X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fforwardfw.cgi;h=7e1f4f4272578e7a849c1651d5102873fb911eac;hb=3b2ad4a1bddd2185da6bd500be39ee19694399a7;hp=68a18b428bf6e544c7ed5e4aff286f86dfd08e7a;hpb=bc912c6e0c34bfd81a915b3f2774fc6b848990ff;p=people%2Fteissler%2Fipfire-2.x.git diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi index 68a18b428..7e1f4f427 100755 --- a/html/cgi-bin/forwardfw.cgi +++ b/html/cgi-bin/forwardfw.cgi @@ -31,6 +31,7 @@ ############################################################################### use strict; +use Sort::Naturally; no warnings 'uninitialized'; # enable only the following on debugging purpose #use warnings; @@ -77,7 +78,7 @@ my %aliases=(); my %optionsfw=(); my %ifaces=(); -my $VERSION='0.9.9.2'; +my $VERSION='0.9.9.8'; my $color; my $confignet = "${General::swroot}/fwhosts/customnetworks"; my $confighost = "${General::swroot}/fwhosts/customhosts"; @@ -107,23 +108,15 @@ my @protocols; &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); &General::readhash($fwoptions, \%optionsfw); &General::readhash($ifacesettings, \%ifaces); - +&General::readhash("$configovpn", \%ovpnsettings); +&General::readhash("$configipsecrw", \%ipsecsettings); +&General::readhasharray("$configipsec", \%ipsecconf); &Header::showhttpheaders(); &Header::getcgihash(\%fwdfwsettings); &Header::openpage($Lang::tr{'fwdfw menu'}, 1, ''); &Header::openbigbox('100%', 'center',$errormessage); #### ACTION ##### -if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'save'}) -{ - my $MODE = $fwdfwsettings{'POLICY'}; - my $MODE1 = $fwdfwsettings{'POLICY1'}; - %fwdfwsettings = (); - $fwdfwsettings{'POLICY'} = "$MODE"; - $fwdfwsettings{'POLICY1'} = "$MODE1"; - &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); - &reread_rules; -} if ($fwdfwsettings{'ACTION'} eq 'saverule') { &General::readhasharray("$configfwdfw", \%configfwdfw); @@ -180,8 +173,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){ $fwdfwsettings{'oldrulenumber'}=$maxkey; foreach my $key (sort keys %confignatfw){ - #print"$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'snatport'},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}
"; - #print"$confignatfw{$key}[0],$confignatfw{$key}[2],$confignatfw{$key}[3],$confignatfw{$key}[4],$confignatfw{$key}[5],$confignatfw{$key}[6],$confignatfw{$key}[7],$confignatfw{$key}[8],$confignatfw{$key}[9],$confignatfw{$key}[10],$confignatfw{$key}[11],$confignatfw{$key}[12],$confignatfw{$key}[13],$confignatfw{$key}[14],$confignatfw{$key}[15],$confignatfw{$key}[17],$confignatfw{$key}[19],$confignatfw{$key}[20],$confignatfw{$key}[21],$confignatfw{$key}[22],$confignatfw{$key}[23],$confignatfw{$key}[24],$confignatfw{$key}[25],$confignatfw{$key}[26],$confignatfw{$key}[27],$confignatfw{$key}[28],$confignatfw{$key}[29],$confignatfw{$key}[30],$confignatfw{$key}[31],$confignatfw{$key}[32]
"; if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'snatport'},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}" eq "$confignatfw{$key}[0],$confignatfw{$key}[2],$confignatfw{$key}[3],$confignatfw{$key}[4],$confignatfw{$key}[5],$confignatfw{$key}[6],$confignatfw{$key}[7],$confignatfw{$key}[8],$confignatfw{$key}[9],$confignatfw{$key}[10],$confignatfw{$key}[11],$confignatfw{$key}[12],$confignatfw{$key}[13],$confignatfw{$key}[14],$confignatfw{$key}[15],$confignatfw{$key}[17],$confignatfw{$key}[19],$confignatfw{$key}[20],$confignatfw{$key}[21],$confignatfw{$key}[22],$confignatfw{$key}[23],$confignatfw{$key}[24],$confignatfw{$key}[25],$confignatfw{$key}[26],$confignatfw{$key}[27],$confignatfw{$key}[28],$confignatfw{$key}[29],$confignatfw{$key}[30],$confignatfw{$key}[31],$confignatfw{$key}[32]"){ $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; @@ -315,27 +306,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') if($fwdfwsettings{'nosave2'} ne 'on'){ &saverule(\%configinputfw,$configinput); } - #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; - #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}
"; - #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; - #print "Dienst: $fwdfwsettings{'USESRV'}, $fwdfwsettings{'grp3'} -> $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; - #print "BEMERKUNG: $fwdfwsettings{'ruleremark'}
"; - #print " Regel AKTIV: $fwdfwsettings{'ACTIVE'}
"; - #print " Regel LOG: $fwdfwsettings{'LOG'}
"; - #print " ZEITRAHMEN: $fwdfwsettings{'TIME'}
"; - #print " MO: $fwdfwsettings{'TIME_MON'}
"; - #print " DI: $fwdfwsettings{'TIME_TUE'}
"; - #print " MI: $fwdfwsettings{'TIME_WED'}
"; - #print " DO: $fwdfwsettings{'TIME_THU'}
"; - #print " FR: $fwdfwsettings{'TIME_FRI'}
"; - #print " SA: $fwdfwsettings{'TIME_SAT'}
"; - #print " SO: $fwdfwsettings{'TIME_SUN'}
"; - #print " VON: $fwdfwsettings{'TIME_FROM'} bis $fwdfwsettings{'TIME_TO'}
"; - #print "
"; - #print"ALT: $fwdfwsettings{'oldgrp1a'} $fwdfwsettings{'oldgrp1b'} NEU: $fwdfwsettings{'grp1'} $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; - #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; - #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; - #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}
"; }elsif($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' ){ # OUTGOING PART $fwdfwsettings{'config'}=$configoutgoing; @@ -424,7 +394,7 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') } } #check if we just close a rule - if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'} ) { + if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}) { if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){ $fwdfwsettings{'nosave2'} = 'on'; $errormessage=''; @@ -446,27 +416,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') if ($fwdfwsettings{'nosave2'} ne 'on'){ &saverule(\%configfwdfw,$configfwdfw); } - #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; - #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}
"; - #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; - #print "Dienst: $fwdfwsettings{'USESRV'}, $fwdfwsettings{'grp3'} -> $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; - #print "BEMERKUNG: $fwdfwsettings{'ruleremark'}
"; - #print " Regel AKTIV: $fwdfwsettings{'ACTIVE'}
"; - #print " Regel LOG: $fwdfwsettings{'LOG'}
"; - #print " ZEITRAHMEN: $fwdfwsettings{'TIME'}
"; - #print " MO: $fwdfwsettings{'TIME_MON'}
"; - #print " DI: $fwdfwsettings{'TIME_TUE'}
"; - #print " MI: $fwdfwsettings{'TIME_WED'}
"; - #print " DO: $fwdfwsettings{'TIME_THU'}
"; - #print " FR: $fwdfwsettings{'TIME_FRI'}
"; - #print " SA: $fwdfwsettings{'TIME_SAT'}
"; - #print " SO: $fwdfwsettings{'TIME_SUN'}
"; - #print " VON: $fwdfwsettings{'TIME_FROM'} bis $fwdfwsettings{'TIME_TO'}
"; - #print "
"; - #print"ALT: $fwdfwsettings{'oldgrp1a'} $fwdfwsettings{'oldgrp1b'} NEU: $fwdfwsettings{'grp1'} $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; - #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; - #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; - #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}
"; } if ($errormessage){ &newrule; @@ -477,51 +426,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') &base; } } -if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'reset'}) -{ - if($fwdfwsettings{'poltype'} eq 'forward'){ - &General::readhasharray("$configfwdfw", \%configfwdfw); - foreach my $key (sort keys %configfwdfw){ - &checkcounter($configfwdfw{$key}[3],$configfwdfw{$key}[4],,); - &checkcounter($configfwdfw{$key}[5],$configfwdfw{$key}[6],,); - &checkcounter($configfwdfw{$key}[14],$configfwdfw{$key}[15],,); - } - #&General::readhasharray("$configinput", \%configinputfw); - #foreach my $key (sort keys %configinputfw){ - # &checkcounter($configinputfw{$key}[3],$configinputfw{$key}[4],,); - # &checkcounter($configinputfw{$key}[5],$configinputfw{$key}[6],,); - # &checkcounter($configinputfw{$key}[14],$configinputfw{$key}[15],,); - #} - - system("rm ${General::swroot}/forward/config"); - #system("rm ${General::swroot}/forward/input"); - &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); - unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); } - #unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); } - my $MODE1=$fwdfwsettings{'POLICY1'}; - %fwdfwsettings = (); - $fwdfwsettings{'POLICY'}='MODE2'; - $fwdfwsettings{'POLICY1'}=$MODE1; - &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); - &reread_rules; - }else{ - &General::readhasharray("$configoutgoing", \%configoutgoingfw); - foreach my $key (sort keys %configoutgoingfw){ - &checkcounter($configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],,); - &checkcounter($configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],,); - &checkcounter($configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],,); - } - system("rm ${General::swroot}/forward/outgoing"); - &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); - unless (-e "${General::swroot}/forward/outgoing") { system("touch ${General::swroot}/forward/outgoing"); } - my $MODE=$fwdfwsettings{'POLICY'}; - %fwdfwsettings = (); - $fwdfwsettings{'POLICY'}=$MODE; - $fwdfwsettings{'POLICY1'}='MODE2'; - &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); - &reread_rules; - } -} if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw newrule'}) { &newrule; @@ -579,7 +483,6 @@ if ($fwdfwsettings{'ACTION'} eq 'movedown') if ($fwdfwsettings{'ACTION'} eq 'copyrule') { $fwdfwsettings{'copyfwrule'}='on'; - #$fwdfwsettings{'updatefwrule'}='on'; &newrule; } if ($fwdfwsettings{'ACTION'} eq '') @@ -591,9 +494,9 @@ sub addrule { &error; if (-f "${General::swroot}/forward/reread"){ - print "
    $Lang::tr{'fwhost reread'}

"; + print "
    $Lang::tr{'fwhost reread'}

"; } - &Header::openbox('100%', 'left', $Lang::tr{'firewall'}); + &Header::openbox('100%', 'left', $Lang::tr{'fwdfw menu'}); print "
"; print ""; print ""; @@ -603,44 +506,9 @@ sub addrule } sub base { - if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; } - if ($fwdfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; } - if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){ $selected{'POLICY1'}{'MODE1'} = 'selected'; } else { $selected{'POLICY1'}{'MODE1'} = ''; } - if ($fwdfwsettings{'POLICY1'} eq 'MODE2'){ $selected{'POLICY1'}{'MODE2'} = 'selected'; } else { $selected{'POLICY1'}{'MODE2'} = ''; } &hint; &addrule; print "

"; - &Header::openbox('100%', 'center', $Lang::tr{'fwdfw pol title'}); -print < -
- - - - "; - print "
FORWARD
$Lang::tr{'fwdfw pol text'}
- - -END - print "$Lang::tr{'outgoing firewall reset'}:
"; - print"

"; - print < - - - - - "; - print "
OUTGOING
$Lang::tr{'fwdfw pol text1'}
- - -END - print "$Lang::tr{'outgoing firewall reset'}:
"; - &Header::closebox(); print "

Version: $VERSION
"; } sub changerule @@ -656,7 +524,6 @@ sub changerule sub checksource { my ($ip,$subnet); - #check ip-address if manual if ($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} ne ''){ #check if ip with subnet @@ -676,6 +543,11 @@ sub checksource if (&General::validmac($fwdfwsettings{'src_addr'})){$fwdfwsettings{'ismac'}='on';} } if ($fwdfwsettings{'isip'} eq 'on'){ + ##check if ip is valid + if (! &General::validip($ip)){ + $errormessage.=$Lang::tr{'fwdfw err src_addr'}."
"; + return $errormessage; + } #check and form valid IP $ip=&General::ip2dec($ip); $ip=&General::dec2ip($ip); @@ -684,15 +556,17 @@ sub checksource if (($tmp[3] eq "0") || ($tmp[3] eq "255")) { $errormessage=$Lang::tr{'fwhost err hostip'}."
"; + return $errormessage; } $fwdfwsettings{'src_addr'}="$ip/$subnet"; - if(!&General::validipandmask($fwdfwsettings{'src_addr'})){ $errormessage.=$Lang::tr{'fwdfw err src_addr'}."
"; + return $errormessage; } } if ($fwdfwsettings{'isip'} ne 'on' && $fwdfwsettings{'ismac'} ne 'on'){ $errormessage.=$Lang::tr{'fwdfw err src_addr'}."
"; + return $errormessage; } }elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrcip'}; @@ -761,8 +635,8 @@ sub checksource } } $fwdfwsettings{'SRC_PORT'}=join("|",@values); - return $errormessage; } + return $errormessage; } sub checktarget { @@ -771,8 +645,9 @@ sub checktarget #check DNAT settings (has to be single Host and single Port or portrange) if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){ if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){ - if ($fwdfwsettings{'USESRV'} eq ''){ + if ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'dnatport'} eq ''){ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + return $errormessage; } #check if manual ip is a single Host (if set) if ($fwdfwsettings{'grp2'} eq 'tgt_addr'){ @@ -781,19 +656,23 @@ sub checktarget if (($tmp1[0] eq "0") || ($tmp1[0] eq "255")) { $errormessage=$Lang::tr{'fwdfw dnat error'}."
"; + return $errormessage; } } #check if Port is a single Port or portrange if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ if(($fwdfwsettings{'TGT_PROT'} ne 'TCP'|| $fwdfwsettings{'TGT_PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + return $errormessage; } if (($fwdfwsettings{'TGT_PROT'} eq 'TCP'|| $fwdfwsettings{'TGT_PROT'} eq 'UDP') && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PORT'})){ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + return $errormessage; } } }else{ $errormessage=$Lang::tr{'fwdfw dnat error'}."
"; + return $errormessage; } } if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){ @@ -807,13 +686,18 @@ sub checktarget $ip=$fwdfwsettings{'tgt_addr'}; $subnet='32'; } + #check if ip is valid + if (! &General::validip($ip)){ + $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."
"; + return $errormessage; + } #check and form valid IP $ip=&General::ip2dec($ip); $ip=&General::dec2ip($ip); - $fwdfwsettings{'tgt_addr'}="$ip/$subnet"; if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){ $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."
"; + return $errormessage; } }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgtip'}; @@ -838,8 +722,9 @@ sub checktarget if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){ if ($fwdfwsettings{'TGT_PROT'} eq 'TCP' || $fwdfwsettings{'TGT_PROT'} eq 'UDP'){ if ($fwdfwsettings{'TGT_PORT'} ne ''){ - if ($fwdfwsettings{'TGT_PORT'} =~ "," && $fwdfwsettings{'USE_NAT'}) { + if ($fwdfwsettings{'TGT_PORT'} =~ "," && $fwdfwsettings{'USE_NAT'} && $fwdfwsettings{'nat'} eq 'dnat') { $errormessage=$Lang::tr{'fwdfw dnat porterr'}."
"; + return $errormessage; } my @parts=split(",",$fwdfwsettings{'TGT_PORT'}); my @values=(); @@ -900,18 +785,17 @@ sub checktarget } } } - #check targetport if ($fwdfwsettings{'USESRV'} ne 'ON'){ $fwdfwsettings{'grp3'}=''; $fwdfwsettings{$fwdfwsettings{'grp3'}}=''; - $fwdfwsettings{'TGT_PROT'}=''; $fwdfwsettings{'ICMP_TGT'}=''; } #check timeframe if($fwdfwsettings{'TIME'} eq 'ON'){ if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && $fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && $fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && $fwdfwsettings{'TIME_SUN'} eq ''){ $errormessage=$Lang::tr{'fwdfw err time'}; + return $errormessage; } } return $errormessage; @@ -946,10 +830,9 @@ sub checkrule #if no port is given in nat area, take target host port if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$fwdfwsettings{'TGT_PORT'};} #check if port given in nat area is a single valid port or portrange - if($fwdfwsettings{'nat'} eq 'dnat' && !&check_natport($fwdfwsettings{'dnatport'})){ + if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'dnatport'})){ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; - } - elsif($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'grp3'} eq 'cust_srv'){ + }elsif($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'grp3'} eq 'cust_srv'){ my $custsrvport; #get servcie Protocol and Port foreach my $key (sort keys %customservice){ @@ -962,6 +845,42 @@ sub checkrule } if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$custsrvport;} } + #check if DNAT port is multiple + if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} ne ''){ + my @parts=split(",",$fwdfwsettings{'dnatport'}); + my @values=(); + foreach (@parts){ + chomp($_); + if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) { + my $check; + #change dashes with : + $_=~ tr/-/:/; + if ($_ eq "*") { + push(@values,"1:65535"); + $check='on'; + } + if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) { + push(@values,"1:$2"); + $check='on'; + } + if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/) { + push(@values,"$1:65535"); + $check='on' + } + $errormessage .= &General::validportrange($_, 'destination'); + if(!$check){ + push (@values,$_); + } + }else{ + if (&General::validport($_)){ + push (@values,$_); + }else{ + + } + } + } + $fwdfwsettings{'dnatport'}=join("|",@values); + } } #check valid remark if ($fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ @@ -1042,6 +961,32 @@ sub checkcounter }elsif($base2 eq 'cust_srvgrp'){ &inc_counter($configsrvgrp,\%customservicegrp,$val2); } +} +sub checkvpn +{ + my $ip=shift; + #Test if manual IP is part of static OpenVPN networks + &General::readhasharray("$configccdnet", \%ccdnet); + foreach my $key (sort keys %ccdnet){ + my ($vpnip,$vpnsubnet) = split ("/",$ccdnet{$key}[1]); + my $sub=&General::iporsubtodec($vpnsubnet); + if (&General::IpInSubnet($ip,$vpnip,$sub)){ + return 0; + } + } + # A Test if manual ip is part of dynamic openvpn subnet is made in getcolor + # because if one creates a custom host with the ip, we need to check the color there! + # It does not make sense to check this here + + # Test if manual IP is part of an OpenVPN N2N subnet does also not make sense here + # Is also checked in getcolor + + # Test if manual ip is part of an IPsec Network is also checked in getcolor + return 1; +} +sub checkvpncolor +{ + } sub deleterule { @@ -1095,7 +1040,6 @@ sub dec_counter my %hash=%{(shift)}; my $val=shift; my $pos; - #$errormessage.="ALT:config: $config , verringert wird $val
"; &General::readhasharray($config, \%hash); foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ if($hash{$key}[0] eq $val){ @@ -1120,7 +1064,7 @@ sub fillselect my %hash=%{(shift)}; my $val=shift; my $key; - foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ + foreach my $key (sort { ncmp($hash{$a}[0],$hash{$b}[0]) } keys %hash){ if($hash{$key}[0] eq $val){ print""; }else{ @@ -1164,7 +1108,10 @@ END next if($defaultNetworks{$network}{'NAME'} eq "IPFire" && $srctgt eq 'tgt'); print ""; + my $defnet="$defaultNetworks{$network}{'NAME'}_NETADDRESS"; + $ifaces{$defnet} = '0.0.0.0' if ($defaultNetworks{$network}{'NAME'} eq 'ALL'); + $defnet = "RED_ADDRESS" if ($defaultNetworks{$network}{'NAME'} eq 'IPFire'); + print ">$network $ifaces{$defnet} "; } print""; #custom networks @@ -1182,7 +1129,7 @@ END #custom groups if (! -z $configgrp || $optionsfw{'SHOWDROPDOWN'} eq 'on'){ print"$Lang::tr{'fwhost cust grp'}$Lang::tr{'fwhost ccdhost'}";} #OVPN N2N - foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost){ + foreach my $key (sort { ncmp($ccdhost{$a}[1],$ccdhost{$b}[1]) } keys %ccdhost){ if ($ccdhost{$key}[3] eq 'net'){ print"$Lang::tr{'fwhost ovpn_n2n'}:";} #IPsec netze - foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) { + foreach my $key (sort { ncmp($ipsecconf{$a}[1],$ipsecconf{$b}[1]) } keys %ipsecconf) { if ($ipsecconf{$key}[3] eq 'net' || $optionsfw{'SHOWDROPDOWN'} eq 'on'){ print"$Lang::tr{'fwhost ipsec net'}$Lang::tr{'fwdfw targetip'}IPFire + $Lang::tr{'fwdfw targetip'}Firewall END - if (! -z "${General::swroot}/ethernet/aliases"){ - print""; + print ""; + print "" if $ifaces{'GREEN_ADDRESS'}; + print "" if $ifaces{'ORANGE_ADDRESS'}; + print "" if $ifaces{'BLUE_ADDRESS'}; + print "" if $ifaces{'RED_ADDRESS'}; + if (! -z "${General::swroot}/ethernet/aliases"){ foreach my $alias (sort keys %aliases) { print ""; } - - }else{ - print""; } print< @@ -1701,7 +1700,7 @@ END $Lang::tr{'fwdfw use srv'}$Lang::tr{'fwhost cust service'} "; print"
"; #SNAT @@ -2025,7 +2025,7 @@ sub saverule #print"6"; } #check if we change a DMZ to a FORWARD/DMZ - elsif($fwdfwsettings{'oldruletype'} eq 'DMZ' && $fwdfwsettings{'chain'} eq 'FORWARDFW' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE'){ + elsif($fwdfwsettings{'oldruletype'} eq 'DMZ' && $fwdfwsettings{'chain'} eq 'FORWARDFW' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE' && $checkorange ne 'on'){ &changerule($configdmz); #print"7"; } @@ -2068,7 +2068,7 @@ sub saverule #print"14"; } #check if we change a FORWARD rule to an DMZ - elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && $fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on'){ + elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on')){ &changerule($configfwdfw); #print"15"; } @@ -2241,11 +2241,11 @@ sub validremark sub viewtablerule { &General::readhash("/var/ipfire/ethernet/settings", \%netsettings); - &viewtablenew(\%configdmzfw,$configdmz,$Lang::tr{'fwdfw rules'},"DMZ" ); + &viewtablenew(\%confignatfw,$confignat,"$Lang::tr{'fwdfw rules'}","Portforward / SNAT" ); &viewtablenew(\%configfwdfw,$configfwdfw,"","Forward" ); - &viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'external access'} ); &viewtablenew(\%configoutgoingfw,$configoutgoing,"","Outgoing" ); - &viewtablenew(\%confignatfw,$confignat,"","NAT" ); + &viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'fwdfw xt access'} ); + &viewtablenew(\%configdmzfw,$configdmz,"","DMZ" ); } sub viewtablenew { @@ -2257,6 +2257,8 @@ sub viewtablenew &General::get_aliases(\%aliases); &General::readhasharray("$confighost", \%customhost); &General::readhasharray("$config", $hash); + &General::readhasharray("$configccdnet", \%ccdnet); + &General::readhasharray("$configccdhost", \%ccdhost); if( ! -z $config){ &Header::openbox('100%', 'left',$title); my $count=0; @@ -2267,8 +2269,8 @@ sub viewtablenew my @tmpsrc=(); my $coloryellow=''; print"$title1
"; - print""; - print""; + print"
#$Lang::tr{'fwdfw source'}Log$Lang::tr{'fwdfw target'}$Lang::tr{'protocol'}$Lang::tr{'fwdfw time'}$Lang::tr{'fwdfw action'}
"; + print"";#$Lang::tr{'protocol'} foreach my $key (sort {$a <=> $b} keys %$hash){ $tdcolor=''; @tmpsrc=(); @@ -2321,7 +2323,7 @@ sub viewtablenew } print""; print<$key + END if ($$hash{$key}[0] eq 'ACCEPT'){ $ruletype='A'; @@ -2336,7 +2338,7 @@ END $tooltip='REJECT'; $rulecolor=$color{'color16'}; } - print""; + print""; &getcolor($$hash{$key}[3],$$hash{$key}[4],\%customhost); print""; #Get Protocol my $prot; - if ($$hash{$key}[12]){ #target prot if manual - push (@protocols,$$hash{$key}[12]); - }elsif($$hash{$key}[8]){ #source prot if manual + if ($$hash{$key}[8] && $$hash{$key}[7] eq 'ON'){#source prot if manual push (@protocols,$$hash{$key}[8]); + }elsif ($$hash{$key}[12]){ #target prot if manual + push (@protocols,$$hash{$key}[12]); }elsif($$hash{$key}[14] eq 'cust_srv'){ &get_serviceports("service",$$hash{$key}[15]); }elsif($$hash{$key}[14] eq 'cust_srvgrp'){ @@ -2403,22 +2411,7 @@ END my $protz=join(",",@protocols); print""; @protocols=(); - if ($$hash{$key}[18] eq 'ON'){ - my @days=(); - if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});} - if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});} - if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});} - if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});} - if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});} - if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});} - if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});} - my $weekdays=join(",",@days); - if (@days){ - print""; - } - }else{ - print""; - } + if($$hash{$key}[2] eq 'ON'){ $gif="/images/on.gif" @@ -2476,11 +2469,29 @@ END print""; } #REMARK - if ($optionsfw{'SHOWREMARK'} eq 'on'){ + if ($optionsfw{'SHOWREMARK'} eq 'on' && $$hash{$key}[16] ne ''){ print""; - print""; + print""; + } + if ($$hash{$key}[18] eq 'ON'){ + #TIMEFRAME + if ($$hash{$key}[18] eq 'ON'){ + my @days=(); + if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});} + if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});} + if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});} + if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});} + if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});} + if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});} + if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});} + my $weekdays=join(",",@days); + if (@days){ + print""; + print""; + } + } } - print""; + print""; } print"
#$Lang::tr{'fwdfw source'}Log$Lang::tr{'fwdfw target'}$Lang::tr{'fwdfw action'}
$Lang::tr{'fwdfw time'}
$key  $ruletype$ruletype"; if ($$hash{$key}[3] eq 'std_net_src'){ @@ -2348,7 +2350,7 @@ END &getsrcport(\%$hash,$key); #Is this a SNAT rule? if ($$hash{$key}[31] eq 'snat'){ - print"
SNAT -> $$hash{$key}[29]"; + print"
-> $$hash{$key}[29]"; if ($$hash{$key}[30] ne ''){ print": $$hash{$key}[30]"; } @@ -2375,12 +2377,18 @@ END if ($$hash{$key}[31] eq 'dnat'){ print "IPFire ($$hash{$key}[29])"; if($$hash{$key}[30] ne ''){ + $$hash{$key}[30]=~ tr/|/,/; print": $$hash{$key}[30]"; } - print"
DNAT->"; + print"
->"; } - if ($$hash{$key}[5] eq 'std_net_tgt'){ - print &get_name($$hash{$key}[6]); + if ($$hash{$key}[5] eq 'std_net_tgt' || $$hash{$key}[5] eq 'ipfire' && $$hash{$key}[6] eq 'RED' || $$hash{$key}[6] eq 'RED1' || $$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq 'ORANGE' || $$hash{$key}[6] eq 'BLUE' ){ + if ($$hash{$key}[6] eq 'RED1') + { + print $Lang::tr{'red1'}; + }else{ + print &get_name($$hash{$key}[6]); + } }else{ print $$hash{$key}[6]; } @@ -2389,10 +2397,10 @@ END print"		$protz$weekdays   $$hash{$key}[26] - $$hash{$key}[27] 24/7
   $$hash{$key}[16]
   $$hash{$key}[16]
 $weekdays   $$hash{$key}[26] - $$hash{$key}[27]
"; &Header::closebox(); @@ -2493,7 +2504,5 @@ END } } } - - &Header::closebigbox(); &Header::closepage();