$errormessage=&checksource;
if(!$errormessage){&checktarget;}
if(!$errormessage){&checkrule;}
-
#check if we change an forward rule to an external access
- if( $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'oldgrp2a'} ne 'ipfire'){
+ if( $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'oldgrp2a'} ne 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){
$fwdfwsettings{'updatefwrule'}='';
$fwdfwsettings{'config'}=$configfwdfw;
$fwdfwsettings{'nobase'}='on';
&deleterule;
+ &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}
-
#check if we change an external access rule to an forward
- if( $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire'){
+ if( $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){
$fwdfwsettings{'updatefwrule'}='';
$fwdfwsettings{'config'}=$configinput;
$fwdfwsettings{'nobase'}='on';
&deleterule;
+ &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}
-
#INPUT part
if($fwdfwsettings{'grp2'} eq 'ipfire'){
$fwdfwsettings{'chain'} = 'INPUTFW';
#check if we have an identical rule already
- foreach my $key (sort keys %configinputfw){
- if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
- eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[16],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- }
- }
-
- &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
- if ($fwdfwsettings{'nobase'} ne 'on'){
- &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
- }
-
- if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
- &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
- }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }
-
- if ($fwdfwsettings{'nobase'} eq 'on'){
- &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ if($fwdfwsettings{'oldrulenumer'} eq $fwdfwsettings{'rulepos'}){
+ foreach my $key (sort keys %configinputfw){
+ if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
+ eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ $errormessage='';
+ }
+ if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
+ $fwdfwsettings{'nosave'} = 'on';
+ }
+ }
+ }
+ }
+ #check if we just close a rule
+ if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} ) {
+ if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ $errormessage='';
+ $fwdfwsettings{'nosave2'} = 'on';
}
-
-
- &saverule(\%configinputfw,$configinput);
-
+ }
+ &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ if ($fwdfwsettings{'nobase'} ne 'on'){
+ &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
+ }
+ if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
+ }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }
+ if($fwdfwsettings{'nosave2'} ne 'on'){
+ &saverule(\%configinputfw,$configinput);
+ }
#print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
#print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}<br>";
#print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
#print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
#print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
#print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
-
-
-
}else{
$fwdfwsettings{'chain'} = 'FORWARDFW';
- #check if we have an identical rule already
- foreach my $key (sort keys %configfwdfw){
-
- if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
- eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[16],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- }
+ if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
+ #check if we have an identical rule already
+ foreach my $key (sort keys %configfwdfw){
+ if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
+ eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ $errormessage='';
+ }
+ if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
+ $fwdfwsettings{'nosave'} = 'on';
+ }
+ }
+ }
}
+ #check if we just close a rule
+ if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} ) {
+ if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ $fwdfwsettings{'nosave2'} = 'on';
+ $errormessage='';
+ }
+ }
#increase counters
&checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
-
&checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
-
if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
}elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}
-
if ($fwdfwsettings{'nobase'} eq 'on'){
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}
-
-
- &saverule(\%configfwdfw,$configfwdfw);
-
+ if ($fwdfwsettings{'nosave2'} ne 'on'){
+ &saverule(\%configfwdfw,$configfwdfw);
+ }
#print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
#print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}<br>";
#print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
#print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
#print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
#print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
-
-
-
}
if ($errormessage){
&newrule;
}else{
- &rules;
+ if($fwdfwsettings{'nosave2'} ne 'on'){
+ &rules;
+ }
&base;
}
-
}
if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'reset'})
{
$fwdfwsettings{'POLICY'}='MODE0';
system("rm ${General::swroot}/forward/config");
system("rm ${General::swroot}/forward/input");
- %fwdfwsettings = ();
-
&General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); }
unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); }
-
+ %fwdfwsettings = ();
&reread_rules;
}
}elsif($base1 eq 'cust_srvgrp'){
&dec_counter($configsrvgrp,\%customservicegrp,$val1);
}
-
+
if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){
&inc_counter($confignet,\%customnetwork,$val2);
}elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){
my %hash=%{(shift)};
my $val=shift;
my $pos;
-
+
&General::readhasharray($config, \%hash);
foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
if($hash{$key}[0] eq $val){
$pos=$#{$hash{$key}};
$hash{$key}[$pos] = $hash{$key}[$pos]+1;
-
}
}
&General::writehasharray($config, \%hash);
if($hash{$key}[0] eq $val){
$pos=$#{$hash{$key}};
$hash{$key}[$pos] = $hash{$key}[$pos]-1;
-
}
}
&General::writehasharray($config, \%hash);
}
sub base
{
-
if ($fwdfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; }
if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; }
if ($fwdfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; }
-
+
&hint;
if ($fwdfwsettings{'POLICY'} ne 'MODE0' && $fwdfwsettings{'POLICY'} ne '') {
&addrule;
}
-
+
#print"<table width='100' border='1'><tr>";
#foreach (0 .. 40){
#my $i="color".$_;
{
&error;
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
-
+
print "<form method='post'>";
print "<table border='0'>";
print "<tr><td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw newrule'}'></td>";
&Header::closebox();
&viewtablerule;
-
}
sub deleterule
{
my %delhash=();
&General::readhasharray($fwdfwsettings{'config'}, \%delhash);
- foreach my $key (sort keys %delhash){
- if ($key eq $fwdfwsettings{'key'}){
+ foreach my $key (sort {$a <=> $b} keys %delhash){
+ if ($key == $fwdfwsettings{'key'}){
#check hosts/net and groups
&checkcounter($delhash{$key}[3],$delhash{$key}[4],,);
&checkcounter($delhash{$key}[5],$delhash{$key}[6],,);
&checkcounter($delhash{$key}[14],$delhash{$key}[15],,);
}
}
-
- if ($key ge $fwdfwsettings{'key'}) {
+ if ($key >= $fwdfwsettings{'key'}) {
my $next = $key + 1;
if (exists $delhash{$next}) {
- foreach my $i (0 .. $#{$configfwdfw{$next}}) {
+ foreach my $i (0 .. $#{$delhash{$next}}) {
$delhash{$key}[$i] = $delhash{$next}[$i];
}
}
}
}
# Remove the very last entry.
- my $last_key = (sort keys %delhash)[-1];
+ my $last_key = (sort {$a <=> $b} keys %delhash)[-1];
delete $delhash{$last_key};
&General::writehasharray($fwdfwsettings{'config'}, \%delhash);
&rules;
+
if($fwdfwsettings{'nobase'} ne 'on'){
&base;
}
}
&General::writehasharray("$configfwdfw", \%configfwdfw);
&rules;
-
}
sub checksource
{
if ($fwdfwsettings{'src_addr'} =~ /^(.*?)\/(.*?)$/) {
($ip,$subnet)=split (/\//,$fwdfwsettings{'src_addr'});
$subnet = &General::iporsubtocidr($subnet);
+ $fwdfwsettings{'isip'}='on';
}
#check if only ip
if($fwdfwsettings{'src_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
$ip=$fwdfwsettings{'src_addr'};
$subnet = '32';
+ $fwdfwsettings{'isip'}='on';
}
- #check and form valid IP
- $ip=&General::ip2dec($ip);
- $ip=&General::dec2ip($ip);
- #check if net or broadcast
- my @tmp= split (/\./,$ip);
- if (($tmp[3] eq "0") || ($tmp[3] eq "255"))
- {
- $errormessage=$Lang::tr{'fwhost err hostip'};
- }
- $fwdfwsettings{'src_addr'}="$ip/$subnet";
- if(!&General::validipandmask($fwdfwsettings{'src_addr'})){
+ if ($fwdfwsettings{'isip'} ne 'on'){
+ if (&General::validmac($fwdfwsettings{'src_addr'})){$fwdfwsettings{'ismac'}='on';}
+ }
+ if ($fwdfwsettings{'isip'} eq 'on'){
+ #check and form valid IP
+ $ip=&General::ip2dec($ip);
+ $ip=&General::dec2ip($ip);
+ #check if net or broadcast
+ my @tmp= split (/\./,$ip);
+ if (($tmp[3] eq "0") || ($tmp[3] eq "255"))
+ {
+ $errormessage=$Lang::tr{'fwhost err hostip'}."<br>";
+ }
+ $fwdfwsettings{'src_addr'}="$ip/$subnet";
+
+ if(!&General::validipandmask($fwdfwsettings{'src_addr'})){
+ $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
+ }
+ }
+ if ($fwdfwsettings{'isip'} ne 'on' && $fwdfwsettings{'ismac'} ne 'on'){
$errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
}
}elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){
$errormessage.=$Lang::tr{'fwdfw err nosrcip'};
return $errormessage;
}
-
+
#check empty fields
if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}."<br>";}
#check icmp source
$fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]";
}
}
+ }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'GRE'){
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ESP'){
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'ICMP_TYPES'}='';
}elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP'){
$fwdfwsettings{'ICMP_TYPES'}='';
}else{
$fwdfwsettings{'SRC_PORT'}='';
$fwdfwsettings{'PROT'}='';
}
-
+
if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP' && $fwdfwsettings{'SRC_PORT'} ne ''){
#change dashes with :
$fwdfwsettings{'SRC_PORT'}=~ tr/-/:/;
if ($fwdfwsettings{'SRC_PORT'} =~ /^(\d+)\:(\D)$/) {
$fwdfwsettings{'SRC_PORT'} = "$1:65535";
}
-
+
$errormessage.=&General::validportrange($fwdfwsettings{'SRC_PORT'},'src');
}
return $errormessage;
sub checktarget
{
my ($ip,$subnet);
-
-
+
if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){
#check if ip with subnet
if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) {
my @tmp= split (/\./,$ip);
if (($tmp[3] eq "0") || ($tmp[3] eq "255"))
{
- $errormessage=$Lang::tr{'fwhost err hostip'};
+ $errormessage=$Lang::tr{'fwhost err hostip'}."<br>";
}
- $fwdfwsettings{'tgt_addr'}=$ip."/".$subnet;
+ $fwdfwsettings{'tgt_addr'}="$ip/$subnet";
if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
$errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
}
-
+
}elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){
$errormessage.=$Lang::tr{'fwdfw err notgtip'};
return $errormessage;
}
-
+
#check empty fields
if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."<br>";}
-
+
#check tgt services
if ($fwdfwsettings{'USESRV'} eq 'ON'){
if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
}
}
if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){
- if ($fwdfwsettings{'TGT_PROT'} ne 'ICMP'){
+ if ($fwdfwsettings{'TGT_PROT'} ne 'ICMP' && $fwdfwsettings{'TGT_PROT'} ne 'GRE'){
if ($fwdfwsettings{'TGT_PORT'} ne ''){
#change dashes with :
$fwdfwsettings{'TGT_PORT'}=~ tr/-/:/;
}
$errormessage .= &General::validportrange($fwdfwsettings{'TGT_PORT'}, 'destination');
}
+ }elsif ($fwdfwsettings{'TGT_PROT'} eq 'GRE'){
+ $fwdfwsettings{'TGT_PORT'} = '';
+ $fwdfwsettings{'ICMP_TGT'} = '';
+ }elsif($fwdfwsettings{'TGT_PORT'} eq 'ESP'){
+ $fwdfwsettings{'TGT_PORT'}='';
+ $fwdfwsettings{'ICMP_TGT'}='';
}elsif ($fwdfwsettings{'TGT_PROT'} eq 'ICMP'){
+ $fwdfwsettings{'TGT_PORT'} = '';
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
foreach my $key (keys %icmptypes){
if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwdfwsettings{'ICMP_TGT'}){
-
$fwdfwsettings{'ICMP_TGT'}=$icmptypes{$key}[0];
}
}
}
}
}
-
+
#check targetport
if ($fwdfwsettings{'USESRV'} ne 'ON'){
$fwdfwsettings{'grp3'}='';
$fwdfwsettings{'TGT_PROT'}='';
$fwdfwsettings{'ICMP_TGT'}='';
}
-
-
#check timeframe
if($fwdfwsettings{'TIME'} eq 'ON'){
if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && $fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && $fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && $fwdfwsettings{'TIME_SUN'} eq ''){
$errormessage=$Lang::tr{'fwdfw err time'};
}
}
-
-
-
return $errormessage;
}
sub checkrule
$errormessage.=$Lang::tr{'fwdfw err same'};
return $errormessage;
}
-
+
#get source and targetip address if possible
my ($sip,$scidr,$tip,$tcidr);
($sip,$scidr)=&get_ip("src","grp1");
($tip,$tcidr)=&get_ip("tgt","grp2");
-
-
-
+
#check same iprange in source and target
if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){
-
my $networkip1=&General::getnetworkip($sip,$scidr);
my $networkip2=&General::getnetworkip($tip,$tcidr);
if ($scidr gt $tcidr){
$errormessage.=$Lang::tr{'fwdfw err samesub'};
}
}elsif($scidr eq $tcidr && $scidr eq '32'){
- my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(".",$networkip1);
- my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(".",$networkip2);
+ my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(/\./,$networkip1);
+ my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(/\./,$networkip2);
if ($sbyte1 eq $tbyte1 && $sbyte2 eq $tbyte2 && $sbyte3 eq $tbyte3){
$hint=$Lang::tr{'fwdfw hint ip1'}."<br>";
- $hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target:$networkip2/$tcidr<br>";
+ $hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr<br>";
}
-
}else{
if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
$errormessage.=$Lang::tr{'fwdfw err samesub'};
}
}
}
-
+
#check source and destination protocol if manual
if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){
if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
}
}
}
-
}
sub get_ip
{
}
}
}
-
return $a,$b;
}
sub newrule
&General::readhasharray("$configgrp", \%customgrp);
&General::readhasharray("$configipsec", \%ipsecconf);
&General::get_aliases(\%aliases);
-
-
my %checked=();
my $helper;
+ my $sum=0;
if($fwdfwsettings{'config'} eq ''){$fwdfwsettings{'config'}=$configfwdfw;}
my $config=$fwdfwsettings{'config'};
my %hash=();
-
$checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
$checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
$checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
-
#check if update and get values
if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){
&General::readhasharray("$config", \%hash);
foreach my $key (sort keys %hash){
+ $sum++;
if ($key eq $fwdfwsettings{'key'}){
+ $fwdfwsettings{'oldrulenumber'} = $key;
$fwdfwsettings{'RULE_ACTION'} = $hash{$key}[0];
$fwdfwsettings{'ACTIVE'} = $hash{$key}[2];
$fwdfwsettings{'grp1'} = $hash{$key}[3];
$fwdfwsettings{'TIME_SUN'} = $hash{$key}[25];
$fwdfwsettings{'TIME_FROM'} = $hash{$key}[26];
$fwdfwsettings{'TIME_TO'} = $hash{$key}[27];
-
$checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
$checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
$checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
$fwdfwsettings{'oldgrp3a'}=$fwdfwsettings{'grp3'};
$fwdfwsettings{'oldgrp3b'}=$fwdfwsettings{$fwdfwsettings{'grp3'}};
$fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'};
+ $fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'};
}else{
$fwdfwsettings{'ACTIVE'}='ON';
$checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
}
-
+
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
-
+
print <<END;
<form method="post">
<table border='0'>
if($fwdfwsettings{'POLICY'} eq 'MODE2'){
$fwdfwsettings{'RULE_ACTION'} = 'DROP';
}
-
+
if ($_ eq $fwdfwsettings{'RULE_ACTION'})
{
print"<option selected>$_</option>";
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'});
-
-
+
+
#------SOURCE-------------------------------------------------------
print<<END;
<table width='100%' border='0'>
<tr><td width='1%'><input type='radio' name='grp1' value='src_addr' checked></td><td colspan='5'>$Lang::tr{'fwdfw sourceip'}<input type='TEXT' name='src_addr' value='$fwdfwsettings{'src_addr'}' ></td></tr>
<tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr>
<tr><td width='1%'><input type='radio' name='grp1' value='std_net_src' $checked{'grp1'}{'std_net_src'}></td><td nowrap='nowrap' width='12%'>$Lang::tr{'fwhost stdnet'}</td><td width='13%'><select name='std_net_src' style='min-width:185px;'>
-
END
foreach my $network (sort keys %defaultNetworks)
{
next if($defaultNetworks{$network}{'LOCATION'} eq "IPCOP");
+ next if($defaultNetworks{$network}{'NAME'} eq "RED");
print "<option value='$defaultNetworks{$network}{'NAME'}'";
print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $defaultNetworks{$network}{'NAME'});
print ">$network</option>";
}
print<<END;
</select></td></tr>
-
+
<tr><td valign='top'><input type='radio' name='grp1' value='cust_grp_src' $checked{'grp1'}{'cust_grp_src'}></td><td >$Lang::tr{'fwhost cust grp'}</td><td><select name='cust_grp_src' style='min-width:185px;'>
END
foreach my $key (sort { uc($customgrp{$a}[0]) cmp uc($customgrp{$b}[0]) } keys %customgrp) {
print"<option ";
print "selected='selected' " if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $customgrp{$key}[0]);
print ">$customgrp{$key}[0]</option>";
-
-
}
$helper=$customgrp{$key}[0];
}
print<<END;
</select></td></tr>
END
-
+
# <td valign='top'><input type='radio' name='grp1' value='ipsec_host_src' $checked{'grp1'}{'ipsec_host_src'}></td><td >$Lang::tr{'fwhost ipsec host'}</td><td><select name='ipsec_host_src' style='min-width:185px;'>
#END
# foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
# }
# }
print<<END;
-
<tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr></table>
-
-
<table width='100%' border='0'>
<tr><td width='1%'><input type='checkbox' name='USE_SRC_PORT' value='ON' $checked{'USE_SRC_PORT'}{'ON'}></td><td width='51%' colspan='3'>$Lang::tr{'fwdfw use srcport'}</td>
<td width='15%' nowrap='nowrap'>$Lang::tr{'fwdfw man port'}</td><td><select name='PROT'>
END
- foreach ("TCP","UDP","GRE","ICMP")
+ foreach ("TCP","UDP","GRE","ESP","ICMP")
{
if ($_ eq $fwdfwsettings{'PROT'})
{
<tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr' checked></td><td colspan='2'>$Lang::tr{'fwdfw targetip'}<input type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16'><td><input type='radio' name='grp2' value='ipfire' $checked{'grp2'}{'ipfire'}></td><td><b>IPFire ($Lang::tr{'external access'})</b></td><td><select name='ipfire' style='min-width:185px;'>
END
print "<option value='Default IP' $selected{'ipfire'}{'Default IP'}>Default IP</option>";
-
+
foreach my $alias (sort keys %aliases)
{
print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
}
-
+
print<<END;
</td></tr>
<tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr>
<tr><td width='1%'><input type='radio' name='grp2' value='std_net_tgt' $checked{'grp2'}{'std_net_tgt'}></td><td nowrap='nowrap' width='12%'>$Lang::tr{'fwhost stdnet'}</td><td width='13%'><select name='std_net_tgt' style='min-width:185px;'>
-
END
-
foreach my $network (sort keys %defaultNetworks)
{
print "<option value='$defaultNetworks{$network}{'NAME'}'";
</select></td><td width='1%'><input type='radio' name='grp2' value='ovpn_net_tgt' $checked{'grp2'}{'ovpn_net_tgt'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%'><select name='ovpn_net_tgt' style='min-width:185px;'>
END
&fillselect(\%ccdnet,$fwdfwsettings{$fwdfwsettings{'grp2'}});
-
print<<END;
</select></td></tr>
<tr><td><input type='radio' name='grp2' value='cust_net_tgt' $checked{'grp2'}{'cust_net_tgt'}></td><td>$Lang::tr{'fwhost cust net'}</td><td><select name='cust_net_tgt' style='min-width:185px;'>
}
print<<END;
</select></td></tr>
-
<tr><td valign='top'><input type='radio' name='grp2' value='cust_grp_tgt' $checked{'grp2'}{'cust_grp_tgt'}></td><td >$Lang::tr{'fwhost cust grp'}</td><td><select name='cust_grp_tgt' style='min-width:185px;'>
END
$helper='';
print<<END;
</select></td></tr>
END
-
# <td valign='top'><input type='radio' name='grp2' value='ipsec_host_tgt' $checked{'grp2'}{'ipsec_host_tgt'}></td><td >$Lang::tr{'fwhost ipsec host'}</td><td><select name='ipsec_host_tgt' style='min-width:185px;'>
#END
# foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
</table>
<b>$Lang::tr{'fwhost attention'}:</b><br>
$Lang::tr{'fwhost macwarn'}<br><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; '></hr><br>
-
+
<table width='100%' border='0'>
<tr><td width='1%'><input type='checkbox' name='USESRV' value='ON' $checked{'USESRV'}{'ON'} ></td><td width='48%'>$Lang::tr{'fwdfw use srv'}</td><td width='1%'><input type='radio' name='grp3' value='cust_srv' checked></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td width='1%' colspan='2'><select name='cust_srv'style='min-width:230px;' >
END
&General::readhasharray("$configsrv", \%customservice);
- foreach my $key (sort keys %customservice){
+ foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){
print"<option ";
print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]);
print"value='$customservice{$key}[0]'>$customservice{$key}[0]</option>";
END
&General::readhasharray("$configsrvgrp", \%customservicegrp);
my $helper;
- foreach my $key (sort keys %customservicegrp){
+ foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) } keys %customservicegrp){
if ($helper ne $customservicegrp{$key}[0]){
print"<option ";
print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservicegrp{$key}[0]);
</select></td></tr>
<tr><td colspan='2'></td><td><input type='radio' name='grp3' value='TGT_PORT' $checked{'grp3'}{'TGT_PORT'}></td><td>$Lang::tr{'fwdfw man port'}</td><td><select name='TGT_PROT'>
END
- foreach ("TCP","UDP","GRE","ICMP")
+ foreach ("TCP","UDP","GRE","ESP","ICMP")
{
if ($_ eq $fwdfwsettings{'TGT_PROT'})
{
print<<END;
</select></td></tr>
</table><hr><br><br>
-
+
END
#---Activate/logging/remark-------------------------------------
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'});
print<<END;
<table width='100%' border='0'>
- <tr><td colspan='2' >$Lang::tr{'remark'}:<input type='text' name='ruleremark' size='40' value='$fwdfwsettings{'ruleremark'}'></td></tr>
+ <tr><td width='12%'>$Lang::tr{'remark'}:</td><td align='left'><input type='text' name='ruleremark' size='40' maxlength='255' value='$fwdfwsettings{'ruleremark'}'></td></tr>
+END
+ if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on'){
+ print "<tr><td width='12%'>$Lang::tr{'fwdfw rulepos'}:</td><td><select name='rulepos' >";
+ for (my $count =1; $count <= $sum; $count++){
+ print"<option value='$count' ";
+ print"selected='selected'" if($fwdfwsettings{'oldrulenumber'} eq $count);
+ print">$count</option>";
+ }
+ print"</select></td></tr>";
+ }
+
+ print<<END;
+ </table><table width='100%'>
<tr><td width='1%'><input type='checkbox' name='ACTIVE' value='ON' $checked{'ACTIVE'}{'ON'}></td><td>$Lang::tr{'fwdfw rule activate'}</td></tr>
<tr><td width='1%'><input type='checkbox' name='LOG' value='ON' $checked{'LOG'}{'ON'} ></td><td>$Lang::tr{'fwdfw log rule'}</td></tr>
</table><hr><br>
<tr>
<td align='left'>$Lang::tr{'time'}:</td>
<td width='30%' align='left'>$Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'}</td>
-
<td width='15%' align='left'>$Lang::tr{'advproxy from'}</td>
<td width='15%' align='left'>$Lang::tr{'advproxy to'}</td>
</tr>
<input type='checkbox' name='TIME_SAT' value='on' $checked{'TIME_SAT'}{'on'} />
<input type='checkbox' name='TIME_SUN' value='on' $checked{'TIME_SUN'}{$Lang::tr{'fwdfw wd_sun'}} />
</td>
-
<td><select name='TIME_FROM'>
END
for (my $i=0;$i<=23;$i++) {
print "\t\t\t\t\t<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
}
}
- print<<END;
+ print<<END;
</select></td></tr>
</table><hr>
END
<input type='hidden' name='oldgrp3a' value='$fwdfwsettings{'oldgrp3a'}' />
<input type='hidden' name='oldgrp3b' value='$fwdfwsettings{'oldgrp3b'}' />
<input type='hidden' name='oldusesrv' value='$fwdfwsettings{'oldusesrv'}' />
-
+ <input type='hidden' name='oldrulenumber' value='$fwdfwsettings{'oldrulenumber'}' />
+ <input type='hidden' name='rulenumber' value='$fwdfwsettings{'rulepos'}' />
<input type='hidden' name='ACTION' value='saverule' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value'reset'></td></td>
-
</table></form>
END
}
}
sub saverule
{
-
my $hash=shift;
my $config=shift;
&General::readhasharray("$config", $hash);
if (!$errormessage){
- if ($fwdfwsettings{'updatefwrule'} ne 'on' ){
+ if ($fwdfwsettings{'updatefwrule'} ne 'on'){
my $key = &General::findhasharraykey ($hash);
$$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
$$hash{$key}[1] = $fwdfwsettings{'chain'};
$$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
&General::writehasharray("$config", $hash);
}else{
- foreach my $key (sort keys %$hash){
+ foreach my $key (sort {$a <=> $b} keys %$hash){
if($key eq $fwdfwsettings{'key'}){
$$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
$$hash{$key}[1] = $fwdfwsettings{'chain'};
last;
}
}
+ }
+ &General::writehasharray("$config", $hash);
+ if($fwdfwsettings{'oldrulenumber'} gt $fwdfwsettings{'rulepos'}){
+ my %tmp=();
+ my $val=$fwdfwsettings{'oldrulenumber'}-$fwdfwsettings{'rulepos'};
+ for (my $z=0;$z<$val;$z++){
+ foreach my $key (sort {$a <=> $b} keys %$hash){
+ if ($key eq $fwdfwsettings{'oldrulenumber'}) {
+ my $last = $key -1;
+ if (exists $$hash{$last}){
+ #save rule last
+ foreach my $y (0 .. $#{$$hash{$last}}) {
+ $tmp{0}[$y] = $$hash{$last}[$y];
+ }
+ #copy active rule to last
+ foreach my $i (0 .. $#{$$hash{$last}}) {
+ $$hash{$last}[$i] = $$hash{$key}[$i];
+ }
+ #copy saved rule to actual position
+ foreach my $x (0 .. $#{$tmp{0}}) {
+ $$hash{$key}[$x] = $tmp{0}[$x];
+ }
+ }
+ }
+ }
+ $fwdfwsettings{'oldrulenumber'}--;
+ }
&General::writehasharray("$config", $hash);
+ &rules;
+ }elsif($fwdfwsettings{'rulepos'} gt $fwdfwsettings{'oldrulenumber'}){
+ my %tmp=();
+ my $val=$fwdfwsettings{'rulepos'}-$fwdfwsettings{'oldrulenumber'};
+ for (my $z=0;$z<$val;$z++){
+ foreach my $key (sort {$a <=> $b} keys %$hash){
+ if ($key eq $fwdfwsettings{'oldrulenumber'}) {
+ my $next = $key + 1;
+ if (exists $$hash{$next}){
+ #save rule next
+ foreach my $y (0 .. $#{$$hash{$next}}) {
+ $tmp{0}[$y] = $$hash{$next}[$y];
+ }
+ #copy active rule to next
+ foreach my $i (0 .. $#{$$hash{$next}}) {
+ $$hash{$next}[$i] = $$hash{$key}[$i];
+ }
+ #copy saved rule to actual position
+ foreach my $x (0 .. $#{$tmp{0}}) {
+ $$hash{$key}[$x] = $tmp{0}[$x];
+ }
+ }
+ }
+ }
+ $fwdfwsettings{'oldrulenumber'}++;
+ }
+ &General::writehasharray("$config", $hash);
+ &rules;
}
}
}
foreach my $network (sort keys %defaultNetworks)
{
return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
- }
+ }
}
sub validremark
{
# Each part should be at least two characters in length
# but no more than 63 characters
- if (length ($remark) < 1 || length ($remark) > 63) {
+ if (length ($remark) < 1 || length ($remark) > 255) {
return 0;}
# Only valid characters are a-z, A-Z, 0-9 and -
- if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-\s]*$/) {
+ if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-.:_\/\s]*$/) {
return 0;}
# First character can only be a letter or a digit
if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÖÄÜ0-9]*$/) {
return 0;}
# Last character can only be a letter or a digit
- if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9]*$/) {
+ if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9.]*$/) {
return 0;}
return 1;
}
my $key=shift;
my $service;
my $prot;
-
+
if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){
if($hash{$key}[14] eq 'cust_srv'){
&General::readhasharray("$configsrv", \%customservice);
}
}
}elsif($hash{$key}[14] eq 'cust_srvgrp'){
-
+
$service=$hash{$key}[15];
}elsif($hash{$key}[14] eq 'TGT_PORT'){
$service=$hash{$key}[15];
}elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){
print" : ($hash{$key}[12]) <br>$hash{$key}[13]";
}
-
+
if ($prot ne '' || $service ne ''){
print" :";
if ($prot ne ''){
my $config=shift;
my $title=shift;
my $title1=shift;
-
+
if ( ! -z "$config"){
&Header::openbox('100%', 'left',$title);
my $count=0;
&General::readhasharray("$config", $hash);
print"<b>$title1</b><br>";
print"<table width='100%' border='0' cellspacing='1' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;'>";
- print"<tr><td align='center' width='1%'><b>#</td><td></td><td align='center'><b>$Lang::tr{'fwdfw source'}</td><td><b>Log</td><td align='center'><b>$Lang::tr{'fwdfw target'}</td><td align='center'><b>$Lang::tr{'remark'}</td><td align='center' colspan='3'><b>$Lang::tr{'fwdfw action'}</td></tr>";
- foreach my $key (sort keys %$hash){
+ print"<tr><td align='center' width='1%'><b>#</td><td width='1%'></td><td align='center' width='20%'><b>$Lang::tr{'fwdfw source'}</td><td width='1%'><b>Log</td><td align='center' width='20%'><b>$Lang::tr{'fwdfw target'}</td><td align='center' width='70%'><b>$Lang::tr{'remark'}</td><td align='center' colspan='3' width='1%'><b>$Lang::tr{'fwdfw action'}</td></tr>";
+ foreach my $key (sort {$a <=> $b} keys %$hash){
@tmpsrc=();
#check if vpn hosts/nets have been deleted
if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){
if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /ovpn/i){
push (@tmpsrc,$$hash{$key}[6]);
}
-
foreach my $host (@tmpsrc){
if($$hash{$key}[3] eq 'ipsec_net_src' || $$hash{$key}[5] eq 'ipsec_net_tgt'){
- if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
+ if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
$coloryellow='on';
&disable_rule($key);
$$hash{$key}[2]='';
-
}
}elsif($$hash{$key}[3] eq 'ovpn_net_src' || $$hash{$key}[5] eq 'ovpn_net_tgt'){
if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
$$hash{$key}[3]='';
$$hash{$key}[5]='';
}
-
$$hash{'ACTIVE'}=$$hash{$key}[2];
$count++;
-
if($coloryellow eq 'on'){
print"<tr bgcolor='$color{'color14'}' >";
$coloryellow='';
print"<tr bgcolor='$color{'color20'}' >";
}
}
-
print<<END;
<td align='right'>$key</td>
END
}
print<<END;
</td>
-
<form method='post'>
- <td width='1%'><input type='image' img src='$log' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw togglelog'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;'/>
+ <td width='1%' align='left'><input type='image' img src='$log' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw togglelog'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;'/>
<input type='hidden' name='key' value='$key' />
<input type='hidden' name='config' value='$config' />
<input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw togglelog'}' />
END
print<<END;
- <td align='center'>
+ <td align='center' nowrap='nowrap'>
END
if ($$hash{$key}[5] eq 'std_net_tgt'){
print &get_name($$hash{$key}[6]);
}else{
$gif="/images/off.gif"
-
}
print<<END;
<form method='post'>
<input type='hidden' name='config' value='$config' />
<input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw toggle'}' />
</td></form>
-
<form method='post'>
<td width='1%' ><input type='image' img src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'fwdfw edit'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
<input type='hidden' name='key' value='$key' />
<input type='hidden' name='config' value='$config' />
<input type='hidden' name='ACTION' value='editrule' />
</td></form></td>
-
<form method='post'>
<td width='1%'><input type='image' img src='/images/addblue.gif' alt='$Lang::tr{'fwdfw copy'}' title='$Lang::tr{'fwdfw copy'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
<input type='hidden' name='key' value='$key' />
<input type='hidden' name='config' value='$config' />
<input type='hidden' name='ACTION' value='copyrule' />
</td></form></td>
-
-
<form method='post'>
<td width='1%' ><input type='image' img src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'fwdfw delete'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
<input type='hidden' name='key' value='$key' />
}else{
print"<td></td>";
}
-
if (exists $$hash{$key+1}){
print<<END;
<form method='post'>
if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});}
if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});}
if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});}
-
my $weekdays=join(",",@days);
-
if (@days){
print"<tr bgcolor='#FFE4B5'><td colspan='4'>$Lang::tr{'fwdfw time'} ";
print"$weekdays";
print"</table>";
&Header::closebox();
}
-
}
sub fillselect
{
my %hash=%{(shift)};
my $val=shift;
my $key;
- foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash)
- {
- if($hash{$key}[0] eq $val){
- print"<option value='$hash{$key}[0]' selected>$hash{$key}[0]</option>";
- }else{
- print"<option value='$hash{$key}[0]'>$hash{$key}[0]</option>";
- }
+ foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
+ if($hash{$key}[0] eq $val){
+ print"<option value='$hash{$key}[0]' selected>$hash{$key}[0]</option>";
+ }else{
+ print"<option value='$hash{$key}[0]'>$hash{$key}[0]</option>";
}
+ }
}
sub rules
{