def index():
"""the function returns the index page when the user is logged in"""
utils = Webutils()
if utils.check_login() is True:
return render_template('index.html',
vars=utils.get_default_payload("Home"))
return login("", None)
def ports_save():
"""the function saves the tcp and udp rules into the corresponding rulesfiles"""
utils = Webutils()
if utils.check_login() is True:
action = "add"
ruletype = "tcp"
port = ""
for key, value in request.form.items():
if key == "remove":
action = "remove"
ruletype = value
elif key == "tcpudp":
action = "add"
ruletype = value
elif key == "port":
port = str(value)
else:
port = str(key)
if action == "add":
add_port(port, ruletype)
else:
remove_port(port, ruletype)
return ports(True)
return login("", None)
def forwarding_save() -> str:
"""
TODO: Docu
"""
utils = Webutils()
if utils.check_login(request) is True:
action = "add"
ruletype = "tcp"
source_port = ""
dest_port = ""
for key, value in request.form.items():
if key == "remove":
action = "remove"
ruletype = value
elif key == "tcpudp":
action = "add"
ruletype = value
elif key == "source-port":
source_port = str(value)
elif key == "destination-port":
dest_port = str(value)
else:
if ":" in key:
ruletype = key.split(":")[0]
source_port = key.split(":")[1]
dest_port = key.split(":")[2]
if action == "add":
add_forwarding(source_port, dest_port, ruletype)
else:
remove_forwarding(source_port, dest_port, ruletype)
return forwarding(True)
return login()
def page_not_found(error: int) -> Union[str, Tuple[str, int]]:
"""the function returns the 404 error page when the user is logged in"""
utils = Webutils()
if utils.check_login(request) is True:
return render_template('404.html',
vars=utils.get_default_payload(
"404 Error", "error")), 404
return login()
def page_not_found(error):
"""the function returns the 404 error page when the user is logged in"""
utils = Webutils()
if utils.check_login() is True:
return render_template('404.html',
vars=utils.get_default_payload(
"404 Error", "error")), 404
return login("", None)
def logout():
"""the function removes the logged_in session variable if the user is logged in"""
utils = Webutils()
if utils.check_login() is True:
session['logged_in'] = False
return redirect("/")
else:
return login("", None)
def options(saved=False):
"""the function returns the options page when the user is logged in"""
utils = Webutils()
if utils.check_login() is True:
payload = utils.get_default_payload("Options")
payload.config = utils.cfg
payload.saved = saved
return render_template('options.html', vars=payload)
return login("", None)
def page_not_found(error: str) -> Union[str, Tuple[str, int]]:
"""the function returns the 404 error page when the user is logged in"""
utils = Webutils()
if utils.check_login(request) is True:
payload = utils.get_default_payload("404 Error", "error")
payload.error_code = 404
payload.error_desc = error
return render_template('error.html', vars=payload), 404
return login()
def custom_save():
"""the function saves the custom rules into the corresponding rulesfile"""
utils = Webutils()
if utils.check_login() is True:
for key, value in request.form.items():
key = str(key) + "" # just for ignoring the warning
rulelist = value.split("\n")
utils.save_rule_list("custom", rulelist)
return custom(True)
return login("", None)
def custom(saved=False):
"""the function returns the custom rules page when the user is logged in"""
utils = Webutils()
if utils.check_login() is True:
payload = utils.get_default_payload("Custom")
payload.rules = utils.get_rule_list("custom")
payload.custom = utils.get_rule_status("custom") == "custom"
payload.saved = saved
return render_template('custom.html', vars=payload)
return login("", None)
def logout() -> str:
"""
the function removes the logged_in session variable if the user is logged in
"""
utils = Webutils()
if utils.check_login(request) is True:
session['logged_in'] = False
return login("You have been logged off successfully.", "success")
else:
return login()
def whitelist(saved=False):
"""the function returns the whitelist page when the user is logged in"""
utils = Webutils()
rules = RulesHandler()
if utils.check_login() is True:
payload = utils.get_default_payload("Whitelist")
payload.addresses = rules.get_rules_for_web("whitelist")
payload.custom = rules.diff_new_current("whitelist")
payload.saved = saved
return render_template('whitelist.html', vars=payload)
return login("", None)
def apply(saved=False, step=1):
"""the function returns the apply page when the user is logged in"""
utils = Webutils()
if utils.check_login() is True:
payload = utils.get_default_payload("Apply")
payload.saved = saved
payload.step = step
payload.lastapplied = utils.get_last_accept_time()
payload.running = utils.check_acceptance_running()
payload.accepttime = utils.cfg.get_value("ACCEPTANCE", "time")
return render_template(
'apply.html', vars=payload)
return login("", None)
def ports(saved=False):
"""the function returns the ports page when the user is logged in"""
utils = Webutils()
if utils.check_login() is True:
payload = utils.get_default_payload("Ports")
payload.tcp = utils.get_rule_list("tcp")
payload.udp = utils.get_rule_list("udp")
payload.custom = False
if utils.get_rule_status("tcp") == "custom" or utils.get_rule_status(
"udp") == "custom":
payload.custom = True
payload.saved = saved
return render_template('ports.html', vars=payload)
return login("", None)
def apply_save():
"""the function applies the configuration and copies the rules to easywall core"""
utils = Webutils()
step = 0
if utils.check_login() is True:
for key, value in request.form.items():
if key == "step_1":
apply_step_one()
step = 2
if key == "step_2":
apply_step_two()
step = 3
return apply(True, step)
return login("", None)
def ports(saved=False):
"""the function returns the ports page when the user is logged in"""
utils = Webutils()
rules = RulesHandler()
if utils.check_login() is True:
payload = utils.get_default_payload("Ports")
payload.tcp = rules.get_rules_for_web("tcp")
payload.udp = rules.get_rules_for_web("udp")
payload.custom = False
if rules.diff_new_current("tcp") is True or rules.diff_new_current(
"udp") is True:
payload.custom = True
payload.saved = saved
return render_template('ports.html', vars=payload)
return login("", None)
def options_save():
"""
the function saves the options from a section using the config class
for example the Enabled flag in the IPv6 section is saved to the config file
"""
utils = Webutils()
if utils.check_login() is True:
section = request.form['section']
for key, value in request.form.items():
if key != "section":
if key.startswith("checkbox"):
value = correct_value_checkbox(key)
if value != "on":
utils.cfg.set_value(section, key, value)
return options(True)
return login("", None)
def options_save() -> str:
"""
the function saves the options from a section using the config class
for example the Enabled flag in the IPv6 section is saved to the config file
"""
utils = Webutils()
if utils.check_login(request) is True:
section = request.form['section']
cfgtype = request.form['cfgtype']
password1 = ""
password2 = ""
for key, value in request.form.items():
if key != "section" and key != "cfgtype":
if key.startswith("checkbox"):
key = key.replace("checkbox_", "")
value = correct_value_checkbox(key)
if key.startswith("password1"):
password1 = value
if key.startswith("password2"):
password2 = value
if value != "on" and not key.startswith("password"):
if cfgtype == "easywall":
utils.cfg_easywall.set_value(section, key, value)
elif cfgtype == "web":
utils.cfg.set_value(section, key, value)
else:
return options(
saved=False,
error=
"The configuration could not be saved due to invalid parameters."
)
if password1 and password2:
if password1 == password2:
hostname = node().encode("utf-8")
salt = sha512(hostname).hexdigest()
pw_hash = sha512(str(salt +
password1).encode("utf-8")).hexdigest()
utils.cfg.set_value("WEB", "password", pw_hash)
else:
return options(
saved=False,
error="The entered passwords are not identical.")
return options(saved=True)
return login()
def options(saved: bool = False, error: str = "") -> str:
"""the function returns the options page when the user is logged in"""
utils = Webutils()
if utils.check_login(request) is True:
payload = utils.get_default_payload("Options")
payload.lead = """
On this page you can configure easywall.<br />
All entries from the configuration files for the core
and the web interface are available.<br />
Some entries require a restart of the respective program part.
"""
payload.config = utils.cfg_easywall
payload.config_web = utils.cfg
payload.saved = saved
payload.error = error
return render_template('options.html', vars=payload)
return login()
def blacklist(saved: bool = False) -> str:
"""the function returns the blacklist page when the user is logged in"""
utils = Webutils()
rules = RulesHandler()
if utils.check_login(request) is True:
payload = utils.get_default_payload("Blacklist")
payload.lead = """
On this page you can list IP addresses that are not allowed to connect to this machine.
<br />
Please check the IP addresses carefully, as they are not checked by easywall.<br />
You can add IPv4 and IPv6 addresses to the list.
"""
payload.addresses = rules.get_rules_for_web("blacklist")
payload.custom = rules.diff_new_current("blacklist")
payload.saved = saved
return render_template('blacklist.html', vars=payload)
return login()
def custom(saved: bool = False) -> str:
"""the function returns the custom rules page when the user is logged in"""
utils = Webutils()
rules = RulesHandler()
if utils.check_login(request) is True:
payload = utils.get_default_payload("Custom")
payload.lead = """
On this page you can add your own firewall rules.<br />
Please check the rules for accuracy, as these are not tested by easywall.<br />
<br />
To add your own rule, simply copy the rule into the text box. One rule per line.<br />
It is important to omit the iptables command.<br />
Example: <code>-P FORWARD DROP</code>
"""
payload.rules = rules.get_rules_for_web("custom")
payload.custom = rules.diff_new_current("custom")
payload.saved = saved
return render_template('custom.html', vars=payload)
return login()
def apply(saved: bool = False, step: int = 1) -> str:
"""
the function returns the apply page when the user is logged in
"""
utils = Webutils()
if utils.check_login(request) is True:
payload = utils.get_default_payload("Apply")
payload.lead = """
The defined firewall rules were not automatically activated for security reasons.<br>
On this page, you can safely apply the defined rules.<br>
The activation takes place in two steps and an exclusion from the server
should be prevented.
"""
payload.saved = saved
payload.step = step
payload.lastapplied = utils.get_last_accept_time()
payload.running = step > 1
payload.accepttime = str(
utils.cfg_easywall.get_value("ACCEPTANCE", "duration"))
return render_template('apply.html', vars=payload)
return login()
def forwarding(saved: bool = False) -> str:
"""
TODO: Docu
"""
utils = Webutils()
rules = RulesHandler()
if utils.check_login(request):
payload = utils.get_default_payload("Port Forwarding")
payload.lead = """
This page allows you to forward ports from the local system to ports on the
Internet.<br />
This is especially useful if the port of an application cannot be changed.<br />
Enter the port type, source and destination.<br />
You do not have to release the public port separately, easywall will do that for you.
"""
payload.forwardings = rules.get_rules_for_web("forwarding")
payload.custom = False
if rules.diff_new_current("forwarding"):
payload.custom = True
payload.saved = saved
return render_template('forwarding.html', vars=payload)
return login()
def blacklist_save():
"""
the function saves the blacklist rules into the corresponding rulesfile
"""
utils = Webutils()
if utils.check_login() is True:
ipaddress = ""
rulelist = utils.get_rule_list("blacklist")
for key, value in request.form.items():
if key == "ipadr":
# then a new ip address is blacklisted
ipaddress = value
rulelist.append(ipaddress)
utils.save_rule_list("blacklist", rulelist)
else:
# then a old ip address is removed
ipaddress = key
rulelist.remove(ipaddress)
utils.save_rule_list("blacklist", rulelist)
return blacklist(True)
return login("", None)
def ports(saved: bool = False) -> str:
"""the function returns the ports page when the user is logged in"""
utils = Webutils()
rules = RulesHandler()
if utils.check_login(request) is True:
payload = utils.get_default_payload("Open Ports")
payload.lead = """
On this page you can open ports for incoming connections.<br />
You can add tcp and udp ports.<br />
Please check whether the entries in the list are needed in the future and
remove old entries if they are no longer needed.<br />
To list all open ports under Linux use the command <code>netstat -ln</code>
"""
payload.tcp = natsorted(rules.get_rules_for_web("tcp"))
payload.udp = natsorted(rules.get_rules_for_web("udp"))
payload.custom = False
if rules.diff_new_current("tcp") is True or rules.diff_new_current(
"udp") is True:
payload.custom = True
payload.saved = saved
return render_template('ports.html', vars=payload)
return login()
def whitelist_save():
"""
the function saves the whitelist rules into the corresponding rulesfile
"""
utils = Webutils()
rules = RulesHandler()
if utils.check_login() is True:
ipaddress = ""
rulelist = rules.get_rules_for_web("whitelist")
for key, value in request.form.items():
if key == "ipadr":
# then a new ip address is whitelisted
ipaddress = value
rulelist.append(ipaddress)
rules.save_new_rules("whitelist", rulelist)
else:
# then a old ip address is removed
ipaddress = key
rulelist.remove(ipaddress)
rules.save_new_rules("whitelist", rulelist)
return whitelist(True)
return login("", None)