#use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
+require '/var/ipfire/network-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
require "${General::swroot}/geoip-functions.pl";
$checkorange='on';
}
}
- #check useless rules
- if( ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on') && $fwdfwsettings{'grp2'} eq 'ipfire'){
- $errormessage.=$Lang::tr{'fwdfw useless rule'}."<br>";
- }
#check if we try to break rules
if( $fwdfwsettings{'grp1'} eq 'ipfire_src' && $fwdfwsettings{'grp2'} eq 'ipfire'){
$errormessage=$Lang::tr{'fwdfw err same'};
}
}
if ($fwdfwsettings{'isip'} eq 'on'){
+ #remove leading zero
+ $ip = &Network::ip_remove_zero($ip);
+
##check if ip is valid
if (! &General::validip($ip)){
$errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
#check DNAT settings (has to be single Host and single Port or portrange)
if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){
if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){
- #check if manual ip is a single Host (if set)
- if ($fwdfwsettings{'grp2'} eq 'tgt_addr'){
- my @tmp= split (/\./,$fwdfwsettings{$fwdfwsettings{'grp2'}});
- my @tmp1= split ("/",$tmp[3]);
- if (($tmp1[0] eq "0") || ($tmp1[0] eq "255"))
- {
- $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
- return $errormessage;
- }
- }
#check if Port is a single Port or portrange
if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
if(($fwdfwsettings{'PROT'} ne 'TCP'|| $fwdfwsettings{'PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){
($ip,$subnet)=split (/\//,$fwdfwsettings{'tgt_addr'});
$subnet = &General::iporsubtocidr($subnet);
}
+
#check if only ip
if($fwdfwsettings{'tgt_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
$ip=$fwdfwsettings{'tgt_addr'};
$subnet='32';
}
+ #remove leading zero
+ $ip = &Network::ip_remove_zero($ip);
+
#check if ip is valid
if (! &General::validip($ip)){
$errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
&General::readhasharray("$confighost", \%customhost);
foreach my $grpkey (sort keys %customgrp){
foreach my $hostkey (sort keys %customhost){
- if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customhost{$hostkey}[1] eq 'mac'){
+ if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customgrp{$grpkey}[2] eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $customhost{$hostkey}[1] eq 'mac'){
$hint=$Lang::tr{'fwdfw hint mac'};
return $hint;
}
#IPsec netze
foreach my $key (sort { ncmp($ipsecconf{$a}[1],$ipsecconf{$b}[1]) } keys %ipsecconf) {
if ($ipsecconf{$key}[3] eq 'net' || ($optionsfw{'SHOWDROPDOWN'} eq 'on' && $ipsecconf{$key}[3] ne 'host')){
- print"<tr><td valign='top'><input type='radio' name='$grp' value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' style='width:200px;'>" if ($show eq '');
+ print"<tr><td valign='top'><input type='radio' name='$grp' id='ipsec_net_$srctgt' value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' style='width:200px;'>" if ($show eq '');
$show='1';
+
+ #Check if we have more than one REMOTE subnet in config
+ my @arr1 = split /\|/, $ipsecconf{$key}[11];
+ my $cnt1 += @arr1;
+
print "<option ";
- print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $ipsecconf{$key}[1]);
- print ">$ipsecconf{$key}[1]</option>";
+ print "value=$ipsecconf{$key}[1]";
+ print " selected " if ($fwdfwsettings{$fwdfwsettings{$grp}} eq "$ipsecconf{$key}[1]");
+ print ">$ipsecconf{$key}[1] ";
+ print "($Lang::tr{'fwdfw all subnets'})" if $cnt1 > 1; #If this Conenction has more than one subnet, print one option for all subnets
+ print "</option>";
+
+ if ($cnt1 > 1){
+ foreach my $val (@arr1){
+ #normalize subnet to cidr notation
+ my ($val1,$val2) = split /\//, $val;
+ my $val3 = &General::iporsubtocidr($val2);
+ print "<option ";
+ print "value='$ipsecconf{$key}[1]|$val1/$val3'";
+ print "selected " if ($fwdfwsettings{$fwdfwsettings{$grp}} eq "$ipsecconf{$key}[1]|$val1/$val3");
+ print ">$ipsecconf{$key}[1] ($val1/$val3)</option>";
+ }
+ }
}
}
if($optionsfw{'SHOWDROPDOWN'} eq 'on' && $show eq ''){
#SOURCE
my $ipfireiface;
&getcolor($$hash{$key}[3],$$hash{$key}[4],\%customhost);
+ # Check SRC Host and replace "|" with space
+ if ($$hash{$key}[4] =~ /\|/){
+ $$hash{$key}[4] =~ s/\|/ (/g;
+ $$hash{$key}[4] = $$hash{$key}[4].")";
+ }
print"<td align='center' width='30%' $tdcolor>";
if ($$hash{$key}[3] eq 'ipfire_src'){
$ipfireiface=$Lang::tr{'fwdfw iface'};
print<<END;
<td align='center' $tdcolor>
END
+ # Check TGT Host and replace "|" with space
+ if ($$hash{$key}[6] =~ /\|/){
+ $$hash{$key}[6] =~ s/\|/ (/g;
+ $$hash{$key}[6] = $$hash{$key}[6].")";
+ }
#Is this a DNAT rule?
my $natstring;
if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){