###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2013 #
+# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
-# Author: Alexander Marx (amarx@ipfire.org) #
-###############################################################################
use strict;
# enable only the following on debugging purpose
my %ipsecsettings=();
my %fwfwd=();
my %fwinp=();
+my %ovpnsettings=();
+
my $errormessage;
my $hint;
my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
my $fwconfigfwd = "${General::swroot}/forward/config";
my $fwconfiginp = "${General::swroot}/forward/input";
+my $configovpn = "${General::swroot}/ovpn/settings";
+my $tdcolor='';
+my $configipsecrw = "${General::swroot}/vpn/settings";
unless (-e $confignet) { system("touch $confignet"); }
unless (-e $confighost) { system("touch $confighost"); }
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
&General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
+&General::readhash("$configovpn", \%ovpnsettings);
+&General::readhasharray("$configipsec", \%ipsecconf);
+&General::readhash("$configipsecrw", \%ipsecsettings);
+
&Header::getcgihash(\%fwhostsettings);
&Header::showhttpheaders();
\$('#' + id).prop("checked", true);
});
});
+function toggle_elements( id ) {
+ if(document.getElementById(id).style.display== "none")
+ {
+ document.getElementById(id).style.display='block';
+ }
+ else{
+ document.getElementById(id).style.display='none';
+ }
+ return true;
+}
+function hide_elements(){
+ var elementNames = hide_elements.arguments;
+ for (var i=0; i<elementNames.length; i++)
+ {
+ var elementName = elementNames[i];
+ document.getElementById(elementName).style.display='none';
+ }
+}
+function getdropdown(){
+ d = document.getElementById("PROT").value;
+ if ( d == 'ICMP' )
+ {
+ document.getElementById('PROTOKOLL').style.display='block';
+ }
+ else
+ {
+ document.getElementById('PROTOKOLL').style.display='none';
+ }
+ if(document.getElementById('PROTOKOLL').style.display== "block" )
+ {
+ document.getElementById('PORT').style.display='none';
+ }
+ if(document.getElementById('PROTOKOLL').style.display== "none" )
+ {
+ document.getElementById('PORT').style.display='block';
+ }
+}
</script>
END
$fwhostsettings{'ICMP_TYPES'}='BLANK';
}
my $key1 = &General::findhasharraykey(\%customservice);
+ #find out short ICMP-TYPE
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ foreach my $key (keys %icmptypes){
+ if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwhostsettings{'ICMP_TYPES'}){
+ $fwhostsettings{'ICMP_TYPES'}=$icmptypes{$key}[0];
+ }
+ }
foreach my $i (0 .. 4) { $customservice{$key1}[$i] = "";}
$customservice{$key1}[0] = $fwhostsettings{'SRV_NAME'};
$customservice{$key1}[1] = $fwhostsettings{'SRV_PORT'};
if($count gt 0 && $fwhostsettings{'oldsrvprot'} ne $fwhostsettings{'PROT'} ){
$needrules='on';
}
+ if($count gt 0 && $fwhostsettings{'oldsrvicmp'} ne $fwhostsettings{'ICMP'} ){
+ $needrules='on';
+ }
$fwhostsettings{'SRV_NAME'} = '';
$fwhostsettings{'SRV_PORT'} = '';
$fwhostsettings{'PROT'} = '';
+ $fwhostsettings{'ICMP'} = '';
+ $fwhostsettings{'oldsrvicmp'} = '';
}else{
$fwhostsettings{'SRV_NAME'} = $fwhostsettings{'oldsrvname'};
$fwhostsettings{'SRV_PORT'} = $fwhostsettings{'oldsrvport'};
$fwhostsettings{'PROT'} = $fwhostsettings{'oldsrvprot'};
+ $fwhostsettings{'ICMP'} = $fwhostsettings{'oldsrvicmp'};
$fwhostsettings{'updatesrv'}= 'on';
}
+ $fwhostsettings{'updatesrv'} = '';
if($needrules eq 'on'){
&rules;
}
&General::readhasharray("$confighost", \%customhost);
#check name
if (!&validhostname($grp)){$errormessage.=$Lang::tr{'fwhost err name'};}
+ #check existing name
+ if (!checkgroup(\%customgrp,$grp) && $fwhostsettings{'update'} ne 'on'){$errormessage.=$Lang::tr{'fwhost err grpexist'};}
#check remark
if ($rem ne '' && !&validremark($rem) && $fwhostsettings{'update'} ne 'on'){
$errormessage.=$Lang::tr{'fwhost err remark'};
$fwhostsettings{'oldsrvname'} = $fwhostsettings{'SRV_NAME'};
$fwhostsettings{'oldsrvport'} = $fwhostsettings{'SRV_PORT'};
$fwhostsettings{'oldsrvprot'} = $fwhostsettings{'PROT'};
+ $fwhostsettings{'oldsrvicmp'} = $fwhostsettings{'ICMP'};
}
print<<END;
<table width='100%' border='0'><form method='post'>
<tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost srv_name'}:</td><td><input type='text' name='SRV_NAME' id='textbox1' value='$fwhostsettings{'SRV_NAME'}' size='24'><script>document.getElementById('textbox1').focus()</script></td></tr>
- <tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost prot'}:</td><td><select name='PROT'>
+ <tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost prot'}:</td><td><select name='PROT' id='PROT' onchange="getdropdown()">
END
foreach ("TCP","UDP","ICMP")
{
}
}
print<<END;
- </select></td></tr>
- <tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td><select name='ICMP_TYPES'>
+ </select></td></tr></table>
+ <div id='PROTOKOLL' class='noscript'><table width=100%' border='0'><tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td><select name='ICMP_TYPES'>
END
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
print"<option>All ICMP-Types</option>";
foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
- print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ if ($icmptypes{$key}[0] eq $fwhostsettings{'oldsrvicmp'}){
+ print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }else{
+ print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }
}
-
print<<END;
- </select></td></tr>
- <tr><td width='10%'>$Lang::tr{'fwhost port'}:</td><td><input type='text' name='SRV_PORT' value='$fwhostsettings{'SRV_PORT'}' maxlength='11' size='24'></td></tr>
- <tr><td colspan='6'><br><hr></td></tr>
+ </select></td></tr></table></div>
+ <div id='PORT' class='noscript'><table width='100%' border='0'><tr><td width='10%'>$Lang::tr{'fwhost port'}:</td><td><input type='text' name='SRV_PORT' value='$fwhostsettings{'SRV_PORT'}' maxlength='11' size='24'></td></tr></table></div>
+ <table width='100%' border='0'><tr><td colspan='6'><br><hr></td></tr>
<tr><td colspan='6' align='right'>
END
if ($fwhostsettings{'updatesrv'} eq 'on')
<input type='hidden' name='ACTION' value='updateservice'>
<input type='hidden' name='oldsrvname' value='$fwhostsettings{'oldsrvname'}'>
<input type='hidden' name='oldsrvport' value='$fwhostsettings{'oldsrvport'}'>
- <input type='hidden' name='oldsrvprot' value='$fwhostsettings{'oldsrvprot'}'></form>
+ <input type='hidden' name='oldsrvprot' value='$fwhostsettings{'oldsrvprot'}'>
+ <input type='hidden' name='oldsrvicmp' value='$fwhostsettings{'oldsrvicmp'}'>
+ </form>
END
}else{
END
+ if ($fwhostsettings{'PROT'} ne 'ICMP'){
+ print"<script language='JavaScript'>hide_elements('PROTOKOLL');</script>";
+ }
&Header::closebox();
&viewtableservice;
}
}
}
+sub getcolor
+{
+ my $c=shift;
+ #Check if IP is part of OpenVPN N2N subnet
+ foreach my $key (sort keys %ccdhost){
+ if ($ccdhost{$key}[3] eq 'net'){
+ my ($a,$b) = split("/",$ccdhost{$key}[11]);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='color:$Header::colourovpn ;'";
+ return $tdcolor;
+ }
+ }
+ }
+ #Check if IP is part of OpenVPN dynamic subnet
+ my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'});
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='color: $Header::colourovpn;'";
+ return $tdcolor;
+ }
+ #Check if IP is part of OpenVPN static subnet
+ foreach my $key (sort keys %ccdnet){
+ my ($a,$b) = split("/",$ccdnet{$key}[1]);
+ $b =&General::iporsubtodec($b);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='color: $Header::colourovpn;'";
+ return $tdcolor;
+ }
+ }
+ #Check if IP is part of IPsec RW network
+ if ($ipsecsettings{'RW_NET'} ne ''){
+ my ($a,$b) = split("/",$ipsecsettings{'RW_NET'});
+ $b=&General::iporsubtodec($b);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='color: $Header::colourvpn;'";
+ return $tdcolor;
+ }
+ }
+ #Check if IP is part of a IPsec N2N network
+ foreach my $key (sort keys %ipsecconf){
+ my ($a,$b) = split("/",$ipsecconf{$key}[11]);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='color: $Header::colourvpn;'";
+ return $tdcolor;
+ }
+ }
+ $tdcolor='';
+ return $tdcolor;
+}
sub viewtablehost
{
if (! -z $confighost){
&Header::openbox('100%', 'left', $Lang::tr{'fwhost cust addr'});
&General::readhasharray("$confighost", \%customhost);
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ &General::readhasharray("$configccdhost", \%ccdhost);
if (!keys %customhost)
{
print "<center><b>$Lang::tr{'fwhost empty'}</b>";
else{ print" <tr bgcolor='$color{'color20'}'>";}
my ($ip,$sub)=split(/\//,$customhost{$key}[2]);
$customhost{$key}[4]=~s/\s+//g;
- print"<td width='20%'>$customhost{$key}[0]</td><td width='20%' align='center'>".&Header::colorize($ip)."</td><td width='50%' align='left'>$customhost{$key}[3]</td><td align='center'>$customhost{$key}[4]x</td>";
+ print"<td width='20%'>$customhost{$key}[0]</td><td width='20%' align='center' ".&getcolor($ip).">".&Header::colorize($ip)."</td><td width='50%' align='left'>$customhost{$key}[3]</td><td align='center'>$customhost{$key}[4]x</td>";
print<<END;
<td width='1%'><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} />
<input type='hidden' name='ACTION' value='edithost' />
my $delflag;
if (!keys %customgrp)
{
- print "<center><b>$Lang::tr{'fwhost empty'}</b>";
+ print "<center><b>$Lang::tr{'fwhost err emptytable'}</b>";
}else{
- foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } sort { ncmp ($customgrp{$a}[2],$customgrp{$b}[2]) } keys %customgrp){
+ foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } sort { ncmp($customgrp{$a}[2],$customgrp{$b}[2]) } keys %customgrp){
$count++;
if ($helper ne $customgrp{$key}[0]){
$delflag='0';
}
}
$number=1;
- if ($customgrp{$key}[2] eq "none"){$customgrp{$key}[2]=$Lang::tr{'fwhost empty'};}
+ if ($customgrp{$key}[2] eq "none"){$customgrp{$key}[2]=$Lang::tr{'fwhost err emptytable'};}
$grpname=$customgrp{$key}[0];
$remark="$customgrp{$key}[1]";
- if($count gt 2){ print"</table>";}
+ if($count gt 1){ print"</table>";}
print "<br><b><u>$grpname</u></b> ";
print " <b>$Lang::tr{'remark'}:</b>  $remark   " if ($remark ne '');
print "<b>$Lang::tr{'used'}:</b> $customgrp{$key}[4]x";
}else{
print "$customgrp{$key}[2]</td>";
}
- if ($ip eq '' && $customgrp{$key}[2] ne $Lang::tr{'fwhost empty'}){
+ if ($ip eq '' && $customgrp{$key}[2] ne $Lang::tr{'fwhost err emptytable'}){
print "<td align='center'>$Lang::tr{'fwhost deleted'}</td><td align='center'>$customgrp{$key}[3]</td><td width='1%'><form method='post'>";
}else{
my ($colip,$colsub) = split("/",$ip);
$ip="$colip/".&General::subtocidr($colsub) if ($colsub);
- print"<td align='center'>".&Header::colorize($ip)."</td><td align='center'>$customgrp{$key}[3]</td><td width='1%'><form method='post'>";
+ print"<td align='center' ".&getcolor($colip).">".&Header::colorize($ip)."</td><td align='center'>$customgrp{$key}[3]</td><td width='1%'><form method='post'>";
}
if ($delflag > '1' && $ip ne ''){
print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
$number++;
}
print"</table>";
-
}
&Header::closebox();
}
<td width='1%'><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} /><input type='hidden' name='ACTION' value='editservice' />
<input type='hidden' name='SRV_NAME' value='$customservice{$key}[0]' />
<input type='hidden' name='SRV_PORT' value='$customservice{$key}[1]' />
- <input type='hidden' name='PROT' value='$customservice{$key}[2]' /></form></td>
+ <input type='hidden' name='PROT' value='$customservice{$key}[2]' />
+ <input type='hidden' name='ICMP' value='$customservice{$key}[3]' /></form></td>
END
if ($customservice{$key}[4] eq '0')
{
}
}
print"<td align='center'>$port</td><td align='center'>$protocol</td><td width='1%'><form method='post'>";
- if ($number gt '1'){
+ if ($delflag gt '1'){
print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
}
print"<input type='hidden' name='ACTION' value='delgrpservice'><input type='hidden' name='updatesrvgrp' value='$fwhostsettings{'updatesrvgrp'}'><input type='hidden' name='delsrvfromgrp' value='$grpname,$remark,$customservicegrp{$key}[2],$customservicegrp{$key}[3]'></form></td></tr>";
return 1;
}
+sub checkgroup
+{
+ my %hash=%{(shift)};
+ my $name=shift;
+ foreach my $key (keys %hash) {
+ if($hash{$key}[0] eq $name){
+ return 0;
+ }
+ }
+ return 1;
+}
sub checkip
{
return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
}
}
+
sub deletefromgrp
{
my $target=shift;