X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Ffirewall.cgi;h=fb1c25dfd577a016a3fefdf76456f7c39811fcb9;hb=39155be80547e808e859f8f4dcd93763876bff5f;hp=8007182e9d0f079d490d1f88e6f32a5aed00a80e;hpb=f770b72899bcd7977a83e0237c9840804f6a46ca;p=ipfire-2.x.git
diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index 8007182e9d..fb1c25dfd5 100644
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -241,10 +241,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
$checkorange='on';
}
}
- #check useless rules
- if( ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on') && $fwdfwsettings{'grp2'} eq 'ipfire'){
- $errormessage.=$Lang::tr{'fwdfw useless rule'}."
";
- }
#check if we try to break rules
if( $fwdfwsettings{'grp1'} eq 'ipfire_src' && $fwdfwsettings{'grp2'} eq 'ipfire'){
$errormessage=$Lang::tr{'fwdfw err same'};
@@ -539,16 +535,6 @@ sub checktarget
#check DNAT settings (has to be single Host and single Port or portrange)
if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){
if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){
- #check if manual ip is a single Host (if set)
- if ($fwdfwsettings{'grp2'} eq 'tgt_addr'){
- my @tmp= split (/\./,$fwdfwsettings{$fwdfwsettings{'grp2'}});
- my @tmp1= split ("/",$tmp[3]);
- if (($tmp1[0] eq "0") || ($tmp1[0] eq "255"))
- {
- $errormessage=$Lang::tr{'fwdfw dnat error'}."
";
- return $errormessage;
- }
- }
#check if Port is a single Port or portrange
if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
if(($fwdfwsettings{'PROT'} ne 'TCP'|| $fwdfwsettings{'PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){
@@ -1171,11 +1157,31 @@ END
#IPsec netze
foreach my $key (sort { ncmp($ipsecconf{$a}[1],$ipsecconf{$b}[1]) } keys %ipsecconf) {
if ($ipsecconf{$key}[3] eq 'net' || ($optionsfw{'SHOWDROPDOWN'} eq 'on' && $ipsecconf{$key}[3] ne 'host')){
- print"