[ Avaa Bypassed ]




Upload:

Command:

www-data@3.15.7.195: ~ $
#!/usr/bin/perl
# setup.cgi
# Setup an initial save file

require './firewall-lib.pl';
require './firewall6-lib.pl';
&ReadParse();
$access{'setup'} || &error($text{'setup_ecannot'});

&lock_file($ip6tables_save_file);
if ($in{'reset'}) {
	# Clear out all rules
	foreach $t ("filter", "nat", "mangle") {
		&system_logged("ip6tables -t $t -P INPUT ACCEPT >/dev/null 2>&1");
		&system_logged("ip6tables -t $t -P OUTPUT ACCEPT >/dev/null 2>&1");
		&system_logged("ip6tables -t $t -P FORWARD ACCEPT >/dev/null 2>&1");
		&system_logged("ip6tables -t $t -P PREROUTING ACCEPT >/dev/null 2>&1");
		&system_logged("ip6tables -t $t -P POSTROUTING ACCEPT >/dev/null 2>&1");
		&system_logged("ip6tables -t $t -F >/dev/null 2>&1");
		&system_logged("ip6tables -t $t -X >/dev/null 2>&1");
		}
	}

# Save all existing active rules
if (defined(&unapply_ip6tables)) {
	&unapply_ip6tables();
	}
else {
	&backquote_logged("ip6tables-save >$ip6tables_save_file 2>&1");
	}

# Get important variable ports
&get_miniserv_config(\%miniserv);
$webmin_port = $miniserv{'port'} || 10000;
$webmin_port2 = $webmin_port + 10;
$usermin_port = undef;
if (&foreign_installed("usermin")) {
	&foreign_require("usermin", "usermin-lib.pl");
	&usermin::get_usermin_miniserv_config(\%uminiserv);
	$usermin_port = $uminiserv{'port'};
	}
$usermin_port ||= 20000;
$ssh_port = undef;
if (&foreign_installed("sshd")) {
	&foreign_require("sshd", "sshd-lib.pl");
	$conf = &sshd::get_sshd_config();
	$ssh_port = &sshd::find_value("Port", $conf);
	}
$ssh_port ||= 22;

if ($in{'auto'}) {
	@tables = &get_iptables_save();
	if ($in{'auto'} == 1) {
		# Add a single rule to the nat table for masquerading
		$iface = $in{'iface1'} eq 'other' ? $in{'iface1_other'}
						  : $in{'iface1'};
		$iface || &error($text{'setup_eiface'});
		($table) = grep { $_->{'name'} eq 'nat' } @tables;
		$table ||= { 'name' => 'nat',
			     'rules' => [ ],
			     'defaults' => { } };
		push(@{$table->{'rules'}},
		     	{ 'chain' => 'POSTROUTING',
			  'o' => [ "", $iface ],
			  'j' => [ "", 'MASQUERADE' ] } );
		}
	elsif ($in{'auto'} >= 2) {
		# Block all incoming traffic, except for established
		# connections, DNS replies and safe ICMP types
		# In mode 3 allow ssh and ident too
		# In mode 4 allow ftp, echo-request and high ports too
		$iface = $in{'iface'.$in{'auto'}} eq 'other' ?
				 $in{'iface'.$in{'auto'}.'_other'} :
				 $in{'iface'.$in{'auto'}};
		$iface || &error($text{'setup_eiface'});
		($table) = grep { $_->{'name'} eq 'filter' } @tables;
		$table ||= { 'name' => 'nat',
			     'rules' => [ ],
			     'defaults' => { } };
		$table->{'defaults'}->{'INPUT'} = 'DROP';
		push(@{$table->{'rules'}},
		     { 'chain' => 'INPUT',
		       'i' => [ "!", $iface ],
		       'j' => [ "", 'ACCEPT' ],
		       'cmt' => 'Accept traffic from internal interfaces' },
		     { 'chain' => 'INPUT',
		       'm' => [ [ "", "tcp" ] ],
		       'p' => [ "", "tcp" ],
		       'tcp-flags' => [ "", "ACK", "ACK" ],
		       'j' => [ "", 'ACCEPT' ],
		       'cmt' => 'Accept traffic with the ACK flag set' },
		     { 'chain' => 'INPUT',
		       'm' => [ [ "", "state" ] ],
		       'state' => [ "", "ESTABLISHED" ],
		       'j' => [ "", 'ACCEPT' ],
		       'cmt' => 'Allow incoming data that is part of a connection we established' },
		     { 'chain' => 'INPUT',
		       'm' => [ [ "", "state" ] ],
		       'state' => [ "", "RELATED" ],
		       'j' => [ "", 'ACCEPT' ],
		       'cmt' => 'Allow data that is related to existing connections' },
		     { 'chain' => 'INPUT',
		       'm' => [ [ "", "udp" ] ],
		       'p' => [ "", "udp" ],
		       'sport' => [ "", 53 ],
		       'dport' => [ "", "1024:65535" ],
		       'j' => [ "", 'ACCEPT' ],
		       'cmt' => 'Accept responses to DNS queries' },
			);
		if ($in{'auto'} >= 3) {
			# Allow ssh and ident
			push(@{$table->{'rules'}},
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", $ssh_port ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to our SSH server' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", "auth" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to our IDENT server'}
				);
			}
		if ($in{'auto'} >= 4) {
			# Allow pings
			push(@{$table->{'rules'}},
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "icmpv6" ] ],
			       'p' => [ [ "", "icmpv6" ] ],
			       'icmpv6-type' => [ "", "echo-request" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Respond to pings' }, );
			}
		if ($in{'auto'} == 4) {
			# Allow pings and most high ports
			push(@{$table->{'rules'}},
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", "2049:2050" ],
			       'j' => [ "", 'DROP' ],
			       'cmt' => 'Protect our NFS server' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", "6000:6063" ],
			       'j' => [ "", 'DROP' ],
			       'cmt' => 'Protect our X11 display server' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", "7000:7010" ],
			       'j' => [ "", 'DROP' ],
			       'cmt' => 'Protect our X font server' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", "1024:65535" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to unprivileged ports' },
				);
			}
		if ($in{'auto'} == 5) {
			# Allow typical hosting server ports
			push(@{$table->{'rules'}},
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", "53" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow DNS zone transfers' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "udp" ] ],
			       'p' => [ "", "udp" ],
			       'dport' => [ "", "53" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow DNS queries' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", "80" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to webserver' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", "443" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow SSL connections to webserver' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ], [ "", "multiport" ] ],
			       'p' => [ "", "tcp" ],
			       'dports' => [ "", "25,587" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to mail server' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", "20:21" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to FTP server' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ], [ "", "multiport" ] ],
			       'p' => [ "", "tcp" ],
			       'dports' => [ "", "110,995" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to POP3 server' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ], [ "", "multiport" ] ],
			       'p' => [ "", "tcp" ],
			       'dports' => [ "", "143,220,993" ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to IMAP server' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "",$webmin_port.":".$webmin_port2 ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to Webmin' },
			     { 'chain' => 'INPUT',
			       'm' => [ [ "", "tcp" ] ],
			       'p' => [ "", "tcp" ],
			       'dport' => [ "", $usermin_port ],
			       'j' => [ "", 'ACCEPT' ],
			       'cmt' => 'Allow connections to Usermin' },
				);
			}
		}
	&run_before_command();
	&save_table($table);
	&run_after_command();
	&copy_to_cluster();
	}

if ($in{'atboot'}) {
	&create_firewall_init();
	}
&unlock_file($ip6tables_save_file);

&webmin_log("setup");
&redirect("");



Filemanager

Name Type Size Permission Actions
help Folder 0755
images Folder 0755
lang Folder 0755
acl_security.pl File 1.02 KB 0755
apply.cgi File 512 B 0755
backup_config.pl File 649 B 0755
bootup.cgi File 600 B 0755
cgi_args.pl File 430 B 0755
cluster.cgi File 2.08 KB 0755
cluster_add.cgi File 2.19 KB 0755
cluster_delete.cgi File 651 B 0755
coherent-linux-lib.pl File 1.54 KB 0755
config File 83 B 0644
config.info File 1.23 KB 0644
config.info.ca File 1.5 KB 0644
config.info.cs File 982 B 0644
config.info.de File 1.42 KB 0644
config.info.fr File 1.63 KB 0644
config.info.ja File 421 B 0644
config.info.nl File 976 B 0644
config.info.no File 968 B 0644
config.info.pl File 1012 B 0644
config.info.pt_BR File 983 B 0644
config.info.ru File 1.31 KB 0644
config.info.sk File 989 B 0644
config.info.tr File 827 B 0644
convert.cgi File 756 B 0755
debian-linux-lib.pl File 4.69 KB 0755
defaultacl File 100 B 0644
edit_rule.cgi File 14.88 KB 0755
firewall-lib.pl File 17.32 KB 0755
firewall4-lib.pl File 1.82 KB 0755
firewall6-lib.pl File 1.76 KB 0755
gentoo-linux-lib.pl File 722 B 0755
index.cgi File 16.42 KB 0755
install_check.pl File 841 B 0755
log_parser.pl File 835 B 0755
mandrake-linux-lib.pl File 1.69 KB 0755
module.info File 238 B 0644
module.info.af File 0 B 0644
module.info.af.auto File 182 B 0644
module.info.ar File 0 B 0644
module.info.ar.auto File 254 B 0644
module.info.be File 0 B 0644
module.info.be.auto File 278 B 0644
module.info.bg File 0 B 0644
module.info.bg.auto File 299 B 0644
module.info.ca File 155 B 0644
module.info.ca.auto File 18 B 0644
module.info.cs File 0 B 0644
module.info.cs.auto File 194 B 0644
module.info.da File 0 B 0644
module.info.da.auto File 183 B 0644
module.info.de File 161 B 0644
module.info.de.auto File 18 B 0644
module.info.el File 0 B 0644
module.info.el.auto File 346 B 0644
module.info.es File 0 B 0644
module.info.es.auto File 185 B 0644
module.info.eu File 0 B 0644
module.info.eu.auto File 167 B 0644
module.info.fa File 0 B 0644
module.info.fa.auto File 268 B 0644
module.info.fi File 0 B 0644
module.info.fi.auto File 186 B 0644
module.info.fr File 0 B 0644
module.info.fr.auto File 180 B 0644
module.info.he File 0 B 0644
module.info.he.auto File 251 B 0644
module.info.hr File 0 B 0644
module.info.hr.auto File 173 B 0644
module.info.hu File 0 B 0644
module.info.hu.auto File 201 B 0644
module.info.it File 0 B 0644
module.info.it.auto File 174 B 0644
module.info.ja File 0 B 0644
module.info.ja.auto File 263 B 0644
module.info.ko File 0 B 0644
module.info.ko.auto File 206 B 0644
module.info.lt File 0 B 0644
module.info.lt.auto File 209 B 0644
module.info.lv File 0 B 0644
module.info.lv.auto File 180 B 0644
module.info.ms File 0 B 0644
module.info.ms.auto File 176 B 0644
module.info.mt File 0 B 0644
module.info.mt.auto File 192 B 0644
module.info.nl File 0 B 0644
module.info.nl.auto File 186 B 0644
module.info.no File 0 B 0644
module.info.no.auto File 176 B 0644
module.info.pl File 0 B 0644
module.info.pl.auto File 197 B 0644
module.info.pt File 0 B 0644
module.info.pt.auto File 172 B 0644
module.info.pt_BR File 0 B 0644
module.info.pt_BR.auto File 181 B 0644
module.info.ro File 0 B 0644
module.info.ro.auto File 186 B 0644
module.info.ru File 0 B 0644
module.info.ru.auto File 250 B 0644
module.info.sk File 0 B 0644
module.info.sk.auto File 203 B 0644
module.info.sl File 0 B 0644
module.info.sl.auto File 182 B 0644
module.info.sv File 0 B 0644
module.info.sv.auto File 177 B 0644
module.info.th File 0 B 0644
module.info.th.auto File 275 B 0644
module.info.tr File 0 B 0644
module.info.tr.auto File 222 B 0644
module.info.uk File 0 B 0644
module.info.uk.auto File 291 B 0644
module.info.ur File 0 B 0644
module.info.ur.auto File 306 B 0644
module.info.vi File 0 B 0644
module.info.vi.auto File 205 B 0644
module.info.zh File 0 B 0644
module.info.zh.auto File 146 B 0644
module.info.zh_TW File 0 B 0644
module.info.zh_TW.auto File 155 B 0644
move.cgi File 1.29 KB 0755
newchain.cgi File 898 B 0755
open-ports.pl File 3.4 KB 0755
prefs.info File 55 B 0644
redhat-linux-lib.pl File 2.14 KB 0755
save_policy.cgi File 7.15 KB 0755
save_rule.cgi File 12.4 KB 0755
save_rule6.cgi File 12.05 KB 0755
setup.cgi File 9.37 KB 0755
setup6.cgi File 8.12 KB 0755
trustix-linux-lib.pl File 2.14 KB 0755
unapply.cgi File 609 B 0755