X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;ds=sidebyside;f=html%2Fcgi-bin%2Faliases.cgi;h=4e61eb65e6cd1b87667a29e897f4bd120c9b9f80;hb=08cf4d21540c4fe185db1f17ae365f7ab6adae27;hp=09f6ea370dac1bbe7a4e42e0bc9ed5f2231d0bfb;hpb=82a4a102f3eaa4d1d706a654cb940596714871d2;p=people%2Fpmueller%2Fipfire-2.x.git

diff --git a/html/cgi-bin/aliases.cgi b/html/cgi-bin/aliases.cgi
index 09f6ea370d..4e61eb65e6 100644
--- a/html/cgi-bin/aliases.cgi
+++ b/html/cgi-bin/aliases.cgi
@@ -33,6 +33,14 @@ use strict;
 require '/var/ipfire/general-functions.pl';	# replace /var/ipcop with /var/ipcop in case of manual install
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
+require "${General::swroot}/ids-functions.pl";
+
+my $configfwdfw		= "${General::swroot}/firewall/config";
+my $configinput		= "${General::swroot}/firewall/input";
+my $configoutgoing	= "${General::swroot}/firewall/outgoing";
+my %input=();
+my %forward=();
+my %output=();
 
 #workaround to suppress a warning when a variable is used only once
 my @dummy = ( ${Header::colouryellow} );
@@ -90,7 +98,6 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
     #
     #Validate static Settings1 here
     #
-    
     unless ($errormessage) {					# Everything is ok, save settings
 	#map (delete ($settings{$_}) ,(@nosaved,'ACTION','KEY1'));# Must never be saved 
 	#&General::writehash($setting, \%settings);		# Save good settings
@@ -99,6 +106,9 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
 	
 	# Rebuild configuration file if needed
 	&BuildConfiguration;
+
+	# Handle suricata related actions.
+	&HandleSuricata();
     }
 
     ERROR:						# Leave the faulty field untouched
@@ -133,6 +143,9 @@ if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
 	
     # Rebuild configuration file
     &BuildConfiguration;
+
+    # Handle Suricata related actions.
+    &HandleSuricata();
 }
 
 if ($settings{'ACTION'} eq $Lang::tr{'add'}) {
@@ -146,6 +159,12 @@ if ($settings{'ACTION'} eq $Lang::tr{'add'}) {
 	$errormessage = $Lang::tr{'duplicate ip'} . ' (RED)';
         $spacer=" & ";
     }
+    #Check if we have an emtpy name
+    if (!$settings{'NAME'}){
+		$errormessage=$Lang::tr{'fwhost err name1'};
+	}elsif(! &General::validfqdn($settings{'NAME'}) && ! &General::validhostname($settings{'NAME'})){
+		$errormessage=$Lang::tr{'invalid hostname'};
+	}
     my $idx=0;
     foreach my $line (@current) {
         chomp ($line);
@@ -162,6 +181,38 @@ if ($settings{'ACTION'} eq $Lang::tr{'add'}) {
 	}
 	$idx++;
     }
+	#Update firewallrules if aliasname is changed
+	if ($settings{'OLDNAME'} ne $settings {'NAME'}){
+		&General::readhasharray("$configfwdfw", \%forward);
+		&General::readhasharray("$configinput", \%input);
+		&General::readhasharray("$configoutgoing", \%output);
+		#Check FORWARD
+		foreach my $forwardkey (sort keys %forward){
+			if ($forward{$forwardkey}[29] eq $settings{'OLDNAME'}){
+				$forward{$forwardkey}[29] = $settings {'NAME'};
+			}
+		}
+		&General::writehasharray($configfwdfw, \%forward);
+		#Check INPUT
+		foreach my $inputkey (sort keys %input){
+			if ($input{$inputkey}[6] eq $settings{'OLDNAME'}){
+				$input{$inputkey}[6] = $settings {'NAME'};
+			}
+		}
+		&General::writehasharray($configinput, \%input);
+		#Check OUTPUT
+		foreach my $outputkey (sort keys %output){
+			if ($output{$outputkey}[4] eq $settings{'OLDNAME'}){
+				$output{$outputkey}[4] = $settings {'NAME'};
+			}
+		}
+		&General::writehasharray($configoutgoing, \%output);
+		&General::firewall_config_changed;
+	}
+	#If Alias IP has changed, set firewall_config_changed
+	if($settings{'OLDIP'} ne $settings{'IP'} && $settings{'OLDIP'}){
+		&General::firewall_config_changed;
+	}
     unless ($errormessage) {
 	if ($settings{'KEY1'} eq '') { #add or edit ?
 	    unshift (@current, "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'}\n");
@@ -176,6 +227,9 @@ if ($settings{'ACTION'} eq $Lang::tr{'add'}) {
 	&SortDataFile;				# sort newly added/modified entry
 
 	&BuildConfiguration;			# then re-build conf which use new data
+
+	# Handle Suricata related actions.
+	&HandleSuricata();
 	
 ##
 ## if entering data line is repetitive, choose here to not erase fields between each addition
@@ -207,6 +261,9 @@ if ($settings{'ACTION'} eq $Lang::tr{'remove'}) {
     &General::log($Lang::tr{'ip alias removed'});
 
     &BuildConfiguration;				# then re-build conf which use new data
+
+    # Handle Suricata related actions.
+    &HandleSuricata();
 }
 
 
@@ -275,9 +332,11 @@ if ($settings{'KEY1'} ne '') {
 print <<END
 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
 <input type='hidden' name='KEY1' value='$settings{'KEY1'}' />
+<input type='hidden' name='OLDNAME' value='$settings{'NAME'}' />
+<input type='hidden' name='OLDIP' value='$settings{'IP'}' />
 <table style='width:100%;'>
 <tr>
-<td class='base' style='color:${Header::colourred};'>$Lang::tr{'name'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+<td class='base' style='color:${Header::colourred};'>$Lang::tr{'name'}:</td>
 <td><input type='text' name='NAME' value='$settings{'NAME'}' size='32' /></td>
 <td class='base' style='text-align:right; color:${Header::colourred};'>$Lang::tr{'alias ip'}:&nbsp;</td>
 <td><input type='text' name='IP' value='$settings{'IP'}' size='16' /></td>
@@ -289,7 +348,6 @@ print <<END
 <hr />
 <table style='width:100%;'>
 <tr>
-    <td><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td>
     <td style='text-align:right;'><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /><input type='submit' name='SUBMIT' value='$buttontext' /></td>
 </tr>
 </table>
@@ -512,3 +570,16 @@ sub BuildConfiguration {
     system '/usr/local/bin/setaliases';
 }
 
+#
+## Handle Suricata related actions.
+#
+sub HandleSuricata() {
+	# Check if suricata is running.
+	if(&IDS::ids_is_running()) {
+		# Re-generate file which contains the HOME_NET declaration.
+		&IDS::generate_home_net_file();
+
+		# Call suricatactrl to perform a restart of suricata.
+		&IDS::call_suricatactrl("restart");
+	}
+}