X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Ffirewall.cgi;h=fb1c25dfd577a016a3fefdf76456f7c39811fcb9;hb=2caca412176a5de89fa4b359cf33766be552c447;hp=c207ec74873aff8c68185fe199eb9ca30afcdb7d;hpb=1bebab64407f7836d31bc8b86a46db1984d804a9;p=people%2Fpmueller%2Fipfire-2.x.git

diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index c207ec7487..fb1c25dfd5 100644
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -31,6 +31,7 @@ no warnings 'uninitialized';
 #use CGI::Carp 'fatalsToBrowser';
 
 require '/var/ipfire/general-functions.pl';
+require '/var/ipfire/network-functions.pl';
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
 require "${General::swroot}/geoip-functions.pl";
@@ -240,10 +241,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
 			$checkorange='on';
 		}
 	}
-	#check useless rules
-	if(	($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on') && $fwdfwsettings{'grp2'} eq 'ipfire'){
-		$errormessage.=$Lang::tr{'fwdfw useless rule'}."<br>";
-	}
 	#check if we try to break rules
 	if(	$fwdfwsettings{'grp1'} eq 'ipfire_src' && $fwdfwsettings{'grp2'} eq 'ipfire'){
 		$errormessage=$Lang::tr{'fwdfw err same'};
@@ -465,6 +462,9 @@ sub checksource
 			}
 		}
 		if ($fwdfwsettings{'isip'} eq 'on'){
+			#remove leading zero
+			$ip = &Network::ip_remove_zero($ip);
+
 			##check if ip is valid
 			if (! &General::validip($ip)){
 				$errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
@@ -535,16 +535,6 @@ sub checktarget
 	#check DNAT settings (has to be single Host and single Port or portrange)
 	if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){
 		if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){
-			#check if manual ip is a single Host (if set)
-			if ($fwdfwsettings{'grp2'} eq 'tgt_addr'){
-				my @tmp= split (/\./,$fwdfwsettings{$fwdfwsettings{'grp2'}});
-				my @tmp1= split ("/",$tmp[3]);
-				if (($tmp1[0] eq "0") || ($tmp1[0] eq "255"))
-				{
-					$errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
-					return $errormessage;
-				}
-			}
 			#check if Port is a single Port or portrange
 			if ($fwdfwsettings{'nat'} eq 'dnat' &&  $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
 				if(($fwdfwsettings{'PROT'} ne 'TCP'|| $fwdfwsettings{'PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){
@@ -569,11 +559,15 @@ sub checktarget
 			($ip,$subnet)=split (/\//,$fwdfwsettings{'tgt_addr'});
 			$subnet = &General::iporsubtocidr($subnet);
 		}
+
 		#check if only ip
 		if($fwdfwsettings{'tgt_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
 			$ip=$fwdfwsettings{'tgt_addr'};
 			$subnet='32';
 		}
+		#remove leading zero
+		$ip = &Network::ip_remove_zero($ip);
+
 		#check if ip is valid
 		if (! &General::validip($ip)){
 			$errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
@@ -597,7 +591,7 @@ sub checktarget
 		&General::readhasharray("$confighost", \%customhost);
 		foreach my $grpkey (sort keys %customgrp){
 			foreach my $hostkey (sort keys %customhost){
-				if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customhost{$hostkey}[1] eq 'mac'){
+				if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customgrp{$grpkey}[2] eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $customhost{$hostkey}[1] eq 'mac'){
 					$hint=$Lang::tr{'fwdfw hint mac'};
 					return $hint;
 				}
@@ -1163,11 +1157,31 @@ END
 	#IPsec netze
 	foreach my $key (sort { ncmp($ipsecconf{$a}[1],$ipsecconf{$b}[1]) } keys %ipsecconf) {
 		if ($ipsecconf{$key}[3] eq 'net' || ($optionsfw{'SHOWDROPDOWN'} eq 'on' && $ipsecconf{$key}[3] ne 'host')){
-			print"<tr><td valign='top'><input type='radio' name='$grp' value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' style='width:200px;'>" if ($show eq '');
+			print"<tr><td valign='top'><input type='radio' name='$grp' id='ipsec_net_$srctgt' value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' style='width:200px;'>" if ($show eq '');
 			$show='1';
+
+			#Check if we have more than one REMOTE subnet in config
+			my @arr1 = split /\|/, $ipsecconf{$key}[11];
+			my $cnt1 += @arr1;
+
 			print "<option ";
-			print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $ipsecconf{$key}[1]);
-			print ">$ipsecconf{$key}[1]</option>";
+			print "value=$ipsecconf{$key}[1]";
+			print " selected " if ($fwdfwsettings{$fwdfwsettings{$grp}} eq "$ipsecconf{$key}[1]");
+			print ">$ipsecconf{$key}[1] ";
+			print "($Lang::tr{'fwdfw all subnets'})" if $cnt1 > 1; #If this Conenction has more than one subnet, print one option for all subnets
+			print "</option>";
+
+			if ($cnt1 > 1){
+				foreach my $val (@arr1){
+					#normalize subnet to cidr notation
+					my ($val1,$val2) = split /\//, $val;
+					my $val3 = &General::iporsubtocidr($val2);
+					print "<option ";
+					print "value='$ipsecconf{$key}[1]|$val1/$val3'";
+					print "selected " if ($fwdfwsettings{$fwdfwsettings{$grp}} eq "$ipsecconf{$key}[1]|$val1/$val3");
+					print ">$ipsecconf{$key}[1] ($val1/$val3)</option>";
+				}
+			}
 		}
 	}
 	if($optionsfw{'SHOWDROPDOWN'} eq 'on' && $show eq ''){
@@ -2577,6 +2591,11 @@ END
 			#SOURCE
 			my $ipfireiface;
 			&getcolor($$hash{$key}[3],$$hash{$key}[4],\%customhost);
+			# Check SRC Host and replace "|" with space
+			if ($$hash{$key}[4] =~ /\|/){
+				$$hash{$key}[4] =~ s/\|/ (/g;
+				$$hash{$key}[4] = $$hash{$key}[4].")";
+			}
 			print"<td align='center' width='30%' $tdcolor>";
 			if ($$hash{$key}[3] eq 'ipfire_src'){
 				$ipfireiface=$Lang::tr{'fwdfw iface'};
@@ -2642,6 +2661,11 @@ END
 			print<<END;
 					<td align='center' $tdcolor>
 END
+			# Check TGT Host and replace "|" with space
+			if ($$hash{$key}[6] =~ /\|/){
+				$$hash{$key}[6] =~ s/\|/ (/g;
+				$$hash{$key}[6] = $$hash{$key}[6].")";
+			}
 			#Is this a DNAT rule?
 			my $natstring;
 			if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){