&General::readhasharray("$configipsec", \%ipsecconf);
&Header::showhttpheaders();
&Header::getcgihash(\%fwdfwsettings);
-&Header::openpage($Lang::tr{'fwdfw menu'}, 1, '');
+&Header::openpage($Lang::tr{'firewall rules'}, 1, '');
&Header::openbigbox('100%', 'center',$errormessage);
#### JAVA SCRIPT ####
print<<END;
}
}
}else{
- $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
- return $errormessage;
+ if ($fwdfwsettings{'grp2'} ne 'ipfire'){
+ $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
+ return $errormessage;
+ }
}
}
if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){
&base;
}
}
+sub del_double
+{
+ my %all=();
+ @all{@_}=1;
+ return (keys %all);
+}
sub disable_rule
{
my $key1=shift;
my $name=shift;
&General::readhasharray("$configsrv", \%customservice);
&General::readhasharray("$configsrvgrp", \%customservicegrp);
- my $tcp;
- my $udp;
- my $icmp;
@protocols=();
+ my @specprot=("IPIP","IPV6","IGMP","GRE","AH","ESP");
if($type eq 'service'){
foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
if ($customservice{$key}[0] eq $name){
}elsif($type eq 'group'){
foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){
if ($customservicegrp{$key}[0] eq $name){
- foreach my $key1 (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
- if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
- if($customservice{$key1}[2] eq 'TCP'){
- $tcp='TCP';
- }elsif($customservice{$key1}[2] eq 'ICMP'){
- $icmp='ICMP';
- }elsif($customservice{$key1}[2] eq 'UDP'){
- $udp='UDP';
+ if ($customservicegrp{$key}[2] ~~ @specprot){
+ push (@protocols," ".$customservicegrp{$key}[2]);
+ }else{
+ foreach my $key1 (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
+ if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
+ if (!grep(/$customservice{$key1}[2]/, @protocols)){
+ push (@protocols,$customservice{$key1}[2]);}
}
}
}
}
}
}
- if($tcp && $udp && $icmp){
- push (@protocols,"TCP,UDP, <br>ICMP");
- return @protocols;
- }
- if($tcp){
- push (@protocols,"TCP");
- }
- if($udp){
- push (@protocols,"UDP");
- }
- if($icmp){
- push (@protocols,"ICMP");
- }
+
+ # Sort protocols alphabetically.
+ @protocols = sort(@protocols);
+
return @protocols;
}
sub getcolor
return;
}elsif($val =~ /^(.*?)\/(.*?)$/){
my ($sip,$scidr) = split ("/",$val);
- if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
+ if ( &Header::orange_used() && &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
$tdcolor="style='background-color: $Header::colourorange;color:white;'";
return;
}
$tdcolor="style='background-color: $Header::colourgreen;color:white;'";
return;
}
- if ( &General::IpInSubnet($sip,$netsettings{'BLUE_ADDRESS'},$netsettings{'BLUE_NETMASK'})){
+ if ( &Header::blue_used() && &General::IpInSubnet($sip,$netsettings{'BLUE_ADDRESS'},$netsettings{'BLUE_NETMASK'})){
$tdcolor="style='background-color: $Header::colourblue;color:white;'";
return;
}
}
#Check if IP is part of a IPsec N2N network
foreach my $key (sort keys %ipsecconf){
- my ($a,$b) = split("/",$ipsecconf{$key}[11]);
- $b=&General::iporsubtodec($b);
- if (&General::IpInSubnet($c,$a,$b)){
- $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
- return;
+ if ($ipsecconf{$key}[11]){
+ my ($a,$b) = split("/",$ipsecconf{$key}[11]);
+ $b=&General::iporsubtodec($b);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
+ return;
+ }
}
}
}
$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
$selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
+ $selected{'dnat'}{$fwdfwsettings{'dnat'}} ='selected';
+ $selected{'snat'}{$fwdfwsettings{'snat'}} ='selected';
}
}
$fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'};
if (! -z "${General::swroot}/ethernet/aliases"){
foreach my $alias (sort keys %aliases)
{
- print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
+ print "<option value='$alias' $selected{'ipfire_src'}{$alias}>$alias ($aliases{$alias}{'IPT'})</option>";
}
}
print<<END;
<td width='30%'>
<select name='dnat' style='width: 100%;'>
<option value='AUTO' $selected{'dnat'}{'AUTO'}>- $Lang::tr{'automatic'} -</option>
- <option value='Default IP' $selected{'dnat'}{'Default IP'}>$Lang::tr{'red1'} ($netsettings{'RED_ADDRESS'})</option>
+ <option value='Default IP' $selected{'dnat'}{'Default IP'}>$Lang::tr{'red1'} ($redip)</option>
END
if (%aliases) {
foreach my $alias (sort keys %aliases) {
if (! -z "${General::swroot}/ethernet/aliases"){
foreach my $alias (sort keys %aliases)
{
- print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
+ print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias ($aliases{$alias}{'IPT'})</option>";
}
}
print<<END;
&General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
&viewtablenew(\%configfwdfw, $configfwdfw, $Lang::tr{'firewall rules'});
- &viewtablenew(\%configinputfw, $configinput, $Lang::tr{'external access'});
- &viewtablenew(\%configoutgoingfw, $configoutgoing, $Lang::tr{'outgoing firewall'});
+ &viewtablenew(\%configinputfw, $configinput, $Lang::tr{'incoming firewall access'});
+ &viewtablenew(\%configoutgoingfw, $configoutgoing, $Lang::tr{'outgoing firewall access'});
}
sub viewtablenew
{
push (@protocols,$Lang::tr{'all'});
}
- my $protz=join(",",@protocols);
+ my $protz=join(", ",@protocols);
if($protz eq 'ICMP' && $$hash{$key}[9] ne 'All ICMP-Types' && $$hash{$key}[14] ne 'cust_srvgrp'){
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
foreach my $keyicmp (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
last;
}
}
+ }elsif($#protocols gt '3'){
+ print"<td align='center'><span title='$protz'>$Lang::tr{'fwdfw many'}</span></td>";
}else{
print"<td align='center'>$protz</td>";
}
<td align='center' $tdcolor>
END
#Is this a DNAT rule?
+ my $natstring;
if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
- print "Firewall ($$hash{$key}[29])";
+ if ($$hash{$key}[29] eq 'Default IP'){$$hash{$key}[29]=$Lang::tr{'red1'};}
+ if ($$hash{$key}[29] eq 'AUTO'){
+ my @src_addresses=&fwlib::get_addresses(\%$hash,$key,'src');
+ my @nat_ifaces;
+ foreach my $val (@src_addresses){
+ push (@nat_ifaces,&fwlib::get_nat_address($$hash{$key}[29],$val));
+ }
+ @nat_ifaces=&del_double(@nat_ifaces);
+ $natstring = "";
+ }else{
+ $natstring = "($$hash{$key}[29])";
+ }
+ print "$Lang::tr{'firewall'} $natstring";
if($$hash{$key}[30] ne ''){
$$hash{$key}[30]=~ tr/|/,/;
print": $$hash{$key}[30]";