###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2011 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
-# New function for forwarding firewall. To make it comfortable to create #
-# rules, we need "spelling names" for single Hosts. If you have any questions #
-# <amarx@ipfire.org> #
-###############################################################################
use strict;
# enable only the following on debugging purpose
-use warnings;
+#use warnings;
+
use Sort::Naturally;
use CGI::Carp 'fatalsToBrowser';
no warnings 'uninitialized';
my %ipsecsettings=();
my %fwfwd=();
my %fwinp=();
+my %fwout=();
+my %ovpnsettings=();
+my %netsettings=();
my $errormessage;
my $hint;
my $configipsec = "${General::swroot}/vpn/config";
my $configsrv = "${General::swroot}/fwhosts/customservices";
my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
-my $fwconfigfwd = "${General::swroot}/forward/config";
-my $fwconfiginp = "${General::swroot}/forward/input";
+my $fwconfigfwd = "${General::swroot}/firewall/config";
+my $fwconfiginp = "${General::swroot}/firewall/input";
+my $fwconfigout = "${General::swroot}/firewall/outgoing";
+my $configovpn = "${General::swroot}/ovpn/settings";
+my $tdcolor='';
+my $configipsecrw = "${General::swroot}/vpn/settings";
unless (-e $confignet) { system("touch $confignet"); }
unless (-e $confighost) { system("touch $confighost"); }
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
&General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
+&General::readhash("$configovpn", \%ovpnsettings);
+&General::readhasharray("$configipsec", \%ipsecconf);
+&General::readhash("$configipsecrw", \%ipsecsettings);
+&General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
&Header::getcgihash(\%fwhostsettings);
&Header::showhttpheaders();
-&Header::openpage($Lang::tr{'fwhost hosts'}, 1, '');
+&Header::openpage($Lang::tr{'fwhost menu'}, 1, '');
&Header::openbigbox('100%', 'center');
#### JAVA SCRIPT ####
print<<END;
<script>
+ var PROTOCOLS_WITH_PORTS = ["TCP", "UDP"];
+ var update_protocol = function() {
+ var protocol = \$("#protocol").val();
+
+ if (protocol === undefined)
+ return;
+
+ // Check if we are dealing with a protocol, that knows ports.
+ if (\$.inArray(protocol, PROTOCOLS_WITH_PORTS) >= 0) {
+ \$("#PORT").show();
+ \$("#PROTOKOLL").hide();
+ } else {
+ \$("#PORT").hide();
+ \$("#PROTOKOLL").show();
+ }
+ };
+
\$(document).ready(function() {
+ var protocol = \$("#protocol").val();
+ \$("#protocol").change(update_protocol);
+ update_protocol();
// Automatically select radio buttons when corresponding
// dropdown menu changes.
\$("select").change(function() {
var id = \$(this).attr("name");
- //When using SNAT or DNAT, check "USE NAT" Checkbox
- if ( id === 'snat' || id === 'dnat') {
- \$('#USE_NAT').prop('checked', true);
- }
\$('#' + id).prop("checked", true);
});
});
END
## ACTION ####
-if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'})
-{
- &reread_rules;
- &showmenu;
-}
# Update
if ($fwhostsettings{'ACTION'} eq 'updatenet' )
{
my $count=0;
my $needrules=0;
$errormessage=&checkports(\%customservice);
+ if ($fwhostsettings{'oldsrvname'} ne $fwhostsettings{'SRV_NAME'} && !&checkgroup($fwhostsettings{'SRV_NAME'})){
+ $errormessage=$Lang::tr{'fwhost err grpexist'};
+ }
if (!$errormessage){
&General::readhasharray("$configsrv", \%customservice);
foreach my $key (keys %customservice)
{
if ($customservice{$key}[0] eq $fwhostsettings{'oldsrvname'})
{
- $count=$customservice{$key}[4];
delete $customservice{$key};
&General::writehasharray("$configsrv", \%customservice);
last;
$fwhostsettings{'ICMP_TYPES'}='BLANK';
}
my $key1 = &General::findhasharraykey(\%customservice);
+ #find out short ICMP-TYPE
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ foreach my $key (keys %icmptypes){
+ if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwhostsettings{'ICMP_TYPES'}){
+ $fwhostsettings{'ICMP_TYPES'}=$icmptypes{$key}[0];
+ }
+ }
foreach my $i (0 .. 4) { $customservice{$key1}[$i] = "";}
$customservice{$key1}[0] = $fwhostsettings{'SRV_NAME'};
$customservice{$key1}[1] = $fwhostsettings{'SRV_PORT'};
$customservice{$key1}[2] = $fwhostsettings{'PROT'};
$customservice{$key1}[3] = $fwhostsettings{'ICMP_TYPES'};
- $customservice{$key1}[4] = $count;
&General::writehasharray("$configsrv", \%customservice);
#check if we need to update firewallrules
if ($fwhostsettings{'SRV_NAME'} ne $fwhostsettings{'oldsrvname'}){
}
&General::writehasharray("$fwconfiginp", \%fwinp);
}
+ if ( ! -z $fwconfigout ){
+ &General::readhasharray("$fwconfigout", \%fwout);
+ foreach my $line (sort keys %fwout){
+ if ($fwout{$line}[15] eq $fwhostsettings{'oldsrvname'}){
+ $fwout{$line}[15] = $fwhostsettings{'SRV_NAME'};
+ }
+ }
+ &General::writehasharray("$fwconfigout", \%fwout);
+ }
#check if we need to update groups
&General::readhasharray("$configsrvgrp", \%customservicegrp);
foreach my $key (sort keys %customservicegrp){
if($customservicegrp{$key}[2] eq $fwhostsettings{'oldsrvname'}){
$customservicegrp{$key}[2] = $fwhostsettings{'SRV_NAME'};
+ &checkrulereload($customservicegrp{$key}[0]);
}
}
&General::writehasharray("$configsrvgrp", \%customservicegrp);
- $needrules='on';
- }
- if($count gt 0 && $fwhostsettings{'oldsrvport'} ne $fwhostsettings{'SRV_PORT'} ){
- $needrules='on';
- }
- if($count gt 0 && $fwhostsettings{'oldsrvprot'} ne $fwhostsettings{'PROT'} ){
- $needrules='on';
}
+ &checkrulereload($fwhostsettings{'SRV_NAME'});
$fwhostsettings{'SRV_NAME'} = '';
$fwhostsettings{'SRV_PORT'} = '';
$fwhostsettings{'PROT'} = '';
+ $fwhostsettings{'ICMP'} = '';
+ $fwhostsettings{'oldsrvicmp'} = '';
+ $fwhostsettings{'updatesrv'} = '';
}else{
$fwhostsettings{'SRV_NAME'} = $fwhostsettings{'oldsrvname'};
$fwhostsettings{'SRV_PORT'} = $fwhostsettings{'oldsrvport'};
$fwhostsettings{'PROT'} = $fwhostsettings{'oldsrvprot'};
+ $fwhostsettings{'ICMP'} = $fwhostsettings{'oldsrvicmp'};
$fwhostsettings{'updatesrv'}= 'on';
}
- if($needrules eq 'on'){
- &rules;
- }
&addservice;
}
# save
if ($fwhostsettings{'ACTION'} eq 'savenet' )
{
- my $count=0;
my $needrules=0;
if ($fwhostsettings{'orgname'} eq ''){$fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};}
#check if all fields are set
$customnetwork{$key}[1] = $fwhostsettings{'orgip'} ;
$customnetwork{$key}[2] = $fwhostsettings{'orgsub'};
$customnetwork{$key}[3] = $fwhostsettings{'orgnetremark'};
- $customnetwork{$key}[4] = $fwhostsettings{'count'};
&General::writehasharray("$confignet", \%customnetwork);
undef %customnetwork;
}
if ($fwhostsettings{'update'} == '0'){
foreach my $key (keys %customnetwork) {
if($customnetwork{$key}[0] eq $fwhostsettings{'orgname'}){
- $count=$customnetwork{$key}[4];
delete $customnetwork{$key};
last;
}
#get count if actualize is 'on'
if($fwhostsettings{'actualize'} eq 'on'){
$fwhostsettings{'actualize'} = '';
- $count=$fwhostsettings{'count'};
#check if we need to reload rules
- if($fwhostsettings{'orgip'} ne $fwhostsettings{'IP'} && $count gt '0'){
+ if($fwhostsettings{'orgip'} ne $fwhostsettings{'IP'}){
$needrules='on';
}
if ($fwhostsettings{'orgname'} ne $fwhostsettings{'HOSTNAME'}){
}
}
my $key = &General::findhasharraykey (\%customnetwork);
- foreach my $i (0 .. 4) { $customnetwork{$key}[$i] = "";}
+ foreach my $i (0 .. 3) { $customnetwork{$key}[$i] = "";}
$fwhostsettings{'SUBNET'} = &General::iporsubtocidr($fwhostsettings{'SUBNET'});
$customnetwork{$key}[0] = $fwhostsettings{'HOSTNAME'};
#convert ip when leading '0' in byte
$fwhostsettings{'IP'} =&General::dec2ip($fwhostsettings{'IP'});
$customnetwork{$key}[1] = &General::getnetworkip($fwhostsettings{'IP'},$fwhostsettings{'SUBNET'}) ;
$customnetwork{$key}[2] = &General::iporsubtodec($fwhostsettings{'SUBNET'}) ;
- if($fwhostsettings{'newnet'} eq 'on'){$count=0;}
$customnetwork{$key}[3] = $fwhostsettings{'NETREMARK'};
- $customnetwork{$key}[4] = $count;
&General::writehasharray("$confignet", \%customnetwork);
$fwhostsettings{'IP'}=$fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'});
undef %customnetwork;
$fwhostsettings{'NETREMARK'}='';
#check if an edited net affected groups and need to reload rules
if ($needrules eq 'on'){
- &rules;
+ &General::firewall_config_changed();
}
&addnet;
&viewtablenet;
}
if ($fwhostsettings{'ACTION'} eq 'savehost')
{
- my $count=0;
my $needrules=0;
if ($fwhostsettings{'orgname'} eq ''){$fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};}
$fwhostsettings{'SUBNET'}='32';
if($fwhostsettings{'actualize'} eq 'on' && $fwhostsettings{'newhost'} ne 'on' && $errormessage){
$fwhostsettings{'actualize'} = '';
my $key = &General::findhasharraykey (\%customhost);
- foreach my $i (0 .. 4) { $customhost{$key}[$i] = "";}
+ foreach my $i (0 .. 3) { $customhost{$key}[$i] = "";}
$customhost{$key}[0] = $fwhostsettings{'orgname'} ;
$customhost{$key}[1] = $fwhostsettings{'type'} ;
if($customhost{$key}[1] eq 'ip'){
$customhost{$key}[2] = $fwhostsettings{'orgip'};
}
$customhost{$key}[3] = $fwhostsettings{'orgremark'};
- $customhost{$key}[4] = $fwhostsettings{'count'};
&General::writehasharray("$confighost", \%customhost);
undef %customhost;
}
if (!$errormessage){
#get count if host was edited
if($fwhostsettings{'actualize'} eq 'on'){
- $count=$fwhostsettings{'count'};
- if($fwhostsettings{'orgip'} ne $fwhostsettings{'IP'} && $count gt '0' ){
+ if($fwhostsettings{'orgip'} ne $fwhostsettings{'IP'}){
$needrules='on';
}
if($fwhostsettings{'orgname'} ne $fwhostsettings{'HOSTNAME'}){
}
}
my $key = &General::findhasharraykey (\%customhost);
- foreach my $i (0 .. 4) { $customhost{$key}[$i] = "";}
+ foreach my $i (0 .. 3) { $customhost{$key}[$i] = "";}
$customhost{$key}[0] = $fwhostsettings{'HOSTNAME'} ;
$customhost{$key}[1] = $fwhostsettings{'type'} ;
if ($fwhostsettings{'type'} eq 'ip'){
}else{
$customhost{$key}[2] = $fwhostsettings{'IP'};
}
- if($fwhostsettings{'newhost'} eq 'on'){$count=0;}
$customhost{$key}[3] = $fwhostsettings{'HOSTREMARK'};
- $customhost{$key}[4] =$count;
&General::writehasharray("$confighost", \%customhost);
undef %customhost;
$fwhostsettings{'HOSTNAME'}='';
$fwhostsettings{'HOSTREMARK'}='';
#check if we need to update rules while host was edited
if($needrules eq 'on'){
- &rules;
+ &General::firewall_config_changed();
}
&addhost;
&viewtablehost;
}
if ($fwhostsettings{'ACTION'} eq 'savegrp')
{
- my $grp=$fwhostsettings{'grp_name'};;
+ my $grp=$fwhostsettings{'grp_name'};
my $rem=$fwhostsettings{'remark'};
my $count;
my $type;
&General::readhasharray("$configgrp", \%customgrp);
&General::readhasharray("$confignet", \%customnetwork);
&General::readhasharray("$confighost", \%customhost);
+ &General::readhasharray("$fwconfigfwd", \%fwfwd);
+ &General::readhasharray("$fwconfiginp", \%fwinp);
+ &General::readhasharray("$fwconfigout", \%fwout);
#check name
if (!&validhostname($grp)){$errormessage.=$Lang::tr{'fwhost err name'};}
+ #check existing name
+ if (!&checkgroup($grp) && $fwhostsettings{'update'} ne 'on'){$errormessage.=$Lang::tr{'fwhost err grpexist'};}
#check remark
if ($rem ne '' && !&validremark($rem) && $fwhostsettings{'update'} ne 'on'){
$errormessage.=$Lang::tr{'fwhost err remark'};
}
&General::writehasharray("$configgrp", \%customgrp);
&General::readhasharray("$configgrp", \%customgrp);
- #get count used
- foreach my $key (keys %customgrp)
- {
- if($customgrp{$key}[0] eq $grp)
- {
- $count=$customgrp{$key}[4];
- last;
- }
- }
- if ($count eq '' ){$count='0';}
-
#create array with new lines
foreach my $line (@target){
push (@newgrp,"$grp,$rem,$line");
#append new entries
my $key = &General::findhasharraykey (\%customgrp);
foreach my $line (@newgrp){
- foreach my $i (0 .. 4) { $customgrp{$key}[$i] = "";}
+ foreach my $i (0 .. 3) { $customgrp{$key}[$i] = "";}
my ($a,$b,$c,$d) = split (",",$line);
$customgrp{$key}[0] = $a;
$customgrp{$key}[1] = $b;
$customgrp{$key}[2] = $c;
$customgrp{$key}[3] = $type;
- $customgrp{$key}[4] = $count;
}
&General::writehasharray("$configgrp", \%customgrp);
#update counter in Host/Net
- if($updcounter eq 'net'){
- foreach my $key (keys %customnetwork) {
- if($customnetwork{$key}[0] eq $fwhostsettings{'CUST_SRC_NET'}){
- $customnetwork{$key}[4] = $customnetwork{$key}[4]+1;
- last;
- }
- }
- &General::writehasharray("$confignet", \%customnetwork);
- }elsif($updcounter eq 'host'){
- foreach my $key (keys %customhost) {
- if ($customhost{$key}[0] eq $fwhostsettings{'CUST_SRC_HOST'}){
- $customhost{$key}[4]=$customhost{$key}[4]+1;
- }
- }
- &General::writehasharray("$confighost", \%customhost);
- }
$fwhostsettings{'update'}='on';
}
#check if ruleupdate is needed
- if($count > 0 )
+ my $netgrpcount=0;
+ $netgrpcount=&getnetcount($grp);
+ if($netgrpcount > 0 )
{
- &rules;
+ &General::firewall_config_changed();
}
&addgrp;
&viewtablegrp;
{
my $ICMP;
&General::readhasharray("$configsrv", \%customservice );
+ &General::readhasharray("$configgrp", \%customgrp);
$errormessage=&checkports(\%customservice);
if ($fwhostsettings{'PROT'} eq 'ICMP'){
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
}
}
}
- if($ICMP eq ''){$ICMP='BLANK';}
+ if($ICMP eq ''){$ICMP=$fwhostsettings{'ICMP_TYPES'};}
+ if ($fwhostsettings{'PROT'} ne 'ICMP'){$ICMP='BLANK';}
+ #Check if a group with the same name already exists
+ if (!&checkgroup($fwhostsettings{'SRV_NAME'})){
+ $errormessage = $Lang::tr{'fwhost err grpexist'};
+ }
if (!$errormessage){
my $key = &General::findhasharraykey (\%customservice);
foreach my $i (0 .. 4) { $customservice{$key}[$i] = "";}
$customservice{$key}[1] = $fwhostsettings{'SRV_PORT'};
$customservice{$key}[2] = $fwhostsettings{'PROT'};
$customservice{$key}[3] = $ICMP;
- $customservice{$key}[4] = 0;
&General::writehasharray("$configsrv", \%customservice );
#reset fields
$fwhostsettings{'SRV_NAME'}='';
{
my $prot;
my $port;
- my $count=0;
+ my $tcpcounter=0;
+ my $udpcounter=0;
&General::readhasharray("$configsrvgrp", \%customservicegrp );
&General::readhasharray("$configsrv", \%customservice );
$errormessage=&checkservicegroup;
+ #Check if we have more than 15 services from one Protocol in the group
+ #iptables can only handle 15 ports/portranges via multiport
+ foreach my $key (keys %customservicegrp){
+ if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'}){
+ foreach my $key1 (keys %customservice){
+ $tcpcounter++ if $customservice{$key1}[2] eq 'TCP' && $customservicegrp{$key}[2] eq $customservice{$key1}[0];
+ $tcpcounter++ if $customservice{$key1}[2] eq 'TCP' && $customservicegrp{$key}[2] eq $customservice{$key1}[0] && $customservice{$key1}[1] =~m/:/i;
+ $udpcounter++ if $customservice{$key1}[2] eq 'UDP' && $customservicegrp{$key}[2] eq $customservice{$key1}[0];
+ $udpcounter++ if $customservice{$key1}[2] eq 'UDP' && $customservicegrp{$key}[2] eq $customservice{$key1}[0] && $customservice{$key1}[1] =~m/:/i;
+ }
+ }
+ }
+ if ($tcpcounter > 15){
+ $errormessage=$Lang::tr{'fwhost err maxservicetcp'};
+ }
+ if ($udpcounter > 15){
+ $errormessage=$Lang::tr{'fwhost err maxserviceudp'};
+ }
+ $tcpcounter=0;
+ $udpcounter=0;
#check remark
if ($fwhostsettings{'SRVGRP_REMARK'} ne '' && !&validremark($fwhostsettings{'SRVGRP_REMARK'})){
- $errormessage=$Lang::tr{'fwhost err remark'};
+ $errormessage .= $Lang::tr{'fwhost err remark'};
+ }
+ #Check if there is already a service with the same name
+ if(!&checkservice($fwhostsettings{'SRVGRP_NAME'})){
+ $errormessage .= $Lang::tr{'fwhost err srv exists'};
}
if (!$errormessage){
#on first save, we have to enter a dummy value
}
#on update, we have to delete the dummy entry
foreach my $key (keys %customservicegrp){
- if ($customservicegrp{$key}[2] eq 'none'){
+ if ($customservicegrp{$key}[2] eq 'none' && $customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'}){
delete $customservicegrp{$key};
last;
}
{
$customservicegrp{$key}[1]='';
$customservicegrp{$key}[1]=$fwhostsettings{'SRVGRP_REMARK'};
- }
- }
- }
- #get count used
- foreach my $key (keys %customservicegrp)
- {
- if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'})
- {
- $count=$customservicegrp{$key}[3];
- last;
- }
- }
- if ($count eq '' ){$count='0';}
-
- foreach my $key (sort keys %customservice){
- if($customservice{$key}[0] eq $fwhostsettings{'CUST_SRV'}){
- $port=$customservice{$key}[1];
- $prot=$customservice{$key}[2];
- $customservice{$key}[4]++;
+ }
}
}
- &General::writehasharray("$configsrv", \%customservice );
my $key = &General::findhasharraykey (\%customservicegrp);
- foreach my $i (0 .. 3) { $customservice{$key}[$i] = "";}
+ foreach my $i (0 .. 2) { $customservice{$key}[$i] = "";}
$customservicegrp{$key}[0] = $fwhostsettings{'SRVGRP_NAME'};
$customservicegrp{$key}[1] = $fwhostsettings{'SRVGRP_REMARK'};
$customservicegrp{$key}[2] = $fwhostsettings{'CUST_SRV'};
- $customservicegrp{$key}[3] = $count;
&General::writehasharray("$configsrvgrp", \%customservicegrp );
$fwhostsettings{'updatesrvgrp'}='on';
}
- if ($count gt 0){
- &rules;
- }
+ &checkrulereload($fwhostsettings{'SRVGRP_NAME'});
&addservicegrp;
&viewtableservicegrp;
}
&General::readhasharray("$configgrp", \%customgrp);
foreach my $key (keys %customgrp){
if($customgrp{$key}[0].",".$customgrp{$key}[1].",".$customgrp{$key}[2].",".$customgrp{$key}[3] eq $fwhostsettings{'delhost'}){
- #decrease count from source host/net
- if ($customgrp{$key}[3] eq 'Custom Network'){
- &General::readhasharray("$confignet", \%customnetwork);
- foreach my $key1 (keys %customnetwork){
- if ($customnetwork{$key1}[0] eq $customgrp{$key}[2]){
- $customnetwork{$key1}[4] = $customnetwork{$key1}[4]-1;
- last;
- }
- }
- &General::writehasharray("$confignet", \%customnetwork);
- }
- if ($customgrp{$key}[3] eq 'Custom Host'){
- &General::readhasharray("$confighost", \%customhost);
- foreach my $key1 (keys %customhost){
- if ($customhost{$key1}[0] eq $customgrp{$key}[2]){
- $customhost{$key1}[4] = $customhost{$key1}[4]-1;
- last;
- }
- }
- &General::writehasharray("$confighost", \%customhost);
- }
$grpname=$customgrp{$key}[0];
$grpremark=$customgrp{$key}[1];
- delete $customgrp{$key};
+ #check if we delete the last entry, then generate dummy
+ if ($fwhostsettings{'last'} eq 'on'){
+ $customgrp{$key}[1] = '';
+ $customgrp{$key}[2] = 'none';
+ $customgrp{$key}[3] = '';
+ $fwhostsettings{'last'}='';
+ last;
+ }else{
+ delete $customgrp{$key};
+ }
}
}
&General::writehasharray("$configgrp", \%customgrp);
- if ($fwhostsettings{'grpcnt'} > 0){&rules;}
+ &General::firewall_config_changed();
+ if ($fwhostsettings{'grpcnt'} > 0){
+ &General::firewall_config_changed();
+ }
if ($fwhostsettings{'update'} eq 'on'){
$fwhostsettings{'remark'}= $grpremark;
$fwhostsettings{'grp_name'}=$grpname;
&General::readhasharray("$configsrv", \%customservice);
foreach my $key (keys %customservice) {
if($customservice{$key}[0] eq $fwhostsettings{'SRV_NAME'}){
- #&deletefromgrp($customhost{$key}[0],$configgrp);
delete $customservice{$key};
&General::writehasharray("$configsrv", \%customservice);
last;
my $grpname;
my $grpremark;
&General::readhasharray("$configsrvgrp", \%customservicegrp);
- &General::readhasharray("$configsrv", \%customservice);
foreach my $key (keys %customservicegrp){
- if($customservicegrp{$key}[0].",".$customservicegrp{$key}[1].",".$customservicegrp{$key}[2].",".$customservicegrp{$key}[3] eq $fwhostsettings{'delsrvfromgrp'})
+ if($customservicegrp{$key}[0].",".$customservicegrp{$key}[1].",".$customservicegrp{$key}[2] eq $fwhostsettings{'delsrvfromgrp'})
{
- #decrease count from source service
- foreach my $key1 (sort keys %customservice){
- if($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
- $customservice{$key1}[4]--;
- last;
- }
- }
- &General::writehasharray("$configsrv", \%customservice);
$grpname=$customservicegrp{$key}[0];
$grpremark=$customservicegrp{$key}[1];
- delete $customservicegrp{$key};
+ if($fwhostsettings{'last'} eq 'on'){
+ $customservicegrp{$key}[2] = 'none';
+ $fwhostsettings{'last'} = '';
+ last;
+ }else{
+ delete $customservicegrp{$key};
+ }
}
}
&General::writehasharray("$configsrvgrp", \%customservicegrp);
- &rules;
+ &General::firewall_config_changed();
if ($fwhostsettings{'updatesrvgrp'} eq 'on'){
$fwhostsettings{'SRVGRP_NAME'}=$grpname;
$fwhostsettings{'SRVGRP_REMARK'}=$grpremark;
}
&addservicegrp;
&viewtableservicegrp;
-
}
if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newnet'})
{
&General::writehasharray("$configsrvgrp", \%customservicegrp);
$fwhostsettings{'updatesrvgrp'}='on';
$fwhostsettings{'SRVGRP_REMARK'}=$fwhostsettings{'newsrvrem'};
+ }elsif($fwhostsettings{'oldsrvrem'} eq $fwhostsettings{'newsrvrem'}){
+ &addservicegrp;
+ &viewtableservicegrp;
}else{
$errormessage=$Lang::tr{'fwhost err remark'};
$fwhostsettings{'SRVGRP_REMARK'}=$fwhostsettings{'oldsrvrem'};
&addservicegrp;
&viewtableservicegrp;
}
+if ($fwhostsettings{'ACTION'} eq 'changesrvgrpname')
+{
+ &General::readhasharray("$configsrvgrp", \%customservicegrp );
+ if ($fwhostsettings{'oldsrvgrpname'} ne $fwhostsettings{'srvgrp'}){
+ #Check new groupname
+ if (!&validhostname($fwhostsettings{'srvgrp'})){
+ $errormessage.=$Lang::tr{'fwhost err name'}."<br>";
+ }
+ if (!$errormessage){
+ #Rename group in customservicegroup
+ foreach my $key (keys %customservicegrp) {
+ if($customservicegrp{$key}[0] eq $fwhostsettings{'oldsrvgrpname'}){
+ $customservicegrp{$key}[0]=$fwhostsettings{'srvgrp'};
+ }
+ }
+ &General::writehasharray("$configsrvgrp", \%customservicegrp );
+ #change name in FW Rules
+ &changenameinfw($fwhostsettings{'oldsrvgrpname'},$fwhostsettings{'srvgrp'},15);
+ }
+ }
+ &addservicegrp;
+ &viewtableservicegrp;
+}
+if ($fwhostsettings{'ACTION'} eq 'changegrpname')
+{
+ &General::readhasharray("$configgrp", \%customgrp );
+ if ($fwhostsettings{'oldgrpname'} ne $fwhostsettings{'grp'}){
+ #Check new groupname
+ if (!&validhostname($fwhostsettings{'grp'})){
+ $errormessage.=$Lang::tr{'fwhost err name'}."<br>";
+ }
+ if (!$errormessage){
+ #Rename group in customservicegroup
+ foreach my $key (keys %customgrp) {
+ if($customgrp{$key}[0] eq $fwhostsettings{'oldgrpname'}){
+ $customgrp{$key}[0]=$fwhostsettings{'grp'};
+ }
+ }
+ &General::writehasharray("$configgrp", \%customgrp );
+ #change name in FW Rules
+ &changenameinfw($fwhostsettings{'oldgrpname'},$fwhostsettings{'grp'},6);
+ }
+ }
+ &addgrp;
+ &viewtablegrp;
+}
### VIEW ###
if($fwhostsettings{'ACTION'} eq '')
{
&showmenu;
}
### FUNCTIONS ###
-sub showmenu
-{
- if (-f "${General::swroot}/forward/reread"){
- print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>    $Lang::tr{'fwhost reread'}</td></tr></table></form><br>";
- }
- &Header::openbox('100%', 'left',$Lang::tr{'fwhost menu'});
+sub showmenu {
+ &Header::openbox('100%', 'left',);
print "$Lang::tr{'fwhost welcome'}";
print<<END;
<br><br><table border='0' width='100%'>
<tr><td><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newnet'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newhost'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newgrp'}' ></form></td>
<td align='right'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservice'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservicegrp'}' ></form></td></tr>
- <tr><td colspan='6'><hr></td></tr></table>
+ <tr><td colspan='6'></td></tr></table>
END
&Header::closebox();
$fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};
$fwhostsettings{'orgnetremark'}=$fwhostsettings{'NETREMARK'};
print<<END;
- <table border='0' width='100%'>
+ <table border='0' width='100%' >
<tr><td width='15%'>$Lang::tr{'name'}:</td><td><form method='post'><input type='TEXT' name='HOSTNAME' id='textbox1' value='$fwhostsettings{'HOSTNAME'}' $fwhostsettings{'BLK_HOST'} size='20'><script>document.getElementById('textbox1').focus()</script></td></tr>
<tr><td>$Lang::tr{'fwhost netaddress'}:</td><td><input type='TEXT' name='IP' value='$fwhostsettings{'IP'}' $fwhostsettings{'BLK_IP'} size='20' maxlength='15'></td></tr>
<tr><td>$Lang::tr{'netmask'}:</td><td><input type='TEXT' name='SUBNET' value='$fwhostsettings{'SUBNET'}' $fwhostsettings{'BLK_IP'} size='20' maxlength='15'></td></tr>
<tr><td>$Lang::tr{'remark'}:</td><td><input type='TEXT' name='NETREMARK' value='$fwhostsettings{'NETREMARK'}' style='width: 98.5%;'></td></tr>
- <tr><td colspan='6'><br><hr></td></tr><tr>
+ <tr><td colspan='6'><br></td></tr><tr>
END
if ($fwhostsettings{'ACTION'} eq 'editnet' || $fwhostsettings{'error'} eq 'on')
{
- print "<td colspan='6' align='right' ><input type='submit' value='$Lang::tr{'update'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='updatenet'><input type='hidden' name='orgnetremark' value='$fwhostsettings{'orgnetremark'}' ><input type='hidden' name='orgname' value='$fwhostsettings{'orgname'}' ><input type='hidden' name='update' value='on'><input type='hidden' name='newnet' value='$fwhostsettings{'newnet'}'></td>";
+ print "<td colspan='6' align='right'><input type='submit' value='$Lang::tr{'update'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='updatenet'><input type='hidden' name='orgnetremark' value='$fwhostsettings{'orgnetremark'}' ><input type='hidden' name='orgname' value='$fwhostsettings{'orgname'}' ><input type='hidden' name='update' value='on'><input type='hidden' name='newnet' value='$fwhostsettings{'newnet'}'>";
}else{
- print "<td colspan='6' align='right'><input type='submit' value='$Lang::tr{'save'}' style='min-width:100px;'/><input type='hidden' name='ACTION' value='savenet'><input type='hidden' name='newnet' value='on'>";
- }
+ print "<td colspan='6' align='right'><input type='submit' value='$Lang::tr{'save'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='savenet'><input type='hidden' name='newnet' value='on'>";
+ }
print "</form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;' ><input type='hidden' name='ACTION' value='resetnet'></form></td></tr></table>";
&Header::closebox();
}
$fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};
$fwhostsettings{'orgremark'}=$fwhostsettings{'HOSTREMARK'};
print<<END;
- <table border='0' width='100%'>
+ <table width='100%'>
<tr><td>$Lang::tr{'name'}:</td><td><form method='post' style='display:inline;'><input type='TEXT' name='HOSTNAME' id='textbox1' value='$fwhostsettings{'HOSTNAME'}' $fwhostsettings{'BLK_HOST'} size='20'><script>document.getElementById('textbox1').focus()</script></td></tr>
<tr><td>IP/MAC:</td><td><input type='TEXT' name='IP' value='$fwhostsettings{'IP'}' $fwhostsettings{'BLK_IP'} size='20' maxlength='17'></td></tr>
<tr><td width='10%'>$Lang::tr{'remark'}:</td><td><input type='TEXT' name='HOSTREMARK' value='$fwhostsettings{'HOSTREMARK'}' style='width:98%;'></td></tr>
- <tr><td colspan='5'><hr></td></tr><tr>
+ <tr><td colspan='5'><br></td></tr><tr>
END
if ($fwhostsettings{'ACTION'} eq 'edithost' || $fwhostsettings{'error'} eq 'on')
$checked{'check1'}{'on'} = '';
$checked{'grp2'}{$fwhostsettings{'grp2'}} = 'CHECKED';
$fwhostsettings{'oldremark'}=$fwhostsettings{'remark'};
+ $fwhostsettings{'oldgrpname'}=$fwhostsettings{'grp_name'};
my $grp=$fwhostsettings{'grp_name'};
my $rem=$fwhostsettings{'remark'};
if ($fwhostsettings{'update'} eq ''){
print<<END;
- <table width='100%' border='0'>
- <tr><td width='10%'>$Lang::tr{'fwhost addgrpname'}</td><td><form method='post'><input type='TEXT' name='grp_name' value='$fwhostsettings{'grp_name'}' size='20'></td></tr>
- <tr><td width='10%'>$Lang::tr{'remark'}:</td><td ><input type='TEXT' name='remark' value='$fwhostsettings{'remark'}' style='width: 98%;'></td></tr>
- <tr><td colspan='2'><br><hr></td></tr></table>
+ <table width='100%' border='0'>
+ <tr>
+ <td style='width:15%;'>$Lang::tr{'fwhost addgrpname'}</td>
+ <td><form method='post'><input type='TEXT' name='grp_name' value='$fwhostsettings{'grp_name'}' size='30'></td>
+ </tr>
+ <tr>
+ <td>$Lang::tr{'remark'}:</td>
+ <td ><input type='TEXT' name='remark' value='$fwhostsettings{'remark'}' style='width: 99%;'></td>
+ </tr>
+ <tr>
+ <td colspan='2'><br></td>
+ </tr>
+ </table>
END
}else{
print<<END;
- <table width='100%' border='0'><form method='post' style='display:inline'>
- <tr><td nowrap='nowrap' width='12%'>$Lang::tr{'fwhost addgrpname'}</td><td><input type='TEXT' name='grp' value='$fwhostsettings{'grp_name'}' readonly ></td><td></td></tr>
- <tr><td>$Lang::tr{'remark'}:</td><td><input type='TEXT' name='newrem' size='45' value='$fwhostsettings{'remark'}' style='width:98%'></td><td align='right'><input type='submit' value='$Lang::tr{'fwhost change'}'><input type='hidden' name='oldrem' value='$fwhostsettings{'oldremark'}'><input type='hidden' name='ACTION' value='changegrpremark' ></td></tr></table></form>
- <hr>
+ <table width='100%' border='0'><form method='post'>
+ <tr>
+ <td style='width:15%;'>$Lang::tr{'fwhost addgrpname'}</td>
+ <td style='width:30%;'><input type='TEXT' name='grp' value='$fwhostsettings{'grp_name'}' size='30'></td>
+ <td><input type='submit' value='$Lang::tr{'fwhost change'}'><input type='hidden' name='oldgrpname' value='$fwhostsettings{'oldgrpname'}'><input type='hidden' name='ACTION' value='changegrpname'></td>
+ <td></td></form>
+ </tr>
+ <tr><form method='post' style='display:inline'>
+ <td>$Lang::tr{'remark'}:</td>
+ <td colspan='2' style='width:98%;'><input type='TEXT' name='newrem' value='$fwhostsettings{'remark'}' style='width:98%;'></td>
+ <td align='right'><input type='submit' value='$Lang::tr{'fwhost change'}'><input type='hidden' name='grp' value='$fwhostsettings{'grp_name'}'><input type='hidden' name='oldrem' value='$fwhostsettings{'oldremark'}'><input type='hidden' name='ACTION' value='changegrpremark' ></td>
+ </tr>
+ </table></form>
+ <br><br>
END
}
if ($fwhostsettings{'update'} eq 'on'){
<form method='post'><input type='hidden' name='remark' value='$rem'><input type='hidden' name='grp_name' value='$grp'>
<table width='100%' border='0'>
<tr><td width=50% valign='top'>
- <table width='100%' border='0'>
- <tr><td width='1%'><input type='radio' name='grp2' value='std_net' id='DEFAULT_SRC_ADR' checked></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost stdnet'}</td><td><select name='DEFAULT_SRC_ADR' style='min-width:185px;'>
+ <table width='90%' border='0'>
+ <tr>
+ <td style='width:15em;'>
+ <label>
+ <input type='radio' name='grp2' value='std_net' id='DEFAULT_SRC_ADR' checked>
+ $Lang::tr{'fwhost stdnet'}
+ </label>
+ </td>
+ <td style='text-align:right;'>
+ <select name='DEFAULT_SRC_ADR' style='width:16em;'>
END
foreach my $network (sort keys %defaultNetworks)
{
}
print"</select></td></tr>";
if (! -z $confignet){
- print"<tr><td><input type='radio' name='grp2' id='CUST_SRC_NET' value='cust_net' $checked{'grp2'}{'cust_net'}></td><td>$Lang::tr{'fwhost cust net'}</td><td><select name='CUST_SRC_NET' style='min-width:185px;'>";
+ print<<END;
+ <tr>
+ <td>
+ <label>
+ <input type='radio' name='grp2' id='CUST_SRC_NET' value='cust_net' $checked{'grp2'}{'cust_net'}>
+ $Lang::tr{'fwhost cust net'}:
+ </label>
+ </td>
+ <td style='text-align:right;'>
+ <select name='CUST_SRC_NET' style='width:16em;'>";
+END
foreach my $key (sort { ncmp($customnetwork{$a}[0],$customnetwork{$b}[0]) } keys %customnetwork) {
print"<option>$customnetwork{$key}[0]</option>";
}
print"</select></td></tr>";
}
if (! -z $confighost){
- print"<tr><td valign='top'><input type='radio' name='grp2' id='CUST_SRC_HOST' value='cust_host' $checked{'grp2'}{'cust_host'}></td><td valign='top'>$Lang::tr{'fwhost cust addr'}</td><td><select name='CUST_SRC_HOST' style='min-width:185px;'>";
+ print<<END;
+ <tr>
+ <td valign='top'>
+ <label>
+ <input type='radio' name='grp2' id='CUST_SRC_HOST' value='cust_host' $checked{'grp2'}{'cust_host'}>
+ $Lang::tr{'fwhost cust addr'}:
+ </label>
+ </td>
+ <td style='text-align:right;'>
+ <select name='CUST_SRC_HOST' style='width:16em;'>";
+END
foreach my $key (sort { ncmp($customhost{$a}[0],$customhost{$b}[0]) } keys %customhost) {
print"<option>$customhost{$key}[0]</option>";
}
}
print"</table>";
#Inner table right
- print"</td><td valign='top'><table width='100%' border='0'>";
+ print"</td><td align='right' style='vertical-align:top;'><table width='90%' border='0'>";
#OVPN networks
if (! -z $configccdnet){
- print"<td width='1%'><input type='radio' name='grp2' id='OVPN_CCD_NET' value='ovpn_net' $checked{'grp2'}{'ovpn_net'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%'><select name='OVPN_CCD_NET' style='min-width:185px;'>";
+ print<<END;
+ <td style='width:15em;'>
+ <label>
+ <input type='radio' name='grp2' id='OVPN_CCD_NET' value='ovpn_net' $checked{'grp2'}{'ovpn_net'}>
+ $Lang::tr{'fwhost ccdnet'}
+ </label>
+ </td>
+ <td style='text-align:right;'>
+ <select name='OVPN_CCD_NET' style='width:16em;'>";
+END
foreach my $key (sort { ncmp($ccdnet{$a}[0],$ccdnet{$b}[0]) } keys %ccdnet)
{
print"<option value='$ccdnet{$key}[0]'>$ccdnet{$key}[0]</option>";
print"</select></td></tr>";
}
#OVPN clients
+ my @ovpn_clients=();
foreach my $key (sort { ncmp($ccdhost{$a}[0],$ccdhost{$b}[0]) } keys %ccdhost)
{
if ($ccdhost{$key}[33] ne ''){
- print"<td width='1%'><input type='radio' name='grp2' value='ovpn_host' $checked{'grp2'}{'ovpn_host'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' width='1%'><select name='OVPN_CCD_HOST' style='min-width:185px;'>" if ($show eq '');
$show='1';
- print"<option value='$ccdhost{$key}[1]'>$ccdhost{$key}[1]</option>";
+ push (@ovpn_clients,$ccdhost{$key}[1]);
}
}
- if ($show eq '1'){$show='';print"</select></td></tr>";}
+ if ($show eq '1'){
+ $show='';
+ print<<END;
+ <td style='width:15em;'>
+ <label>
+ <input type='radio' name='grp2' value='ovpn_host' $checked{'grp2'}{'ovpn_host'}>
+ $Lang::tr{'fwhost ccdhost'}
+ </label>
+ </td>
+ <td style='text-align:right;'>
+ <select name='OVPN_CCD_HOST' style='width:16em;'>" if ($show eq '');
+END
+ foreach(@ovpn_clients){
+ print"<option value='$_'>$_</option>";
+ }
+ print"</select></td></tr>";
+ }
#OVPN n2n networks
+ my @OVPN_N2N=();
foreach my $key (sort { ncmp($ccdhost{$a}[1],$ccdhost{$b}[1]) } keys %ccdhost) {
if($ccdhost{$key}[3] eq 'net'){
- print"<td width='1%'><input type='radio' name='grp2' id='OVPN_N2N' value='ovpn_n2n' $checked{'grp2'}{'ovpn_n2n'}></td><td valign='top'>$Lang::tr{'fwhost ovpn_n2n'}</td><td colspan='3'><select name='OVPN_N2N' style='min-width:185px;'>" if ($show eq '');
$show='1';
- print"<option>$ccdhost{$key}[1]</option>";
+ push (@OVPN_N2N,$ccdhost{$key}[1]);
+ }
+ }
+ if ($show eq '1'){
+ $show='';
+ print<<END;
+ <td style='width:15em;'>
+ <label>
+ <input type='radio' name='grp2' id='OVPN_N2N' value='ovpn_n2n' $checked{'grp2'}{'ovpn_n2n'}>
+ $Lang::tr{'fwhost ovpn_n2n'}:
+ </label>
+ </td>
+ <td style='text-align:right;'>
+ <select name='OVPN_N2N' style='width:16em;'>"
+END
+ foreach(@OVPN_N2N){
+ print"<option>$_</option>";
}
+ print"</select></td></tr>";
}
- if ($show eq '1'){$show='';print"</select></td></tr>";}
#IPsec networks
+ my @IPSEC_N2N=();
foreach my $key (sort { ncmp($ipsecconf{$a}[0],$ipsecconf{$b}[0]) } keys %ipsecconf) {
if ($ipsecconf{$key}[3] eq 'net'){
- print"<td valign='top'><input type='radio' name='grp2' id='IPSEC_NET' value='ipsec_net' $checked{'grp2'}{'ipsec_net'}></td><td valign='top'>$Lang::tr{'fwhost ipsec net'}</td><td><select name='IPSEC_NET' style='min-width:185px;'>" if ($show eq '');
$show='1';
- print"<option value='$ipsecconf{$key}[1]'>$ipsecconf{$key}[1]</option>";
+ push (@IPSEC_N2N,$ipsecconf{$key}[1]);
+ }
+ }
+ if ($show eq '1'){
+ $show='';
+ print<<END;
+ <td style='width:15em;'>
+ <label>
+ <input type='radio' name='grp2' id='IPSEC_NET' value='ipsec_net' $checked{'grp2'}{'ipsec_net'}>
+ $Lang::tr{'fwhost ipsec net'}
+ </label>
+ </td>
+ <td style='text-align:right;'>
+ <select name='IPSEC_NET' style='width:16em;'>"
+END
+ foreach(@IPSEC_N2N){
+ print"<option value='$_'>$_</option>";
}
}
- if ($show eq '1'){$show='';print"</select></td></tr>";}
+ print"</select></td></tr>";
print"</table>";
print"</td></tr></table>";
- print"<br><br><hr>";
+ print"<br><br>";
}
- print"<table border='0' width='100%'>";
- print"<tr><td align='right'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' /><input type='hidden' name='oldremark' value='$fwhostsettings{'oldremark'}'><input type='hidden' name='update' value=\"$fwhostsettings{'update'}\"><input type='hidden' name='ACTION' value='savegrp' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='resetgrp'></form></td></table>";
+ print"<table width='100%'>";
+ print"<tr><td style='text-align:right;'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' /><input type='hidden' name='oldremark' value='$fwhostsettings{'oldremark'}'><input type='hidden' name='update' value=\"$fwhostsettings{'update'}\"><input type='hidden' name='ACTION' value='savegrp' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='resetgrp'></form></td></table>";
&Header::closebox();
}
sub addservice
$fwhostsettings{'oldsrvname'} = $fwhostsettings{'SRV_NAME'};
$fwhostsettings{'oldsrvport'} = $fwhostsettings{'SRV_PORT'};
$fwhostsettings{'oldsrvprot'} = $fwhostsettings{'PROT'};
+ $fwhostsettings{'oldsrvicmp'} = $fwhostsettings{'ICMP'};
}
print<<END;
<table width='100%' border='0'><form method='post'>
<tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost srv_name'}:</td><td><input type='text' name='SRV_NAME' id='textbox1' value='$fwhostsettings{'SRV_NAME'}' size='24'><script>document.getElementById('textbox1').focus()</script></td></tr>
- <tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost prot'}:</td><td><select name='PROT'>
+ <tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost prot'}:</td><td><select name='PROT' id='protocol' >
END
foreach ("TCP","UDP","ICMP")
{
}
}
print<<END;
- </select></td></tr>
- <tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td><select name='ICMP_TYPES'>
+ </select></td></tr></table>
+ <div id='PROTOKOLL' class='noscript'><table width=100%' border='0'><tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td><select name='ICMP_TYPES'>
END
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
- print"<option>All ICMP-Types</option>";
+ print"<option value='All ICMP-Types'>$Lang::tr{'fwdfw all icmp'}</option>";
foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
- print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ if ($icmptypes{$key}[0] eq $fwhostsettings{'oldsrvicmp'}){
+ print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }else{
+ print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }
}
-
print<<END;
- </select></td></tr>
- <tr><td width='10%'>$Lang::tr{'fwhost port'}:</td><td><input type='text' name='SRV_PORT' value='$fwhostsettings{'SRV_PORT'}' maxlength='11' size='24'></td></tr>
- <tr><td colspan='6'><br><hr></td></tr>
+ </select></td></tr></table></div>
+ <div id='PORT' class='noscript'><table width='100%' border='0'><tr><td width='10%'>$Lang::tr{'fwhost port'}:</td><td><input type='text' name='SRV_PORT' value='$fwhostsettings{'SRV_PORT'}' maxlength='11' size='24'></td></tr></table></div>
+ <table width='100%' border='0'><tr><td colspan='6'><br></td></tr>
<tr><td colspan='6' align='right'>
END
if ($fwhostsettings{'updatesrv'} eq 'on')
<input type='hidden' name='ACTION' value='updateservice'>
<input type='hidden' name='oldsrvname' value='$fwhostsettings{'oldsrvname'}'>
<input type='hidden' name='oldsrvport' value='$fwhostsettings{'oldsrvport'}'>
- <input type='hidden' name='oldsrvprot' value='$fwhostsettings{'oldsrvprot'}'></form>
+ <input type='hidden' name='oldsrvprot' value='$fwhostsettings{'oldsrvprot'}'>
+ <input type='hidden' name='oldsrvicmp' value='$fwhostsettings{'oldsrvicmp'}'>
+ </form>
END
-
- }else{
+ }else{
print"<input type='submit' value='$Lang::tr{'save'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='saveservice'></form>";
}
print<<END;
<form style='display:inline;' method='post'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'></form></td></tr>
</table></form>
-
-
END
&Header::closebox();
&viewtableservice;
&showmenu;
&Header::openbox('100%', 'left', $Lang::tr{'fwhost addservicegrp'});
$fwhostsettings{'oldsrvgrpremark'}=$fwhostsettings{'SRVGRP_REMARK'};
+ $fwhostsettings{'oldsrvgrpname'}=$fwhostsettings{'SRVGRP_NAME'};
if ($fwhostsettings{'updatesrvgrp'} eq ''){
print<<END;
<table width='100%' border='0'><form method='post'>
<tr><td width='10%'>$Lang::tr{'fwhost addgrpname'}</td><td><input type='text' name='SRVGRP_NAME' value='$fwhostsettings{'SRVGRP_NAME'}' size='24'></td></tr>
<tr><td width='10%'>$Lang::tr{'remark'}:</td><td><input type='text' name='SRVGRP_REMARK' value='$fwhostsettings{'SRVGRP_REMARK'}' style='width: 98%;'></td></tr>
- <tr><td colspan='2'><br><hr></tr>
+ <tr><td colspan='2'><br></tr>
</table>
END
}else{
print<<END;
- <table width='100%' border='0'><form method='post' style='display:inline'>
- <tr><td width='10%'>$Lang::tr{'fwhost addgrpname'}</td><td><input type='text' name='srvgrp' value='$fwhostsettings{'SRVGRP_NAME'}' readonly size='14'></td><td width='3%'></td></tr>
- <tr><td width='10%'>$Lang::tr{'remark'}:</td><td><input type='text' name='newsrvrem' value='$fwhostsettings{'SRVGRP_REMARK'}' style='width:98%;'></td><td align='right'><input type='submit' value='$Lang::tr{'fwhost change'}'><input type='hidden' name='oldsrvrem' value='$fwhostsettings{'oldsrvgrpremark'}'><input type='hidden' name='ACTION' value='changesrvgrpremark' ></td></tr>
- <tr><td colspan='3'><br><hr></td></td></tr>
- </table></form>
+ <table width='100%'><form method='post' style='display:inline'>
+ <tr><td width='10%'>$Lang::tr{'fwhost addgrpname'}</td><td width='20%'><input type='text' name='srvgrp' value='$fwhostsettings{'SRVGRP_NAME'}' size='14'></td><td align='left'><input type='submit' value='$Lang::tr{'fwhost change'}'><input type='hidden' name='oldsrvgrpname' value='$fwhostsettings{'oldsrvgrpname'}'><input type='hidden' name='ACTION' value='changesrvgrpname'></td><td width='3%'></td></form></tr>
+ <tr>
+ <form method='post'>
+ <td width='10%'>
+ $Lang::tr{'remark'}:
+ </td>
+ <td colspan='2'>
+ <input type='text' name='newsrvrem' value='$fwhostsettings{'SRVGRP_REMARK'}' style='width:98%;'>
+ </td>
+ <td align='right'>
+ <input type='submit' value='$Lang::tr{'fwhost change'}'>
+ <input type='hidden' name='oldsrvrem' value='$fwhostsettings{'oldsrvgrpremark'}'>
+ <input type='hidden' name='srvgrp' value='$fwhostsettings{'SRVGRP_NAME'}'>
+ <input type='hidden' name='ACTION' value='changesrvgrpremark' >
+ </td>
+ </tr>
+ <tr>
+ <td colspan='4'>
+ <br>
+ </td>
+ </tr>
+ </table>
+ </form>
END
}
if($fwhostsettings{'updatesrvgrp'} eq 'on'){
print<<END;
<form method='post'><input type='hidden' name='SRVGRP_REMARK' value='$fwhostsettings{'SRVGRP_REMARK'}'><input type='hidden' name='SRVGRP_NAME' value='$fwhostsettings{'SRVGRP_NAME'}'><table border='0' width='100%'>
- <tr><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td><select name='CUST_SRV' style='min-width:185px;'>
+ <tr><td width='10%' nowrap='nowrap'>$Lang::tr{'add'}: </td><td><select name='CUST_SRV' style='min-width:185px;'>
END
&General::readhasharray("$configsrv", \%customservice);
+ #Protocols for use in servicegroups
+ print "<optgroup label='$Lang::tr{'fwhost cust service'}'>";
foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice)
{
print "<option>$customservice{$key}[0]</option>";
}
+ print "</optgroup>";
+ print "<optgroup label='$Lang::tr{'protocol'}'>";
+ print "<option>GRE</option>";
+ print "<option>AH</option>";
+ print "<option>ESP</option>";
+ print "<option>IGMP</option>";
+ print "<option>IPIP</option>";
+ print "<option value='IPV6'>IPv6 encap</option>";
+ print "</optgroup>";
print<<END;
</select></td></tr>
<tr><td colspan='4'><br><br></td></tr>
- <tr><td colspan='4'><hr></td></tr>
+ <tr><td colspan='4'></td></tr>
</table>
END
}
print<<END;
- <table width='100%' border='0'>
+ <table width='100%'>
<tr><td align='right'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' /><input type='hidden' name='updatesrvgrp' value='$fwhostsettings{'updatesrvgrp'}'><input type='hidden' name='oldsrvgrpremark' value='$fwhostsettings{'oldsrvgrpremark'}'><input type='hidden' name='ACTION' value='saveservicegrp' ></form><form style='display:inline;' method='post'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'></td></tr>
</table></form>
END
if(! -z $confignet){
&Header::openbox('100%', 'left', $Lang::tr{'fwhost cust net'});
&General::readhasharray("$confignet", \%customnetwork);
+ &General::readhasharray("$configgrp", \%customgrp);
+ &General::readhasharray("$fwconfigfwd", \%fwfwd);
+ &General::readhasharray("$fwconfiginp", \%fwinp);
+ &General::readhasharray("$fwconfigout", \%fwout);
+
if (!keys %customnetwork)
{
print "<center><b>$Lang::tr{'fwhost empty'}</b>";
}else{
print<<END;
- <table border='0' width='100%' cellspacing='0'>
- <tr><td align='center'><b>$Lang::tr{'name'}</b></td><td align='center'><b>$Lang::tr{'fwhost netaddress'}</b></td><td align='center'><b>$Lang::tr{'remark'}</b></td><td align='center'><b>$Lang::tr{'used'}</b></td><td></td><td width='3%'></td></tr>
+ <table width='100%' cellspacing='0' class='tbl'>
+ <tr><th align='center'><b>$Lang::tr{'name'}</b></th><th align='center'><b>$Lang::tr{'fwhost netaddress'}</b></th><th align='center'><b>$Lang::tr{'remark'}</b></th><th align='center'><b>$Lang::tr{'used'}</b></th><th></th><th width='3%'></th></tr>
END
}
my $count=0;
+ my $col='';
foreach my $key (sort {ncmp($a,$b)} keys %customnetwork) {
if ($fwhostsettings{'ACTION'} eq 'editnet' && $fwhostsettings{'HOSTNAME'} eq $customnetwork{$key}[0]) {
- print" <tr bgcolor='${Header::colouryellow}'>";
+ print" <tr>";
+ $col="bgcolor='${Header::colouryellow}'";
}elsif ($count % 2)
{
- print" <tr bgcolor='$color{'color22'}'>";
+ $col="bgcolor='$color{'color20'}'";
+ print" <tr>";
}else
{
- print" <tr bgcolor='$color{'color20'}'>";
+ $col="bgcolor='$color{'color22'}'";
+ print" <tr>";
}
my $colnet="$customnetwork{$key}[1]/".&General::subtocidr($customnetwork{$key}[2]);
- print"<td width='20%'><form method='post'>$customnetwork{$key}[0]</td><td width='15%' align='center'>".&Header::colorize($colnet)."</td><td width='40%'>$customnetwork{$key}[3]</td><td align='center'>$customnetwork{$key}[4]x</td>";
+ my $netcount=&getnetcount($customnetwork{$key}[0]);
+ print"<td width='20%' $col><form method='post'>$customnetwork{$key}[0]</td><td width='15%' align='center' $col>".&getcolor($colnet)."</td><td width='40%' $col>$customnetwork{$key}[3]</td><td align='center' $col>$netcount x</td>";
print<<END;
- <td width='1%'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} />
+ <td width='1%' $col><input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
<input type='hidden' name='ACTION' value='editnet'>
<input type='hidden' name='HOSTNAME' value='$customnetwork{$key}[0]' />
<input type='hidden' name='IP' value='$customnetwork{$key}[1]' />
<input type='hidden' name='NETREMARK' value='$customnetwork{$key}[3]' />
</td></form>
END
- if($customnetwork{$key}[4] == '0')
+ if($netcount == '0')
{
- print"<td width='1%'><form method='post'><input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} /><input type='hidden' name='ACTION' value='delnet' /><input type='hidden' name='key' value='$customnetwork{$key}[0]' /></td></form></tr>";
+ print"<td width='1%' $col><form method='post'><input type='image' src='/images/delete.gif' align='middle' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' /><input type='hidden' name='ACTION' value='delnet' /><input type='hidden' name='key' value='$customnetwork{$key}[0]' /></td></form></tr>";
}else{
- print"<td></td></tr>";
+ print"<td $col></td></tr>";
}
$count++;
}
}
}
+sub getcolor
+{
+ my $c=shift;
+ my $sip;
+ my $scidr;
+ #Check if MAC
+ if (&General::validmac($c)){ return $c;}
+
+ #Check if we got a full IP with subnet then split it
+ if($c =~ /^(.*?)\/(.*?)$/){
+ ($sip,$scidr) = split ("/",$c);
+ }else{
+ $sip=$c;
+ }
+
+ #Now check if IP is part of ORANGE,BLUE or GREEN
+ if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
+ $tdcolor="<font style='color: $Header::colourorange;'>$c</font>";
+ return $tdcolor;
+ }
+ if ( &General::IpInSubnet($sip,$netsettings{'GREEN_ADDRESS'},$netsettings{'GREEN_NETMASK'})){
+ $tdcolor="<font style='color: $Header::colourgreen;'>$c</font>";
+ return $tdcolor;
+ }
+ if ( &General::IpInSubnet($sip,$netsettings{'BLUE_ADDRESS'},$netsettings{'BLUE_NETMASK'})){
+ $tdcolor="<font style='color: $Header::colourblue;'>$c</font>";
+ return $tdcolor;
+ }
+
+ #Check if IP is part of OpenVPN N2N subnet
+ foreach my $key (sort keys %ccdhost){
+ if ($ccdhost{$key}[3] eq 'net'){
+ my ($a,$b) = split("/",$ccdhost{$key}[11]);
+ if (&General::IpInSubnet($sip,$a,$b)){
+ $tdcolor="<font style='color:$Header::colourovpn ;'>$c</font>";
+ return $tdcolor;
+ }
+ }
+ }
+
+ #Check if IP is part of OpenVPN dynamic subnet
+ my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'});
+ if (&General::IpInSubnet($sip,$a,$b)){
+ $tdcolor="<font style='color: $Header::colourovpn;'>$c</font>";
+ return $tdcolor;
+ }
+
+ #Check if IP is part of OpenVPN static subnet
+ foreach my $key (sort keys %ccdnet){
+ my ($a,$b) = split("/",$ccdnet{$key}[1]);
+ $b =&General::iporsubtodec($b);
+ if (&General::IpInSubnet($sip,$a,$b)){
+ $tdcolor="<font style='color: $Header::colourovpn;'>$c</font>";
+ return $tdcolor;
+ }
+ }
+
+ #Check if IP is part of IPsec RW network
+ if ($ipsecsettings{'RW_NET'} ne ''){
+ my ($a,$b) = split("/",$ipsecsettings{'RW_NET'});
+ $b=&General::iporsubtodec($b);
+ if (&General::IpInSubnet($sip,$a,$b)){
+ $tdcolor="<font style='color: $Header::colourvpn;'>$c</font>";
+ return $tdcolor;
+ }
+ }
+
+ #Check if IP is part of a IPsec N2N network
+ foreach my $key (sort keys %ipsecconf){
+ my ($a,$b) = split("/",$ipsecconf{$key}[11]);
+ if (&General::IpInSubnet($sip,$a,$b)){
+ $tdcolor="<font style='color: $Header::colourvpn;'>$c</font>";
+ return $tdcolor;
+ }
+ }
+ return "$c";
+}
sub viewtablehost
{
if (! -z $confighost){
&Header::openbox('100%', 'left', $Lang::tr{'fwhost cust addr'});
&General::readhasharray("$confighost", \%customhost);
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ &General::readhasharray("$configccdhost", \%ccdhost);
+ &General::readhasharray("$fwconfigfwd", \%fwfwd);
+ &General::readhasharray("$fwconfiginp", \%fwinp);
+ &General::readhasharray("$fwconfigout", \%fwout);
+ &General::readhasharray("$configgrp", \%customgrp);
if (!keys %customhost)
{
print "<center><b>$Lang::tr{'fwhost empty'}</b>";
}else{
print<<END;
- <table border='0' width='100%' cellspacing='0'>
- <tr><td align='center'><b>$Lang::tr{'name'}</b></td><td align='center'><b>$Lang::tr{'fwhost ip_mac'}</b></td><td align='center'><b>$Lang::tr{'remark'}</b></td><td align='center'><b>$Lang::tr{'used'}</b></td><td></td><td width='3%'></td></tr>
+ <table width='100%' cellspacing='0' class='tbl'>
+ <tr><th align='center'><b>$Lang::tr{'name'}</b></th><th align='center'><b>$Lang::tr{'fwhost ip_mac'}</b></th><th align='center'><b>$Lang::tr{'remark'}</b></th><th align='center'><b>$Lang::tr{'used'}</b></th><th></th><th width='3%'></th></tr>
END
}
my $count=0;
+ my $col='';
foreach my $key (sort { ncmp ($customhost{$a}[0],$customhost{$b}[0])} keys %customhost) {
if ( ($fwhostsettings{'ACTION'} eq 'edithost' || $fwhostsettings{'error'}) && $fwhostsettings{'HOSTNAME'} eq $customhost{$key}[0]) {
- print" <tr bgcolor='${Header::colouryellow}'>";
- }elsif ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}
- else{ print" <tr bgcolor='$color{'color20'}'>";}
+ print" <tr>";
+ $col="bgcolor='${Header::colouryellow}'";
+ }elsif ($count % 2){
+ print" <tr>";
+ $col="bgcolor='$color{'color20'}'";
+ }else{
+ $col="bgcolor='$color{'color22'}'";
+ print" <tr>";
+ }
my ($ip,$sub)=split(/\//,$customhost{$key}[2]);
$customhost{$key}[4]=~s/\s+//g;
- print"<td width='20%'>$customhost{$key}[0]</td><td width='20%' align='center'>".&Header::colorize($ip)."</td><td width='50%' align='left'>$customhost{$key}[3]</td><td align='center'>$customhost{$key}[4]x</td>";
+ my $hostcount=0;
+ $hostcount=&gethostcount($customhost{$key}[0]);
+ print"<td width='20%' $col>$customhost{$key}[0]</td><td width='20%' align='center' $col >".&getcolor($ip)."</td><td width='50%' align='left' $col>$customhost{$key}[3]</td><td align='center' $col>$hostcount x</td>";
print<<END;
- <td width='1%'><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} />
+ <td width='1%' $col><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
<input type='hidden' name='ACTION' value='edithost' />
<input type='hidden' name='HOSTNAME' value='$customhost{$key}[0]' />
<input type='hidden' name='IP' value='$ip' />
<input type='hidden' name='HOSTREMARK' value='$customhost{$key}[3]' />
</form></td>
END
- if($customhost{$key}[4] == '0')
+ if($hostcount == '0')
{
- print"<td width='1%'><form method='post'><input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} /><input type='hidden' name='ACTION' value='delhost' /><input type='hidden' name='key' value='$customhost{$key}[0]' /></td></form></tr>";
+ print"<td width='1%' $col><form method='post'><input type='image' src='/images/delete.gif' align='middle' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' /><input type='hidden' name='ACTION' value='delhost' /><input type='hidden' name='key' value='$customhost{$key}[0]' /></td></form></tr>";
}else{
- print"<td width='1%'></td></tr>";
+ print"<td width='1%' $col></td></tr>";
}
$count++;
}
&General::readhasharray("$configccdnet", \%ccdnet);
&General::readhasharray("$confighost", \%customhost);
&General::readhasharray("$confignet", \%customnetwork);
+ &General::readhasharray("$fwconfigfwd", \%fwfwd);
+ &General::readhasharray("$fwconfiginp", \%fwinp);
+ &General::readhasharray("$fwconfigout", \%fwout);
my @grp=();
my $helper='';
my $count=1;
my $remark;
my $number;
my $delflag;
+ my @counter;
+ my %hash;
if (!keys %customgrp)
- {
- print "<center><b>$Lang::tr{'fwhost empty'}</b>";
+ {
+ print "<center><b>$Lang::tr{'fwhost err emptytable'}</b>";
}else{
- foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } sort { ncmp ($customgrp{$a}[2],$customgrp{$b}[2]) } keys %customgrp){
+ #get all groups in a hash
+ foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } sort { ncmp($customgrp{$a}[2],$customgrp{$b}[2]) } keys %customgrp){
+ push (@counter,$customgrp{$key}[0]);
+ }
+ foreach my $key1 (@counter) {
+ $hash{$key1}++ ;
+ }
+ foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } sort { ncmp($customgrp{$a}[2],$customgrp{$b}[2]) } keys %customgrp){
$count++;
if ($helper ne $customgrp{$key}[0]){
$delflag='0';
}
}
$number=1;
- if ($customgrp{$key}[2] eq "none"){$customgrp{$key}[2]=$Lang::tr{'fwhost empty'};}
+ if ($customgrp{$key}[2] eq "none"){$customgrp{$key}[2]=$Lang::tr{'fwhost err emptytable'};}
$grpname=$customgrp{$key}[0];
$remark="$customgrp{$key}[1]";
- if($count gt 2){ print"</table>";}
+ if($count gt 1){ print"</table>";$count=1;}
print "<br><b><u>$grpname</u></b> ";
print " <b>$Lang::tr{'remark'}:</b>  $remark   " if ($remark ne '');
- print "<b>$Lang::tr{'used'}:</b> $customgrp{$key}[4]x";
- if($customgrp{$key}[4] == '0')
+ my $netgrpcount=&getnetcount($grpname);
+ print "<b>$Lang::tr{'used'}:</b> $netgrpcount x";
+ if($netgrpcount == '0')
{
- print"<form method='post' style='display:inline'><input type='image' src='/images/delete.gif' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} align='right' /><input type='hidden' name='grp_name' value='$grpname' ><input type='hidden' name='ACTION' value='delgrp'></form>";
+ print"<form method='post' style='display:inline'><input type='image' src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' align='right' /><input type='hidden' name='grp_name' value='$grpname' ><input type='hidden' name='ACTION' value='delgrp'></form>";
}
- print"<form method='post' style='display:inline'><input type='image' src='/images/edit.gif' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} align='right' /><input type='hidden' name='grp_name' value='$grpname' ><input type='hidden' name='remark' value='$remark' ><input type='hidden' name='ACTION' value='editgrp'></form>";
- print"<table width='100%' style='border: 1px solid #CCCCCC;' rules='none' cellspacing='0'><tr><td align='center'><b>Name</b></td><td align='center'><b>$Lang::tr{'ip address'}</b></td><td align='center' width='25%'><b>$Lang::tr{'fwhost type'}</td><td></td></tr>";
+ print"<form method='post' style='display:inline'><input type='image' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' align='right' /><input type='hidden' name='grp_name' value='$grpname' ><input type='hidden' name='remark' value='$remark' ><input type='hidden' name='ACTION' value='editgrp'></form>";
+ print"<table width='100%' cellspacing='0' class='tbl'><tr><th align='center'><b>$Lang::tr{'name'}</b></th><th align='center'><b>$Lang::tr{'fwhost ip_mac'}</b></th><th align='center' width='25%'><b>$Lang::tr{'fwhost type'}</th><th></th></tr>";
}
-
+ my $col='';
if ( ($fwhostsettings{'ACTION'} eq 'editgrp' || $fwhostsettings{'update'} ne '') && $fwhostsettings{'grp_name'} eq $customgrp{$key}[0]) {
- print" <tr bgcolor='${Header::colouryellow}'>";
+ print" <tr>";
+ $col="bgcolor='${Header::colouryellow}'";
}elsif ($count %2 == 0){
- print"<tr bgcolor='$color{'color22'}'>";
+ print"<tr>";
+ $col="bgcolor='$color{'color20'}'";
}else{
- print"<tr bgcolor='$color{'color20'}'>";
+ print"<tr>";
+ $col="bgcolor='$color{'color22'}'";
}
my $ip=&getipforgroup($customgrp{$key}[2],$customgrp{$key}[3]);
- if ($ip eq ''){print"<tr bgcolor='${Header::colouryellow}'>";}
- print "<td width='39%' align='left'>";
+ if ($ip eq ''){
+ print"<tr>";
+ $col="bgcolor='${Header::colouryellow}'";
+ }
+ print "<td width='39%' align='left' $col>";
if($customgrp{$key}[3] eq 'Standard Network'){
print &get_name($customgrp{$key}[2])."</td>";
}else{
print "$customgrp{$key}[2]</td>";
}
- if ($ip eq '' && $customgrp{$key}[2] ne $Lang::tr{'fwhost empty'}){
- print "<td align='center'>$Lang::tr{'fwhost deleted'}</td><td align='center'>$customgrp{$key}[3]</td><td width='1%'><form method='post'>";
+ if ($ip eq '' && $customgrp{$key}[2] ne $Lang::tr{'fwhost err emptytable'}){
+ print "<td align='center' $col>$Lang::tr{'fwhost deleted'}</td><td align='center' $col>$customgrp{$key}[3]</td><td width='1%' $col><form method='post'>";
}else{
my ($colip,$colsub) = split("/",$ip);
$ip="$colip/".&General::subtocidr($colsub) if ($colsub);
- print"<td align='center'>".&Header::colorize($ip)."</td><td align='center'>$customgrp{$key}[3]</td><td width='1%'><form method='post'>";
- }
- if ($delflag > '1' && $ip ne ''){
- print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
+ print"<td align='center' $col>".&getcolor($ip)."</td><td align='center' $col>$customgrp{$key}[3]</td><td width='1%' $col><form method='post'>";
+ }
+ if ($delflag > 0 && $ip ne ''){
+ print"<input type='image' src='/images/delete.gif' align='middle' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' />";
+ #check if this group has only one entry
+ foreach my $key2 (keys %hash) {
+ if ($hash{$key2}<2 && $key2 eq $customgrp{$key}[0]){
+ print "<input type='hidden' name='last' value='on'>" ;
+ }
+ }
}
print"<input type='hidden' name='ACTION' value='deletegrphost'><input type='hidden' name='grpcnt' value='$customgrp{$key}[4]'><input type='hidden' name='update' value='$fwhostsettings{'update'}'><input type='hidden' name='delhost' value='$grpname,$remark,$customgrp{$key}[2],$customgrp{$key}[3]'></form></td></tr>";
$number++;
}
print"</table>";
-
}
&Header::closebox();
}
sub viewtableservice
{
my $count=0;
+ my $srvcount;
if(! -z "$configsrv")
{
&Header::openbox('100%', 'left', $Lang::tr{'fwhost services'});
&General::readhasharray("$configsrv", \%customservice);
+ &General::readhasharray("$configsrvgrp", \%customservicegrp);
+ &General::readhasharray("$fwconfigfwd", \%fwfwd);
+ &General::readhasharray("$fwconfiginp", \%fwinp);
+ &General::readhasharray("$fwconfigout", \%fwout);
print<<END;
- <table width='100%' border='0' cellspacing='0'>
- <tr><td align='center'><b>$Lang::tr{'fwhost srv_name'}</b></td><td align='center'><b>$Lang::tr{'fwhost prot'}</b></td><td align='center'><b>$Lang::tr{'fwhost port'}</b></td><td align='center'><b>ICMP</b></td><td align='center'><b>$Lang::tr{'fwhost used'}</b></td><td></td><td width='3%'></td></tr>
+ <table width='100%' cellspacing='0' class='tbl'>
+ <tr><th align='center'><b>$Lang::tr{'fwhost srv_name'}</b></th><th align='center'><b>$Lang::tr{'fwhost prot'}</b></th><th align='center'><b>$Lang::tr{'fwhost port'}</b></th><th align='center'><b>ICMP</b></th><th align='center'><b>$Lang::tr{'fwhost used'}</b></th><th></th><th width='3%'></th></tr>
END
+ my $col='';
foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0])} keys %customservice)
{
$count++;
if ( ($fwhostsettings{'updatesrv'} eq 'on' || $fwhostsettings{'error'}) && $fwhostsettings{'SRV_NAME'} eq $customservice{$key}[0]) {
- print" <tr bgcolor='${Header::colouryellow}'>";
- }elsif ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}else{ print" <tr bgcolor='$color{'color20'}'>";}
+ print" <tr>";
+ $col="bgcolor='${Header::colouryellow}'";
+ }elsif ($count % 2){
+ print" <tr>";
+ $col="bgcolor='$color{'color22'}'";
+ }else{
+ print" <tr>";
+ $col="bgcolor='$color{'color20'}'";
+ }
print<<END;
- <td>$customservice{$key}[0]</td><td align='center'>$customservice{$key}[2]</td><td align='center'>$customservice{$key}[1]</td><td align='center'>
+ <td $col>$customservice{$key}[0]</td><td align='center' $col>$customservice{$key}[2]</td><td align='center' $col>$customservice{$key}[1]</td><td align='center' $col>
END
- if($customservice{$key}[3] ne 'BLANK'){print $customservice{$key}[3];}
-
+ #Neuer count
+ $srvcount=&getsrvcount($customservice{$key}[0]);
+ if($customservice{$key}[3] eq 'All ICMP-Types'){print $Lang::tr{'fwdfw all icmp'};}
+ elsif($customservice{$key}[3] ne 'BLANK'){print $customservice{$key}[3];}
print<<END;
- </td><td align='center'>$customservice{$key}[4]x</td>
- <td width='1%'><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} /><input type='hidden' name='ACTION' value='editservice' />
+ </td><td align='center' $col>$srvcount x</td>
+ <td width='1%' $col><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' /><input type='hidden' name='ACTION' value='editservice' />
<input type='hidden' name='SRV_NAME' value='$customservice{$key}[0]' />
<input type='hidden' name='SRV_PORT' value='$customservice{$key}[1]' />
- <input type='hidden' name='PROT' value='$customservice{$key}[2]' /></form></td>
+ <input type='hidden' name='PROT' value='$customservice{$key}[2]' />
+ <input type='hidden' name='ICMP' value='$customservice{$key}[3]' /></form></td>
END
- if ($customservice{$key}[4] eq '0')
+ if ($srvcount eq '0')
{
- print"<td width='1%'><form method='post'><input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} /><input type='hidden' name='ACTION' value='delservice' /><input type='hidden' name='SRV_NAME' value='$customservice{$key}[0]'></td></tr></form>";
+ print"<td width='1%' $col><form method='post'><input type='image' src='/images/delete.gif' align='middle' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' /><input type='hidden' name='ACTION' value='delservice' /><input type='hidden' name='SRV_NAME' value='$customservice{$key}[0]'></td></tr></form>";
}else{
- print"<td></td></tr>";
+ print"<td $col></td></tr>";
}
}
print"</table>";
my $grpname;
my $remark;
my $helper;
+ my $helper1;
my $port;
my $protocol;
my $delflag;
+ my $grpcount=0;
+ my $col='';
+ my $lastentry=0;
+ my @counter;
+ my %hash;
if (! -z $configsrvgrp){
&Header::openbox('100%', 'left', $Lang::tr{'fwhost cust srvgrp'});
&General::readhasharray("$configsrvgrp", \%customservicegrp);
&General::readhasharray("$configsrv", \%customservice);
+ &General::readhasharray("$fwconfigfwd", \%fwfwd);
+ &General::readhasharray("$fwconfiginp", \%fwinp);
+ &General::readhasharray("$fwconfigout", \%fwout);
my $number= keys %customservicegrp;
- foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){
+ foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } sort { ncmp($customservicegrp{$a}[2],$customservicegrp{$b}[2]) }keys %customservicegrp){
+ push (@counter,$customservicegrp{$key}[0]);
+ }
+ foreach my $key1 (@counter) {
+ $hash{$key1}++ ;
+ }
+ foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } sort { ncmp($customservicegrp{$a}[2],$customservicegrp{$b}[2]) }keys %customservicegrp){
$count++;
if ($helper ne $customservicegrp{$key}[0]){
+ #Get used groupcounter
+ $grpcount=&getsrvcount($customservicegrp{$key}[0]);
$delflag=0;
foreach my $key1 (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } sort { ncmp($customservicegrp{$a}[2],$customservicegrp{$b}[2]) } keys %customservicegrp){
if ($customservicegrp{$key}[0] eq $customservicegrp{$key1}[0])
}
$grpname=$customservicegrp{$key}[0];
if ($customservicegrp{$key}[2] eq "none"){
- $customservicegrp{$key}[2]=$Lang::tr{'fwhost empty'};
+ $customservicegrp{$key}[2]=$Lang::tr{'fwhost err emptytable'};
$port='';
$protocol='';
}
$remark="$customservicegrp{$key}[1]";
- if($count >=2){print"</table>";}
+ if($count >0){print"</table>";$count=1;}
print "<br><b><u>$grpname</u></b> ";
print "<b>$Lang::tr{'remark'}:</b> $remark " if ($remark ne '');
- print " <b>$Lang::tr{'used'}:</b> $customservicegrp{$key}[3]x";
- if($customservicegrp{$key}[3] == '0')
+ print " <b>$Lang::tr{'used'}:</b> $grpcount x";
+ if($grpcount == '0')
{
- print"<form method='post' style='display:inline'><input type='image' src='/images/delete.gif' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} align='right' /><input type='hidden' name='SRVGRP_NAME' value='$grpname' ><input type='hidden' name='ACTION' value='delservicegrp'></form>";
+ print"<form method='post' style='display:inline'><input type='image' src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' align='right' /><input type='hidden' name='SRVGRP_NAME' value='$grpname' ><input type='hidden' name='ACTION' value='delservicegrp'></form>";
}
- print"<form method='post' style='display:inline'><input type='image' src='/images/edit.gif' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} align='right' /><input type='hidden' name='SRVGRP_NAME' value='$grpname' ><input type='hidden' name='SRVGRP_REMARK' value='$remark' ><input type='hidden' name='ACTION' value='editservicegrp'></form>";
- print"<table width='100%' style='border: 1px solid #CCCCCC;' rules='none' cellspacing='0'><tr><td align='center'><b>Name</b></td><td align='center'><b>$Lang::tr{'port'}</b></td><td align='center' width='25%'><b>$Lang::tr{'fwhost prot'}</td><td></td></tr>";
+ print"<form method='post' style='display:inline'><input type='image' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' align='right' /><input type='hidden' name='SRVGRP_NAME' value='$grpname' ><input type='hidden' name='SRVGRP_REMARK' value='$remark' ><input type='hidden' name='ACTION' value='editservicegrp'></form>";
+ print"<table width='100%' cellspacing='0' class='tbl'><tr><th align='center'><b>Name</b></th><th align='center'><b>$Lang::tr{'port'}</b></th><th align='center' width='25%'><b>$Lang::tr{'fwhost prot'}</th><th></th></tr>";
}
if( $fwhostsettings{'SRVGRP_NAME'} eq $customservicegrp{$key}[0]) {
- print" <tr bgcolor='${Header::colouryellow}'>";
+ print"<tr>";
+ $col="bgcolor='${Header::colouryellow}'";
}elsif ($count %2 == 0){
- print"<tr bgcolor='$color{'color22'}'>";
+ print"<tr>";
+ $col="bgcolor='$color{'color20'}'";
}else{
- print"<tr bgcolor='$color{'color20'}'>";
- }
- print "<td width='39%'>$customservicegrp{$key}[2]</td>";
+ print"<tr>";
+ $col="bgcolor='$color{'color22'}'";
+ }
+ #make lines yellow if it is a dummy entry
+ if ($customservicegrp{$key}[2] eq $Lang::tr{'fwhost err emptytable'}){
+ print"<tr>";
+ $col="bgcolor='${Header::colouryellow}'";
+ }
+ #Set fields if we use protocols in servicegroups
+ if ($customservicegrp{$key}[2] ne 'TCP' || $customservicegrp{$key}[2] ne 'UDP' || $customservicegrp{$key}[2] ne 'ICMP'){
+ $port='-';
+ }
+ if ($customservicegrp{$key}[2] eq 'GRE'){$protocol='GRE';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} GRE";}
+ if ($customservicegrp{$key}[2] eq 'ESP'){$protocol='ESP';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} ESP";}
+ if ($customservicegrp{$key}[2] eq 'AH'){$protocol='AH';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} AH";}
+ if ($customservicegrp{$key}[2] eq 'IGMP'){$protocol='IGMP';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} IGMP";}
+ if ($customservicegrp{$key}[2] eq 'IPIP'){$protocol='IPIP';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} IPIP";}
+ if ($customservicegrp{$key}[2] eq 'IPV6'){$protocol='IPV6';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} IPv6 encapsulation";}
+ print "<td width='39%' $col>$customservicegrp{$key}[2]</td>";
foreach my $srv (sort keys %customservice){
if ($customservicegrp{$key}[2] eq $customservice{$srv}[0]){
$protocol=$customservice{$srv}[2];
last;
}
}
- print"<td align='center'>$port</td><td align='center'>$protocol</td><td width='1%'><form method='post'>";
- if ($number gt '1'){
- print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
+ print"<td align='center' $col>$port</td><td align='center' $col>$protocol</td><td width='1%' $col><form method='post'>";
+ if ($delflag gt '0'){
+ if ($customservicegrp{$key}[2] ne $Lang::tr{'fwhost err emptytable'}){
+ print"<input type='image' src='/images/delete.gif' align='middle' alt='$Lang::tr{'delete'}' title=$Lang::tr{'delete'} />";
+ }
+ #check if this group has only one entry
+ foreach my $key2 (keys %hash) {
+ if ($hash{$key2}<2 && $key2 eq $customservicegrp{$key}[0]){
+ print "<input type='hidden' name='last' value='on'>" ;
+ }
+ }
+ }
+ print"<input type='hidden' name='ACTION' value='delgrpservice'><input type='hidden' name='updatesrvgrp' value='$fwhostsettings{'updatesrvgrp'}'>";
+ if($protocol eq 'TCP' || $protocol eq 'UDP' || $protocol eq 'ICMP'){
+ print "<input type='hidden' name='delsrvfromgrp' value='$grpname,$remark,$customservicegrp{$key}[2]'></form></td></tr>";
+ }else{
+ print "<input type='hidden' name='delsrvfromgrp' value='$grpname,$remark,$protocol'></form></td></tr>";
}
- print"<input type='hidden' name='ACTION' value='delgrpservice'><input type='hidden' name='updatesrvgrp' value='$fwhostsettings{'updatesrvgrp'}'><input type='hidden' name='delsrvfromgrp' value='$grpname,$remark,$customservicegrp{$key}[2],$customservicegrp{$key}[3]'></form></td></tr>";
$helper=$customservicegrp{$key}[0];
}
print"</table>";
return 1;
}
+sub checkgroup
+{
+ &General::readhasharray("$configgrp", \%customgrp );
+ my $name=shift;
+ foreach my $key (keys %customservicegrp) {
+ if($customservicegrp{$key}[0] eq $name){
+ return 0;
+ }
+ }
+ return 1;
+}
+sub checkservice
+{
+ &General::readhasharray("$configsrv", \%customservice );
+ my $name=shift;
+ foreach my $key (keys %customservice) {
+ if($customservice{$key}[0] eq $name){
+ return 0;
+ }
+ }
+ return 1;
+}
sub checkip
{
sub checkservicegroup
{
&General::readhasharray("$configsrvgrp", \%customservicegrp);
-
-
#check name
if ( ! &validhostname($fwhostsettings{'SRVGRP_NAME'}))
{
}
return $errormessage;
}
+sub checkrulereload
+{
+ my $search=shift;
+ &General::readhasharray("$fwconfigfwd", \%fwfwd);
+ &General::readhasharray("$fwconfiginp", \%fwinp);
+ &General::readhasharray("$fwconfigout", \%fwout);
+
+ #check if service or servicegroup is used in rules
+ foreach my $key (keys %fwfwd){
+ if($search eq $fwfwd{$key}[15]){
+ &General::firewall_config_changed();
+ return;
+ }
+ }
+ foreach my $key (keys %fwinp){
+ if($search eq $fwinp{$key}[15]){
+ &General::firewall_config_changed();
+ return;
+ }
+ }
+ foreach my $key (keys %fwout){
+ if($search eq $fwout{$key}[15]){
+ &General::firewall_config_changed();
+ return;
+ }
+ }
+}
sub error
{
if ($errormessage) {
return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
}
}
+sub gethostcount
+{
+ my $searchstring=shift;
+ my $srvcounter=0;
+ #Count services used in servicegroups
+ foreach my $key (keys %customgrp) {
+ if($customgrp{$key}[2] eq $searchstring){
+ $srvcounter++;
+ }
+ }
+ #Count services used in firewall - config
+ foreach my $key1 (keys %fwfwd) {
+ if($fwfwd{$key1}[4] eq $searchstring){
+ $srvcounter++;
+ }
+ if($fwfwd{$key1}[6] eq $searchstring){
+ $srvcounter++;
+ }
+ }
+ #Count services used in firewall - input
+ foreach my $key2 (keys %fwinp) {
+ if($fwinp{$key2}[4] eq $searchstring){
+ $srvcounter++;
+ }
+ if($fwinp{$key2}[6] eq $searchstring){
+ $srvcounter++;
+ }
+ }
+ #Count services used in firewall - outgoing
+ foreach my $key3 (keys %fwout) {
+ if($fwout{$key3}[4] eq $searchstring){
+ $srvcounter++;
+ }
+ if($fwout{$key3}[6] eq $searchstring){
+ $srvcounter++;
+ }
+ }
+ return $srvcounter;
+}
+sub getnetcount
+{
+ my $searchstring=shift;
+ my $srvcounter=0;
+ #Count services used in servicegroups
+ foreach my $key (keys %customgrp) {
+ if($customgrp{$key}[2] eq $searchstring){
+ $srvcounter++;
+ }
+ }
+ #Count services used in firewall - config
+ foreach my $key1 (keys %fwfwd) {
+ if($fwfwd{$key1}[4] eq $searchstring){
+ $srvcounter++;
+ }
+ if($fwfwd{$key1}[6] eq $searchstring){
+ $srvcounter++;
+ }
+ }
+ #Count services used in firewall - input
+ foreach my $key2 (keys %fwinp) {
+ if($fwinp{$key2}[4] eq $searchstring){
+ $srvcounter++;
+ }
+ if($fwinp{$key2}[6] eq $searchstring){
+ $srvcounter++;
+ }
+ }
+ #Count services used in firewall - outgoing
+ foreach my $key3 (keys %fwout) {
+ if($fwout{$key3}[4] eq $searchstring){
+ $srvcounter++;
+ }
+ if($fwout{$key3}[6] eq $searchstring){
+ $srvcounter++;
+ }
+ }
+ return $srvcounter;
+}
+sub getsrvcount
+{
+ my $searchstring=shift;
+ my $srvcounter=0;
+ #Count services used in servicegroups
+ foreach my $key (keys %customservicegrp) {
+ if($customservicegrp{$key}[2] eq $searchstring){
+ $srvcounter++;
+ }
+ }
+ #Count services used in firewall - config
+ foreach my $key1 (keys %fwfwd) {
+ if($fwfwd{$key1}[15] eq $searchstring){
+ $srvcounter++;
+ }
+ }
+ #Count services used in firewall - input
+ foreach my $key2 (keys %fwinp) {
+ if($fwinp{$key2}[15] eq $searchstring){
+ $srvcounter++;
+ }
+ }
+ #Count services used in firewall - outgoing
+ foreach my $key3 (keys %fwout) {
+ if($fwout{$key3}[15] eq $searchstring){
+ $srvcounter++;
+ }
+ }
+ return $srvcounter;
+}
sub deletefromgrp
{
my $target=shift;
my %hash=();
&General::readhasharray("$config",\%hash);
foreach my $key (keys %hash) {
- $errormessage.="lese $hash{$key}[2] und $target<br>";
if($hash{$key}[2] eq $target){
-
delete $hash{$key};
- $errormessage.="Habe $target aus Gruppe gelöscht!<br>";
}
}
&General::writehasharray("$config",\%hash);
}
}
}
-sub rules
-{
- if (!-f "${General::swroot}/fwhosts/reread"){
- system("touch ${General::swroot}/fwhosts/reread");
- system("touch ${General::swroot}/forward/reread");
- }
-}
-sub reread_rules
-{
- system ("/usr/local/bin/forwardfwctrl");
- if ( -f "${General::swroot}/fwhosts/reread"){
- system("rm ${General::swroot}/fwhosts/reread");
- system("rm ${General::swroot}/forward/reread");
- }
-
-}
sub decrease
{
my $grp=$_[0];
&General::writehasharray("$configsrv", \%customservice);
}
+sub changenameinfw
+{
+ my $old=shift;
+ my $new=shift;
+ my $fld=shift;
+ &General::readhasharray("$fwconfigfwd", \%fwfwd);
+ &General::readhasharray("$fwconfiginp", \%fwinp);
+ &General::readhasharray("$fwconfigout", \%fwout);
+ #Rename group in Firewall-CONFIG
+ foreach my $key1 (keys %fwfwd) {
+ if($fwfwd{$key1}[$fld] eq $old){
+ $fwfwd{$key1}[$fld]=$new;
+ }
+ }
+ &General::writehasharray("$fwconfigfwd", \%fwfwd );
+ #Rename group in Firewall-INPUT
+ foreach my $key2 (keys %fwinp) {
+ if($fwinp{$key2}[$fld] eq $old){
+ $fwinp{$key2}[$fld]=$new;
+ }
+ }
+ &General::writehasharray("$fwconfiginp", \%fwinp );
+ #Rename group in Firewall-OUTGOING
+ foreach my $key3 (keys %fwout) {
+ if($fwout{$key3}[$fld] eq $old){
+ $fwout{$key3}[$fld]=$new;
+ }
+ }
+ &General::writehasharray("$fwconfigout", \%fwout );
+}
sub checkports
{