From 8b20ca2de4d1b07f2bb2237b97a591cc40deebc4 Mon Sep 17 00:00:00 2001 From: Alexander Marx Date: Wed, 2 May 2018 13:27:06 +0200 Subject: [PATCH] BUG11559: firewall-lib MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit When creating firewallrules or using firewall groups, it should be possible to select a single IpSec subnet if there is more than one. This patch has neccessary changes for the firewall-lib. While the network name of the IpSec changes on save (subnet is added to name) we need to split the name or normalise the field before using it. Signed-off-by: Alexander Marx Tested-by: Peter Müller Signed-off-by: Michael Tremer --- config/firewall/firewall-lib.pl | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl index eabd9a42f2..9b7f55c9d6 100644 --- a/config/firewall/firewall-lib.pl +++ b/config/firewall/firewall-lib.pl @@ -150,6 +150,9 @@ sub get_ipsec_net_ip my $val=shift; my $field=shift; foreach my $key (sort {$a <=> $b} keys %ipsecconf){ + #adapt $val to reflect real name without subnet (if rule with only one ipsec subnet is created) + my @tmpval = split (/\|/, $val); + $val = $tmpval[0]; if($ipsecconf{$key}[1] eq $val){ return $ipsecconf{$key}[$field]; } @@ -390,10 +393,16 @@ sub get_address # IPsec networks. } elsif ($key ~~ ["ipsec_net_src", "ipsec_net_tgt", "IpSec Network"]) { - my $network_address = &get_ipsec_net_ip($value, 11); - my @nets = split(/\|/, $network_address); - foreach my $net (@nets) { - push(@ret, [$net, ""]); + #Check if we have multiple subnets and only want one of them + if ( $value =~ /\|/ ){ + my @parts = split(/\|/, $value); + push(@ret, [$parts[1], ""]); + }else{ + my $network_address = &get_ipsec_net_ip($value, 11); + my @nets = split(/\|/, $network_address); + foreach my $net (@nets) { + push(@ret, [$net, ""]); + } } # The firewall's own IP addresses. -- 2.39.2