]> git.ipfire.org Git - people/stevee/ipfire-2.x.git/blame - html/cgi-bin/firewall.cgi
projects / people / stevee / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
firewall.cgi: Dynamically show/hide DNAT and SNAT configure elements.
[people/stevee/ipfire-2.x.git] / html / cgi-bin / firewall.cgi
CommitLineData
2a81ab0d
AM		 1#!/usr/bin/perl
2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
5bee9a9d 5# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
2a81ab0d
AM		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
2a81ab0d
AM		 21
22use strict;
eff2dbf8 23use Sort::Naturally;
323923d9
MT		 24use utf8;
25use feature 'unicode_strings';
26
2a81ab0d 27no warnings 'uninitialized';
323923d9 28
2a81ab0d
AM		 29# enable only the following on debugging purpose
30#use warnings;
31#use CGI::Carp 'fatalsToBrowser';
32
33require '/var/ipfire/general-functions.pl';
34require "${General::swroot}/lang.pl";
35require "${General::swroot}/header.pl";
fe307136 36require "/usr/lib/firewall/firewall-lib.pl";
2a81ab0d 37
6d8eb5de
AM		 38unless (-d "${General::swroot}/firewall") { system("mkdir ${General::swroot}/firewall"); }
39unless (-e "${General::swroot}/firewall/settings") { system("touch ${General::swroot}/firewall/settings"); }
40unless (-e "${General::swroot}/firewall/config") { system("touch ${General::swroot}/firewall/config"); }
41unless (-e "${General::swroot}/firewall/input") { system("touch ${General::swroot}/firewall/input"); }
42unless (-e "${General::swroot}/firewall/outgoing") { system("touch ${General::swroot}/firewall/outgoing"); }
2a81ab0d
AM		 43
44my %fwdfwsettings=();
45my %selected=() ;
46my %defaultNetworks=();
47my %netsettings=();
48my %customhost=();
49my %customgrp=();
50my %customnetworks=();
51my %customservice=();
52my %customservicegrp=();
53my %ccdnet=();
54my %customnetwork=();
55my %ccdhost=();
56my %configfwdfw=();
57my %configinputfw=();
c7043621 58my %configoutgoingfw=();
2a81ab0d
AM		 59my %ipsecconf=();
60my %color=();
61my %mainsettings=();
62my %checked=();
63my %icmptypes=();
64my %ovpnsettings=();
65my %ipsecsettings=();
66my %aliases=();
15add1c8 67my %optionsfw=();
2669161d 68my %ifaces=();
84a05311 69my %rulehash=();
c7043621 70
11760a70 71my @PROTOCOLS = ("TCP", "UDP", "ICMP", "IGMP", "AH", "ESP", "GRE","IPv6","IPIP");
a1e89f48 72
2a81ab0d
AM		 73my $color;
74my $confignet = "${General::swroot}/fwhosts/customnetworks";
75my $confighost = "${General::swroot}/fwhosts/customhosts";
76my $configgrp = "${General::swroot}/fwhosts/customgroups";
77my $configsrv = "${General::swroot}/fwhosts/customservices";
78my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
79my $configccdnet = "${General::swroot}/ovpn/ccd.conf";
80my $configccdhost = "${General::swroot}/ovpn/ovpnconfig";
81my $configipsec = "${General::swroot}/vpn/config";
82my $configipsecrw = "${General::swroot}/vpn/settings";
6d8eb5de
AM		 83my $configfwdfw = "${General::swroot}/firewall/config";
84my $configinput = "${General::swroot}/firewall/input";
85my $configoutgoing = "${General::swroot}/firewall/outgoing";
2a81ab0d 86my $configovpn = "${General::swroot}/ovpn/settings";
15add1c8 87my $fwoptions = "${General::swroot}/optionsfw/settings";
2669161d 88my $ifacesettings = "${General::swroot}/ethernet/settings";
2a81ab0d
AM		 89my $errormessage='';
90my $hint='';
91my $ipgrp="${General::swroot}/outgoing/groups";
15add1c8 92my $tdcolor='';
515863e2 93my $checkorange='';
b3f4a4ef 94my @protocols;
6d8eb5de 95&General::readhash("${General::swroot}/firewall/settings", \%fwdfwsettings);
2a81ab0d
AM		 96&General::readhash("${General::swroot}/main/settings", \%mainsettings);
97&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
15add1c8 98&General::readhash($fwoptions, \%optionsfw);
2669161d 99&General::readhash($ifacesettings, \%ifaces);
931e1fed
AM		 100&General::readhash("$configovpn", \%ovpnsettings);
101&General::readhash("$configipsecrw", \%ipsecsettings);
102&General::readhasharray("$configipsec", \%ipsecconf);
2a81ab0d
AM		 103&Header::showhttpheaders();
104&Header::getcgihash(\%fwdfwsettings);
cc81c430 105&Header::openpage($Lang::tr{'firewall rules'}, 1, '');
2a81ab0d 106&Header::openbigbox('100%', 'center',$errormessage);
b88c8829
AM		 107#### JAVA SCRIPT ####
108print<<END;
109<script>
a1e89f48
MT		 110 var PROTOCOLS_WITH_PORTS = ["TCP", "UDP"];
111
112 var update_protocol = function() {
113 var protocol = \$("#protocol").val();
114
115 if (protocol === undefined)
116 return;
117
118 // Check if a template is/should be used.
119 if (protocol === "template") {
120 \$("#PROTOCOL_TEMPLATE").show();
121 } else {
122 \$("#PROTOCOL_TEMPLATE").hide();
a5cb9aca 123 }
a1e89f48
MT		 124
125 // Check if we are dealing with a protocol, that knows ports.
126 if (\$.inArray(protocol, PROTOCOLS_WITH_PORTS) >= 0) {
127 \$("#PROTOCOL_PORTS").show();
128 } else {
129 \$("#PROTOCOL_PORTS").hide();
a5cb9aca 130 }
a1e89f48
MT		 131
132 // Handle ICMP.
133 if (protocol === "ICMP") {
134 \$("#PROTOCOL_ICMP_TYPES").show();
135 } else {
136 \$("#PROTOCOL_ICMP_TYPES").hide();
a5cb9aca 137 }
a1e89f48
MT		 138 };
139
140 \$(document).ready(function() {
141 \$("#protocol").change(update_protocol);
142 update_protocol();
143
bfaa6956
SS		 144 // Show/Hide elements when NAT checkbox is checked.
145 if (\$("#USE_NAT").attr("checked")) {
146 \$("#actions").hide();
147 } else {
6bcb5ffe 148 \$(".NAT").hide();
ec6fd189
AM		 149 }
150
151 // Show NAT area when "use nat" checkbox is clicked
93e0855b 152 \$("#USE_NAT").change(function() {
6bcb5ffe 153 \$(".NAT").toggle();
bfaa6956 154 \$("#actions").toggle();
a5cb9aca 155 });
a1e89f48 156
90d752a6
SS		 157 // Hide SNAT items when DNAT is selected and vice versa.
158 if (\$('input[name=nat]:checked').val() == 'dnat') {
159 \$('.snat').hide();
160 } else {
161 \$('.dnat').hide();
162 }
163
164 // Show/Hide elements when SNAT/DNAT get changed.
165 \$('input[name=nat]').change(function() {
166 \$('.snat').toggle();
167 \$('.dnat').toggle();
168 });
169
f18c3831
MT		 170 // Time constraints
171 if(!\$("#USE_TIME_CONSTRAINTS").attr("checked")) {
172 \$("#TIME_CONSTRAINTS").hide();
173 }
174 \$("#USE_TIME_CONSTRAINTS").change(function() {
175 \$("#TIME_CONSTRAINTS").toggle();
176 });
177
79ad6f7e
AM		 178 // Limit concurrent connections per ip
179 if(!\$("#USE_LIMIT_CONCURRENT_CONNECTIONS_PER_IP").attr("checked")) {
180 \$("#LIMIT_CON").hide();
181 }
182 \$("#USE_LIMIT_CONCURRENT_CONNECTIONS_PER_IP").change(function() {
183 \$("#LIMIT_CON").toggle();
184 });
185
d8deec0b
AM		 186 // Rate-limit new connections
187 if(!\$("#USE_RATELIMIT").attr("checked")) {
188 \$("#RATELIMIT").hide();
189 }
190 \$("#USE_RATELIMIT").change(function() {
191 \$("#RATELIMIT").toggle();
192 });
193
b88c8829
AM		 194 // Automatically select radio buttons when corresponding
195 // dropdown menu changes.
196 \$("select").change(function() {
197 var id = \$(this).attr("name");
b88c8829
AM		 198 \$('#' + id).prop("checked", true);
199 });
200 });
b88c8829
AM		 201</script>
202END
203
2a81ab0d
AM		 204#### ACTION #####
205
2a81ab0d
AM		 206if ($fwdfwsettings{'ACTION'} eq 'saverule')
207{
208 &General::readhasharray("$configfwdfw", \%configfwdfw);
209 &General::readhasharray("$configinput", \%configinputfw);
5d7faa45 210 &General::readhasharray("$configoutgoing", \%configoutgoingfw);
84a05311 211 my $maxkey;
79bb8c75
AM		 212 #Set Variables according to the JQuery code in protocol section
213 if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP')
214 {
215 if ($fwdfwsettings{'SRC_PORT'} ne '')
216 {
217 $fwdfwsettings{'USE_SRC_PORT'} = 'ON';
218 }
219 if ($fwdfwsettings{'TGT_PORT'} ne '')
220 {
221 $fwdfwsettings{'USESRV'} = 'ON';
222 $fwdfwsettings{'grp3'} = 'TGT_PORT';
223 }
224 }
225 if ($fwdfwsettings{'PROT'} eq 'template')
226 {
227 $fwdfwsettings{'USESRV'} = 'ON';
228 }
2a81ab0d
AM		 229 $errormessage=&checksource;
230 if(!$errormessage){&checktarget;}
231 if(!$errormessage){&checkrule;}
abb3cfcc 232
515863e2
AM		 233 #check if manual ip (source) is orange network
234 if ($fwdfwsettings{'grp1'} eq 'src_addr'){
235 my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
236 if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
237 $checkorange='on';
238 }
239 }
240 #check useless rules
241 if( ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on') && $fwdfwsettings{'grp2'} eq 'ipfire'){
242 $errormessage.=$Lang::tr{'fwdfw useless rule'}."<br>";
243 }
c7043621 244 #check if we try to break rules
d4cb89d2 245 if( $fwdfwsettings{'grp1'} eq 'ipfire_src' && $fwdfwsettings{'grp2'} eq 'ipfire'){
cb4439f3 246 $errormessage=$Lang::tr{'fwdfw err same'};
c7043621 247 }
84a05311
AM		 248 # INPUT part
249 if ($fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE'){
5de39dea 250 $fwdfwsettings{'config'}=$configinput;
2a81ab0d 251 $fwdfwsettings{'chain'} = 'INPUTFW';
84a05311
AM		 252 $maxkey=&General::findhasharraykey(\%configinputfw);
253 %rulehash=%configinputfw;
254 }elsif ($fwdfwsettings{'grp1'} eq 'ipfire_src' ){
a0fb1099 255 # OUTGOING PART
c7043621
AM		 256 $fwdfwsettings{'config'}=$configoutgoing;
257 $fwdfwsettings{'chain'} = 'OUTGOINGFW';
84a05311
AM		 258 $maxkey=&General::findhasharraykey(\%configoutgoingfw);
259 %rulehash=%configoutgoingfw;
260 }else {
261 # FORWARD PART
5de39dea 262 $fwdfwsettings{'config'}=$configfwdfw;
2a81ab0d 263 $fwdfwsettings{'chain'} = 'FORWARDFW';
84a05311
AM		 264 $maxkey=&General::findhasharraykey(\%configfwdfw);
265 %rulehash=%configfwdfw;
266 }
267 #check if we have an identical rule already
268 if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
269 foreach my $key (sort keys %rulehash){
5ca4ae11
AM		 270 if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
271 eq "$rulehash{$key}[0],$rulehash{$key}[2],$rulehash{$key}[3],$rulehash{$key}[4],$rulehash{$key}[5],$rulehash{$key}[6],$rulehash{$key}[7],$rulehash{$key}[8],$rulehash{$key}[9],$rulehash{$key}[10],$rulehash{$key}[11],$rulehash{$key}[12],$rulehash{$key}[13],$rulehash{$key}[14],$rulehash{$key}[15],$rulehash{$key}[16],$rulehash{$key}[17],$rulehash{$key}[18],$rulehash{$key}[19],$rulehash{$key}[20],$rulehash{$key}[21],$rulehash{$key}[22],$rulehash{$key}[23],$rulehash{$key}[24],$rulehash{$key}[25],$rulehash{$key}[26],$rulehash{$key}[27],$rulehash{$key}[28],$rulehash{$key}[29],$rulehash{$key}[30],$rulehash{$key}[31],$rulehash{$key}[32],$rulehash{$key}[33],$rulehash{$key}[34],$rulehash{$key}[35],$rulehash{$key}[36]"){
84a05311
AM		 272 $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
273 if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
274 $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
275 }
276 if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){
277 $errormessage='';
278 }
279 if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
280 $fwdfwsettings{'nosave'} = 'on';
281 }
2da264ec 282 }
46a6d6c7 283 }
84a05311
AM		 284 }
285 #check Rulepos on new Rule
286 if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
287 $fwdfwsettings{'oldrulenumber'}=$maxkey;
288 foreach my $key (sort keys %rulehash){
289 if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
290 eq "$rulehash{$key}[0],$rulehash{$key}[2],$rulehash{$key}[3],$rulehash{$key}[4],$rulehash{$key}[5],$rulehash{$key}[6],$rulehash{$key}[7],$rulehash{$key}[8],$rulehash{$key}[9],$rulehash{$key}[10],$rulehash{$key}[11],$rulehash{$key}[12],$rulehash{$key}[13],$rulehash{$key}[14],$rulehash{$key}[15],$rulehash{$key}[18],$rulehash{$key}[19],$rulehash{$key}[20],$rulehash{$key}[21],$rulehash{$key}[22],$rulehash{$key}[23],$rulehash{$key}[24],$rulehash{$key}[25],$rulehash{$key}[26],$rulehash{$key}[27],$rulehash{$key}[28],$rulehash{$key}[29],$rulehash{$key}[30],$rulehash{$key}[31],$rulehash{$key}[32],$rulehash{$key}[33],$rulehash{$key}[34],$rulehash{$key}[35],$rulehash{$key}[36]"){
291 $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
70d38e50
AM		 292 }
293 }
84a05311
AM		 294 }
295 #check if we just close a rule
296 if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}){
297 if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
298 $fwdfwsettings{'nosave2'} = 'on';
299 $errormessage='';
992394d5 300 }
84a05311
AM		 301 }
302 #check max concurrent connections per ip address
303 if ($fwdfwsettings{'LIMIT_CON_CON'} eq 'ON'){
304 if (!($fwdfwsettings{'concon'} =~ /^(\d+)$/)) {
305 $errormessage.=$Lang::tr{'fwdfw err concon'};
79ad6f7e 306 }
84a05311
AM		 307 }else{
308 $fwdfwsettings{'concon'}='';
309 }
310 #check ratelimit value
311 if ($fwdfwsettings{'RATE_LIMIT'} eq 'ON'){
312 if (!($fwdfwsettings{'ratecon'} =~ /^(\d+)$/)) {
313 $errormessage.=$Lang::tr{'fwdfw err ratecon'};
d8deec0b 314 }
84a05311
AM		 315 }else{
316 $fwdfwsettings{'ratecon'}='';
317 }
318 #increase counters
319 if (!$errormessage){
320 if ($fwdfwsettings{'nosave2'} ne 'on'){
321 &saverule(\%rulehash,$fwdfwsettings{'config'});
2a81ab0d 322 }
2a81ab0d
AM		 323 }
324 if ($errormessage){
325 &newrule;
326 }else{
992394d5 327 if($fwdfwsettings{'nosave2'} ne 'on'){
0e430797 328 &General::firewall_config_changed();
992394d5 329 }
2a81ab0d
AM		 330 &base;
331 }
2a81ab0d 332}
2a81ab0d
AM		 333if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw newrule'})
334{
335 &newrule;
336}
337if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw toggle'})
338{
339 my %togglehash=();
340 &General::readhasharray($fwdfwsettings{'config'}, \%togglehash);
341 foreach my $key (sort keys %togglehash){
342 if ($key eq $fwdfwsettings{'key'}){
343 if ($togglehash{$key}[2] eq 'ON'){$togglehash{$key}[2]='';}else{$togglehash{$key}[2]='ON';}
344 }
345 }
346 &General::writehasharray($fwdfwsettings{'config'}, \%togglehash);
0e430797 347 &General::firewall_config_changed();
2a81ab0d
AM		 348 &base;
349}
350if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw togglelog'})
351{
352 my %togglehash=();
353 &General::readhasharray($fwdfwsettings{'config'}, \%togglehash);
354 foreach my $key (sort keys %togglehash){
355 if ($key eq $fwdfwsettings{'key'}){
356 if ($togglehash{$key}[17] eq 'ON'){$togglehash{$key}[17]='';}else{$togglehash{$key}[17]='ON';}
357 }
358 }
359 &General::writehasharray($fwdfwsettings{'config'}, \%togglehash);
0e430797 360 &General::firewall_config_changed();
2a81ab0d
AM		 361 &base;
362}
363if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'})
364{
0e430797 365 &General::firewall_reload();
2a81ab0d
AM		 366 &base;
367}
368if ($fwdfwsettings{'ACTION'} eq 'editrule')
369{
370 $fwdfwsettings{'updatefwrule'}='on';
371 &newrule;
372}
373if ($fwdfwsettings{'ACTION'} eq 'deleterule')
374{
375 &deleterule;
376}
377if ($fwdfwsettings{'ACTION'} eq 'moveup')
378{
379 &pos_up;
380 &base;
381}
382if ($fwdfwsettings{'ACTION'} eq 'movedown')
383{
384 &pos_down;
385 &base;
386}
387if ($fwdfwsettings{'ACTION'} eq 'copyrule')
388{
389 $fwdfwsettings{'copyfwrule'}='on';
2a81ab0d
AM		 390 &newrule;
391}
653a71b9 392if ($fwdfwsettings{'ACTION'} eq '' or $fwdfwsettings{'ACTION'} eq 'reset')
2a81ab0d
AM		 393{
394 &base;
395}
396### Functions ####
8013bd0a 397sub addrule
2a81ab0d 398{
8013bd0a 399 &error;
85d6e8a9 400
c03d4a5e 401 &Header::openbox('100%', 'left', "");
85d6e8a9
MT		 402 print <<END;
403 <form method="POST" action="">
404 <table border='0' width="100%">
405 <tr>
c03d4a5e 406 <td align='center'>
85d6e8a9 407 <input type='submit' name='ACTION' value='$Lang::tr{'fwdfw newrule'}'>
85d6e8a9
MT		 408END
409
0e430797 410 if (&General::firewall_needs_reload()) {
85d6e8a9
MT		 411 print <<END;
412 <input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-weight: bold; color: green;'>
413END
414 }
415
416 print <<END;
417 </td>
418 </tr>
419 </table>
420 </form>
421
c03d4a5e 422 <br>
85d6e8a9 423END
c03d4a5e 424
8013bd0a
AM		 425 &Header::closebox();
426 &viewtablerule;
2a81ab0d
AM		 427}
428sub base
429{
2a81ab0d 430 &hint;
7bd9d462 431 &addrule;
2a81ab0d 432}
8013bd0a 433sub changerule
2a81ab0d 434{
8013bd0a
AM		 435 my $oldchain=shift;
436 $fwdfwsettings{'updatefwrule'}='';
437 $fwdfwsettings{'config'}=$oldchain;
438 $fwdfwsettings{'nobase'}='on';
439 &deleterule;
2a81ab0d
AM		 440}
441sub checksource
442{
443 my ($ip,$subnet);
2a81ab0d
AM		 444 #check ip-address if manual
445 if ($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} ne ''){
446 #check if ip with subnet
447 if ($fwdfwsettings{'src_addr'} =~ /^(.*?)\/(.*?)$/) {
448 ($ip,$subnet)=split (/\//,$fwdfwsettings{'src_addr'});
449 $subnet = &General::iporsubtocidr($subnet);
b5269091 450 $fwdfwsettings{'isip'}='on';
2a81ab0d
AM		 451 }
452 #check if only ip
453 if($fwdfwsettings{'src_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
454 $ip=$fwdfwsettings{'src_addr'};
455 $subnet = '32';
b5269091 456 $fwdfwsettings{'isip'}='on';
2a81ab0d 457 }
36196d0d 458
b5269091 459 if ($fwdfwsettings{'isip'} ne 'on'){
ab4fe66f
AM		 460 if (&General::validmac($fwdfwsettings{'src_addr'})){
461 $fwdfwsettings{'ismac'}='on';
462 }
b5269091
AM		 463 }
464 if ($fwdfwsettings{'isip'} eq 'on'){
931e1fed
AM		 465 ##check if ip is valid
466 if (! &General::validip($ip)){
467 $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
468 return $errormessage;
469 }
b5269091
AM		 470 #check and form valid IP
471 $ip=&General::ip2dec($ip);
472 $ip=&General::dec2ip($ip);
473 #check if net or broadcast
d9b691e1 474 $fwdfwsettings{'src_addr'}="$ip/$subnet";
b5269091
AM		 475 if(!&General::validipandmask($fwdfwsettings{'src_addr'})){
476 $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
931e1fed 477 return $errormessage;
b5269091
AM		 478 }
479 }
480 if ($fwdfwsettings{'isip'} ne 'on' && $fwdfwsettings{'ismac'} ne 'on'){
2a81ab0d 481 $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
931e1fed 482 return $errormessage;
2a81ab0d
AM		 483 }
484 }elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){
2610f393 485 $fwdfwsettings{'grp1'}='std_net_src';
9556a0fb 486 $fwdfwsettings{$fwdfwsettings{'grp1'}} = 'ALL';
2a81ab0d 487 }
62fc8511 488
2a81ab0d
AM		 489 #check empty fields
490 if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}."<br>";}
8f0b047b
AM		 491 if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'SRC_PORT'} ne ''){
492 my @parts=split(",",$fwdfwsettings{'SRC_PORT'});
493 my @values=();
494 foreach (@parts){
495 chomp($_);
829697d0 496 if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
8f0b047b
AM		 497 my $check;
498 #change dashes with :
499 $_=~ tr/-/:/;
500 if ($_ eq "*") {
501 push(@values,"1:65535");
502 $check='on';
503 }
829697d0 504 if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
8f0b047b
AM		 505 push(@values,"1:$2");
506 $check='on';
507 }
829697d0 508 if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/ ) {
8f0b047b
AM		 509 push(@values,"$1:65535");
510 $check='on'
511 }
512 $errormessage .= &General::validportrange($_, 'destination');
513 if(!$check){
514 push (@values,$_);
515 }
516 }else{
517 if (&General::validport($_)){
518 push (@values,$_);
519 }else{
520
521 }
522 }
2a81ab0d 523 }
8f0b047b 524 $fwdfwsettings{'SRC_PORT'}=join("|",@values);
2a81ab0d 525 }
931e1fed 526 return $errormessage;
2a81ab0d
AM		 527}
528sub checktarget
529{
530 my ($ip,$subnet);
a6edca5a 531 &General::readhasharray("$configsrv", \%customservice);
bc912c6e 532 #check DNAT settings (has to be single Host and single Port or portrange)
a6edca5a
AM		 533 if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){
534 if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){
a6edca5a
AM		 535 #check if manual ip is a single Host (if set)
536 if ($fwdfwsettings{'grp2'} eq 'tgt_addr'){
537 my @tmp= split (/\./,$fwdfwsettings{$fwdfwsettings{'grp2'}});
538 my @tmp1= split ("/",$tmp[3]);
539 if (($tmp1[0] eq "0") || ($tmp1[0] eq "255"))
540 {
541 $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
931e1fed 542 return $errormessage;
a6edca5a
AM		 543 }
544 }
bc912c6e 545 #check if Port is a single Port or portrange
a6edca5a 546 if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
a4c7bf6b 547 if(($fwdfwsettings{'PROT'} ne 'TCP'|| $fwdfwsettings{'PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){
a6edca5a 548 $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
931e1fed 549 return $errormessage;
a6edca5a 550 }
a4c7bf6b 551 if (($fwdfwsettings{'PROT'} eq 'TCP'|| $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PORT'})){
a6edca5a 552 $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
931e1fed 553 return $errormessage;
a6edca5a
AM		 554 }
555 }
556 }else{
896eb2d6
AM		 557 if ($fwdfwsettings{'grp2'} ne 'ipfire'){
558 $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
559 return $errormessage;
560 }
a6edca5a
AM		 561 }
562 }
2a81ab0d
AM		 563 if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){
564 #check if ip with subnet
565 if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) {
566 ($ip,$subnet)=split (/\//,$fwdfwsettings{'tgt_addr'});
567 $subnet = &General::iporsubtocidr($subnet);
568 }
569 #check if only ip
570 if($fwdfwsettings{'tgt_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
571 $ip=$fwdfwsettings{'tgt_addr'};
572 $subnet='32';
573 }
931e1fed
AM		 574 #check if ip is valid
575 if (! &General::validip($ip)){
576 $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
577 return $errormessage;
578 }
2a81ab0d
AM		 579 #check and form valid IP
580 $ip=&General::ip2dec($ip);
581 $ip=&General::dec2ip($ip);
d9b691e1 582 $fwdfwsettings{'tgt_addr'}="$ip/$subnet";
2a81ab0d
AM		 583 if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
584 $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
931e1fed 585 return $errormessage;
2a81ab0d 586 }
2a81ab0d 587 }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){
2610f393 588 $fwdfwsettings{'grp2'}='std_net_tgt';
9556a0fb 589 $fwdfwsettings{$fwdfwsettings{'grp2'}} = 'ALL';
2a81ab0d 590 }
d334d7cb
AM		 591 #check for mac in targetgroup
592 if ($fwdfwsettings{'grp2'} eq 'cust_grp_tgt'){
593 &General::readhasharray("$configgrp", \%customgrp);
594 &General::readhasharray("$confighost", \%customhost);
595 foreach my $grpkey (sort keys %customgrp){
596 foreach my $hostkey (sort keys %customhost){
597 if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customhost{$hostkey}[1] eq 'mac'){
598 $hint=$Lang::tr{'fwdfw hint mac'};
599 return $hint;
600 }
601 }
602 }
603 }
2a81ab0d
AM		 604 #check empty fields
605 if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."<br>";}
2a81ab0d
AM		 606 #check tgt services
607 if ($fwdfwsettings{'USESRV'} eq 'ON'){
608 if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
609 $fwdfwsettings{'TGT_PROT'}='';
610 $fwdfwsettings{'ICMP_TGT'}='';
a4c7bf6b 611 $fwdfwsettings{'TGT_PORT'}='';
2a81ab0d
AM		 612 }
613 if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){
614 $fwdfwsettings{'TGT_PROT'}='';
615 $fwdfwsettings{'ICMP_TGT'}='';
a4c7bf6b 616 $fwdfwsettings{'TGT_PORT'}='';
2a81ab0d
AM		 617 #check target service
618 if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq ''){
619 $errormessage.=$Lang::tr{'fwdfw err tgt_grp'};
620 }
621 }
622 if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){
a4c7bf6b 623 if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP'){
2a81ab0d 624 if ($fwdfwsettings{'TGT_PORT'} ne ''){
08e1c65d 625 if ($fwdfwsettings{'TGT_PORT'} =~ "," && $fwdfwsettings{'USE_NAT'} && $fwdfwsettings{'nat'} eq 'dnat') {
829697d0 626 $errormessage=$Lang::tr{'fwdfw dnat porterr'}."<br>";
931e1fed 627 return $errormessage;
829697d0 628 }
8f0b047b
AM		 629 my @parts=split(",",$fwdfwsettings{'TGT_PORT'});
630 my @values=();
631 foreach (@parts){
632 chomp($_);
829697d0 633 if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
8f0b047b
AM		 634 my $check;
635 #change dashes with :
636 $_=~ tr/-/:/;
637 if ($_ eq "*") {
638 push(@values,"1:65535");
639 $check='on';
640 }
829697d0 641 if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
8f0b047b
AM		 642 push(@values,"1:$2");
643 $check='on';
644 }
829697d0 645 if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/) {
8f0b047b
AM		 646 push(@values,"$1:65535");
647 $check='on'
648 }
649 $errormessage .= &General::validportrange($_, 'destination');
650 if(!$check){
651 push (@values,$_);
652 }
653 }else{
654 if (&General::validport($_)){
655 push (@values,$_);
656 }else{
d0f8bbc1
AM		 657 $errormessage=$Lang::tr{'fwdfw err tgt_port'};
658 return $errormessage;
8f0b047b
AM		 659 }
660 }
2a81ab0d 661 }
8f0b047b 662 $fwdfwsettings{'TGT_PORT'}=join("|",@values);
2a81ab0d 663 }
a4c7bf6b 664 }elsif ($fwdfwsettings{'PROT'} eq 'GRE'){
d1f01304 665 $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
bcbf1b8e 666 $fwdfwsettings{'TGT_PORT'} = '';
62fc8511 667 $fwdfwsettings{'ICMP_TGT'} = '';
a4c7bf6b 668 }elsif ($fwdfwsettings{'PROT'} eq 'ESP'){
d1f01304 669 $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
bcbf1b8e 670 $fwdfwsettings{'TGT_PORT'} = '';
d1f01304 671 $fwdfwsettings{'ICMP_TGT'}='';
a4c7bf6b 672 }elsif ($fwdfwsettings{'PROT'} eq 'AH'){
d1f01304 673 $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
bcbf1b8e 674 $fwdfwsettings{'TGT_PORT'} = '';
62fc8511 675 $fwdfwsettings{'ICMP_TGT'}='';
a4c7bf6b 676 }elsif ($fwdfwsettings{'PROT'} eq 'ICMP'){
d1f01304 677 $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
bcbf1b8e 678 $fwdfwsettings{'TGT_PORT'} = '';
2a81ab0d
AM		 679 }
680 }
681 }
2a81ab0d
AM		 682 #check targetport
683 if ($fwdfwsettings{'USESRV'} ne 'ON'){
684 $fwdfwsettings{'grp3'}='';
685 $fwdfwsettings{$fwdfwsettings{'grp3'}}='';
2a81ab0d
AM		 686 $fwdfwsettings{'ICMP_TGT'}='';
687 }
2a81ab0d
AM		 688 #check timeframe
689 if($fwdfwsettings{'TIME'} eq 'ON'){
690 if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && $fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && $fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && $fwdfwsettings{'TIME_SUN'} eq ''){
691 $errormessage=$Lang::tr{'fwdfw err time'};
931e1fed 692 return $errormessage;
2a81ab0d
AM		 693 }
694 }
2a81ab0d
AM		 695 return $errormessage;
696}
a6edca5a
AM		 697sub check_natport
698{
699 my $val=shift;
829697d0
AM		 700 if($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} ne ''){
701 if ($fwdfwsettings{'dnatport'} =~ /^(\d+)\-(\d+)$/) {
702 $fwdfwsettings{'dnatport'} =~ tr/-/:/;
703 if ($fwdfwsettings{'dnatport'} eq "*") {
704 $fwdfwsettings{'dnatport'}="1:65535";
705 }
706 if ($fwdfwsettings{'dnatport'} =~ /^(\D)\:(\d+)$/) {
707 $fwdfwsettings{'dnatport'} = "1:$2";
708 }
709 if ($fwdfwsettings{'dnatport'} =~ /^(\d+)\:(\D)$/) {
710 $fwdfwsettings{'dnatport'} ="$1:65535";
711 }
712 }
713 return 1;
714 }
715 if ($val =~ "," || $val>65536 || $val<0){
a6edca5a
AM		 716 return 0;
717 }
718 return 1;
719}
2a81ab0d
AM		 720sub checkrule
721{
a6edca5a
AM		 722 #check valid port for NAT
723 if($fwdfwsettings{'USE_NAT'} eq 'ON'){
f5f71c79 724 #RULE_ACTION must be ACCEPT if we use NAT
8e713726
AM		 725 $fwdfwsettings{'RULE_ACTION'} = 'ACCEPT';
726
f5f71c79
AM		 727 #if no dnat or snat selected errormessage
728 if ($fwdfwsettings{'nat'} eq ''){
729 $errormessage=$Lang::tr{'fwdfw dnat nochoice'};
730 return;
731 }
732
733 #if using snat, the external port has to be empty
734 if ($fwdfwsettings{'nat'} eq 'snat' && $fwdfwsettings{'dnatport'} ne ''){
735 $errormessage=$Lang::tr{'fwdfw dnat extport'};
736 return;
737 }
3c037075 738 #if no dest port is given in nat area, take target host port
a6edca5a 739 if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$fwdfwsettings{'TGT_PORT'};}
0051027b 740 if($fwdfwsettings{'TGT_PORT'} eq '' && $fwdfwsettings{'dnatport'} ne '' && ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP')){
3c037075 741 $errormessage=$Lang::tr{'fwdfw dnat porterr2'};
f5f71c79 742 return;
3c037075 743 }
bc912c6e 744 #check if port given in nat area is a single valid port or portrange
98cee89f 745 if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'dnatport'})){
a6edca5a 746 $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
98cee89f 747 }elsif($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'grp3'} eq 'cust_srv'){
a6edca5a 748 my $custsrvport;
f5f71c79 749 #get service Protocol and Port
a6edca5a
AM		 750 foreach my $key (sort keys %customservice){
751 if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]){
752 if ($customservice{$key}[2] ne 'TCP' && $customservice{$key}[2] ne 'UDP'){
753 $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
754 }
755 $custsrvport= $customservice{$key}[1];
756 }
757 }
758 if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$custsrvport;}
759 }
98cee89f
AM		 760 #check if DNAT port is multiple
761 if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} ne ''){
762 my @parts=split(",",$fwdfwsettings{'dnatport'});
763 my @values=();
764 foreach (@parts){
765 chomp($_);
766 if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
767 my $check;
768 #change dashes with :
769 $_=~ tr/-/:/;
770 if ($_ eq "*") {
771 push(@values,"1:65535");
772 $check='on';
773 }
774 if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
775 push(@values,"1:$2");
776 $check='on';
777 }
778 if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/) {
779 push(@values,"$1:65535");
780 $check='on'
781 }
782 $errormessage .= &General::validportrange($_, 'destination');
783 if(!$check){
784 push (@values,$_);
785 }
786 }else{
787 if (&General::validport($_)){
788 push (@values,$_);
789 }else{
790
791 }
792 }
793 }
794 $fwdfwsettings{'dnatport'}=join("|",@values);
795 }
ce2dbe92
AM		 796 #check if a rule with prot tcp or udp and ports is edited and now prot is "all", then delete all ports
797 if($fwdfwsettings{'PROT'} eq ''){
798 $fwdfwsettings{'dnatport'}='';
799 }
a6edca5a 800 }
2a81ab0d
AM		 801 #check valid remark
802 if ($fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
803 $errormessage.=$Lang::tr{'fwdfw err remark'}."<br>";
804 }
805 #check if source and target identical
59c2888b 806 if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ALL' && $fwdfwsettings{'grp2'} ne 'ipfire'){
cb4439f3 807 $errormessage=$Lang::tr{'fwdfw err same'};
2a81ab0d
AM		 808 return $errormessage;
809 }
2a81ab0d
AM		 810 #get source and targetip address if possible
811 my ($sip,$scidr,$tip,$tcidr);
812 ($sip,$scidr)=&get_ip("src","grp1");
813 ($tip,$tcidr)=&get_ip("tgt","grp2");
2a81ab0d
AM		 814 #check same iprange in source and target
815 if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){
2a81ab0d
AM		 816 my $networkip1=&General::getnetworkip($sip,$scidr);
817 my $networkip2=&General::getnetworkip($tip,$tcidr);
818 if ($scidr gt $tcidr){
210ee67b 819 if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr))){
2a81ab0d
AM		 820 $errormessage.=$Lang::tr{'fwdfw err samesub'};
821 }
8013bd0a
AM		 822 }elsif($scidr eq $tcidr && $scidr eq '32'){
823 my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(/\./,$networkip1);
824 my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(/\./,$networkip2);
825 if ($sbyte1 eq $tbyte1 && $sbyte2 eq $tbyte2 && $sbyte3 eq $tbyte3){
826 $hint=$Lang::tr{'fwdfw hint ip1'}."<br>";
827 $hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr<br>";
828 }
829 }else{
830 if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
831 $errormessage.=$Lang::tr{'fwdfw err samesub'};
832 }
833 }
834 }
35ca8e02 835 #when icmp selected, no source and targetport allowed
79bb8c75 836 if (($fwdfwsettings{'PROT'} ne '' && $fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP' && $fwdfwsettings{'PROT'} ne 'template') && ($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq 'ON')){
e6e9a811
AM		 837 $errormessage.=$Lang::tr{'fwdfw err prot_port'};
838 return;
839 }
840 #change protocol if prot not equal dest single service
a4c7bf6b
AM		 841 if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
842 foreach my $key (sort keys %customservice){
843 if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){
844 if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){
845 $fwdfwsettings{'PROT'} = $customservice{$key}[2];
846 last;
8013bd0a
AM		 847 }
848 }
849 }
850 }
a4c7bf6b
AM		 851 #check source and destination protocol if source manual and dest servicegroup
852 if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){
853 $fwdfwsettings{'PROT'} = '';
72586f0f 854 }
a4c7bf6b 855 #ATTENTION: $fwdfwsetting{'TGT_PROT'} deprecated since 30.09.2013
fadcfb73 856 $fwdfwsettings{'TGT_PROT'}=''; #Set field empty (deprecated)
a4c7bf6b
AM		 857 #Check ICMP Types
858 if ($fwdfwsettings{'PROT'} eq 'ICMP'){
859 $fwdfwsettings{'USE_SRC_PORT'}='';
860 $fwdfwsettings{'SRC_PORT'}='';
e6e9a811 861 #$fwdfwsettings{'USESRV'}='';
a4c7bf6b
AM		 862 $fwdfwsettings{'TGT_PORT'}='';
863 &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
864 foreach my $key (keys %icmptypes){
865 if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}[1])"){
866 $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]";
867 }
868 }
869 }elsif($fwdfwsettings{'PROT'} eq 'GRE'){
870 $fwdfwsettings{'USE_SRC_PORT'}='';
871 $fwdfwsettings{'SRC_PORT'}='';
872 $fwdfwsettings{'ICMP_TYPES'}='';
873 $fwdfwsettings{'USESRV'}='';
874 $fwdfwsettings{'TGT_PORT'}='';
875 }elsif($fwdfwsettings{'PROT'} eq 'ESP'){
876 $fwdfwsettings{'USE_SRC_PORT'}='';
877 $fwdfwsettings{'SRC_PORT'}='';
878 $fwdfwsettings{'ICMP_TYPES'}='';
879 $fwdfwsettings{'USESRV'}='';
880 $fwdfwsettings{'TGT_PORT'}='';
881 }elsif($fwdfwsettings{'PROT'} eq 'AH'){
882 $fwdfwsettings{'USE_SRC_PORT'}='';
883 $fwdfwsettings{'SRC_PORT'}='';
884 $fwdfwsettings{'ICMP_TYPES'}='';
885 $fwdfwsettings{'USESRV'}='';
886 $fwdfwsettings{'TGT_PORT'}='';
79bb8c75
AM		 887 }elsif($fwdfwsettings{'PROT'} eq 'IGMP'){
888 $fwdfwsettings{'USE_SRC_PORT'}='';
889 $fwdfwsettings{'SRC_PORT'}='';
890 $fwdfwsettings{'ICMP_TYPES'}='';
891 $fwdfwsettings{'USESRV'}='';
892 $fwdfwsettings{'TGT_PORT'}='';
11760a70
AM		 893 }elsif($fwdfwsettings{'PROT'} eq 'IPv6'){
894 $fwdfwsettings{'USE_SRC_PORT'}='';
895 $fwdfwsettings{'SRC_PORT'}='';
896 $fwdfwsettings{'ICMP_TYPES'}='';
897 $fwdfwsettings{'USESRV'}='';
898 $fwdfwsettings{'TGT_PORT'}='';
899 }elsif($fwdfwsettings{'PROT'} eq 'IPIP'){
900 $fwdfwsettings{'USE_SRC_PORT'}='';
901 $fwdfwsettings{'SRC_PORT'}='';
902 $fwdfwsettings{'ICMP_TYPES'}='';
903 $fwdfwsettings{'USESRV'}='';
904 $fwdfwsettings{'TGT_PORT'}='';
35ca8e02 905 }elsif($fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP'){
a4c7bf6b 906 $fwdfwsettings{'ICMP_TYPES'}='';
35ca8e02
AM		 907 $fwdfwsettings{'SRC_PORT'}='';
908 $fwdfwsettings{'TGT_PORT'}='';
a4c7bf6b
AM		 909 }elsif($fwdfwsettings{'PROT'} ne 'ICMP'){
910 $fwdfwsettings{'ICMP_TYPES'}='';
911 }
8013bd0a 912}
931e1fed
AM		 913sub checkvpn
914{
915 my $ip=shift;
916 #Test if manual IP is part of static OpenVPN networks
917 &General::readhasharray("$configccdnet", \%ccdnet);
918 foreach my $key (sort keys %ccdnet){
919 my ($vpnip,$vpnsubnet) = split ("/",$ccdnet{$key}[1]);
920 my $sub=&General::iporsubtodec($vpnsubnet);
921 if (&General::IpInSubnet($ip,$vpnip,$sub)){
922 return 0;
923 }
924 }
925 # A Test if manual ip is part of dynamic openvpn subnet is made in getcolor
926 # because if one creates a custom host with the ip, we need to check the color there!
927 # It does not make sense to check this here
928
929 # Test if manual IP is part of an OpenVPN N2N subnet does also not make sense here
930 # Is also checked in getcolor
931
932 # Test if manual ip is part of an IPsec Network is also checked in getcolor
933 return 1;
934}
935sub checkvpncolor
936{
937
8013bd0a
AM		 938}
939sub deleterule
940{
941 my %delhash=();
942 &General::readhasharray($fwdfwsettings{'config'}, \%delhash);
943 foreach my $key (sort {$a <=> $b} keys %delhash){
8013bd0a
AM		 944 if ($key >= $fwdfwsettings{'key'}) {
945 my $next = $key + 1;
946 if (exists $delhash{$next}) {
947 foreach my $i (0 .. $#{$delhash{$next}}) {
948 $delhash{$key}[$i] = $delhash{$next}[$i];
949 }
950 }
951 }
952 }
953 # Remove the very last entry.
954 my $last_key = (sort {$a <=> $b} keys %delhash)[-1];
955 delete $delhash{$last_key};
956
957 &General::writehasharray($fwdfwsettings{'config'}, \%delhash);
0e430797 958 &General::firewall_config_changed();
8013bd0a
AM		 959
960 if($fwdfwsettings{'nobase'} ne 'on'){
961 &base;
962 }
963}
fd169d0a
AM		 964sub del_double
965{
966 my %all=();
967 @all{@_}=1;
968 return (keys %all);
969}
8013bd0a
AM		 970sub disable_rule
971{
972 my $key1=shift;
973 &General::readhasharray("$configfwdfw", \%configfwdfw);
974 foreach my $key (sort keys %configfwdfw){
975 if ($key eq $key1 ){
976 if ($configfwdfw{$key}[2] eq 'ON'){$configfwdfw{$key}[2]='';}
977 }
978 }
979 &General::writehasharray("$configfwdfw", \%configfwdfw);
0e430797 980 &General::firewall_config_changed();
8013bd0a 981}
8013bd0a
AM		 982sub error
983{
984 if ($errormessage) {
985 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
986 print "<class name='base'>$errormessage\n";
987 print "&nbsp;</class>\n";
988 &Header::closebox();
8013bd0a
AM		 989 }
990}
991sub fillselect
992{
993 my %hash=%{(shift)};
994 my $val=shift;
995 my $key;
eff2dbf8 996 foreach my $key (sort { ncmp($hash{$a}[0],$hash{$b}[0]) } keys %hash){
8013bd0a
AM		 997 if($hash{$key}[0] eq $val){
998 print"<option value='$hash{$key}[0]' selected>$hash{$key}[0]</option>";
999 }else{
1000 print"<option value='$hash{$key}[0]'>$hash{$key}[0]</option>";
1001 }
1002 }
1003}
1004sub gen_dd_block
1005{
1006 my $srctgt = shift;
1007 my $grp=shift;
1008 my $helper='';
1009 my $show='';
1010 $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
1011 $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
1012 $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
1013 $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
1014 $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
1015 $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
1016 $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
1017 $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
1018 $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
1019 $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
1020 $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED';
1021 $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED';
1022 $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
1023 $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
1024 $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
1025 $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
1026 $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
a0fb1099 1027 $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
8013bd0a
AM		 1028 $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
1029print<<END;
1030 <table width='100%' border='0'>
1031 <tr><td width='50%' valign='top'>
f5f71c79 1032 <table width='95%' border='0'>
b88c8829 1033 <tr><td width='1%'><input type='radio' name='$grp' id='std_net_$srctgt' value='std_net_$srctgt' $checked{$grp}{'std_net_'.$srctgt}></td><td>$Lang::tr{'fwhost stdnet'}</td><td align='right'><select name='std_net_$srctgt' style='width:200px;'>
8013bd0a
AM		 1034END
1035 foreach my $network (sort keys %defaultNetworks)
1036 {
a0fb1099 1037 next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
8013bd0a
AM		 1038 print "<option value='$defaultNetworks{$network}{'NAME'}'";
1039 print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $defaultNetworks{$network}{'NAME'});
3b2ad4a1 1040 my $defnet="$defaultNetworks{$network}{'NAME'}_NETADDRESS";
1a8fde0e
AM		 1041 my $defsub="$defaultNetworks{$network}{'NAME'}_NETMASK";
1042 my $defsub1=&General::subtocidr($ifaces{$defsub});
7326051e 1043 $ifaces{$defnet}='' if ($defaultNetworks{$network}{'NAME'} eq 'RED');
a0fb1099 1044 if ($ifaces{$defnet}){
1a8fde0e 1045 print ">$network ($ifaces{$defnet}/$defsub1)</option>";
a0fb1099
AM		 1046 }else{
1047 print ">$network</option>";
1048 }
8013bd0a
AM		 1049 }
1050 print"</select></td></tr>";
1051 #custom networks
d9987841 1052 if (! -z $confignet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
b88c8829 1053 print"<tr><td><input type='radio' name='$grp' id='cust_net_$srctgt' value='cust_net_$srctgt' $checked{$grp}{'cust_net_'.$srctgt}></td><td>$Lang::tr{'fwhost cust net'}</td><td align='right'><select name='cust_net_$srctgt' style='width:200px;'>";
8013bd0a
AM		 1054 &fillselect(\%customnetwork,$fwdfwsettings{$fwdfwsettings{$grp}});
1055 print"</select></td>";
1056 }
1057 #custom hosts
d9987841 1058 if (! -z $confighost || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
b88c8829 1059 print"<tr><td><input type='radio' name='$grp' id='cust_host_$srctgt' value='cust_host_$srctgt' $checked{$grp}{'cust_host_'.$srctgt}></td><td>$Lang::tr{'fwhost cust addr'}</td><td align='right'><select name='cust_host_$srctgt' style='width:200px;'>";
8013bd0a
AM		 1060 &fillselect(\%customhost,$fwdfwsettings{$fwdfwsettings{$grp}});
1061 print"</select></td>";
1062 }
1063 #custom groups
d9987841 1064 if (! -z $configgrp || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
b88c8829 1065 print"<tr><td valign='top'><input type='radio' name='$grp' id='cust_grp_$srctgt' value='cust_grp_$srctgt' $checked{$grp}{'cust_grp_'.$srctgt}></td><td >$Lang::tr{'fwhost cust grp'}</td><td align='right'><select name='cust_grp_$srctgt' style='width:200px;'>";
eff2dbf8 1066 foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } keys %customgrp) {
aeefcc9c 1067 if($helper ne $customgrp{$key}[0] && $customgrp{$key}[2] ne 'none'){
8013bd0a
AM		 1068 print"<option ";
1069 print "selected='selected' " if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $customgrp{$key}[0]);
1070 print ">$customgrp{$key}[0]</option>";
1071 }
1072 $helper=$customgrp{$key}[0];
1073 }
1074 print"</select></td>";
1075 }
1076 #End left table. start right table (vpn)
f5f71c79 1077 print"</tr></table></td><td valign='top'><table width='95%' border='0' align='right'><tr>";
8013bd0a 1078 # CCD networks
d9987841 1079 if( ! -z $configccdnet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
b88c8829 1080 print"<td width='1%'><input type='radio' name='$grp' id='ovpn_net_$srctgt' value='ovpn_net_$srctgt' $checked{$grp}{'ovpn_net_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_net_$srctgt' style='width:200px;'>";
8013bd0a
AM		 1081 &fillselect(\%ccdnet,$fwdfwsettings{$fwdfwsettings{$grp}});
1082 print"</select></td></tr>";
1083 }
1084 #OVPN CCD Hosts
eff2dbf8 1085 foreach my $key (sort { ncmp($ccdhost{$a}[0],$ccdhost{$b}[0]) } keys %ccdhost){
d9987841 1086 if ($ccdhost{$key}[33] ne '' ){
b88c8829 1087 print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_host_$srctgt' value='ovpn_host_$srctgt' $checked{$grp}{'ovpn_host_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_host_$srctgt' style='width:200px;'>" if ($show eq '');
8013bd0a
AM		 1088 $show='1';
1089 print "<option value='$ccdhost{$key}[1]'";
1090 print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $ccdhost{$key}[1]);
1091 print ">$ccdhost{$key}[1]</option>";
1092 }
1093 }
d9987841 1094 if($optionsfw{'SHOWDROPDOWN'} eq 'on' && $show eq ''){
b88c8829 1095 print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_host_$srctgt' value='ovpn_host_$srctgt' $checked{$grp}{'ovpn_host_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_host_$srctgt' style='width:200px;'></select></td></tr>" ;
d9987841 1096 }
8013bd0a
AM		 1097 if ($show eq '1'){$show='';print"</select></td></tr>";}
1098 #OVPN N2N
eff2dbf8 1099 foreach my $key (sort { ncmp($ccdhost{$a}[1],$ccdhost{$b}[1]) } keys %ccdhost){
8013bd0a 1100 if ($ccdhost{$key}[3] eq 'net'){
b88c8829 1101 print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_n2n_$srctgt' value='ovpn_n2n_$srctgt' $checked{$grp}{'ovpn_n2n_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ovpn_n2n'}:</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_n2n_$srctgt' style='width:200px;'>" if ($show eq '');
d9987841 1102 $show='1';
8013bd0a
AM		 1103 print "<option value='$ccdhost{$key}[1]'";
1104 print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $ccdhost{$key}[1]);
1105 print ">$ccdhost{$key}[1]</option>";
1106 }
1107 }
d9987841 1108 if($optionsfw{'SHOWDROPDOWN'} eq 'on' && $show eq ''){
b88c8829 1109 print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_n2n_$srctgt' value='ovpn_n2n_$srctgt' $checked{$grp}{'ovpn_n2n_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ovpn_n2n'}</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_n2n_$srctgt' style='width:200px;'></select></td></tr>" ;
d9987841 1110 }
8013bd0a
AM		 1111 if ($show eq '1'){$show='';print"</select></td></tr>";}
1112 #IPsec netze
eff2dbf8 1113 foreach my $key (sort { ncmp($ipsecconf{$a}[1],$ipsecconf{$b}[1]) } keys %ipsecconf) {
5558ca2a 1114 if ($ipsecconf{$key}[3] eq 'net' || ($optionsfw{'SHOWDROPDOWN'} eq 'on' && $ipsecconf{$key}[3] ne 'host')){
97e2e7b4 1115 print"<tr><td valign='top'><input type='radio' name='$grp' value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' style='width:200px;'>" if ($show eq '');
8013bd0a
AM		 1116 $show='1';
1117 print "<option ";
1118 print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $ipsecconf{$key}[1]);
1119 print ">$ipsecconf{$key}[1]</option>";
1120 }
1121 }
d9987841 1122 if($optionsfw{'SHOWDROPDOWN'} eq 'on' && $show eq ''){
b88c8829 1123 print"<tr><td valign='top'><input type='radio' name='$grp' id='ipsec_net_$srctgt' value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' style='width:200px;'><select></td></tr>";
d9987841 1124 }
8013bd0a
AM		 1125 if ($show eq '1'){$show='';print"</select></td></tr>";}
1126
b88c8829 1127 print"</table>";
8013bd0a
AM		 1128 print"</td></tr></table><br>";
1129}
1130sub get_ip
1131{
1132 my $val=shift;
1133 my $grp =shift;
1134 my $a;
1135 my $b;
1136 &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
1137 if ($fwdfwsettings{$grp} ne $Lang::tr{'fwhost any'}){
1138 if ($fwdfwsettings{$grp} eq $val.'_addr'){
1139 ($a,$b) = split (/\//, $fwdfwsettings{$fwdfwsettings{$grp}});
1140 }elsif($fwdfwsettings{$grp} eq 'std_net_'.$val){
1141 if ($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Gr/i){
1142 $a=$netsettings{'GREEN_NETADDRESS'};
1143 $b=&General::iporsubtocidr($netsettings{'GREEN_NETMASK'});
1144 }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Ora/i){
1145 $a=$netsettings{'ORANGE_NETADDRESS'};
1146 $b=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'});
1147 }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Bl/i){
1148 $a=$netsettings{'BLUE_NETADDRESS'};
1149 $b=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'});
1150 }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /OpenVPN/i){
1151 &General::readhash("$configovpn",\%ovpnsettings);
1152 ($a,$b) = split (/\//, $ovpnsettings{'DOVPN_SUBNET'});
1153 $b=&General::iporsubtocidr($b);
1154 }
1155 }elsif($fwdfwsettings{$grp} eq 'cust_net_'.$val){
1156 &General::readhasharray("$confignet", \%customnetwork);
1157 foreach my $key (keys %customnetwork){
1158 if($customnetwork{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){
1159 $a=$customnetwork{$key}[1];
1160 $b=&General::iporsubtocidr($customnetwork{$key}[2]);
1161 }
1162 }
1163 }elsif($fwdfwsettings{$grp} eq 'cust_host_'.$val){
1164 &General::readhasharray("$confighost", \%customhost);
1165 foreach my $key (keys %customhost){
1166 if($customhost{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){
1167 if ($customhost{$key}[1] eq 'ip'){
1168 ($a,$b)=split (/\//,$customhost{$key}[2]);
1169 $b=&General::iporsubtocidr($b);
1170 }else{
1171 if ($grp eq 'grp2'){
1172 $errormessage=$Lang::tr{'fwdfw err tgt_mac'};
1173 }
1174 }
1175 }
1176 }
1177 }
1178 }
1179 return $a,$b;
1180}
1181sub get_name
1182{
1183 my $val=shift;
1184 &General::setup_default_networks(\%defaultNetworks);
1185 foreach my $network (sort keys %defaultNetworks)
1186 {
1187 return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
1188 }
1189}
1190sub getsrcport
1191{
1192 my %hash=%{(shift)};
1193 my $key=shift;
a4c7bf6b 1194 if($hash{$key}[7] eq 'ON' && $hash{$key}[10]){
8013bd0a
AM		 1195 $hash{$key}[10]=~ s/\|/,/g;
1196 print": $hash{$key}[10]";
1197 }elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){
1198 print": <br>$hash{$key}[9] ";
1199 }
1200}
1201sub gettgtport
1202{
1203 my %hash=%{(shift)};
1204 my $key=shift;
1205 my $service;
1206 my $prot;
1207 if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){
1208 if($hash{$key}[14] eq 'cust_srv'){
1209 &General::readhasharray("$configsrv", \%customservice);
1210 foreach my $i (sort keys %customservice){
1211 if($customservice{$i}[0] eq $hash{$key}[15]){
1212 $service = $customservice{$i}[0];
1213 }
1214 }
1215 }elsif($hash{$key}[14] eq 'cust_srvgrp'){
1216 $service=$hash{$key}[15];
1217 }elsif($hash{$key}[14] eq 'TGT_PORT'){
1218 $hash{$key}[15]=~ s/\|/,/g;
1219 $service=$hash{$key}[15];
1220 }
1221 if($service){
1222 print": $service";
1223 }
8013bd0a
AM		 1224 }
1225}
1226sub get_serviceports
1227{
1228 my $type=shift;
1229 my $name=shift;
1230 &General::readhasharray("$configsrv", \%customservice);
1231 &General::readhasharray("$configsrvgrp", \%customservicegrp);
b3f4a4ef 1232 @protocols=();
712500d0 1233 my @specprot=("IPIP","IPV6","IGMP","GRE","AH","ESP");
8013bd0a 1234 if($type eq 'service'){
eff2dbf8 1235 foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
8013bd0a 1236 if ($customservice{$key}[0] eq $name){
0626fac1 1237 push (@protocols,$customservice{$key}[2]);
8013bd0a
AM		 1238 }
1239 }
1240 }elsif($type eq 'group'){
eff2dbf8 1241 foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){
8013bd0a 1242 if ($customservicegrp{$key}[0] eq $name){
712500d0
AM		 1243 if ($customservicegrp{$key}[2] ~~ @specprot){
1244 push (@protocols," ".$customservicegrp{$key}[2]);
1245 }else{
1246 foreach my $key1 (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
1247 if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
1248 if (!grep(/$customservice{$key1}[2]/, @protocols)){
0626fac1 1249 push (@protocols,$customservice{$key1}[2]);}
b3f4a4ef 1250 }
8013bd0a
AM		 1251 }
1252 }
1253 }
1254 }
1255 }
28e003e4
MT		 1256
1257 # Sort protocols alphabetically.
1258 @protocols = sort(@protocols);
1259
b3f4a4ef 1260 return @protocols;
8013bd0a
AM		 1261}
1262sub getcolor
1263{
1264 my $nettype=shift;
1265 my $val=shift;
1266 my $hash=shift;
1267 if($optionsfw{'SHOWCOLORS'} eq 'on'){
b062a11b
MT		 1268 # Don't colourise MAC addresses
1269 if (&General::validmac($val)) {
1270 $tdcolor = "";
1271 return;
1272 }
1273
b119578f
AM		 1274 #custom Hosts
1275 if ($nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){
1276 foreach my $key (sort keys %$hash){
1277 if ($$hash{$key}[0] eq $val){
1278 $val=$$hash{$key}[2];
1279 }
1280 }
1281 }
e3c58927
AM		 1282 #standard networks
1283 if ($val eq 'GREEN'){
43215686 1284 $tdcolor="style='background-color: $Header::colourgreen;color:white;'";
e3c58927
AM		 1285 return;
1286 }elsif ($val eq 'ORANGE'){
43215686 1287 $tdcolor="style='background-color: $Header::colourorange;color:white;'";
e3c58927
AM		 1288 return;
1289 }elsif ($val eq 'BLUE'){
43215686 1290 $tdcolor="style='background-color: $Header::colourblue;color:white;'";
e3c58927 1291 return;
05d4f131 1292 }elsif ($val eq 'RED' ||$val eq 'RED1' ){
43215686 1293 $tdcolor="style='background-color: $Header::colourred;color:white;'";
e3c58927
AM		 1294 return;
1295 }elsif ($val eq 'IPFire' ){
43215686 1296 $tdcolor="style='background-color: $Header::colourred;color:white;'";
e3c58927 1297 return;
d8afe3e2
AM		 1298 }elsif ($val eq 'OpenVPN-Dyn' ){
1299 $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
1300 return;
1301 }elsif ($val eq 'IPsec RW' ){
1302 $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
1303 return;
e3c58927
AM		 1304 }elsif($val =~ /^(.*?)\/(.*?)$/){
1305 my ($sip,$scidr) = split ("/",$val);
1be052f9 1306 if ( &Header::orange_used() && &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
43215686 1307 $tdcolor="style='background-color: $Header::colourorange;color:white;'";
e3c58927
AM		 1308 return;
1309 }
1310 if ( &General::IpInSubnet($sip,$netsettings{'GREEN_ADDRESS'},$netsettings{'GREEN_NETMASK'})){
43215686 1311 $tdcolor="style='background-color: $Header::colourgreen;color:white;'";
e3c58927
AM		 1312 return;
1313 }
1be052f9 1314 if ( &Header::blue_used() && &General::IpInSubnet($sip,$netsettings{'BLUE_ADDRESS'},$netsettings{'BLUE_NETMASK'})){
43215686 1315 $tdcolor="style='background-color: $Header::colourblue;color:white;'";
e3c58927
AM		 1316 return;
1317 }
1318 }elsif ($val eq 'Default IP'){
43215686 1319 $tdcolor="style='background-color: $Header::colourred;color:white;'";
e3c58927
AM		 1320 return;
1321 }
b119578f
AM		 1322 #Check if a manual IP or custom host is part of a VPN
1323 if ($nettype eq 'src_addr' || $nettype eq 'tgt_addr' || $nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){
931e1fed
AM		 1324 #Check if IP is part of OpenVPN dynamic subnet
1325 my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'});
1326 my ($c,$d) = split("/",$val);
1327 if (&General::IpInSubnet($c,$a,$b)){
43215686 1328 $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
931e1fed
AM		 1329 return;
1330 }
d9b691e1
AM		 1331 #Check if IP is part of OpenVPN static subnet
1332 foreach my $key (sort keys %ccdnet){
1333 my ($a,$b) = split("/",$ccdnet{$key}[1]);
1334 $b =&General::iporsubtodec($b);
1335 if (&General::IpInSubnet($c,$a,$b)){
43215686 1336 $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
d9b691e1
AM		 1337 return;
1338 }
1339 }
1340 #Check if IP is part of OpenVPN N2N subnet
1341 foreach my $key (sort keys %ccdhost){
1342 if ($ccdhost{$key}[3] eq 'net'){
1343 my ($a,$b) = split("/",$ccdhost{$key}[11]);
1344 if (&General::IpInSubnet($c,$a,$b)){
43215686 1345 $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
d9b691e1
AM		 1346 return;
1347 }
1348 }
1349 }
931e1fed
AM		 1350 #Check if IP is part of IPsec RW network
1351 if ($ipsecsettings{'RW_NET'} ne ''){
1352 my ($a,$b) = split("/",$ipsecsettings{'RW_NET'});
1353 $b=&General::iporsubtodec($b);
1354 if (&General::IpInSubnet($c,$a,$b)){
43215686 1355 $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
931e1fed
AM		 1356 return;
1357 }
1358 }
1359 #Check if IP is part of a IPsec N2N network
1360 foreach my $key (sort keys %ipsecconf){
476b122f
AM		 1361 if ($ipsecconf{$key}[11]){
1362 my ($a,$b) = split("/",$ipsecconf{$key}[11]);
1363 $b=&General::iporsubtodec($b);
1364 if (&General::IpInSubnet($c,$a,$b)){
1365 $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
1366 return;
1367 }
931e1fed
AM		 1368 }
1369 }
1370 }
8013bd0a
AM		 1371 #VPN networks
1372 if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq 'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || $nettype eq 'ovpn_host_tgt'){
43215686 1373 $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
8013bd0a
AM		 1374 return;
1375 }
1376 if ($nettype eq 'ipsec_net_src' || $nettype eq 'ipsec_net_tgt'){
43215686 1377 $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
8013bd0a
AM		 1378 return;
1379 }
8013bd0a
AM		 1380 #ALIASE
1381 foreach my $alias (sort keys %aliases)
1382 {
1383 if ($val eq $alias){
43215686 1384 $tdcolor="style='background-color:$Header::colourred;color:white;'";
8013bd0a
AM		 1385 return;
1386 }
1387 }
2a81ab0d 1388 }
e3c58927
AM		 1389 $tdcolor='';
1390 return;
8013bd0a
AM		 1391}
1392sub hint
1393{
1394 if ($hint) {
1395 &Header::openbox('100%', 'left', $Lang::tr{'fwhost hint'});
1396 print "<class name='base'>$hint\n";
1397 print "&nbsp;</class>\n";
1398 &Header::closebox();
2a81ab0d 1399 }
2a81ab0d
AM		 1400}
1401sub newrule
1402{
1403 &error;
1404 &General::setup_default_networks(\%defaultNetworks);
515863e2 1405 &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
2a81ab0d
AM		 1406 #read all configfiles
1407 &General::readhasharray("$configccdnet", \%ccdnet);
1408 &General::readhasharray("$confignet", \%customnetwork);
1409 &General::readhasharray("$configccdhost", \%ccdhost);
1410 &General::readhasharray("$confighost", \%customhost);
1411 &General::readhasharray("$configccdhost", \%ccdhost);
1412 &General::readhasharray("$configgrp", \%customgrp);
1413 &General::readhasharray("$configipsec", \%ipsecconf);
1414 &General::get_aliases(\%aliases);
2a81ab0d
AM		 1415 my %checked=();
1416 my $helper;
2da264ec 1417 my $sum=0;
2a81ab0d
AM		 1418 if($fwdfwsettings{'config'} eq ''){$fwdfwsettings{'config'}=$configfwdfw;}
1419 my $config=$fwdfwsettings{'config'};
1420 my %hash=();
43d8be09 1421 #Get Red IP-ADDRESS
1422 open (CONN1,"/var/ipfire/red/local-ipaddress");
1423 my $redip = <CONN1>;
1424 close(CONN1);
f0dc00d8 1425 if (! $fwdfwsettings{'RULE_ACTION'} && $fwdfwsettings{'POLICY'} eq 'MODE2'){
9566c8f5 1426 $fwdfwsettings{'RULE_ACTION'}='DROP';
f0dc00d8 1427 }elsif(! $fwdfwsettings{'RULE_ACTION'} && $fwdfwsettings{'POLICY'} eq 'MODE1'){
9566c8f5
AM		 1428 $fwdfwsettings{'RULE_ACTION'}='ACCEPT';
1429 }
2a81ab0d
AM		 1430 $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
1431 $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
1432 $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
1433 $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
1434 $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
1435 $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
1436 $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
1437 $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
1438 $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
1439 $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
1440 $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED';
1441 $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED';
1442 $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
1443 $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
1444 $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
a6edca5a 1445 $checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED';
2a81ab0d
AM		 1446 $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
1447 $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
1448 $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
43d8be09 1449 $selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
2a81ab0d
AM		 1450 #check if update and get values
1451 if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){
1452 &General::readhasharray("$config", \%hash);
1453 foreach my $key (sort keys %hash){
2da264ec 1454 $sum++;
2a81ab0d 1455 if ($key eq $fwdfwsettings{'key'}){
70d38e50 1456 $fwdfwsettings{'oldrulenumber'} = $fwdfwsettings{'key'};
2a81ab0d 1457 $fwdfwsettings{'RULE_ACTION'} = $hash{$key}[0];
2669161d 1458 $fwdfwsettings{'chain'} = $hash{$key}[1];
2a81ab0d
AM		 1459 $fwdfwsettings{'ACTIVE'} = $hash{$key}[2];
1460 $fwdfwsettings{'grp1'} = $hash{$key}[3];
1461 $fwdfwsettings{$fwdfwsettings{'grp1'}} = $hash{$key}[4];
1462 $fwdfwsettings{'grp2'} = $hash{$key}[5];
1463 $fwdfwsettings{$fwdfwsettings{'grp2'}} = $hash{$key}[6];
1464 $fwdfwsettings{'USE_SRC_PORT'} = $hash{$key}[7];
1465 $fwdfwsettings{'PROT'} = $hash{$key}[8];
1466 $fwdfwsettings{'ICMP_TYPES'} = $hash{$key}[9];
1467 $fwdfwsettings{'SRC_PORT'} = $hash{$key}[10];
1468 $fwdfwsettings{'USESRV'} = $hash{$key}[11];
1469 $fwdfwsettings{'TGT_PROT'} = $hash{$key}[12];
1470 $fwdfwsettings{'ICMP_TGT'} = $hash{$key}[13];
1471 $fwdfwsettings{'grp3'} = $hash{$key}[14];
1472 $fwdfwsettings{$fwdfwsettings{'grp3'}} = $hash{$key}[15];
1473 $fwdfwsettings{'ruleremark'} = $hash{$key}[16];
1474 $fwdfwsettings{'LOG'} = $hash{$key}[17];
1475 $fwdfwsettings{'TIME'} = $hash{$key}[18];
1476 $fwdfwsettings{'TIME_MON'} = $hash{$key}[19];
1477 $fwdfwsettings{'TIME_TUE'} = $hash{$key}[20];
1478 $fwdfwsettings{'TIME_WED'} = $hash{$key}[21];
1479 $fwdfwsettings{'TIME_THU'} = $hash{$key}[22];
1480 $fwdfwsettings{'TIME_FRI'} = $hash{$key}[23];
1481 $fwdfwsettings{'TIME_SAT'} = $hash{$key}[24];
1482 $fwdfwsettings{'TIME_SUN'} = $hash{$key}[25];
1483 $fwdfwsettings{'TIME_FROM'} = $hash{$key}[26];
1484 $fwdfwsettings{'TIME_TO'} = $hash{$key}[27];
2669161d 1485 $fwdfwsettings{'USE_NAT'} = $hash{$key}[28];
a6edca5a 1486 $fwdfwsettings{'nat'} = $hash{$key}[31]; #changed order
2669161d 1487 $fwdfwsettings{$fwdfwsettings{'nat'}} = $hash{$key}[29];
a6edca5a 1488 $fwdfwsettings{'dnatport'} = $hash{$key}[30];
79ad6f7e
AM		 1489 $fwdfwsettings{'LIMIT_CON_CON'} = $hash{$key}[32];
1490 $fwdfwsettings{'concon'} = $hash{$key}[33];
d8deec0b
AM		 1491 $fwdfwsettings{'RATE_LIMIT'} = $hash{$key}[34];
1492 $fwdfwsettings{'ratecon'} = $hash{$key}[35];
1493 $fwdfwsettings{'RATETIME'} = $hash{$key}[36];
2a81ab0d
AM		 1494 $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
1495 $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
1496 $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
1497 $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
1498 $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
1499 $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
1500 $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
1501 $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
1502 $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
1503 $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
1504 $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED';
1505 $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED';
1506 $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
1507 $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
1508 $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
2669161d 1509 $checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED';
f5f71c79 1510 $checked{'nat'}{$fwdfwsettings{'nat'}} = 'CHECKED';
79ad6f7e 1511 $checked{'LIMIT_CON_CON'}{$fwdfwsettings{'LIMIT_CON_CON'}} = 'CHECKED';
d8deec0b 1512 $checked{'RATE_LIMIT'}{$fwdfwsettings{'RATE_LIMIT'}} = 'CHECKED';
2a81ab0d
AM		 1513 $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
1514 $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
1515 $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
b044bb05 1516 $selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
95cda259 1517 $selected{'dnat'}{$fwdfwsettings{'dnat'}} ='selected';
2ed8330e 1518 $selected{'snat'}{$fwdfwsettings{'snat'}} ='selected';
d8deec0b 1519 $selected{'RATETIME'}{$fwdfwsettings{'RATETIME'}} ='selected';
2a81ab0d
AM		 1520 }
1521 }
1522 $fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'};
1523 $fwdfwsettings{'oldgrp1b'}=$fwdfwsettings{$fwdfwsettings{'grp1'}};
1524 $fwdfwsettings{'oldgrp2a'}=$fwdfwsettings{'grp2'};
1525 $fwdfwsettings{'oldgrp2b'}=$fwdfwsettings{$fwdfwsettings{'grp2'}};
1526 $fwdfwsettings{'oldgrp3a'}=$fwdfwsettings{'grp3'};
1527 $fwdfwsettings{'oldgrp3b'}=$fwdfwsettings{$fwdfwsettings{'grp3'}};
1528 $fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'};
02da9f7b 1529 $fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'};
2669161d 1530 $fwdfwsettings{'oldnat'}=$fwdfwsettings{'USE_NAT'};
8442c937 1531 $fwdfwsettings{'oldruletype'}=$fwdfwsettings{'chain'};
79ad6f7e 1532 $fwdfwsettings{'oldconcon'}=$fwdfwsettings{'LIMIT_CON_CON'};
d8deec0b 1533 $fwdfwsettings{'olduseratelimit'}=$fwdfwsettings{'RATE_LIMIT'};
57518765 1534 $fwdfwsettings{'olduseratelimitamount'}=$fwdfwsettings{'ratecon'};
d8deec0b
AM		 1535 $fwdfwsettings{'oldratelimittime'}=$fwdfwsettings{'RATETIME'};
1536
515863e2
AM		 1537 #check if manual ip (source) is orange network
1538 if ($fwdfwsettings{'grp1'} eq 'src_addr'){
1539 my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
1540 if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
1541 $fwdfwsettings{'oldorange'} ='on';
1542 }
1543 }
2a81ab0d
AM		 1544 }else{
1545 $fwdfwsettings{'ACTIVE'}='ON';
f5f71c79 1546 $fwdfwsettings{'nat'} = 'dnat';
2a81ab0d 1547 $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
f5f71c79 1548 $checked{'nat'}{$fwdfwsettings{'nat'}} = 'CHECKED';
515863e2
AM		 1549 $fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'};
1550 $fwdfwsettings{'oldgrp1b'}=$fwdfwsettings{$fwdfwsettings{'grp1'}};
1551 $fwdfwsettings{'oldgrp2a'}=$fwdfwsettings{'grp2'};
1552 $fwdfwsettings{'oldgrp2b'}=$fwdfwsettings{$fwdfwsettings{'grp2'}};
1553 $fwdfwsettings{'oldgrp3a'}=$fwdfwsettings{'grp3'};
1554 $fwdfwsettings{'oldgrp3b'}=$fwdfwsettings{$fwdfwsettings{'grp3'}};
1555 $fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'};
1556 $fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'};
2669161d 1557 $fwdfwsettings{'oldnat'}=$fwdfwsettings{'USE_NAT'};
79ad6f7e 1558 $fwdfwsettings{'oldconcon'}=$fwdfwsettings{'LIMIT_CON_CON'};
515863e2
AM		 1559 #check if manual ip (source) is orange network
1560 if ($fwdfwsettings{'grp1'} eq 'src_addr'){
1561 my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
1562 if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
1563 $fwdfwsettings{'oldorange'} ='on';
1564 }
1565 }
2a81ab0d 1566 }
f4d5310d
AM		 1567 # Split manual source and target address and delete the subnet
1568 my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
1569 if ($scidr eq '32'){$fwdfwsettings{$fwdfwsettings{'grp1'}}=$sip;}
1570 my ($dip,$dcidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp2'}});
90c2ce0c 1571 if ($dcidr eq '32'){$fwdfwsettings{$fwdfwsettings{'grp2'}}=$dip;}
2a81ab0d 1572 &Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'});
2a81ab0d 1573 #------SOURCE-------------------------------------------------------
ec6fd189 1574 print "<form method='post'>";
2a81ab0d
AM		 1575 print<<END;
1576 <table width='100%' border='0'>
ab4fe66f 1577 <tr><td width='1%'><input type='radio' name='grp1' value='src_addr' checked></td><td width='60%'>$Lang::tr{'fwdfw sourceip'}<input type='TEXT' name='src_addr' value='$fwdfwsettings{'src_addr'}' size='16' maxlength='18' ></td><td width='1%'><input type='radio' name='grp1' id='ipfire_src' value='ipfire_src' $checked{'grp1'}{'ipfire_src'}></td><td><b>Firewall</b></td>
a0fb1099
AM		 1578END
1579 print"<td align='right'><select name='ipfire_src' style='width:200px;'>";
b044bb05
AM		 1580 print "<option value='ALL' $selected{'ipfire_src'}{'ALL'}>$Lang::tr{'all'}</option>";
1581 print "<option value='GREEN' $selected{'ipfire_src'}{'GREEN'}>$Lang::tr{'green'} ($ifaces{'GREEN_ADDRESS'})</option>" if $ifaces{'GREEN_ADDRESS'};
595a90f0
AM		 1582 print "<option value='ORANGE' $selected{'ipfire_src'}{'ORANGE'}>$Lang::tr{'orange'} ($ifaces{'ORANGE_ADDRESS'})</option>" if (&Header::orange_used());
1583 print "<option value='BLUE' $selected{'ipfire_src'}{'BLUE'}>$Lang::tr{'blue'} ($ifaces{'BLUE_ADDRESS'})</option>" if (&Header::blue_used());
b044bb05 1584 print "<option value='RED1' $selected{'ipfire_src'}{'RED1'}>$Lang::tr{'red1'} ($redip)" if ($redip);
a0fb1099
AM		 1585 if (! -z "${General::swroot}/ethernet/aliases"){
1586 foreach my $alias (sort keys %aliases)
1587 {
f1dd1972 1588 print "<option value='$alias' $selected{'ipfire_src'}{$alias}>$alias ($aliases{$alias}{'IPT'})</option>";
a0fb1099
AM		 1589 }
1590 }
1591 print<<END;
b88c8829 1592 </select></td></tr>
62f34bba
AM		 1593 <tr><td><br></td></tr>
1594 </table>
2a81ab0d 1595END
a4c7bf6b 1596 &gen_dd_block('src','grp1');
2a81ab0d 1597 &Header::closebox();
bee56a2d 1598
fadcfb73
AM		 1599 #---SNAT / DNAT ------------------------------------------------
1600 &Header::openbox('100%', 'left', 'NAT');
1601 print<<END;
93e0855b 1602 <label>
0eadfdad 1603 <input type='checkbox' name='USE_NAT' id='USE_NAT' value="ON" $checked{'USE_NAT'}{'ON'}>
93e0855b
MT		 1604 $Lang::tr{'fwdfw use nat'}
1605 </label>
6bcb5ffe 1606 <div class="NAT">
90d752a6 1607 <table class='fw-nat' width='100%' border='0'>
93e0855b 1608 <tr>
bee56a2d
MT		 1609 <td width='5%'></td>
1610 <td width='40%'>
1611 <label>
4234ca5d 1612 <input type='radio' name='nat' value='dnat' $checked{'nat'}{'dnat'}>
bee56a2d
MT		 1613 $Lang::tr{'fwdfw dnat'}
1614 </label>
1615 </td>
1616END
1617
1aa5439c 1618 print <<END;
90d752a6 1619 <td width='25%' align='right'><span class='dnat'>$Lang::tr{'dnat address'}:</span></td>
bee56a2d 1620 <td width='30%'>
90d752a6 1621 <select name='dnat' class='dnat' style='width: 100%;'>
1aa5439c 1622 <option value='AUTO' $selected{'dnat'}{'AUTO'}>- $Lang::tr{'automatic'} -</option>
95cda259 1623 <option value='Default IP' $selected{'dnat'}{'Default IP'}>$Lang::tr{'red1'} ($redip)</option>
bee56a2d 1624END
1aa5439c 1625 if (%aliases) {
bee56a2d 1626 foreach my $alias (sort keys %aliases) {
11ab2c7d 1627 print "<option value='$alias' $selected{'dnat'}{$alias}>$alias ($aliases{$alias}{'IPT'})</option>";
bee56a2d 1628 }
fadcfb73 1629 }
1aa5439c
AM		 1630 #DNAT Dropdown
1631 foreach my $network (sort keys %defaultNetworks)
1632 {
1633 if ($defaultNetworks{$network}{'NAME'} eq 'BLUE'||$defaultNetworks{$network}{'NAME'} eq 'GREEN' ||$defaultNetworks{$network}{'NAME'} eq 'ORANGE'){
1634 print "<option value='$defaultNetworks{$network}{'NAME'}'";
cc77ac23 1635 print " selected='selected'" if ($fwdfwsettings{'dnat'} eq $defaultNetworks{$network}{'NAME'});
1aa5439c
AM		 1636 print ">$network ($defaultNetworks{$network}{'NET'})</option>";
1637 }
1638 }
1639 print "</select>";
bee56a2d
MT		 1640 print "</tr>";
1641
fadcfb73 1642 #SNAT
bee56a2d
MT		 1643 print <<END;
1644 <tr>
1645 <td width='5%'></td>
1646 <td width='40%'>
1647 <label>
4234ca5d 1648 <input type='radio' name='nat' value='snat' $checked{'nat'}{'snat'}>
bee56a2d
MT		 1649 $Lang::tr{'fwdfw snat'}
1650 </label>
1651 </td>
90d752a6 1652 <td width='25%' align='right'><span class='snat'>$Lang::tr{'snat new source ip address'}:</span></td>
bee56a2d 1653 <td width='30%'>
90d752a6 1654 <select name='snat' class='snat' style='width: 100%;'>
bee56a2d
MT		 1655END
1656
1657 foreach my $alias (sort keys %aliases) {
11ab2c7d 1658 print "<option value='$alias' $selected{'snat'}{$alias}>$alias ($aliases{$alias}{'IPT'})</option>";
bee56a2d 1659 }
1aa5439c 1660 # SNAT Dropdown
bee56a2d 1661 foreach my $network (sort keys %defaultNetworks) {
1aa5439c
AM		 1662 if ($defaultNetworks{$network}{'NAME'} eq 'BLUE'||$defaultNetworks{$network}{'NAME'} eq 'GREEN' ||$defaultNetworks{$network}{'NAME'} eq 'ORANGE'){
1663 print "<option value='$defaultNetworks{$network}{'NAME'}'";
cc77ac23 1664 print " selected='selected'" if ($fwdfwsettings{'snat'} eq $defaultNetworks{$network}{'NAME'});
1aa5439c
AM		 1665 print ">$network ($defaultNetworks{$network}{'NET'})</option>";
1666 }
fadcfb73 1667 }
bee56a2d
MT		 1668 print <<END;
1669 </select>
1670 </td>
1671 </tr>
1672 </table>
1673 </div>
1674END
fadcfb73 1675 &Header::closebox();
bee56a2d 1676
2a81ab0d
AM		 1677 #---TARGET------------------------------------------------------
1678 &Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'});
1679 print<<END;
1680 <table width='100%' border='0'>
ab4fe66f 1681 <tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr' checked></td><td width='60%' nowrap='nowrap'>$Lang::tr{'fwdfw targetip'}<input type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16' maxlength='18'><td width='1%'><input type='radio' name='grp2' id='ipfire' value='ipfire' $checked{'grp2'}{'ipfire'}></td><td><b>Firewall</b></td>
2a81ab0d 1682END
05d4f131 1683 print"<td align='right'><select name='ipfire' style='width:200px;'>";
a0fb1099
AM		 1684 print "<option value='ALL' $selected{'ipfire'}{'ALL'}>$Lang::tr{'all'}</option>";
1685 print "<option value='GREEN' $selected{'ipfire'}{'GREEN'}>$Lang::tr{'green'} ($ifaces{'GREEN_ADDRESS'})</option>" if $ifaces{'GREEN_ADDRESS'};
595a90f0
AM		 1686 print "<option value='ORANGE' $selected{'ipfire'}{'ORANGE'}>$Lang::tr{'orange'} ($ifaces{'ORANGE_ADDRESS'})</option>" if (&Header::orange_used());
1687 print "<option value='BLUE' $selected{'ipfire'}{'BLUE'}>$Lang::tr{'blue'} ($ifaces{'BLUE_ADDRESS'})</option>"if (&Header::blue_used());
fc83b09d 1688 print "<option value='RED1' $selected{'ipfire'}{'RED1'}>$Lang::tr{'red1'} ($redip)" if ($redip);
05d4f131 1689 if (! -z "${General::swroot}/ethernet/aliases"){
bedb72f3
AM		 1690 foreach my $alias (sort keys %aliases)
1691 {
f1dd1972 1692 print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias ($aliases{$alias}{'IPT'})</option>";
bedb72f3 1693 }
2a81ab0d 1694 }
2a81ab0d 1695 print<<END;
b88c8829 1696 </select></td></tr>
62f34bba 1697 <tr><td><br></td></tr></table>
2a81ab0d 1698END
8013bd0a 1699 &gen_dd_block('tgt','grp2');
a4c7bf6b
AM		 1700 &Header::closebox;
1701 #---PROTOCOL------------------------------------------------------
901aa8b9
MT		 1702 $fwdfwsettings{'SRC_PORT'} =~ s/\|/,/g;
1703 $fwdfwsettings{'TGT_PORT'} =~ s/\|/,/g;
1704 $fwdfwsettings{'dnatport'} =~ tr/|/,/;
1705
1706 # The dnatport may be empty, if it matches TGT_PORT
1707 if ($fwdfwsettings{'dnatport'} eq $fwdfwsettings{'TGT_PORT'}) {
1708 $fwdfwsettings{'dnatport'} = "";
1709 }
1710
a4c7bf6b 1711 &Header::openbox('100%', 'left', $Lang::tr{'fwhost prot'});
79bb8c75
AM		 1712 #Fix Protocol for JQuery
1713 if ($fwdfwsettings{'grp3'} eq 'cust_srv' || $fwdfwsettings{'grp3'} eq 'cust_srvgrp'){
1714 $fwdfwsettings{'PROT'} = 'template';
1715 }
a4c7bf6b 1716 print<<END;
901aa8b9 1717 <table width='100%' border='0'>
a1e89f48 1718 <tr>
901aa8b9
MT		 1719 <td width="25%">
1720 <select name='PROT' id='protocol' style="width: 95px;">
a4c7bf6b 1721END
a1e89f48
MT		 1722 print "<option value=\"\"";
1723 if ($fwdfwsettings{'PROT'} eq '') {
1724 print " selected=\"selected\"";
a4c7bf6b 1725 }
a1e89f48
MT		 1726 print ">$Lang::tr{'all'}</option>";
1727
1728 print "<option value=\"template\"";
79bb8c75 1729 print " selected=\"selected\"" if ($fwdfwsettings{'grp3'} eq 'cust_srv' || $fwdfwsettings{'grp3'} eq 'cust_srvgrp');
a1e89f48
MT		 1730 print ">- $Lang::tr{'template'} -</option>";
1731
1732 foreach (@PROTOCOLS) {
1733 print"<option value=\"$_\"";
1734 if ($_ eq $fwdfwsettings{'PROT'}) {
1735 print " selected=\"selected\"";
a4c7bf6b 1736 }
9c89c64d
AM		 1737 if($_ eq "IPv6"){
1738 print ">$Lang::tr{'fwdfw prot41'}</option>";
1739 }else{
1740 print ">$_</option>";
1741 }
a4c7bf6b 1742 }
901aa8b9 1743
a4c7bf6b 1744 print<<END;
a1e89f48
MT		 1745 </select>
1746 </td>
901aa8b9
MT		 1747 <td width="75%">
1748 <table width='100%' border='0' id="PROTOCOL_ICMP_TYPES">
1749 <tr>
1750 <td width='20%'>$Lang::tr{'fwhost icmptype'}</td>
1751 <td colspan='2'>
1752 <select name='ICMP_TYPES' style='min-width:230px;'>
a4c7bf6b
AM		 1753END
1754 &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
86a921ee 1755 print"<option value='All ICMP-Types'>$Lang::tr{'fwdfw all icmp'}</option>";
a4c7bf6b
AM		 1756 foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
1757 if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){
1758 print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
1759 }else{
1760 print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
1761 }
1762 }
a1e89f48
MT		 1763
1764 print <<END;
901aa8b9
MT		 1765 </select>
1766 </td>
1767 </tr>
1768 </table>
a1e89f48 1769
901aa8b9
MT		 1770 <table width="100%" border="0" id="PROTOCOL_PORTS">
1771 <tr>
1772 <!-- #SOURCEPORT -->
1773 <td>
1774 $Lang::tr{'fwdfw use srcport'}
1775 </td>
1776 <td>
1777 <input type='text' name='SRC_PORT' value='$fwdfwsettings{'SRC_PORT'}' maxlength='20' size='18'>
1778 </td>
1779 <td width='10%'>
1780 </td>
6bcb5ffe 1781
901aa8b9
MT		 1782 <!-- #TARGETPORT -->
1783 <td>
1784 $Lang::tr{'fwdfw use srv'}
1785 </td>
a1e89f48 1786
901aa8b9
MT		 1787 <td>
1788 <input type='text' name='TGT_PORT' value='$fwdfwsettings{'TGT_PORT'}' maxlength='20' size='18'>
1789 </td>
1790 </tr>
1791 <tr class="NAT">
1792 <td colspan='3'></td>
1793 <td>$Lang::tr{'fwdfw external port nat'}:</td>
1794 <td>
1795 <input type='text' name='dnatport' value=\"$fwdfwsettings{'dnatport'}\" maxlength='20' size='18'>
1796 </td>
1797 </tr>
1798 </table>
a1e89f48 1799
901aa8b9
MT		 1800 <table width="100%" border="0" id="PROTOCOL_TEMPLATE">
1801 <tr>
1802 <td>
1803 <input type='radio' name='grp3' id='cust_srv' value='cust_srv' checked>
1804 $Lang::tr{'fwhost cust service'}
1805 </td>
1806 <td>
1807 <select name='cust_srv' style='min-width: 230px;'>
2a81ab0d 1808END
901aa8b9 1809
2a81ab0d 1810 &General::readhasharray("$configsrv", \%customservice);
eff2dbf8 1811 foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
2a81ab0d
AM		 1812 print"<option ";
1813 print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]);
1814 print"value='$customservice{$key}[0]'>$customservice{$key}[0]</option>";
a1e89f48
MT		 1815 }
1816
901aa8b9
MT		 1817 print <<END;
1818 </select>
1819 </td>
1820 </tr>
1821 <tr>
1822 <td>
1823 <input type='radio' name='grp3' id='cust_srvgrp' value='cust_srvgrp' $checked{'grp3'}{'cust_srvgrp'}>
1824 $Lang::tr{'fwhost cust srvgrp'}
1825 </td>
1826 <td>
1827 <select name='cust_srvgrp' style='min-width:230px;'>
2a81ab0d 1828END
a1e89f48 1829
2a81ab0d
AM		 1830 &General::readhasharray("$configsrvgrp", \%customservicegrp);
1831 my $helper;
eff2dbf8 1832 foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){
aeefcc9c 1833 if ($helper ne $customservicegrp{$key}[0] && $customservicegrp{$key}[2] ne 'none'){
2a81ab0d
AM		 1834 print"<option ";
1835 print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservicegrp{$key}[0]);
1836 print">$customservicegrp{$key}[0]</option>";
1837 }
1838 $helper=$customservicegrp{$key}[0];
901aa8b9
MT		 1839 }
1840
2a81ab0d 1841 print<<END;
901aa8b9
MT		 1842 </select>
1843 </td>
1844 </tr>
1845 </table>
a1e89f48
MT		 1846 </td>
1847 </tr>
1848 </table>
2a81ab0d 1849END
a1e89f48 1850
fadcfb73 1851 &Header::closebox;
f0dc00d8 1852 $checked{"RULE_ACTION"}{$fwdfwsettings{'RULE_ACTION'}} = 'CHECKED';
0c7d0c08 1853 print <<END;
0c7d0c08 1854 <center>
8e713726 1855 <table width="80%" class='tbl' id='actions'>
0c7d0c08
MT		 1856 <tr>
1857 <td width="33%" align="center" bgcolor="$color{'color17'}">
1858 &nbsp;<br>&nbsp;
1859 </td>
1860 <td width="33%" align="center" bgcolor="$color{'color25'}">
1861 &nbsp;<br>&nbsp;
1862 </td>
1863 <td width="33%" align="center" bgcolor="$color{'color16'}">
1864 &nbsp;<br>&nbsp;
1865 </td>
1866 </tr>
1867 <tr>
1868 <td width="33%" align="center">
1869 <label>
1870 <input type="radio" name="RULE_ACTION" value="ACCEPT" $checked{"RULE_ACTION"}{"ACCEPT"}>
1871 <strong>$Lang::tr{'fwdfw ACCEPT'}</strong>
1872 </label>
1873 </td>
1874 <td width="33%" align="center">
1875 <label>
1876 <input type="radio" name="RULE_ACTION" value="DROP" $checked{"RULE_ACTION"}{"DROP"}>
1877 <strong>$Lang::tr{'fwdfw DROP'}</strong>
1878 </label>
1879 </td>
1880 <td width="33%" align="center">
1881 <label>
1882 <input type="radio" name="RULE_ACTION" value="REJECT" $checked{"RULE_ACTION"}{"REJECT"}>
1883 <strong>$Lang::tr{'fwdfw REJECT'}</strong>
1884 </label>
1885 </td>
1886 </tr>
1887 </table>
1888 </center>
1889
1890 <br>
1891END
2a81ab0d
AM		 1892 #---Activate/logging/remark-------------------------------------
1893 &Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'});
1894 print<<END;
43d8be09 1895 <table width='100%' border='0'>
2da264ec 1896END
b88c8829 1897 print"<tr><td width='12%'>$Lang::tr{'remark'}:</td><td width='88%' align='left'><input type='text' name='ruleremark' maxlength='255' value='$fwdfwsettings{'ruleremark'}' style='width:99%;'></td></tr>";
2da264ec
AM		 1898 if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on'){
1899 print "<tr><td width='12%'>$Lang::tr{'fwdfw rulepos'}:</td><td><select name='rulepos' >";
1900 for (my $count =1; $count <= $sum; $count++){
1901 print"<option value='$count' ";
1902 print"selected='selected'" if($fwdfwsettings{'oldrulenumber'} eq $count);
1903 print">$count</option>";
1904 }
1905 print"</select></td></tr>";
70d38e50
AM		 1906 }else{
1907 print "<tr><td width='12%'>$Lang::tr{'fwdfw rulepos'}:</td><td><input type='text' name='rulepos' size='2'></td></tr>";
2da264ec
AM		 1908 }
1909
1910 print<<END;
d8d7dd3b
MT		 1911 </table>
1912 <table width='100%'>
1913 <tr>
1914END
1915
1916 if ($fwdfwsettings{'updatefwrule'} eq 'on') {
1917 print <<END;
1918 <td>
0eadfdad 1919 <input type='checkbox' name='ACTIVE' value="ON" $checked{'ACTIVE'}{'ON'}>
d8d7dd3b
MT		 1920 </td>
1921 <td>$Lang::tr{'fwdfw rule activate'}</td>
1922END
1923 } else {
1924 print <<END;
1925 <td colspan="2">
1926 <input type="hidden" name="ACTIVE" value="ON">
1927 </td>
1928END
1929 }
1930
1931 print <<END;
1932 </tr>
1933 <tr>
1934 <td>
1935 <input type='checkbox' name='LOG' value='ON' $checked{'LOG'}{'ON'}>
1936 </td>
1937 <td>$Lang::tr{'fwdfw log rule'}</td>
1938 </tr>
f18c3831
MT		 1939 <tr>
1940 <td width='1%'>
1941 <input type='checkbox' name='TIME' id="USE_TIME_CONSTRAINTS" value='ON' $checked{'TIME'}{'ON'}>
1942 </td>
1943 <td>$Lang::tr{'fwdfw timeframe'}</td>
1944 </tr>
1945 <tr id="TIME_CONSTRAINTS">
1946 <td colspan="2">
1947 <table width="66%" border="0">
1948 <tr>
1949 <td width="8em">&nbsp;</td>
1950 <td align="center">$Lang::tr{'advproxy monday'}</td>
1951 <td align="center">$Lang::tr{'advproxy tuesday'}</td>
1952 <td align="center">$Lang::tr{'advproxy wednesday'}</td>
1953 <td align="center">$Lang::tr{'advproxy thursday'}</td>
1954 <td align="center">$Lang::tr{'advproxy friday'}</td>
1955 <td align="center">$Lang::tr{'advproxy saturday'}</td>
1956 <td align="center">$Lang::tr{'advproxy sunday'}</td>
1957 <td>&nbsp;</td>
1958 </tr>
1959 <tr>
1960 <td width="8em">&nbsp;</td>
1961 <td align="center"><input type='checkbox' name='TIME_MON' value='on' $checked{'TIME_MON'}{'on'} ></td>
1962 <td align="center"><input type='checkbox' name='TIME_TUE' value='on' $checked{'TIME_TUE'}{'on'} ></td>
1963 <td align="center"><input type='checkbox' name='TIME_WED' value='on' $checked{'TIME_WED'}{'on'} ></td>
1964 <td align="center"><input type='checkbox' name='TIME_THU' value='on' $checked{'TIME_THU'}{'on'} ></td>
1965 <td align="center"><input type='checkbox' name='TIME_FRI' value='on' $checked{'TIME_FRI'}{'on'} ></td>
1966 <td align="center"><input type='checkbox' name='TIME_SAT' value='on' $checked{'TIME_SAT'}{'on'} ></td>
1967 <td align="center"><input type='checkbox' name='TIME_SUN' value='on' $checked{'TIME_SUN'}{'on'} ></td>
1968 <td>
1969 <select name='TIME_FROM'>
2a81ab0d
AM		 1970END
1971 for (my $i=0;$i<=23;$i++) {
1972 $i = sprintf("%02s",$i);
1973 for (my $j=0;$j<=45;$j+=15) {
1974 $j = sprintf("%02s",$j);
1975 my $time = $i.":".$j;
f18c3831 1976 print "<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n";
2a81ab0d
AM		 1977 }
1978 }
1979 print<<END;
f18c3831
MT		 1980 </select> &dash;
1981 <select name='TIME_TO'>
2a81ab0d
AM		 1982END
1983 for (my $i=0;$i<=23;$i++) {
1984 $i = sprintf("%02s",$i);
1985 for (my $j=0;$j<=45;$j+=15) {
1986 $j = sprintf("%02s",$j);
1987 my $time = $i.":".$j;
f18c3831 1988 print "<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
2a81ab0d
AM		 1989 }
1990 }
8013bd0a 1991 print<<END;
f18c3831
MT		 1992 </select>
1993 </td>
1994 </tr>
1995 </table>
1996 </td>
1997 </tr>
79ad6f7e
AM		 1998 <tr>
1999 <td width='1%'>
2000 <input type='checkbox' name='LIMIT_CON_CON' id="USE_LIMIT_CONCURRENT_CONNECTIONS_PER_IP" value='ON' $checked{'LIMIT_CON_CON'}{'ON'}>
2001 </td>
2002 <td>$Lang::tr{'fwdfw limitconcon'}</td>
2003 </tr>
2004 <tr id="LIMIT_CON">
2005 <td colspan='2'>
2006 <table width='66%' border='0'>
2007 <tr>
2008 <td width="20em">&nbsp;</td>
2009 <td>$Lang::tr{'fwdfw maxconcon'}: <input type='text' name='concon' size='2' value="$fwdfwsettings{'concon'}"></td>
2010 </tr>
2011 </table>
2012 </td>
2013 </tr>
d8deec0b
AM		 2014 <tr>
2015 <td width='1%'>
2016 <input type='checkbox' name='RATE_LIMIT' id="USE_RATELIMIT" value='ON' $checked{'RATE_LIMIT'}{'ON'}>
2017 </td>
2018 <td>$Lang::tr{'fwdfw ratelimit'}</td>
2019 </tr>
2020 <tr id="RATELIMIT">
2021 <td colspan='2'>
2022 <table width='66%' border='0'>
2023 <tr>
2024 <td width="20em">&nbsp;</td>
2025 <td>$Lang::tr{'fwdfw numcon'}: <input type='text' name='ratecon' size='2' value="$fwdfwsettings{'ratecon'}"> /
2026 <select name='RATETIME' style='width:100px;'>
2027 <option value='second' $selected{'RATETIME'}{'second'}>$Lang::tr{'age second'}</option>
2028 <option value='minute' $selected{'RATETIME'}{'minute'}>$Lang::tr{'minute'}</option>
2029 <option value='hour' $selected{'RATETIME'}{'hour'}>$Lang::tr{'hour'}</option>
2030 </select>
2031 </td>
2032 </tr>
2033 </table>
2034 </td>
2035 </tr>
f18c3831 2036 </table>
62f34bba 2037 <br>
8013bd0a 2038END
f18c3831 2039
8013bd0a
AM		 2040 #---ACTION------------------------------------------------------
2041 if($fwdfwsettings{'updatefwrule'} ne 'on'){
2042 print<<END;
2043 <table border='0' width='100%'>
2044 <tr><td align='right'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' />
2045 <input type='hidden' name='config' value='$config' >
b88c8829
AM		 2046 <input type='hidden' name='ACTION' value='saverule' ></form>
2047 <form method='post' style='display:inline;'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='reset'></form></td></tr>
2048 </table>
2049 <br>
8013bd0a
AM		 2050END
2051 }else{
2052 print<<END;
2053 <table border='0' width='100%'>
2054 <tr><td align='right'><input type='submit' value='$Lang::tr{'fwdfw change'}' style='min-width:100px;' /><input type='hidden' name='updatefwrule' value='$fwdfwsettings{'updatefwrule'}'><input type='hidden' name='key' value='$fwdfwsettings{'key'}'>
2055 <input type='hidden' name='oldgrp1a' value='$fwdfwsettings{'oldgrp1a'}' />
2056 <input type='hidden' name='oldgrp1b' value='$fwdfwsettings{'oldgrp1b'}' />
2057 <input type='hidden' name='oldgrp2a' value='$fwdfwsettings{'oldgrp2a'}' />
2058 <input type='hidden' name='oldgrp2b' value='$fwdfwsettings{'oldgrp2b'}' />
2059 <input type='hidden' name='oldgrp3a' value='$fwdfwsettings{'oldgrp3a'}' />
2060 <input type='hidden' name='oldgrp3b' value='$fwdfwsettings{'oldgrp3b'}' />
2061 <input type='hidden' name='oldusesrv' value='$fwdfwsettings{'oldusesrv'}' />
2062 <input type='hidden' name='oldrulenumber' value='$fwdfwsettings{'oldrulenumber'}' />
2063 <input type='hidden' name='rulenumber' value='$fwdfwsettings{'rulepos'}' />
2064 <input type='hidden' name='oldruleremark' value='$fwdfwsettings{'oldruleremark'}' />
2065 <input type='hidden' name='oldorange' value='$fwdfwsettings{'oldorange'}' />
2669161d
AM		 2066 <input type='hidden' name='oldnat' value='$fwdfwsettings{'oldnat'}' />
2067 <input type='hidden' name='oldruletype' value='$fwdfwsettings{'oldruletype'}' />
79ad6f7e 2068 <input type='hidden' name='oldconcon' value='$fwdfwsettings{'oldconcon'}' />
8013bd0a
AM		 2069 <input type='hidden' name='ACTION' value='saverule' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value'reset'></td></td>
2070 </table></form>
2071END
2072 }
2073 &Header::closebox();
2074}
2075sub pos_up
2076{
2077 my %uphash=();
2078 my %tmp=();
2079 &General::readhasharray($fwdfwsettings{'config'}, \%uphash);
2080 foreach my $key (sort keys %uphash){
2081 if ($key eq $fwdfwsettings{'key'}) {
2082 my $last = $key -1;
2083 if (exists $uphash{$last}){
2084 #save rule last
2085 foreach my $y (0 .. $#{$uphash{$last}}) {
2086 $tmp{0}[$y] = $uphash{$last}[$y];
2087 }
2088 #copy active rule to last
2089 foreach my $i (0 .. $#{$uphash{$last}}) {
2090 $uphash{$last}[$i] = $uphash{$key}[$i];
2091 }
2092 #copy saved rule to actual position
2093 foreach my $x (0 .. $#{$tmp{0}}) {
2094 $uphash{$key}[$x] = $tmp{0}[$x];
2095 }
2096 }
2097 }
2098 }
2099 &General::writehasharray($fwdfwsettings{'config'}, \%uphash);
0e430797 2100 &General::firewall_config_changed();
8013bd0a
AM		 2101}
2102sub pos_down
2103{
2104 my %downhash=();
2105 my %tmp=();
2106 &General::readhasharray($fwdfwsettings{'config'}, \%downhash);
2107 foreach my $key (sort keys %downhash){
2108 if ($key eq $fwdfwsettings{'key'}) {
2109 my $next = $key + 1;
2110 if (exists $downhash{$next}){
2111 #save rule next
2112 foreach my $y (0 .. $#{$downhash{$next}}) {
2113 $tmp{0}[$y] = $downhash{$next}[$y];
2114 }
2115 #copy active rule to next
2116 foreach my $i (0 .. $#{$downhash{$next}}) {
2117 $downhash{$next}[$i] = $downhash{$key}[$i];
2118 }
2119 #copy saved rule to actual position
2120 foreach my $x (0 .. $#{$tmp{0}}) {
2121 $downhash{$key}[$x] = $tmp{0}[$x];
2122 }
2123 }
2124 }
2125 }
2126 &General::writehasharray($fwdfwsettings{'config'}, \%downhash);
0e430797 2127 &General::firewall_config_changed();
2a81ab0d
AM		 2128}
2129sub saverule
2130{
2a81ab0d
AM		 2131 my $hash=shift;
2132 my $config=shift;
2133 &General::readhasharray("$config", $hash);
2134 if (!$errormessage){
2669161d 2135 ################################################################
2669161d 2136 #check if we change an INPUT rule to a OUTGOING
c12392c0 2137 if($fwdfwsettings{'oldruletype'} eq 'INPUTFW' && $fwdfwsettings{'chain'} eq 'OUTGOINGFW' ){
2669161d 2138 &changerule($configinput);
c12392c0 2139 #print"1";
d7127db8 2140 }
8442c937 2141 #check if we change an INPUT rule to a FORWARD
2669161d
AM		 2142 elsif($fwdfwsettings{'oldruletype'} eq 'INPUTFW' && $fwdfwsettings{'chain'} eq 'FORWARDFW' ){
2143 &changerule($configinput);
c12392c0 2144 #print"2";
d7127db8 2145 }
2669161d
AM		 2146 ################################################################
2147 #check if we change an OUTGOING rule to an INPUT
2148 elsif($fwdfwsettings{'oldruletype'} eq 'OUTGOINGFW' && $fwdfwsettings{'chain'} eq 'INPUTFW' ){
2149 &changerule($configoutgoing);
c12392c0 2150 #print"3";
d7127db8 2151 }
8442c937 2152 #check if we change an OUTGOING rule to a FORWARD
2669161d 2153 elsif($fwdfwsettings{'oldruletype'} eq 'OUTGOINGFW' && $fwdfwsettings{'chain'} eq 'FORWARDFW' ){
d7127db8 2154 &changerule($configoutgoing);
c12392c0 2155 #print"4";
2669161d
AM		 2156 }
2157 ################################################################
2158 #check if we change a FORWARD rule to an INPUT
2159 elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && $fwdfwsettings{'chain'} eq 'INPUTFW'){
2160 &changerule($configfwdfw);
c12392c0 2161 #print"5";
2669161d
AM		 2162 }
2163 #check if we change a FORWARD rule to an OUTGOING
2164 elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && $fwdfwsettings{'chain'} eq 'OUTGOINGFW'){
2165 &changerule($configfwdfw);
c12392c0 2166 #print"6";
2669161d 2167 }
65c9b3a5 2168 $fwdfwsettings{'ruleremark'}=~ s/,/;/g;
323923d9 2169 utf8::decode($fwdfwsettings{'ruleremark'});
abb3cfcc 2170 $fwdfwsettings{'ruleremark'}=&Header::escape($fwdfwsettings{'ruleremark'});
2da264ec 2171 if ($fwdfwsettings{'updatefwrule'} ne 'on'){
2a81ab0d
AM		 2172 my $key = &General::findhasharraykey ($hash);
2173 $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
2174 $$hash{$key}[1] = $fwdfwsettings{'chain'};
2175 $$hash{$key}[2] = $fwdfwsettings{'ACTIVE'};
2176 $$hash{$key}[3] = $fwdfwsettings{'grp1'};
2177 $$hash{$key}[4] = $fwdfwsettings{$fwdfwsettings{'grp1'}};
2178 $$hash{$key}[5] = $fwdfwsettings{'grp2'};
2179 $$hash{$key}[6] = $fwdfwsettings{$fwdfwsettings{'grp2'}};
2180 $$hash{$key}[7] = $fwdfwsettings{'USE_SRC_PORT'};
2181 $$hash{$key}[8] = $fwdfwsettings{'PROT'};
2182 $$hash{$key}[9] = $fwdfwsettings{'ICMP_TYPES'};
2183 $$hash{$key}[10] = $fwdfwsettings{'SRC_PORT'};
2184 $$hash{$key}[11] = $fwdfwsettings{'USESRV'};
2185 $$hash{$key}[12] = $fwdfwsettings{'TGT_PROT'};
2186 $$hash{$key}[13] = $fwdfwsettings{'ICMP_TGT'};
2187 $$hash{$key}[14] = $fwdfwsettings{'grp3'};
2188 $$hash{$key}[15] = $fwdfwsettings{$fwdfwsettings{'grp3'}};
2189 $$hash{$key}[16] = $fwdfwsettings{'ruleremark'};
2190 $$hash{$key}[17] = $fwdfwsettings{'LOG'};
2191 $$hash{$key}[18] = $fwdfwsettings{'TIME'};
2192 $$hash{$key}[19] = $fwdfwsettings{'TIME_MON'};
2193 $$hash{$key}[20] = $fwdfwsettings{'TIME_TUE'};
2194 $$hash{$key}[21] = $fwdfwsettings{'TIME_WED'};
2195 $$hash{$key}[22] = $fwdfwsettings{'TIME_THU'};
2196 $$hash{$key}[23] = $fwdfwsettings{'TIME_FRI'};
2197 $$hash{$key}[24] = $fwdfwsettings{'TIME_SAT'};
2198 $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'};
2199 $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'};
2200 $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
c12392c0
AM		 2201 $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'};
2202 $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
2203 $$hash{$key}[30] = $fwdfwsettings{'dnatport'};
2204 $$hash{$key}[31] = $fwdfwsettings{'nat'};
79ad6f7e
AM		 2205 $$hash{$key}[32] = $fwdfwsettings{'LIMIT_CON_CON'};
2206 $$hash{$key}[33] = $fwdfwsettings{'concon'};
d8deec0b
AM		 2207 $$hash{$key}[34] = $fwdfwsettings{'RATE_LIMIT'};
2208 $$hash{$key}[35] = $fwdfwsettings{'ratecon'};
2209 $$hash{$key}[36] = $fwdfwsettings{'RATETIME'};
2a81ab0d
AM		 2210 &General::writehasharray("$config", $hash);
2211 }else{
e44fa079
AM		 2212 foreach my $key (sort {$a <=> $b} keys %$hash){
2213 if($key eq $fwdfwsettings{'key'}){
2214 $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
2215 $$hash{$key}[1] = $fwdfwsettings{'chain'};
2216 $$hash{$key}[2] = $fwdfwsettings{'ACTIVE'};
2217 $$hash{$key}[3] = $fwdfwsettings{'grp1'};
2218 $$hash{$key}[4] = $fwdfwsettings{$fwdfwsettings{'grp1'}};
2219 $$hash{$key}[5] = $fwdfwsettings{'grp2'};
2220 $$hash{$key}[6] = $fwdfwsettings{$fwdfwsettings{'grp2'}};
2221 $$hash{$key}[7] = $fwdfwsettings{'USE_SRC_PORT'};
2222 $$hash{$key}[8] = $fwdfwsettings{'PROT'};
2223 $$hash{$key}[9] = $fwdfwsettings{'ICMP_TYPES'};
2224 $$hash{$key}[10] = $fwdfwsettings{'SRC_PORT'};
2225 $$hash{$key}[11] = $fwdfwsettings{'USESRV'};
2226 $$hash{$key}[12] = $fwdfwsettings{'TGT_PROT'};
2227 $$hash{$key}[13] = $fwdfwsettings{'ICMP_TGT'};
2228 $$hash{$key}[14] = $fwdfwsettings{'grp3'};
2229 $$hash{$key}[15] = $fwdfwsettings{$fwdfwsettings{'grp3'}};
2230 $$hash{$key}[16] = $fwdfwsettings{'ruleremark'};
2231 $$hash{$key}[17] = $fwdfwsettings{'LOG'};
2232 $$hash{$key}[18] = $fwdfwsettings{'TIME'};
2233 $$hash{$key}[19] = $fwdfwsettings{'TIME_MON'};
2234 $$hash{$key}[20] = $fwdfwsettings{'TIME_TUE'};
2235 $$hash{$key}[21] = $fwdfwsettings{'TIME_WED'};
2236 $$hash{$key}[22] = $fwdfwsettings{'TIME_THU'};
2237 $$hash{$key}[23] = $fwdfwsettings{'TIME_FRI'};
2238 $$hash{$key}[24] = $fwdfwsettings{'TIME_SAT'};
2239 $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'};
2240 $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'};
2241 $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
c12392c0
AM		 2242 $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'};
2243 $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
2244 $$hash{$key}[30] = $fwdfwsettings{'dnatport'};
2245 $$hash{$key}[31] = $fwdfwsettings{'nat'};
79ad6f7e
AM		 2246 $$hash{$key}[32] = $fwdfwsettings{'LIMIT_CON_CON'};
2247 $$hash{$key}[33] = $fwdfwsettings{'concon'};
d8deec0b
AM		 2248 $$hash{$key}[34] = $fwdfwsettings{'RATE_LIMIT'};
2249 $$hash{$key}[35] = $fwdfwsettings{'ratecon'};
2250 $$hash{$key}[36] = $fwdfwsettings{'RATETIME'};
e44fa079
AM		 2251 last;
2252 }
2253 }
2254 }
2255 &General::writehasharray("$config", $hash);
0918e516 2256 if($fwdfwsettings{'oldrulenumber'} > $fwdfwsettings{'rulepos'}){
e44fa079
AM		 2257 my %tmp=();
2258 my $val=$fwdfwsettings{'oldrulenumber'}-$fwdfwsettings{'rulepos'};
2259 for (my $z=0;$z<$val;$z++){
2260 foreach my $key (sort {$a <=> $b} keys %$hash){
2261 if ($key eq $fwdfwsettings{'oldrulenumber'}) {
2262 my $last = $key -1;
2263 if (exists $$hash{$last}){
2264 #save rule last
2265 foreach my $y (0 .. $#{$$hash{$last}}) {
2266 $tmp{0}[$y] = $$hash{$last}[$y];
2267 }
2268 #copy active rule to last
2269 foreach my $i (0 .. $#{$$hash{$last}}) {
2270 $$hash{$last}[$i] = $$hash{$key}[$i];
2271 }
2272 #copy saved rule to actual position
2273 foreach my $x (0 .. $#{$tmp{0}}) {
2274 $$hash{$key}[$x] = $tmp{0}[$x];
2da264ec
AM		 2275 }
2276 }
2277 }
2278 }
e44fa079
AM		 2279 $fwdfwsettings{'oldrulenumber'}--;
2280 }
2281 &General::writehasharray("$config", $hash);
0e430797 2282 &General::firewall_config_changed();
0918e516 2283 }elsif($fwdfwsettings{'rulepos'} > $fwdfwsettings{'oldrulenumber'}){
e44fa079
AM		 2284 my %tmp=();
2285 my $val=$fwdfwsettings{'rulepos'}-$fwdfwsettings{'oldrulenumber'};
2286 for (my $z=0;$z<$val;$z++){
2287 foreach my $key (sort {$a <=> $b} keys %$hash){
2288 if ($key eq $fwdfwsettings{'oldrulenumber'}) {
2289 my $next = $key + 1;
2290 if (exists $$hash{$next}){
2291 #save rule next
2292 foreach my $y (0 .. $#{$$hash{$next}}) {
2293 $tmp{0}[$y] = $$hash{$next}[$y];
2294 }
2295 #copy active rule to next
2296 foreach my $i (0 .. $#{$$hash{$next}}) {
2297 $$hash{$next}[$i] = $$hash{$key}[$i];
2298 }
2299 #copy saved rule to actual position
2300 foreach my $x (0 .. $#{$tmp{0}}) {
2301 $$hash{$key}[$x] = $tmp{0}[$x];
2da264ec
AM		 2302 }
2303 }
2304 }
2a81ab0d 2305 }
e44fa079 2306 $fwdfwsettings{'oldrulenumber'}++;
2a81ab0d
AM		 2307 }
2308 &General::writehasharray("$config", $hash);
0e430797 2309 &General::firewall_config_changed();
2a81ab0d
AM		 2310 }
2311 }
2312}
2a81ab0d
AM		 2313sub validremark
2314{
2315 # Checks a hostname against RFC1035
abb3cfcc 2316 my $remark = $_[0];
323923d9
MT		 2317
2318 # Try to decode $remark into UTF-8. If this doesn't work,
2319 # we assume that the string it not sane.
2320 if (!utf8::decode($remark)) {
2321 return 0;
2322 }
2323
2324 # Check if the string only contains of printable characters.
abb3cfcc
AM		 2325 if ($remark =~ /^[[:print:]]*$/) {
2326 return 1;
2327 }
2328 return 0;
2a81ab0d 2329}
3a162dc1
AM		 2330sub viewtablerule
2331{
15add1c8 2332 &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
c03d4a5e
MT		 2333
2334 &viewtablenew(\%configfwdfw, $configfwdfw, $Lang::tr{'firewall rules'});
2dd3aa93
MT		 2335 &viewtablenew(\%configinputfw, $configinput, $Lang::tr{'incoming firewall access'});
2336 &viewtablenew(\%configoutgoingfw, $configoutgoing, $Lang::tr{'outgoing firewall access'});
2a81ab0d
AM		 2337}
2338sub viewtablenew
2339{
2340 my $hash=shift;
2341 my $config=shift;
2342 my $title=shift;
7bd9d462 2343 my $go='';
c03d4a5e
MT		 2344
2345 my $show_box = (! -z $config) || ($optionsfw{'SHOWTABLES'} eq 'on');
2346 return if (!$show_box);
2347
15add1c8 2348 &General::get_aliases(\%aliases);
af768a7e 2349 &General::readhasharray("$confighost", \%customhost);
7bd9d462 2350 &General::readhasharray("$config", $hash);
d9b691e1
AM		 2351 &General::readhasharray("$configccdnet", \%ccdnet);
2352 &General::readhasharray("$configccdhost", \%ccdhost);
aeefcc9c
AM		 2353 &General::readhasharray("$configgrp", \%customgrp);
2354 &General::readhasharray("$configsrvgrp", \%customservicegrp);
c03d4a5e
MT		 2355
2356 &Header::openbox('100%', 'left', $title);
8d28e3d0 2357 print "<table width='100%' cellspacing='0' class='tbl'>";
c03d4a5e
MT		 2358
2359 if (! -z $config) {
2a81ab0d
AM		 2360 my $count=0;
2361 my ($gif,$log);
2362 my $ruletype;
2363 my $rulecolor;
2364 my $tooltip;
2365 my @tmpsrc=();
a15f7d0d 2366 my @tmptgt=();
2a81ab0d 2367 my $coloryellow='';
989d0fd7 2368
c03d4a5e 2369 print <<END;
989d0fd7
MT		 2370 <tr>
2371 <th align='right' width='3%'>
2372 #
2373 </th>
2374 <th width='2%'></th>
2375 <th align='center'>
2376 <b>$Lang::tr{'protocol'}</b>
2377 </th>
2378 <th align='center' width='30%'>
2379 <b>$Lang::tr{'fwdfw source'}</b>
2380 </th>
2381 <th align='center'>
daf400fa 2382 <b>$Lang::tr{'fwdfw log'}</b>
989d0fd7
MT		 2383 </th>
2384 <th align='center' width='30%'>
2385 <b>$Lang::tr{'fwdfw target'}</b>
2386 </th>
2387 <th align='center' colspan='6' width='18%'>
2388 <b>$Lang::tr{'fwdfw action'}</b>
2389 </th>
2390 </tr>
2391END
2392
62fc8511 2393 foreach my $key (sort {$a <=> $b} keys %$hash){
12a43202 2394 $tdcolor='';
2a81ab0d 2395 @tmpsrc=();
a15f7d0d 2396 @tmptgt=();
2a81ab0d
AM		 2397 #check if vpn hosts/nets have been deleted
2398 if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){
2399 push (@tmpsrc,$$hash{$key}[4]);
2400 }
2401 if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /ovpn/i){
a15f7d0d 2402 push (@tmptgt,$$hash{$key}[6]);
2a81ab0d 2403 }
2a81ab0d 2404 foreach my $host (@tmpsrc){
a15f7d0d 2405 if($$hash{$key}[3] eq 'ipsec_net_src'){
62fc8511 2406 if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
2a81ab0d 2407 $coloryellow='on';
2a81ab0d 2408 }
a15f7d0d 2409 }elsif($$hash{$key}[3] eq 'ovpn_net_src'){
2a81ab0d
AM		 2410 if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
2411 $coloryellow='on';
2a81ab0d 2412 }
a15f7d0d 2413 }elsif($$hash{$key}[3] eq 'ovpn_n2n_src'){
2a81ab0d
AM		 2414 if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
2415 $coloryellow='on';
2a81ab0d 2416 }
a15f7d0d
AM		 2417 }elsif($$hash{$key}[3] eq 'ovpn_host_src'){
2418 if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
2419 $coloryellow='on';
a15f7d0d
AM		 2420 }
2421 }
2422 }
2423 foreach my $host (@tmptgt){
2424 if($$hash{$key}[5] eq 'ipsec_net_tgt'){
2425 if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
2426 $coloryellow='on';
a15f7d0d
AM		 2427 }
2428 }elsif($$hash{$key}[5] eq 'ovpn_net_tgt'){
2429 if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
2430 $coloryellow='on';
a15f7d0d
AM		 2431 }
2432 }elsif($$hash{$key}[5] eq 'ovpn_n2n_tgt'){
2433 if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
2434 $coloryellow='on';
a15f7d0d
AM		 2435 }
2436 }elsif($$hash{$key}[5] eq 'ovpn_host_tgt'){
2a81ab0d
AM		 2437 if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
2438 $coloryellow='on';
2a81ab0d
AM		 2439 }
2440 }
2a81ab0d 2441 }
aeefcc9c
AM		 2442 #check if networkgroups or servicegroups are empty
2443 foreach my $netgroup (sort keys %customgrp){
2444 if(($$hash{$key}[4] eq $customgrp{$netgroup}[0] || $$hash{$key}[6] eq $customgrp{$netgroup}[0]) && $customgrp{$netgroup}[2] eq 'none'){
2445 $coloryellow='on';
aeefcc9c
AM		 2446 }
2447 }
2448 foreach my $srvgroup (sort keys %customservicegrp){
2449 if($$hash{$key}[15] eq $customservicegrp{$srvgroup}[0] && $customservicegrp{$srvgroup}[2] eq 'none'){
2450 $coloryellow='on';
aeefcc9c
AM		 2451 }
2452 }
2a81ab0d
AM		 2453 $$hash{'ACTIVE'}=$$hash{$key}[2];
2454 $count++;
2a81ab0d 2455 if($coloryellow eq 'on'){
a15f7d0d 2456 $color="$color{'color14'}";
2a81ab0d
AM		 2457 $coloryellow='';
2458 }elsif($coloryellow eq ''){
2459 if ($count % 2){
15add1c8 2460 $color="$color{'color22'}";
2a81ab0d
AM		 2461 }
2462 else{
15add1c8 2463 $color="$color{'color20'}";
2a81ab0d
AM		 2464 }
2465 }
2a81ab0d 2466 print<<END;
989d0fd7
MT		 2467 <tr bgcolor='$color'>
2468 <td align='right' width='3%'>
2469 <b>$key&nbsp;</b>
2470 </td>
2a81ab0d 2471END
989d0fd7 2472
a0fb1099 2473 #RULETYPE (A,R,D)
2a81ab0d
AM		 2474 if ($$hash{$key}[0] eq 'ACCEPT'){
2475 $ruletype='A';
2476 $tooltip='ACCEPT';
2477 $rulecolor=$color{'color17'};
2478 }elsif($$hash{$key}[0] eq 'DROP'){
2479 $ruletype='D';
2480 $tooltip='DROP';
2481 $rulecolor=$color{'color25'};
2482 }elsif($$hash{$key}[0] eq 'REJECT'){
2483 $ruletype='R';
2484 $tooltip='REJECT';
2485 $rulecolor=$color{'color16'};
2486 }
989d0fd7
MT		 2487
2488 print <<END;
2489 <td bgcolor='$rulecolor' align='center' width='2%'>
2490 <span title='$tooltip'>&nbsp;&nbsp;</span>
2491 </td>
2492END
2493
a0fb1099
AM		 2494 #Get Protocol
2495 my $prot;
fadcfb73 2496 if ($$hash{$key}[8]){
9c89c64d 2497 if ($$hash{$key}[8] eq "IPv6"){
39e360b2 2498 push (@protocols,$Lang::tr{'fwdfw prot41 short'})
9c89c64d
AM		 2499 }else{
2500 push (@protocols,$$hash{$key}[8]);
2501 }
a0fb1099
AM		 2502 }elsif($$hash{$key}[14] eq 'cust_srv'){
2503 &get_serviceports("service",$$hash{$key}[15]);
2504 }elsif($$hash{$key}[14] eq 'cust_srvgrp'){
2505 &get_serviceports("group",$$hash{$key}[15]);
2506 }else{
2507 push (@protocols,$Lang::tr{'all'});
2508 }
989d0fd7 2509
0626fac1 2510 my $protz=join(", ",@protocols);
90f8339a 2511 if($protz eq 'ICMP' && $$hash{$key}[9] ne 'All ICMP-Types' && $$hash{$key}[14] ne 'cust_srvgrp'){
a4c7bf6b
AM		 2512 &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
2513 foreach my $keyicmp (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
2514 if($$hash{$key}[9] eq "$icmptypes{$keyicmp}[0]"){
2515 print "<td align='center'><span title='$icmptypes{$keyicmp}[0]'><b>$protz ($icmptypes{$keyicmp}[1])</b></span></td>";
2516 last;
2517 }
2518 }
0626fac1
AM		 2519 }elsif($#protocols gt '3'){
2520 print"<td align='center'><span title='$protz'>$Lang::tr{'fwdfw many'}</span></td>";
a4c7bf6b
AM		 2521 }else{
2522 print"<td align='center'>$protz</td>";
2523 }
a0fb1099
AM		 2524 @protocols=();
2525 #SOURCE
d4cb89d2 2526 my $ipfireiface;
af768a7e 2527 &getcolor($$hash{$key}[3],$$hash{$key}[4],\%customhost);
85860aff 2528 print"<td align='center' width='30%' $tdcolor>";
d4cb89d2 2529 if ($$hash{$key}[3] eq 'ipfire_src'){
daf400fa 2530 $ipfireiface=$Lang::tr{'fwdfw iface'};
d4cb89d2 2531 }
2a81ab0d
AM		 2532 if ($$hash{$key}[3] eq 'std_net_src'){
2533 print &get_name($$hash{$key}[4]);
4f3bd0ca
AM		 2534 }elsif ($$hash{$key}[3] eq 'src_addr'){
2535 my ($split1,$split2) = split("/",$$hash{$key}[4]);
2536 if ($split2 eq '32'){
2537 print $split1;
2538 }else{
2539 print $$hash{$key}[4];
2540 }
43d8be09 2541 }elsif ($$hash{$key}[4] eq 'RED1'){
d4cb89d2 2542 print "$ipfireiface $Lang::tr{'fwdfw red'}";
2be048ce
AM		 2543 }elsif ($$hash{$key}[4] eq 'ALL'){
2544 print "$ipfireiface $Lang::tr{'all'}";
2a81ab0d 2545 }else{
2be048ce
AM		 2546 if ($$hash{$key}[4] eq 'GREEN' || $$hash{$key}[4] eq 'ORANGE' || $$hash{$key}[4] eq 'BLUE' || $$hash{$key}[4] eq 'RED'){
2547 print "$ipfireiface $Lang::tr{lc($$hash{$key}[4])}";
2548 }else{
2549 print "$ipfireiface $$hash{$key}[4]";
2550 }
2a81ab0d 2551 }
15add1c8 2552 $tdcolor='';
a0fb1099 2553 #SOURCEPORT
2a81ab0d 2554 &getsrcport(\%$hash,$key);
2669161d 2555 #Is this a SNAT rule?
ac9e77e3 2556 if ($$hash{$key}[31] eq 'snat' && $$hash{$key}[28] eq 'ON'){
f1934a05
AM		 2557 my $net=&get_name($$hash{$key}[29]);
2558 if ( ! $net){ $net=$$hash{$key}[29];}
2559 print"<br>->$net";
2669161d
AM		 2560 if ($$hash{$key}[30] ne ''){
2561 print": $$hash{$key}[30]";
2562 }
2563 }
2a81ab0d
AM		 2564 if ($$hash{$key}[17] eq 'ON'){
2565 $log="/images/on.gif";
2566 }else{
2567 $log="/images/off.gif";
2568 }
a0fb1099 2569 #LOGGING
2a81ab0d 2570 print<<END;
989d0fd7
MT		 2571 </td>
2572 <td align='center'>
2573 <form method='POST' action=''>
2574 <input type='image' img src='$log' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw togglelog'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;'/>
2575 <input type='hidden' name='key' value='$key' />
2576 <input type='hidden' name='config' value='$config' />
2577 <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw togglelog'}' />
2578 </form>
2579 </td>
2a81ab0d 2580END
a0fb1099 2581 #TARGET
af768a7e 2582 &getcolor($$hash{$key}[5],$$hash{$key}[6],\%customhost);
2a81ab0d 2583 print<<END;
989d0fd7 2584 <td align='center' $tdcolor>
2a81ab0d 2585END
2669161d 2586 #Is this a DNAT rule?
fd169d0a 2587 my $natstring;
ac9e77e3 2588 if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
95cda259 2589 if ($$hash{$key}[29] eq 'Default IP'){$$hash{$key}[29]=$Lang::tr{'red1'};}
fd169d0a
AM		 2590 if ($$hash{$key}[29] eq 'AUTO'){
2591 my @src_addresses=&fwlib::get_addresses(\%$hash,$key,'src');
2592 my @nat_ifaces;
2593 foreach my $val (@src_addresses){
896eb2d6 2594 push (@nat_ifaces,&fwlib::get_nat_address($$hash{$key}[29],$val));
fd169d0a
AM		 2595 }
2596 @nat_ifaces=&del_double(@nat_ifaces);
107060da 2597 $natstring = "";
fd169d0a 2598 }else{
107060da 2599 $natstring = "($$hash{$key}[29])";
fd169d0a 2600 }
107060da 2601 print "$Lang::tr{'firewall'} $natstring";
a6edca5a 2602 if($$hash{$key}[30] ne ''){
98cee89f 2603 $$hash{$key}[30]=~ tr/|/,/;
a6edca5a 2604 print": $$hash{$key}[30]";
2669161d 2605 }
989d0fd7 2606 print"<br>-&gt;";
2669161d 2607 }
0c733ab7 2608 if ($$hash{$key}[5] eq 'std_net_tgt' || $$hash{$key}[5] eq 'ipfire'){
cb4439f3 2609 if ($$hash{$key}[6] eq 'RED1'){
0c733ab7 2610 print "$Lang::tr{'red1'}";
d8afe3e2 2611 }elsif ($$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq 'ORANGE' || $$hash{$key}[6] eq 'BLUE'|| $$hash{$key}[6] eq 'ALL' || $$hash{$key}[6] eq 'RED')
cb4439f3 2612 {
0c733ab7 2613 print &get_name($$hash{$key}[6]);
05d4f131 2614 }else{
b044bb05 2615 print $$hash{$key}[6];
05d4f131 2616 }
4f3bd0ca
AM		 2617 }elsif ($$hash{$key}[5] eq 'tgt_addr'){
2618 my ($split1,$split2) = split("/",$$hash{$key}[6]);
2619 if ($split2 eq '32'){
2620 print $split1;
2621 }else{
2622 print $$hash{$key}[6];
2623 }
2a81ab0d 2624 }else{
cb4439f3 2625 print "$$hash{$key}[6]";
2a81ab0d 2626 }
12a43202 2627 $tdcolor='';
a0fb1099 2628 #TARGETPORT
2a81ab0d 2629 &gettgtport(\%$hash,$key);
93a5f4a5 2630 print"</td>";
a0fb1099 2631 #RULE ACTIVE
2a81ab0d
AM		 2632 if($$hash{$key}[2] eq 'ON'){
2633 $gif="/images/on.gif"
2634
2635 }else{
2636 $gif="/images/off.gif"
2a81ab0d
AM		 2637 }
2638 print<<END;
989d0fd7
MT		 2639 <td width='3%' align='center'>
2640 <form method='POST' action=''>
2641 <input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
2642 <input type='hidden' name='key' value='$key' />
2643 <input type='hidden' name='config' value='$config' />
2644 <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw toggle'}' />
2645 </form>
2646 </td>
2647 <td width='3%' align='center'>
2648 <form method='POST' action=''>
2649 <input type='image' img src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'fwdfw edit'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
2650 <input type='hidden' name='key' value='$key' />
2651 <input type='hidden' name='config' value='$config' />
2652 <input type='hidden' name='ACTION' value='editrule' />
2653 </form>
2654 </td>
2655 <td width='3%' align='center'>
2656 <form method='POST' action=''>
2657 <input type='image' img src='/images/addblue.gif' alt='$Lang::tr{'fwdfw copy'}' title='$Lang::tr{'fwdfw copy'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
2658 <input type='hidden' name='key' value='$key' />
2659 <input type='hidden' name='config' value='$config' />
2660 <input type='hidden' name='ACTION' value='copyrule' />
2661 </form>
2662 </td>
2663 <td width='3%' align='center'>
2664 <form method='POST' action=''>
2665 <input type='image' img src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'fwdfw delete'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
2666 <input type='hidden' name='key' value='$key' />
2667 <input type='hidden' name='config' value='$config' />
2668 <input type='hidden' name='ACTION' value='deleterule' />
2669 </form>
2670 </td>
2a81ab0d
AM		 2671END
2672 if (exists $$hash{$key-1}){
2673 print<<END;
989d0fd7
MT		 2674 <td width='3%' align='center'>
2675 <form method='POST' action=''>
2676 <input type='image' img src='/images/up.gif' alt='$Lang::tr{'fwdfw moveup'}' title='$Lang::tr{'fwdfw moveup'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
2677 <input type='hidden' name='key' value='$key' />
2678 <input type='hidden' name='config' value='$config' />
2679 <input type='hidden' name='ACTION' value='moveup' />
2680 </form>
2681 </td>
2a81ab0d
AM		 2682END
2683 }else{
989d0fd7 2684 print"<td width='3%'></td>";
2a81ab0d 2685 }
989d0fd7 2686
2a81ab0d
AM		 2687 if (exists $$hash{$key+1}){
2688 print<<END;
989d0fd7
MT		 2689 <td width='3%' align='center'>
2690 <form method='POST' action=''>
2691 <input type='image' img src='/images/down.gif' alt='$Lang::tr{'fwdfw movedown'}' title='$Lang::tr{'fwdfw movedown'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
2692 <input type='hidden' name='key' value='$key' />
2693 <input type='hidden' name='config' value='$config' />
2694 <input type='hidden' name='ACTION' value='movedown' />
2695 </form>
2696 </td>
2697 </tr>
2a81ab0d
AM		 2698END
2699 }else{
989d0fd7 2700 print"<td width='3%'></td></tr>";
2a81ab0d 2701 }
15add1c8 2702 #REMARK
3b2ad4a1 2703 if ($optionsfw{'SHOWREMARK'} eq 'on' && $$hash{$key}[16] ne ''){
989d0fd7
MT		 2704 print <<END;
2705 <tr bgcolor='$color'>
2706 <td>&nbsp;</td>
2707 <td bgcolor='$rulecolor'></td>
2708 <td colspan='10'>
2709 &nbsp; <em>$$hash{$key}[16]</em>
2710 </td>
2711 </tr>
2712END
3b2ad4a1 2713 }
989d0fd7 2714
3b2ad4a1 2715 if ($$hash{$key}[18] eq 'ON'){
533a2da3
AM		 2716 #TIMEFRAME
2717 if ($$hash{$key}[18] eq 'ON'){
2718 my @days=();
2719 if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});}
2720 if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});}
2721 if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});}
2722 if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});}
2723 if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});}
2724 if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});}
2725 if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});}
2726 my $weekdays=join(",",@days);
2727 if (@days){
3b2ad4a1 2728 print"<tr bgcolor='$color'>";
989d0fd7 2729 print"<td>&nbsp;</td><td bgcolor='$rulecolor'></td><td align='left' colspan='10'>&nbsp; $weekdays &nbsp; $$hash{$key}[26] - $$hash{$key}[27]</td></tr>";
533a2da3 2730 }
3b2ad4a1 2731 }
96502a5a 2732 }
533a2da3 2733 print"<tr bgcolor='FFFFFF'><td colspan='13' height='1'></td></tr>";
2a81ab0d 2734 }
c03d4a5e
MT		 2735 } elsif ($optionsfw{'SHOWTABLES'} eq 'on') {
2736 print <<END;
2737 <tr>
2738 <td colspan='7' height='30' bgcolor=$color{'color22'} align='center'>$Lang::tr{'fwhost empty'}</td>
2739 </tr>
2740END
2741 }
2742
2743 #SHOW FINAL RULE
2744 my $policy = 'fwdfw ' . $fwdfwsettings{'POLICY'};
2745 my $colour = "bgcolor='green'";
2746 if ($fwdfwsettings{'POLICY'} eq 'MODE1') {
2747 $colour = "bgcolor='darkred'";
2748 }
2749
2750 my $message;
2751 if (($config eq '/var/ipfire/firewall/config') && ($fwdfwsettings{'POLICY'} ne 'MODE1')) {
2752 print <<END;
2753 <tr>
2754 <td colspan='13'>&nbsp;</td>
2755 </tr>
2756 <tr>
ec56a539 2757 <td colspan='13' style="padding-left:0px;padding-right:0px">
c03d4a5e
MT		 2758 <table width="100%" border='1' rules="cols" cellspacing='0'>
2759END
2760
2761 # GREEN
2762 print <<END;
2763 <tr>
2764 <td align='center'>
2765 <font color="$Header::colourgreen">$Lang::tr{'green'}</font>
2766 </td>
2767 <td align='center'>
2768 <font color="$Header::colourred">$Lang::tr{'red'}</font>
2769 ($Lang::tr{'fwdfw pol allow'})
2770 </td>
2771END
2772
2773 if (&Header::orange_used()) {
2774 print <<END;
2775 <td align='center'>
2776 <font color="$Header::colourorange">$Lang::tr{'orange'}</font>
2777 ($Lang::tr{'fwdfw pol allow'})
2778 </td>
2779END
2af92cf5 2780 }
c03d4a5e
MT		 2781
2782 if (&Header::blue_used()) {
2783 print <<END;
2784 <td align='center'>
2785 <font color="$Header::colourblue">$Lang::tr{'blue'}</font>
2786 ($Lang::tr{'fwdfw pol allow'})
2787 </td>
2788END
515863e2 2789 }
a6485463 2790
cb051c57 2791 print"</tr>";
c03d4a5e
MT		 2792
2793 # ORANGE
2794 if (&Header::orange_used()) {
2795 print <<END;
2796 <tr>
2797 <td align='center' width='20%'>
2798 <font color="$Header::colourorange">$Lang::tr{'orange'}</font>
2799 </td>
2800 <td align='center'>
2801 <font color="$Header::colourred">$Lang::tr{'red'}</font>
2802 ($Lang::tr{'fwdfw pol allow'})
2803 </td>
2804 <td align='center'>
2805 <font color="$Header::colourgreen">$Lang::tr{'green'}</font>
2806 ($Lang::tr{'fwdfw pol block'})
2807 </td>
2808END
2809
2810 if (&Header::blue_used()) {
2811 print <<END;
2812 <td align='center'>
2813 <font color="$Header::colourblue">$Lang::tr{'blue'}</font>
2814 ($Lang::tr{'fwdfw pol block'})
2815 </td>
2816END
2817 }
2818
cb051c57
AM		 2819 print"</tr>";
2820 }
c03d4a5e
MT		 2821
2822 if (&Header::blue_used()) {
2823 print <<END;
2824 <tr>
2825 <td align='center'>
12b901f8 2826 <font color="$Header::colourblue">$Lang::tr{'blue'}</font>
c03d4a5e
MT		 2827 </td>
2828 <td align='center'>
2829 <font color="$Header::colourred">$Lang::tr{'red'}</font>
2830 ($Lang::tr{'fwdfw pol allow'})
2831 </td>
2832END
2833
2834 if (&Header::orange_used()) {
2835 print <<END;
2836 <td align='center'>
2837 <font color="$Header::colourorange">$Lang::tr{'orange'}</font>
2838 ($Lang::tr{'fwdfw pol block'})
2839 </td>
3e5e8a4a
MT		 2840END
2841 }
2842
2843 print <<END;
c03d4a5e
MT		 2844 <td align='center'>
2845 <font color="$Header::colourgreen">$Lang::tr{'green'}</font>
2846 ($Lang::tr{'fwdfw pol block'})
2847 </td>
3e5e8a4a 2848 </tr>
c03d4a5e 2849END
cb051c57 2850 }
c03d4a5e
MT		 2851
2852 print <<END;
2853 </table>
2854 </td>
2855 </tr>
2856END
2857
2858 $message = $Lang::tr{'fwdfw pol allow'};
2859
35ca8e02 2860 } elsif ($config eq '/var/ipfire/firewall/outgoing' && ($fwdfwsettings{'POLICY1'} ne 'MODE1')) {
c03d4a5e 2861 $message = $Lang::tr{'fwdfw pol allow'};
35ca8e02 2862 $colour = "bgcolor='green'";
c03d4a5e
MT		 2863 } else {
2864 $message = $Lang::tr{'fwdfw pol block'};
2865 $colour = "bgcolor='darkred'";
2866 }
2867
2868 if ($message) {
2869 print <<END;
2870 <tr>
2871 <td $colour align='center' colspan='13'>
2872 <font color='#FFFFFF'>$Lang::tr{'policy'}: $message</font>
2873 </td>
2874 </tr>
2875END
cb051c57 2876 }
c03d4a5e
MT		 2877
2878 print "</table>";
2879 print "<br>";
2880
2881 &Header::closebox();
a6485463 2882}
c03d4a5e
MT		 2883
2884&Header::closebigbox();
2885&Header::closepage();
Stefan's tree of IPFire 2.x.