MODULES_TO_LOAD`; do 32 | echo -n "$MODULE:" 33 | /sbin/modprobe $MODULE 34 | echo "OK " 35 | done 36 | echo "" 37 | fi 38 | 39 | echo -n -e "\tLoading Vuurmuur:\t" 40 | # start vuurmuur 41 | if [ ! -f /var/run/vuurmuur.pid ]; then 42 | $VUURMUUR_LOCATION/vuurmuur -D 43 | RESULT="$?" 44 | if [ "$RESULT" = "0" ]; then 45 | echo "OK." 46 | else 47 | echo "FAILED." 48 | fi 49 | else 50 | PID=`cat /var/run/vuurmuur.pid | cut -d " " -f 1` 51 | echo "FAILED: already running at pid $PID." 52 | fi 53 | 54 | echo -n -e "\tLoading Vuurmuur_log:\t" 55 | # start vuurmuur_log 56 | if [ ! -f /var/run/vuurmuur_log.pid ]; then 57 | $VUURMUUR_LOCATION/vuurmuur_log 58 | RESULT="$?" 59 | if [ "$RESULT" = "0" ]; then 60 | echo "OK." 61 | else 62 | echo "FAILED." 63 | fi 64 | else 65 | PID=`cat /var/run/vuurmuur_log.pid | cut -d " " -f 1` 66 | echo "FAILED: already running at pid $PID." 67 | fi 68 | 69 | echo "Starting firewall: Vuurmuur: done" 70 | echo "" 71 | ;; 72 | stop) 73 | echo -n "Stopping firewall: Vuurmuur." 74 | kill -n INT `pidof vuurmuur` 75 | echo -n "." 76 | kill -n INT `pidof vuurmuur_log` 77 | echo -n "." 78 | echo "done." 79 | echo "" 80 | ;; 81 | force-reload|restart) 82 | $0 stop 83 | $0 start 84 | ;; 85 | *) 86 | echo "Usage: /etc/rc.d/rc.vuurmuur {start|stop|restart|force-reload}" 87 | exit 1 88 | esac 89 | 90 | exit 0 91 | -------------------------------------------------------------------------------- /scripts/vuurmuur-config-setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # 4 | # 2005-06-19: victor initial version 5 | # 2005-06-20: adi usage, root-check, commandline checks 6 | # 7 | # this script must be called with three arguments: 8 | # 1. the etcdir, e.g. /usr/local/etc/vuurmuur 9 | # 2. the sample configfile, that will be copied if no config exists 10 | # 3. the directory containing example services, e.g. /usr/local/share/vuurmuur/services 11 | # 12 | # Script to setup the initial configuration layout. 13 | # It does the following: 14 | # - check if $ETCDIR exists, and create it if it doesn't 15 | # - check if $ETCDIR/config.conf exists and copy the sample if not. 16 | # - check if the plugin-etc dir is properly setup 17 | # - check if the textdir.conf exists 18 | # - check if the backend dirs are properly setup 19 | 20 | 21 | # define useful functions 22 | exit_message() { 23 | echo $1 24 | exit 1 25 | } 26 | 27 | usage() { 28 | echo "Usage: $0 ETCDIR SAMPLE_CONF SERVICES_DIR" 29 | } 30 | 31 | # check arguments (TODO: check if they are valid!) 32 | if [ $# -ne 3 ]; then 33 | usage 34 | exit 1 35 | fi 36 | 37 | # we take three args. 38 | ETCDIR="$1" 39 | CONFIGSAMPLE="$2" 40 | SERVICES="$3" 41 | 42 | # check for root (and display a warning for now) 43 | if [ $(id -u) -ne 0 ]; then 44 | echo "WARNING: You are NOT root; some operations may not work..." 45 | exit 1 46 | fi 47 | 48 | # if the prefix is /usr, we use /etc instead of /usr/etc 49 | if [ "$ETCDIR" = "/usr/etc/vuurmuur" ] || [ "$ETCDIR" = "/usr/etc/vuurmuur/" ]; then 50 | ETCDIR="/etc/vuurmuur" 51 | fi 52 | 53 | # test for the existence of the ETCDIR 54 | if [ ! -d "$ETCDIR" ]; then 55 | # create it 56 | mkdir -p -m 0700 $ETCDIR || exit_message "error creating $ETCDIR" 57 | fi 58 | 59 | # test for the configfile 60 | FILE="$ETCDIR/config.conf" 61 | 62 | if [ ! -f "$FILE" ]; then 63 | # first check if the sample file exists 64 | if [ ! -f "$CONFIGSAMPLE" ]; then 65 | exit_message "error: sample configfile not found" 66 | fi 67 | 68 | cp "$CONFIGSAMPLE" "$FILE" || exit_message "error copying $CONFIGSAMPLE" 69 | chmod 0600 "$FILE" || exit_message "error chmodding $FILE" 70 | fi 71 | 72 | # test for plugin etc 73 | DIR="$ETCDIR/plugins" 74 | 75 | if [ ! -d "$DIR" ]; then 76 | # create it 77 | mkdir -p -m 0700 "$DIR" || exit_message "error creating $DIR" 78 | fi 79 | 80 | # 81 | FILE="$ETCDIR/plugins/textdir.conf" 82 | 83 | if [ ! -f "$FILE" ]; then 84 | touch "$FILE" || exit_message "error creating $FILE" 85 | chmod 0600 "$FILE" || exit_message "error chmodding $FILE" 86 | echo "LOCATION=\"$ETCDIR/textdir\"" > "$FILE" 87 | fi 88 | 89 | # backend dirs 90 | DIR="$ETCDIR/textdir" 91 | 92 | if [ ! -d "$DIR" ]; then 93 | # create it 94 | mkdir -p -m 0700 "$DIR" || exit_message "error creating $DIR" 95 | fi 96 | 97 | # zones 98 | DIR="$ETCDIR/textdir/zones" 99 | 100 | if [ ! -d "$DIR" ]; then 101 | # create it 102 | mkdir -p -m 0700 "$DIR" || exit_message "error creating $DIR" 103 | fi 104 | 105 | # interfaces 106 | DIR="$ETCDIR/textdir/interfaces" 107 | 108 | if [ ! -d "$DIR" ]; then 109 | # create it 110 | mkdir -p -m 0700 "$DIR" || exit_message "error creating $DIR" 111 | fi 112 | 113 | # rules 114 | DIR="$ETCDIR/textdir/rules" 115 | 116 | if [ ! -d "$DIR" ]; then 117 | # create it 118 | mkdir -p -m 0700 "$DIR" || exit_message "error creating $DIR" 119 | fi 120 | 121 | # services 122 | DIR="$ETCDIR/textdir/services" 123 | 124 | if [ ! -d "$DIR" ]; then 125 | # create it 126 | mkdir -p -m 0700 "$DIR" || exit_message "error creating $DIR" 127 | 128 | # see if we can find the sample services 129 | if [ ! -d "$SERVICES" ]; then 130 | exit_message "error: sample services not found" 131 | fi 132 | 133 | cp --recursive $SERVICES/* $DIR/ || exit_message "error copying $SERVICES" 134 | chmod --recursive 0600 $DIR || exit_message "error chmodding $DIR" 135 | fi 136 | 137 | # exitcode 0 so the caller knows we are ok. 138 | exit 0 139 | -------------------------------------------------------------------------------- /scripts/vuurmuur-initd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This is an implementation of a start-script for Vuurmuur. 4 | # 5 | # (c) 2004-2019 Victor Julien, released under GPL. 6 | 7 | # Make RedHat happy: 8 | # 9 | # chkconfig: 345 91 9 10 | # Description: Vuurmuur is a firewall. 11 | # 12 | 13 | # where do the executables reside? NOTE: no trailing slash 14 | VUURMUUR_LOCATION=/usr/bin 15 | 16 | PATH=/bin:/usr/bin:/sbin:/usr/sbin 17 | 18 | case "$1" in 19 | start) 20 | echo "Starting firewall: Vuurmuur:" 21 | 22 | # check if vuurmuur is configured 23 | IFNUM=`$VUURMUUR_LOCATION/vuurmuur_script --list --interface any | wc -l` 24 | if [ "$IFNUM" = "0" ]; then 25 | echo "FAILED: please configure Vuurmuur first by defining at least one interface." 26 | exit 1 27 | fi 28 | 29 | echo -n -e "\tLoading Vuurmuur:\t" 30 | # start vuurmuur 31 | if [ ! -f /var/run/vuurmuur.pid ]; then 32 | $VUURMUUR_LOCATION/vuurmuur -D 33 | RESULT="$?" 34 | if [ "$RESULT" = "0" ]; then 35 | echo "ok." 36 | else 37 | echo "FAILED, please check /var/log/vuurmuur/error.log." 38 | fi 39 | else 40 | PID=`cat /var/run/vuurmuur.pid | cut -d " " -f 1` 41 | echo "FAILED: already running at pid $PID." 42 | fi 43 | 44 | echo -n -e "\tLoading Vuurmuur_log:\t" 45 | # start vuurmuur_log 46 | if [ ! -f /var/run/vuurmuur_log.pid ]; then 47 | $VUURMUUR_LOCATION/vuurmuur_log 48 | RESULT="$?" 49 | if [ "$RESULT" = "0" ]; then 50 | echo "ok." 51 | else 52 | echo "FAILED." 53 | fi 54 | else 55 | PID=`cat /var/run/vuurmuur_log.pid | cut -d " " -f 1` 56 | echo "FAILED: already running at pid $PID." 57 | fi 58 | 59 | echo "Starting firewall: Vuurmuur: done" 60 | ;; 61 | stop) 62 | echo "Stopping firewall Vuurmuur:" 63 | echo -n -e "\tVuurmuur:\t" 64 | if [ $(pidof vuurmuur) ]; then 65 | kill -n INT `pidof vuurmuur` 66 | echo "stopped." 67 | else 68 | echo "not running." 69 | fi 70 | echo -n -e "\tVuurmuur_log:\t" 71 | if [ $(pidof vuurmuur_log) ]; then 72 | kill -n INT `pidof vuurmuur_log` 73 | echo "stopped." 74 | else 75 | echo "not running." 76 | fi 77 | echo "Stopping firewall Vuurmuur: done." 78 | ;; 79 | force-reload|restart) 80 | $0 stop 81 | $0 start 82 | ;; 83 | *) 84 | echo "Usage: /etc/init.d/vuurmuur {start|stop|restart|force-reload}" 85 | exit 1 86 | esac 87 | 88 | exit 0 89 | -------------------------------------------------------------------------------- /scripts/vuurmuur-initd.sh.suse: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | # This is an implementation of a start-script for Vuurmuur. 4 | # 5 | # (c) 2004 Victor Julien, released under GPL. 6 | # Adapted for Suse by Aleksandr Shubnik 7 | 8 | # SuSE edition 9 | # 10 | # insserv /etc/init.d/vuurmuur 11 | # chkconfig: 345 91 9 12 | # Description: Vuurmuur is a firewall. 13 | # 14 | 15 | ### BEGIN INIT INFO 16 | # Provides: vuurmuur 17 | # Required-Start: SuSEfirewall2_init $network $local_fs 18 | # Should-Start: $ALL 19 | # Required-Stop: $local_fs 20 | # X-UnitedLinux-Should-Stop: 21 | # Default-Start: 3 4 5 22 | # Default-Stop: 0 1 2 6 23 | # Short-Description: SuSEfirewall2 phase 2 24 | # Description: Vuurmuur firewall 25 | ### END INIT INFO 26 | 27 | 28 | DAEMON="Vuurmuur daemon" 29 | DAEMON_BIN=/usr/bin/vuurmuur 30 | DAEMON_CONF=/etc/vuurmuur/config.conf 31 | DAEMON_PIDFILE=/var/run/vuurmuur.pid 32 | DAEMON_OPT="-D" 33 | SUPPORTS_HUP="yes" 34 | # "yes" if exist next value in clamd.conf 35 | # PidFile /var/run/clamd.pid 36 | 37 | DAEMONLOG="Vuurmuur_log daemon" 38 | DAEMONLOG_BIN=/usr/bin/vuurmuur_log 39 | DAEMONLOG_PIDFILE=/var/run/vuurmuur_log.pid 40 | DAEMONLOG_OPT="" 41 | 42 | # space separated list of modules to load on start, or 'none' if none ;-) 43 | MODULES_TO_LOAD="ip_tables iptable_filter iptable_mangle iptable_nat ip_conntrack ipt_state ip_conntrack_ftp ip_nat_ftp" 44 | #MODULES_TO_LOAD="none" 45 | 46 | PATH=/bin:/usr/bin:/sbin:/usr/sbin 47 | 48 | test -x $DAEMON_BIN || exit 5 49 | 50 | # Shell functions sourced from /etc/rc.status: 51 | # rc_check check and set local and overall rc status 52 | # rc_status check and set local and overall rc status 53 | # rc_status -v ditto but be verbose in local rc status 54 | # rc_status -v -r ditto and clear the local rc status 55 | # rc_failed set local and overall rc status to failed 56 | # rc_failed set local and overall rc status to 57 | # rc_reset clear local rc status (overall remains) 58 | # rc_exit exit appropriate to overall rc status 59 | . /etc/rc.status 60 | 61 | # First reset status of this service 62 | rc_reset 63 | 64 | # Return values acc. to LSB for all commands but status: 65 | # 0 - success 66 | # 1 - generic or unspecified error 67 | # 2 - invalid or excess argument(s) 68 | # 3 - unimplemented feature (e.g. "reload") 69 | # 4 - insufficient privilege 70 | # 5 - program is not installed 71 | # 6 - program is not configured 72 | # 7 - program is not running 73 | # 74 | # Note that starting an already running service, stopping 75 | # or restarting a not-running service as well as the restart 76 | # with force-reload (in case signalling is not supported) are 77 | # considered a success. 78 | 79 | # remove empty pid files to avoid disturbing warnings by checkproc/killproc 80 | # (these can occur if dhcpd does not start correctly) 81 | 82 | test -e $DAEMON_PIDFILE && ! test -s $DAEMON_PIDFILE && rm $DAEMON_PIDFILE 83 | test -f /etc/sysconfig/vuurmuur && . /etc/sysconfig/vuurmuur 84 | 85 | case "$1" in 86 | start) 87 | echo -n -e "\tLoading modules:\t" 88 | if [ "$MODULES_TO_LOAD" == "none" ]; then 89 | echo "disabled." 90 | else 91 | # load the modules 92 | for MODULE in `echo $MODULES_TO_LOAD`; do 93 | modprobe $MODULE 94 | echo -n "$MODULE " 95 | done 96 | echo "" 97 | fi 98 | 99 | echo -n "Starting $DAEMON " 100 | if test ! -f ${DAEMON_CONF}; then 101 | echo -n >&2 "Configuration file, ${DAEMON_CONF} does not exist. " 102 | rc_status -s 103 | exit 6 104 | fi 105 | checkproc -p ${DAEMON_PIDFILE} ${DAEMON_BIN} 106 | case $? in 107 | 0) echo -n "- Warning: daemon already running. " ;; 108 | 1) echo -n "- Warning: ${DAEMON_PIDFILE} exists. " ;; 109 | esac 110 | startproc -p ${DAEMON_PIDFILE} ${DAEMON_BIN} ${DAEMON_OPT} 111 | rc_status -v 112 | 113 | DAEMON=${DAEMONLOG} 114 | DAEMON_BIN=${DAEMONLOG_BIN} 115 | DAEMON_PIDFILE=${DAEMONLOG_PIDFILE} 116 | DAEMON_OPT=${DAEMONLOG_OPT} 117 | echo -n "Starting $DAEMON " 118 | checkproc -p ${DAEMON_PIDFILE} ${DAEMON_BIN} 119 | case $? in 120 | 0) echo -n "- Warning: daemon already running. " ;; 121 | 1) echo -n "- Warning: ${DAEMON_PIDFILE} exists. " ;; 122 | esac 123 | startproc -p ${DAEMON_PIDFILE} ${DAEMON_BIN} ${DAEMON_OPT} 124 | rc_status -v 125 | ;; 126 | stop) 127 | echo -n "Shutting down $DAEMON " 128 | checkproc -p ${DAEMON_PIDFILE} ${DAEMON_BIN} || \ 129 | echo -n " Warning: daemon not running. " 130 | killproc -p ${DAEMON_PIDFILE} -t 10 ${DAEMON_BIN} 131 | rc_status -v 132 | 133 | DAEMON=${DAEMONLOG} 134 | DAEMON_BIN=${DAEMONLOG_BIN} 135 | DAEMON_PIDFILE=${DAEMONLOG_PIDFILE} 136 | DAEMON_OPT=${DAEMONLOG_OPT} 137 | echo -n "Shutting down $DAEMON " 138 | checkproc -p ${DAEMON_PIDFILE} ${DAEMON_BIN} || \ 139 | echo -n " Warning: daemon not running. " 140 | killproc -p ${DAEMON_PIDFILE} -t 10 ${DAEMON_BIN} 141 | rc_status -v 142 | ;; 143 | try-restart|condrestart) 144 | if test "$1" = "condrestart"; then 145 | echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" 146 | fi 147 | $0 status 148 | if test $? = 0; then 149 | $0 restart 150 | else 151 | rc_reset 152 | fi 153 | rc_status 154 | ;; 155 | restart) 156 | $0 stop 157 | $0 start 158 | rc_status 159 | ;; 160 | force-reload|reload) 161 | if test "$SUPPORTS_HUP" = "yes"; then 162 | echo -n "Reload service $DAEMON " 163 | checkproc -p ${DAEMON_PIDFILE} ${DAEMON_BIN} && \ 164 | touch ${DAEMON_PIDFILE} || \ 165 | echo -n >&2 " Warning: daemon not running. " 166 | killproc -p ${DAEMON_PIDFILE} -HUP ${DAEMON_BIN} 167 | rc_status -v 168 | else 169 | $0 stop && sleep 3 && $0 start 170 | rc_status 171 | fi 172 | ;; 173 | status) 174 | echo -n "Checking for $DAEMON " 175 | checkproc -p ${DAEMON_PIDFILE} ${DAEMON_BIN} 176 | rc_status -v 177 | 178 | DAEMON=${DAEMONLOG} 179 | DAEMON_BIN=${DAEMONLOG_BIN} 180 | DAEMON_PIDFILE=${DAEMONLOG_PIDFILE} 181 | DAEMON_OPT=${DAEMONLOG_OPT} 182 | echo -n "Checking for $DAEMON " 183 | checkproc -p ${DAEMON_PIDFILE} ${DAEMON_BIN} 184 | rc_status -v 185 | ;; 186 | probe) 187 | test ${DAEMON_CONF} -nt ${DAEMON_PIDFILE} && echo reload 188 | ;; 189 | *) 190 | echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" 191 | exit 1 192 | ;; 193 | esac 194 | rc_exit 195 | -------------------------------------------------------------------------------- /scripts/vuurmuur-logrotate: -------------------------------------------------------------------------------- 1 | # logrotate for vuurmuur 2 | /var/log/vuurmuur/*.log { 3 | rotate 4 4 | weekly 5 | compress 6 | delaycompress 7 | missingok 8 | postrotate 9 | /bin/kill -HUP `pidof vuurmuur_log` 10 | endscript 11 | } 12 | -------------------------------------------------------------------------------- /scripts/vuurmuur-searchlog.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | VERSION="0.8.2" 4 | 5 | # needs: file, sort, cat, zcat, grep 6 | 7 | LOGNAME="$1" 8 | DIRNAME="$2" 9 | SEARCHSTRING="$3" 10 | 11 | CAT="`which cat`" 12 | ZCAT="`which zcat`" 13 | GREP="`which grep`" 14 | SORT="`which sort`" 15 | FILE="`which file`" 16 | 17 | # check for cat 18 | if [ ! -f $CAT ]; then 19 | echo "SL:ERROR: the command $CAT was not found." 20 | exit 1 21 | fi 22 | 23 | # check for zcat 24 | if [ ! -f $ZCAT ]; then 25 | echo "SL:ERROR: the command $ZCAT was not found." 26 | exit 1 27 | fi 28 | 29 | # check for grep 30 | if [ ! -f $GREP ]; then 31 | echo "SL:ERROR: the command $GREP was not found." 32 | exit 1 33 | fi 34 | 35 | # check for sort 36 | if [ ! -f $SORT ]; then 37 | echo "SL:ERROR: the command $SORT was not found." 38 | exit 1 39 | fi 40 | 41 | # check for file 42 | if [ ! -f $FILE ]; then 43 | echo "SL:ERROR: the command $FILE was not found." 44 | exit 1 45 | fi 46 | 47 | function GetFileType 48 | { 49 | CHECK_FILE=$1 50 | echo `file -b $CHECK_FILE | cut -d " " -f 1` 51 | } 52 | 53 | if [ ! -f "$DIRNAME/$LOGNAME" ]; then 54 | echo "SL:ERROR: The file \"$DIRNAME/$LOGNAME\" does not exist." 55 | exit 1 56 | fi 57 | 58 | # get the files and sort them reverse order: that means oldest first. 59 | LOGFILES=`ls $DIRNAME | grep $LOGNAME | sort -sr` 60 | 61 | for LOGFILE in `echo "$LOGFILES"`; do 62 | TYPE=`GetFileType "$DIRNAME/$LOGFILE"` 63 | 64 | #echo "TYPE $TYPE." 65 | 66 | if [ "$TYPE" = "ASCII" ]; then 67 | cat "$DIRNAME/$LOGFILE" | grep "$SEARCHSTRING" 68 | elif [ "$TYPE" = "gzip" ]; then 69 | zcat "$DIRNAME/$LOGFILE" | grep "$SEARCHSTRING" 70 | fi 71 | done 72 | 73 | echo "SL:EOF: search done" 74 | exit 0 75 | -------------------------------------------------------------------------------- /services/Makefile.am: -------------------------------------------------------------------------------- 1 | servicesdir = $(datadir)/vuurmuur/services 2 | services_DATA = aim cvs dns ftp http https icq ident imap imaps irc jabber\ 3 | ldap lisa msn\ 4 | mysql news nfs ntp pcanywhere ping pop3 pop3s pptp razor rdp rsync samba\ 5 | smtp socks squid-proxy ssh syslog telnet tinc traceroute upnp usermin vnc\ 6 | webmin whois windowsmedia yahoo 7 | EXTRA_DIST = $(services_DATA) 8 | 9 | -------------------------------------------------------------------------------- /services/aim: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="9898*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | AH="" 7 | ESP="" 8 | PROTO_41="" 9 | BROADCAST="No" 10 | HELPER="" 11 | COMMENT="AIM: Aol Instant Messenger that should connect to the aim server (toc.oscar.aol.com)" 12 | -------------------------------------------------------------------------------- /services/boxbackup: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="2201*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="http://www.boxbackup.org" 8 | AH="" 9 | ESP="" 10 | -------------------------------------------------------------------------------- /services/cvs: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="2401*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="CVS" 8 | AH="" 9 | ESP="" 10 | -------------------------------------------------------------------------------- /services/dns: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="53*1024:65535" 3 | TCP="53*53" 4 | UDP="53*1024:65535" 5 | UDP="53*53" 6 | ICMP="" 7 | GRE="" 8 | BROADCAST="No" 9 | COMMENT="Domain Name System." 10 | -------------------------------------------------------------------------------- /services/ftp: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="21*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="File Transfer Protocol" 8 | HELPER="ftp" 9 | -------------------------------------------------------------------------------- /services/git: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="9418*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | AH="" 7 | ESP="" 8 | PROTO_41="" 9 | BROADCAST="No" 10 | HELPER="" 11 | COMMENT="Git protocol " 12 | -------------------------------------------------------------------------------- /services/http: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="80:81*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="HTTP: used for normal webbrowsing." 8 | -------------------------------------------------------------------------------- /services/https: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="443*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="HTTPS for SSL-encrypted webbrowsing." 8 | -------------------------------------------------------------------------------- /services/icq: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="5190*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | AH="" 7 | ESP="" 8 | PROTO_41="" 9 | BROADCAST="No" 10 | HELPER="" 11 | COMMENT="ICQ: instant message program that should connect to login.icq.com" 12 | -------------------------------------------------------------------------------- /services/ident: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="113*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="Ident/auth/port 113" 8 | -------------------------------------------------------------------------------- /services/imap: -------------------------------------------------------------------------------- 1 | # begin of file 2 | 3 | ACTIVE="Yes" 4 | TCP="143*1024:65535" 5 | UDP="" 6 | ICMP="" 7 | GRE="" 8 | BROADCAST="No" 9 | COMMENT="Imap for managing imap on a remote server." 10 | 11 | # end of file 12 | -------------------------------------------------------------------------------- /services/imaps: -------------------------------------------------------------------------------- 1 | ACTIVE="yes" 2 | TCP="993*1024:65535" 3 | BROADCAST="no" 4 | -------------------------------------------------------------------------------- /services/irc: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="6667*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="Internet Relay Chat" 8 | HELPER="irc" 9 | -------------------------------------------------------------------------------- /services/jabber: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="5222:5223*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="Jabber (5222) and Jabbel-SSL (5223). Instant message program/protocol." 8 | -------------------------------------------------------------------------------- /services/ldap: -------------------------------------------------------------------------------- 1 | ACTIVE="yes" 2 | TCP="389*1024:65535" 3 | BROADCAST="no" 4 | COMMENT="Lightweight Directory Access Protocol." 5 | -------------------------------------------------------------------------------- /services/lisa: -------------------------------------------------------------------------------- 1 | # begin of file 2 | 3 | ACTIVE="Yes" 4 | TCP="7741*1024:65535" 5 | UDP="" 6 | ICMP="" 7 | GRE="" 8 | BROADCAST="No" 9 | COMMENT="Lisa, Kde network daemon." 10 | 11 | # end of file 12 | -------------------------------------------------------------------------------- /services/msn: -------------------------------------------------------------------------------- 1 | # begin of file 2 | 3 | ACTIVE="Yes" 4 | TCP="1863*1024:65535" 5 | UDP="" 6 | ICMP="" 7 | GRE="" 8 | BROADCAST="No" 9 | COMMENT="MSN: instant message program." 10 | 11 | # end of file 12 | -------------------------------------------------------------------------------- /services/mysql: -------------------------------------------------------------------------------- 1 | ACTIVE="yes" 2 | TCP="3306*1024:65535" 3 | BROADCAST="no" 4 | -------------------------------------------------------------------------------- /services/news: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="119*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="News, or NNTP. For accessing newsgroups." 8 | -------------------------------------------------------------------------------- /services/nfs: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="2049*1024:65535" 3 | UDP="2049*1024:65535" 4 | ICMP="" 5 | GRE="" 6 | AH="" 7 | ESP="" 8 | PROTO_41="" 9 | BROADCAST="No" 10 | HELPER="" 11 | COMMENT="Network File System ports, it will also need other ports, because of portmapper" 12 | -------------------------------------------------------------------------------- /services/ntp: -------------------------------------------------------------------------------- 1 | ACTIVE="yes" 2 | UDP="123*1024:65535" 3 | UDP="123*123" 4 | BROADCAST="no" 5 | COMMENT="Network Time Protocol." 6 | -------------------------------------------------------------------------------- /services/pcanywhere: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="5631*1024:65535" 3 | UDP="5631:5632*1024:65535" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="PcAnywhere, for remote control of the desktop of Windows(tm) pc's." 8 | -------------------------------------------------------------------------------- /services/ping: -------------------------------------------------------------------------------- 1 | # begin of file 2 | 3 | ACTIVE="Yes" 4 | TCP="" 5 | UDP="" 6 | ICMP="8:0*0:0" 7 | GRE="" 8 | BROADCAST="No" 9 | COMMENT="" 10 | 11 | # end of file 12 | -------------------------------------------------------------------------------- /services/pop3: -------------------------------------------------------------------------------- 1 | # begin of file 2 | 3 | ACTIVE="Yes" 4 | TCP="110*1024:65535" 5 | UDP="" 6 | ICMP="" 7 | GRE="" 8 | BROADCAST="No" 9 | COMMENT="" 10 | 11 | # end of file 12 | -------------------------------------------------------------------------------- /services/pop3s: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="995*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="Secure pop3" 8 | -------------------------------------------------------------------------------- /services/pptp: -------------------------------------------------------------------------------- 1 | ACTIVE="yes" 2 | TCP="1723*1024:65535" 3 | BROADCAST="no" 4 | UDP="" 5 | GRE="" 6 | ICMP="" 7 | -------------------------------------------------------------------------------- /services/razor: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="2703*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="Protocol for the razor spam blacklist." 8 | HELPER="" 9 | -------------------------------------------------------------------------------- /services/rdp: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="3389*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="RDP: Windows Remote Desktop." 8 | -------------------------------------------------------------------------------- /services/rsync: -------------------------------------------------------------------------------- 1 | ACTIVE="yes" 2 | TCP="873*1024:65535" 3 | BROADCAST="no" 4 | -------------------------------------------------------------------------------- /services/samba: -------------------------------------------------------------------------------- 1 | # begin of file 2 | 3 | ACTIVE="Yes" 4 | TCP="139*1024:65535" 5 | TCP="445*1024:65535" 6 | UDP="137:138*137:138" 7 | UDP="137:138*1024:65535" 8 | UDP="1024:65535*137:138" 9 | ICMP="" 10 | GRE="" 11 | BROADCAST="Yes" 12 | COMMENT="Samba, the Windows Network." 13 | 14 | # end of file 15 | 16 | -------------------------------------------------------------------------------- /services/sixxs: -------------------------------------------------------------------------------- 1 | TCP="3874*1024:65535" 2 | UDP="5072*1024:65535" 3 | ICMP="" 4 | GRE="" 5 | AH="" 6 | ESP="" 7 | PROTO_41="" 8 | BROADCAST="No" 9 | HELPER="" 10 | COMMENT="SixXS tunnel auto-configuration and traffic tunneling" 11 | 12 | -------------------------------------------------------------------------------- /services/smtp: -------------------------------------------------------------------------------- 1 | # begin of file 2 | 3 | ACTIVE="Yes" 4 | TCP="25*1024:65535" 5 | UDP="" 6 | ICMP="" 7 | GRE="" 8 | BROADCAST="No" 9 | COMMENT="" 10 | 11 | # end of file 12 | -------------------------------------------------------------------------------- /services/snmp: -------------------------------------------------------------------------------- 1 | # begin of file 2 | 3 | ACTIVE="Yes" 4 | TCP="161*1024:65535" 5 | UDP="161*1024:65535" 6 | ICMP="" 7 | GRE="" 8 | BROADCAST="No" 9 | COMMENT="Simple Net Management Protocol" 10 | 11 | # end of file 12 | -------------------------------------------------------------------------------- /services/snmp-trap: -------------------------------------------------------------------------------- 1 | # begin of file 2 | 3 | ACTIVE="Yes" 4 | TCP="162*1024:65535" 5 | UDP="162*1024:65535" 6 | ICMP="" 7 | GRE="" 8 | BROADCAST="No" 9 | COMMENT="Traps for SNMP" 10 | 11 | # end of file 12 | -------------------------------------------------------------------------------- /services/socks: -------------------------------------------------------------------------------- 1 | # begin of file 2 | 3 | ACTIVE="Yes" 4 | 5 | TCP="1080*1024:65535" 6 | 7 | UDP="" 8 | 9 | ICMP="" 10 | 11 | GRE="" 12 | 13 | BROADCAST="No" 14 | 15 | # end of file 16 | -------------------------------------------------------------------------------- /services/squid-proxy: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="3128*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="A service for the Squid-proxy..." 8 | -------------------------------------------------------------------------------- /services/ssh: -------------------------------------------------------------------------------- 1 | # begin of file 2 | 3 | ACTIVE="Yes" 4 | TCP="22*1024:65535" 5 | UDP="" 6 | ICMP="" 7 | GRE="" 8 | BROADCAST="No" 9 | COMMENT="SSH. Secure Shell." 10 | 11 | # end of file 12 | -------------------------------------------------------------------------------- /services/svn: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="3690*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | AH="" 7 | ESP="" 8 | PROTO_41="" 9 | BROADCAST="No" 10 | HELPER="" 11 | COMMENT="Subversion protocol " 12 | -------------------------------------------------------------------------------- /services/syslog: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="" 3 | UDP="514*1024:65535" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="" 8 | AH="" 9 | ESP="" 10 | -------------------------------------------------------------------------------- /services/telnet: -------------------------------------------------------------------------------- 1 | # begin of file 2 | 3 | ACTIVE="Yes" 4 | TCP="23*1024:65535" 5 | UDP="" 6 | ICMP="" 7 | GRE="" 8 | BROADCAST="No" 9 | COMMENT="Protocol for remote management. Depreciated on insecure networks. Use SSH instead." 10 | 11 | # end of file 12 | -------------------------------------------------------------------------------- /services/tinc: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="655*655" 3 | UDP="655*655" 4 | ICMP="" 5 | GRE="" 6 | AH="" 7 | ESP="" 8 | PROTO_41="" 9 | BROADCAST="No" 10 | HELPER="" 11 | COMMENT="Tinc VPN ports (http://www.tinc-vpn.org)" 12 | -------------------------------------------------------------------------------- /services/traceroute: -------------------------------------------------------------------------------- 1 | # begin of file 2 | 3 | ACTIVE="Yes" 4 | 5 | TCP="" 6 | 7 | UDP="33434:33523*1024:65535" 8 | 9 | ICMP="" 10 | 11 | GRE="" 12 | 13 | BROADCAST="No" 14 | 15 | # end of file 16 | -------------------------------------------------------------------------------- /services/upnp: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="" 3 | UDP="1900*1024:65535" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="Universal Plug and Pray... not recommended to enable to pass your firewall." 8 | -------------------------------------------------------------------------------- /services/usermin: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="20000*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="" 8 | AH="" 9 | ESP="" 10 | -------------------------------------------------------------------------------- /services/vnc: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="5900*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="Vnc: Linux remote desktop-like tool." 8 | -------------------------------------------------------------------------------- /services/webmin: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="10000*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="" 8 | AH="" 9 | ESP="" 10 | -------------------------------------------------------------------------------- /services/whois: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="43*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | BROADCAST="No" 7 | COMMENT="" 8 | -------------------------------------------------------------------------------- /services/windowsmedia: -------------------------------------------------------------------------------- 1 | ACTIVE="yes" 2 | TCP="1755*1024:65535" 3 | BROADCAST="no" 4 | -------------------------------------------------------------------------------- /services/yahoo: -------------------------------------------------------------------------------- 1 | ACTIVE="Yes" 2 | TCP="5050*1024:65535" 3 | UDP="" 4 | ICMP="" 5 | GRE="" 6 | AH="" 7 | ESP="" 8 | PROTO_41="" 9 | BROADCAST="No" 10 | HELPER="" 11 | COMMENT="Y!M: Yahoo! Messenger to connect to the yahoo network (scs.msg.yahoo.com)" 12 | -------------------------------------------------------------------------------- /vuurmuur/Makefile.am: -------------------------------------------------------------------------------- 1 | METASOURCES = AUTO 2 | bin_PROGRAMS = vuurmuur 3 | vuurmuur_SOURCES = \ 4 | createrule.c \ 5 | misc.c \ 6 | reload.c \ 7 | rules.c \ 8 | ruleset.c \ 9 | shape.c \ 10 | vuurmuur.c 11 | vuurmuur_LDADD = $(LIBVUURMUUR_LDADD) 12 | noinst_HEADERS = main.h 13 | -------------------------------------------------------------------------------- /vuurmuur/misc.c: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2003-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | #include "main.h" 22 | 23 | void send_hup_to_vuurmuurlog(void) 24 | { 25 | int i = 0; 26 | pid_t vuurmuur_pid; 27 | int result = 0; 28 | 29 | /* get the pid (the i is bogus) */ 30 | vuurmuur_pid = get_vuurmuur_pid("/var/run/vuurmuur_log.pid", &i); 31 | if (vuurmuur_pid > 0) { 32 | /* send a signal to vuurmuur_log */ 33 | result = kill(vuurmuur_pid, SIGHUP); 34 | if (result < 0) { 35 | vrmr_warning("Warning", 36 | "sending SIGHUP to Vuurmuur_log failed (PID: %ld): %s.", 37 | (long)vuurmuur_pid, strerror(errno)); 38 | } 39 | } else { 40 | vrmr_warning("Warning", 41 | "sending SIGHUP to Vuurmuur_log failed: could not get pid."); 42 | } 43 | 44 | return; 45 | } 46 | 47 | void cmdline_override_config(struct vrmr_config *conf) 48 | { 49 | if (cmdline.vrmr_check_iptcaps_set == TRUE) { 50 | conf->vrmr_check_iptcaps = cmdline.vrmr_check_iptcaps; 51 | vrmr_debug(NONE, 52 | "overriding vrmr_check_iptcaps from commandline to %s.", 53 | conf->vrmr_check_iptcaps ? "TRUE" : "FALSE"); 54 | } 55 | 56 | if (cmdline.verbose_out_set == TRUE) { 57 | conf->verbose_out = cmdline.verbose_out; 58 | vrmr_debug(NONE, "overriding verbose_out from commandline to %s.", 59 | conf->verbose_out ? "TRUE" : "FALSE"); 60 | } 61 | 62 | if (cmdline.configfile_set == TRUE) { 63 | strlcpy(conf->configfile, cmdline.configfile, sizeof(conf->configfile)); 64 | vrmr_debug(NONE, "overriding configfile from commandline to %s.", 65 | conf->configfile); 66 | } 67 | } 68 | 69 | int sysctl_exec(struct vrmr_config *cnf, char *key, char *value, int bash_out) 70 | { 71 | if (bash_out) { 72 | fprintf(stdout, "%s -w %s=%s\n", cnf->sysctl_location, key, value); 73 | return 0; 74 | } 75 | 76 | char line[1024]; 77 | snprintf(line, sizeof(line), "%s=%s", key, value); 78 | 79 | const char *args[] = {cnf->sysctl_location, "-w", line, NULL}; 80 | int result = 81 | libvuurmuur_exec_command(cnf, cnf->sysctl_location, args, NULL); 82 | if (result != 0) { 83 | // vrmr_error(result, "Error", "sysctl %s=%s failed", key, value); 84 | return -1; 85 | } 86 | return 0; 87 | } 88 | 89 | int logprint_error_bash(int errorlevel, const char *head, char *fmt, ...) 90 | { 91 | va_list ap; 92 | char long_str[VRMR_MAX_LOGRULE_SIZE] = "", 93 | prnt_str[VRMR_MAX_LOGRULE_SIZE] = ""; 94 | 95 | va_start(ap, fmt); 96 | vsnprintf(long_str, sizeof(long_str), fmt, ap); 97 | va_end(ap); 98 | 99 | if (snprintf(prnt_str, sizeof(prnt_str), "%s (%d): %s", head, errorlevel, 100 | long_str) >= (int)sizeof(prnt_str)) { 101 | return (-1); 102 | } 103 | 104 | /* print in the error log */ 105 | vrmr_logprint(vrprint.errorlog, prnt_str); 106 | /* and in the info log */ 107 | vrmr_logprint(vrprint.infolog, prnt_str); 108 | /* finally the bash out */ 109 | fprintf(stdout, "# %s\n", prnt_str); 110 | return (0); 111 | } 112 | 113 | int logprint_warning_bash(const char *head, char *fmt, ...) 114 | { 115 | va_list ap; 116 | char long_str[VRMR_MAX_LOGRULE_SIZE] = "", 117 | prnt_str[VRMR_MAX_LOGRULE_SIZE] = ""; 118 | 119 | va_start(ap, fmt); 120 | vsnprintf(long_str, sizeof(long_str), fmt, ap); 121 | va_end(ap); 122 | 123 | if (snprintf(prnt_str, sizeof(prnt_str), "%s: %s", head, long_str) >= 124 | (int)sizeof(prnt_str)) { 125 | return (-1); 126 | } 127 | 128 | /* now print in the warning log */ 129 | vrmr_logprint(vrprint.infolog, prnt_str); 130 | /* finally the bash out */ 131 | fprintf(stdout, "# %s\n", prnt_str); 132 | return (0); 133 | } 134 | 135 | int logprint_info_bash(const char *head, char *fmt, ...) 136 | { 137 | va_list ap; 138 | char long_str[VRMR_MAX_LOGRULE_SIZE] = "", 139 | prnt_str[VRMR_MAX_LOGRULE_SIZE] = ""; 140 | 141 | va_start(ap, fmt); 142 | vsnprintf(long_str, sizeof(long_str), fmt, ap); 143 | va_end(ap); 144 | 145 | if (snprintf(prnt_str, sizeof(prnt_str), "%s: %s", head, long_str) >= 146 | (int)sizeof(prnt_str)) { 147 | return (-1); 148 | } 149 | 150 | vrmr_logprint(vrprint.infolog, prnt_str); 151 | /* finally the bash out */ 152 | fprintf(stdout, "# %s\n", prnt_str); 153 | return (0); 154 | } 155 | -------------------------------------------------------------------------------- /vuurmuur_conf/Makefile.am: -------------------------------------------------------------------------------- 1 | bin_PROGRAMS = vuurmuur_conf 2 | vuurmuur_conf_SOURCES = \ 3 | bw_sec.c \ 4 | config.c \ 5 | config_section.c \ 6 | conn_sec.c \ 7 | filter.c \ 8 | gui.c gui.h \ 9 | help.c \ 10 | if_sec.c \ 11 | logview_section.c \ 12 | mainmenu.c \ 13 | navigation.c \ 14 | rules_form.c \ 15 | services_section.c \ 16 | statevent.c \ 17 | stat_sec.c \ 18 | sys_sec.c \ 19 | templates.c \ 20 | topmenu.c \ 21 | vuurmuur_conf.c \ 22 | zones_section.c 23 | 24 | # set the include path found by configure 25 | AM_CPPFLAGS = -I. -I.. -I$(top_srcdir)/intl $(all_includes) 26 | 27 | # the library search path. 28 | vuurmuur_conf_LDFLAGS = $(all_libraries) 29 | vuurmuur_conf_LDADD = $(LIBVUURMUUR_LDADD) $(NCURSES_LIBS) 30 | 31 | LIBS = @LIBINTL@ @LIBS@ 32 | 33 | noinst_HEADERS = common_strings.h gui.h main.h gettext.h 34 | -------------------------------------------------------------------------------- /vuurmuur_conf/gui.h: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2003-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | #ifndef __GUI_H__ 22 | #define __GUI_H__ 23 | 24 | /* menu wrapper */ 25 | struct vrmr_gui_menu { 26 | MENU *m; 27 | ITEM **i; 28 | unsigned int nitems; 29 | 30 | char use_namelist; 31 | struct vrmr_list name; 32 | void (*free_name)(void *ptr); 33 | 34 | char use_desclist; 35 | struct vrmr_list desc; 36 | void (*free_desc)(void *ptr); 37 | 38 | unsigned int cur_item; 39 | 40 | chtype fg, bg; 41 | 42 | int h, /* height */ 43 | w, /* width */ 44 | y, /* y start relative 45 | to win */ 46 | x; /* x start relative 47 | to win */ 48 | WINDOW *dw; /* used by derwin */ 49 | }; 50 | 51 | /** form field types */ 52 | enum vrmr_gui_form_field_types 53 | { 54 | VRMR_GUI_FORM_FIELD_TYPE_LABEL, 55 | VRMR_GUI_FORM_FIELD_TYPE_TEXT, 56 | VRMR_GUI_FORM_FIELD_TYPE_CHECKBOX, 57 | }; 58 | 59 | /** storage for form field registration */ 60 | struct vrmr_gui_form_field { 61 | enum vrmr_gui_form_field_types type; 62 | chtype cp; 63 | int h, w, toprow, leftcol; 64 | const char *name; 65 | union { 66 | const char *value_str; 67 | int value_bool; 68 | } v; 69 | }; 70 | 71 | /* form wrapper */ 72 | struct vrmr_gui_form { 73 | FORM *f; 74 | FIELD **fields; 75 | FIELD *cur, *prev; 76 | unsigned int nfields; 77 | unsigned int cur_field; 78 | 79 | chtype fg, bg; 80 | 81 | int h, /* height */ 82 | w, /* width */ 83 | y, /* y start relative 84 | to win */ 85 | x; /* x start relative 86 | to win */ 87 | WINDOW *dw; /* used by derwin */ 88 | 89 | int (*save)(void *ctx, char *name, char *value); 90 | void *save_ctx; 91 | 92 | struct vrmr_list list; /**< list of vrmr_gui_form_field's, filled 93 | * during setup of a form. */ 94 | }; 95 | 96 | /* window/panel wrapper */ 97 | struct vrmr_gui_win { 98 | 99 | WINDOW *w; 100 | PANEL *p; 101 | 102 | int height, width; 103 | 104 | int y, x; 105 | 106 | /* TODO: add menu? */ 107 | }; 108 | 109 | /* global busywin */ 110 | extern struct vrmr_gui_win *vr_busywin; 111 | 112 | void VrBusyWinCreate(void); 113 | void VrBusyWinShow(void); 114 | void VrBusyWinHide(void); 115 | void VrBusyWinDelete(void); 116 | 117 | int VrWinGetOffset( 118 | int yj, int xj, int h, int w, int yo, int xo, int *y, int *x); 119 | struct vrmr_gui_win *VrNewWin(int h, int w, int y, int x, chtype cp); 120 | void VrDelWin(struct vrmr_gui_win *win); 121 | int VrWinSetTitle(struct vrmr_gui_win *win, const char *title); 122 | int VrWinGetch(struct vrmr_gui_win *win); 123 | 124 | struct vrmr_gui_menu *VrNewMenu( 125 | int h, int w, int y, int x, unsigned int n, chtype bg, chtype fg); 126 | void VrDelMenu(struct vrmr_gui_menu *); 127 | void VrMenuSetupNameList(struct vrmr_gui_menu *menu); 128 | void VrMenuSetupDescList(struct vrmr_gui_menu *menu); 129 | void VrMenuSetNameFreeFunc( 130 | struct vrmr_gui_menu *menu, void (*free_func)(void *ptr)); 131 | void VrMenuSetDescFreeFunc( 132 | struct vrmr_gui_menu *menu, void (*free_func)(void *ptr)); 133 | int VrMenuAddItem( 134 | struct vrmr_gui_menu *menu, const char *name, const char *desc); 135 | int VrMenuAddSepItem(struct vrmr_gui_menu *menu, const char *desc); 136 | void VrMenuConnectToWin(struct vrmr_gui_menu *menu, struct vrmr_gui_win *win); 137 | char VrMenuDefaultNavigation(struct vrmr_gui_menu *menu, int key); 138 | void VrMenuPost(struct vrmr_gui_menu *); 139 | void VrMenuUnPost(struct vrmr_gui_menu *); 140 | 141 | struct vrmr_gui_form *VrNewForm( 142 | int h, int w, int y, int x, chtype bg, chtype fg); 143 | void VrDelForm(struct vrmr_gui_form *form); 144 | void VrFormPost(struct vrmr_gui_form *form); 145 | void VrFormUnPost(struct vrmr_gui_form *form); 146 | void VrFormAddTextField(struct vrmr_gui_form *form, int height, int width, 147 | int toprow, int leftcol, chtype cp, const char *name, 148 | const char *value); 149 | void VrFormAddLabelField(struct vrmr_gui_form *form, int height, int width, 150 | int toprow, int leftcol, chtype cp, const char *value); 151 | void VrFormAddCheckboxField(struct vrmr_gui_form *form, int toprow, int leftcol, 152 | chtype cp, const char *name, char enabled); 153 | void VrFormConnectToWin(struct vrmr_gui_form *form, struct vrmr_gui_win *win); 154 | char VrFormDefaultNavigation(struct vrmr_gui_form *form, int key); 155 | int VrFormCheckOKCancel(struct vrmr_gui_form *form, int key); 156 | void VrFormDrawMarker(struct vrmr_gui_win *win, struct vrmr_gui_form *form); 157 | int VrFormSetSaveFunc(struct vrmr_gui_form *form, 158 | int (*save)(void *ctx, char *name, char *value), void *ctx); 159 | 160 | #endif /* __GUI_H__ */ 161 | -------------------------------------------------------------------------------- /vuurmuur_conf/topmenu.c: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2003-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | #include "main.h" 22 | 23 | static void menunameprint(WINDOW *win, const char *menuname) 24 | { 25 | if (menuname != NULL) 26 | mvwprintw(win, 0, 2, " %s ", menuname); 27 | } 28 | 29 | static int keyprint( 30 | WINDOW *win, int y, int x, const char *keystr, const char *cmd) 31 | { 32 | int res = 0, printlen = 0; 33 | 34 | vrmr_fatal_if_null(keystr); 35 | vrmr_fatal_if_null(cmd); 36 | 37 | printlen = (int)(StrLen(keystr) + 2 + StrLen(cmd)); 38 | if (printlen + x > COLS - 2) 39 | return (0); 40 | if (x > COLS - 2) 41 | return (0); 42 | 43 | wattron(win, vccnf.color_bgd | A_BOLD); 44 | mvwprintw(win, y, x, "%s:", keystr); 45 | wattroff(win, vccnf.color_bgd | A_BOLD); 46 | 47 | wattron(win, vccnf.color_bgd_hi | A_BOLD); 48 | mvwprintw(win, y, (int)(x + StrLen(keystr) + 1), "%s", cmd); 49 | wattroff(win, vccnf.color_bgd_hi | A_BOLD); 50 | 51 | res = (int)(x + StrLen(keystr) + 1 + StrLen(cmd) + 2); 52 | return (res); 53 | } 54 | 55 | struct { 56 | char hostname[60]; 57 | } TopMenu; 58 | 59 | static void setup_topmenu(WINDOW *local_win) 60 | { 61 | int max_width; 62 | 63 | if (!local_win) 64 | return; 65 | 66 | max_width = getmaxx(stdscr); 67 | 68 | /* get the hostname */ 69 | if (gethostname(TopMenu.hostname, sizeof(TopMenu.hostname)) < 0) 70 | (void)strlcpy( 71 | TopMenu.hostname, gettext("error"), sizeof(TopMenu.hostname)); 72 | 73 | wattron(local_win, vccnf.color_bgd | A_BOLD); 74 | mvwprintw(local_win, 0, (int)(max_width - 4 - StrLen(TopMenu.hostname)), 75 | " %s ", TopMenu.hostname); 76 | wattroff(local_win, vccnf.color_bgd | A_BOLD); 77 | } 78 | 79 | void draw_top_menu(WINDOW *local_win, const char *title, int key_n, 80 | const char **keys, int cmd_n, const char **cmds) 81 | { 82 | int pos = 2, i = 0; 83 | 84 | vrmr_fatal_if(key_n != cmd_n); 85 | 86 | werase(local_win); 87 | 88 | /* draw the box and the title */ 89 | wattron(local_win, vccnf.color_bgd); 90 | box(local_win, 0, 0); 91 | menunameprint(local_win, title); 92 | wattroff(local_win, vccnf.color_bgd); 93 | 94 | for (i = 0; i < key_n; i++) { 95 | pos = keyprint(local_win, 1, pos, keys[i], cmds[i]); 96 | if (pos <= 0) 97 | break; 98 | } 99 | 100 | setup_topmenu(local_win); 101 | update_panels(); 102 | doupdate(); 103 | } 104 | -------------------------------------------------------------------------------- /vuurmuur_log/Makefile.am: -------------------------------------------------------------------------------- 1 | METASOURCES = AUTO 2 | bin_PROGRAMS = vuurmuur_log 3 | 4 | vuurmuur_log_SOURCES = \ 5 | conntrack.c conntrack.h \ 6 | logfile.c logfile.h \ 7 | nflog.c nflog.h \ 8 | stats.c stats.h \ 9 | vuurmuur_ipc.c vuurmuur_ipc.h \ 10 | vuurmuur_log.c vuurmuur_log.h 11 | 12 | vuurmuur_log_LDADD = $(LIBVUURMUUR_LDADD) $(NFNETLINK_LIBS) $(LIBNETFILTER_LOG_LIBS) $(LIBMNL_LIBS) $(LIBNETFILTER_CONNTRACK_LIBS) 13 | noinst_HEADERS = vuurmuur_log.h conntrack.h logfile.h stats.h nflog.h vuurmuur_ipc.h 14 | 15 | -------------------------------------------------------------------------------- /vuurmuur_log/conntrack.h: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2003-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | #ifndef __CONNTRACK_H__ 22 | #define __CONNTRACK_H__ 23 | 24 | int conntrack_subscribe(struct vrmr_log_record *); 25 | int conntrack_disconnect(void); 26 | int conntrack_read(struct vrmr_log_record *); 27 | 28 | #endif /* __CONNTRACK_H__ */ 29 | -------------------------------------------------------------------------------- /vuurmuur_log/logfile.c: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2003-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | #include "vuurmuur_log.h" 21 | #include "logfile.h" 22 | 23 | static int close_vuurmuurlog( 24 | const struct vrmr_config *conf, FILE **vuurmuur_log) 25 | { 26 | int retval = 0; 27 | 28 | /* close the logfiles */ 29 | if (fclose(*vuurmuur_log) < 0) { 30 | vrmr_error(-1, "Error", "closing the vuurmuur-log '%s' failed: %s.", 31 | conf->trafficlog_location, strerror(errno)); 32 | retval = -1; 33 | } 34 | 35 | *vuurmuur_log = NULL; 36 | 37 | return (retval); 38 | } 39 | 40 | FILE *open_logfile( 41 | const struct vrmr_config *cnf, const char *path, const char *mode) 42 | { 43 | FILE *fp = NULL; 44 | 45 | assert(path && mode); 46 | 47 | /* open the logfile */ 48 | if (!(fp = vuurmuur_fopen(cnf, path, mode))) { 49 | vrmr_error(-1, "Error", "the logfile '%s' could not be opened: %s", 50 | path, strerror(errno)); 51 | return (NULL); 52 | } 53 | 54 | /* listen at the end of the file */ 55 | if (fseek(fp, (off_t)0, SEEK_END) == -1) { 56 | vrmr_error(-1, "Error", 57 | "attaching to the end of the logfile failed: %s", 58 | strerror(errno)); 59 | fclose(fp); 60 | return (NULL); 61 | } 62 | 63 | return (fp); 64 | } 65 | 66 | int open_vuurmuurlog(const struct vrmr_config *cnf, FILE **vuurmuur_log) 67 | { 68 | /* open the vuurmuur logfile */ 69 | if (!(*vuurmuur_log = open_logfile(cnf, cnf->trafficlog_location, "a"))) { 70 | vrmr_error(-1, "Error", "opening traffic log file '%s' failed: %s", 71 | cnf->trafficlog_location, strerror(errno)); 72 | return (-1); 73 | } 74 | return (0); 75 | } 76 | 77 | int reopen_vuurmuurlog(const struct vrmr_config *cnf, FILE **vuurmuur_log) 78 | { 79 | vrmr_debug(NONE, "Reopening vuurmuur log"); 80 | 81 | /* close the logfiles */ 82 | (void)close_vuurmuurlog(cnf, vuurmuur_log); 83 | 84 | /* re-open the vuurmuur logfile */ 85 | if (!(*vuurmuur_log = open_logfile(cnf, cnf->trafficlog_location, "a"))) { 86 | vrmr_error(-1, "Error", "Re-opening traffic log file '%s' failed: %s.", 87 | cnf->trafficlog_location, strerror(errno)); 88 | return (-1); 89 | } 90 | 91 | vrmr_debug(NONE, "Done reopening"); 92 | return (0); 93 | } 94 | -------------------------------------------------------------------------------- /vuurmuur_log/logfile.h: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2003-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | #ifndef __LOGFILE_H__ 22 | #define __LOGFILE_H__ 23 | 24 | #include "stats.h" 25 | 26 | FILE *open_logfile(const struct vrmr_config *, const char *, const char *); 27 | 28 | int open_syslog(const struct vrmr_config *, FILE **); 29 | int reopen_syslog(const struct vrmr_config *, FILE **); 30 | 31 | int open_vuurmuurlog(const struct vrmr_config *, FILE **); 32 | int reopen_vuurmuurlog(const struct vrmr_config *, FILE **); 33 | 34 | int reopen_logfiles(FILE **, FILE **); 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /vuurmuur_log/nflog.h: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2003-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | #ifndef __NFLOG_H__ 21 | #define __NFLOG_H__ 22 | 23 | #include "vuurmuur_log.h" 24 | #include "stats.h" 25 | 26 | #include 27 | #include 28 | 29 | int subscribe_nflog( 30 | const struct vrmr_config *, struct vrmr_log_record *logrule); 31 | int readnflog(void); 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /vuurmuur_log/stats.c: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2003-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | /** \file 22 | * stats.c implements functions to keep track of statistics */ 23 | 24 | #include "vuurmuur_log.h" 25 | #include "stats.h" 26 | 27 | void show_stats(struct logcounters *c) 28 | { 29 | fprintf(stdout, "\nStatistics:\n"); 30 | 31 | fprintf(stdout, 32 | "Total logrules: %u (vuurmuur: %u, other: %u, invalid: %u)\n", 33 | c->total, c->totalvuurmuur, c->noipt, c->invalid_loglines); 34 | 35 | fprintf(stdout, "\nMatches:\n"); 36 | fprintf(stdout, "Accepted : %u\n", c->accept); 37 | fprintf(stdout, "Queued : %u\n", c->queue); 38 | fprintf(stdout, "Rejected : %u\n", c->reject); 39 | fprintf(stdout, "Dropped : %u\n", c->drop); 40 | fprintf(stdout, "Other : %u\n", c->other_match); 41 | 42 | fprintf(stdout, "\nProtocols:\n"); 43 | fprintf(stdout, "TCP : %u\n", c->tcp); 44 | fprintf(stdout, "UDP : %u\n", c->udp); 45 | fprintf(stdout, "ICMP : %u\n", c->icmp); 46 | fprintf(stdout, "Other : %u\n", c->other_proto); 47 | return; 48 | } 49 | 50 | void upd_action_ctrs(char *action, struct logcounters *c) 51 | { 52 | /* ACTION counters */ 53 | if (strcmp(action, "DROP") == 0) 54 | c->drop++; 55 | else if (strcmp(action, "ACCEPT") == 0) 56 | c->accept++; 57 | else if (strcmp(action, "REJECT") == 0) 58 | c->reject++; 59 | else if (strcmp(action, "NFQUEUE") == 0) 60 | c->queue++; 61 | else 62 | c->other_match++; 63 | } 64 | -------------------------------------------------------------------------------- /vuurmuur_log/stats.h: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2003-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | #ifndef __STATS_H__ 22 | #define __STATS_H__ 23 | 24 | struct logcounters { 25 | uint32_t drop; 26 | uint32_t accept; 27 | uint32_t reject; 28 | uint32_t queue; 29 | uint32_t other_match; 30 | 31 | uint32_t tcp; 32 | uint32_t udp; 33 | uint32_t icmp; 34 | uint32_t other_proto; 35 | 36 | uint32_t totalvuurmuur; 37 | 38 | uint32_t noipt; 39 | uint32_t invalid_loglines; 40 | 41 | uint32_t total; 42 | }; 43 | 44 | void show_stats(struct logcounters *); 45 | void upd_action_ctrs(char *action, struct logcounters *c); 46 | 47 | #endif /* __STATS_H__ */ 48 | -------------------------------------------------------------------------------- /vuurmuur_log/vuurmuur_ipc.h: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2003-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | #ifndef __VUURMUURIPC_H__ 21 | #define __VUURMUURIPC_H__ 22 | 23 | int ipc_setup(int *, struct vrmr_shm_table **); 24 | int ipc_destroy(int); 25 | int ipc_check_reload(struct vrmr_shm_table *); 26 | int ipc_sync(int, int *, struct vrmr_shm_table *, int *); 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /vuurmuur_log/vuurmuur_log.h: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2003-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | #ifndef __VUURMUUR_LOG_H__ 22 | #define __VUURMUUR_LOG_H__ 23 | 24 | #include "../config.h" 25 | 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | 34 | #ifndef _GNU_SOURCE 35 | #define _GNU_SOURCE 36 | #endif 37 | #include 38 | 39 | #define PIDFILE "/var/run/vuurmuur_log.pid" 40 | #define SVCNAME "vuurmuur_log" 41 | 42 | /* the line starts at position 0 */ 43 | #define LINE_START 0 44 | 45 | /* The maximum time to wait for the next line: if the time is reached, we close 46 | the logfiles, and open them again. This is to prevent the program from 47 | getting confused because of log rotation. 48 | 49 | NOTE: the time is in 10th's of a second! 50 | */ 51 | #define MAX_WAIT_TIME 600 52 | 53 | /* define these here so converting to gettext will be easier */ 54 | #define VR_ERR "Error" 55 | #define VR_INTERR "Internal Error" 56 | #define VR_INFO "Info" 57 | #define VR_WARN "Warning" 58 | 59 | int reopen_logfiles(FILE **, FILE **); 60 | int open_logfiles(const struct vrmr_config *cnf, FILE **, FILE **); 61 | 62 | int process_logrecord(struct vrmr_log_record *log_record); 63 | 64 | extern char version_string[128]; 65 | extern int sem_id; 66 | 67 | #endif /* __VUURMUUR_LOG_H__ */ 68 | -------------------------------------------------------------------------------- /vuurmuur_script/Makefile.am: -------------------------------------------------------------------------------- 1 | METASOURCES = AUTO 2 | bin_PROGRAMS = vuurmuur_script 3 | 4 | vuurmuur_script_SOURCES = \ 5 | backendcheck.c \ 6 | script_add.c \ 7 | script_apply.c \ 8 | script_delete.c \ 9 | script_dev.c \ 10 | script_list.c \ 11 | script_modify.c \ 12 | script_print.c \ 13 | script_rename.c \ 14 | script_unblock.c \ 15 | vuurmuur_script.c vuurmuur_script.h 16 | 17 | vuurmuur_script_LDADD = $(LIBVUURMUUR_LDADD) 18 | noinst_HEADERS = backendcheck.h 19 | -------------------------------------------------------------------------------- /vuurmuur_script/backendcheck.h: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2005-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | #ifndef __BACKENDCHECK_H__ 22 | #define __BACKENDCHECK_H__ 23 | 24 | int backend_vrmr_check_active(char *, struct vrmr_regex *); 25 | int backend_check_comment(char *, struct vrmr_regex *); 26 | 27 | int backend_check_host_ipaddress(char *, struct vrmr_regex *); 28 | int backend_check_host_macaddress(char *, struct vrmr_regex *); 29 | 30 | int backend_check_group_member(char *, struct vrmr_regex *); 31 | 32 | int backend_check_network_network(char *, struct vrmr_regex *); 33 | int backend_check_network_netmask(char *, struct vrmr_regex *); 34 | int backend_check_network_interface(char *, struct vrmr_regex *); 35 | int backend_check_network_rule(char *, struct vrmr_regex *); 36 | 37 | int backend_check_interface_ipaddress(char *, struct vrmr_regex *); 38 | int backend_check_interface_device(char *, struct vrmr_regex *); 39 | int backend_check_interface_virtual(char *, struct vrmr_regex *); 40 | int backend_check_interface_shape(char *, struct vrmr_regex *); 41 | int backend_check_interface_bw(char *, struct vrmr_regex *); 42 | int backend_check_interface_bw_unit(char *, struct vrmr_regex *); 43 | int backend_check_interface_rule(char *, struct vrmr_regex *); 44 | int backend_check_interface_tcpmss(char *, struct vrmr_regex *); 45 | 46 | int backend_check_service_broadcast(char *, struct vrmr_regex *); 47 | int backend_check_service_helper(char *, struct vrmr_regex *); 48 | int backend_check_service_tcp(char *, struct vrmr_regex *); 49 | int backend_check_service_udp(char *, struct vrmr_regex *); 50 | int backend_check_service_icmp(char *, struct vrmr_regex *); 51 | int backend_check_service_gre(char *, struct vrmr_regex *); 52 | int backend_check_service_esp(char *, struct vrmr_regex *); 53 | int backend_check_service_ah(char *, struct vrmr_regex *); 54 | int backend_check_service_proto41(char *, struct vrmr_regex *); 55 | 56 | int backend_check_rule_rule(char *, struct vrmr_regex *); 57 | 58 | struct backend_vars_ { 59 | int type; 60 | char var[32]; 61 | char multi; 62 | int (*chk)(char *value, struct vrmr_regex *reg); 63 | } backend_vars[] = { 64 | /* host specific */ 65 | {VRMR_TYPE_HOST, "ACTIVE", 0, backend_vrmr_check_active}, 66 | {VRMR_TYPE_HOST, "IPADDRESS", 0, backend_check_host_ipaddress}, 67 | {VRMR_TYPE_HOST, "MAC", 0, backend_check_host_macaddress}, 68 | {VRMR_TYPE_HOST, "COMMENT", 0, backend_check_comment}, 69 | 70 | /* group specific */ 71 | {VRMR_TYPE_GROUP, "ACTIVE", 0, backend_vrmr_check_active}, 72 | {VRMR_TYPE_GROUP, "MEMBER", 1, backend_check_group_member}, 73 | {VRMR_TYPE_GROUP, "COMMENT", 0, backend_check_comment}, 74 | 75 | /* network specific */ 76 | {VRMR_TYPE_NETWORK, "ACTIVE", 0, backend_vrmr_check_active}, 77 | {VRMR_TYPE_NETWORK, "NETWORK", 0, backend_check_network_network}, 78 | {VRMR_TYPE_NETWORK, "NETMASK", 0, backend_check_network_netmask}, 79 | {VRMR_TYPE_NETWORK, "INTERFACE", 1, backend_check_network_interface}, 80 | {VRMR_TYPE_NETWORK, "RULE", 1, backend_check_network_rule}, 81 | {VRMR_TYPE_NETWORK, "COMMENT", 0, backend_check_comment}, 82 | 83 | /* zone specific */ 84 | {VRMR_TYPE_ZONE, "ACTIVE", 0, backend_vrmr_check_active}, 85 | {VRMR_TYPE_ZONE, "COMMENT", 0, backend_check_comment}, 86 | 87 | /* interface specific */ 88 | {VRMR_TYPE_INTERFACE, "ACTIVE", 0, backend_vrmr_check_active}, 89 | {VRMR_TYPE_INTERFACE, "IPADDRESS", 0, 90 | backend_check_interface_ipaddress}, 91 | {VRMR_TYPE_INTERFACE, "DEVICE", 0, backend_check_interface_device}, 92 | {VRMR_TYPE_INTERFACE, "VIRTUAL", 0, backend_check_interface_virtual}, 93 | {VRMR_TYPE_INTERFACE, "RULE", 1, backend_check_interface_rule}, 94 | {VRMR_TYPE_INTERFACE, "COMMENT", 0, backend_check_comment}, 95 | {VRMR_TYPE_INTERFACE, "SHAPE", 0, backend_check_interface_shape}, 96 | {VRMR_TYPE_INTERFACE, "TCPMSS", 0, backend_check_interface_tcpmss}, 97 | {VRMR_TYPE_INTERFACE, "BW_IN", 0, backend_check_interface_bw}, 98 | {VRMR_TYPE_INTERFACE, "BW_OUT", 0, backend_check_interface_bw}, 99 | {VRMR_TYPE_INTERFACE, "BW_IN_UNIT", 0, backend_check_interface_bw_unit}, 100 | {VRMR_TYPE_INTERFACE, "BW_OUT_UNIT", 0, 101 | backend_check_interface_bw_unit}, 102 | 103 | /* service specific */ 104 | {VRMR_TYPE_SERVICE, "ACTIVE", 0, backend_vrmr_check_active}, 105 | {VRMR_TYPE_SERVICE, "BROADCAST", 0, backend_check_service_broadcast}, 106 | {VRMR_TYPE_SERVICE, "HELPER", 0, backend_check_service_helper}, 107 | {VRMR_TYPE_SERVICE, "TCP", 1, backend_check_service_tcp}, 108 | {VRMR_TYPE_SERVICE, "UDP", 1, backend_check_service_udp}, 109 | {VRMR_TYPE_SERVICE, "ICMP", 1, backend_check_service_icmp}, 110 | {VRMR_TYPE_SERVICE, "GRE", 1, backend_check_service_gre}, 111 | {VRMR_TYPE_SERVICE, "ESP", 1, backend_check_service_esp}, 112 | {VRMR_TYPE_SERVICE, "AH", 1, backend_check_service_ah}, 113 | {VRMR_TYPE_SERVICE, "PROTO_41", 1, backend_check_service_proto41}, 114 | {VRMR_TYPE_SERVICE, "COMMENT", 0, backend_check_comment}, 115 | 116 | /* rule specific */ 117 | {VRMR_TYPE_RULE, "RULE", 1, backend_check_rule_rule}, 118 | 119 | /* last */ 120 | {-1, "", 0, NULL}, 121 | }; 122 | 123 | #endif 124 | -------------------------------------------------------------------------------- /vuurmuur_script/script_list.c: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2005-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | #include "vuurmuur_script.h" 22 | 23 | int script_list(struct vuurmuur_script *vr_script) 24 | { 25 | char back_zone[VRMR_MAX_ZONE] = "", back_net[VRMR_MAX_NETWORK] = "", 26 | back_host[VRMR_MAX_HOST] = ""; 27 | 28 | if (vr_script->type == VRMR_TYPE_ZONE) { 29 | while (vr_script->vctx.zf->list(vr_script->vctx.zone_backend, 30 | vr_script->bdat, &vr_script->zonetype, 31 | VRMR_BT_ZONES) != NULL) { 32 | if (vr_script->zonetype == vr_script->type) { 33 | printf("%s\n", vr_script->bdat); 34 | } 35 | } 36 | } else if (vr_script->type == VRMR_TYPE_NETWORK) { 37 | while (vr_script->vctx.zf->list(vr_script->vctx.zone_backend, 38 | vr_script->bdat, &vr_script->zonetype, 39 | VRMR_BT_ZONES) != NULL) { 40 | if (vr_script->zonetype == vr_script->type) { 41 | if (strcmp(vr_script->name, "any") != 0) { 42 | /* validate and split the new name */ 43 | if (vrmr_validate_zonename(vr_script->bdat, 0, back_zone, 44 | back_net, back_host, 45 | vr_script->vctx.reg.zonename, 46 | VRMR_VERBOSE) != 0) { 47 | vrmr_error(VRS_ERR_INTERNAL, VR_INTERR, 48 | "invalid name '%s' returned from backend", 49 | vr_script->name); 50 | return (VRS_ERR_INTERNAL); 51 | } 52 | vrmr_debug(HIGH, 53 | "name: '%s': host/group '%s', net '%s', zone '%s'.", 54 | vr_script->bdat, back_host, back_net, back_zone); 55 | 56 | if (strcmp(back_zone, vr_script->name_zone) == 0) { 57 | printf("%s\n", vr_script->bdat); 58 | } 59 | } else { 60 | printf("%s\n", vr_script->bdat); 61 | } 62 | } 63 | } 64 | } else if (vr_script->type == VRMR_TYPE_HOST || 65 | vr_script->type == VRMR_TYPE_GROUP) { 66 | while (vr_script->vctx.zf->list(vr_script->vctx.zone_backend, 67 | vr_script->bdat, &vr_script->zonetype, 68 | VRMR_BT_ZONES) != NULL) { 69 | if (vr_script->zonetype == vr_script->type) { 70 | if (strcmp(vr_script->name, "any") != 0) { 71 | /* validate and split the new name */ 72 | if (vrmr_validate_zonename(vr_script->bdat, 0, back_zone, 73 | back_net, back_host, 74 | vr_script->vctx.reg.zonename, 75 | VRMR_VERBOSE) != 0) { 76 | vrmr_error(VRS_ERR_INTERNAL, VR_INTERR, 77 | "invalid name '%s' returned from backend", 78 | vr_script->name); 79 | return (VRS_ERR_INTERNAL); 80 | } 81 | vrmr_debug(HIGH, 82 | "name: '%s': host/group '%s', net '%s', zone '%s'.", 83 | vr_script->bdat, back_host, back_net, back_zone); 84 | 85 | if (strcmp(back_zone, vr_script->name_zone) == 0 && 86 | (vr_script->name_net[0] == '\0' || 87 | strcmp(back_net, vr_script->name_net) == 88 | 0)) { 89 | printf("%s\n", vr_script->bdat); 90 | } 91 | } else { 92 | printf("%s\n", vr_script->bdat); 93 | } 94 | } 95 | } 96 | } else if (vr_script->type == VRMR_TYPE_SERVICE) { 97 | while (vr_script->vctx.sf->list(vr_script->vctx.serv_backend, 98 | vr_script->bdat, &vr_script->zonetype, 99 | VRMR_BT_SERVICES) != NULL) { 100 | printf("%s\n", vr_script->bdat); 101 | } 102 | } else if (vr_script->type == VRMR_TYPE_INTERFACE) { 103 | while (vr_script->vctx.af->list(vr_script->vctx.ifac_backend, 104 | vr_script->bdat, &vr_script->zonetype, 105 | VRMR_BT_INTERFACES) != NULL) { 106 | printf("%s\n", vr_script->bdat); 107 | } 108 | } else if (vr_script->type == VRMR_TYPE_RULE) { 109 | while (vr_script->vctx.rf->list(vr_script->vctx.rule_backend, 110 | vr_script->bdat, &vr_script->zonetype, 111 | VRMR_BT_RULES) != NULL) { 112 | printf("%s\n", vr_script->bdat); 113 | } 114 | } else { 115 | vrmr_error(VRS_ERR_INTERNAL, VR_INTERR, "unknown type %d.", 116 | vr_script->type); 117 | return (VRS_ERR_INTERNAL); 118 | } 119 | 120 | return (0); 121 | } 122 | -------------------------------------------------------------------------------- /vuurmuur_script/script_unblock.c: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2005-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | 21 | #include "vuurmuur_script.h" 22 | 23 | /* unblock written by Adi Kriegish */ 24 | 25 | /* remove_leading_part 26 | 27 | This function strips of the leading string "block " from a rule string 28 | and copies the result to a new string. 29 | 30 | Returnvalues: 31 | on success: returns a newly created string 32 | on failure: exits immediately 33 | */ 34 | 35 | char *remove_leading_part(char *input) 36 | { 37 | assert(input); 38 | 39 | size_t len = strlen(input); 40 | if (len < 7) { 41 | vrmr_error(VRS_ERR_DATA_INCONSISTENCY, VR_ERR, 42 | "empty string returned from backend"); 43 | exit(VRS_ERR_DATA_INCONSISTENCY); 44 | } 45 | 46 | char *output = strdup(input + 6); 47 | if (output == NULL) { 48 | vrmr_error( 49 | VRS_ERR_MALLOC, VR_ERR, "strdup failed: %s", strerror(errno)); 50 | exit(VRS_ERR_MALLOC); 51 | } 52 | return (output); 53 | } 54 | 55 | /* script_unblock 56 | 57 | This function iterates through the blocklist and removes a user specified 58 | item from this list if it was found. 59 | 60 | Returncodes: 61 | VRS_SUCCESS: success, item was removed 62 | VRS_ERR_COMMAND_FAILED: saving the blocklist in backend failed 63 | VRS_ERR_COMMANDLINE: item not found in blocklist 64 | 65 | */ 66 | int script_unblock(struct vuurmuur_script *vr_script) 67 | { 68 | char removed = FALSE; /* used to track if we really removed the 69 | object */ 70 | struct vrmr_blocklist blocklist; /* "new" blocklist (object to be removed 71 | will not be added to this list) */ 72 | int retval = VRS_SUCCESS; 73 | 74 | vrmr_list_setup(&blocklist.list, free); 75 | blocklist.old_blocklistfile_used = FALSE; 76 | 77 | while (vr_script->vctx.rf->ask(vr_script->vctx.rule_backend, "blocklist", 78 | "RULE", vr_script->bdat, sizeof(vr_script->bdat), 79 | VRMR_TYPE_RULE, 1) == 1) { 80 | vrmr_rules_encode_rule(vr_script->bdat, sizeof(vr_script->bdat)); 81 | 82 | char *str = remove_leading_part(vr_script->bdat); 83 | 84 | if (strcmp(vr_script->set, str)) { 85 | /* ok, no match; keep it in the list */ 86 | if (vrmr_list_append(&blocklist.list, 87 | remove_leading_part(vr_script->bdat)) == NULL) { 88 | vrmr_error(VRS_ERR_INTERNAL, VR_ERR, "vrmr_list_append failed"); 89 | free(str); 90 | return (VRS_ERR_INTERNAL); 91 | } 92 | } else { 93 | /* we want to remove it: so lets just not put it in the list! */ 94 | removed = TRUE; /* this means, we have something changed in 95 | the blocklist */ 96 | } 97 | 98 | free(str); 99 | } 100 | 101 | if (removed == TRUE) { 102 | if (vrmr_blocklist_save_list( 103 | &vr_script->vctx, &vr_script->vctx.conf, &blocklist) != 0) { 104 | vrmr_error(VRS_ERR_COMMAND_FAILED, VR_ERR, 105 | "could not save updated blocklist"); 106 | return (VRS_ERR_COMMAND_FAILED); 107 | } 108 | logchange(vr_script, "item '%s' removed from the blocklist.", 109 | vr_script->bdat); 110 | } else { 111 | vrmr_error(VRS_ERR_COMMANDLINE, VR_ERR, 112 | "item '%s' not found in the blocklist", vr_script->set); 113 | retval = VRS_ERR_COMMANDLINE; 114 | } 115 | 116 | vrmr_list_cleanup(&blocklist.list); 117 | return (retval); 118 | } 119 | -------------------------------------------------------------------------------- /vuurmuur_script/vuurmuur_script.h: -------------------------------------------------------------------------------- 1 | /*************************************************************************** 2 | * Copyright (C) 2002-2019 by Victor Julien * 3 | * victor@vuurmuur.org * 4 | * * 5 | * This program is free software; you can redistribute it and/or modify * 6 | * it under the terms of the GNU General Public License as published by * 7 | * the Free Software Foundation; either version 2 of the License, or * 8 | * (at your option) any later version. * 9 | * * 10 | * This program is distributed in the hope that it will be useful, * 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 | * GNU General Public License for more details. * 14 | * * 15 | * You should have received a copy of the GNU General Public License * 16 | * along with this program; if not, write to the * 17 | * Free Software Foundation, Inc., * 18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * 19 | ***************************************************************************/ 20 | #ifndef __VUURMUUR_SCRIPT_H__ 21 | #define __VUURMUUR_SCRIPT_H__ 22 | 23 | #include "../config.h" 24 | 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include /* for basename */ 30 | #include 31 | #include 32 | #include /* for catching signals */ 33 | #include /* included for logging */ 34 | #include /* error handling */ 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #ifndef _GNU_SOURCE 41 | #define _GNU_SOURCE 42 | #endif 43 | #include 44 | 45 | /* our own vuurmuurlib */ 46 | #include 47 | 48 | #define YES 1 49 | #define NO 0 50 | 51 | /* define these here so converting to gettext will be easier */ 52 | #define VR_ERR "Error" 53 | #define VR_INTERR "Internal Error" 54 | #define VR_INFO "Info" 55 | #define VR_WARN "Warning" 56 | 57 | #define EXIT_SUCCESS 0 58 | #define EXIT_COMMANDLINE_ERROR 1 59 | 60 | extern struct vrmr_shm_table *shm_table; 61 | 62 | /* semaphore id */ 63 | extern int sem_id; 64 | 65 | /* pointer to the environment */ 66 | extern char **environ; 67 | 68 | enum 69 | { 70 | CMD_UNSET = 0, 71 | 72 | CMD_ADD, /* add an object */ 73 | CMD_DEL, /* delete an object */ 74 | CMD_MOD, /* modify an object */ 75 | CMD_REN, /* rename an object */ 76 | CMD_PRT, /* print the content of an object */ 77 | CMD_LST, /* lists objects */ 78 | CMD_BLK, /* block an ip, host or group */ 79 | CMD_UBL, /* unblock an ip, host or group */ 80 | CMD_LBL, /* list blocked objects */ 81 | CMD_RLD, /* apply changes without any other action */ 82 | 83 | CMD_ERROR, 84 | }; 85 | 86 | enum 87 | { 88 | VRS_SUCCESS = 0, 89 | VRS_ERR_COMMANDLINE = 1, 90 | VRS_ERR_COMMAND_FAILED = 2, 91 | VRS_ERR_NOT_FOUND = 3, 92 | VRS_ERR_ALREADY_EXISTS = 4, 93 | VRS_ERR_MALLOC = 5, 94 | VRS_ERR_DATA_INCONSISTENCY = 6, 95 | VRS_ERR_INTERNAL = 254, 96 | }; 97 | 98 | extern char version_string[128]; 99 | 100 | struct vuurmuur_script { 101 | int cmd, type; 102 | 103 | char name[VRMR_MAX_HOST_NET_ZONE], 104 | 105 | name_zone[VRMR_MAX_ZONE], name_net[VRMR_MAX_NETWORK], 106 | name_host[VRMR_MAX_HOST]; 107 | 108 | char var[32]; 109 | char set[1024]; 110 | 111 | char overwrite; 112 | 113 | /* some data used by most function */ 114 | int zonetype; 115 | char bdat[1024]; 116 | 117 | /* try to instruct vuurmuur and vuurmuur_log to reload? */ 118 | char apply; 119 | 120 | /* print rule numbers? */ 121 | char print_rule_numbers; 122 | 123 | /* library ctx */ 124 | struct vrmr_ctx vctx; 125 | }; 126 | 127 | void logchange(struct vuurmuur_script *, char *fmt, ...) ATTR_FMT_PRINTF(2, 3); 128 | 129 | int script_print(struct vuurmuur_script *); 130 | int script_list(struct vuurmuur_script *); 131 | int script_add(struct vuurmuur_script *); 132 | int script_delete(struct vuurmuur_script *); 133 | int script_modify(struct vuurmuur_script *); 134 | int script_rename(struct vuurmuur_script *); 135 | int script_apply(struct vuurmuur_script *vr_script); 136 | int script_unblock(struct vuurmuur_script *vr_script); 137 | int script_list_devices(void); 138 | 139 | int backend_check(int, char *, char *, char, struct vrmr_regex *); 140 | 141 | char *remove_leading_part(char *input); 142 | 143 | #endif 144 | --------------------------------------------------------------------------------