exit;
}
if (isset($_GET["DeleteSMTPAllIptableRules"])) {
firewall_delete_all_rules();
exit;
}
if (isset($_GET["PostfixAutoBlockParameters"])) {
popup_parameters();
exit;
}
if (isset($_GET["PostfixAutoBlockParametersSave"])) {
popup_parameters_save();
exit;
}
if (isset($_GET["firewall-rules-list"])) {
firewall_rules();
exit;
}
js();
function firewall_delete_rule()
{
$users = new usersMenus();
if (!$users->AsPostfixAdministrator) {
$error = html_entity_decode($tpl->_ENGINE_parse_body("{ERROR_NO_PRIVS}"));
echo "{$error}";
die;
}
$iptables_chains = new iptables_chains();
if (!$iptables_chains->deletePostfix_chain($_GET["DeleteSMTPIptableRule"])) {
echo $iptables_chains->error;
return false;
function buildconfig()
{
# $Id$";
msg_html();
$sock = new sockets();
$unix = new unix();
$php = $unix->LOCATE_PHP5_BIN();
$SquidHotSpotPort = intval($sock->GET_INFO("SquidHotSpotPort"));
$ArticaHotSpotPort = intval($sock->GET_INFO("ArticaHotSpotPort"));
$ArticaSSLHotSpotPort = intval($sock->GET_INFO("ArticaSSLHotSpotPort"));
$ArticaSplashHotSpotPort = intval($sock->GET_INFO("ArticaSplashHotSpotPort"));
$SquidHotSpotSSLPort = intval($sock->GET_INFO("SquidHotSpotSSLPort"));
$ArticaSplashHotSpotPortSSL = intval($sock->GET_INFO("ArticaSplashHotSpotPortSSL"));
$ArticaSplashHotSpotCacheAuth = $sock->GET_INFO("ArticaSplashHotSpotCacheAuth");
$ArticaSplashHotSpotCertificate = $sock->GET_INFO("ArticaSplashHotSpotCertificate");
$ArticaSplashHotSpotEndTime = $sock->GET_INFO("ArticaSplashHotSpotEndTime");
$ArticaHotSpotInterface = $sock->GET_INFO("ArticaHotSpotInterface");
$ArticaHotSpotInterface2 = $sock->GET_INFO("ArticaHotSpotInterface2");
if ($ArticaHotSpotInterface == null) {
$ArticaHotSpotInterface = "eth0";
}
$ArticaSplashHotSpotCacheAuth = $sock->GET_INFO("ArticaSplashHotSpotCacheAuth");
if (!is_numeric($ArticaSplashHotSpotCacheAuth)) {
$ArticaSplashHotSpotCacheAuth = 60;
}
$ArticaHotSpotEnableMIT = $sock->GET_INFO("ArticaHotSpotEnableMIT");
$ArticaHotSpotEnableProxy = $sock->GET_INFO("ArticaHotSpotEnableProxy");
if (!is_numeric($ArticaHotSpotEnableMIT)) {
$ArticaHotSpotEnableMIT = 1;
}
if (!is_numeric($ArticaHotSpotEnableProxy)) {
$ArticaHotSpotEnableProxy = 1;
}
if ($ArticaHotSpotInterface2 == $ArticaHotSpotInterface) {
$ArticaHotSpotInterface2 = null;
}
if ($ArticaSplashHotSpotPort == 0) {
$ArticaSplashHotSpotPort = 16080;
}
if ($ArticaSplashHotSpotPortSSL == 0) {
$ArticaSplashHotSpotPortSSL = 16443;
}
if ($ArticaHotSpotPort == 0) {
$ArticaHotSpotPort = rand(38000, 64000);
$sock->SET_INFO("ArticaHotSpotPort", $ArticaHotSpotPort);
}
if ($ArticaSSLHotSpotPort == 0) {
$ArticaSSLHotSpotPort = rand(38500, 64000);
$sock->SET_INFO("ArticaSSLHotSpotPort", $ArticaSSLHotSpotPort);
}
if ($SquidHotSpotPort == 0) {
$SquidHotSpotPort = rand(40000, 64000);
$sock->SET_INFO("SquidHotSpotPort", $SquidHotSpotPort);
}
if ($SquidHotSpotSSLPort == 0) {
$SquidHotSpotSSLPort = rand(40500, 64000);
$sock->SET_INFO("SquidHotSpotSSLPort", $SquidHotSpotSSLPort);
}
$NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES();
$IPADDR = $NETWORK_ALL_INTERFACES[$ArticaHotSpotInterface]["IPADDR"];
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: HTTP service on {$NETWORK_ALL_INTERFACES[$ArticaHotSpotInterface]["IPADDR"]} `{$IPADDR}` port\n";
}
$IPADDR2 = $NETWORK_ALL_INTERFACES[$ArticaHotSpotInterface2]["IPADDR"];
$WifiDogDebugLevel = intval($sock->GET_INFO("WifiDogDebugLevel"));
build_progress("{reconfiguring}", 60);
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: HTTP service on {$ArticaSplashHotSpotPort} port\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: HTTPS service on {$ArticaSplashHotSpotPortSSL} port\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: HotSpot service on {$ArticaHotSpotPort} port\n";
}
if ($ArticaHotSpotInterface2 != null) {
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Listen IN on {$ArticaHotSpotInterface} ( {$IPADDR} )\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Listen OUT on {$ArticaHotSpotInterface2} ( {$IPADDR2} )\n";
}
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Listen on {$ArticaHotSpotInterface} ( {$IPADDR} )\n";
}
}
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Proxy Listen on {$SquidHotSpotPort} port\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Re-authenticate each {$ArticaSplashHotSpotCacheAuth} Minutes\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Debug Level:{$WifiDogDebugLevel}\n";
}
$Checking_squid = Checking_squid($SquidHotSpotPort);
if (!$Checking_squid) {
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Reconfiguring proxy...\n";
}
shell_exec("{$php} /usr/share/artica-postfix/exec.squid.php --build --force");
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Restarting Proxy...\n";
}
shell_exec("/etc/init.d/squid restart --force");
}
build_progress("{reconfiguring}", 61);
$Checking_squid = Checking_squid($SquidHotSpotPort);
if (!$Checking_squid) {
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Reconfiguring proxy on port {$SquidHotSpotPort} Failed!!!\n";
}
}
build_progress("{reconfiguring}", 62);
if ($ArticaHotSpotEnableMIT == 1) {
$Checking_squid = Checking_squid($SquidHotSpotSSLPort);
build_progress("{reconfiguring}", 63);
if (!$Checking_squid) {
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Reconfiguring proxy...\n";
}
shell_exec("{$php} /usr/share/artica-postfix/exec.squid.php --build --force");
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Restarting Proxy...\n";
}
shell_exec("/etc/init.d/squid restart --force");
}
$Checking_squid = Checking_squid($SquidHotSpotSSLPort);
if (!$Checking_squid) {
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Reconfiguring proxy on port {$SquidHotSpotSSLPort} Failed!!!\n";
}
}
}
$modprobe = $unix->find_program("modprobe");
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: probing iptables modules...\n";
}
$array = array();
$array[] = "ip_tables";
$array[] = "ip_conntrack";
$array[] = "ip_conntrack_ftp";
$array[] = "ip_conntrack_irc";
$array[] = "iptable_nat";
$array[] = "ip_nat_ftp";
while (list($num, $ligne) = each($array)) {
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: probing {$ligne}\n";
}
shell_exec("{$modprobe} {$ligne}");
}
$sysctl = $unix->find_program("sysctl");
$echo = $unix->find_program("echo");
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Enable gateway..\n";
}
shell_exec("{$echo} 1 > /proc/sys/net/ipv4/ip_forward");
shell_exec("{$echo} 1 > /proc/sys/net/ipv4/ip_dynaddr");
shell_exec("{$sysctl} -w net.ipv4.ip_forward=1 2>&1");
shell_exec("{$echo} 1 > /proc/sys/net/ipv4/ip_forward");
$comment = " -m comment --comment \"WiFiDog_NAT\"";
if ($ArticaHotSpotInterface2 != null) {
$iptables = $unix->find_program("iptables");
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Chain {$ArticaHotSpotInterface} and {$ArticaHotSpotInterface2}\n";
}
$EXTIF = $ArticaHotSpotInterface2;
$INTIF = $ArticaHotSpotInterface;
shell_exec("{$iptables} -A FORWARD -i {$EXTIF} -o {$INTIF} -m state --state ESTABLISHED,RELATED {$comment} -j ACCEPT");
shell_exec("{$iptables} -A FORWARD -i {$INTIF} -o {$EXTIF} {$comment} -j ACCEPT");
shell_exec("{$iptables} -t nat -A POSTROUTING -o {$EXTIF} {$comment} -j MASQUERADE");
}
$ArticaSplashHotSpotCacheAuth = $ArticaSplashHotSpotCacheAuth / 2;
build_progress("{reconfiguring}", 64);
$f[] = "# WiFiDog Configuration file";
$f[] = "";
$f[] = "# Parameter: GatewayID";
$f[] = "# Default: default";
$f[] = "# Optional";
$f[] = "#";
$f[] = "# Set this to the node ID on the auth server";
$f[] = "# This is used to give a customized login page to the clients and for";
$f[] = "# monitoring/statistics purpose. If you run multiple gateways on the same";
$f[] = "# machine each gateway needs to have a different gateway id.";
$f[] = "# If none is supplied, the mac address of the GatewayInterface interface will be used,";
$f[] = "# without the : separators";
$f[] = "";
$f[] = "# GatewayID default";
$f[] = "";
$f[] = "# Parameter: ExternalInterface";
$f[] = "# Default: NONE";
$f[] = "# Optional";
$f[] = "#";
$f[] = "# Set this to the external interface (the one going out to the Inernet or your larger LAN). ";
$f[] = "# Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise,";
$f[] = "# Normally autodetected";
$f[] = "";
if ($ArticaHotSpotInterface2 != null) {
$f[] = "ExternalInterface {$ArticaHotSpotInterface2}";
} else {
$f[] = "#ExternalInterface eth0 or ppp0 otherwise";
}
$f[] = "";
$f[] = "# Parameter: GatewayInterface";
$f[] = "# Default: NONE";
$f[] = "# Mandatory";
$f[] = "#";
$f[] = "# Set this to the internal interface (typically your wifi interface). ";
$f[] = "# Typically br-lan for Openwrt (by default the wifi interface is bridged with wired lan in openwrt)";
$f[] = "# and eth1, wlan0, ath0, etc. otherwise";
$f[] = "# You can get this interface with the ifconfig command and finding your wifi interface";
$f[] = "";
$f[] = "GatewayInterface {$ArticaHotSpotInterface}";
$f[] = "";
$f[] = "# Parameter: GatewayAddress";
$f[] = "# Default: Find it from GatewayInterface";
$f[] = "# Optional";
$f[] = "#";
$f[] = "# Set this to the internal IP address of the gateway. Not normally required.";
$f[] = "";
$f[] = "#GatewayAddress 192.168.1.210";
$f[] = "";
$f[] = "# Parameter: HtmlMessageFile";
$f[] = "# Default: wifidog-msg.html";
$f[] = "# Optional";
$f[] = "#";
$f[] = "# This allows you to specify a custome HTML file which will be used for";
$f[] = "# system errors by the gateway. Any \$title, \$message and \$node variables";
$f[] = "# used inside the file will be replaced.";
$f[] = "#";
$f[] = "# HtmlMessageFile /opt/wifidog/etc/wifidog-.html";
$f[] = "";
$f[] = "# Parameter: AuthServer";
$f[] = "# Default: NONE";
$f[] = "# Mandatory, repeatable";
$f[] = "#";
$f[] = "# This allows you to configure your auth server(s). Each one will be tried in order, untill one responds.";
$f[] = "# Set this to the hostname or IP of your auth server(s), the path where";
$f[] = "# WiFiDog-auth resides in and the port it listens on.";
$f[] = "#AuthServer {";
$f[] = "#\tHostname (Mandatory; Default: NONE)";
$f[] = "#\tSSLAvailable (Optional; Default: no; Possible values: yes, no)";
$f[] = "#\tSSLPort (Optional; Default: 443)";
$f[] = "#\tHTTPPort (Optional; Default: 80)";
$f[] = "#\tPath (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.)";
$f[] = "# LoginScriptPathFragment (Optional; Default: login/? Note: This is the script the user will be sent to for login.)";
$f[] = "# PortalScriptPathFragment (Optional; Default: portal/? Note: This is the script the user will be sent to after a successfull login.)";
$f[] = "# MsgScriptPathFragment (Optional; Default: gw_message.php? Note: This is the script the user will be sent to upon error to read a readable message.)";
$f[] = "# PingScriptPathFragment (Optional; Default: ping/? Note: This is the script the user will be sent to upon error to read a readable message.)";
$f[] = "# AuthScriptPathFragment (Optional; Default: auth/? Note: This is the script the user will be sent to upon error to read a readable message.)";
$f[] = "#}";
$f[] = "";
$f[] = "AuthServer {";
$f[] = " Hostname {$IPADDR}";
$f[] = " SSLPort {$ArticaSplashHotSpotPortSSL}";
$f[] = " SSLAvailable yes";
$f[] = " HTTPPort {$ArticaSplashHotSpotPort}";
$f[] = " LoginScriptPathFragment hotspot.php?wifidog-login=yes&";
$f[] = " PingScriptPathFragment hotspot.php?wifidog-ping=yes&";
$f[] = " AuthScriptPathFragment hotspot.php?wifidog-auth=yes&";
$f[] = " PortalScriptPathFragment hotspot.php?wifidog-portal=yes&";
$f[] = " Path /";
$f[] = "}";
$f[] = "";
$f[] = "Daemon 1";
$f[] = "GatewayPort {$ArticaHotSpotPort}";
if ($ArticaHotSpotEnableProxy == 1) {
$f[] = "ProxyPort {$SquidHotSpotPort}";
}
$f[] = "HTTPDName Artica HotSpot";
$f[] = "# HTTPDMaxConn 50";
$f[] = "";
$f[] = "# Parameter: HTTPDRealm";
$f[] = "# Default: WiFiDog";
$f[] = "# Optional";
$f[] = "#";
$f[] = "# The name of the HTTP authentication realm. This only used when a user";
$f[] = "# tries to access a protected WiFiDog internal page. See HTTPUserName.";
$f[] = "# HTTPDRealm WiFiDog";
$f[] = "";
$f[] = "# Parameter: HTTPDUserName / HTTPDPassword";
$f[] = "# Default: unset";
$f[] = "# Optional";
$f[] = "#";
$f[] = "# The gateway exposes some information such as the status page through its web";
$f[] = "# interface. This information can be protected with a username and password,";
$f[] = "# which can be set through the HTTPDUserName and HTTPDPassword parameters.";
$f[] = "# HTTPDUserName admin";
$f[] = "# HTTPDPassword secret";
$f[] = "";
$f[] = "CheckInterval 120";
$f[] = "ClientTimeout {$ArticaSplashHotSpotCacheAuth}";
$f[] = "";
$f[] = "# Parameter: TrustedMACList";
$f[] = "# Default: none";
$f[] = "# Optional";
$f[] = "#";
$f[] = "# Comma separated list of MAC addresses who are allowed to pass";
$f[] = "# through without authentication";
$f[] = "#TrustedMACList 00:15:5D:01:09:06,00:00:C0:1D:F0:0D";
build_progress("{reconfiguring}", 65);
$trusted_macs = trusted_macs();
if ($trusted_macs != null) {
$f[] = "TrustedMACList {$trusted_macs}";
}
$f[] = "";
$f[] = "# Parameter: FirewallRuleSet";
$f[] = "# Default: none";
$f[] = "# Mandatory";
$f[] = "#";
$f[] = "# Groups a number of FirewallRule statements together.";
$f[] = "";
$f[] = "# Parameter: FirewallRule";
$f[] = "# Default: none";
$f[] = "# ";
$f[] = "# Define one firewall rule in a rule set.";
$f[] = "";
$f[] = "# Rule Set: global";
$f[] = "# ";
$f[] = "# Used for rules to be applied to all other rulesets except locked.";
$f[] = "FirewallRuleSet global {";
$f[] = firewall_rules(0);
$f[] = " # FirewallRule syntax:";
$f[] = " # FirewallRule (block|drop|allow|log|ulog) [(tcp|udp|icmp) [port X]] [to IP/CIDR]";
$f[] = "";
$f[] = " ## To block SMTP out, as it's a tech support nightmare, and a legal liability";
$f[] = " #FirewallRule block tcp port 25";
$f[] = " ";
$f[] = " ## Use the following if you don't want clients to be able to access machines on ";
$f[] = " ## the private LAN that gives internet access to wifidog. Note that this is not";
$f[] = " ## client isolation; The laptops will still be able to talk to one another, as";
$f[] = " ## well as to any machine bridged to the wifi of the router.";
$f[] = " # FirewallRule block to 192.168.0.0/16";
$f[] = " # FirewallRule block to 172.16.0.0/12";
$f[] = " # FirewallRule block to 10.0.0.0/8";
$f[] = " ";
$f[] = " ## This is an example ruleset for the Teliphone service.";
$f[] = " #FirewallRule allow udp to 69.90.89.192/27";
$f[] = " #FirewallRule allow udp to 69.90.85.0/27";
$f[] = " #FirewallRule allow tcp port 80 to 69.90.89.205";
$f[] = "";
$f[] = " ## Use the following to log or ulog the traffic you want to allow or block.";
$f[] = " # For OPENWRT: use of these feature requires modules ipt_LOG or ipt_ULOG present in dependencies";
$f[] = " # iptables-mod-extra and iptables-mod-ulog (to adapt it to the linux distribution). ";
$f[] = " # Note: the log or ulog rule must be passed before, the rule you want to match.";
$f[] = " # for openwrt: use of these feature requires modules ipt_LOG or ipt_ULOG present in dependencies";
$f[] = " # iptables-mod-extra and iptables-mod-ulog";
$f[] = " # For example, you want to log (ulog works the same way) the traffic allowed on port 80 to the ip 69.90.89.205:";
$f[] = " #FirewallRule log tcp port 80 to 69.90.89.205";
$f[] = " #FirewallRule allow tcp port 80 to 69.90.89.205";
$f[] = " # And you want to know, who matche your block rule:";
$f[] = " #FirewallRule log to 0.0.0.0/0";
$f[] = " #FirewallRule block to 0.0.0.0/0";
$f[] = "}";
$f[] = "";
$f[] = "# Rule Set: validating-users";
$f[] = "# Used for new users validating their account";
$f[] = "FirewallRuleSet validating-users {";
$f[] = firewall_rules(1);
$f[] = "FirewallRule allow tcp port 80 to 0.0.0.0/0";
$f[] = "FirewallRule allow tcp port 443 to 0.0.0.0/0";
$f[] = "}";
$f[] = "";
$f[] = "# Rule Set: known-users";
$f[] = "# Used for normal validated users.";
$f[] = "FirewallRuleSet known-users {";
$f[] = firewall_rules(1);
$f[] = "FirewallRule allow tcp port 80 to 0.0.0.0/0";
$f[] = "FirewallRule allow tcp port 443 to 0.0.0.0/0";
$f[] = "}";
$f[] = "";
$f[] = "# Rule Set: unknown-users";
$f[] = "#";
$f[] = "# Used for unvalidated users, this is the ruleset that gets redirected.";
$f[] = "#";
$f[] = "# XXX The redirect code adds the Default DROP clause.";
$f[] = "FirewallRuleSet unknown-users {";
$f[] = " FirewallRule allow udp port 53";
$f[] = " FirewallRule allow tcp port 53";
$f[] = " FirewallRule allow udp port 67";
$f[] = " FirewallRule allow tcp port 67";
$f[] = firewall_rules(2);
$f[] = "FirewallRule block tcp port 443 to 0.0.0.0/0";
$f[] = "}";
$f[] = "";
$f[] = "# Rule Set: locked-users";
$f[] = "#";
$f[] = "# Not currently used";
$f[] = "FirewallRuleSet locked-users {";
$f[] = " FirewallRule block to 0.0.0.0/0";
$f[] = "}";
$f[] = "";
@file_put_contents("/etc/wifidog.conf", @implode("\n", $f));
build_progress("{reconfiguring}", 90);
}
<?php
include_once('ressources/class.templates.inc');
include_once('ressources/class.ldap.inc');
include_once('ressources/class.users.menus.inc');
include_once('ressources/class.iptables-chains.inc');
$usersmenus=new usersMenus();
if($usersmenus->AsSystemAdministrator==false){exit();}
if(isset($_GET["add-range"])){firewall_range_form();exit;}
if(isset($_GET["iptables_rules"])){firewall_rules();exit();}
if(isset($_GET["edit_rule"])){firewall_rule_form();exit;}
if(isset($_POST["source_address"])){firewall_rule_save();exit;}
if(isset($_POST["sources_addresses"])){firewall_rule_save_multiples();exit;}
if(isset($_POST["DeleteIptableRule"])){firewall_rule_delete();exit;}
if(isset($_POST["EnableFwRule"])){firewall_rule_enable();exit;}
if(isset($_POST["EnableLog"])){firewall_rule_log();exit;}
if(isset($_GET["add-multiple-rules"])){firewall_multiple_form();exit;}
if(isset($_POST["range-from"])){firewall_range_save();exit;}
if(isset($_POST["EmptyAll"])){firewall_empty();exit;}
if(isset($_GET["options"])){options_js();exit;}
if(isset($_GET["options-popup"])){options_popup();exit;}
if(isset($_POST["EnableIptablesDNS"])){options_save();exit;}
firewall_popup();
if(isset($_GET["PostfixAutoBlockLoadFW"])){firewall_popup();exit;}
if(isset($_GET["PostfixAutoBlockLoadFWRules"])){echo firewall_rules();exit;}
if(isset($_GET["PostfixEnableFwRule"])){PostfixEnableFwRule();exit;}
if(isset($_GET["PostfixEnableLog"])){PostfixEnableLog();exit;}
if(isset($_GET["compile"])){PostfixAutoBlockCompile();exit;}
if(isset($_GET["compileCheck"])){PostfixAutoBlockCompileCheck();exit;}
if(isset($_GET["DeleteSMTPIptableRule"])){firewall_delete_rule();exit;}
if(isset($_GET["popup-white"])){popup_white();exit;}
if(isset($_GET["DeleteSMTPAllIptableRules"])){firewall_delete_all_rules();exit;}
if(isset($_GET["PostfixAutoBlockParameters"])){popup_parameters();exit;}
if(isset($_GET["PostfixAutoBlockParametersSave"])){popup_parameters_save();exit;}
if(isset($_GET["DeleteAllIpTablesRules"])){DeleteAllIpTablesRules();exit;}
if(isset($_GET["InstantIptablesEventAll"])){InstantIptablesEventAll();exit;}
if(isset($_GET["EventDisableIpTables"])){EventDisableIpTables();exit;}
if(isset($_GET["firewall-rules-list"])){firewall_rules();exit;}
if(isset($_GET["CompileSSHDRules"])){CompileSSHDRules();exit;}
js();
function InstantIpTablesInLeftMenu(){
$sock=new sockets();
$sock->SET_INFO("InstantIpTablesInLeftMenu",$_GET["InstantIpTablesInLeftMenu"]);
}
function firewall_delete_rule(){
$users=new usersMenus();
$tpl=new templates();
if(!$users->AsPostfixAdministrator){
$error=$tpl->javascript_parse_text("{ERROR_NO_PRIVS}");
echo "$error";