NHIPT & iptables für die 7390

cando · 27 Jul 2010

Hallo,

ich versuche mal die iptables für die 7390 gängig zu machen.

Ich bekomme folgenden Fehler:

Code:

modprobe: module ip_tables not found in modules.dep
modprobe: module iptable_filter not found in modules.dep
modprobe: module x_tables not found in modules.dep
modprobe: module ip_conntrack not found in modules.dep
modprobe: module ip_conntrack_ftp not found in modules.dep
modprobe: module ipt_LOG not found in modules.dep
modprobe: module ipt_REJECT not found in modules.dep
modprobe: module xt_multiport not found in modules.dep
modprobe: module xt_state not found in modules.dep

Die Regeln für conntrack, log, reject, multiport werden aber trotzdem akzeptiert. Hat das was zu bedeuten?

RalfFriedl · 27 Jul 2010

Entweder ist nur die Datei modules.dep nicht korrekt, aber die Module werden trotzdem geladen.
Oder die Module sind schon im Kernel fest enthalten, was aber weniger wahrscheinlich ist.

Was sagt lsmod?

olistudent · 27 Jul 2010

AVM hat soweit ich das gesehen habe iptables fest in den Kernel kompiliert.

MfG Oliver

cando · 27 Jul 2010

Scheint alles im Kernel zu sein. Ich mache gerade einen Patch für nhipt, ich habe bereits ein GUI für die iptables erfolgreich zum Laufen gebracht.

Die Log-Mimik ist ebenfalls obsolet geworden, in der 7390 kann man die iptables Logs im syslog finden.

Wie kann ich denn herausbekommen, welche Box das Interface vor sich hat, damit ich den 72xx spezifischen Teil weglassen kann?

Silent-Tears · 27 Jul 2010

/proc/sys/urlader/environment z.B. oder aus den Environment ($CONFIG_PRODUKT, etc)

cando · 27 Jul 2010

Patch für nhipt für Boxen != 72xx

Hallo,

Anbei ein Patch, der nhipt auf der 7390 lauffähig macht. Er sollte auch auf der 7270 funktionieren, ich kann es aber im Moment nicht testen, da meine 7270 zur Reparatur weg ist.

Ich hab nur die Modulerkennung etwas verändert und blende die Log Geschichten bei Boxen != 72xx aus.

Er sollte auch Probleme mit leeren Masken auf anderen Boxen beseitigen, die andere Kernel Module laden, als die 7270.

RalfFriedl · 27 Jul 2010

olistudent schrieb:
iptables fest in den Kernel kompiliert.

Heißt das, daß AVM jetzt selbst iptables verwendet? Was für Regeln sind denn mit der Standard Fimrware gesetzt? Oder ist iptables fest im Kernel und wird von AVM gar nicht verwendet?

cando · 27 Jul 2010

Ich gehe mal davon aus, dass AVM iptables nicht verwendet, da keine Regeln gesetzt waren und iptables ja auch selbst nicht im Image vorhanden war.

Aber vielleicht verwenden sie ja die netfilter Module anderweitig direkt oder aber sie haben sie im Kernel nicht herausgeschmissen vor dem Kompilieren.

olistudent · 27 Jul 2010

Könntest du deinen Patch bitte nochmal überarbeiten? Statt auf 72xx oder 73xx zu filtern fände ich es besser, wenn du die HWRevision aus dem Environment filterst. Beachte bitte dabei, dass du /var/env.cache inkludieren musst, dass die Variablen auch beim Aufruf vom httpd verfügbar sind.

MfG Oliver

cando · 27 Jul 2010

Hallo olistudent,

Mit der HWRevision kann ich irgendwie wenig anfangen, es gibt ja so viele verschiedene Revisionen, außerdem geht die Mimik ja nicht nur für die 7270, sondern auch für die anderen 72xx Boxen.

Eine Liste von HW Revisionen im Skript abzuarbeiten ist IMHO nicht sehr Zielführend.

Ich habe jetzt mal das Ganze soweit drin, dass es funktioniert. Ich muss aber noch viel testen.

Ich will auch die Anzeige / Filtern des Syslogs nach iptable Einträgen einbauen und bin noch auf der Suche nach der Ablage des Speicherorts der syslogd Datei.

Im Moment ist fest eingebaut, dass er im hinterlegten Logverzeichnis nach der Datei system.log sucht. Ist aber nicht so elegant. Besser wäre es natürlich, die Parameter vom syslogd irgendwie direkt abzugreifen (vielleicht mit einem grep auf ps).

Ich überlege mir da noch was passendes...

RalfFriedl · 27 Jul 2010

Kann man das nicht an der Kernel-Version festmachen?

cando · 27 Jul 2010

Ist nicht so wild. Ich hab es jetzt so verändert, dass das GUI nicht nach den geladenen Modulen schaut und danach entscheidet, welche Tabellen es anzeigen soll, sondern entsprechend mit try-and-error die iptables Funkionen zum Auflisten der Tabellen aufruft und bei Erfolg diese zum Editieren anbietet.

(iptables -S -t filter; iptables -S -t nat; iptables -S -t mangle; iptables -S -t raw; ip6tables -S -t filter; ip6tables -S -t mangle; ip6tables -S -t raw)

anhand des Environment ($CONFIG_PRODUKT) wird dann noch bei der 72xx die Option für den alternativen Firewall Log angeboten - mehr wird damit bislang nicht gemacht. Wenn sich die Module bereits im Kernel befinden und nicht geladen werden müssen / können, kommt nur eine Warnung in der Ausgabe, die man aber getrost ignorieren kann.

Miyamoto · 12 Nov 2010

Ich wollte gerade mal den Patch integrieren, weil mich die Meldungen im /var/mod/mod.log auch irritierten - klappt aber nicht:

Code:

user@host:~/temp/7390$ patch -u --dry-run --verbose -i nhipt.patch 
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Index: make/nhipt/files/root/usr/ipt/cgi-bin/nhipt.cgi
|===================================================================
|--- make/nhipt/files/root/usr/ipt/cgi-bin/nhipt.cgi    (revision 5289)
|+++ make/nhipt/files/root/usr/ipt/cgi-bin/nhipt.cgi    (working copy)
--------------------------
Patching file nhipt.cgi using Plan A...
Hunk #1 FAILED at 12.
Hunk #2 FAILED at 83.
Hunk #3 FAILED at 345.
Hunk #4 FAILED at 524.
Hunk #5 FAILED at 572.
Hunk #6 FAILED at 621.
Hunk #7 FAILED at 671.
Hunk #8 FAILED at 706.
8 out of 8 hunks FAILED -- saving rejects to file nhipt.cgi.rej
Hmm...  Ignoring the trailing garbage.
done

Hab' ich 'nen falschen Patch-Aufruf gemacht oder hat sich die Datei im 7390-Branch inzwischen so verändert, daß der Patch nicht mehr geht?

olistudent · 12 Nov 2010

Ich mach das eigentlich immer so:

Code:

patch -p0 < foo.patch

Tut das so nicht?

Gruß
Oliver

RalfFriedl · 12 Nov 2010

Es würde auch mit den Optionen oben gehen, wenn zusätzlich -p0 dabei wäre.

Miyamoto · 12 Nov 2010

Danke, das -p0 war mir entfleucht. Tut aber trotzdem noch nicht:

Code:

user@host:~/temp/7390$ patch -u --dry-run -p0 --verbose -i nhipt.patch
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Index: make/nhipt/files/root/usr/ipt/cgi-bin/nhipt.cgi
|===================================================================
|--- make/nhipt/files/root/usr/ipt/cgi-bin/nhipt.cgi    (revision 5289)                                                                      
|+++ make/nhipt/files/root/usr/ipt/cgi-bin/nhipt.cgi    (working copy)                                                                       
--------------------------                                                                                                                   
Patching file make/nhipt/files/root/usr/ipt/cgi-bin/nhipt.cgi using Plan A...                                                                
Hunk #1 FAILED at 12.                                                                                                                        
Hunk #2 succeeded at 77 (offset -6 lines).                                                                                                   
Hunk #3 succeeded at 346 (offset -9 lines).                                                                                                  
Hunk #4 succeeded at 524 (offset -10 lines).
Hunk #5 succeeded at 587 (offset -10 lines).
Hunk #6 succeeded at 639 (offset -10 lines).
Hunk #7 succeeded at 690 (offset -10 lines).
Hunk #8 succeeded at 736 (offset -10 lines).
1 out of 8 hunks FAILED -- saving rejects to file make/nhipt/files/root/usr/ipt/cgi-bin/nhipt.cgi.rej
Hmm...  Ignoring the trailing garbage.
done

cando, kannst Du da weiterhelfen?

RalfFriedl · 12 Nov 2010

Hast Du Dir mal den Hunk #1 angeschaut? Manchmal sind es nur Kleinigkeiten.

Miyamoto · 16 Nov 2010

Hmm, ich weiß jetzt zwar nicht, wie ich da 'n korrekten Diff draus machen kann, aber so weit ich den Patch lesen kann muß der Anfang der Datei make/nhipt/files/root/usr/ipt/cgi-bin/nhipt.cgi wohl so aussehen:

Code:

#!/bin/sh

post_string=""
if [ "$REQUEST_METHOD" = "POST" ]; then
        read post_string
fi
for INPUT_INTERFACE in $(ifconfig | grep ^[a-z] | cut -f1 -d ' '); do
        x=$x+"$INPUT_INTERFACE"
done
lanip="$(ifconfig | grep -v lan:0 | grep -A 2 lan | awk -F'[ :]+' '/inet addr/{print $4}')"
###POSTBACK INTERFACE
if [ "$QUERY_STRING" != "" ] || [ "$post_string" != "" ] || [ "$NHIPT_CONFIG" = "box" ]; then
# Ermitteln der Log Datei vom syslogd:
 
               logfile="$(ps | grep -v "grep" | grep -e "syslogd" | awk '{i=1; while (i<=20){ if ($i == "-O"){ print $(i+1)}; i++;}}')"

# awk Error Lines + 20 = Real Line
#       (awk -v IFCS=$x -v PSTR=$post_string -v QSTR=$QUERY_STRING -v LANIP=$lanip 'BEGIN { 
                (awk -v SYSLOGDFILE=$logfile -v IFCS=$x -v PSTR=$post_string -v QSTR=$QUERY_STRING -v LANIP=$lanip 'BEGIN {
                myIP = ENVIRON["REMOTE_ADDR"];
                changed = 0;            # FW CONFIGURATION CHANGED
                dirchanged = 0;         # DIRECTORIES CHANGED
                cfgchanged = 0;         # CONFIGURATION SETTINGS CHANGED
                flashmodified =0;       # WRITE TO FLASH NECESSARY
                noloadmodules =0;       # PREVENT MODULE CHANGES ON EXTERNAL CONFIG

Der Hunk #1 sah so aus:

Code:

--- make/nhipt/files/root/usr/ipt/cgi-bin/nhipt.cgi     (revision 5289)
+++ make/nhipt/files/root/usr/ipt/cgi-bin/nhipt.cgi     (working copy)
@@ -12,13 +12,14 @@
        if [ $QUERY_STRING != "" ] || [ $post_string != "" ] || [ "$NHIPT_CONFIG" = "box" ]
        then
 
+# Ermitteln der Log Datei vom syslogd:
 
+               logfile="$(ps | grep -v "grep" | grep -e "syslogd" | awk '{i=1; while (i<=20){ if ($i == "-O"){ print $(i+1)}; i++;}}')"
 
 
 
-
 # awk Error Lines + 20 = Real Line
-           (awk -v IFCS=$x -v PSTR=$post_string -v QSTR=$QUERY_STRING -v LANIP=$lanip 'BEGIN { 
+           (awk -v SYSLOGDFILE=$logfile -v IFCS=$x -v PSTR=$post_string -v QSTR=$QUERY_STRING -v LANIP=$lanip 'BEGIN { 
                myIP = ENVIRON["REMOTE_ADDR"];
                changed = 0;            # FW CONFIGURATION CHANGED
                dirchanged = 0;         # DIRECTORIES CHANGED

Allerdings funzt es nicht so recht: (/var/log/mod.log)

Code:

...
Setting up virtual network interface ... done.
configuring nhipt gui ... /usr/ipt
modprobe: module ip_tables not found in modules.dep
modprobe: module iptable_filter not found in modules.dep
modprobe: module x_tables not found in modules.dep
modprobe: module ip_conntrack not found in modules.dep
modprobe: module ip_conntrack_ftp not found in modules.dep
modprobe: module ipt_LOG not found in modules.dep
modprobe: module ipt_REJECT not found in modules.dep
modprobe: module xt_multiport not found in modules.dep
modprobe: module xt_state not found in modules.dep
iptables reconfigured
Setting up SSH authorized_keys for root ... done.
...

cando · 16 Nov 2010

Hallo,

Das ist meine "original" CGI, von der ich den patch generiert habe. Ich hoffe, das hilft Dir weiter.

Viele Grüße

cando

Code:

#!/bin/sh

	post_string=""
	if [ "$REQUEST_METHOD" = "POST" ]; then
		read post_string
	fi
	for INPUT_INTERFACE in $(ifconfig | grep ^[a-z] | cut -f1 -d ' '); do
		x=$x+"$INPUT_INTERFACE"
	done
	lanip="$(ifconfig | grep -v lan:0 | grep -A 2 lan | awk -F'[ :]+' '/inet addr/{print $4}')"
###POSTBACK INTERFACE
	if [ $QUERY_STRING != "" ] || [ $post_string != "" ] || [ "$NHIPT_CONFIG" = "box" ]
	then

# Ermitteln der Log Datei vom syslogd:

		logfile="$(ps | grep -v "grep" | grep -e "syslogd" | awk '{i=1; while (i<=20){ if ($i == "-O"){ print $(i+1)}; i++;}}')"



# awk Error Lines + 20 = Real Line
	    (awk -v SYSLOGDFILE=$logfile -v IFCS=$x -v PSTR=$post_string -v QSTR=$QUERY_STRING -v LANIP=$lanip 'BEGIN { 
		myIP = ENVIRON["REMOTE_ADDR"];
		changed = 0; 		# FW CONFIGURATION CHANGED
		dirchanged = 0; 	# DIRECTORIES CHANGED
		cfgchanged = 0; 	# CONFIGURATION SETTINGS CHANGED
		flashmodified =0; 	# WRITE TO FLASH NECESSARY
		noloadmodules =0;	# PREVENT MODULE CHANGES ON EXTERNAL CONFIG
		logtarget=0;
		loadSettings();
		if (ENVIRON["NHIPT_CONFIG"] == "box") {dirchanged=1; cfgchanged=1; login=1}
		RCOD=myConf["ADMINIP"];
		Boot=myConf["BOOT"]; Bootstrap=myConf["BOOTSTRAP"]; 
		if (Boot=="flash"){BootTarget="/tmp/flash/";}
		if (Boot=="usb"){if (myConf["BOOTDIR"] == ""){BootTarget=myConf["ROOT"] "/";} else {BootTarget=myConf["BOOTDIR"] "/";}}
		BootTargetOld = BootTarget;
		gsub(/ /,"",RCOD);
		if (RCOD > ""){
			i = split(RCOD,ipadr,"/");
			if (i > 1) {ip = ipadr[1]; mask=ipadr[2];} else {ip = ipadr[1]; mask="255.255.255.255";}
			if (index(mask,".") == 0) {
				sm = "";
				ma[8]=255; ma[7]=127; ma[6]=63; ma[5]=31; 
				ma[4]=15; ma[3]=7; ma[2]=3; ma[1]=1; ma[0]=0;
				for (i=1;i<=4;i++){if (mask >=8) {sm = sm "255.";mask=mask-8;} else {sm = sm ma[mask] ".";mask=0;}}
				mask=sm;
			}
			split(myIP,mpar,".");	split(ip,ipar,"."); split(mask,maskar,".");
			if ((and(mpar[1],maskar[1]) == and(ipar[1],maskar[1])) && (and(mpar[2],maskar[2]) == and(ipar[2],maskar[2])) && (and(mpar[3],maskar[3]) == and(ipar[3],maskar[3])) && (and(mpar[4],maskar[4]) == and(ipar[4],maskar[4]))) { login=1} else {login=0}
		} else { login = 1;}
		if (login==1) {
			if(myConf["LOGTARGET"] == "syslog"){ logtarget = 1; } else { logtarget = 0; }
			if (ENVIRON["REQUEST_METHOD"] == "POST" || ENVIRON["NHIPT_CONFIG"] == "box") {
				n = split(urldecode(PSTR), PA, "&"); for (i=1;i<=n;i++) {split(PA[i], PM, "=");Param[PM[1]] = PM[2]}
				if (ENVIRON["NHIPT_CONFIG"] == "box") {
					delete Param; 
					Param["AIRBAG"] = myConf["AIRBAG"]
					Param["BACDIR"] = ENVIRON["NHIPT_BACK"]
					Param["LOGDIR"] = ENVIRON["NHIPT_LOGD"]
					Param["PORT"] = ENVIRON["NHIPT_PORT"]
					Param["ROOT"] = ENVIRON["NHIPT_ROOT"]
					Param["SERVERIP"] = ENVIRON["NHIPT_SERVERIP"]
					Param["ADMIP"] = ENVIRON["NHIPT_ADMINIP"]
					Param["LOGTO"] = ENVIRON["NHIPT_LOGTARGET"]
					Param["BOOT"] = ENVIRON["NHIPT_BOOT"]
					Param["DELAY"] = ENVIRON["NHIPT_DELAY"]
					Param["DSLDOFF"] = ENVIRON["NHIPT_DSLDOFF"]
					Param["BOOTDIR"] = ENVIRON["NHIPT_BOOTDIR"]
					Param["BOOTSTRAP"] = ENVIRON["NHIPT_BOOTSTRAP"]
					Param["SESAV"] = "save"
					Param["SETIP"] = "set"
					myConf["PORT"] = Param["PORT"]	
					if (ENVIRON["NHIPT_START_LOG"] == "start") {Param["STRTLOG"] = "start";}
					noloadmodules=1;
				}
				if (Param["IPV6"] == 1){myCmdPrefix = "ip6";} else {myCmdPrefix = "ip";}
				table	   = Param["TABLE"];
				targetSet  = 0;
				if (Param["CUTSYSLOG"] > ""){ret = system("> " myConf["LOGD"] "/system.log"); myCmd = "syslog truncated";}
				if (Param["CUTFWLOG"] > "") {ret = system("> " myConf["LOGD"] "/fw.log"); myCmd = "firewall log truncated";}
				if (Param["SAVSYSLOG"] > ""){ret = system("mv " myConf["LOGD"] "/system.log " myConf["LOGD"] "/\"$(date +\"%Y-%m-%d-%H-%M-%S\")\"-system.log"); myCmd = "syslog saved";}
				if (Param["SAVFWLOG"] > "") {ret = system("mv " myConf["LOGD"] "/fw.log " myConf["LOGD"] "/\"$(date +\"%Y-%m-%d-%H-%M-%S\")\"-fw.log" ); myCmd = "firewall log saved";}
				if (Param["PERSIST"] > "")	{ret = persist("all"); myCmd = "Rules & services written to " BootTarget "nhipt.cfg\nold nhipt.cfg saved in " myConf["BACK"];}
				if (Param["STRTLOG"] > "")	{ret = startLogging(); myCmd = "Logging started...";}
				if (Param["STOPLOG"] > "")	{ret = stopLogging(); myCmd = "Logging stopped";}
				if (Param["GETSTAT"] > "")	{checkConfig(); hs["0"] = "...PASSED"; hs["1"] = "...FAILED!"; hs["2"] = "...NOT SAVED!"; for (x in check){ print "STATUS_" x "=" hs[check[x]]; ret += check[x];} myCmd = "Installation Status";}
				if (logtarget == 1) {
					# Use System Log
					if (SYSLOGDFILE > "") {
						if (Param["GETFWLOG"] > "")	{myCmd = "grep 'SRC=' " SYSLOGDFILE ".2 " SYSLOGDFILE ".1 " SYSLOGDFILE ".0 " SYSLOGDFILE " | tail -n 50"; ret = system(myCmd);}
						if (Param["GETSYSLOG"] > ""){myCmd = "grep -v -E \"DECT|DCT|dect|SRC=\" " SYSLOGDFILE ".2 " SYSLOGDFILE ".1 " SYSLOGDFILE ".0 " SYSLOGDFILE " | tail -n 50"; ret = system(myCmd);}
					}
				} else {
					if (Param["GETFWLOG"] > "")	{myCmd = "tail -n 50 " myConf["LOGD"] "/system.log | grep 'SRC='"; ret = system(myCmd);}
					if (Param["GETFWLOG"] > "")	{myCmd = "tail -n 50 " myConf["LOGD"] "/fw.log"; ret = system(myCmd);}
				}
#				if (Param["GETFWLOG"] > "")	{myCmd = "tail -n 50 " myConf["LOGD"] "/fw.log"; ret = system(myCmd);}
#				if (Param["GETSYSLOG"] > "")	{myCmd = "tail -n 50 " myConf["LOGD"] "/system.log"; ret = system(myCmd);}
				if (Param["SESAV"] > "")	{
					if (Param["DSLDOFF"] == "") {Param["DSLDOFF"] = 0;}
					if (myConf["BOOT"] != Param["BOOT"] ||  myConf["BACK"] != Param["BACDIR"] || Param["ROOT"] > "" || Param["BOOTSTRAP"] > "" || myConf["LOGD"] != Param["LOGDIR"] || myConf["BOOTDIR"] != Param["BOOTDIR"]){dirchanged=1; myCmd = "Saving Settings to " BootTarget "nhipt.par...";	myConf["BOOT"] = Param["BOOT"];  myConf["BACK"] = Param["BACDIR"]; myConf["LOGD"] = Param["LOGDIR"]; if (myConf["BOOTDIR"] != Param["BOOTDIR"]) {myConf["BOOTDIR"] = Param["BOOTDIR"]; Boot="newdir";} if (myConf["ROOT"] != Param["ROOT"] && Param["ROOT"] > "") {myConf["ROOT"] = Param["ROOT"];} if (myConf["BOOTSTRAP"] != Param["BOOTSTRAP"] && Param["BOOTSTRAP"] > "") {myConf["BOOTSTRAP"] = Param["BOOTSTRAP"];}}
					if (myConf["AIRBAG"] != Param["AIRBAG"]) { cfgchanged=1; if (Param["AIRBAG"] == "1") { ret = startAirbag(); myCmd = "Fasten your Seatbelts..."; } else {ret = stopAirbag(); myCmd = "You are now a big boy...";}}
					if (myConf["DELAY"] != Param["DELAY"] || myConf["DSLDOFF"] != Param["DSLDOFF"]){ cfgchanged=1; myCmd = "Changing Delay Settings for " BootTarget "nhipt.par..."; myConf["DELAY"] = Param["DELAY"]; myConf["DSLDOFF"] = Param["DSLDOFF"];}
					if (myConf["LOGTARGET"] != Param["LOGTO"]) { cfgchanged=1; if(myConf["LOGTARGET"] == "syslog"){ logtarget = 1; } else { logtarget = 0; stopLogging();}; myConf["LOGTARGET"] = Param["LOGTO"]; }
					ret = loadModules();
					ret = persist("settings");}
				if (Param["SETIP"] == "set")    {cfgchanged=1; myCmd = ""; myConf["ADMINIP"] = Param["ADMIP"]; persist("settings");}
				if (Param["EXEC"] == "execute") {myCmd = Param["EXPERT"];  	ret = system(myCmd);  if (ret==0){changed=1;}; }
				if (Param["MODE"] == "New")     {myCmd = myCmdPrefix "tables -t " table " -N " Param["CHAIN"];	ret = system(myCmd);  if (ret==0){changed=1;}}
				if (Param["DOIT"] == "Insert")  {myCmd = "";
					iprange    = "-m iprange ";
					multiport  = "-m multiport ";
					state      = "-m state ";
					esp		   = "-m esp ";
					ah		   = "-m ah ";
					comment	   = "-m comment ";
					gsub(/ /,"",Param["S"]); gsub(/ /,"",Param["D"]);      gsub(/ /,"",Param["I"]);     gsub(/ /,"",Param["O"]); 
					gsub(/ /,"",Param["P"]); gsub(/ /,"",Param["MODULE"]); gsub(/ /,"",Param["SPORT"]); gsub(/ /,"",Param["DPORT"]);
					if (Param["ROW"] == "A") { myCmd = myCmdPrefix "tables -t " table " -A " Param["CHAIN"] " ";} else {myCmd = myCmdPrefix "tables -t " table " -I " Param["CHAIN"] " " Param["ROW"] " ";} 
					if (myConf["AIRBAG"] == 1 && Param["ROW"] == 1){myCmd = "### AIRBAG FIRED ###" myCmd;}
					if (index(Param["S"],"!") > 0) { x = "! "; gsub(/!/,"",Param["S"]);} else { x = ""; }
					if (Param["S"] > "" && index(Param["S"],"-") == 0) {myCmd = myCmd "-s " x Param["S"] " ";} 
					if (Param["S"] > "" && index(Param["S"],"-") > 0)  {myCmd = myCmd iprange x "--src-range " Param["S"] " "; iprange="";}
					if (index(Param["D"],"!") > 0) { x = "! "; gsub(/!/,"",Param["D"]);} else { x = ""; }
					if (Param["D"] > "" && index(Param["D"],"-") == 0) {myCmd = myCmd "-d " x Param["D"] " ";} 
					if (Param["D"] > "" && index(Param["D"],"-") > 0)  {myCmd = myCmd iprange x "--dst-range " Param["D"] " "; iprange="";}
					if (index(Param["I"],"!") > 0) { x = "! "; gsub(/!/,"",Param["I"]);} else { x = ""; }
					if (Param["I"] > "") {myCmd = myCmd "-i " x Param["I"] " ";} 
					if (index(Param["O"],"!") > 0) { x = "! "; gsub(/!/,"",Param["O"]);} else { x = ""; }
					if (Param["O"] > "") {myCmd = myCmd "-o " x Param["O"] " ";} 
					if (index(Param["P"],"!") > 0) { x = "! "; gsub(/!/,"",Param["P"]);} else { x = ""; }
					if (Param["P"] == "icmp" && Param["EXTRA"] > "") {myCmd = myCmd "-p " x Param["P"] " --icmp-type " Param["EXTRA"] " ";} else if (Param["P"] > "") {myCmd = myCmd "-p " x Param["P"] " ";} 

					if (Param["MODULE"] == "state") { myCmd = myCmd state "--state " Param["EXTRA"] " "; state="";} 
						else if (Param["MODULE"] == "comment") { system("modprobe ipt_comment"); myCmd = myCmd comment "--comment \47" Param["EXTRA"] "\47 "; comment="";} 
						else if (Param["MODULE"] == "ah") { system("modprobe xt_ah"); myCmd = myCmd ah "--ahspi " Param["EXTRA"] " "; ah="";} 
						else if (Param["MODULE"] == "esp") { system("modprobe xt_esp"); myCmd = myCmd esp "--espspi " Param["EXTRA"] " "; esp="";} 
					if (index(Param["SPORT"],"!") > 0) { x = "! "; gsub(/!/,"",Param["SPORT"]);} else { x = ""; }
					if (Param["SPORT"] > "" &&  index(Param["SPORT"],",") == 0  && index(Param["SPORT"],":") == 0)  {myCmd = myCmd "--sport " x Param["SPORT"] " ";} 
					if (Param["SPORT"] > "" && (index(Param["SPORT"],",") > 0   || index(Param["SPORT"],":") >  0)) {myCmd = myCmd multiport x "--sports " Param["SPORT"] " "; multiport="";}
					if (index(Param["DPORT"],"!") > 0) { x = "! "; gsub(/!/,"",Param["DPORT"]);} else { x = ""; }
					if (Param["DPORT"] > "" &&  index(Param["DPORT"],",") == 0  && index(Param["DPORT"],":") == 0)  {myCmd = myCmd "--dport " x Param["DPORT"] " ";} 
					if (Param["DPORT"] > "" && (index(Param["DPORT"],",") > 0   || index(Param["DPORT"],":") >  0)) {myCmd = myCmd multiport x "--dports " Param["DPORT"] " "; multiport="";}
					if (Param["ACTION"] == "LOG" && Param["EXTRA"] >  "") {myCmd = myCmd "-j LOG --log-prefix " Param["EXTRA"]  " ";targetSet=1;} 
					if (Param["ACTION"] == "LOG" && Param["EXTRA"] == "") {myCmd = myCmd "-j LOG --log-prefix \"[IPT] \"";targetSet=1;} 
					if (Param["ACTION"] == "LOG" && Param["EXTRA"] == "") {myCmd = myCmd "-j LOG --log-prefix \"[IPT] \"";targetSet=1;} 
					if (Param["ACTION"] == "DNAT" && Param["EXTRA"] >  "") {myCmd = myCmd "-j DNAT --to-destination " Param["EXTRA"]  " ";targetSet=1;} 
					if (Param["ACTION"] == "SNAT" && Param["EXTRA"] >  "") {myCmd = myCmd "-j SNAT --to-source " Param["EXTRA"]  " ";targetSet=1;} 
					if (Param["ACTION"] == "MASQUERADE" && Param["EXTRA"] >  "") {system("modprobe ipt_MASQUERADE");myCmd = myCmd "-j MASQUERADE --to-ports " Param["EXTRA"]  " ";targetSet=1;} 
					if (Param["ACTION"] == "CONNMARK" && Param["EXTRA"] >  "") {myCmd = myCmd "-j CONNMARK --set-mark " Param["EXTRA"]  " ";targetSet=1;} 
					if (Param["ACTION"] == "REDIRECT" && Param["EXTRA"] >  "") {system("modprobe ipt_REDIRECT"); myCmd = myCmd "-j REDIRECT --to-ports " Param["EXTRA"]  " ";targetSet=1;} 
					if (Param["ACTION"] == "MARK" && Param["EXTRA"] >  "") {system("modprobe xt_MARK\nmodprobe xt_mark"); myCmd = myCmd "-j MARK --set-mark " Param["EXTRA"]  " ";targetSet=1;} 
					if (Param["ACTION"] == "NOTRACK") {system("modprobe xt_NOTRACK"); myCmd = myCmd "-j NOTRACK " Param["EXTRA"]  " ";targetSet=1;} 
					if (targetSet==0) {myCmd = myCmd "-j " Param["ACTION"];} 
					
					ret = system(myCmd);
					if (ret==0){changed=1;}
				}
			} else {
				n = split(urldecode(QSTR), PA, "&"); for (i=1;i<=n;i++) {split(PA[i], PM, "=");Param[PM[1]] = PM[2]}
				table	   = Param["TABLE"];
				if (Param["IPV6"] == 1){myCmdPrefix = "ip6";} else {myCmdPrefix = "ip";}
				if (Param["MODE"] != "UP" || Param["MODE"] != "DN") {
					if (Param["MODE"] == "POL" && Param["POL"] == "DEL")    {myCmd = myCmdPrefix "tables -t " table " -X " Param["CHAIN"];			ret = system(myCmd);if (ret==0){changed=1;}}
					if (Param["MODE"] == "POL" && Param["POL"] == "ACCEPT") {myCmd = myCmdPrefix "tables -t " table " -P " Param["CHAIN"] " ACCEPT"; 	ret = system(myCmd);if (ret==0){changed=1;}}
					if (Param["MODE"] == "POL" && Param["POL"] == "DROP")   {myCmd = myCmdPrefix "tables -t " table " -P " Param["CHAIN"] " DROP";	ret = system(myCmd);if (ret==0){changed=1;}}
					if (Param["MODE"] == "DEL")				{myCmd = myCmdPrefix "tables -t " table " -D " Param["CHAIN"] " " Param["IDX"];			ret = system(myCmd);if (ret==0){changed=1;}}
					if (Param["MODE"] == "POL" && Param["POL"] == "PURGE")  {myCmd = myCmdPrefix "tables -t " table " -F " Param["CHAIN"];			ret = system(myCmd);if (ret==0){changed=1;}}
					if (Param["MODE"] == "UP"  && Param["IDX"] > 1)         
					{
						myCmd = "(" myCmdPrefix "tables -t " table " -S " Param["CHAIN"] " " Param["IDX"] ") | awk \47{gsub(/-A/,\"" myCmdPrefix "tables -t " table " -I\",$1);gsub($2,\"& " Param["IDX"]-1 "\",$2); print $0}\47 | sh"; 
						ret = system(myCmd); if (ret==0){changed=1;}
						print "Exit Code " ret " - " myCmd;
						if (ret ==0) {myCmd = myCmdPrefix "tables -t " table " -D " Param["CHAIN"] " " Param["IDX"]+1;	ret = system(myCmd);if (ret==0){changed=1;}} else {myCmd="";}
					}
					if (Param["MODE"] == "DN")         
					{
						myCmd = "(" myCmdPrefix "tables -t " table " -S " Param["CHAIN"] " " Param["IDX"] ") | awk \47{gsub(/-A/,\"" myCmdPrefix "tables -t " table " -I\",$1);gsub($2,\"& " Param["IDX"]+2 "\",$2); print $0}\47 | sh";
						ret = system(myCmd); if (ret==0){changed=1;}
						print "Exit Code " ret " - " myCmd;
						if (ret ==0) {myCmd = myCmdPrefix "tables -t " table " -D " Param["CHAIN"] " " Param["IDX"]; ret = system(myCmd); if (ret==0){changed=1;}} else {myCmd="";}
					}
				}
			}		
			if (myConf["AIRBAG"]==1){ checkAirbag();}
			if (changed==1) {myConf["CHANGED"] = 2; saveSettings(myConf);}			
			print "Exit Code " ret " - " myCmd;
			if (flashmodified == 1){system("modsave flash");}

#for (x in myConf){print "CONFIG_" x " = " myConf[x];}
#DEBUG			for (x in myConf) {print x "=" myConf[x];}
#DEBUG			print "QUERY_STRING = " QSTR;
#DEBUG			print "POST_PARAMS = " PSTR;
		} else { print "ACCESS DENIED"; }
} # end BEGIN

function startAirbag(){myConf["AIRBAG"] = 1; if (RCOD > ""){print "...USING " RCOD;} else {RCOD = myConf["ADMINIP"] = myConf["MYIP"];} saveSettings(myConf); return checkAirbag(); }
function stopAirbag(){myConf["AIRBAG"] = 0; saveSettings(myConf); return 0; }

function checkAirbag(){
# filter INPUT, OUTPUT
	ret=0;
	if (myConf["AIRBAG"] == 1) {
		tst = system("iptables -S INPUT 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
		if (tst != 0) { system("iptables -t filter -I INPUT 1 -s " RCOD " -j ACCEPT");}
		if (myModules["ip_conntrack"] == 1){
			tst = system("iptables -S OUTPUT 1 | grep " RCOD " | grep \"RELATED,ESTABLISHED\" | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t filter -I OUTPUT 1 -d " RCOD " -m state --state RELATED,ESTABLISHED -j ACCEPT");}
		} else {
			tst = system("iptables -S OUTPUT 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t filter -I OUTPUT 1 -d " RCOD " -j ACCEPT");}
		}
		if (myModules["iptable_raw"] == 1){
			tst = system("iptables -t raw -S PREROUTING 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t raw -I PREROUTING 1 -s " RCOD " -j ACCEPT");}
			tst = system("iptables -t raw -S OUTPUT 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t raw -I OUTPUT 1 -d " RCOD " -j ACCEPT");}
		}
		if (myModules["iptable_mangle"] == 1){
			tst = system("iptables -t mangle -S PREROUTING 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t mangle -I PREROUTING 1 -s " RCOD " -j ACCEPT");}
			tst = system("iptables -t mangle -S INPUT 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t mangle -I INPUT 1 -s " RCOD " -j ACCEPT");}
			tst = system("iptables -t mangle -S OUTPUT 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t mangle -I OUTPUT 1 -d " RCOD " -j ACCEPT");}
			tst = system("iptables -t mangle -S POSTROUTING 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t mangle -I POSTROUTING 1 -d " RCOD " -j ACCEPT");}
		}
		if (myModules["iptable_nat"] == 1){
			tst = system("iptables -t nat -S PREROUTING 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t nat -I PREROUTING 1 -s " RCOD " -j ACCEPT");}
			tst = system("iptables -t nat -S OUTPUT 1 | grep " RCOnoloadmodules=D " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t nat -I OUTPUT 1 -d " RCOD " -j ACCEPT");}
			tst = system("iptables -t nat -S POSTROUTING 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t nat -I POSTROUTING 1 -d " RCOD " -j ACCEPT");}
		}
	}
	return ret;
}

function loadModules(){
	if (noloadmodules==0){
		y["main"] = "";	y["ftp"] = "_ftp"; y["h323"] = "_h323"; y["irc"] = "_irc";  y["pptp"] = "_pptp";  y["tftp"] = "_tftp";
		ret=0; nat=0; conntrack=0; mangle=0; raw=0;
		for (x in Param) {if (index(Param[x], "ip_conntrack") > 0) {conntrack=1;} if (index(Param[x], "ip_nat") > 0) {nat=1;} if (index(Param[x], "iptable_mangle") > 0) {mangle=1;} if (index(Param[x], "iptable_raw") > 0) {raw=1;}}
		if (conntrack==1){Param["ip_conntrack"] = "ip_conntrack";}
		if (nat==1)		{Param["ip_nat"] = "ip_nat"; if (myModules["iptable_nat"] != 1) {system("modprobe iptable_nat"); changed=1;}} else { if (myModules["iptable_nat"] == 1){ system("rmmod ipt_REDIRECT\nrmmod iptable_nat"); changed=1;}}
		if (mangle==1)	{if (myModules["iptable_mangle"] != 1) {system("modprobe iptable_mangle") changed=1;}} else { if (myModules["iptable_mangle"] == 1){ system("rmmod iptable_mangle"); changed=1;}}
		if (raw==1)		{if (myModules["iptable_raw"] != 1) {system("modprobe iptable_raw") changed=1;}} else { if (myModules["iptable_raw"] == 1){ system("rmmod iptable_raw"); changed=1;}}
		for (x in y){
			if (Param["ip_conntrack" y[x]] == ("ip_conntrack" y[x]) && myModules["ip_conntrack" y[x]] != 1) {ret = system("modprobe ip_conntrack" y[x]); print "Loading " x " ..."; changed=1;}
			else if (Param["ip_conntrack" y[x]] == "" && myModules["ip_conntrack" y[x]] == 1) {ret = system("rmmod ip_conntrack" y[x]); print "Un-Load " x "..."; changed=1;}
			if (Param["ip_nat" y[x]] == ("ip_nat" y[x]) && myModules["ip_nat" y[x]] != 1) {ret = system("modprobe ip_nat" y[x]); print "Loading " x " ..."; changed=1;}
			else if (Param["ip_nat" y[x]] == "" && myModules["ip_nat" y[x]] == 1) {ret = system("rmmod ip_nat" y[x]); print "Un-Load " x "..."; changed=1;}
		}
	}
	return ret;
}
function checkConfig(){
	if (RCOD > "") {check["admin_set"] = 0; } else {check["admin_set"] = 1;}
	check["changed"] = myConf["CHANGED"];
	check["iptables"] = system("iptables -S INPUT 1 1> /dev/null");	
	if (logtarget == 0) {
		check["directory_log"] = system("ls " myConf["LOGD"] " 1> /dev/null");
		check["log_running"] = system("ps | grep -v grep | grep iptlogger 1> /dev/null");
		check["log_x_flag"] = system("ls -l /var/tmp/iptlogger.sh | grep x 1> /dev/null");
		check["watchdog_file"] = system("ls -l /var/tmp/logfw.sh 1> /dev/null");
		check["watchdog_x_flag"] = system("ls -l /var/tmp/logfw.sh | grep x 1> /dev/null");
		check["watchdog_running"] = system("ps | grep -v grep | grep logfw 1> /dev/null");
	}
	if (myConf["BACK"]==""){check["directory_backup"] = 0;} else {check["directory_backup"] = system("ls " myConf["BACK"] " 1> /dev/null");}
	print "modules loaded :";
	system("lsmod \| grep \"^ip_\\\|^ipt_\\\|^iptable\\\|^x_\\\|^xt_\" \| awk \47{print $1}\47 \| sort");
}
function createWatchdog(){
	print "creating watchdog...";
	ret = system("(cat <<EOF > /var/tmp/logfw.sh \n#!/bin/sh\n\nrunning=\\$(ps | grep -v grep | grep -o iptlogger)\
if [ -z \\$running ]\nthen\necho \"starting log deamon\"\nsh /var/tmp/iptlogger.sh\
myexit=0\nwhile [ \\$myexit -eq 0 ]\ndo\nsleep 15\nrunning=\\$(ps | grep -v grep | grep -o iptlogger)\
if [ -z \\$running ]\nthen\necho \"terminating log deamon\"\nmyexit=1\
else\ngrep -E -v \"<4>|DECT|DCT|^$\" /var/tmp/system.log | sed \"s/^/\\$(date +\47%Y-%m-%d %H:%M:%S\47) /\" >> " myConf["LOGD"] "/system.log\
grep \"<4>\" /var/tmp/system.log | sed \"s/^/\\$(date +\47%Y-%m-%d %H:%M:%S\47) /\" >> " myConf["LOGD"] "/fw.log\
echo \"\" > /var/tmp/system.log\ nmyexit=0\nfi\ndone\nelse\necho \"already running, giving up\"\nfi\nEOF\n\n)");
ret += system("chmod +x /var/tmp/logfw.sh");
	return ret;
}
function createIptlogger(){
	ret = system("(cat <<EOF > /var/tmp/iptlogger.sh \
#!/bin/sh\n\nrunning=\\$(ps | grep -v grep | grep -o iptlogger)\nif [ -n \\$running ]\nthen\nexit 1\nfi\
running=\\$(ps | grep -v grep | grep -o logfw)\nif [ -z \\$running ]\nthen\nexit 2\nfi\
cat /dev/debug > /var/tmp/system.log & \nEOF\n\nchmod +x  /var/tmp/iptlogger.sh\n\)");
	return ret;
}
function createStartSequence(logtarget){
if (logtarget == 0) {
if (myConf["BACK"] == ""){ myBackUp = ""; } else { myBackUp = "cat " BootTargetOld "nhipt.cfg > " myConf["BACK"] "/\"$(date +\"%Y-%m-%d-%H-%M-%S\")\"-nhipt.cfg\n";}
ret = system("(" myBackUp "cat <<EOF > /var/tmp/nhipt.cfg \n#!/bin/sh\n\n" dsldoff bootdelay dsldon "\n\
. /mod/etc/conf/mod.cfg\
echo \"/:\\$MOD_HTTPD_USER:\\$MOD_HTTPD_PASSWD\" > /mod/etc/httpd.conf\n\
httpd -P /var/run/nhipd.pid -p " LANIP ":" myPort " -h " myRoot " -c /mod/etc/httpd.conf -r Freetz\n \
echo \"#!/bin/sh\" > /var/tmp/logfw.sh\necho \"\" >> /var/tmp/logfw.sh\
echo \47running=\\$(ps | grep -v grep | grep -o iptlogger)\47 >> /var/tmp/logfw.sh\
echo \47if [ -z \\$running ]\47 >> /var/tmp/logfw.sh\
echo \47then\47 >> /var/tmp/logfw.sh\
echo \47echo \"starting log deamon\"\47 >> /var/tmp/logfw.sh\
echo \47sh /var/tmp/iptlogger.sh\47 >> /var/tmp/logfw.sh\
echo \47myexit=0\47 >> /var/tmp/logfw.sh\
echo \47while [ \\$myexit -eq 0 ]\47 >> /var/tmp/logfw.sh\
echo \47do\47 >> /var/tmp/logfw.sh\
echo \47sleep 15\47 >> /var/tmp/logfw.sh\
echo \47running=\\$(ps | grep -v grep | grep -o iptlogger)\47 >> /var/tmp/logfw.sh\
echo \47if [ -z \\$running ]\47 >> /var/tmp/logfw.sh\
echo \47then\47 >> /var/tmp/logfw.sh\
echo \47echo \"terminating log deamon\"\47 >> /var/tmp/logfw.sh\
echo \47myexit=1\47 >> /var/tmp/logfw.sh\
echo \47else\47 >> /var/tmp/logfw.sh\
echo \47grep -E -v \"<4>|DECT|DCT|^$\" /var/tmp/system.log | sed \"s/^/\\$(date +\47\\\47\47%Y-%m-%d %H:%M:%S\47\\\47\47) /\" >> " myConf["LOGD"] "/system.log\47 >> /var/tmp/logfw.sh\
echo \47grep \"<4>\" /var/tmp/system.log | sed \"s/^/\\$(date +\47\\\47\47%Y-%m-%d %H:%M:%S\47\\\47\47) /\" >> " myConf["LOGD"] "/fw.log\47 >> /var/tmp/logfw.sh\
echo \47echo \"\" > /var/tmp/system.log\47 >> /var/tmp/logfw.sh\
echo \47myexit=0\47 >> /var/tmp/logfw.sh\
echo \47fi\47 >> /var/tmp/logfw.sh\
echo \47done\47 >> /var/tmp/logfw.sh\
echo \47else\47 >> /var/tmp/logfw.sh\
echo \47echo \"already running, giving up\"\47 >> /var/tmp/logfw.sh\
echo \47fi\47 >> /var/tmp/logfw.sh\
\nchmod +x  /var/tmp/logfw.sh\
cat  " BootTarget "nhipt.par > /var/tmp/nhipt.par\n\
echo \"#!/bin/sh\" > /var/tmp/iptlogger.sh\necho \"\" >> /var/tmp/iptlogger.sh\
echo \47running=\\$(ps | grep -v grep | grep -o iptlogger)\47 >> /var/tmp/iptlogger.sh\
echo \47if [ -n \\$running ]\47 >> /var/tmp/iptlogger.sh\
echo \47then\47 >> /var/tmp/iptlogger.sh\
echo \47exit 1\47 >> /var/tmp/iptlogger.sh\
echo \47fi\47 >> /var/tmp/iptlogger.sh\
echo \47running=\\$(ps | grep -v grep | grep -o logfw)\47 >> /var/tmp/iptlogger.sh\
echo \47if [ -z \\$running ]\47 >> /var/tmp/iptlogger.sh\
echo \47then\47 >> /var/tmp/iptlogger.sh\
echo \47exit 2\47 >> /var/tmp/iptlogger.sh\
echo \47fi\47 >> /var/tmp/iptlogger.sh\
echo \"cat /dev/debug > /var/tmp/system.log & \" >> /var/tmp/iptlogger.sh\n\
iptables -P INPUT  ACCEPT\niptables -P OUTPUT ACCEPT\niptables -F\niptables -X\
date > /var/tmp/system.log\n\nchmod 777 /var/tmp/system.log \
chmod +x  /var/tmp/iptlogger.sh\n\
sh /var/tmp/logfw.sh & \n\
\nEOF\n)\n");
} else {
if (myConf["BACK"] == ""){ myBackUp = ""; } else { myBackUp = "cat " BootTargetOld "nhipt.cfg > " myConf["BACK"] "/\"$(date +\"%Y-%m-%d-%H-%M-%S\")\"-nhipt.cfg\n";}
ret = system("(" myBackUp "cat <<EOF > /var/tmp/nhipt.cfg \n#!/bin/sh\n\n" dsldoff bootdelay dsldon "\n\
. /mod/etc/conf/mod.cfg\
echo \"/:\\$MOD_HTTPD_USER:\\$MOD_HTTPD_PASSWD\" > /mod/etc/httpd.conf\n\
httpd -P /var/run/nhipd.pid -p " LANIP ":" myPort " -h " myRoot " -c /mod/etc/httpd.conf -r Freetz\n \
\nEOF\n)\n");
}
return ret;
}
function appendRules(){
ret = system("(cat <<EOF >> /var/tmp/nhipt.cfg \n\
###FIREWALL###\n" bootModules() "\n\n \
\nEOF\n)\
if [ -n \"$(iptables -S -t filter  | grep -e \47^Table does not exist\47)\" ];	then touch /var/tmp/iptfilter.tmp;	else (iptables -t filter -S  2> /dev/null) | awk \47{print \"iptables -t filter \" $0}\47  >> /var/tmp/nhipt.cfg; fi\
if [ -n \"$(iptables -S -t nat     | grep -e \47^Table does not exist\47)\" ];	then touch /var/tmp/iptfilter.tmp;	else (iptables -t nat -S     2> /dev/null) | awk \47{print \"iptables -t nat \" $0}\47     >> /var/tmp/nhipt.cfg; fi\
if [ -n \"$(iptables -S -t mangle  | grep -e \47^Table does not exist\47)\" ];	then touch /var/tmp/iptfilter.tmp;	else (iptables -t mangle -S  2> /dev/null) | awk \47{print \"iptables -t mangle \" $0}\47  >> /var/tmp/nhipt.cfg; fi\
if [ -n \"$(iptables -S -t raw     | grep -e \47^Table does not exist\47)\" ];	then touch /var/tmp/iptfilter.tmp;	else (iptables -t raw -S     2> /dev/null) | awk \47{print \"iptables -t raw \" $0}\47     >> /var/tmp/nhipt.cfg; fi\
if [ -n \"$(ip6tables -S -t filter | grep -e \47^Table does not exist\47)\" ];	then touch /var/tmp/iptfilter.tmp;	else (ip6tables -t filter -S 2> /dev/null) | awk \47{print \"ip6tables -t filter \" $0}\47 >> /var/tmp/nhipt.cfg; fi\
if [ -n \"$(ip6tables -S -t mangle | grep -e \47^Table does not exist\47)\" ];	then touch /var/tmp/iptfilter.tmp;	else (ip6tables -t mangle -S 2> /dev/null) | awk \47{print \"ip6tables -t mangle \" $0}\47 >> /var/tmp/nhipt.cfg; fi\
if [ -n \"$(ip6tables -S -t raw    | grep -e \47^Table does not exist\47)\" ];	then touch /var/tmp/iptfilter.tmp;	else (ip6tables -t raw -S    2> /dev/null) | awk \47{print \"ip6tables -t raw \" $0}\47    >> /var/tmp/nhipt.cfg; fi\
cat /var/tmp/nhipt.cfg > " BootTarget "nhipt.cfg");
return ret;
}
function startLogging(){
	if (logtarget == 1) {return 0;}
	ret = system("ps | grep -v \"grep\" | grep \"iptlogger\"");
	if (ret == 0) { print "Sevice already running"; return 0;} 
	else {
		ret = 0; 	
		print "Starting Service..."; 
		if (system("test -f /var/tmp/iptlogger.sh") == 0 ) { print "...starting existing service..."; } else { print "...creating iptlogger.sh..."; ret = createIptlogger(); }
		if (system("test -f /var/tmp/logfw.sh") == 0 ) { print "...starting watchdog"; } else { print "...creating watchdog"; ret = createWatchdog(); }
		return ret += system("sh /var/tmp/logfw.sh&"); 
	}
}
function stopLogging()
{	print "Stopping deamon iptlogger.sh"; 
	ret = system("ps | grep -v grep | grep iptlogger | awk \47{print $1}\47 | xargs kill");
	ret += system("ps | grep -v grep | grep logfw | awk \47{print $1}\47 | xargs kill");
	return ret;
}
function persist(mode){
	if (dirchanged==1){
		ret = system("ls " myConf["LOGD"] " 1> /dev/null");
		if (ret != 0){ system("mkdir " myConf["LOGD"]); print "creating " myConf["LOGD"]; }
		if (myConf["BACK"] != "") {	ret = system("ls " myConf["BACK"] " 1> /dev/null"); 	if (ret != 0){ system("mkdir " myConf["BACK"]); print "creating " myConf["BACK"];}}
		ret = system("ls " myConf["BOOTDIR"] " 1> /dev/null"); 
		if (ret != 0){ system("mkdir " myConf["BOOTDIR"]); print "creating " myConf["BOOTDIR"]; }
	}
	if (Boot!=myConf["BOOT"] || Bootstrap!=myConf["BOOTSTRAP"]){
		if (myConf["BOOTSTRAP"] == "freetz"){myBootstrap="/tmp/flash/nhiptboot.cfg"; flashmodified=1;} else {myBootstrap="/var/flash/debug.cfg";}
		flashmodified = 1;
		if (myConf["BOOT"]=="flash"){BootTarget="/tmp/flash/";myDelay="";}
		if (myConf["BOOT"]=="usb"){
			if (myConf["BOOTDIR"] == ""){BootTarget=myConf["ROOT"] "/"; myConf["BOOTDIR"]=myConf["ROOT"]} else {BootTarget=myConf["BOOTDIR"] "/";} 
			myDelay= "for i in 1 2 3 4 5 6 7 8\ndo\n sleep 5\necho \"retry $i times\"\n  if [ -r " BootTarget "nhipt.par ]\n  then\n echo \"usb stick connected\"\n	break\n  fi \ndone\n\n";
		}
		myCmd = "Saving Settings to " BootTarget "...";
		printed=0;
		system("rm /var/tmp/debug.cfg")
		if( system("grep \"#NHIPT-START#\" " myBootstrap) == 0) {
			found = 0;
			while ((ret = getline test < myBootstrap) > 0) {
				if (test == "###NHIPT-START###" && found==0){print "###NHIPT-START###\n\n" myDelay "\ncat " BootTarget "nhipt.cfg > /var/tmp/nhipt.cfg\ncat " BootTarget "nhipt.par > /var/tmp/nhipt.par\nchmod +x /var/tmp/nhipt.cfg\n/bin/sh /var/tmp/nhipt.cfg &\n###NHIPT-END###\n" >> "/var/tmp/debug.cfg";printed=1;found=1;}
				if (found==0 || found==3 ){print test >> "/var/tmp/debug.cfg";}
				if (found==2){found=3};
				if (test == "###NHIPT-END###"){found = 2;print "Found Footer";}
				}
			if (ret==0) {close (myBootstrap);}
		}
		if (printed==0) {print "###NHIPT-START###\ncat " BootTarget "nhipt.cfg > /var/tmp/nhipt.cfg\ncat " BootTarget "nhipt.par > /var/tmp/nhipt.par\nchmod +x /var/tmp/nhipt.cfg\n/bin/sh /var/tmp/nhipt.cfg\n###NHIPT-END###\n" >> "/var/tmp/debug.cfg";printed=1;}
		system("cat /var/tmp/debug.cfg > " myBootstrap);	
		mode="all";
		print "STAGE0 - bootstrap reconfigured"
	}
	if (myConf["DSLDOFF"] == 1) {dsldoff = "dsld -s\n"; dsldon = "dsld -i -n\n";} else {dsldoff=""; dsldon=""; }
	if (myConf["DELAY"] > 0) 	{bootdelay = "sleep " myConf["DELAY"] "\n";} else {bootdelay = ""; dsldoff=""; dsldon="";}
	if (mode=="all"){
		# SAVE ALL
		cfgchanged=1;
		ret = createStartSequence(logtarget);
		ret += appendRules();
		print "STAGE1 - complete bootfile written";
		if (ret==0){myConf["CHANGED"]=0; ret=saveSettings(myConf);}
		if (myConf["BOOT"] == "flash") {flashmodified=1;}
	} else if(cfgchanged == 1 || dirchanged == 1) {
		#SAVE CONFIG AND BOOTLOADER
		ret = createStartSequence(logtarget);
		print "STAGE2 - bootloader only written";
		# APPEND SAVED FIREWALL RULES
		found = 0;
		while ((ret = getline test < "" BootTargetOld "nhipt.cfg") > 0) {
			if (test == "###FIREWALL###"){found = 1;}
			if (found == 1){print test >> "/var/tmp/nhipt.cfg";}
		}
		if (ret==0) {close ("" BootTargetOld "nhipt.cfg");}
		ret = system("cat /var/tmp/nhipt.cfg > " BootTarget "nhipt.cfg");
		print "STAGE3 - preserved rules appended";
		tmpCnfChg = myConf["CHANGED"]; myConf["CHANGED"]=0; cfgchanged=1;
		ret += saveSettings(myConf);
		myConf["CHANGED"] = tmpCnfChg;
		saveSettings(myConf);
		if (myConf["BOOT"] == "flash") {flashmodified=1;}
	} else {
		myCmd = "Nothing to save"; ret=0;
	}
	return ret;
} 
function bootModules(){
	strRet = ""
	system("lsmod \| grep \"^ip_\\\|^ipt_\\\|^iptable\\\|^x_\\\|^xt_\" \| awk \47{print $1}\47 \| sort > /var/tmp/nhipt.yyy");
	system("lsmod \| grep \"^ip6_\\\|^ip6t_\\\|^ip6table\" \| awk \47{print $1}\47 \| sort >> /var/tmp/nhipt.yyy");
	while((stat = getline test < "/var/tmp/nhipt.yyy") > 0) { strRet = strRet "modprobe " test "\n"	;}
	if (stat==0) { close("/var/tmp/nhipt.yyy");}
	return strRet;
}
function loadSettings(){
	system("lsmod \| grep \"^ip_\\\|^ipt_\\\|^iptable\\\|^x_\\\|^xt_\" \| awk \47{print $1}\47 \| sort > /var/tmp/nhipt.yyy");
	while((stat = getline test < "/var/tmp/nhipt.yyy") > 0) { myModules[test] = 1; }
	if (stat==0) { close("/var/tmp/nhipt.yyy");}
	while ((stat = getline test < "/var/tmp/nhipt.par") > 0) { split(test ,par,"=");myConf[par[1]] = par[2]; }
	if (stat==-1) {print "Parameter file not found in RAM-disk, loading boot settings"; system("cat " BootTarget "nhipt.par > /var/tmp/nhipt.par");
		while ((stat = getline test < "/var/tmp/nhipt.par") > 0) { split(test ,par,"=");myConf[par[1]] = par[2]; }
	}
	if (stat==0) { close("/var/tmp/nhipt.par");}
	if (myConf["PORT"] > "") { myPort = myConf["PORT"]} else {myPort = substr(ENVIRON["HTTP_REFERER"],index(ENVIRON["HTTP_REFERER"],".")); myPort = substr(myPort, index(myPort,":")+1); myPort = substr(myPort,1,index(myPort,"/")-1); myConf["PORT"] = myPort;}
	if (myConf["ROOT"] > "") { myRoot = myConf["ROOT"]} else {myRoot = substr(ENVIRON["SCRIPT_FILENAME"],1,index(ENVIRON["SCRIPT_FILENAME"],"cgi-bin")-2);; myConf["ROOT"] = myRoot;}
#	if (myConf["BACK"] == "") { myConf["BACK"] = myRoot;}
	if (myConf["LOGD"] == "") { myConf["LOGD"] = myRoot;}
	myConf["MYIP"] = myIP;
	return stat;
}
function saveSettings(Settings){
	ret = system("rm /var/tmp/nhipt.par");
	for (s in Settings){ret += system("echo \"" s "=" Settings[s] "\" >> /var/tmp/nhipt.par"); }
	if (flashmodified == 1 || dirchanged == 1 || cfgchanged == 1){
		ret += system("cat /var/tmp/nhipt.par > " BootTarget "nhipt.par");
		print "STAGE4 - settings saved";
		if (dirchanged == 1 && logtarget == 0) { 
			logDeamonIsRunning = system("ps | grep -v grep | grep iptlogger 1> /dev/null"); 
			if (logDeamonIsRunning == 0) { ret=stopLogging(); ret=createIptlogger(); ret+=createWatchdog();	ret+=startLogging(); print "STAGE5 - fw and system log reconfigured";}
		}
		## Remove orphaned boot files
		if (BootTargetOld != BootTarget){ system("rm " BootTargetOld "/nhipt.*"); print "STAGE5 - housekeeping after transfer";}
		dirchanged=0; cfgchanged=0;
	}
	return ret;
}
function urldecode (s) {
	hextab["0"] = 0;	hextab["8"] = 8;
	hextab["1"] = 1;	hextab["9"] = 9;
	hextab["2"] = 2;	hextab["A"] = hextab["a"] = 10;
	hextab["3"] = 3;	hextab["B"] = hextab["b"] = 11;
	hextab["4"] = 4;	hextab["C"] = hextab["c"] = 12;
	hextab["5"] = 5;	hextab["D"] = hextab["d"] = 13;
	hextab["6"] = 6;	hextab["E"] = hextab["e"] = 14;
	hextab["7"] = 7;	hextab["F"] = hextab["f"] = 15;
 	decoded = "";
	i   = 1;RELATED,ESTABLISHED
	len = length (s);
	while ( i <= len ) {
	    c = substr (s, i, 1);
	    if ( c == "%" ) {
	    	if ( i+2 <= len ) {
		    c1 = substr (s, i+1, 1);
		    c2 = substr (s, i+2, 1);
		    if ( hextab[c1] == "" || hextab[c2] == "" ) { print "WARNING: invalid hex encoding: %" c1 c2 | "cat >&2"; } else {
		    	code = 0 + hextab[c1] * 16 + hextab[c2] + 0;
		    	c = sprintf ("%c", code);
			i = i + 2;
		    }
		} else {print "WARNING: invalid % encoding: " substr (s, i, len - i) | "cat >&2"; }
	    } else if ( c == "+" ) { c = " ";}
	    decoded = decoded c;
	    i++;
	}
	return decoded;
	} # end urldecode
	{
	} # end main
	END
	{		
 	}' 2>&1) >> /var/tmp/nhipt.log
fi

if [ "$NHIPT_CONFIG" = "box" ] 
then 
	echo "iptables reconfigured"
else

### HTML FORM

touch /var/tmp/iptfilter.tmp;
touch /var/tmp/iptnat.tmp;
touch /var/tmp/iptmangle.tmp;
touch /var/tmp/iptraw.tmp;
touch /var/tmp/ip6tfilter.tmp;
touch /var/tmp/ip6tmangle.tmp;
touch /var/tmp/ip6traw.tmp;		 

if [ -n "$(iptables -S -t filter | grep -e '^Table does not exist')" ];	then touch /var/tmp/iptfilter.tmp;	else iptables -t filter -S > /var/tmp/iptfilter.tmp; 	fi
if [ -n "$(iptables -S -t nat    | grep -e '^Table does not exist')" ];	then touch /var/tmp/iptnat.tmp;		else iptables -t nat -S > /var/tmp/iptnat.tmp; 			fi
if [ -n "$(iptables -S -t mangle | grep -e '^Table does not exist')" ];	then touch /var/tmp/iptmangle.tmp;	else iptables -t mangle -S > /var/tmp/iptmangle.tmp; 	fi
if [ -n "$(iptables -S -t raw 	 | grep -e '^Table does not exist')" ];	then touch /var/tmp/iptraw.tmp;		else iptables -t raw -S > /var/tmp/iptraw.tmp; 			fi

if [ -n "$(ip6tables -S -t filter | grep -e '^-sh: ip6tables: not found')" ]; 
then 
		touch /var/tmp/ip6tfilter.tmp;
		touch /var/tmp/ip6tmangle.tmp;
		touch /var/tmp/ip6traw.tmp;		 
else 
		if [ -n "$(ip6tables -S -t filter | grep -e '^Table does not exist')" ];	then touch /var/tmp/ip6tfilter.tmp;	else ip6tables -t filter -S > /var/tmp/ip6tfilter.tmp; 	fi
		if [ -n "$(ip6tables -S -t mangle | grep -e '^Table does not exist')" ];	then touch /var/tmp/ip6tmangle.tmp;	else ip6tables -t mangle -S > /var/tmp/ip6tmangle.tmp; 	fi
		if [ -n "$(ip6tables -S -t raw 	  | grep -e '^Table does not exist')" ];	then touch /var/tmp/ip6traw.tmp;	else ip6tables -t raw -S > /var/tmp/ip6traw.tmp; 		fi
fi

  echo "$(awk -v IFCS=$x -v PSTR=$post_string -v QSTR=$QUERY_STRING 'BEGIN { 
	print "Content-type: text/html"
	print ""
	print "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"  \"http://www.w3.org/TR/html4/strict.dtd\">";
	print "<html xmlns=\"http://www.w3.org/1999/xhtml\" >";
	print "<head>";
	print "<title>NHIPT - IPTABLES FIREWALL ADMIN INTERFACE FOR FRITZ!BOX 7270</title>";
	print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />";
	print "<meta http-equiv=\"pragma\" content=\"no-cache\">";
	print "<meta http-equiv=\"expires\" content=\"-1\">";
	print "<meta name=\"expires\" content=\"0\">";
	print "<STYLE>";
	print "TR			{background-color:#FFFFFF;}";
	print "TR:hover		{background-color:#CCCCCC;}";
	print "TR.solid		{background-color:#FFFFFF;}";
	print "H1			{FONT-FAMILY: Arial, Verdana, sans-serif; color:#FF0000; text-align:center; border:10px solid red; padding:10px 10px 10px 10px; margin: 10px 10px 10px 10px; vertical-align:middle;}";
	print "TD			{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:center; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px;}";
	print "TD.ACCEPT	{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:center; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px;background-color:#CCFFCC;}";
	print "TD.DROP		{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:center; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px;background-color:#FFCCCC;}";
	print "TD.error		{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:center; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px;background-color:#FF8080;}";
	print "TD.ok		{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:center; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px;background-color:#80FF80;}";
	print "TD.noborder	{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:left;   border:1px solid white;  padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; vertical-align:top;}";
	print "TD.log		{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:left;   border:1px solid white; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; background-color:#EEEEEE;}";
	print "TH			{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:center; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; font-weight:bold;background-color:#EEEEEE;}";
	print "TH.left		{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:left; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; font-weight:bold;background-color:#EEEEEE;}";
	print "TH.right		{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:right; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; font-weight:bold;background-color:#EEEEEE; vertical-align:top;}";
	print "TD.left		{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:left; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px;}";
	print "TABLE		{padding:0;}";
	print "INPUT[type=text]{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:center; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; width:95%;}";
	print "INPUT[type=submit]{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:center; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; width:95%;}";
	print "INPUT.expert	{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; background-color:#FFCCCC; text-align:left; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; width:99%;}";
	print "INPUT.admin	{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; background-color:#FFFFFF; text-align:left; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; width:95%;}";
	print "INPUT.adminr	{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; background-color:#FFCCCC; text-align:left; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; width:95%;}";
	print "INPUT.adming	{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; background-color:#CCFFCC; text-align:left; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; width:95%;}";
	print "SELECT		{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:center; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; width:95%;}";
	print "</STYLE>";
	print "</head>";
	print "<body>";
	exitSwitch=0;

    BoxType = substr(ENVIRON["CONFIG_PRODUKT"],index(ENVIRON["CONFIG_PRODUKT"],"Box_") + 4, 2);

	system("lsmod \| grep \"^ip_\\\|^ipt_\\\|^iptable\\\|^x_\\\|^xt_\" \| awk \47{print $1}\47 \| sort > /var/tmp/nhipt.yyy");
	ip6enabled = system("lsmod | grep -e \47^ipv6\47 1> /dev/null");
	while((stat = getline test < "/var/tmp/nhipt.yyy") > 0) { myModules[test] = 1;} if (stat==0) { close("/var/tmp/nhipt.yyy"); system("rm /var/tmp/nhipt.yyy");}
	while ((stat = getline test < "/var/tmp/nhipt.par") > 0) { split(test,par,"=");myConf[par[1]] = par[2]; }
	RCOD=myConf["ADMINIP"];
	if (stat==-1) {system("cat " BootTarget "nhipt.par > /var/tmp/nhipt.par"); while ((stat = getline test < "/var/tmp/nhipt.par") > 0) { split(test,par,"=");myConf[par[1]] = par[2]; }}
	if (stat==0) { close("/var/tmp/nhipt.par");}
	if (myConf["PORT"] > "") { myPort = myConf["PORT"]} else {myPort = substr(ENVIRON["HTTP_REFERER"],index(ENVIRON["HTTP_REFERER"],".")); myPort = substr(myPort, index(myPort,":")+1); myPort = substr(myPort,1,index(myPort,"/")-1); myConf["PORT"] = myPort;}
	if (myConf["ROOT"] > "") { myRoot = myConf["ROOT"]} else {myRoot = substr(ENVIRON["SCRIPT_FILENAME"],1,index(ENVIRON["SCRIPT_FILENAME"],"cgi-bin")-2); myConf["ROOT"] = myRoot;}
#	if (myConf["BACK"] == "") { myConf["BACK"] = myRoot;}
	if (myConf["LOGD"] == "") { myConf["LOGD"] = myRoot;}
	myConf["MYIP"] = myIP = ENVIRON["REMOTE_ADDR"];
	#CHECK LOGIN CREDENTIALS
	gsub(/ /,"",RCOD); 
	if (RCOD > ""){ i = split(RCOD,ipadr,"/"); if (i > 1) {ip = ipadr[1]; mask=ipadr[2];} else {ip = ipadr[1]; mask="255.255.255.255";} if (index(mask,".") == 0) { sm = "";	ma[8]=255; ma[7]=127; ma[6]=63; ma[5]=31; ma[4]=15; ma[3]=7; ma[2]=3; ma[1]=1; ma[0]=0; for (i=1;i<=4;i++){if (mask >=8) {sm = sm "255.";mask=mask-8;} else {sm = sm ma[mask] ".";mask=0;}} mask=sm; } split(myIP,mpar,".");	split(ip,ipar,"."); split(mask,maskar,"."); if ((and(mpar[1],maskar[1]) == and(ipar[1],maskar[1])) && (and(mpar[2],maskar[2]) == and(ipar[2],maskar[2])) && (and(mpar[3],maskar[3]) == and(ipar[3],maskar[3])) && (and(mpar[4],maskar[4]) == and(ipar[4],maskar[4]))) { login=1} else {login=0} } else { login = 1;}
	#END CHECK
	if(login != 1){print "<BR><BR><BR><H1>ACCESS DENIED FROM IP : " myIP "</H1>\n</BODY>\n</HTML>"; exitSwitch=1; exit 0;};
	myURL = ENVIRON["SCRIPT_NAME"];
	admIP = RCOD;
	settingsPrinted = 0;
	myIP  = ENVIRON["REMOTE_ADDR"];
	n = split(QSTR, PA, "&"); for (i=1;i<=n;i++) {split(PA[i], PM, "=");Param[PM[1]] = PM[2]}
	CurrentJumpMark = Param["J"];
	if (Param["MODE"]=="EDT"){ editRule=1; } else {editRule = 0}
	JumpMark = (CurrentJumpMark + 1) % 9;
	if (admIP == "") { ifcIP = myIP; ipStr = "SET ";} else { ifcIP = admIP;  ipStr = "CHANGE ";}
	check["log_deamon"] = system("ps | grep -v grep | grep iptlogger 1> /dev/null");
	check["changed"] = myConf["CHANGED"];
	check["AIRBAG"] = myConf["AIRBAG"];
	if (myConf["LOGTARGET"] == "syslog") { nolog=1; } else { nolog=0; } 
	print "<TABLE cellspacing=\"0\">";
	i = 0;
	formPrinted = 0;
	inSubTable = 0;
	nTables = 0;
	nCChains = 0;
	delete Chains;
	delete CChains;
	myFile = "ipt.tmp"

	# INERFACES DROP-DOWN
	n = split(IFCS, Params,"+");
	ifSel = ""; selected = " selected";
	for (j=1;j<=n;j++){ if (index(Params[j],":") == 0 ){ifSel = ifSel "<OPTION VALUE=\"" Params[j] "\"" selected ">" Params[j] "</OPTION>";	selected = "" }}

	# PROTOCOLS DROP-DOWN
	myProt = "<OPTION VALUE=\"\"></OPTION><OPTION VALUE=tcp>tcp</OPTION><OPTION VALUE=udp>udp</OPTION><OPTION VALUE=icmp>icmp</OPTION><OPTION VALUE=ah>ah</OPTION><OPTION VALUE=esp>esp</OPTION><OPTION VALUE=gre>gre</OPTION><OPTION VALUE=sctp>sctp</OPTION>\
<OPTION VALUE=ipv6>ipv6</OPTION><OPTION VALUE=ipv6-route>ipv6-route</OPTION><OPTION VALUE=ipv6-frag>ipv6-frag</OPTION><OPTION VALUE=ipv6-icmp>ipv6-icmp</OPTION><OPTION VALUE=ipv6-nonxt>ipv6-nonxt</OPTION><OPTION VALUE=ipv6-opts>ipv6-opts</OPTION>\
<OPTION VALUE=vrrp>vrrp</OPTION><OPTION VALUE=pgm>pgm</OPTION><OPTION VALUE=igmp>igmp</OPTION><OPTION VALUE=l2tp>l2tp</OPTION><OPTION VALUE=sctp>sctp</OPTION><OPTION VALUE=!tcp>!tcp</OPTION><OPTION VALUE=!udp>!udp</OPTION><OPTION VALUE=!icmp>!icmp</OPTION><OPTION VALUE=!ah>!ah</OPTION><OPTION VALUE=!esp>!esp</OPTION><OPTION VALUE=!gre>!gre</OPTION><OPTION VALUE=!sctp>!sctp</OPTION></SELECT>";

	
	# PRESET FORM ROW STRING LEFT AND RIGHT - ACTION DROP DOWN WILL BE CREATED AND INSERTED DURING RUN TIME
	myFL = "<TD><INPUT TYPE=TEXT NAME=S SIZE=18 MAXLENGTH=32></TD><TD><INPUT TYPE=TEXT NAME=D SIZE=18 MAXLENGTH=32></TD><TD><SELECT NAME=I>" ifSel "</SELECT></TD><TD><SELECT NAME=O>" ifSel "</SELECT></TD><TD><SELECT NAME=P>" myProt "</TD><TD><SELECT NAME=MODULE><OPTION VALUE=\"\">auto</OPTION><OPTION VALUE=state>state</OPTION><OPTION VALUE=ah>ah</OPTION><OPTION VALUE=esp>esp</OPTION><OPTION VALUE=comment>comment</OPTION></SELECT></TD><TD><INPUT TYPE=TEXT NAME=SPORT SIZE=3></TD><TD><INPUT TYPE=TEXT NAME=DPORT></TD><TD><SELECT NAME=ACTION>";
	myFR = "</SELECT></TD><TD><INPUT TYPE=TEXT NAME=EXTRA></TD><TD><INPUT TYPE=SUBMIT NAME=DOIT VALUE=Insert></TD></TR></FORM>";
	
}


function myTT (CChains,nCChains, chn) {
	mySel = "<OPTION VALUE=ACCEPT>ACCEPT</OPTION><OPTION VALUE=DROP>DROP</OPTION><OPTION VALUE=LOG>LOG</OPTION><OPTION VALUE=REJECT>REJECT</OPTION><OPTION VALUE=RETURN>RETURN</OPTION><OPTION VALUE=CONNMARK>CONNMARK</OPTION>";
	if (table == "nat" && (chn == "PREROUTING" || chn == "OUTPUT")){mySel = mySel "<OPTION VALUE=DNAT>DNAT</OPTION><OPTION VALUE=REDIRECT>REDIRECT</OPTION>";}
	if (table == "nat" && chn == "POSTROUTING"){mySel = mySel "<OPTION VALUE=SNAT>SNAT</OPTION><OPTION VALUE=MASQUERADE>MASQUERADE</OPTION>";}
	if (table == "mangle"){mySel = mySel "<OPTION VALUE=MARK>MARK</OPTION>";}
	if (table == "raw"){mySel = mySel "<OPTION VALUE=NOTRACK>NOTRACK</OPTION>";}
	for (z = 1; z<=nCChains; z++) {	if (CChains[z] != chn) { mySel = mySel "<OPTION VALUE=" CChains[z] ">" CChains[z] "</OPTION>";}	}
	return mySel;
}
function myDD (lines) {
	mySel = "<TR><TD><SELECT NAME=ROW>";
	for (z = 1; z<=lines-1; z++) {
		mySel = mySel "<OPTION VALUE=" z ">" z "</OPTION>";
	}
	mySel = mySel "<OPTION VALUE=A SELECTED>" lines "</OPTION>";
	myStr = mySel "</SELECT></TD>";
	return mySel;
}

function AdminIFC () {
	usb=""; flash=""; admsafe=""; admunsafe=""; logsyslog=""; loginternal="";
	if (myConf["BOOT"] =="usb") {usb=" checked";} else if (myConf["BOOT"] =="flash") {flash=" checked";}
	if (check["AIRBAG"] == "1") {admsafe=" checked";} else {admunsafe=" checked";}
	if (myConf["LOGTARGET"] == "syslog") {logsyslog=" checked";} else {loginternal=" checked";}
	if (myConf["DSLDOFF"] == "1") {dsldoff=" checked";}
	if (myConf["ADMINIP"] > "") {adminr="adming";} else {adminr="adminr";}
	myStr = "<TABLE cellspacing=\"0\" WIDTH=100%><TR><TH COLSPAN=3>INTERFACE SETTINGS </TH></TR>";
	myStr = myStr "<FORM METHOD=POST ACTION=" myURL "><TR><TH class=right>" ipStr "ADMIN IP : </TH><TD COLSPAN=2><INPUT CLASS=" adminr " TYPE=TEXT NAME=ADMIP VALUE=\"" ifcIP "\"></TD><TD><INPUT TYPE=SUBMIT NAME=SETIP VALUE=set></TD></TR></FORM>";
	myStr = myStr "<FORM METHOD=POST ACTION=" myURL ">";
	myStr = myStr "<TR><TH class=right>SET BACKUP DIRECTORY : </TH><TD COLSPAN=2><INPUT CLASS=admin TYPE=TEXT NAME=BACDIR VALUE=\"" myConf["BACK"] "\"></TD></TR>";
if (nolog == 0) {
	myStr = myStr "<TR><TH class=right>SET LOG DIRECTORY : </TH><TD COLSPAN=2><INPUT CLASS=admin TYPE=TEXT NAME=LOGDIR VALUE=\"" myConf["LOGD"] "\"></TD></TR>";
} else { 
	myStr = myStr "<INPUT TYPE=HIDDEN NAME=LOGDIR VALUE=\"" myConf["LOGD"] "\">";
}
if (myConf["BOOT"]=="usb") {
	myStr = myStr "<TR><TH class=right>SET BOOT DIRECTORY : </TH><TD COLSPAN=2><INPUT CLASS=admin TYPE=TEXT NAME=BOOTDIR VALUE=\"" myConf["BOOTDIR"] "\"></TD></TR>";
} else {
	myStr = myStr "<INPUT TYPE=HIDDEN NAME=BOOTDIR VALUE=\"" myConf["BOOTDIR"] "\">";
}
	if (ip6enabled == 1){ myRowspan = 7;} else { myRowspan = 8;}
	myStr = myStr "<TR><TH class=right>BOOT FROM : </TH><TD class=left><INPUT TYPE=RADIO NAME=BOOT VALUE=flash" flash ">Fritz flash</TD><TD class=left><INPUT TYPE=RADIO NAME=BOOT VALUE=usb" usb ">USB stick</TD></TR>";
	if (BoxType == 72) {
		myStr = myStr "<TR><TH class=right>LOG TO : </TH><TD class=left><INPUT TYPE=RADIO NAME=LOGTO VALUE=internal " loginternal "> nhipt-deamon</TD><TD class=left><INPUT TYPE=RADIO NAME=LOGTO VALUE=syslog " logsyslog "> syslog-deamon </TD></TR>";
	} else { 
		myStr = myStr "<INPUT TYPE=HIDDEN NAME=LOGTO VALUE=syslog>"
	}
	if (BoxType == 73) {
		myModules["ip_conntrack"] = 1;
		myModules["ip_nat"] = 1;
		myModules["iptable_mangle"] = 1;
	}
	myStr = myStr "<TR><TH class=right>ADMIN LEVEL : </TH><TD class=left><INPUT TYPE=RADIO NAME=AIRBAG VALUE=0 " admunsafe "> advanced</TD><TD class=left><INPUT TYPE=RADIO NAME=AIRBAG VALUE=1 " admsafe "> safe</TD></TR>";
	myStr = myStr "<TR><TH class=right>BOOT DELAY : </TH><TD class=left><SELECT NAME=DELAY>" cbOption(myConf["DELAY"],0,"OFF") cbOption(myConf["DELAY"],30,"30 sec") cbOption(myConf["DELAY"],60,"1 min") cbOption(myConf["DELAY"],180,"3 min") cbOption(myConf["DELAY"],300,"5 min") cbOption(myConf["DELAY"],600,"10 min")"</TD><TD class=left><INPUT TYPE=CHECKBOX NAME=DSLDOFF VALUE=1 " dsldoff "> stop dsld on delay</TD></TR>";
	myStr = myStr "<TR><TH class=right ROWSPAN=" myRowspan ">EXTRAS : </TH><TH class=left>" cbModule("ip_conntrack", "CONNTRACK") "</TH><TH class=left>" cbModule("ip_nat", "NAT") "</TH></TR>";
	if (BoxType != 73) {
		myStr = myStr "<TR><TD class=left>" cbModule("ip_conntrack_ftp", "ftp")   "</TD><TD class=left>" cbModule("ip_nat_ftp","ftp") "</TD></TR>";
	}
	myStr = myStr "<TR><TD class=left>" cbModule("ip_conntrack_h323", "h323") "</TD><TD class=left>" cbModule("ip_nat_h323","h323") "</TD></TR>";
	myStr = myStr "<TR><TD class=left>" cbModule("ip_conntrack_irc", "irc")   "</TD><TD class=left>" cbModule("ip_nat_irc", "irc") "</TD></TR>";
	myStr = myStr "<TR><TD class=left>" cbModule("ip_conntrack_pptp", "pptp") "</TD><TD class=left>" cbModule("ip_nat_pptp", "pptp") "</TD></TR>";
	myStr = myStr "<TR><TD class=left>" cbModule("ip_conntrack_tftp", "tftp") "</TD><TD class=left>" cbModule("ip_nat_tftp", "tftp") "</TD></TR>";
	if (ip6enabled == 0){ 
		myStr = myStr "<TR><TH class=left>" cbModule("iptable_mangle", "mangle")  "</TH><TH class=left>" cbModule("iptable_raw", "raw")  "</TH></TR>";
		myStr = myStr "<TR><TH class=left>" cbModule("ip6table_mangle", "mangle [ipv6]")  "</TH><TH class=left>" cbModule("ip6table_raw", "raw [ipv6]")  "</TH><TD><INPUT TYPE=SUBMIT NAME=SESAV VALUE=set></TD></TR>";}
	else {
		myStr = myStr "<TR><TH class=left>" cbModule("iptable_mangle", "mangle")  "</TH><TH class=left>" cbModule("iptable_raw", "raw")  "</TH><TD><INPUT TYPE=SUBMIT NAME=SESAV VALUE=set></TD></TR>";}
	myStr = myStr "</FORM></TABLE>";
	return myStr;
}
function cbOption(comp, value, caption){if (comp==value){checked=" SELECTED";} else {checked="";} return "<OPTION VALUE=\"" value "\" " checked ">" caption "</OPTION>";}
function cbModule(name,caption){ return ("<INPUT TYPE=CHECKBOX NAME=\"" name "\"  VALUE=\"" name "\"  " checkModule(name)  "> " caption);}
function checkModule (name){	if (myModules[name] == 1) {return " checked";} else {return "";}}

function AdminButtons(){
	if (check["changed"] == 0)   {prStyle = "ok";} else {prStyle = "error";}
	if (check["log_deamon"] == 0){lgStyle = "ok"; lgAction="<INPUT TYPE=SUBMIT NAME=STOPLOG VALUE=\"stop logging\">"; } else {lgStyle = "error"; lgAction="<INPUT TYPE=SUBMIT NAME=STRTLOG VALUE=\"start logging\">";}
	myStr = "<TABLE cellspacing=\"0\" WIDTH=100%><TR><TH COLSPAN=3>ACTIONS</TH></TR>";
	myStr = myStr "<FORM METHOD=POST ACTION=" myURL "?J=" JumpMark "#END" JumpMark"><TR><TD COLSPAN=3 CLASS=" prStyle "><INPUT TYPE=SUBMIT NAME=PERSIST VALUE=\"persist rules\"></TD></TR>";
	if (nolog == 0){
		myStr = myStr "<TR CLASS=solid><TD COLSPAN=3 CLASS=" lgStyle ">" lgAction "</TD></TR>\
		<TR CLASS=solid><TD COLSPAN=3><INPUT TYPE=SUBMIT NAME=GETSTAT VALUE=\"check status\"></TD></TR>\
		<TR CLASS=solid></TR>\
		<TR CLASS=solid></TR>\
		<TR CLASS=solid><TD><INPUT TYPE=SUBMIT NAME=GETFWLOG VALUE=\"list fw log\"></TD><TD><INPUT TYPE=SUBMIT NAME=SAVFWLOG VALUE=\"arch fw log\"></TD><TD><INPUT TYPE=SUBMIT NAME=CUTFWLOG VALUE=\"trunc fw log\"></TD></TR>\
		<TR CLASS=solid><TD><INPUT TYPE=SUBMIT NAME=GETSYSLOG VALUE=\"list syslog\"></TD><TD><INPUT TYPE=SUBMIT NAME=SAVSYSLOG VALUE=\"arch syslog\"></TD><TD><INPUT TYPE=SUBMIT NAME=CUTSYSLOG VALUE=\"trunc syslog\"></TD></TR>\
		</FORM>";
	} else {
		myStr = myStr "<TR CLASS=solid><TD COLSPAN=3><INPUT TYPE=SUBMIT NAME=GETSTAT VALUE=\"check status\"></TD></TR>\
		<TR CLASS=solid><TD><INPUT TYPE=SUBMIT NAME=GETFWLOG VALUE=\"list fw log\"></TD></TR>\
		<TR CLASS=solid><TD><INPUT TYPE=SUBMIT NAME=GETSYSLOG VALUE=\"list syslog\"></TD></TR>\
		</FORM>";
	}
	myStr = myStr "</TABLE>";
	return myStr;
}
function myTBHL (chain) {
	formPrinted = 1;
	print "<FORM METHOD=POST ACTION=" myURL "?J=" JumpMark "#" table ipv6 chain JumpMark ">"
	print "<TR class=solid><TD COLSPAN=\"11\" class=noborder><A NAME=" table ipv6 chain CurrentJumpMark "><INPUT TYPE=HIDDEN NAME=CHAIN VALUE=" chain "><INPUT TYPE=HIDDEN NAME=TABLE VALUE=" table "><INPUT TYPE=HIDDEN NAME=IPV6 VALUE=" ipv6 ">&nbsp;</TD></TR><TR><TH COLSPAN=\"11\">RULES FOR CHAIN " chain " [ " table " ] [ " ipv6txt " ]</TH></TR>";			
	print "<TR><TH>ID</TH><TH>Source IP</TH><TH>Dest IP</TH><TH>In IFC</TH><TH>Out IFC</TH><TH>Prot</TH><TH>Module</TH><TH>S-Port</TH><TH>D-Port</TH><TH>Action</TH><TH>Param</TH><TH>Edit</TH></TR>";			
}

{
	if (FILENAME != myFile){
		if (formPrinted == 1){
			CurrentChain = myArray["Chain"];
			for (y=1;y<=nTables;y++) { if (Chains[y,1]==CurrentChain) {Chains[y,2] = 1;}}
			if (inSubTable ==1) {inSubTable=0; print "</TABLE><P></TD><TD></TD></TR>"}
			print myDD(i) myFL myTT(CChains,nCChains,CurrentChain) myFR;
		}
		if (inSubTable ==1) {
			if (MySection == "-P") { 
				print "<TR><TD COLSPAN=4 class=noborder>&nbsp;</TD></TR><TR><TH COLSPAN=4>CUSTOM CHAINS</TH></TR>"; 
				inSubTable=1;
				print "<FORM METHOD=POST ACTION=" myURL "?J=" JumpMark "#P" table ipv6 JumpMark "><TR><TD COLSPAN=2><INPUT TYPE=HIDDEN NAME=TABLE VALUE=" table "><INPUT TYPE=HIDDEN NAME=IPV6 VALUE=" ipv6 "><INPUT TYPE=TEXT NAME=CHAIN></TD><TD COLSPAN=2><INPUT TYPE=SUBMIT NAME=MODE VALUE=New></TD></TR></FORM>";
			}
			inSubTable=0; print "</TABLE><P></TD><TD CLASS=noborder COLSPAN=9></TD></TR>"
		}
		for (y=1;y<=nTables;y++) { if (Chains[y,2]==0) { myTBHL(Chains[y,1]); print myDD(1) myFL myTT(CChains,nCChains,Chains[y,1]) myFR;}}

		if (index(FILENAME,"ip6") > 0){ipv6 = 1; ipv6txt = "IPv6"; table = FILENAME; gsub(/\/var\/tmp\/ip6t/,"",table); gsub(/.tmp/,"",table);} else { ipv6 = 0;  ipv6txt = "IPv4"; table = FILENAME; gsub(/\/var\/tmp\/ipt/,"",table); gsub(/.tmp/,"",table);}
		i = 0;
		formPrinted = 0;
		nTables = 0;
		nCChains = 0;
		delete Chains;
		delete CChains;
		myFile = FILENAME;
		MySection = ""

		if (inSubTable ==1) {inSubTable=0; 
				print "</TABLE><P></TD><TD CLASS=noborder COLSPAN=9></TD></TR>"
			}
		print "<TR class=solid><TD COLSPAN=\"3\" class=noborder><TABLE cellspacing=0>";
		print "<TR><TD COLSPAN=12 CLASS=noborder></TD><TR><TH COLSPAN=4>RULES FOR TABLE [ " table " ] [ " ipv6txt " ]</TD></TR>";
	}
	InIF=0;
	OutIF=0;
	SourceIP=0;
	DestIP=0;
	Mode=0;
	SourcePort=0;
	DestPort=0;
	delete myArray;
	myArray["Extra"]=" ";
	myArray["Action"]=$1;
	myArray["Chain"]=$2;
	if (myArray["Action"] == "-P") {
		myArray["Target"]=$3;
		if (MySection != $1) 
			{ inSubTable=1; print "<TR><TH COLSPAN=4><A NAME=P" table ipv6 CurrentJumpMark ">DEFAULT POLICIES</TH></TR><TR><TH>CHAIN</TH><TH>POLICY</TH><TH COLSPAN=2>EDIT</TH></TR>"; }
		nTables++;
		Chains[nTables,1] = $2;
		Chains[nTables,2] = 0;
		if (myArray["Target"] == "ACCEPT") {NewPol = "DROP";} else {NewPol = "ACCEPT";}
		print "<TR><TD>" myArray["Chain"] "</TD><TD class=" myArray["Target"] ">" myArray["Target"] "</TD><TD><A HREF=" myURL "?MODE=POL&IPV6=" ipv6 "&TABLE=" table "&CHAIN=" myArray["Chain"] "&POL=" NewPol "&J=" JumpMark "#P" table ipv6 JumpMark ">[change]</A></TD><TD><A HREF=" myURL "?MODE=POL&IPV6=" ipv6 "&TABLE=" table "&CHAIN=" myArray["Chain"] "&POL=PURGE&J=" JumpMark "#P" table ipv6 JumpMark ">[purge]</A></TD></TR>";
	} else if (myArray["Action"] == "-N") {
		if (MySection != $1) {inSubTable=1; print "<TR><TD COLSPAN=4 class=noborder>&nbsp;</TD></TR><TR><TH COLSPAN=4>CUSTOM CHAINS</TH></TR>"; }
		nTables++;  Chains[nTables,1] = $2; Chains[nTables,2] = 0;
		nCChains++; CChains[nCChains] = $2;
		inSubTable=1;
		print "<TR><TD COLSPAN=\"2\">" myArray["Chain"] "</TD><TD><A HREF=" myURL "?MODE=POL&IPV6=" ipv6 "&TABLE=" table "&CHAIN=" myArray["Chain"] "&POL=DEL&J=" JumpMark "#P" table ipv6 JumpMark ">[Del]</A></TD><TD><A HREF=" myURL "?MODE=POL&IPV6=" ipv6 "&TABLE=" table "&CHAIN=" myArray["Chain"] "&POL=PURGE&J=" JumpMark "#P" table ipv6 JumpMark ">[purge]</A></TD></TR>";
	} else {
		if (MySection != $1){ 
			if (MySection != "-N") { print "<TR><TD COLSPAN=4 class=noborder>&nbsp;</TD></TR><TR><TH COLSPAN=4>CUSTOM CHAINS</TH></TR>"; }
			inSubTable=1;
			print "<FORM METHOD=POST ACTION=" myURL "?J=" JumpMark "#P" table ipv6 JumpMark "><TR><TD COLSPAN=2><INPUT TYPE=HIDDEN NAME=TABLE VALUE=" table "><INPUT TYPE=HIDDEN NAME=IPV6 VALUE=" ipv6 "><INPUT TYPE=TEXT NAME=CHAIN></TD><TD COLSPAN=2><INPUT TYPE=SUBMIT NAME=MODE VALUE=New></TD></TR></FORM>";
			if (settingsPrinted == 0) {settingsPrinted=1;
				print "</TABLE><P></TD><TD COLSPAN=6 class=noborder>" AdminIFC() "</TD><TD class=noborder></TD><TD COLSPAN=2 class=noborder>" AdminButtons() "</TD></TR>"; 
				inSubTable=0;
				print "<FORM METHOD=POST ACTION=" myURL ">";
				print "<TR><TH COLSPAN=\"2\">Experts only: /var/mod/root # </TH><TD COLSPAN=\"9\"><INPUT TYPE=TEXT NAME=EXPERT class=expert></TD><TD><INPUT TYPE=SUBMIT NAME=EXEC VALUE=execute></TD></TR></FORM>";			
				} else {inSubTable=0; print "</TABLE><P></TD><TD CLASS=noborder COLSPAN=9></TD></TR>"}
			}
		if (CurrentChain != myArray["Chain"]) { 
			if (i > 0){
				print myDD(i) myFL myTT(CChains,nCChains,CurrentChain) myFR;
				for (y=1;y<=nTables;y++) { if (Chains[y,1]==CurrentChain) {Chains[y,2] = 1;}}
			}
			myTBHL(myArray["Chain"]);
			i = 1;
			CurrentChain = myArray["Chain"];
		}
		x="";
		for ( j = 3; j <= NF; j++ ) {
			if ($j == "-s")					{j++; if ($j == "!") {j++; myArray["SourceIP"] = "!" $j;} else {myArray["SourceIP"] = $j;}} 
			else if ($j == "-d")			{j++; if ($j == "!") {j++; myArray["DestIP"]   = "!" $j;} else {myArray["DestIP"]   = $j;}}
			else if ($j == "-i")			{j++; if ($j == "!") {j++; myArray["InIF"]     = "!" $j;} else {myArray["InIF"]     = $j;}}
			else if ($j == "-o")			{j++; if ($j == "!") {j++; myArray["OutIF"]    = "!" $j;} else {myArray["OutIF"]    = $j;}}
			else if ($j == "-p")			{j++; if ($j == "!") {j++; myArray["Prot"]     = "!" $j;} else {myArray["Prot"]     = $j;}}
			else if ($j == "-m")			{j++; myArray["Module"] = myArray["Module"] $j " ";} 
			else if ($j == "!")             {x="!";}
			else if ($j == "--src-range")	{j++; myArray["SourceIP"] = x $j; x="";} 
			else if ($j == "--dst-range")	{j++; myArray["DestIP"] = x $j;   x="";} 
			else if ($j == "--sport")		{j++; if ($j == "!") {j++; myArray["Sport"]     = "!" $j;} else {myArray["Sport"]    = $j;}} 
			else if ($j == "--dport")		{j++; if ($j == "!") {j++; myArray["Dport"]     = "!" $j;} else {myArray["Dport"]    = $j;}}
			else if ($j == "--sports")		{j++; if ($j == "!") {j++; myArray["Sport"]     = "!" $j;} else {myArray["Sport"]    = $j;}}
			else if ($j == "--dports")		{j++; if ($j == "!") {j++; myArray["Dport"]     = "!" $j;} else {myArray["Dport"]    = $j;}}
			else if ($j == "--ports")		{j++; if ($j == "!") {j++; myArray["Dport"]     = "!" $j;} else {myArray["Dport"]    = $j;} myArray["Sport"] = myArray["Dport"]} 
			else if ($j == "--state")		{j++; myArray["State"] = $j " ";} 
			else if ($j == "-j")			{j++; myArray["Target"] = $j;}		
			else if ($j == "--log-prefix")	{j++; myArray["Log"] = $j;     ixx = length($j); if (index($j, "\"") > 0 && substr($j,ixx,1) != "\"") {do {j++; myArray["Log"] = myArray["Log"] " " $j " "; if (index($j, "\"") > 0) break;} while (j <= NF)}}
			else if ($j == "--comment")		{j++; myArray["Comment"] = $j; ixx = length($j); if (index($j, "\"") > 0 && substr($j,ixx,1) != "\"") {do {j++; myArray["Comment"] = myArray["Comment"] " " $j " "; if (index($j, "\"") > 0) break;} while (j <= NF)}}
			else if ($j == "--reject-with")	{j++; myArray["Rej"] = $j " ";}
			else					  		{myArray["Extra"] = myArray["Extra"] $j " "; j++; myArray["Extra"] = myArray["Extra"] $j " ";}
		}
		if (editRule==1 && Param["TABLE"] == table && Param["CHAIN"] == myArray["Chain"] && Param["IDX"] == i && Param["IPV6"] == ipv6){
			myRule=$0; gsub(/\"/,"\47", myRule); gsub("-A " myArray["Chain"],"-t " table " -R " myArray["Chain"] " " i " ", myRule);
			if (ipv6 == 1) {myCmd = "ip6tables ";} else {myCmd = "iptables ";}
			print "<TR><TD>" i "</TD><TD><B>/var/mod/root #</B></TD><TD COLSPAN=9><INPUT TYPE=TEXT NAME=EXPERT class=expert VALUE=\"" myCmd myRule "\"></TD><TD><INPUT TYPE=SUBMIT NAME=EXEC VALUE=execute></TD></TR></FORM>";
		} else {
			print "<TR><TD>&nbsp;" i "</TD><TD>&nbsp;" \
			myArray["SourceIP"] "</TD><TD>&nbsp;" myArray["DestIP"] "</TD><TD>&nbsp;" myArray["InIF"] "</TD><TD>&nbsp;" \
			myArray["OutIF"] "</TD><TD>&nbsp;" myArray["Prot"] "</TD><TD>&nbsp;" myArray["Module"] "</TD><TD>&nbsp;" \
			myArray["Sport"] "</TD><TD>&nbsp;" myArray["Dport"] "</TD><TD>&nbsp;" myArray["Target"] "</TD><TD>&nbsp;" \
			myArray["Rej"] myArray["Log"] myArray["State"] myArray["Extra"] myArray["Comment"] "</TD><TD nowrap><A HREF=" myURL "?MODE=UP&IPV6=" ipv6 "&TABLE=" table "&CHAIN=" myArray["Chain"] "&IDX=" i "&J=" JumpMark "#" table ipv6 myArray["Chain"] JumpMark ">[UP]</A> <A HREF=" myURL "?MODE=DN&IPV6=" ipv6 "&TABLE=" table "&CHAIN=" myArray["Chain"] "&IDX=" i "&J=" JumpMark "#" table ipv6 myArray["Chain"] JumpMark ">[DN]</A> <A HREF=" myURL "?MODE=DEL&IPV6=" ipv6 "&TABLE=" table "&CHAIN=" myArray["Chain"] "&IDX=" i "&J=" JumpMark "#" table ipv6 myArray["Chain"] JumpMark ">[Del]</A> <A HREF=" myURL "?MODE=EDT&IPV6=" ipv6 "&TABLE=" table "&CHAIN=" myArray["Chain"] "&IDX=" i "&J=" JumpMark "#" table ipv6 myArray["Chain"] JumpMark ">[Edit]</A></TD></TR>"
		}
		i++;
	}
	MySection = $1;
    }

     END {
	if(exitSwitch==1){exit 0;}
	if (MySection == "-P") { 
		print "<TR><TD COLSPAN=4 class=noborder>&nbsp;</TD></TR><TR><TH COLSPAN=4>CUSTOM CHAINS</TH></TR>"; 
		inSubTable=1;
		print "<FORM METHOD=POST ACTION=" myURL "?J=" JumpMark "#P" table ipv6 JumpMark "><TR><TD COLSPAN=2><INPUT TYPE=HIDDEN NAME=TABLE VALUE=" table "><INPUT TYPE=HIDDEN NAME=IPV6 VALUE=" ipv6 "><INPUT TYPE=TEXT NAME=CHAIN></TD><TD COLSPAN=2><INPUT TYPE=SUBMIT NAME=MODE VALUE=New></TD></TR></FORM>";
		}
	if (inSubTable ==1) {
		 inSubTable=0; 
			if (settingsPrinted == 0) {settingsPrinted=1;
				print "</TABLE><P></TD><TD COLSPAN=6 class=noborder>" AdminIFC() "</TD><TD class=noborder></TD><TD COLSPAN=2 class=noborder>" AdminButtons() "</TD></TR>"; 
				inSubTable=0;
				print "<FORM METHOD=POST ACTION=" myURL ">";
				print "<TR><TH COLSPAN=\"2\">Experts only: /var/mod/root # </TH><TD COLSPAN=\"9\"><INPUT TYPE=TEXT NAME=EXPERT class=expert></TD><TD><INPUT TYPE=SUBMIT NAME=EXEC VALUE=execute></TD></TR></FORM>";			
				} else {inSubTable=0; print "</TABLE><P></TD><TD CLASS=noborder COLSPAN=9></TD></TR>"}
		 }
	if (formPrinted == 1){
		CurrentChain = myArray["Chain"];
		for (y=1;y<=nTables;y++) { if (Chains[y,1]==CurrentChain) {Chains[y,2] = 1;}}
		print myDD(i) myFL myTT(CChains,nCChains,CurrentChain) myFR;
	}
	for (y=1;y<=nTables;y++) { if (Chains[y,2]==0) { myTBHL(Chains[y,1]); print myDD(1) myFL myTT(CChains,nCChains,Chains[y,1]) myFR;}}
	print "<TR class=solid><TD COLSPAN=\"12\" class=noborder><A NAME=END" CurrentJumpMark ">&nbsp;</TD></TR>";
	while ((ret = getline test < "/var/tmp/nhipt.log") > 0) {
		print "<TR><TD COLSPAN=\"12\" class=log>" test "</TD></TR>";
	}
	if (ret==0){close("/var/tmp/nhipt.log"); system("rm /var/tmp/nhipt.log");}
	print "</TABLE>";
	print "</BODY>";
	print "</HTML>";
	}' /var/tmp/iptfilter.tmp /var/tmp/iptnat.tmp /var/tmp/iptmangle.tmp /var/tmp/iptraw.tmp /var/tmp/ip6tfilter.tmp /var/tmp/ip6tmangle.tmp /var/tmp/ip6traw.tmp)"
rm /var/tmp/ip*.tmp
myfile=$(echo "$PWD" | sed s/cgi-bin/index.html/)
if [ ! -r $myfile ]
then
cat << EOF > $myfile
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
   "http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
<title>NHIPT-IPTABLES FIREWALL ADMIN</title>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">#!/bin/sh

	post_string=""
	if [ "$REQUEST_METHOD" = "POST" ]; then
		read post_string
	fi
	for INPUT_INTERFACE in $(ifconfig | grep ^[a-z] | cut -f1 -d ' '); do
		x=$x+"$INPUT_INTERFACE"
	done
	lanip="$(ifconfig | grep -v lan:0 | grep -A 2 lan | awk -F'[ :]+' '/inet addr/{print $4}')"
###POSTBACK INTERFACE
	if [ $QUERY_STRING != "" ] || [ $post_string != "" ] || [ "$NHIPT_CONFIG" = "box" ]
	then

# Ermitteln der Log Datei vom syslogd:

		logfile="$(ps | grep -v "grep" | grep -e "syslogd" | awk '{i=1; while (i<=20){ if ($i == "-O"){ print $(i+1)}; i++;}}')"



# awk Error Lines + 20 = Real Line
	    (awk -v SYSLOGDFILE=$logfile -v IFCS=$x -v PSTR=$post_string -v QSTR=$QUERY_STRING -v LANIP=$lanip 'BEGIN { 
		myIP = ENVIRON["REMOTE_ADDR"];
		changed = 0; 		# FW CONFIGURATION CHANGED
		dirchanged = 0; 	# DIRECTORIES CHANGED
		cfgchanged = 0; 	# CONFIGURATION SETTINGS CHANGED
		flashmodified =0; 	# WRITE TO FLASH NECESSARY
		noloadmodules =0;	# PREVENT MODULE CHANGES ON EXTERNAL CONFIG
		logtarget=0;
		loadSettings();
		if (ENVIRON["NHIPT_CONFIG"] == "box") {dirchanged=1; cfgchanged=1; login=1}
		RCOD=myConf["ADMINIP"];
		Boot=myConf["BOOT"]; Bootstrap=myConf["BOOTSTRAP"]; 
		if (Boot=="flash"){BootTarget="/tmp/flash/";}
		if (Boot=="usb"){if (myConf["BOOTDIR"] == ""){BootTarget=myConf["ROOT"] "/";} else {BootTarget=myConf["BOOTDIR"] "/";}}
		BootTargetOld = BootTarget;
		gsub(/ /,"",RCOD);
		if (RCOD > ""){
			i = split(RCOD,ipadr,"/");
			if (i > 1) {ip = ipadr[1]; mask=ipadr[2];} else {ip = ipadr[1]; mask="255.255.255.255";}
			if (index(mask,".") == 0) {
				sm = "";
				ma[8]=255; ma[7]=127; ma[6]=63; ma[5]=31; 
				ma[4]=15; ma[3]=7; ma[2]=3; ma[1]=1; ma[0]=0;
				for (i=1;i<=4;i++){if (mask >=8) {sm = sm "255.";mask=mask-8;} else {sm = sm ma[mask] ".";mask=0;}}
				mask=sm;
			}
			split(myIP,mpar,".");	split(ip,ipar,"."); split(mask,maskar,".");
			if ((and(mpar[1],maskar[1]) == and(ipar[1],maskar[1])) && (and(mpar[2],maskar[2]) == and(ipar[2],maskar[2])) && (and(mpar[3],maskar[3]) == and(ipar[3],maskar[3])) && (and(mpar[4],maskar[4]) == and(ipar[4],maskar[4]))) { login=1} else {login=0}
		} else { login = 1;}
		if (login==1) {
			if(myConf["LOGTARGET"] == "syslog"){ logtarget = 1; } else { logtarget = 0; }
			if (ENVIRON["REQUEST_METHOD"] == "POST" || ENVIRON["NHIPT_CONFIG"] == "box") {
				n = split(urldecode(PSTR), PA, "&"); for (i=1;i<=n;i++) {split(PA[i], PM, "=");Param[PM[1]] = PM[2]}
				if (ENVIRON["NHIPT_CONFIG"] == "box") {
					delete Param; 
					Param["AIRBAG"] = myConf["AIRBAG"]
					Param["BACDIR"] = ENVIRON["NHIPT_BACK"]
					Param["LOGDIR"] = ENVIRON["NHIPT_LOGD"]
					Param["PORT"] = ENVIRON["NHIPT_PORT"]
					Param["ROOT"] = ENVIRON["NHIPT_ROOT"]
					Param["SERVERIP"] = ENVIRON["NHIPT_SERVERIP"]
					Param["ADMIP"] = ENVIRON["NHIPT_ADMINIP"]
					Param["LOGTO"] = ENVIRON["NHIPT_LOGTARGET"]
					Param["BOOT"] = ENVIRON["NHIPT_BOOT"]
					Param["DELAY"] = ENVIRON["NHIPT_DELAY"]
					Param["DSLDOFF"] = ENVIRON["NHIPT_DSLDOFF"]
					Param["BOOTDIR"] = ENVIRON["NHIPT_BOOTDIR"]
					Param["BOOTSTRAP"] = ENVIRON["NHIPT_BOOTSTRAP"]
					Param["SESAV"] = "save"
					Param["SETIP"] = "set"
					myConf["PORT"] = Param["PORT"]	
					if (ENVIRON["NHIPT_START_LOG"] == "start") {Param["STRTLOG"] = "start";}
					noloadmodules=1;
				}
				if (Param["IPV6"] == 1){myCmdPrefix = "ip6";} else {myCmdPrefix = "ip";}
				table	   = Param["TABLE"];
				targetSet  = 0;
				if (Param["CUTSYSLOG"] > ""){ret = system("> " myConf["LOGD"] "/system.log"); myCmd = "syslog truncated";}
				if (Param["CUTFWLOG"] > "") {ret = system("> " myConf["LOGD"] "/fw.log"); myCmd = "firewall log truncated";}
				if (Param["SAVSYSLOG"] > ""){ret = system("mv " myConf["LOGD"] "/system.log " myConf["LOGD"] "/\"$(date +\"%Y-%m-%d-%H-%M-%S\")\"-system.log"); myCmd = "syslog saved";}
				if (Param["SAVFWLOG"] > "") {ret = system("mv " myConf["LOGD"] "/fw.log " myConf["LOGD"] "/\"$(date +\"%Y-%m-%d-%H-%M-%S\")\"-fw.log" ); myCmd = "firewall log saved";}
				if (Param["PERSIST"] > "")	{ret = persist("all"); myCmd = "Rules & services written to " BootTarget "nhipt.cfg\nold nhipt.cfg saved in " myConf["BACK"];}
				if (Param["STRTLOG"] > "")	{ret = startLogging(); myCmd = "Logging started...";}
				if (Param["STOPLOG"] > "")	{ret = stopLogging(); myCmd = "Logging stopped";}
				if (Param["GETSTAT"] > "")	{checkConfig(); hs["0"] = "...PASSED"; hs["1"] = "...FAILED!"; hs["2"] = "...NOT SAVED!"; for (x in check){ print "STATUS_" x "=" hs[check[x]]; ret += check[x];} myCmd = "Installation Status";}
				if (logtarget == 1) {
					# Use System Log
					if (SYSLOGDFILE > "") {
						if (Param["GETFWLOG"] > "")	{myCmd = "grep 'SRC=' " SYSLOGDFILE ".2 " SYSLOGDFILE ".1 " SYSLOGDFILE ".0 " SYSLOGDFILE " | tail -n 50"; ret = system(myCmd);}
						if (Param["GETSYSLOG"] > ""){myCmd = "grep -v -E \"DECT|DCT|dect|SRC=\" " SYSLOGDFILE ".2 " SYSLOGDFILE ".1 " SYSLOGDFILE ".0 " SYSLOGDFILE " | tail -n 50"; ret = system(myCmd);}
					}
				} else {
					if (Param["GETFWLOG"] > "")	{myCmd = "tail -n 50 " myConf["LOGD"] "/system.log | grep 'SRC='"; ret = system(myCmd);}
					if (Param["GETFWLOG"] > "")	{myCmd = "tail -n 50 " myConf["LOGD"] "/fw.log"; ret = system(myCmd);}
				}
#				if (Param["GETFWLOG"] > "")	{myCmd = "tail -n 50 " myConf["LOGD"] "/fw.log"; ret = system(myCmd);}
#				if (Param["GETSYSLOG"] > "")	{myCmd = "tail -n 50 " myConf["LOGD"] "/system.log"; ret = system(myCmd);}
				if (Param["SESAV"] > "")	{
					if (Param["DSLDOFF"] == "") {Param["DSLDOFF"] = 0;}
					if (myConf["BOOT"] != Param["BOOT"] ||  myConf["BACK"] != Param["BACDIR"] || Param["ROOT"] > "" || Param["BOOTSTRAP"] > "" || myConf["LOGD"] != Param["LOGDIR"] || myConf["BOOTDIR"] != Param["BOOTDIR"]){dirchanged=1; myCmd = "Saving Settings to " BootTarget "nhipt.par...";	myConf["BOOT"] = Param["BOOT"];  myConf["BACK"] = Param["BACDIR"]; myConf["LOGD"] = Param["LOGDIR"]; if (myConf["BOOTDIR"] != Param["BOOTDIR"]) {myConf["BOOTDIR"] = Param["BOOTDIR"]; Boot="newdir";} if (myConf["ROOT"] != Param["ROOT"] && Param["ROOT"] > "") {myConf["ROOT"] = Param["ROOT"];} if (myConf["BOOTSTRAP"] != Param["BOOTSTRAP"] && Param["BOOTSTRAP"] > "") {myConf["BOOTSTRAP"] = Param["BOOTSTRAP"];}}
					if (myConf["AIRBAG"] != Param["AIRBAG"]) { cfgchanged=1; if (Param["AIRBAG"] == "1") { ret = startAirbag(); myCmd = "Fasten your Seatbelts..."; } else {ret = stopAirbag(); myCmd = "You are now a big boy...";}}
					if (myConf["DELAY"] != Param["DELAY"] || myConf["DSLDOFF"] != Param["DSLDOFF"]){ cfgchanged=1; myCmd = "Changing Delay Settings for " BootTarget "nhipt.par..."; myConf["DELAY"] = Param["DELAY"]; myConf["DSLDOFF"] = Param["DSLDOFF"];}
					if (myConf["LOGTARGET"] != Param["LOGTO"]) { cfgchanged=1; if(myConf["LOGTARGET"] == "syslog"){ logtarget = 1; } else { logtarget = 0; stopLogging();}; myConf["LOGTARGET"] = Param["LOGTO"]; }
					ret = loadModules();
					ret = persist("settings");}
				if (Param["SETIP"] == "set")    {cfgchanged=1; myCmd = ""; myConf["ADMINIP"] = Param["ADMIP"]; persist("settings");}
				if (Param["EXEC"] == "execute") {myCmd = Param["EXPERT"];  	ret = system(myCmd);  if (ret==0){changed=1;}; }
				if (Param["MODE"] == "New")     {myCmd = myCmdPrefix "tables -t " table " -N " Param["CHAIN"];	ret = system(myCmd);  if (ret==0){changed=1;}}
				if (Param["DOIT"] == "Insert")  {myCmd = "";
					iprange    = "-m iprange ";
					multiport  = "-m multiport ";
					state      = "-m state ";
					esp		   = "-m esp ";
					ah		   = "-m ah ";
					comment	   = "-m comment ";
					gsub(/ /,"",Param["S"]); gsub(/ /,"",Param["D"]);      gsub(/ /,"",Param["I"]);     gsub(/ /,"",Param["O"]); 
					gsub(/ /,"",Param["P"]); gsub(/ /,"",Param["MODULE"]); gsub(/ /,"",Param["SPORT"]); gsub(/ /,"",Param["DPORT"]);
					if (Param["ROW"] == "A") { myCmd = myCmdPrefix "tables -t " table " -A " Param["CHAIN"] " ";} else {myCmd = myCmdPrefix "tables -t " table " -I " Param["CHAIN"] " " Param["ROW"] " ";} 
					if (myConf["AIRBAG"] == 1 && Param["ROW"] == 1){myCmd = "### AIRBAG FIRED ###" myCmd;}
					if (index(Param["S"],"!") > 0) { x = "! "; gsub(/!/,"",Param["S"]);} else { x = ""; }
					if (Param["S"] > "" && index(Param["S"],"-") == 0) {myCmd = myCmd "-s " x Param["S"] " ";} 
					if (Param["S"] > "" && index(Param["S"],"-") > 0)  {myCmd = myCmd iprange x "--src-range " Param["S"] " "; iprange="";}
					if (index(Param["D"],"!") > 0) { x = "! "; gsub(/!/,"",Param["D"]);} else { x = ""; }
					if (Param["D"] > "" && index(Param["D"],"-") == 0) {myCmd = myCmd "-d " x Param["D"] " ";} 
					if (Param["D"] > "" && index(Param["D"],"-") > 0)  {myCmd = myCmd iprange x "--dst-range " Param["D"] " "; iprange="";}
					if (index(Param["I"],"!") > 0) { x = "! "; gsub(/!/,"",Param["I"]);} else { x = ""; }
					if (Param["I"] > "") {myCmd = myCmd "-i " x Param["I"] " ";} 
					if (index(Param["O"],"!") > 0) { x = "! "; gsub(/!/,"",Param["O"]);} else { x = ""; }
					if (Param["O"] > "") {myCmd = myCmd "-o " x Param["O"] " ";} 
					if (index(Param["P"],"!") > 0) { x = "! "; gsub(/!/,"",Param["P"]);} else { x = ""; }
					if (Param["P"] == "icmp" && Param["EXTRA"] > "") {myCmd = myCmd "-p " x Param["P"] " --icmp-type " Param["EXTRA"] " ";} else if (Param["P"] > "") {myCmd = myCmd "-p " x Param["P"] " ";} 

					if (Param["MODULE"] == "state") { myCmd = myCmd state "--state " Param["EXTRA"] " "; state="";} 
						else if (Param["MODULE"] == "comment") { system("modprobe ipt_comment"); myCmd = myCmd comment "--comment \47" Param["EXTRA"] "\47 "; comment="";} 
						else if (Param["MODULE"] == "ah") { system("modprobe xt_ah"); myCmd = myCmd ah "--ahspi " Param["EXTRA"] " "; ah="";} 
						else if (Param["MODULE"] == "esp") { system("modprobe xt_esp"); myCmd = myCmd esp "--espspi " Param["EXTRA"] " "; esp="";} 
					if (index(Param["SPORT"],"!") > 0) { x = "! "; gsub(/!/,"",Param["SPORT"]);} else { x = ""; }
					if (Param["SPORT"] > "" &&  index(Param["SPORT"],",") == 0  && index(Param["SPORT"],":") == 0)  {myCmd = myCmd "--sport " x Param["SPORT"] " ";} 
					if (Param["SPORT"] > "" && (index(Param["SPORT"],",") > 0   || index(Param["SPORT"],":") >  0)) {myCmd = myCmd multiport x "--sports " Param["SPORT"] " "; multiport="";}
					if (index(Param["DPORT"],"!") > 0) { x = "! "; gsub(/!/,"",Param["DPORT"]);} else { x = ""; }
					if (Param["DPORT"] > "" &&  index(Param["DPORT"],",") == 0  && index(Param["DPORT"],":") == 0)  {myCmd = myCmd "--dport " x Param["DPORT"] " ";} 
					if (Param["DPORT"] > "" && (index(Param["DPORT"],",") > 0   || index(Param["DPORT"],":") >  0)) {myCmd = myCmd multiport x "--dports " Param["DPORT"] " "; multiport="";}
					if (Param["ACTION"] == "LOG" && Param["EXTRA"] >  "") {myCmd = myCmd "-j LOG --log-prefix " Param["EXTRA"]  " ";targetSet=1;} 
					if (Param["ACTION"] == "LOG" && Param["EXTRA"] == "") {myCmd = myCmd "-j LOG --log-prefix \"[IPT] \"";targetSet=1;} 
					if (Param["ACTION"] == "LOG" && Param["EXTRA"] == "") {myCmd = myCmd "-j LOG --log-prefix \"[IPT] \"";targetSet=1;} 
					if (Param["ACTION"] == "DNAT" && Param["EXTRA"] >  "") {myCmd = myCmd "-j DNAT --to-destination " Param["EXTRA"]  " ";targetSet=1;} 
					if (Param["ACTION"] == "SNAT" && Param["EXTRA"] >  "") {myCmd = myCmd "-j SNAT --to-source " Param["EXTRA"]  " ";targetSet=1;} 
					if (Param["ACTION"] == "MASQUERADE" && Param["EXTRA"] >  "") {system("modprobe ipt_MASQUERADE");myCmd = myCmd "-j MASQUERADE --to-ports " Param["EXTRA"]  " ";targetSet=1;} 
					if (Param["ACTION"] == "CONNMARK" && Param["EXTRA"] >  "") {myCmd = myCmd "-j CONNMARK --set-mark " Param["EXTRA"]  " ";targetSet=1;} 
					if (Param["ACTION"] == "REDIRECT" && Param["EXTRA"] >  "") {system("modprobe ipt_REDIRECT"); myCmd = myCmd "-j REDIRECT --to-ports " Param["EXTRA"]  " ";targetSet=1;} 
					if (Param["ACTION"] == "MARK" && Param["EXTRA"] >  "") {system("modprobe xt_MARK\nmodprobe xt_mark"); myCmd = myCmd "-j MARK --set-mark " Param["EXTRA"]  " ";targetSet=1;} 
					if (Param["ACTION"] == "NOTRACK") {system("modprobe xt_NOTRACK"); myCmd = myCmd "-j NOTRACK " Param["EXTRA"]  " ";targetSet=1;} 
					if (targetSet==0) {myCmd = myCmd "-j " Param["ACTION"];} 
					
					ret = system(myCmd);
					if (ret==0){changed=1;}
				}
			} else {
				n = split(urldecode(QSTR), PA, "&"); for (i=1;i<=n;i++) {split(PA[i], PM, "=");Param[PM[1]] = PM[2]}
				table	   = Param["TABLE"];
				if (Param["IPV6"] == 1){myCmdPrefix = "ip6";} else {myCmdPrefix = "ip";}
				if (Param["MODE"] != "UP" || Param["MODE"] != "DN") {
					if (Param["MODE"] == "POL" && Param["POL"] == "DEL")    {myCmd = myCmdPrefix "tables -t " table " -X " Param["CHAIN"];			ret = system(myCmd);if (ret==0){changed=1;}}
					if (Param["MODE"] == "POL" && Param["POL"] == "ACCEPT") {myCmd = myCmdPrefix "tables -t " table " -P " Param["CHAIN"] " ACCEPT"; 	ret = system(myCmd);if (ret==0){changed=1;}}
					if (Param["MODE"] == "POL" && Param["POL"] == "DROP")   {myCmd = myCmdPrefix "tables -t " table " -P " Param["CHAIN"] " DROP";	ret = system(myCmd);if (ret==0){changed=1;}}
					if (Param["MODE"] == "DEL")				{myCmd = myCmdPrefix "tables -t " table " -D " Param["CHAIN"] " " Param["IDX"];			ret = system(myCmd);if (ret==0){changed=1;}}
					if (Param["MODE"] == "POL" && Param["POL"] == "PURGE")  {myCmd = myCmdPrefix "tables -t " table " -F " Param["CHAIN"];			ret = system(myCmd);if (ret==0){changed=1;}}
					if (Param["MODE"] == "UP"  && Param["IDX"] > 1)         
					{
						myCmd = "(" myCmdPrefix "tables -t " table " -S " Param["CHAIN"] " " Param["IDX"] ") | awk \47{gsub(/-A/,\"" myCmdPrefix "tables -t " table " -I\",$1);gsub($2,\"& " Param["IDX"]-1 "\",$2); print $0}\47 | sh"; 
						ret = system(myCmd); if (ret==0){changed=1;}
						print "Exit Code " ret " - " myCmd;
						if (ret ==0) {myCmd = myCmdPrefix "tables -t " table " -D " Param["CHAIN"] " " Param["IDX"]+1;	ret = system(myCmd);if (ret==0){changed=1;}} else {myCmd="";}
					}
					if (Param["MODE"] == "DN")         
					{
						myCmd = "(" myCmdPrefix "tables -t " table " -S " Param["CHAIN"] " " Param["IDX"] ") | awk \47{gsub(/-A/,\"" myCmdPrefix "tables -t " table " -I\",$1);gsub($2,\"& " Param["IDX"]+2 "\",$2); print $0}\47 | sh";
						ret = system(myCmd); if (ret==0){changed=1;}
						print "Exit Code " ret " - " myCmd;
						if (ret ==0) {myCmd = myCmdPrefix "tables -t " table " -D " Param["CHAIN"] " " Param["IDX"]; ret = system(myCmd); if (ret==0){changed=1;}} else {myCmd="";}
					}
				}
			}		
			if (myConf["AIRBAG"]==1){ checkAirbag();}
			if (changed==1) {myConf["CHANGED"] = 2; saveSettings(myConf);}			
			print "Exit Code " ret " - " myCmd;
			if (flashmodified == 1){system("modsave flash");}

#for (x in myConf){print "CONFIG_" x " = " myConf[x];}
#DEBUG			for (x in myConf) {print x "=" myConf[x];}
#DEBUG			print "QUERY_STRING = " QSTR;
#DEBUG			print "POST_PARAMS = " PSTR;
		} else { print "ACCESS DENIED"; }
} # end BEGIN

function startAirbag(){myConf["AIRBAG"] = 1; if (RCOD > ""){print "...USING " RCOD;} else {RCOD = myConf["ADMINIP"] = myConf["MYIP"];} saveSettings(myConf); return checkAirbag(); }
function stopAirbag(){myConf["AIRBAG"] = 0; saveSettings(myConf); return 0; }

function checkAirbag(){
# filter INPUT, OUTPUT
	ret=0;
	if (myConf["AIRBAG"] == 1) {
		tst = system("iptables -S INPUT 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
		if (tst != 0) { system("iptables -t filter -I INPUT 1 -s " RCOD " -j ACCEPT");}
		if (myModules["ip_conntrack"] == 1){
			tst = system("iptables -S OUTPUT 1 | grep " RCOD " | grep \"RELATED,ESTABLISHED\" | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t filter -I OUTPUT 1 -d " RCOD " -m state --state RELATED,ESTABLISHED -j ACCEPT");}
		} else {
			tst = system("iptables -S OUTPUT 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t filter -I OUTPUT 1 -d " RCOD " -j ACCEPT");}
		}
		if (myModules["iptable_raw"] == 1){
			tst = system("iptables -t raw -S PREROUTING 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t raw -I PREROUTING 1 -s " RCOD " -j ACCEPT");}
			tst = system("iptables -t raw -S OUTPUT 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t raw -I OUTPUT 1 -d " RCOD " -j ACCEPT");}
		}
		if (myModules["iptable_mangle"] == 1){
			tst = system("iptables -t mangle -S PREROUTING 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t mangle -I PREROUTING 1 -s " RCOD " -j ACCEPT");}
			tst = system("iptables -t mangle -S INPUT 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t mangle -I INPUT 1 -s " RCOD " -j ACCEPT");}
			tst = system("iptables -t mangle -S OUTPUT 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t mangle -I OUTPUT 1 -d " RCOD " -j ACCEPT");}
			tst = system("iptables -t mangle -S POSTROUTING 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t mangle -I POSTROUTING 1 -d " RCOD " -j ACCEPT");}
		}
		if (myModules["iptable_nat"] == 1){
			tst = system("iptables -t nat -S PREROUTING 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t nat -I PREROUTING 1 -s " RCOD " -j ACCEPT");}
			tst = system("iptables -t nat -S OUTPUT 1 | grep " RCOnoloadmodules=D " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t nat -I OUTPUT 1 -d " RCOD " -j ACCEPT");}
			tst = system("iptables -t nat -S POSTROUTING 1 | grep " RCOD " | grep \"ACCEPT\" 1> /dev/null");
			if (tst != 0) {ret += system("iptables -t nat -I POSTROUTING 1 -d " RCOD " -j ACCEPT");}
		}
	}
	return ret;
}

function loadModules(){
	if (noloadmodules==0){
		y["main"] = "";	y["ftp"] = "_ftp"; y["h323"] = "_h323"; y["irc"] = "_irc";  y["pptp"] = "_pptp";  y["tftp"] = "_tftp";
		ret=0; nat=0; conntrack=0; mangle=0; raw=0;
		for (x in Param) {if (index(Param[x], "ip_conntrack") > 0) {conntrack=1;} if (index(Param[x], "ip_nat") > 0) {nat=1;} if (index(Param[x], "iptable_mangle") > 0) {mangle=1;} if (index(Param[x], "iptable_raw") > 0) {raw=1;}}
		if (conntrack==1){Param["ip_conntrack"] = "ip_conntrack";}
		if (nat==1)		{Param["ip_nat"] = "ip_nat"; if (myModules["iptable_nat"] != 1) {system("modprobe iptable_nat"); changed=1;}} else { if (myModules["iptable_nat"] == 1){ system("rmmod ipt_REDIRECT\nrmmod iptable_nat"); changed=1;}}
		if (mangle==1)	{if (myModules["iptable_mangle"] != 1) {system("modprobe iptable_mangle") changed=1;}} else { if (myModules["iptable_mangle"] == 1){ system("rmmod iptable_mangle"); changed=1;}}
		if (raw==1)		{if (myModules["iptable_raw"] != 1) {system("modprobe iptable_raw") changed=1;}} else { if (myModules["iptable_raw"] == 1){ system("rmmod iptable_raw"); changed=1;}}
		for (x in y){
			if (Param["ip_conntrack" y[x]] == ("ip_conntrack" y[x]) && myModules["ip_conntrack" y[x]] != 1) {ret = system("modprobe ip_conntrack" y[x]); print "Loading " x " ..."; changed=1;}
			else if (Param["ip_conntrack" y[x]] == "" && myModules["ip_conntrack" y[x]] == 1) {ret = system("rmmod ip_conntrack" y[x]); print "Un-Load " x "..."; changed=1;}
			if (Param["ip_nat" y[x]] == ("ip_nat" y[x]) && myModules["ip_nat" y[x]] != 1) {ret = system("modprobe ip_nat" y[x]); print "Loading " x " ..."; changed=1;}
			else if (Param["ip_nat" y[x]] == "" && myModules["ip_nat" y[x]] == 1) {ret = system("rmmod ip_nat" y[x]); print "Un-Load " x "..."; changed=1;}
		}
	}
	return ret;
}
function checkConfig(){
	if (RCOD > "") {check["admin_set"] = 0; } else {check["admin_set"] = 1;}
	check["changed"] = myConf["CHANGED"];
	check["iptables"] = system("iptables -S INPUT 1 1> /dev/null");	
	if (logtarget == 0) {
		check["directory_log"] = system("ls " myConf["LOGD"] " 1> /dev/null");
		check["log_running"] = system("ps | grep -v grep | grep iptlogger 1> /dev/null");
		check["log_x_flag"] = system("ls -l /var/tmp/iptlogger.sh | grep x 1> /dev/null");
		check["watchdog_file"] = system("ls -l /var/tmp/logfw.sh 1> /dev/null");
		check["watchdog_x_flag"] = system("ls -l /var/tmp/logfw.sh | grep x 1> /dev/null");
		check["watchdog_running"] = system("ps | grep -v grep | grep logfw 1> /dev/null");
	}
	if (myConf["BACK"]==""){check["directory_backup"] = 0;} else {check["directory_backup"] = system("ls " myConf["BACK"] " 1> /dev/null");}
	print "modules loaded :";
	system("lsmod \| grep \"^ip_\\\|^ipt_\\\|^iptable\\\|^x_\\\|^xt_\" \| awk \47{print $1}\47 \| sort");
}
function createWatchdog(){
	print "creating watchdog...";
	ret = system("(cat <<EOF > /var/tmp/logfw.sh \n#!/bin/sh\n\nrunning=\\$(ps | grep -v grep | grep -o iptlogger)\
if [ -z \\$running ]\nthen\necho \"starting log deamon\"\nsh /var/tmp/iptlogger.sh\
myexit=0\nwhile [ \\$myexit -eq 0 ]\ndo\nsleep 15\nrunning=\\$(ps | grep -v grep | grep -o iptlogger)\
if [ -z \\$running ]\nthen\necho \"terminating log deamon\"\nmyexit=1\
else\ngrep -E -v \"<4>|DECT|DCT|^$\" /var/tmp/system.log | sed \"s/^/\\$(date +\47%Y-%m-%d %H:%M:%S\47) /\" >> " myConf["LOGD"] "/system.log\
grep \"<4>\" /var/tmp/system.log | sed \"s/^/\\$(date +\47%Y-%m-%d %H:%M:%S\47) /\" >> " myConf["LOGD"] "/fw.log\
echo \"\" > /var/tmp/system.log\ nmyexit=0\nfi\ndone\nelse\necho \"already running, giving up\"\nfi\nEOF\n\n)");
ret += system("chmod +x /var/tmp/logfw.sh");
	return ret;
}
function createIptlogger(){
	ret = system("(cat <<EOF > /var/tmp/iptlogger.sh \
#!/bin/sh\n\nrunning=\\$(ps | grep -v grep | grep -o iptlogger)\nif [ -n \\$running ]\nthen\nexit 1\nfi\
running=\\$(ps | grep -v grep | grep -o logfw)\nif [ -z \\$running ]\nthen\nexit 2\nfi\
cat /dev/debug > /var/tmp/system.log & \nEOF\n\nchmod +x  /var/tmp/iptlogger.sh\n\)");
	return ret;
}
function createStartSequence(logtarget){
if (logtarget == 0) {
if (myConf["BACK"] == ""){ myBackUp = ""; } else { myBackUp = "cat " BootTargetOld "nhipt.cfg > " myConf["BACK"] "/\"$(date +\"%Y-%m-%d-%H-%M-%S\")\"-nhipt.cfg\n";}
ret = system("(" myBackUp "cat <<EOF > /var/tmp/nhipt.cfg \n#!/bin/sh\n\n" dsldoff bootdelay dsldon "\n\
. /mod/etc/conf/mod.cfg\
echo \"/:\\$MOD_HTTPD_USER:\\$MOD_HTTPD_PASSWD\" > /mod/etc/httpd.conf\n\
httpd -P /var/run/nhipd.pid -p " LANIP ":" myPort " -h " myRoot " -c /mod/etc/httpd.conf -r Freetz\n \
echo \"#!/bin/sh\" > /var/tmp/logfw.sh\necho \"\" >> /var/tmp/logfw.sh\
echo \47running=\\$(ps | grep -v grep | grep -o iptlogger)\47 >> /var/tmp/logfw.sh\
echo \47if [ -z \\$running ]\47 >> /var/tmp/logfw.sh\
echo \47then\47 >> /var/tmp/logfw.sh\
echo \47echo \"starting log deamon\"\47 >> /var/tmp/logfw.sh\
echo \47sh /var/tmp/iptlogger.sh\47 >> /var/tmp/logfw.sh\
echo \47myexit=0\47 >> /var/tmp/logfw.sh\
echo \47while [ \\$myexit -eq 0 ]\47 >> /var/tmp/logfw.sh\
echo \47do\47 >> /var/tmp/logfw.sh\
echo \47sleep 15\47 >> /var/tmp/logfw.sh\
echo \47running=\\$(ps | grep -v grep | grep -o iptlogger)\47 >> /var/tmp/logfw.sh\
echo \47if [ -z \\$running ]\47 >> /var/tmp/logfw.sh\
echo \47then\47 >> /var/tmp/logfw.sh\
echo \47echo \"terminating log deamon\"\47 >> /var/tmp/logfw.sh\
echo \47myexit=1\47 >> /var/tmp/logfw.sh\
echo \47else\47 >> /var/tmp/logfw.sh\
echo \47grep -E -v \"<4>|DECT|DCT|^$\" /var/tmp/system.log | sed \"s/^/\\$(date +\47\\\47\47%Y-%m-%d %H:%M:%S\47\\\47\47) /\" >> " myConf["LOGD"] "/system.log\47 >> /var/tmp/logfw.sh\
echo \47grep \"<4>\" /var/tmp/system.log | sed \"s/^/\\$(date +\47\\\47\47%Y-%m-%d %H:%M:%S\47\\\47\47) /\" >> " myConf["LOGD"] "/fw.log\47 >> /var/tmp/logfw.sh\
echo \47echo \"\" > /var/tmp/system.log\47 >> /var/tmp/logfw.sh\
echo \47myexit=0\47 >> /var/tmp/logfw.sh\
echo \47fi\47 >> /var/tmp/logfw.sh\
echo \47done\47 >> /var/tmp/logfw.sh\
echo \47else\47 >> /var/tmp/logfw.sh\
echo \47echo \"already running, giving up\"\47 >> /var/tmp/logfw.sh\
echo \47fi\47 >> /var/tmp/logfw.sh\
\nchmod +x  /var/tmp/logfw.sh\
cat  " BootTarget "nhipt.par > /var/tmp/nhipt.par\n\
echo \"#!/bin/sh\" > /var/tmp/iptlogger.sh\necho \"\" >> /var/tmp/iptlogger.sh\
echo \47running=\\$(ps | grep -v grep | grep -o iptlogger)\47 >> /var/tmp/iptlogger.sh\
echo \47if [ -n \\$running ]\47 >> /var/tmp/iptlogger.sh\
echo \47then\47 >> /var/tmp/iptlogger.sh\
echo \47exit 1\47 >> /var/tmp/iptlogger.sh\
echo \47fi\47 >> /var/tmp/iptlogger.sh\
echo \47running=\\$(ps | grep -v grep | grep -o logfw)\47 >> /var/tmp/iptlogger.sh\
echo \47if [ -z \\$running ]\47 >> /var/tmp/iptlogger.sh\
echo \47then\47 >> /var/tmp/iptlogger.sh\
echo \47exit 2\47 >> /var/tmp/iptlogger.sh\
echo \47fi\47 >> /var/tmp/iptlogger.sh\
echo \"cat /dev/debug > /var/tmp/system.log & \" >> /var/tmp/iptlogger.sh\n\
iptables -P INPUT  ACCEPT\niptables -P OUTPUT ACCEPT\niptables -F\niptables -X\
date > /var/tmp/system.log\n\nchmod 777 /var/tmp/system.log \
chmod +x  /var/tmp/iptlogger.sh\n\
sh /var/tmp/logfw.sh & \n\
\nEOF\n)\n");
} else {
if (myConf["BACK"] == ""){ myBackUp = ""; } else { myBackUp = "cat " BootTargetOld "nhipt.cfg > " myConf["BACK"] "/\"$(date +\"%Y-%m-%d-%H-%M-%S\")\"-nhipt.cfg\n";}
ret = system("(" myBackUp "cat <<EOF > /var/tmp/nhipt.cfg \n#!/bin/sh\n\n" dsldoff bootdelay dsldon "\n\
. /mod/etc/conf/mod.cfg\
echo \"/:\\$MOD_HTTPD_USER:\\$MOD_HTTPD_PASSWD\" > /mod/etc/httpd.conf\n\
httpd -P /var/run/nhipd.pid -p " LANIP ":" myPort " -h " myRoot " -c /mod/etc/httpd.conf -r Freetz\n \
\nEOF\n)\n");
}
return ret;
}
function appendRules(){
ret = system("(cat <<EOF >> /var/tmp/nhipt.cfg \n\
###FIREWALL###\n" bootModules() "\n\n \
\nEOF\n)\
if [ -n \"$(iptables -S -t filter  | grep -e \47^Table does not exist\47)\" ];	then touch /var/tmp/iptfilter.tmp;	else (iptables -t filter -S  2> /dev/null) | awk \47{print \"iptables -t filter \" $0}\47  >> /var/tmp/nhipt.cfg; fi\
if [ -n \"$(iptables -S -t nat     | grep -e \47^Table does not exist\47)\" ];	then touch /var/tmp/iptfilter.tmp;	else (iptables -t nat -S     2> /dev/null) | awk \47{print \"iptables -t nat \" $0}\47     >> /var/tmp/nhipt.cfg; fi\
if [ -n \"$(iptables -S -t mangle  | grep -e \47^Table does not exist\47)\" ];	then touch /var/tmp/iptfilter.tmp;	else (iptables -t mangle -S  2> /dev/null) | awk \47{print \"iptables -t mangle \" $0}\47  >> /var/tmp/nhipt.cfg; fi\
if [ -n \"$(iptables -S -t raw     | grep -e \47^Table does not exist\47)\" ];	then touch /var/tmp/iptfilter.tmp;	else (iptables -t raw -S     2> /dev/null) | awk \47{print \"iptables -t raw \" $0}\47     >> /var/tmp/nhipt.cfg; fi\
if [ -n \"$(ip6tables -S -t filter | grep -e \47^Table does not exist\47)\" ];	then touch /var/tmp/iptfilter.tmp;	else (ip6tables -t filter -S 2> /dev/null) | awk \47{print \"ip6tables -t filter \" $0}\47 >> /var/tmp/nhipt.cfg; fi\
if [ -n \"$(ip6tables -S -t mangle | grep -e \47^Table does not exist\47)\" ];	then touch /var/tmp/iptfilter.tmp;	else (ip6tables -t mangle -S 2> /dev/null) | awk \47{print \"ip6tables -t mangle \" $0}\47 >> /var/tmp/nhipt.cfg; fi\
if [ -n \"$(ip6tables -S -t raw    | grep -e \47^Table does not exist\47)\" ];	then touch /var/tmp/iptfilter.tmp;	else (ip6tables -t raw -S    2> /dev/null) | awk \47{print \"ip6tables -t raw \" $0}\47    >> /var/tmp/nhipt.cfg; fi\
cat /var/tmp/nhipt.cfg > " BootTarget "nhipt.cfg");
return ret;
}
function startLogging(){
	if (logtarget == 1) {return 0;}
	ret = system("ps | grep -v \"grep\" | grep \"iptlogger\"");
	if (ret == 0) { print "Sevice already running"; return 0;} 
	else {
		ret = 0; 	
		print "Starting Service..."; 
		if (system("test -f /var/tmp/iptlogger.sh") == 0 ) { print "...starting existing service..."; } else { print "...creating iptlogger.sh..."; ret = createIptlogger(); }
		if (system("test -f /var/tmp/logfw.sh") == 0 ) { print "...starting watchdog"; } else { print "...creating watchdog"; ret = createWatchdog(); }
		return ret += system("sh /var/tmp/logfw.sh&"); 
	}
}
function stopLogging()
{	print "Stopping deamon iptlogger.sh"; 
	ret = system("ps | grep -v grep | grep iptlogger | awk \47{print $1}\47 | xargs kill");
	ret += system("ps | grep -v grep | grep logfw | awk \47{print $1}\47 | xargs kill");
	return ret;
}
function persist(mode){
	if (dirchanged==1){
		ret = system("ls " myConf["LOGD"] " 1> /dev/null");
		if (ret != 0){ system("mkdir " myConf["LOGD"]); print "creating " myConf["LOGD"]; }
		if (myConf["BACK"] != "") {	ret = system("ls " myConf["BACK"] " 1> /dev/null"); 	if (ret != 0){ system("mkdir " myConf["BACK"]); print "creating " myConf["BACK"];}}
		ret = system("ls " myConf["BOOTDIR"] " 1> /dev/null"); 
		if (ret != 0){ system("mkdir " myConf["BOOTDIR"]); print "creating " myConf["BOOTDIR"]; }
	}
	if (Boot!=myConf["BOOT"] || Bootstrap!=myConf["BOOTSTRAP"]){
		if (myConf["BOOTSTRAP"] == "freetz"){myBootstrap="/tmp/flash/nhiptboot.cfg"; flashmodified=1;} else {myBootstrap="/var/flash/debug.cfg";}
		flashmodified = 1;
		if (myConf["BOOT"]=="flash"){BootTarget="/tmp/flash/";myDelay="";}
		if (myConf["BOOT"]=="usb"){
			if (myConf["BOOTDIR"] == ""){BootTarget=myConf["ROOT"] "/"; myConf["BOOTDIR"]=myConf["ROOT"]} else {BootTarget=myConf["BOOTDIR"] "/";} 
			myDelay= "for i in 1 2 3 4 5 6 7 8\ndo\n sleep 5\necho \"retry $i times\"\n  if [ -r " BootTarget "nhipt.par ]\n  then\n echo \"usb stick connected\"\n	break\n  fi \ndone\n\n";
		}
		myCmd = "Saving Settings to " BootTarget "...";
		printed=0;
		system("rm /var/tmp/debug.cfg")
		if( system("grep \"#NHIPT-START#\" " myBootstrap) == 0) {
			found = 0;
			while ((ret = getline test < myBootstrap) > 0) {
				if (test == "###NHIPT-START###" && found==0){print "###NHIPT-START###\n\n" myDelay "\ncat " BootTarget "nhipt.cfg > /var/tmp/nhipt.cfg\ncat " BootTarget "nhipt.par > /var/tmp/nhipt.par\nchmod +x /var/tmp/nhipt.cfg\n/bin/sh /var/tmp/nhipt.cfg &\n###NHIPT-END###\n" >> "/var/tmp/debug.cfg";printed=1;found=1;}
				if (found==0 || found==3 ){print test >> "/var/tmp/debug.cfg";}
				if (found==2){found=3};
				if (test == "###NHIPT-END###"){found = 2;print "Found Footer";}
				}
			if (ret==0) {close (myBootstrap);}
		}
		if (printed==0) {print "###NHIPT-START###\ncat " BootTarget "nhipt.cfg > /var/tmp/nhipt.cfg\ncat " BootTarget "nhipt.par > /var/tmp/nhipt.par\nchmod +x /var/tmp/nhipt.cfg\n/bin/sh /var/tmp/nhipt.cfg\n###NHIPT-END###\n" >> "/var/tmp/debug.cfg";printed=1;}
		system("cat /var/tmp/debug.cfg > " myBootstrap);	
		mode="all";
		print "STAGE0 - bootstrap reconfigured"
	}
	if (myConf["DSLDOFF"] == 1) {dsldoff = "dsld -s\n"; dsldon = "dsld -i -n\n";} else {dsldoff=""; dsldon=""; }
	if (myConf["DELAY"] > 0) 	{bootdelay = "sleep " myConf["DELAY"] "\n";} else {bootdelay = ""; dsldoff=""; dsldon="";}
	if (mode=="all"){
		# SAVE ALL
		cfgchanged=1;
		ret = createStartSequence(logtarget);
		ret += appendRules();
		print "STAGE1 - complete bootfile written";
		if (ret==0){myConf["CHANGED"]=0; ret=saveSettings(myConf);}
		if (myConf["BOOT"] == "flash") {flashmodified=1;}
	} else if(cfgchanged == 1 || dirchanged == 1) {
		#SAVE CONFIG AND BOOTLOADER
		ret = createStartSequence(logtarget);
		print "STAGE2 - bootloader only written";
		# APPEND SAVED FIREWALL RULES
		found = 0;
		while ((ret = getline test < "" BootTargetOld "nhipt.cfg") > 0) {
			if (test == "###FIREWALL###"){found = 1;}
			if (found == 1){print test >> "/var/tmp/nhipt.cfg";}
		}
		if (ret==0) {close ("" BootTargetOld "nhipt.cfg");}
		ret = system("cat /var/tmp/nhipt.cfg > " BootTarget "nhipt.cfg");
		print "STAGE3 - preserved rules appended";
		tmpCnfChg = myConf["CHANGED"]; myConf["CHANGED"]=0; cfgchanged=1;
		ret += saveSettings(myConf);
		myConf["CHANGED"] = tmpCnfChg;
		saveSettings(myConf);
		if (myConf["BOOT"] == "flash") {flashmodified=1;}
	} else {
		myCmd = "Nothing to save"; ret=0;
	}
	return ret;
} 
function bootModules(){
	strRet = ""
	system("lsmod \| grep \"^ip_\\\|^ipt_\\\|^iptable\\\|^x_\\\|^xt_\" \| awk \47{print $1}\47 \| sort > /var/tmp/nhipt.yyy");
	system("lsmod \| grep \"^ip6_\\\|^ip6t_\\\|^ip6table\" \| awk \47{print $1}\47 \| sort >> /var/tmp/nhipt.yyy");
	while((stat = getline test < "/var/tmp/nhipt.yyy") > 0) { strRet = strRet "modprobe " test "\n"	;}
	if (stat==0) { close("/var/tmp/nhipt.yyy");}
	return strRet;
}
function loadSettings(){
	system("lsmod \| grep \"^ip_\\\|^ipt_\\\|^iptable\\\|^x_\\\|^xt_\" \| awk \47{print $1}\47 \| sort > /var/tmp/nhipt.yyy");
	while((stat = getline test < "/var/tmp/nhipt.yyy") > 0) { myModules[test] = 1; }
	if (stat==0) { close("/var/tmp/nhipt.yyy");}
	while ((stat = getline test < "/var/tmp/nhipt.par") > 0) { split(test ,par,"=");myConf[par[1]] = par[2]; }
	if (stat==-1) {print "Parameter file not found in RAM-disk, loading boot settings"; system("cat " BootTarget "nhipt.par > /var/tmp/nhipt.par");
		while ((stat = getline test < "/var/tmp/nhipt.par") > 0) { split(test ,par,"=");myConf[par[1]] = par[2]; }
	}
	if (stat==0) { close("/var/tmp/nhipt.par");}
	if (myConf["PORT"] > "") { myPort = myConf["PORT"]} else {myPort = substr(ENVIRON["HTTP_REFERER"],index(ENVIRON["HTTP_REFERER"],".")); myPort = substr(myPort, index(myPort,":")+1); myPort = substr(myPort,1,index(myPort,"/")-1); myConf["PORT"] = myPort;}
	if (myConf["ROOT"] > "") { myRoot = myConf["ROOT"]} else {myRoot = substr(ENVIRON["SCRIPT_FILENAME"],1,index(ENVIRON["SCRIPT_FILENAME"],"cgi-bin")-2);; myConf["ROOT"] = myRoot;}
#	if (myConf["BACK"] == "") { myConf["BACK"] = myRoot;}
	if (myConf["LOGD"] == "") { myConf["LOGD"] = myRoot;}
	myConf["MYIP"] = myIP;
	return stat;
}
function saveSettings(Settings){
	ret = system("rm /var/tmp/nhipt.par");
	for (s in Settings){ret += system("echo \"" s "=" Settings[s] "\" >> /var/tmp/nhipt.par"); }
	if (flashmodified == 1 || dirchanged == 1 || cfgchanged == 1){
		ret += system("cat /var/tmp/nhipt.par > " BootTarget "nhipt.par");
		print "STAGE4 - settings saved";
		if (dirchanged == 1 && logtarget == 0) { 
			logDeamonIsRunning = system("ps | grep -v grep | grep iptlogger 1> /dev/null"); 
			if (logDeamonIsRunning == 0) { ret=stopLogging(); ret=createIptlogger(); ret+=createWatchdog();	ret+=startLogging(); print "STAGE5 - fw and system log reconfigured";}
		}
		## Remove orphaned boot files
		if (BootTargetOld != BootTarget){ system("rm " BootTargetOld "/nhipt.*"); print "STAGE5 - housekeeping after transfer";}
		dirchanged=0; cfgchanged=0;
	}
	return ret;
}
function urldecode (s) {
	hextab["0"] = 0;	hextab["8"] = 8;
	hextab["1"] = 1;	hextab["9"] = 9;
	hextab["2"] = 2;	hextab["A"] = hextab["a"] = 10;
	hextab["3"] = 3;	hextab["B"] = hextab["b"] = 11;
	hextab["4"] = 4;	hextab["C"] = hextab["c"] = 12;
	hextab["5"] = 5;	hextab["D"] = hextab["d"] = 13;
	hextab["6"] = 6;	hextab["E"] = hextab["e"] = 14;
	hextab["7"] = 7;	hextab["F"] = hextab["f"] = 15;
 	decoded = "";
	i   = 1;RELATED,ESTABLISHED
	len = length (s);
	while ( i <= len ) {
	    c = substr (s, i, 1);
	    if ( c == "%" ) {
	    	if ( i+2 <= len ) {
		    c1 = substr (s, i+1, 1);
		    c2 = substr (s, i+2, 1);
		    if ( hextab[c1] == "" || hextab[c2] == "" ) { print "WARNING: invalid hex encoding: %" c1 c2 | "cat >&2"; } else {
		    	code = 0 + hextab[c1] * 16 + hextab[c2] + 0;
		    	c = sprintf ("%c", code);
			i = i + 2;
		    }
		} else {print "WARNING: invalid % encoding: " substr (s, i, len - i) | "cat >&2"; }
	    } else if ( c == "+" ) { c = " ";}
	    decoded = decoded c;
	    i++;
	}
	return decoded;
	} # end urldecode
	{
	} # end main
	END
	{		
 	}' 2>&1) >> /var/tmp/nhipt.log
fi

if [ "$NHIPT_CONFIG" = "box" ] 
then 
	echo "iptables reconfigured"
else

### HTML FORM

touch /var/tmp/iptfilter.tmp;
touch /var/tmp/iptnat.tmp;
touch /var/tmp/iptmangle.tmp;
touch /var/tmp/iptraw.tmp;
touch /var/tmp/ip6tfilter.tmp;
touch /var/tmp/ip6tmangle.tmp;
touch /var/tmp/ip6traw.tmp;		 

if [ -n "$(iptables -S -t filter | grep -e '^Table does not exist')" ];	then touch /var/tmp/iptfilter.tmp;	else iptables -t filter -S > /var/tmp/iptfilter.tmp; 	fi
if [ -n "$(iptables -S -t nat    | grep -e '^Table does not exist')" ];	then touch /var/tmp/iptnat.tmp;		else iptables -t nat -S > /var/tmp/iptnat.tmp; 			fi
if [ -n "$(iptables -S -t mangle | grep -e '^Table does not exist')" ];	then touch /var/tmp/iptmangle.tmp;	else iptables -t mangle -S > /var/tmp/iptmangle.tmp; 	fi
if [ -n "$(iptables -S -t raw 	 | grep -e '^Table does not exist')" ];	then touch /var/tmp/iptraw.tmp;		else iptables -t raw -S > /var/tmp/iptraw.tmp; 			fi

if [ -n "$(ip6tables -S -t filter | grep -e '^-sh: ip6tables: not found')" ]; 
then 
		touch /var/tmp/ip6tfilter.tmp;
		touch /var/tmp/ip6tmangle.tmp;
		touch /var/tmp/ip6traw.tmp;		 
else 
		if [ -n "$(ip6tables -S -t filter | grep -e '^Table does not exist')" ];	then touch /var/tmp/ip6tfilter.tmp;	else ip6tables -t filter -S > /var/tmp/ip6tfilter.tmp; 	fi
		if [ -n "$(ip6tables -S -t mangle | grep -e '^Table does not exist')" ];	then touch /var/tmp/ip6tmangle.tmp;	else ip6tables -t mangle -S > /var/tmp/ip6tmangle.tmp; 	fi
		if [ -n "$(ip6tables -S -t raw 	  | grep -e '^Table does not exist')" ];	then touch /var/tmp/ip6traw.tmp;	else ip6tables -t raw -S > /var/tmp/ip6traw.tmp; 		fi
fi

  echo "$(awk -v IFCS=$x -v PSTR=$post_string -v QSTR=$QUERY_STRING 'BEGIN { 
	print "Content-type: text/html"
	print ""
	print "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"  \"http://www.w3.org/TR/html4/strict.dtd\">";
	print "<html xmlns=\"http://www.w3.org/1999/xhtml\" >";
	print "<head>";
	print "<title>NHIPT - IPTABLES FIREWALL ADMIN INTERFACE FOR FRITZ!BOX 7270</title>";
	print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />";
	print "<meta http-equiv=\"pragma\" content=\"no-cache\">";
	print "<meta http-equiv=\"expires\" content=\"-1\">";
	print "<meta name=\"expires\" content=\"0\">";
	print "<STYLE>";
	print "TR			{background-color:#FFFFFF;}";
	print "TR:hover		{background-color:#CCCCCC;}";
	print "TR.solid		{background-color:#FFFFFF;}";
	print "H1			{FONT-FAMILY: Arial, Verdana, sans-serif; color:#FF0000; text-align:center; border:10px solid red; padding:10px 10px 10px 10px; margin: 10px 10px 10px 10px; vertical-align:middle;}";
	print "TD			{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:center; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px;}";
	print "TD.ACCEPT	{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:center; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px;background-color:#CCFFCC;}";
	print "TD.DROP		{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:center; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px;background-color:#FFCCCC;}";
	print "TD.error		{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:center; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px;background-color:#FF8080;}";
	print "TD.ok		{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:center; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px;background-color:#80FF80;}";
	print "TD.noborder	{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:left;   border:1px solid white;  padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; vertical-align:top;}";
	print "TD.log		{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:left;   border:1px solid white; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; background-color:#EEEEEE;}";
	print "TH			{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:center; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; font-weight:bold;background-color:#EEEEEE;}";
	print "TH.left		{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:left; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; font-weight:bold;background-color:#EEEEEE;}";
	print "TH.right		{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:right; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; font-weight:bold;background-color:#EEEEEE; vertical-align:top;}";
	print "TD.left		{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:left; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px;}";
	print "TABLE		{padding:0;}";
	print "INPUT[type=text]{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:center; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; width:95%;}";
	print "INPUT[type=submit]{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:center; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; width:95%;}";
	print "INPUT.expert	{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; background-color:#FFCCCC; text-align:left; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; width:99%;}";
	print "INPUT.admin	{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; background-color:#FFFFFF; text-align:left; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; width:95%;}";
	print "INPUT.adminr	{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; background-color:#FFCCCC; text-align:left; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; width:95%;}";
	print "INPUT.adming	{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; background-color:#CCFFCC; text-align:left; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; width:95%;}";
	print "SELECT		{FONT-SIZE:11px; FONT-FAMILY: Arial, Verdana, sans-serif; color:#000000; text-align:center; border:1px solid silver; padding:1px 1px 1px 1px; margin: 0px 0px 0px 0px; width:95%;}";
	print "</STYLE>";
	print "</head>";
	print "<body>";
	exitSwitch=0;

    BoxType = substr(ENVIRON["CONFIG_PRODUKT"],index(ENVIRON["CONFIG_PRODUKT"],"Box_") + 4, 2);

	system("lsmod \| grep \"^ip_\\\|^ipt_\\\|^iptable\\\|^x_\\\|^xt_\" \| awk \47{print $1}\47 \| sort > /var/tmp/nhipt.yyy");
	ip6enabled = system("lsmod | grep -e \47^ipv6\47 1> /dev/null");
	while((stat = getline test < "/var/tmp/nhipt.yyy") > 0) { myModules[test] = 1;} if (stat==0) { close("/var/tmp/nhipt.yyy"); system("rm /var/tmp/nhipt.yyy");}
	while ((stat = getline test < "/var/tmp/nhipt.par") > 0) { split(test,par,"=");myConf[par[1]] = par[2]; }
	RCOD=myConf["ADMINIP"];
	if (stat==-1) {system("cat " BootTarget "nhipt.par > /var/tmp/nhipt.par"); while ((stat = getline test < "/var/tmp/nhipt.par") > 0) { split(test,par,"=");myConf[par[1]] = par[2]; }}
	if (stat==0) { close("/var/tmp/nhipt.par");}
	if (myConf["PORT"] > "") { myPort = myConf["PORT"]} else {myPort = substr(ENVIRON["HTTP_REFERER"],index(ENVIRON["HTTP_REFERER"],".")); myPort = substr(myPort, index(myPort,":")+1); myPort = substr(myPort,1,index(myPort,"/")-1); myConf["PORT"] = myPort;}
	if (myConf["ROOT"] > "") { myRoot = myConf["ROOT"]} else {myRoot = substr(ENVIRON["SCRIPT_FILENAME"],1,index(ENVIRON["SCRIPT_FILENAME"],"cgi-bin")-2); myConf["ROOT"] = myRoot;}
#	if (myConf["BACK"] == "") { myConf["BACK"] = myRoot;}
	if (myConf["LOGD"] == "") { myConf["LOGD"] = myRoot;}
	myConf["MYIP"] = myIP = ENVIRON["REMOTE_ADDR"];
	#CHECK LOGIN CREDENTIALS
	gsub(/ /,"",RCOD); 
	if (RCOD > ""){ i = split(RCOD,ipadr,"/"); if (i > 1) {ip = ipadr[1]; mask=ipadr[2];} else {ip = ipadr[1]; mask="255.255.255.255";} if (index(mask,".") == 0) { sm = "";	ma[8]=255; ma[7]=127; ma[6]=63; ma[5]=31; ma[4]=15; ma[3]=7; ma[2]=3; ma[1]=1; ma[0]=0; for (i=1;i<=4;i++){if (mask >=8) {sm = sm "255.";mask=mask-8;} else {sm = sm ma[mask] ".";mask=0;}} mask=sm; } split(myIP,mpar,".");	split(ip,ipar,"."); split(mask,maskar,"."); if ((and(mpar[1],maskar[1]) == and(ipar[1],maskar[1])) && (and(mpar[2],maskar[2]) == and(ipar[2],maskar[2])) && (and(mpar[3],maskar[3]) == and(ipar[3],maskar[3])) && (and(mpar[4],maskar[4]) == and(ipar[4],maskar[4]))) { login=1} else {login=0} } else { login = 1;}
	#END CHECK
	if(login != 1){print "<BR><BR><BR><H1>ACCESS DENIED FROM IP : " myIP "</H1>\n</BODY>\n</HTML>"; exitSwitch=1; exit 0;};
	myURL = ENVIRON["SCRIPT_NAME"];
	admIP = RCOD;
	settingsPrinted = 0;
	myIP  = ENVIRON["REMOTE_ADDR"];
	n = split(QSTR, PA, "&"); for (i=1;i<=n;i++) {split(PA[i], PM, "=");Param[PM[1]] = PM[2]}
	CurrentJumpMark = Param["J"];
	if (Param["MODE"]=="EDT"){ editRule=1; } else {editRule = 0}
	JumpMark = (CurrentJumpMark + 1) % 9;
	if (admIP == "") { ifcIP = myIP; ipStr = "SET ";} else { ifcIP = admIP;  ipStr = "CHANGE ";}
	check["log_deamon"] = system("ps | grep -v grep | grep iptlogger 1> /dev/null");
	check["changed"] = myConf["CHANGED"];
	check["AIRBAG"] = myConf["AIRBAG"];
	if (myConf["LOGTARGET"] == "syslog") { nolog=1; } else { nolog=0; } 
	print "<TABLE cellspacing=\"0\">";
	i = 0;
	formPrinted = 0;
	inSubTable = 0;
	nTables = 0;
	nCChains = 0;
	delete Chains;
	delete CChains;
	myFile = "ipt.tmp"

	# INERFACES DROP-DOWN
	n = split(IFCS, Params,"+");
	ifSel = ""; selected = " selected";
	for (j=1;j<=n;j++){ if (index(Params[j],":") == 0 ){ifSel = ifSel "<OPTION VALUE=\"" Params[j] "\"" selected ">" Params[j] "</OPTION>";	selected = "" }}

	# PROTOCOLS DROP-DOWN
	myProt = "<OPTION VALUE=\"\"></OPTION><OPTION VALUE=tcp>tcp</OPTION><OPTION VALUE=udp>udp</OPTION><OPTION VALUE=icmp>icmp</OPTION><OPTION VALUE=ah>ah</OPTION><OPTION VALUE=esp>esp</OPTION><OPTION VALUE=gre>gre</OPTION><OPTION VALUE=sctp>sctp</OPTION>\
<OPTION VALUE=ipv6>ipv6</OPTION><OPTION VALUE=ipv6-route>ipv6-route</OPTION><OPTION VALUE=ipv6-frag>ipv6-frag</OPTION><OPTION VALUE=ipv6-icmp>ipv6-icmp</OPTION><OPTION VALUE=ipv6-nonxt>ipv6-nonxt</OPTION><OPTION VALUE=ipv6-opts>ipv6-opts</OPTION>\
<OPTION VALUE=vrrp>vrrp</OPTION><OPTION VALUE=pgm>pgm</OPTION><OPTION VALUE=igmp>igmp</OPTION><OPTION VALUE=l2tp>l2tp</OPTION><OPTION VALUE=sctp>sctp</OPTION><OPTION VALUE=!tcp>!tcp</OPTION><OPTION VALUE=!udp>!udp</OPTION><OPTION VALUE=!icmp>!icmp</OPTION><OPTION VALUE=!ah>!ah</OPTION><OPTION VALUE=!esp>!esp</OPTION><OPTION VALUE=!gre>!gre</OPTION><OPTION VALUE=!sctp>!sctp</OPTION></SELECT>";

	
	# PRESET FORM ROW STRING LEFT AND RIGHT - ACTION DROP DOWN WILL BE CREATED AND INSERTED DURING RUN TIME
	myFL = "<TD><INPUT TYPE=TEXT NAME=S SIZE=18 MAXLENGTH=32></TD><TD><INPUT TYPE=TEXT NAME=D SIZE=18 MAXLENGTH=32></TD><TD><SELECT NAME=I>" ifSel "</SELECT></TD><TD><SELECT NAME=O>" ifSel "</SELECT></TD><TD><SELECT NAME=P>" myProt "</TD><TD><SELECT NAME=MODULE><OPTION VALUE=\"\">auto</OPTION><OPTION VALUE=state>state</OPTION><OPTION VALUE=ah>ah</OPTION><OPTION VALUE=esp>esp</OPTION><OPTION VALUE=comment>comment</OPTION></SELECT></TD><TD><INPUT TYPE=TEXT NAME=SPORT SIZE=3></TD><TD><INPUT TYPE=TEXT NAME=DPORT></TD><TD><SELECT NAME=ACTION>";
	myFR = "</SELECT></TD><TD><INPUT TYPE=TEXT NAME=EXTRA></TD><TD><INPUT TYPE=SUBMIT NAME=DOIT VALUE=Insert></TD></TR></FORM>";
	
}


function myTT (CChains,nCChains, chn) {
	mySel = "<OPTION VALUE=ACCEPT>ACCEPT</OPTION><OPTION VALUE=DROP>DROP</OPTION><OPTION VALUE=LOG>LOG</OPTION><OPTION VALUE=REJECT>REJECT</OPTION><OPTION VALUE=RETURN>RETURN</OPTION><OPTION VALUE=CONNMARK>CONNMARK</OPTION>";
	if (table == "nat" && (chn == "PREROUTING" || chn == "OUTPUT")){mySel = mySel "<OPTION VALUE=DNAT>DNAT</OPTION><OPTION VALUE=REDIRECT>REDIRECT</OPTION>";}
	if (table == "nat" && chn == "POSTROUTING"){mySel = mySel "<OPTION VALUE=SNAT>SNAT</OPTION><OPTION VALUE=MASQUERADE>MASQUERADE</OPTION>";}
	if (table == "mangle"){mySel = mySel "<OPTION VALUE=MARK>MARK</OPTION>";}
	if (table == "raw"){mySel = mySel "<OPTION VALUE=NOTRACK>NOTRACK</OPTION>";}
	for (z = 1; z<=nCChains; z++) {	if (CChains[z] != chn) { mySel = mySel "<OPTION VALUE=" CChains[z] ">" CChains[z] "</OPTION>";}	}
	return mySel;
}
function myDD (lines) {
	mySel = "<TR><TD><SELECT NAME=ROW>";
	for (z = 1; z<=lines-1; z++) {
		mySel = mySel "<OPTION VALUE=" z ">" z "</OPTION>";
	}
	mySel = mySel "<OPTION VALUE=A SELECTED>" lines "</OPTION>";
	myStr = mySel "</SELECT></TD>";
	return mySel;
}

function AdminIFC () {
	usb=""; flash=""; admsafe=""; admunsafe=""; logsyslog=""; loginternal="";
	if (myConf["BOOT"] =="usb") {usb=" checked";} else if (myConf["BOOT"] =="flash") {flash=" checked";}
	if (check["AIRBAG"] == "1") {admsafe=" checked";} else {admunsafe=" checked";}
	if (myConf["LOGTARGET"] == "syslog") {logsyslog=" checked";} else {loginternal=" checked";}
	if (myConf["DSLDOFF"] == "1") {dsldoff=" checked";}
	if (myConf["ADMINIP"] > "") {adminr="adming";} else {adminr="adminr";}
	myStr = "<TABLE cellspacing=\"0\" WIDTH=100%><TR><TH COLSPAN=3>INTERFACE SETTINGS </TH></TR>";
	myStr = myStr "<FORM METHOD=POST ACTION=" myURL "><TR><TH class=right>" ipStr "ADMIN IP : </TH><TD COLSPAN=2><INPUT CLASS=" adminr " TYPE=TEXT NAME=ADMIP VALUE=\"" ifcIP "\"></TD><TD><INPUT TYPE=SUBMIT NAME=SETIP VALUE=set></TD></TR></FORM>";
	myStr = myStr "<FORM METHOD=POST ACTION=" myURL ">";
	myStr = myStr "<TR><TH class=right>SET BACKUP DIRECTORY : </TH><TD COLSPAN=2><INPUT CLASS=admin TYPE=TEXT NAME=BACDIR VALUE=\"" myConf["BACK"] "\"></TD></TR>";
if (nolog == 0) {
	myStr = myStr "<TR><TH class=right>SET LOG DIRECTORY : </TH><TD COLSPAN=2><INPUT CLASS=admin TYPE=TEXT NAME=LOGDIR VALUE=\"" myConf["LOGD"] "\"></TD></TR>";
} else { 
	myStr = myStr "<INPUT TYPE=HIDDEN NAME=LOGDIR VALUE=\"" myConf["LOGD"] "\">";
}
if (myConf["BOOT"]=="usb") {
	myStr = myStr "<TR><TH class=right>SET BOOT DIRECTORY : </TH><TD COLSPAN=2><INPUT CLASS=admin TYPE=TEXT NAME=BOOTDIR VALUE=\"" myConf["BOOTDIR"] "\"></TD></TR>";
} else {
	myStr = myStr "<INPUT TYPE=HIDDEN NAME=BOOTDIR VALUE=\"" myConf["BOOTDIR"] "\">";
}
	if (ip6enabled == 1){ myRowspan = 7;} else { myRowspan = 8;}
	myStr = myStr "<TR><TH class=right>BOOT FROM : </TH><TD class=left><INPUT TYPE=RADIO NAME=BOOT VALUE=flash" flash ">Fritz flash</TD><TD class=left><INPUT TYPE=RADIO NAME=BOOT VALUE=usb" usb ">USB stick</TD></TR>";
	if (BoxType == 72) {
		myStr = myStr "<TR><TH class=right>LOG TO : </TH><TD class=left><INPUT TYPE=RADIO NAME=LOGTO VALUE=internal " loginternal "> nhipt-deamon</TD><TD class=left><INPUT TYPE=RADIO NAME=LOGTO VALUE=syslog " logsyslog "> syslog-deamon </TD></TR>";
	} else { 
		myStr = myStr "<INPUT TYPE=HIDDEN NAME=LOGTO VALUE=syslog>"
	}
	if (BoxType == 73) {
		myModules["ip_conntrack"] = 1;
		myModules["ip_nat"] = 1;
		myModules["iptable_mangle"] = 1;
	}
	myStr = myStr "<TR><TH class=right>ADMIN LEVEL : </TH><TD class=left><INPUT TYPE=RADIO NAME=AIRBAG VALUE=0 " admunsafe "> advanced</TD><TD class=left><INPUT TYPE=RADIO NAME=AIRBAG VALUE=1 " admsafe "> safe</TD></TR>";
	myStr = myStr "<TR><TH class=right>BOOT DELAY : </TH><TD class=left><SELECT NAME=DELAY>" cbOption(myConf["DELAY"],0,"OFF") cbOption(myConf["DELAY"],30,"30 sec") cbOption(myConf["DELAY"],60,"1 min") cbOption(myConf["DELAY"],180,"3 min") cbOption(myConf["DELAY"],300,"5 min") cbOption(myConf["DELAY"],600,"10 min")"</TD><TD class=left><INPUT TYPE=CHECKBOX NAME=DSLDOFF VALUE=1 " dsldoff "> stop dsld on delay</TD></TR>";
	myStr = myStr "<TR><TH class=right ROWSPAN=" myRowspan ">EXTRAS : </TH><TH class=left>" cbModule("ip_conntrack", "CONNTRACK") "</TH><TH class=left>" cbModule("ip_nat", "NAT") "</TH></TR>";
	if (BoxType != 73) {
		myStr = myStr "<TR><TD class=left>" cbModule("ip_conntrack_ftp", "ftp")   "</TD><TD class=left>" cbModule("ip_nat_ftp","ftp") "</TD></TR>";
	}
	myStr = myStr "<TR><TD class=left>" cbModule("ip_conntrack_h323", "h323") "</TD><TD class=left>" cbModule("ip_nat_h323","h323") "</TD></TR>";
	myStr = myStr "<TR><TD class=left>" cbModule("ip_conntrack_irc", "irc")   "</TD><TD class=left>" cbModule("ip_nat_irc", "irc") "</TD></TR>";
	myStr = myStr "<TR><TD class=left>" cbModule("ip_conntrack_pptp", "pptp") "</TD><TD class=left>" cbModule("ip_nat_pptp", "pptp") "</TD></TR>";
	myStr = myStr "<TR><TD class=left>" cbModule("ip_conntrack_tftp", "tftp") "</TD><TD class=left>" cbModule("ip_nat_tftp", "tftp") "</TD></TR>";
	if (ip6enabled == 0){ 
		myStr = myStr "<TR><TH class=left>" cbModule("iptable_mangle", "mangle")  "</TH><TH class=left>" cbModule("iptable_raw", "raw")  "</TH></TR>";
		myStr = myStr "<TR><TH class=left>" cbModule("ip6table_mangle", "mangle [ipv6]")  "</TH><TH class=left>" cbModule("ip6table_raw", "raw [ipv6]")  "</TH><TD><INPUT TYPE=SUBMIT NAME=SESAV VALUE=set></TD></TR>";}
	else {
		myStr = myStr "<TR><TH class=left>" cbModule("iptable_mangle", "mangle")  "</TH><TH class=left>" cbModule("iptable_raw", "raw")  "</TH><TD><INPUT TYPE=SUBMIT NAME=SESAV VALUE=set></TD></TR>";}
	myStr = myStr "</FORM></TABLE>";
	return myStr;
}
function cbOption(comp, value, caption){if (comp==value){checked=" SELECTED";} else {checked="";} return "<OPTION VALUE=\"" value "\" " checked ">" caption "</OPTION>";}
function cbModule(name,caption){ return ("<INPUT TYPE=CHECKBOX NAME=\"" name "\"  VALUE=\"" name "\"  " checkModule(name)  "> " caption);}
function checkModule (name){	if (myModules[name] == 1) {return " checked";} else {return "";}}

function AdminButtons(){
	if (check["changed"] == 0)   {prStyle = "ok";} else {prStyle = "error";}
	if (check["log_deamon"] == 0){lgStyle = "ok"; lgAction="<INPUT TYPE=SUBMIT NAME=STOPLOG VALUE=\"stop logging\">"; } else {lgStyle = "error"; lgAction="<INPUT TYPE=SUBMIT NAME=STRTLOG VALUE=\"start logging\">";}
	myStr = "<TABLE cellspacing=\"0\" WIDTH=100%><TR><TH COLSPAN=3>ACTIONS</TH></TR>";
	myStr = myStr "<FORM METHOD=POST ACTION=" myURL "?J=" JumpMark "#END" JumpMark"><TR><TD COLSPAN=3 CLASS=" prStyle "><INPUT TYPE=SUBMIT NAME=PERSIST VALUE=\"persist rules\"></TD></TR>";
	if (nolog == 0){
		myStr = myStr "<TR CLASS=solid><TD COLSPAN=3 CLASS=" lgStyle ">" lgAction "</TD></TR>\
		<TR CLASS=solid><TD COLSPAN=3><INPUT TYPE=SUBMIT NAME=GETSTAT VALUE=\"check status\"></TD></TR>\
		<TR CLASS=solid></TR>\
		<TR CLASS=solid></TR>\
		<TR CLASS=solid><TD><INPUT TYPE=SUBMIT NAME=GETFWLOG VALUE=\"list fw log\"></TD><TD><INPUT TYPE=SUBMIT NAME=SAVFWLOG VALUE=\"arch fw log\"></TD><TD><INPUT TYPE=SUBMIT NAME=CUTFWLOG VALUE=\"trunc fw log\"></TD></TR>\
		<TR CLASS=solid><TD><INPUT TYPE=SUBMIT NAME=GETSYSLOG VALUE=\"list syslog\"></TD><TD><INPUT TYPE=SUBMIT NAME=SAVSYSLOG VALUE=\"arch syslog\"></TD><TD><INPUT TYPE=SUBMIT NAME=CUTSYSLOG VALUE=\"trunc syslog\"></TD></TR>\
		</FORM>";
	} else {
		myStr = myStr "<TR CLASS=solid><TD COLSPAN=3><INPUT TYPE=SUBMIT NAME=GETSTAT VALUE=\"check status\"></TD></TR>\
		<TR CLASS=solid><TD><INPUT TYPE=SUBMIT NAME=GETFWLOG VALUE=\"list fw log\"></TD></TR>\
		<TR CLASS=solid><TD><INPUT TYPE=SUBMIT NAME=GETSYSLOG VALUE=\"list syslog\"></TD></TR>\
		</FORM>";
	}
	myStr = myStr "</TABLE>";
	return myStr;
}
function myTBHL (chain) {
	formPrinted = 1;
	print "<FORM METHOD=POST ACTION=" myURL "?J=" JumpMark "#" table ipv6 chain JumpMark ">"
	print "<TR class=solid><TD COLSPAN=\"11\" class=noborder><A NAME=" table ipv6 chain CurrentJumpMark "><INPUT TYPE=HIDDEN NAME=CHAIN VALUE=" chain "><INPUT TYPE=HIDDEN NAME=TABLE VALUE=" table "><INPUT TYPE=HIDDEN NAME=IPV6 VALUE=" ipv6 ">&nbsp;</TD></TR><TR><TH COLSPAN=\"11\">RULES FOR CHAIN " chain " [ " table " ] [ " ipv6txt " ]</TH></TR>";			
	print "<TR><TH>ID</TH><TH>Source IP</TH><TH>Dest IP</TH><TH>In IFC</TH><TH>Out IFC</TH><TH>Prot</TH><TH>Module</TH><TH>S-Port</TH><TH>D-Port</TH><TH>Action</TH><TH>Param</TH><TH>Edit</TH></TR>";			
}

{
	if (FILENAME != myFile){
		if (formPrinted == 1){
			CurrentChain = myArray["Chain"];
			for (y=1;y<=nTables;y++) { if (Chains[y,1]==CurrentChain) {Chains[y,2] = 1;}}
			if (inSubTable ==1) {inSubTable=0; print "</TABLE><P></TD><TD></TD></TR>"}
			print myDD(i) myFL myTT(CChains,nCChains,CurrentChain) myFR;
		}
		if (inSubTable ==1) {
			if (MySection == "-P") { 
				print "<TR><TD COLSPAN=4 class=noborder>&nbsp;</TD></TR><TR><TH COLSPAN=4>CUSTOM CHAINS</TH></TR>"; 
				inSubTable=1;
				print "<FORM METHOD=POST ACTION=" myURL "?J=" JumpMark "#P" table ipv6 JumpMark "><TR><TD COLSPAN=2><INPUT TYPE=HIDDEN NAME=TABLE VALUE=" table "><INPUT TYPE=HIDDEN NAME=IPV6 VALUE=" ipv6 "><INPUT TYPE=TEXT NAME=CHAIN></TD><TD COLSPAN=2><INPUT TYPE=SUBMIT NAME=MODE VALUE=New></TD></TR></FORM>";
			}
			inSubTable=0; print "</TABLE><P></TD><TD CLASS=noborder COLSPAN=9></TD></TR>"
		}
		for (y=1;y<=nTables;y++) { if (Chains[y,2]==0) { myTBHL(Chains[y,1]); print myDD(1) myFL myTT(CChains,nCChains,Chains[y,1]) myFR;}}

		if (index(FILENAME,"ip6") > 0){ipv6 = 1; ipv6txt = "IPv6"; table = FILENAME; gsub(/\/var\/tmp\/ip6t/,"",table); gsub(/.tmp/,"",table);} else { ipv6 = 0;  ipv6txt = "IPv4"; table = FILENAME; gsub(/\/var\/tmp\/ipt/,"",table); gsub(/.tmp/,"",table);}
		i = 0;
		formPrinted = 0;
		nTables = 0;
		nCChains = 0;
		delete Chains;
		delete CChains;
		myFile = FILENAME;
		MySection = ""

		if (inSubTable ==1) {inSubTable=0; 
				print "</TABLE><P></TD><TD CLASS=noborder COLSPAN=9></TD></TR>"
			}
		print "<TR class=solid><TD COLSPAN=\"3\" class=noborder><TABLE cellspacing=0>";
		print "<TR><TD COLSPAN=12 CLASS=noborder></TD><TR><TH COLSPAN=4>RULES FOR TABLE [ " table " ] [ " ipv6txt " ]</TD></TR>";
	}
	InIF=0;
	OutIF=0;
	SourceIP=0;
	DestIP=0;
	Mode=0;
	SourcePort=0;
	DestPort=0;
	delete myArray;
	myArray["Extra"]=" ";
	myArray["Action"]=$1;
	myArray["Chain"]=$2;
	if (myArray["Action"] == "-P") {
		myArray["Target"]=$3;
		if (MySection != $1) 
			{ inSubTable=1; print "<TR><TH COLSPAN=4><A NAME=P" table ipv6 CurrentJumpMark ">DEFAULT POLICIES</TH></TR><TR><TH>CHAIN</TH><TH>POLICY</TH><TH COLSPAN=2>EDIT</TH></TR>"; }
		nTables++;
		Chains[nTables,1] = $2;
		Chains[nTables,2] = 0;
		if (myArray["Target"] == "ACCEPT") {NewPol = "DROP";} else {NewPol = "ACCEPT";}
		print "<TR><TD>" myArray["Chain"] "</TD><TD class=" myArray["Target"] ">" myArray["Target"] "</TD><TD><A HREF=" myURL "?MODE=POL&IPV6=" ipv6 "&TABLE=" table "&CHAIN=" myArray["Chain"] "&POL=" NewPol "&J=" JumpMark "#P" table ipv6 JumpMark ">[change]</A></TD><TD><A HREF=" myURL "?MODE=POL&IPV6=" ipv6 "&TABLE=" table "&CHAIN=" myArray["Chain"] "&POL=PURGE&J=" JumpMark "#P" table ipv6 JumpMark ">[purge]</A></TD></TR>";
	} else if (myArray["Action"] == "-N") {
		if (MySection != $1) {inSubTable=1; print "<TR><TD COLSPAN=4 class=noborder>&nbsp;</TD></TR><TR><TH COLSPAN=4>CUSTOM CHAINS</TH></TR>"; }
		nTables++;  Chains[nTables,1] = $2; Chains[nTables,2] = 0;
		nCChains++; CChains[nCChains] = $2;
		inSubTable=1;
		print "<TR><TD COLSPAN=\"2\">" myArray["Chain"] "</TD><TD><A HREF=" myURL "?MODE=POL&IPV6=" ipv6 "&TABLE=" table "&CHAIN=" myArray["Chain"] "&POL=DEL&J=" JumpMark "#P" table ipv6 JumpMark ">[Del]</A></TD><TD><A HREF=" myURL "?MODE=POL&IPV6=" ipv6 "&TABLE=" table "&CHAIN=" myArray["Chain"] "&POL=PURGE&J=" JumpMark "#P" table ipv6 JumpMark ">[purge]</A></TD></TR>";
	} else {
		if (MySection != $1){ 
			if (MySection != "-N") { print "<TR><TD COLSPAN=4 class=noborder>&nbsp;</TD></TR><TR><TH COLSPAN=4>CUSTOM CHAINS</TH></TR>"; }
			inSubTable=1;
			print "<FORM METHOD=POST ACTION=" myURL "?J=" JumpMark "#P" table ipv6 JumpMark "><TR><TD COLSPAN=2><INPUT TYPE=HIDDEN NAME=TABLE VALUE=" table "><INPUT TYPE=HIDDEN NAME=IPV6 VALUE=" ipv6 "><INPUT TYPE=TEXT NAME=CHAIN></TD><TD COLSPAN=2><INPUT TYPE=SUBMIT NAME=MODE VALUE=New></TD></TR></FORM>";
			if (settingsPrinted == 0) {settingsPrinted=1;
				print "</TABLE><P></TD><TD COLSPAN=6 class=noborder>" AdminIFC() "</TD><TD class=noborder></TD><TD COLSPAN=2 class=noborder>" AdminButtons() "</TD></TR>"; 
				inSubTable=0;
				print "<FORM METHOD=POST ACTION=" myURL ">";
				print "<TR><TH COLSPAN=\"2\">Experts only: /var/mod/root # </TH><TD COLSPAN=\"9\"><INPUT TYPE=TEXT NAME=EXPERT class=expert></TD><TD><INPUT TYPE=SUBMIT NAME=EXEC VALUE=execute></TD></TR></FORM>";			
				} else {inSubTable=0; print "</TABLE><P></TD><TD CLASS=noborder COLSPAN=9></TD></TR>"}
			}
		if (CurrentChain != myArray["Chain"]) { 
			if (i > 0){
				print myDD(i) myFL myTT(CChains,nCChains,CurrentChain) myFR;
				for (y=1;y<=nTables;y++) { if (Chains[y,1]==CurrentChain) {Chains[y,2] = 1;}}
			}
			myTBHL(myArray["Chain"]);
			i = 1;
			CurrentChain = myArray["Chain"];
		}
		x="";
		for ( j = 3; j <= NF; j++ ) {
			if ($j == "-s")					{j++; if ($j == "!") {j++; myArray["SourceIP"] = "!" $j;} else {myArray["SourceIP"] = $j;}} 
			else if ($j == "-d")			{j++; if ($j == "!") {j++; myArray["DestIP"]   = "!" $j;} else {myArray["DestIP"]   = $j;}}
			else if ($j == "-i")			{j++; if ($j == "!") {j++; myArray["InIF"]     = "!" $j;} else {myArray["InIF"]     = $j;}}
			else if ($j == "-o")			{j++; if ($j == "!") {j++; myArray["OutIF"]    = "!" $j;} else {myArray["OutIF"]    = $j;}}
			else if ($j == "-p")			{j++; if ($j == "!") {j++; myArray["Prot"]     = "!" $j;} else {myArray["Prot"]     = $j;}}
			else if ($j == "-m")			{j++; myArray["Module"] = myArray["Module"] $j " ";} 
			else if ($j == "!")             {x="!";}
			else if ($j == "--src-range")	{j++; myArray["SourceIP"] = x $j; x="";} 
			else if ($j == "--dst-range")	{j++; myArray["DestIP"] = x $j;   x="";} 
			else if ($j == "--sport")		{j++; if ($j == "!") {j++; myArray["Sport"]     = "!" $j;} else {myArray["Sport"]    = $j;}} 
			else if ($j == "--dport")		{j++; if ($j == "!") {j++; myArray["Dport"]     = "!" $j;} else {myArray["Dport"]    = $j;}}
			else if ($j == "--sports")		{j++; if ($j == "!") {j++; myArray["Sport"]     = "!" $j;} else {myArray["Sport"]    = $j;}}
			else if ($j == "--dports")		{j++; if ($j == "!") {j++; myArray["Dport"]     = "!" $j;} else {myArray["Dport"]    = $j;}}
			else if ($j == "--ports")		{j++; if ($j == "!") {j++; myArray["Dport"]     = "!" $j;} else {myArray["Dport"]    = $j;} myArray["Sport"] = myArray["Dport"]} 
			else if ($j == "--state")		{j++; myArray["State"] = $j " ";} 
			else if ($j == "-j")			{j++; myArray["Target"] = $j;}		
			else if ($j == "--log-prefix")	{j++; myArray["Log"] = $j;     ixx = length($j); if (index($j, "\"") > 0 && substr($j,ixx,1) != "\"") {do {j++; myArray["Log"] = myArray["Log"] " " $j " "; if (index($j, "\"") > 0) break;} while (j <= NF)}}
			else if ($j == "--comment")		{j++; myArray["Comment"] = $j; ixx = length($j); if (index($j, "\"") > 0 && substr($j,ixx,1) != "\"") {do {j++; myArray["Comment"] = myArray["Comment"] " " $j " "; if (index($j, "\"") > 0) break;} while (j <= NF)}}
			else if ($j == "--reject-with")	{j++; myArray["Rej"] = $j " ";}
			else					  		{myArray["Extra"] = myArray["Extra"] $j " "; j++; myArray["Extra"] = myArray["Extra"] $j " ";}
		}
		if (editRule==1 && Param["TABLE"] == table && Param["CHAIN"] == myArray["Chain"] && Param["IDX"] == i && Param["IPV6"] == ipv6){
			myRule=$0; gsub(/\"/,"\47", myRule); gsub("-A " myArray["Chain"],"-t " table " -R " myArray["Chain"] " " i " ", myRule);
			if (ipv6 == 1) {myCmd = "ip6tables ";} else {myCmd = "iptables ";}
			print "<TR><TD>" i "</TD><TD><B>/var/mod/root #</B></TD><TD COLSPAN=9><INPUT TYPE=TEXT NAME=EXPERT class=expert VALUE=\"" myCmd myRule "\"></TD><TD><INPUT TYPE=SUBMIT NAME=EXEC VALUE=execute></TD></TR></FORM>";
		} else {
			print "<TR><TD>&nbsp;" i "</TD><TD>&nbsp;" \
			myArray["SourceIP"] "</TD><TD>&nbsp;" myArray["DestIP"] "</TD><TD>&nbsp;" myArray["InIF"] "</TD><TD>&nbsp;" \
			myArray["OutIF"] "</TD><TD>&nbsp;" myArray["Prot"] "</TD><TD>&nbsp;" myArray["Module"] "</TD><TD>&nbsp;" \
			myArray["Sport"] "</TD><TD>&nbsp;" myArray["Dport"] "</TD><TD>&nbsp;" myArray["Target"] "</TD><TD>&nbsp;" \
			myArray["Rej"] myArray["Log"] myArray["State"] myArray["Extra"] myArray["Comment"] "</TD><TD nowrap><A HREF=" myURL "?MODE=UP&IPV6=" ipv6 "&TABLE=" table "&CHAIN=" myArray["Chain"] "&IDX=" i "&J=" JumpMark "#" table ipv6 myArray["Chain"] JumpMark ">[UP]</A> <A HREF=" myURL "?MODE=DN&IPV6=" ipv6 "&TABLE=" table "&CHAIN=" myArray["Chain"] "&IDX=" i "&J=" JumpMark "#" table ipv6 myArray["Chain"] JumpMark ">[DN]</A> <A HREF=" myURL "?MODE=DEL&IPV6=" ipv6 "&TABLE=" table "&CHAIN=" myArray["Chain"] "&IDX=" i "&J=" JumpMark "#" table ipv6 myArray["Chain"] JumpMark ">[Del]</A> <A HREF=" myURL "?MODE=EDT&IPV6=" ipv6 "&TABLE=" table "&CHAIN=" myArray["Chain"] "&IDX=" i "&J=" JumpMark "#" table ipv6 myArray["Chain"] JumpMark ">[Edit]</A></TD></TR>"
		}
		i++;
	}
	MySection = $1;
    }

     END {
	if(exitSwitch==1){exit 0;}
	if (MySection == "-P") { 
		print "<TR><TD COLSPAN=4 class=noborder>&nbsp;</TD></TR><TR><TH COLSPAN=4>CUSTOM CHAINS</TH></TR>"; 
		inSubTable=1;
		print "<FORM METHOD=POST ACTION=" myURL "?J=" JumpMark "#P" table ipv6 JumpMark "><TR><TD COLSPAN=2><INPUT TYPE=HIDDEN NAME=TABLE VALUE=" table "><INPUT TYPE=HIDDEN NAME=IPV6 VALUE=" ipv6 "><INPUT TYPE=TEXT NAME=CHAIN></TD><TD COLSPAN=2><INPUT TYPE=SUBMIT NAME=MODE VALUE=New></TD></TR></FORM>";
		}
	if (inSubTable ==1) {
		 inSubTable=0; 
			if (settingsPrinted == 0) {settingsPrinted=1;
				print "</TABLE><P></TD><TD COLSPAN=6 class=noborder>" AdminIFC() "</TD><TD class=noborder></TD><TD COLSPAN=2 class=noborder>" AdminButtons() "</TD></TR>"; 
				inSubTable=0;
				print "<FORM METHOD=POST ACTION=" myURL ">";
				print "<TR><TH COLSPAN=\"2\">Experts only: /var/mod/root # </TH><TD COLSPAN=\"9\"><INPUT TYPE=TEXT NAME=EXPERT class=expert></TD><TD><INPUT TYPE=SUBMIT NAME=EXEC VALUE=execute></TD></TR></FORM>";			
				} else {inSubTable=0; print "</TABLE><P></TD><TD CLASS=noborder COLSPAN=9></TD></TR>"}
		 }
	if (formPrinted == 1){
		CurrentChain = myArray["Chain"];
		for (y=1;y<=nTables;y++) { if (Chains[y,1]==CurrentChain) {Chains[y,2] = 1;}}
		print myDD(i) myFL myTT(CChains,nCChains,CurrentChain) myFR;
	}
	for (y=1;y<=nTables;y++) { if (Chains[y,2]==0) { myTBHL(Chains[y,1]); print myDD(1) myFL myTT(CChains,nCChains,Chains[y,1]) myFR;}}
	print "<TR class=solid><TD COLSPAN=\"12\" class=noborder><A NAME=END" CurrentJumpMark ">&nbsp;</TD></TR>";
	while ((ret = getline test < "/var/tmp/nhipt.log") > 0) {
		print "<TR><TD COLSPAN=\"12\" class=log>" test "</TD></TR>";
	}
	if (ret==0){close("/var/tmp/nhipt.log"); system("rm /var/tmp/nhipt.log");}
	print "</TABLE>";
	print "</BODY>";
	print "</HTML>";
	}' /var/tmp/iptfilter.tmp /var/tmp/iptnat.tmp /var/tmp/iptmangle.tmp /var/tmp/iptraw.tmp /var/tmp/ip6tfilter.tmp /var/tmp/ip6tmangle.tmp /var/tmp/ip6traw.tmp)"
rm /var/tmp/ip*.tmp
myfile=$(echo "$PWD" | sed s/cgi-bin/index.html/)
if [ ! -r $myfile ]
then
cat << EOF > $myfile
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
   "http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
<title>NHIPT-IPTABLES FIREWALL ADMIN</title>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
</head>
<frameset rows="*">
<frame src="/cgi-bin/nhipt.cgi" name="topframe" scrolling="auto" frameborder="0">
<noframes>
<body>
<p>Der Browser unterst&uuml;tzt keine Frames!
<a href="/cgi-bin/nhipt.cgi">Klick mich</a></p>
</body>
</noframes>
</frameset>
</html>

EOF

fi
fi
###########
### EOF ###
###########
</head>
<frameset rows="*">
<frame src="/cgi-bin/nhipt.cgi" name="topframe" scrolling="auto" frameborder="0">
<noframes>
<body>
<p>Der Browser unterst&uuml;tzt keine Frames!
<a href="/cgi-bin/nhipt.cgi">Klick mich</a></p>
</body>
</noframes>
</frameset>
</html>

EOF

fi
fi
###########
### EOF ###
###########

olistudent · 16 Nov 2010

Miyamoto schrieb:

Allerdings funzt es nicht so recht: (/var/log/mod.log)

Code:

...
Setting up virtual network interface ... done.
configuring nhipt gui ... /usr/ipt
modprobe: module ip_tables not found in modules.dep
modprobe: module iptable_filter not found in modules.dep
modprobe: module x_tables not found in modules.dep
modprobe: module ip_conntrack not found in modules.dep
modprobe: module ip_conntrack_ftp not found in modules.dep
modprobe: module ipt_LOG not found in modules.dep
modprobe: module ipt_REJECT not found in modules.dep
modprobe: module xt_multiport not found in modules.dep
modprobe: module xt_state not found in modules.dep
iptables reconfigured
Setting up SSH authorized_keys for root ... done.
...

AVM baut bei der 7390 einige iptables-Module fest in den Kernel. Funktionieren sollte das trotzdem.

Gruß
Oliver

NHIPT & iptables für die 7390

Aktives Mitglied

IPPF-Urgestein

IPPF-Urgestein

Aktives Mitglied

IPPF-Promi

Aktives Mitglied

Anhänge

IPPF-Urgestein

Aktives Mitglied

IPPF-Urgestein

Aktives Mitglied

IPPF-Urgestein

Aktives Mitglied

Neuer User

IPPF-Urgestein

IPPF-Urgestein

Neuer User

IPPF-Urgestein

Neuer User

Aktives Mitglied

IPPF-Urgestein

Statistik des Forums