alterator-net-iptables-1.11/000075500000000000000000000000001116664577100160325ustar00rootroot00000000000000alterator-net-iptables-1.11/Makefile000064400000000000000000000005401116664577100174710ustar00rootroot00000000000000NAME=net-iptables PO_SHELL_TRLIST=bin/* all: clean: install: install-module install-data include /usr/share/alterator/build/module.mak install-data: install -d $(sysconfdir)/alterator/$(NAME) cp -a data/*.desktop $(sysconfdir)/alterator/$(NAME) install -d $(bindir) cp -a bin/* $(bindir) mkdir -p $(libexecdir)/alterator/hooks/net-iptables.d/ alterator-net-iptables-1.11/applications/000075500000000000000000000000001116664577100205205ustar00rootroot00000000000000alterator-net-iptables-1.11/applications/net-iptables.desktop000064400000000000000000000005331116664577100245030ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Network Terminal=false Name=Network firewall Icon=net-iptables X-Alterator-URI=/net-iptables X-Alterator-Weight=20 X-Alterator-Help=net-iptables Name[ru]=Брандмауэр Name[uk]=Мережевий екран Name[pt_BR]=Configurações de Firewall Name[es]=Configuraciones de Firewall alterator-net-iptables-1.11/backend3/000075500000000000000000000000001116664577100175045ustar00rootroot00000000000000alterator-net-iptables-1.11/backend3/net-iptables000075500000000000000000000030001116664577100220120ustar00rootroot00000000000000#!/bin/sh alterator_api_version=1 . alterator-sh-functions . alterator-net-functions on_message() { case "$in_action" in list) set_locale case "$in__objects" in ifaces) list_iface | while read ifname; do local ifinfo="$(ifaceinfo "$ifname")" local ip="$(ip addr show dev "$ifname" |\ sed -n -e 's/^[[:space:]]*inet[[:space:]]\+\([0-9\.]\+\).*/\1/p')" write_enum_item "$ifname" "$ifname${ifinfo:+ ($ifinfo)}${ip:+ $ip}" done ;; services) iptables_helper list | cut -f1,3 | write_enum ;; modes) write_enum_item "router" "`_ "router"`" write_enum_item "gateway" "`_ "gateway"`" esac ;; read) unset external_ifaces opened_services opened_tcp_ports opened_udp_ports mode eval $(iptables_helper show) write_string_param "external_ifaces" "$external_ifaces" write_string_param "opened_services" "$opened_services" write_string_param "opened_tcp_ports" "$opened_tcp_ports" write_string_param "opened_udp_ports" "$opened_udp_ports" write_string_param "mode" "$mode" ;; write) set_locale local ans="$(iptables_helper write \ -m "${in_mode:-router}"\ -e "$in_external_ifaces"\ -s "$in_opened_services"\ -t "$in_opened_tcp_ports"\ -u "$in_opened_udp_ports" 2>&1)" [ -z "$ans" ] || write_error "${ans#iptables_helper*:}" ;; esac } message_loop alterator-net-iptables-1.11/bin/000075500000000000000000000000001116664577100166025ustar00rootroot00000000000000alterator-net-iptables-1.11/bin/iptables_helper000075500000000000000000000341551116664577100217020ustar00rootroot00000000000000#!/bin/sh -eu LANGUAGE="${LANGUAGE:-C}" IPTABLES_HELPER_CONF="${IPTABLES_HELPER_CONF:-/etc/alterator/net-iptables.conf}" _(){ gettext "alterator-net-iptables" "$1" } print_help(){ cat < [] Possible actions: help -- show help message show -- show current settings write -- change some settings and commit them to system reset -- reset settings to the default values list -- show list of available services (uses \$LANGUAGE) Write action options: -m -- specify mode (gateway|router) -e -- specify list of external interfaces -s -- specify list of opened services on external ifaces -t -- specify list of opened extra tcp ports on external ifaces -u -- specify list of opened extra udp ports on external ifaces -U (on|off) -- add rules for ulogd -S -- add transparent squid redirection from int ifaces to Use empty port to remove redirection -D -- specify list of dnat rules (rule="iface:port=ip:port") -d -- don't change system settings, only config file * Values in lists must be separated by semicolon. * You can add value to existing list using "+" argument, remove it using "-" or replace the whole list using ";;..." Read action options: -m -- show mode (gateway|router) -e -- show list of external interfaces (space separated) -i -- show list of internal interfaces -s -- show list of opened services on external ifaces -t -- show list of opened extra tcp ports on external ifaces -u -- show list of opened extra udp ports on external ifaces -U -- show ulogd setting (on|off) -S -- show transparent squid setting (empty or port number) -D -- show list of dnat rules Common options: -v -- be verbose System settings made by write action: * ip forwarding is on * ip firewalling is on * ACCEPT all INPUT packets from internal ifaces * DROP all INPUT packets from external ifaces excepting that for selected ports and services and packets with --state ESTABLISHED,RELATED * ACCEPT all FORWARD packets from internal ifaces * DROP all FORWARD packets from external ifaces except ones with --state ESTABLISHED,RELATED * if mode is "gateway", address translation is applied for output to each external iface * for option "ulodg" add specific rules to INPUT, OUTPUT and FORWARD policy Examples $0 show # show current settings $0 show -i # show internal interfaces $0 show -m # show mode $0 list # list available services $0 write -s +ssh # open ssh on external interfaces $0 write -s -ftp # close ftp on external interfaces $0 write -e "eth1;eth2" # set external interfaces $0 write -m gateway # set up NAT $0 write -t "20;21" -u "20;21" # open only specified ports $0 write -t "+22" -u "+22" # open specified ports $0 reset # reset settings to default values EOF } #' -- for xgettext, not mc! . shell-error . shell-getopt . shell-config . alterator-net-functions # etcnet configuration files: INPUT="/etc/net/ifaces/default/fw/iptables/filter/INPUT" OUTPUT="/etc/net/ifaces/default/fw/iptables/filter/OUTPUT" FORWARD="/etc/net/ifaces/default/fw/iptables/filter/FORWARD" NAT_POST="/etc/net/ifaces/default/fw/iptables/nat/POSTROUTING" NAT_PRE="/etc/net/ifaces/default/fw/iptables/nat/PREROUTING" EFW="/etc/net/scripts/contrib/efw --iptables default all restart" IFOPTS="/etc/net/ifaces/default" FWOPTS="/etc/net/ifaces/default/fw" # alterator-net-iptables configuration files: SERVICEDIR="/etc/alterator/net-iptables/" ########################## # show current settings show_settings(){ echo -e "mode=\"$mode\"" echo -e "external_ifaces=\"$external_ifaces\"" echo -e "opened_services=\"$opened_services\"" echo -e "opened_tcp_ports=\"$opened_tcp_ports\"" echo -e "opened_udp_ports=\"$opened_udp_ports\"" echo -e "ulogd=\"$ulogd\"" echo -e "squid=\"$squid\"" echo -e "dnat_rules=\"$dnat_rules\"" } # read settings from file read_settings(){ [ -f "$IPTABLES_HELPER_CONF" ] || return 0 local cmd="$(sed -n \ -e '/^mode=/p'\ -e '/^external_ifaces=/p'\ -e '/^opened_services=/p'\ -e '/^opened_tcp_ports=/p'\ -e '/^opened_udp_ports=/p'\ -e '/^ulogd=/p'\ -e '/^squid=/p'\ -e '/^dnat_rules=/p'\ "$IPTABLES_HELPER_CONF")" eval $cmd } reset_vars(){ mode="router" external_ifaces= opened_services= opened_tcp_ports= opened_udp_ports= ulogd="off" squid= dnat_rules= } reset_settings(){ reset_vars write_settings } # test all values test_vars(){ [ "$mode" = "gateway" -o "$mode" = "router" ] || fatal "`_ "Error: bad mode"` \"$mode\" `_ "(possible values: gateway or router)"`" for i in $(echo "$opened_tcp_ports" | tr -s ';,' ' '); do echo $i | grep -q '^[0-9]\+$' ||\ fatal "`_ "Error: bad TCP port"` \"$i\" `_ "(must be a number)"`" done for i in $(echo "$opened_udp_ports" | tr -s ';,' ' '); do echo $i | grep -q '^[0-9]\+$' ||\ fatal "`_ "Error: bad UTP port"` \"$i\" `_ "(must be a number)"`" done local ifaces="$(list_iface | cut -f1 | tr -s '\n' ' ')" ifaces=" $ifaces " for i in $(echo "$external_ifaces" | tr -s ';,' ' '); do [ -z "${ifaces##* $i *}" ] ||\ fatal "`_ "Error: unknown interface"` \"$i\" (`_ "possible values:"`$ifaces)" done local services="$(list_services | cut -f1 | tr -s '\n' ' ')" services=" $services " for i in $(echo "$opened_services" | tr -s ';,' ' '); do [ -z "${services##* $i *}" ] ||\ fatal "`_ "Error: unknown service"` \"$i\"" done [ "$ulogd" = "on" -o "$ulogd" = "off" ] || fatal "`_ "Error: bad ULOGD mode"` \"$ulogd\" `_ "(possible values: on or off)"`" echo $squid | grep -q '^[0-9]*$' ||\ fatal "`_ "Error: bad SQUID port"` \"$squid\" `_ "(must be a number or empty string)"`" for i in $(echo "$dnat_rules" | tr -s ';,' ' '); do echo "$i" |\ while IFS=":" read proto sif sp dip dp; do [ "$proto" = "tcp" -o "$proto" = "udp" ] ||\ fatal "`_ "Error: unknown protocol in DNAT rule"` \"$proto\" (`_ "possible values:"` tcp, udp)" [ -z "${ifaces##* $sif *}" ] ||\ fatal "`_ "Error: unknown interface in DNAT rule"` \"$i\" (`_ "possible values:"`$ifaces)" echo $sp | grep -q '^[0-9]\+$' ||\ fatal "`_ "Error: bad port in DNAT rule"` \"$i\" `_ "(must be a number)"`" echo $dp | grep -q '^[0-9]\+$' ||\ fatal "`_ "Error: bad port in DNAT rule"` \"$i\" `_ "(must be a number)"`" echo $dip | grep -q '^[0-9]\{1,3\}\+\.[0-9]\{1,3\}\+\.[0-9]\{1,3\}\+\.[0-9]\{1,3\}\+$' ||\ fatal "`_ "Error: bad ip in DNAT rule"` \"$i\"" done done } show_external_ifaces(){ echo "$external_ifaces" | tr -s ';,' ' ' } show_internal_ifaces(){ local ext="$(show_external_ifaces)" local int=" $(list_iface | cut -f1 | tr -s '\n' ' ') " for i in $ext; do int="${int%% $i *} ${int##* $i }"; done echo "$int" } # write settings to config, commit them to system write_settings(){ verbose "checking all values" test_vars verbose "writing parameters to $IPTABLES_HELPER_CONF" show_settings > "$IPTABLES_HELPER_CONF" if [ -n "$dontcommit" ]; then verbose "don't commit settings to system" return fi verbose "turning on ip forwarding" local frdelim='[[:space:]]*=[[:space:]]*' local fwdelim=' = ' shell_config_set /etc/net/sysctl.conf net.ipv4.ip_forward 1 "$frdelim" "$fwdelim" echo 1 >/proc/sys/net/ipv4/ip_forward verbose "turning on ip firewalling" write_iface_option "$IFOPTS" "CONFIG_FW" "yes" write_iface_option "$FWOPTS" "FW_TYPE" "iptables" write_iface_option "$FWOPTS" "IPTABLES_HUMAN_SYNTAX" "no" verbose "resetting chains" echo > "$INPUT" echo > "$OUTPUT" echo > "$FORWARD" echo > "$NAT_PRE" echo > "$NAT_POST" cat > "$INPUT" << EOF -P ACCEPT -f -j DROP -m state --state ESTABLISHED,RELATED -j ACCEPT EOF cat > "$OUTPUT" << EOF -P ACCEPT -f -j DROP EOF local i p s local ext="$(show_external_ifaces)" local int="$(show_internal_ifaces)" verbose "external ifaces: $ext" verbose "internal ifaces: $int" if [ "$ulogd" = "on" ]; then verbose "setting up ULOGD rules" local text='-j ULOG --ulog-nlgroup 1 --ulog-cprange 48 --ulog-qthreshold 50' echo "$text --ulog-prefix \"icount\"" >> "$INPUT" echo "$text --ulog-prefix \"ocount\"" >> "$OUTPUT" echo "$text --ulog-prefix \"fcount\"" >> "$FORWARD" fi for i in $(echo "$dnat_rules" | tr -s ';,' ' '); do echo "$i" |\ while IFS=":" read proto sip sp dip dp; do verbose "setting up DNAT rule: $proto $sip:$sp -> $dip:$dp" echo "-p $proto --destination $sip --dport $sp -j DNAT --to-destination $dip:$dp" >> "$NAT_PRE" done done if [ -n "$squid" ]; then verbose "setting up SQUID redirection:" for i in $int; do verbose " iface: $i, port 80 -> $port" echo "-i $i -p tcp --dport 80 -j REDIRECT --to-port $squid" >> "$NAT_PRE" done fi for i in $ext; do verbose "configuring external interface $i:" for s in $(echo "$opened_services" | tr -s ';,' ' '); do verbose " open service $s on interface $i:" local ports="$(alterator-dump-desktop -v out=X-Alterator-Port $SERVICEDIR/$s.desktop |\ tr ';' ' ')" for p in $ports; do if [ $p = "icmp:" ]; then verbose " open icmp" echo "-i $i -p icmp -j ACCEPT" >> "$INPUT" continue fi echo $p | grep -q '^\(tcp\|udp\):[0-9]\+$' ||\ fatal "`_ "Error: bad port"` $p `_ "in desktop-file for service"` $s." verbose " open port $p" echo "-i $i -p ${p%%:*} --dport ${p##*:} -j ACCEPT" >> "$INPUT" done done for p in $(echo "$opened_tcp_ports" | tr -s ';,' ' '); do verbose " open extra port tcp:$p on iface $i" echo "-i $i -p tcp --dport $p -j ACCEPT" >> "$INPUT" done for p in $(echo "$opened_udp_ports" | tr -s ';,' ' '); do verbose " open extra port udp:$p on iface $i" echo "-i $i -p udp --dport $p -j ACCEPT" >> "$INPUT" done verbose " close other ports on interface $i" echo "-i $i -j DROP" >> "$INPUT" done # settin up FORWARD rules for i in $ext; do verbose "closing forwarding from iface: $i" echo "-i $i -m state --state ESTABLISHED,RELATED -j ACCEPT" >> "$FORWARD" echo "-i $i -j DROP" >> "$FORWARD" done # setting up NAT if [ "$mode" = "gateway" ]; then verbose "setting up NAT" echo > "$NAT_POST" local i1 i2 for i in $ext; do echo "-o $i -j MASQUERADE" >> "$NAT_POST" verbose " to $i iface" done fi verbose "restarting efw" if [ -z "$verbose" ]; then $EFW > /dev/null || fatal "`_ "Error while reloading firewalling rules"`" else $EFW > /dev/stderr || fatal "`_ "Error while reloading firewalling rules"`" fi verbose "running /usr/lib/alterator/hooks/net-iptables.d/*" run-parts /usr/lib/alterator/hooks/net-iptables.d/ || fatal "`_ "Error while running /usr/lib/alterator/hooks/net-iptables.d/*"`" } # show available services (note: $LANGUAGE is used) list_services(){ alterator-dump-desktop \ -v lang="$LANGUAGE" \ -v out="Filename;X-Alterator-Port;Name" \ -v def="notfound;noport;" \ $SERVICEDIR/*.desktop | while read filename port name; do filename="${filename##*/}" filename="${filename%.desktop}" printf '%s\t%s\t%s\n' "$filename" "$port" "$name" done } # modify list: + or - or ;... modify_list(){ local list="$1" local arg="$2" if [ -z "$arg" ]; then eval $list="" elif [ -z "${arg%%+*}" ]; then [ -z "$(echo $arg | tr -c -d ';, ')" ] || fatal "`_ "Can't add multiple values to list"`" #' local new="$(eval "echo \$$list" | tr -s ';, ' '\n' | while read l; do [ "$l" = "${arg#+}" ] || echo -n "${l:+$l;}" done)" eval "$list=\"\$new\${arg#+}\"" elif [ -z "${arg%%-*}" ]; then [ -z "$(echo $arg | tr -c -d ';, ')" ] || fatal "`_ "Can't remove multiple values from list"`" #' local new="$(eval "echo \$$list" | tr -s ';, ' '\n' | while read l; do [ "$l" = "${arg#-}" ] || echo -n "${l:+$l;}" done)" eval $list="\${new%;}" else eval $list="\$arg" fi } ######################## # default settings action="${1:-help}" shift ||: # reset vars to default values reset_vars # read current settings from config file read_settings dontcommit= # parse options case "$action" in write) while getopts "m:e:s:t:u:U:S:D:vd" "$@"; do case $OPTOPT in m) mode="$OPTARG" ;; e) modify_list external_ifaces "$OPTARG" ;; s) modify_list opened_services "$OPTARG" ;; t) modify_list opened_tcp_ports "$OPTARG" ;; u) modify_list opened_udp_ports "$OPTARG" ;; U) ulogd="$OPTARG" ;; S) squid="$OPTARG" ;; D) modify_list dnat_rules "$OPTARG" ;; v) verbose=1 ;; d) dontcommit=1 ;; esac done ;; reset) while getopts "vd" "$@"; do case $OPTOPT in v) verbose=1 ;; d) dontcommit=1 ;; esac done ;; show) while getopts "meistuUSDv" "$@"; do case $OPTOPT in m) echo $mode; exit 0 ;; e) show_external_ifaces; exit 0 ;; i) show_internal_ifaces; exit 0 ;; s) echo "$opened_services" | tr -s ';,' ' '; exit 0 ;; t) echo "$opened_tcp_ports" | tr -s ';,' ' '; exit 0 ;; u) echo "$opened_udp_ports" | tr -s ';,' ' '; exit 0 ;; U) echo "$ulogd"; exit 0 ;; S) echo "$squid"; exit 0 ;; D) echo "$dnat_rules"; exit 0 ;; v) verbose=1 ;; esac done ;; *) while getopts "v" "$@"; do case $OPTOPT in v) verbose=1 ;; esac done ;; esac verbose "executing $action action" case $action in show) show_settings ;; list) list_services ;; write) write_settings ;; reset) reset_settings ;; *) print_help ;; esac alterator-net-iptables-1.11/data/000075500000000000000000000000001116664577100167435ustar00rootroot00000000000000alterator-net-iptables-1.11/data/alterator.desktop000064400000000000000000000003261116664577100223340ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Xorg Icon=secure Terminal=false Name=System management center (www) Name[ru]=Центр управления системой (www) X-Alterator-Port=tcp:8080 alterator-net-iptables-1.11/data/cups.desktop000064400000000000000000000002651116664577100213130ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Xorg Icon=secure Terminal=false Name=CUPS printing system Name[ru]=Система печати CUPS X-Alterator-Port=tcp:631 alterator-net-iptables-1.11/data/dhcp.desktop000064400000000000000000000002431116664577100212530ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Xorg Icon=secure Terminal=false Name=DHCP server Name[ru]=DHCP-сервер X-Alterator-Port=udp:67;udp:68 alterator-net-iptables-1.11/data/dns.desktop000064400000000000000000000002411116664577100211170ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Xorg Icon=secure Terminal=false Name=DNS server Name[ru]=DNS-сервер X-Alterator-Port=tcp:53;udp:53 alterator-net-iptables-1.11/data/ftp.desktop000064400000000000000000000003131116664577100211240ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Xorg Icon=secure Terminal=false Name=File transfer (FTP) Name[ru]=Передача файлов (FTP) X-Alterator-Port=tcp:20;udp:20;tcp:21;udp:21 alterator-net-iptables-1.11/data/icmp.desktop000064400000000000000000000002731116664577100212700ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Xorg Icon=secure Terminal=false Name=Service packets (ICMP) Name[ru]=Служебные пакеты (ICMP) X-Alterator-Port=icmp: alterator-net-iptables-1.11/data/imap.desktop000064400000000000000000000003371116664577100212670ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Xorg Icon=secure Terminal=false Name=Mail server (IMAP) Name[ru]=Почтовый сервер (IMAP) X-Alterator-Port=tcp:143;udp:143;tcp:220;udp:220;tcp:993;udp:993 alterator-net-iptables-1.11/data/ldap.desktop000064400000000000000000000002111116664577100212500ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Xorg Icon=secure Terminal=false Name=LDAP Name[ru]=LDAP X-Alterator-Port=tcp:389 alterator-net-iptables-1.11/data/pop3.desktop000064400000000000000000000003211116664577100212130ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Xorg Icon=secure Terminal=false Name=Mail server (POP3) Name[ru]=Почтовый сервер (POP3) X-Alterator-Port=tcp:110;udp:110;tcp:995;udp:995 alterator-net-iptables-1.11/data/proxy.desktop000064400000000000000000000002471116664577100215220ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Xorg Icon=secure Terminal=false Name=Proxy server Name[ru]=Прокси-сервер X-Alterator-Port=tcp:3128 alterator-net-iptables-1.11/data/samba.desktop000064400000000000000000000003611116664577100214210ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Xorg Icon=secure Terminal=false Name=File server (Samba) Name[ru]=Файловый сервер (Samba) X-Alterator-Port=tcp:137;udp:137;tcp:138;udp:138;tcp:139;udp:139;tcp:445;udp:445 alterator-net-iptables-1.11/data/smtp.desktop000064400000000000000000000003251116664577100213210ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Xorg Icon=secure Terminal=false Name=Mail server (SMTP) Name[ru]=Почтовый сервер (SMTP) X-Alterator-Port=tcp:25;udp:25;tcp:465;tcp:587;udp:587 alterator-net-iptables-1.11/data/snmp.desktop000064400000000000000000000003201116664577100213060ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Xorg Icon=secure Terminal=false Name=Network management (SNMP) Name[ru]=Управление сетью (SNMP) X-Alterator-Port=tcp:161;udp:161;udp:162 alterator-net-iptables-1.11/data/ssh.desktop000064400000000000000000000003011116664577100211250ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Xorg Icon=secure Terminal=false Name=Remote access (SSH) Name[ru]=Удалённый доступ (SSH) X-Alterator-Port=tcp:22;udp:22 alterator-net-iptables-1.11/data/telnet.desktop000064400000000000000000000003051116664577100216270ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Xorg Icon=secure Terminal=false Name=Remote access (telnet) Name[ru]=Удалённый доступ (telnet) X-Alterator-Port=tcp:23;udp:23 alterator-net-iptables-1.11/data/www.desktop000064400000000000000000000003131116664577100211570ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Xorg Icon=secure Terminal=false Name=Web server (HTTP/HTTPS) Name[ru]=Web-сервер (HTTP/HTTPS) X-Alterator-Port=tcp:80;udp:80;tcp:443;udp:443 alterator-net-iptables-1.11/data/zeroconf.desktop000064400000000000000000000002221116664577100221570ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Xorg Icon=secure Terminal=false Name=Zeroconf Name[ru]=Zeroconf X-Alterator-Port=udp:5353 alterator-net-iptables-1.11/help/000075500000000000000000000000001116664577100167625ustar00rootroot00000000000000alterator-net-iptables-1.11/help/ru_RU/000075500000000000000000000000001116664577100200165ustar00rootroot00000000000000alterator-net-iptables-1.11/help/ru_RU/net-iptables.html000064400000000000000000000072771116664577100233100ustar00rootroot00000000000000 Брандмауэр

Брандмауэр

Брандмауэр — специальное программное обеспечение, с помощью которого вы можете:

  • организовать выход компьютеров вашей сети в Интернет (либо другую подсеть) используя технологию NAT;
  • ограничить или разрешить сетевой доступ к службам компьютера.

Общие параметры

Включить брандмауэр

Глобальная настройка, включающая либо отключающая функции брандмауэра. При отключении все выставленные ниже установки не имеют силы.

Внимание! При включении брандмауэра доступ к службам по умолчанию закрыт в том числе и для службы "System management center (www)". Если необходимо сохранить возможность использовать Центр управления системой, соединяясь с ним по сети, то следует включить к нему доступ.

Разрешить транзитные пакеты (forwarding)
Если компьютер должен работать как шлюз (gateway), то необходимо выбрать данную опцию. Это позволит организовать совместный выход в Интернет для локальной сети, указанной в Включить трансляцию сетевых адресов (NAT)
Включить трансляцию сетевых адресов (NAT)
Указывается подсеть, для которой следует выполнять трансляцию сетевых адресов (NAT) и сетевой интерфейс, который связан с этой подсетью. Это позволит компьютерам указанной подсети соединяться с другими подсетями, например сетью Интернет, в случае, если сам шлюз имеет соответствующее подключение.

Разрешённые входящие соединения

Отметив либо сняв отметку, соответствующую определённой службе, можно включить либо отключить доступ к этой службе из сети. Особое внимание уделите службе "System management center (www)". Запретив доступ к ней, будет невозможно воспользоваться Центром управления системой по сети. Выпадающий список Интерфейс указывает имя интерфейса, по отношению. к которому настраиваются разрешения доступа.

alterator-net-iptables-1.11/po/000075500000000000000000000000001116664577100164505ustar00rootroot00000000000000alterator-net-iptables-1.11/po/alterator-net-iptables.pot000064400000000000000000000044441116664577100235640ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2008-12-05 15:35+0300\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #: стандартный ввод:1 msgid "Network firewall" msgstr "" #. #: стандартный ввод:1 ui/net-iptables/index.scm:52 msgid "General options" msgstr "" #: стандартный ввод:2 ui/net-iptables/index.scm:57 msgid "Enable firewall" msgstr "" #: стандартный ввод:3 ui/net-iptables/index.scm:63 msgid "Allow transit packets (forwarding)" msgstr "" #: стандартный ввод:4 ui/net-iptables/index.scm:70 msgid "Enable network address translation (NAT):" msgstr "" #: стандартный ввод:5 ui/net-iptables/index.scm:73 msgid "via:" msgstr "" #. #: стандартный ввод:6 ui/net-iptables/index.scm:80 msgid "Allowed incoming connections" msgstr "" #. #: стандартный ввод:7 ui/net-iptables/index.scm:83 msgid "Interface:" msgstr "" #: стандартный ввод:8 msgid "Select" msgstr "" #: стандартный ввод:9 ui/net-iptables/index.scm:98 msgid "Open extra TCP ports:" msgstr "" #: стандартный ввод:10 ввод:12 #: ui/net-iptables/index.scm:101 ui/net-iptables/index.scm:106 msgid "(numbers separated by commas or spaces)" msgstr "" #: стандартный ввод:11 ui/net-iptables/index.scm:103 msgid "Open extra UDP ports:" msgstr "" #: стандартный ввод:13 ui/net-iptables/index.scm:115 msgid "Apply" msgstr "" #: стандартный ввод:14 msgid "Reset" msgstr "" #: стандартный ввод:15 msgid "" "You are trying to close port for this configuration interface. Are you sure?" msgstr "" #: стандартный ввод:16 msgid "Yes" msgstr "" #: стандартный ввод:17 msgid "No" msgstr "" #: ui/net-iptables/index.scm:118 msgid "Restore default settings" msgstr "" alterator-net-iptables-1.11/po/pt_BR.po000064400000000000000000000051571116664577100200260ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # msgid "" msgstr "" "Project-Id-Version: Alterator\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2008-12-05 15:35+0300\n" "PO-Revision-Date: 2008-12-02 22:29-0300\n" "Last-Translator: Fernando Martini \n" "Language-Team: pt_BR \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-Language: Portuguese\n" "X-Poedit-Country: BRAZIL\n" "X-Poedit-SourceCharset: utf-8\n" "X-Poedit-Basepath: pt_BR\n" #: стандартный ввод:1 msgid "Network firewall" msgstr "Firewall de Rede" #. #: стандартный ввод:1 ui/net-iptables/index.scm:52 msgid "General options" msgstr "Opções Gerais" #: стандартный ввод:2 ui/net-iptables/index.scm:57 msgid "Enable firewall" msgstr "Habilitar Firewall" #: стандартный ввод:3 ui/net-iptables/index.scm:63 msgid "Allow transit packets (forwarding)" msgstr "Permitir envio de pacotes" #: стандартный ввод:4 ui/net-iptables/index.scm:70 msgid "Enable network address translation (NAT):" msgstr "Habilitar transição NAT:" #: стандартный ввод:5 ui/net-iptables/index.scm:73 msgid "via:" msgstr "voa:" #. #: стандартный ввод:6 ui/net-iptables/index.scm:80 msgid "Allowed incoming connections" msgstr "Conexões de Entrada" #. #: стандартный ввод:7 ui/net-iptables/index.scm:83 msgid "Interface:" msgstr "Interface:" #: стандартный ввод:8 msgid "Select" msgstr "Selecionar" #: стандартный ввод:9 ui/net-iptables/index.scm:98 msgid "Open extra TCP ports:" msgstr "" #: стандартный ввод:10 ввод:12 #: ui/net-iptables/index.scm:101 ui/net-iptables/index.scm:106 msgid "(numbers separated by commas or spaces)" msgstr "" #: стандартный ввод:11 ui/net-iptables/index.scm:103 msgid "Open extra UDP ports:" msgstr "" #: стандартный ввод:13 ui/net-iptables/index.scm:115 msgid "Apply" msgstr "Aplicar" #: стандартный ввод:14 msgid "Reset" msgstr "Resetar" #: стандартный ввод:15 msgid "" "You are trying to close port for this configuration interface. Are you sure?" msgstr "" #: стандартный ввод:16 msgid "Yes" msgstr "Sim" #: стандартный ввод:17 msgid "No" msgstr "Não" #: ui/net-iptables/index.scm:118 msgid "Restore default settings" msgstr "Predefinições restauradas" alterator-net-iptables-1.11/po/ru.po000064400000000000000000000063731116664577100174470ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Andrey Cherepanov , 2008. msgid "" msgstr "" "Project-Id-Version: ru\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2008-12-04 11:13+0300\n" "PO-Revision-Date: 2008-09-01 18:01+0400\n" "Last-Translator: Andrey Cherepanov \n" "Language-Team: Russian \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%" "10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" #: стандартный ввод:1 msgid "Network firewall" msgstr "Брандмауэр" #. #: стандартный ввод:1 ui/net-iptables/index.scm:52 msgid "General options" msgstr "Общие параметры" #: стандартный ввод:2 ui/net-iptables/index.scm:57 msgid "Enable firewall" msgstr "Включить брандмауэр" #: стандартный ввод:3 ui/net-iptables/index.scm:63 msgid "Allow transit packets (forwarding)" msgstr "Разрешить транзитные пакеты (forwarding)" #: стандартный ввод:4 ui/net-iptables/index.scm:70 msgid "Enable network address translation (NAT):" msgstr "Включить трансляцию сетевых адресов (NAT):" #: стандартный ввод:5 ui/net-iptables/index.scm:73 msgid "via:" msgstr "через:" #. #: стандартный ввод:6 ui/net-iptables/index.scm:80 msgid "Allowed incoming connections" msgstr "Разрешённые входящие соединения" #. #: стандартный ввод:7 ui/net-iptables/index.scm:83 msgid "Interface:" msgstr "Интерфейс:" #: стандартный ввод:8 msgid "Select" msgstr "Выбрать" #: стандартный ввод:9 ui/net-iptables/index.scm:98 msgid "Open extra TCP ports:" msgstr "Открыть дополнительные порты TCP:" #: стандартный ввод:10 ввод:12 #: ui/net-iptables/index.scm:101 ui/net-iptables/index.scm:106 msgid "(numbers separated by commas or spaces)" msgstr "(числа, разделенные запятыми или пробелами)" #: стандартный ввод:11 ui/net-iptables/index.scm:103 msgid "Open extra UDP ports:" msgstr "Открыть дополнительные порты UDP:" #: стандартный ввод:13 ui/net-iptables/index.scm:115 msgid "Apply" msgstr "Применить" #: стандартный ввод:14 msgid "Reset" msgstr "Вернуть" #: стандартный ввод:15 msgid "" "You are trying to close port for this configuration interface. Are you sure?" msgstr "Вы пытаетесь закрыть порт, через который работает данный конфигурационный интерфейс. Вы уверены в этом?" #: стандартный ввод:16 msgid "Yes" msgstr "Да" #: стандартный ввод:17 msgid "No" msgstr "Нет" #: ui/net-iptables/index.scm:118 msgid "Restore default settings" msgstr "Восстановить настройки по умолчанию" alterator-net-iptables-1.11/po/uk.po000064400000000000000000000055521116664577100174360ustar00rootroot00000000000000# This file is distributed under the same license as the PACKAGE package. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER. # Michael Shigorin , 2007. # Wad Mashckoff , 2007. # msgid "" msgstr "" "Project-Id-Version: uk\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2008-12-04 11:26+0300\n" "PO-Revision-Date: 2007-09-27 18:26+0400\n" "Last-Translator: Wad Mashckoff \n" "Language-Team: Ukrainian \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.10.1\n" #: стандартный ввод:1 msgid "Network firewall" msgstr "Мережевий екран" #. #: стандартный ввод:1 ui/net-iptables/index.scm:52 msgid "General options" msgstr "Загальні налаштування" #: стандартный ввод:2 ui/net-iptables/index.scm:57 msgid "Enable firewall" msgstr "Увімкнути екран" #: стандартный ввод:3 ui/net-iptables/index.scm:63 msgid "Allow transit packets (forwarding)" msgstr "Дозволяти транзитні пакети (форвардинг)" #: стандартный ввод:4 ui/net-iptables/index.scm:70 msgid "Enable network address translation (NAT):" msgstr "Увімкнути трансляцію мережевих адрес (NAT):" #: стандартный ввод:5 ui/net-iptables/index.scm:73 msgid "via:" msgstr "через:" #. #: стандартный ввод:6 ui/net-iptables/index.scm:80 msgid "Allowed incoming connections" msgstr "Дозволені з'єднання на вході" #. #: стандартный ввод:7 ui/net-iptables/index.scm:83 msgid "Interface:" msgstr "Інтерфейс:" #: стандартный ввод:8 msgid "Select" msgstr "Вибрати" #: стандартный ввод:9 ui/net-iptables/index.scm:98 msgid "Open extra TCP ports:" msgstr "" #: стандартный ввод:10 ввод:12 #: ui/net-iptables/index.scm:101 ui/net-iptables/index.scm:106 msgid "(numbers separated by commas or spaces)" msgstr "" #: стандартный ввод:11 ui/net-iptables/index.scm:103 msgid "Open extra UDP ports:" msgstr "" #: стандартный ввод:13 ui/net-iptables/index.scm:115 msgid "Apply" msgstr "Застосувати" #: стандартный ввод:14 msgid "Reset" msgstr "Скинути" #: стандартный ввод:15 msgid "" "You are trying to close port for this configuration interface. Are you sure?" msgstr "" #: стандартный ввод:16 msgid "Yes" msgstr "Так" #: стандартный ввод:17 msgid "No" msgstr "Ні" #: ui/net-iptables/index.scm:118 msgid "Restore default settings" msgstr "Повернути типові налаштування" #, fuzzy #~ msgid "(DNS name or IP address)" #~ msgstr "невірна IP-адреса" alterator-net-iptables-1.11/templates/000075500000000000000000000000001116664577100200305ustar00rootroot00000000000000alterator-net-iptables-1.11/templates/net-iptables/000075500000000000000000000000001116664577100224175ustar00rootroot00000000000000alterator-net-iptables-1.11/templates/net-iptables/index.html000064400000000000000000000031101116664577100244070ustar00rootroot00000000000000
Select forwarding mode:
Select external interfaces:

Allow incoming connections on external interfaces:
Services:
Extra TCP ports:
(separated by commas or spaces)
Extra UDP ports:
(separated by commas or spaces)
alterator-net-iptables-1.11/ui/000075500000000000000000000000001116664577100164475ustar00rootroot00000000000000alterator-net-iptables-1.11/ui/net-iptables/000075500000000000000000000000001116664577100210365ustar00rootroot00000000000000alterator-net-iptables-1.11/ui/net-iptables/index.scm000064400000000000000000000037461116664577100226630ustar00rootroot00000000000000(document:surround "/std/frame") ;;; Functions (define (read-from-backend) (woo-catch/message (lambda() (let ((data (woo-read-first "/net-iptables"))) (ifaces value (woo-get-option data 'external_ifaces)) (services value (woo-get-option data 'opened_services)) (tcp-ports value (woo-get-option data 'opened_tcp_ports)) (udp-ports value (woo-get-option data 'opened_udp_ports)) (gw state (string=? (woo-get-option data 'mode) "gateway")) (fw state (string=? (woo-get-option data 'mode) "router")) )))) (define (write-to-backend) (woo-catch/message (lambda() (woo-write "/net-iptables" 'mode (if (gw state) "gateway" "router") 'external_ifaces (ifaces value) 'opened_services (services value) 'opened_tcp_ports (tcp-ports value) 'opened_udp_ports (udp-ports value) )))) ;;; UI (gridbox columns "50;50" margin 20 (label text (_ "Select forwarding mode:") align "top" rowspan 2) (document:id fw (radio text (_ "router"))) (document:id gw (radio text (_ "gateway"))) (separator colspan 2) (label text (_ "Select external interfaces:")) (label text (_ "Allow incoming connections on external interfaces:") align "center") (document:id ifaces (checklistbox name "ifaces" enumref "net-iptables/ifaces") ) (gridbox columns "100" (label text (_ "Services:")) (document:id services (checklistbox name "service" enumref "net-iptables/services")) (label text (_ "Extra TCP ports:")) (document:id tcp-ports (edit name "tcp_ports")) (label text (_ "(separated by commas or spaces)")) (label) (label text (_ "Extra UDP ports:")) (document:id udp-ports (edit name "udp_ports")) (label text (_ "(separated by commas or spaces)")) ) ;; (label) (hbox align "center" (button text (_ "Apply") (when clicked (write-to-backend) (read-from-backend))) (label " ") (button text (_ "Reset") (when clicked (read-from-backend))) ) ) (document:root (when loaded (read-from-backend)))