From 1f2bc0676beae8672512edc37fff46a5e76b02a2 Mon Sep 17 00:00:00 2001
From: Alexander Poslavsky <alexander.poslavsky@gmail.com>
Date: Fri, 2 Nov 2007 09:24:00 +0000
Subject: trying to get shorewall to install+status indicator

git-svn-id: svn://svn.alpinelinux.org/acf/shorewall/trunk@251 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 Makefile                   |   7 ++-
 cfgfile/firewall.cfg       |  44 -----------------
 config.mk                  |  11 +++++
 firewall.cfg               |  44 +++++++++++++++++
 shorewall-controller.lua   | 117 +++++++++++++++++++++++++++++++++++++++++++++
 shorewall-html.lsp         |  41 ++++++++++++++++
 shorewall-read-html.lsp    |  27 +++++++++++
 shorewall-restart-html.lsp |  71 +++++++++++++++++++++++++++
 shorewall-start-html.lsp   |  71 +++++++++++++++++++++++++++
 shorewall-stop-html.lsp    |  71 +++++++++++++++++++++++++++
 shorewall.menu             |   2 +
 11 files changed, 460 insertions(+), 46 deletions(-)
 delete mode 100644 cfgfile/firewall.cfg
 create mode 100644 config.mk
 create mode 100644 firewall.cfg
 create mode 100644 shorewall-controller.lua
 create mode 100644 shorewall-html.lsp
 create mode 100644 shorewall-read-html.lsp
 create mode 100644 shorewall-restart-html.lsp
 create mode 100644 shorewall-start-html.lsp
 create mode 100644 shorewall-stop-html.lsp
 create mode 100644 shorewall.menu

diff --git a/Makefile b/Makefile
index 01a86ba..b63a039 100644
--- a/Makefile
+++ b/Makefile
@@ -6,8 +6,10 @@ APP_DIST=\
 	shorewall-controller.lua \
 	shorewall-html.lsp \
 	shorewall-read-html.lsp \
-	shorewall.menu \
-	cfgfile/firewall.cfg
+	shorewall.menu 
+
+APP_CFG=\
+	firewall.cfg
 
 EXTRA_DIST=Makefile config.mk
 
@@ -28,6 +30,7 @@ dist: $(tarball)
 install:
 	mkdir -p "$(install_dir)"
 	cp -a $(APP_DIST) "$(install_dir)"
+	cp -a $(APP_CFG) "$(cfgdir)"
 
 $(tarball):	$(DISTFILES)
 	rm -rf $(P)
diff --git a/cfgfile/firewall.cfg b/cfgfile/firewall.cfg
deleted file mode 100644
index 0a143d4..0000000
--- a/cfgfile/firewall.cfg
+++ /dev/null
@@ -1,44 +0,0 @@
--- /* vim: set filetype=lua : */
-{ app="firewall", section="general",
-  name="params", filename="/etc/shorewall/params",
-  descr="Define variables used in the other configuration files." },
-{ app="firewall", section="general",
-  name="shorewall", filename="/etc/shorewall/shorewall.conf",
-  descr="Modify global configuration settings." },
-{ app="firewall", section="firewalling",
-  name="zones", filename="/etc/shorewall/zones",
-  descr="Name network partitions. Firewall rules are applied to defined zones." },
-{ app="firewall", section="firewalling",
-  name="interfaces", filename="/etc/shorewall/interfaces",
-  descr="Map physical interfaces to named zones." },
-{ app="firewall", section="firewalling",
-  name="hosts", filename="/etc/shorewall/hosts",
-  descr="Name specific hosts within zones." },
-{ app="firewall", section="firewalling",
-  name="policy", filename="/etc/shorewall/policy",
-  descr="Set default rules (policies) for zones." },
-{ app="firewall", section="firewalling",
-  name="rules", filename="/etc/shorewall/rules",
-  descr="Define exceptions to policies." },
-{ app="firewall", section="firewalling",
-  name="routestopped", filename="/etc/shorewall/routestopped",
-  descr="Define hosts that can access this host when the firewall is \"stopped\"" },
-{ app="firewall", section="firewalling",
-  name="tunnels", filename="/etc/shorewall/tunnels",
-  descr="Specify ipsec tunnel endpoints" },
-{ app="firewall", section="firewalling",
-  name="blacklist", filename="/etc/shorewall/blacklist",
-  descr="List ip addresses or names that should be denied all access to the firewall." },
-{ app="firewall", section="nat",
-  name="masq", filename="/etc/shorewall/masq",
-  descr="Define dynamic Masquerading or DNAT tables" },
-{ app="firewall", section="nat",
-  name="nat", filename="/etc/shorewall/nat",
-  descr="Define static Network Address Translation table" },
-{ app="firewall", section="qos",
-  name="tos", filename="/etc/shorewall/tos",
-  descr="Specify type of service markers for packets traversing the firewall." },
-{ app="firewall", section="qos",
-  name="tcrules", filename="/etc/shorewall/tcrules",
-  descr="Define traffic control rules." },
-
diff --git a/config.mk b/config.mk
new file mode 100644
index 0000000..f67accc
--- /dev/null
+++ b/config.mk
@@ -0,0 +1,11 @@
+prefix=/usr
+datadir=${prefix}/share
+sysconfdir=${prefix}/etc
+localstatedir=${prefix}/var
+acfdir=${datadir}/acf
+wwwdir=${acfdir}/www
+cgibindir=${acfdir}/cgi-bin
+appdir=${acfdir}/app
+cfgdir=${appdir}/cfgfile
+acflibdir=${acfdir}/lib
+sessionsdir=${localstatedir}/lib/acf/sessions
diff --git a/firewall.cfg b/firewall.cfg
new file mode 100644
index 0000000..0a143d4
--- /dev/null
+++ b/firewall.cfg
@@ -0,0 +1,44 @@
+-- /* vim: set filetype=lua : */
+{ app="firewall", section="general",
+  name="params", filename="/etc/shorewall/params",
+  descr="Define variables used in the other configuration files." },
+{ app="firewall", section="general",
+  name="shorewall", filename="/etc/shorewall/shorewall.conf",
+  descr="Modify global configuration settings." },
+{ app="firewall", section="firewalling",
+  name="zones", filename="/etc/shorewall/zones",
+  descr="Name network partitions. Firewall rules are applied to defined zones." },
+{ app="firewall", section="firewalling",
+  name="interfaces", filename="/etc/shorewall/interfaces",
+  descr="Map physical interfaces to named zones." },
+{ app="firewall", section="firewalling",
+  name="hosts", filename="/etc/shorewall/hosts",
+  descr="Name specific hosts within zones." },
+{ app="firewall", section="firewalling",
+  name="policy", filename="/etc/shorewall/policy",
+  descr="Set default rules (policies) for zones." },
+{ app="firewall", section="firewalling",
+  name="rules", filename="/etc/shorewall/rules",
+  descr="Define exceptions to policies." },
+{ app="firewall", section="firewalling",
+  name="routestopped", filename="/etc/shorewall/routestopped",
+  descr="Define hosts that can access this host when the firewall is \"stopped\"" },
+{ app="firewall", section="firewalling",
+  name="tunnels", filename="/etc/shorewall/tunnels",
+  descr="Specify ipsec tunnel endpoints" },
+{ app="firewall", section="firewalling",
+  name="blacklist", filename="/etc/shorewall/blacklist",
+  descr="List ip addresses or names that should be denied all access to the firewall." },
+{ app="firewall", section="nat",
+  name="masq", filename="/etc/shorewall/masq",
+  descr="Define dynamic Masquerading or DNAT tables" },
+{ app="firewall", section="nat",
+  name="nat", filename="/etc/shorewall/nat",
+  descr="Define static Network Address Translation table" },
+{ app="firewall", section="qos",
+  name="tos", filename="/etc/shorewall/tos",
+  descr="Specify type of service markers for packets traversing the firewall." },
+{ app="firewall", section="qos",
+  name="tcrules", filename="/etc/shorewall/tcrules",
+  descr="Define traffic control rules." },
+
diff --git a/shorewall-controller.lua b/shorewall-controller.lua
new file mode 100644
index 0000000..1c87fbe
--- /dev/null
+++ b/shorewall-controller.lua
@@ -0,0 +1,117 @@
+module(..., package.seeall)
+
+local list_redir = function(self)
+    self.conf.action = "read"
+    self.conf.type = "redir"
+    error(self.conf)
+end
+
+mvc={}
+mvc.on_load = function(self, parent)
+    --TODO: This needs to be looked at 
+    --there has to be cute, standard way of loading models into controller
+    self.cfgfile = self:soft_require("cfgfile-model")
+    setmetatable(self.cfgfile, self.cfgfile)
+    self.cfgfile.__index = self.worker
+    self.service = self:soft_require("service-model")
+    setmetatable(self.service, self.service)
+    self.service.__index = self.worker
+    if (self.worker[self.conf.action] == nil) or (self.conf.action == "init") then
+        self.worker[self.conf.action] = list_redir(self)
+    end
+end
+
+-- Public methods
+-- <prefix>/hostname/get
+
+local function getNotes(self)
+    ret = {}
+    for k,v in pairs(self.cfgfile:list(nil)) do
+        if v.status then
+	    ret[#ret + 1] = {
+		content = "There are some configuration changes. Please do not forget to save."
+	    }
+	    break
+	end
+    end
+    return ret
+end
+
+read = function(self)
+    return {
+        list=self.cfgfile:list(function(x) return x.app == "firewall" end),
+        script=ENV["SCRIPT_NAME"],
+        prefix=self.conf.prefix,
+        controller=self.conf.controller,
+        action="update",
+	note=getNotes(self),
+   }
+end
+
+update = function(self)
+    local id = tonumber(self.clientdata.id) or -1
+    local result
+    local data
+
+    result, data = self.cfgfile:get(id)
+    if not result then return list_redir(self) end
+
+    if self.clientdata.cmd then
+        for k,v in pairs (data) do
+            if self.clientdata[k] then 
+                data[k].value = self.clientdata[k]
+            end
+        end
+        result, data = self.cfgfile:set(id, data)
+	if result then return list_redir(self) end
+    end
+                
+    data.cmd = cfe { type="action", value="save", label="action" }
+    return cfe{ type="form", 
+        option={ script=ENV["SCRIPT_NAME"],
+            prefix=self.conf.prefix,
+            controller = self.conf.controller,
+            action = "update",
+            extra = ""},
+        value = data}
+end
+
+local function service(self, action)
+    local id = tonumber(self.clientdata.id) or -1
+    local svc = self.service:list("firewall")
+    local ret = {
+        script=ENV["SCRIPT_NAME"],
+        prefix=self.conf.prefix,
+        controller = self.conf.controller,
+        action={},
+	title="Firewall",
+	text={},
+	active={ id=id }
+    }
+    for i,s in pairs(svc) do
+        for i,a in ipairs(s.actions) do
+	    ret.action[#ret.action + 1] = {
+                name = a,
+		section = s.name .. " (" .. tostring(s.status) .. ")",
+		id = s.id,
+		label = a,
+	    }
+	end
+    end
+    if self.clientdata[action] then
+        local result, report = self.service:update(id, action)
+	local label = "Error"
+	if result then
+	    ret.active.action = action
+            label = "Report"
+	end
+	ret.text[#ret.text + 1] = { label=label, content=report }
+    end
+    ret.note=getNotes(self)
+    return ret
+end
+
+start = function(self) return service(self, "start") end
+stop = function(self) return service(self, "stop") end
+restart = function(self) return service(self, "restart") end
+
diff --git a/shorewall-html.lsp b/shorewall-html.lsp
new file mode 100644
index 0000000..efb1c38
--- /dev/null
+++ b/shorewall-html.lsp
@@ -0,0 +1,41 @@
+<?
+local form = ...
+?><h1>Edit <?= form.value.name.value
+?></h1><?= html.form.start{
+    method="POST",
+    action= form.option.script .. "/" .. form.option.prefix
+        .. form.option.controller .. "/" .. form.option.action ..
+        form.option.extra
+}
+?><table><?
+local myform = form.value 
+local tags = {
+    { "content", "longtext" },
+    { "cmd", "action" },
+    { "id", "hidden" },
+}
+
+for i,v in pairs(tags) do
+    local name = v[1]
+    local val = myform[name]
+    val.type = v[2]
+    ?><tr><td><?
+--[[
+    if val.label then
+        io.write(val.label)
+    elseif val.type ~= "hidden" then
+        io.write(name)
+    end
+--]]
+    ?></td><td><?
+    if val.name == "" then val.name = name end
+    if val.type == "longtext" then
+       val.cols = 80
+       val.rows = 24
+    end
+    ?><?= html.form[val.type](val)
+    ?></td></tr><?
+end
+?></table><?= html.form.stop()
+?>
+
diff --git a/shorewall-read-html.lsp b/shorewall-read-html.lsp
new file mode 100644
index 0000000..0ea1ec8
--- /dev/null
+++ b/shorewall-read-html.lsp
@@ -0,0 +1,27 @@
+<? local view = ... ?>
+
+<h1>Edit</h1>
+
+<? --Status Block
+    for i,item in ipairs(view.note or {}) do
+        ?><p class='error'><?= item.content ?></p><?
+    end
+?>
+
+<table border=0>
+<? local sct=""
+for i,item in ipairs(view.list) do
+    if item.section ~= sct then
+        ?><tr><td colspan='3'><h2><?= item.section ?></td></tr><?
+        sct = item.section
+    end
+    ?><tr><td><?= item.status or '' ?><?
+    ?><td><?= html.link{
+        value = view.script .. view.prefix .. view.controller .. "/"
+        .. view.action .. "?id=" .. tostring(item.id),
+        label=item.name
+    }
+    ?></td><td><?= item.descr
+    ?></td></tr><? 
+end -- vim: set filetype=lua : ?>
+</table>
diff --git a/shorewall-restart-html.lsp b/shorewall-restart-html.lsp
new file mode 100644
index 0000000..53d81b7
--- /dev/null
+++ b/shorewall-restart-html.lsp
@@ -0,0 +1,71 @@
+<?
+local view = ...
+
+local function packURL(script, prefix, controller, action, extra)
+    ret = script .. "/" .. prefix .. controller .. "/" .. action
+    sep = '?'
+    for k,v in pairs(extra) do
+        ret = ret .. sep .. k .. '=' .. v
+        sep = '&'
+    end
+    return ret
+end
+
+--[[
+view
+  script, prefix, controller
+  action[]
+    name, script, prefix, controller
+    section
+    id
+    label
+    disabled
+  active
+    id
+    action
+  title
+  text[]
+    label
+    content
+--]]
+?><h1><?= view.title
+?></h1><?
+
+--Status Block
+    for i,item in ipairs(view.note or {}) do
+        ?><p class='error'><?= item.content ?></p><?
+    end
+
+local section = ""
+for i,item in ipairs(view.action) do
+    if section ~= item.section then
+	section = item.section
+	?><h2><?= section ?></h2><?
+    end
+    if item.disabled then
+        ?><i><?= item.label or item.name ?></i><?
+    else
+        ?><?= html.form.start {   
+            method="POST",
+            action = packURL(item.script or view.script,
+                item.prefix or view.prefix,
+                item.controller or view.controller,
+                item.name, {})
+        } ?><?= html.form.hidden { name="id", value=item.id } ?><?
+        local label = (item.label or item.name)
+        if item.id == view.active.id and item.name == view.active.action then
+    	    label = '['..label..']'
+        end
+        ?><?= html.form.submit {
+	    name = item.name, value = label
+	} ?><?= html.form.stop() ?><?
+    end
+end
+for i,item in ipairs(view.text) do
+    if item.label then
+        ?><h2><?= item.label ?></h2><?
+    end
+    ?><pre><?= item.content ?></pre><?
+end
+-- vim: set filetype=lua :
+?>
diff --git a/shorewall-start-html.lsp b/shorewall-start-html.lsp
new file mode 100644
index 0000000..53d81b7
--- /dev/null
+++ b/shorewall-start-html.lsp
@@ -0,0 +1,71 @@
+<?
+local view = ...
+
+local function packURL(script, prefix, controller, action, extra)
+    ret = script .. "/" .. prefix .. controller .. "/" .. action
+    sep = '?'
+    for k,v in pairs(extra) do
+        ret = ret .. sep .. k .. '=' .. v
+        sep = '&'
+    end
+    return ret
+end
+
+--[[
+view
+  script, prefix, controller
+  action[]
+    name, script, prefix, controller
+    section
+    id
+    label
+    disabled
+  active
+    id
+    action
+  title
+  text[]
+    label
+    content
+--]]
+?><h1><?= view.title
+?></h1><?
+
+--Status Block
+    for i,item in ipairs(view.note or {}) do
+        ?><p class='error'><?= item.content ?></p><?
+    end
+
+local section = ""
+for i,item in ipairs(view.action) do
+    if section ~= item.section then
+	section = item.section
+	?><h2><?= section ?></h2><?
+    end
+    if item.disabled then
+        ?><i><?= item.label or item.name ?></i><?
+    else
+        ?><?= html.form.start {   
+            method="POST",
+            action = packURL(item.script or view.script,
+                item.prefix or view.prefix,
+                item.controller or view.controller,
+                item.name, {})
+        } ?><?= html.form.hidden { name="id", value=item.id } ?><?
+        local label = (item.label or item.name)
+        if item.id == view.active.id and item.name == view.active.action then
+    	    label = '['..label..']'
+        end
+        ?><?= html.form.submit {
+	    name = item.name, value = label
+	} ?><?= html.form.stop() ?><?
+    end
+end
+for i,item in ipairs(view.text) do
+    if item.label then
+        ?><h2><?= item.label ?></h2><?
+    end
+    ?><pre><?= item.content ?></pre><?
+end
+-- vim: set filetype=lua :
+?>
diff --git a/shorewall-stop-html.lsp b/shorewall-stop-html.lsp
new file mode 100644
index 0000000..53d81b7
--- /dev/null
+++ b/shorewall-stop-html.lsp
@@ -0,0 +1,71 @@
+<?
+local view = ...
+
+local function packURL(script, prefix, controller, action, extra)
+    ret = script .. "/" .. prefix .. controller .. "/" .. action
+    sep = '?'
+    for k,v in pairs(extra) do
+        ret = ret .. sep .. k .. '=' .. v
+        sep = '&'
+    end
+    return ret
+end
+
+--[[
+view
+  script, prefix, controller
+  action[]
+    name, script, prefix, controller
+    section
+    id
+    label
+    disabled
+  active
+    id
+    action
+  title
+  text[]
+    label
+    content
+--]]
+?><h1><?= view.title
+?></h1><?
+
+--Status Block
+    for i,item in ipairs(view.note or {}) do
+        ?><p class='error'><?= item.content ?></p><?
+    end
+
+local section = ""
+for i,item in ipairs(view.action) do
+    if section ~= item.section then
+	section = item.section
+	?><h2><?= section ?></h2><?
+    end
+    if item.disabled then
+        ?><i><?= item.label or item.name ?></i><?
+    else
+        ?><?= html.form.start {   
+            method="POST",
+            action = packURL(item.script or view.script,
+                item.prefix or view.prefix,
+                item.controller or view.controller,
+                item.name, {})
+        } ?><?= html.form.hidden { name="id", value=item.id } ?><?
+        local label = (item.label or item.name)
+        if item.id == view.active.id and item.name == view.active.action then
+    	    label = '['..label..']'
+        end
+        ?><?= html.form.submit {
+	    name = item.name, value = label
+	} ?><?= html.form.stop() ?><?
+    end
+end
+for i,item in ipairs(view.text) do
+    if item.label then
+        ?><h2><?= item.label ?></h2><?
+    end
+    ?><pre><?= item.content ?></pre><?
+end
+-- vim: set filetype=lua :
+?>
diff --git a/shorewall.menu b/shorewall.menu
new file mode 100644
index 0000000..21066d5
--- /dev/null
+++ b/shorewall.menu
@@ -0,0 +1,2 @@
+Networking Shorewall Define read
+
-- 
cgit v1.2.3