&General::readhash("${General::swroot}/firewall/settings", \%fwdfwsettings);
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
-&General::readhash($fwoptions, \%optionsfw);
+&General::readhash($fwoptions, \%optionsfw);
&General::readhash($ifacesettings, \%ifaces);
&General::readhash("$configovpn", \%ovpnsettings);
&General::readhash("$configipsecrw", \%ipsecsettings);
&General::readhasharray("$configfwdfw", \%configfwdfw);
&General::readhasharray("$configinput", \%configinputfw);
&General::readhasharray("$configoutgoing", \%configoutgoingfw);
+ &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
my $maxkey;
#Set Variables according to the JQuery code in protocol section
if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP')
{
$fwdfwsettings{'USESRV'} = 'ON';
}
+
+ # Check if a manual target IP is one of the IPFire's addresses.
+ if ($fwdfwsettings{'grp2'} eq 'tgt_addr') {
+ # Grab all available network zones.
+ my @network_zones = &Network::get_available_network_zones();
+
+ # Loop through the array of network zones.
+ foreach my $zone (@network_zones) {
+ # Skip red network zone.
+ next if $zone eq "red";
+
+ # Convert current zone name into upper case.
+ $zone = uc($zone);
+
+ # Generate key to access the required data from the netsettings hash.
+ my $key = $zone . "_ADDRESS";
+
+ # Obtain the configured address for the current zone from the netsettings hash.
+ my $zone_address = $netsettings{$key};
+
+ # Check if the given address and the current processed zone address are the same.
+ if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $zone_address) {
+ # Map the type and target.
+ $fwdfwsettings{'grp2'} = 'ipfire';
+ $fwdfwsettings{$fwdfwsettings{'grp2'}} = $zone;
+
+ # End loop.
+ last;
+ }
+ }
+ }
+
$errormessage=&checksource;
if(!$errormessage){&checktarget;}
if(!$errormessage){&checkrule;}
$errormessage=$Lang::tr{'fwdfw err same'};
}
# INPUT part
- if ($fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE'){
+ if ($fwdfwsettings{'grp2'} eq 'ipfire') {
$fwdfwsettings{'config'}=$configinput;
$fwdfwsettings{'chain'} = 'INPUTFW';
$maxkey=&General::findhasharraykey(\%configinputfw);
if (&General::validport($_)){
push (@values,$_);
}else{
-
+
}
}
}
#check DNAT settings (has to be single Host and single Port or portrange)
if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){
if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){
+ # Check if a manual entered IP is a single Host (if set)
+ if ($fwdfwsettings{'grp2'} eq 'tgt_addr') {
+ # Split input into address and prefix (if provided).
+ my ($address, $subnet) = split ('/', $fwdfwsettings{$fwdfwsettings{'grp2'}});
+
+ # Check if a subnet is given.
+ if ($subnet) {
+ # Check if the prefix or subnetmask is for a single host.
+ unless ($subnet eq "32" || $subnet eq "255.255.255.255") {
+ # Set error message.
+ $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
+
+ # Return the error.
+ return $errormessage;
+ }
+ }
+ }
+
#check if Port is a single Port or portrange
if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
if(($fwdfwsettings{'PROT'} ne 'TCP'|| $fwdfwsettings{'PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){
&General::readhasharray("$confighost", \%customhost);
foreach my $grpkey (sort keys %customgrp){
foreach my $hostkey (sort keys %customhost){
- if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customgrp{$grpkey}[2] eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $customhost{$hostkey}[1] eq 'mac'){
+ if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customgrp{$grpkey}[0] eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $customhost{$hostkey}[1] eq 'mac'){
$hint=$Lang::tr{'fwdfw hint mac'};
return $hint;
}
if (&General::validport($_)){
push (@values,$_);
}else{
-
+
}
}
}
# A Test if manual ip is part of dynamic openvpn subnet is made in getcolor
# because if one creates a custom host with the ip, we need to check the color there!
# It does not make sense to check this here
-
+
# Test if manual IP is part of an OpenVPN N2N subnet does also not make sense here
# Is also checked in getcolor
-
+
# Test if manual ip is part of an IPsec Network is also checked in getcolor
return 1;
}
sub checkvpncolor
{
-
+
}
sub deleterule
{
my $grp=shift;
my $helper='';
my $show='';
+
+ my %checked = ();
+ my %selected = ();
+
$checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
$checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
$checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
{
next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
print "<option value='$defaultNetworks{$network}{'NAME'}'";
- print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $defaultNetworks{$network}{'NAME'});
+
+ # Check if the the key handles a standard network.
+ if ( grep(/std_net_/, $fwdfwsettings{$grp}) ) {
+ print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $defaultNetworks{$network}{'NAME'});
+ }
+
my $defnet="$defaultNetworks{$network}{'NAME'}_NETADDRESS";
my $defsub="$defaultNetworks{$network}{'NAME'}_NETMASK";
my $defsub1=&General::subtocidr($ifaces{$defsub});
print"<tr><td valign='top'><input type='radio' name='$grp' id='ipsec_net_$srctgt' value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' style='width:200px;'><select></td></tr>";
}
if ($show eq '1'){$show='';print"</select></td></tr>";}
-
+
print"</table>";
print"</td></tr></table><br>";
}
&General::readhasharray("$configlocationgrp", \%customlocationgrp);
&General::readhasharray("$configipsec", \%ipsecconf);
&General::get_aliases(\%aliases);
- my %checked=();
+
+ my %checked = ();
+ my %selected = ();
+
my $helper;
my $sum=0;
if($fwdfwsettings{'config'} eq ''){$fwdfwsettings{'config'}=$configfwdfw;}
$checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED';
$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
- $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
- $selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
+ $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} = 'selected' if ($fwdfwsettings{'grp2'} eq "ipfire");
+ $selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} = 'selected' if ($fwdfwsettings{'grp1'} eq "ipfire_src");
#check if update and get values
if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){
&General::readhasharray("$config", \%hash);
$fwdfwsettings{'RULE_ACTION'} = $hash{$key}[0];
$fwdfwsettings{'chain'} = $hash{$key}[1];
$fwdfwsettings{'ACTIVE'} = $hash{$key}[2];
- $fwdfwsettings{'grp1'} = $hash{$key}[3];
- $fwdfwsettings{$fwdfwsettings{'grp1'}} = $hash{$key}[4];
- $fwdfwsettings{'grp2'} = $hash{$key}[5];
- $fwdfwsettings{$fwdfwsettings{'grp2'}} = $hash{$key}[6];
+ $fwdfwsettings{'grp1'} = $hash{$key}[3];
+ $fwdfwsettings{$fwdfwsettings{'grp1'}} = $hash{$key}[4];
+ $fwdfwsettings{'grp2'} = $hash{$key}[5];
+ $fwdfwsettings{$fwdfwsettings{'grp2'}} = $hash{$key}[6];
$fwdfwsettings{'USE_SRC_PORT'} = $hash{$key}[7];
$fwdfwsettings{'PROT'} = $hash{$key}[8];
$fwdfwsettings{'ICMP_TYPES'} = $hash{$key}[9];
$checked{'RATE_LIMIT'}{$fwdfwsettings{'RATE_LIMIT'}} = 'CHECKED';
$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
- $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
- $selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
+ $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} = 'selected' if ($fwdfwsettings{'grp2'} eq "ipfire");
+ $selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} = 'selected' if ($fwdfwsettings{'grp1'} eq "ipfire_src");
$selected{'dnat'}{$fwdfwsettings{'dnat'}} ='selected';
$selected{'snat'}{$fwdfwsettings{'snat'}} ='selected';
$selected{'RATETIME'}{$fwdfwsettings{'RATETIME'}} ='selected';
if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
$fwdfwsettings{'oldorange'} ='on';
}
- }
+ }
}
# Split manual source and target address and delete the subnet
my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
#---TARGET------------------------------------------------------
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'});
print<<END;
- <table width='100%' border='0'>
+ <table width='100%' border='0'>
<tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr' checked></td><td width='60%' nowrap='nowrap'>$Lang::tr{'fwdfw targetip'}<input type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16' maxlength='18'><td width='1%'><input type='radio' name='grp2' id='ipfire' value='ipfire' $checked{'grp2'}{'ipfire'}></td><td><b>Firewall</b></td>
END
print"<td align='right'><select name='ipfire' style='width:200px;'>";
print"<tr><td width='12%'>$Lang::tr{'remark'}:</td><td width='88%' align='left'><input type='text' name='ruleremark' maxlength='255' value='$fwdfwsettings{'ruleremark'}' style='width:99%;'></td></tr>";
if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on'){
print "<tr><td width='12%'>$Lang::tr{'fwdfw rulepos'}:</td><td><select name='rulepos' >";
- for (my $count =1; $count <= $sum; $count++){
+ for (my $count =1; $count <= $sum; $count++){
print"<option value='$count' ";
print"selected='selected'" if($fwdfwsettings{'oldrulenumber'} eq $count);
print">$count</option>";
print "<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n";
}
}
- print<<END;
+ print<<END;
</select> ‐
<select name='TIME_TO'>
END
$color="$color{'color14'}";
$coloryellow='';
}elsif($coloryellow eq ''){
- if ($count % 2){
+ if ($count % 2){
$color="$color{'color22'}";
}
else{