summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
146636a)
Further MAC issues: in target area, the manual ip field was target
ip/mac address - changed to IP-Address
Also implemented a plausicheck, if an addressgroup with mac addresses is
used in target area, theres a hint saying that the rule will not be
applied for mac hosts
$PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
foreach my $a (sort keys %sourcehash){
foreach my $b (sort keys %targethash){
$PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
foreach my $a (sort keys %sourcehash){
foreach my $b (sort keys %targethash){
+ next if ($targethash{$b}[0] eq 'none');
+ $STAG='';
if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
if($DPROT ne ''){
if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";}
if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
if($DPROT ne ''){
if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";}
}
foreach my $a (sort keys %sourcehash){
foreach my $b (sort keys %targethash){
}
foreach my $a (sort keys %sourcehash){
foreach my $b (sort keys %targethash){
+ next if ($targethash{$b}[0] eq 'none');
+ $STAG='';
if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
if($DPROT ne ''){
if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";}
if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
if($DPROT ne ''){
if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";}
$errormessage.=$Lang::tr{'fwdfw err notgtip'};
return $errormessage;
}
$errormessage.=$Lang::tr{'fwdfw err notgtip'};
return $errormessage;
}
+ #check for mac in targetgroup
+ if ($fwdfwsettings{'grp2'} eq 'cust_grp_tgt'){
+ &General::readhasharray("$configgrp", \%customgrp);
+ &General::readhasharray("$confighost", \%customhost);
+ foreach my $grpkey (sort keys %customgrp){
+ foreach my $hostkey (sort keys %customhost){
+ if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customhost{$hostkey}[1] eq 'mac'){
+ $hint=$Lang::tr{'fwdfw hint mac'};
+ return $hint;
+ }
+ }
+ }
+ }
#check empty fields
if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."<br>";}
#check tgt services
#check empty fields
if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."<br>";}
#check tgt services
print "<class name='base'>$hint\n";
print " </class>\n";
&Header::closebox();
print "<class name='base'>$hint\n";
print " </class>\n";
&Header::closebox();
- print"<hr>";
- }
-}
-sub inc_counter
-{
- my $config=shift;
- my %hash=%{(shift)};
- my $val=shift;
- my $pos;
-
- &General::readhasharray($config, \%hash);
- foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
- if($hash{$key}[0] eq $val){
- $pos=$#{$hash{$key}};
- $hash{$key}[$pos] = $hash{$key}[$pos]+1;
- }
- &General::writehasharray($config, \%hash);
'fwdfw from' => 'Von:',
'fwdfw hint ip1' => 'Die zuletzt erzeugte Regel mag eventuell niemals zutreffen, da sich Quelle und Ziel überlappen.',
'fwdfw hint ip2' => 'Bitte überprüfen Sie, ob diese Regel Sinn macht: ',
'fwdfw from' => 'Von:',
'fwdfw hint ip1' => 'Die zuletzt erzeugte Regel mag eventuell niemals zutreffen, da sich Quelle und Ziel überlappen.',
'fwdfw hint ip2' => 'Bitte überprüfen Sie, ob diese Regel Sinn macht: ',
+'fwdfw hint mac' => 'Sie nutzen MAC-Adressen in der Zielgruppe. Diese werden bei der Regelerstellung übersprungen.',
'fwdfw iface' => 'Interface',
'fwdfw ipsec network' => 'IPsec-Netzwerke:',
'fwdfw log' => 'Log',
'fwdfw iface' => 'Interface',
'fwdfw ipsec network' => 'IPsec-Netzwerke:',
'fwdfw log' => 'Log',
'fwdfw sourceip' => 'Quelladresse (IP/MAC-Adresse oder Netzwerk):',
'fwdfw std network' => 'Standard Netzwerke:',
'fwdfw target' => 'Ziel',
'fwdfw sourceip' => 'Quelladresse (IP/MAC-Adresse oder Netzwerk):',
'fwdfw std network' => 'Standard Netzwerke:',
'fwdfw target' => 'Ziel',
-'fwdfw targetip' => 'Zieladresse (IP/MAC-Adresse oder Netzwerk):',
+'fwdfw targetip' => 'Zieladresse (IP-Adresse oder Netzwerk):',
'fwdfw till' => 'Bis:',
'fwdfw time' => 'Zeitrahmen',
'fwdfw timeframe' => 'Zeitrahmen hinzufügen',
'fwdfw till' => 'Bis:',
'fwdfw time' => 'Zeitrahmen',
'fwdfw timeframe' => 'Zeitrahmen hinzufügen',
'fwdfw from' => 'From:',
'fwdfw hint ip1' => 'The last generated rule may never match, because source and destination subnets may overlap.',
'fwdfw hint ip2' => 'Please double-check if this rule makes sense: ',
'fwdfw from' => 'From:',
'fwdfw hint ip1' => 'The last generated rule may never match, because source and destination subnets may overlap.',
'fwdfw hint ip2' => 'Please double-check if this rule makes sense: ',
+'fwdfw hint mac' => 'The destination group contains MAC addresses, which will be skipped during rule creation.',
'fwdfw iface' => 'Interface',
'fwdfw ipsec network' => 'IPsec networks:',
'fwdfw log' => 'Log',
'fwdfw iface' => 'Interface',
'fwdfw ipsec network' => 'IPsec networks:',
'fwdfw log' => 'Log',
'fwdfw sourceip' => 'Source address (MAC/IP address or network):',
'fwdfw std network' => 'Standard networks:',
'fwdfw target' => 'Destination',
'fwdfw sourceip' => 'Source address (MAC/IP address or network):',
'fwdfw std network' => 'Standard networks:',
'fwdfw target' => 'Destination',
-'fwdfw targetip' => 'Destination address (MAC/IP address or network):',
+'fwdfw targetip' => 'Destination address (IP address or network):',
'fwdfw till' => 'Until:',
'fwdfw time' => 'Time Constraints',
'fwdfw timeframe' => 'Use time constraints',
'fwdfw till' => 'Until:',
'fwdfw time' => 'Time Constraints',
'fwdfw timeframe' => 'Use time constraints',