--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2012 #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+
+use strict;
+no warnings 'uninitialized';
+
+package fwlib;
+
+my %customnetwork=();
+my %customhost=();
+my %customgrp=();
+my %customservice=();
+my %customservicegrp=();
+my %ccdnet=();
+my %ccdhost=();
+my %ipsecconf=();
+my %ipsecsettings=();
+my %netsettings=();
+my %ovpnsettings=();
+
+require '/var/ipfire/general-functions.pl';
+
+my $confignet = "${General::swroot}/fwhosts/customnetworks";
+my $confighost = "${General::swroot}/fwhosts/customhosts";
+my $configgrp = "${General::swroot}/fwhosts/customgroups";
+my $configsrv = "${General::swroot}/fwhosts/customservices";
+my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
+my $configccdnet = "${General::swroot}/ovpn/ccd.conf";
+my $configccdhost = "${General::swroot}/ovpn/ovpnconfig";
+my $configipsec = "${General::swroot}/vpn/config";
+my $configovpn = "${General::swroot}/ovpn/settings";
+my $val;
+my $field;
+
+&General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
+&General::readhash("${General::swroot}/ovpn/settings", \%ovpnsettings);
+&General::readhash("${General::swroot}/vpn/settings", \%ipsecsettings);
+
+
+&General::readhasharray("$confignet", \%customnetwork);
+&General::readhasharray("$confighost", \%customhost);
+&General::readhasharray("$configgrp", \%customgrp);
+&General::readhasharray("$configccdnet", \%ccdnet);
+&General::readhasharray("$configccdhost", \%ccdhost);
+&General::readhasharray("$configipsec", \%ipsecconf);
+&General::readhasharray("$configsrv", \%customservice);
+&General::readhasharray("$configsrvgrp", \%customservicegrp);
+
+sub get_srv_prot
+{
+ my $val=shift;
+ foreach my $key (sort keys %customservice){
+ if($customservice{$key}[0] eq $val){
+ if ($customservice{$key}[0] eq $val){
+ return $customservice{$key}[2];
+ }
+ }
+ }
+}
+sub get_srvgrp_prot
+{
+ my $val=shift;
+ my @ips=();
+ my $tcp;
+ my $udp;
+ my $icmp;
+ foreach my $key (sort keys %customservicegrp){
+ if($customservicegrp{$key}[0] eq $val){
+ if (&get_srv_prot($customservicegrp{$key}[2]) eq 'TCP'){
+ $tcp=1;
+ }elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'UDP'){
+ $udp=1;
+ }elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'ICMP'){
+ $icmp=1;
+ }
+ }
+ }
+ if ($tcp eq '1'){push (@ips,'TCP');}
+ if ($udp eq '1'){push (@ips,'UDP');}
+ if ($icmp eq '1'){push (@ips,'ICMP');}
+ my $back=join(",",@ips);
+ return $back;
+
+}
+
+
+sub get_srv_port
+{
+ my $val=shift;
+ my $field=shift;
+ my $prot=shift;
+ foreach my $key (sort keys %customservice){
+ if($customservice{$key}[0] eq $val){
+ if($customservice{$key}[2] eq $prot){
+ return $customservice{$key}[$field];
+ }
+ }
+ }
+}
+sub get_srvgrp_port
+{
+ my $val=shift;
+ my $prot=shift;
+ my $back;
+ my $value;
+ my @ips=();
+ foreach my $key (sort keys %customservicegrp){
+ if($customservicegrp{$key}[0] eq $val){
+ if ($prot ne 'ICMP'){
+ $value=&get_srv_port($customservicegrp{$key}[2],1,$prot);
+ }elsif ($prot eq 'ICMP'){
+ $value=&get_srv_port($customservicegrp{$key}[2],3,$prot);
+ }
+ push (@ips,$value) if ($value ne '') ;
+ }
+ }
+ if($prot ne 'ICMP'){
+ if ($#ips gt 0){$back="-m multiport --dports ";}else{$back="--dport ";}
+ }elsif ($prot eq 'ICMP'){
+ $back="--icmp-type ";
+ }
+
+ $back.=join(",",@ips);
+ return $back;
+}
+sub get_ipsec_net_ip
+{
+ my $val=shift;
+ my $field=shift;
+ foreach my $key (sort keys %ipsecconf){
+ if($ipsecconf{$key}[1] eq $val){
+ return $ipsecconf{$key}[$field];
+ }
+ }
+}
+sub get_ipsec_host_ip
+{
+ my $val=shift;
+ my $field=shift;
+ foreach my $key (sort keys %ipsecconf){
+ if($ipsecconf{$key}[1] eq $val){
+ return $ipsecconf{$key}[$field];
+ }
+ }
+}
+sub get_ovpn_n2n_ip
+{
+ my $val=shift;
+ my $field=shift;
+ foreach my $key (sort keys %ccdhost){
+ if($ccdhost{$key}[1] eq $val){
+ return $ccdhost{$key}[$field];
+ }
+ }
+}
+sub get_ovpn_host_ip
+{
+ my $val=shift;
+ my $field=shift;
+ foreach my $key (sort keys %ccdhost){
+ if($ccdhost{$key}[1] eq $val){
+ return $ccdhost{$key}[$field];
+ }
+ }
+}
+sub get_ovpn_net_ip
+{
+
+ my $val=shift;
+ my $field=shift;
+ foreach my $key (sort keys %ccdnet){
+ if($ccdnet{$key}[0] eq $val){
+ return $ccdnet{$key}[$field];
+ }
+ }
+}
+sub get_grp_ip
+{
+ my $val=shift;
+ my $src=shift;
+ foreach my $key (sort keys %customgrp){
+ if ($customgrp{$key}[0] eq $val){
+ &get_address($customgrp{$key}[3],$src);
+ }
+ }
+
+}
+sub get_std_net_ip
+{
+ my $val=shift;
+ if ($val eq 'ALL'){
+ return "0.0.0.0/0.0.0.0";
+ }elsif($val eq 'GREEN'){
+ return "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
+ }elsif($val eq 'ORANGE'){
+ return "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}";
+ }elsif($val eq 'BLUE'){
+ return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
+ }elsif($val =~ /OpenVPN/i){
+ return "$ovpnsettings{'DOVPN_SUBNET'}";
+ }elsif($val =~ /IPsec/i){
+ return "$ipsecsettings{'RW_NET'}";
+ }
+}
+sub get_net_ip
+{
+ my $val=shift;
+ foreach my $key (sort keys %customnetwork){
+ if($customnetwork{$key}[0] eq $val){
+ return "$customnetwork{$key}[1]/$customnetwork{$key}[2]";
+ }
+ }
+}
+sub get_host_ip
+{
+ my $val=shift;
+ my $src=shift;
+ foreach my $key (sort keys %customhost){
+ if($customhost{$key}[0] eq $val){
+ if ($customhost{$key}[1] eq 'mac' && $src eq 'src'){
+ return "-m mac --mac-source $customhost{$key}[2]";
+ }elsif($customhost{$key}[1] eq 'ip' && $src eq 'src'){
+ return "$customhost{$key}[2]";
+ }elsif($customhost{$key}[1] eq 'ip' && $src eq 'tgt'){
+ return "$customhost{$key}[2]";
+ }elsif($customhost{$key}[1] eq 'mac' && $src eq 'tgt'){
+ return "none";
+ }
+ }
+ }
+}
+
+return 1;
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2012 #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+# #
+# Hi folks! I hope this code is useful for all. I needed something to handle #
+# my VPN Connections in a comfortable way. #
+# This script builds firewallrules from the webinterface #
+###############################################################################
+
+
+use strict;
+no warnings 'uninitialized';
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+my %fwdfwsettings=();
+my %defaultNetworks=();
+my %configfwdfw=();
+my %color=();
+my %icmptypes=();
+my %ovpnSettings=();
+my %customgrp=();
+our %sourcehash=();
+our %targethash=();
+my @timeframe=();
+my %configinputfw=();
+my %aliases=();
+my @DPROT=();
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/forward/bin/firewall-lib.pl";
+
+my $configfwdfw = "${General::swroot}/forward/config";
+my $configinput = "${General::swroot}/forward/input";
+my $configgrp = "${General::swroot}/fwhosts/customgroups";
+my $errormessage='';
+my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT);
+my $CHAIN="FORWARDFW";
+
+
+&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
+&General::readhasharray($configfwdfw, \%configfwdfw);
+&General::readhasharray($configinput, \%configinputfw);
+&General::readhasharray($configgrp, \%customgrp);
+&General::get_aliases(\%aliases);
+
+################################
+# DEBUG/TEST #
+################################
+my $MODE=0; # 0 - normal operation
+ # 1 - print configline and rules to console
+ #
+################################
+my $param=shift;
+
+if($param eq 'flush'){
+ if ($MODE eq '1'){
+ print " Flushing chains...\n";
+ }
+ &flush;
+}else{
+ if ($MODE eq '1'){
+ print " Flushing chains...\n";
+ }
+ &flush;
+ if ($MODE eq '1'){
+ print " Preparing rules...\n";
+ }
+ &preparerules;
+ if($MODE eq '0'){
+ if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
+ system ("iptables -A $CHAIN -j DROP");
+ }elsif($fwdfwsettings{'POLICY'} eq 'MODE2'){
+ system ("iptables -A $CHAIN -j ACCEPT");
+ }
+ }
+}
+
+sub flush
+{
+ system ("iptables -F FORWARDFW");
+ system ("iptables -F INPUTFW");
+}
+sub preparerules
+{
+ if (! -z "${General::swroot}/forward/config"){
+ &buildrules(\%configfwdfw);
+ }
+ if (! -z "${General::swroot}/forward/input"){
+ &buildrules(\%configinputfw);
+ }
+}
+sub buildrules
+{
+ my $hash=shift;
+ foreach my $key (sort keys %$hash){
+ if($$hash{$key}[2] eq 'ON'){
+ #get source ip's
+ if ($$hash{$key}[3] eq 'cust_grp_src'){
+ foreach my $grp (sort keys %customgrp){
+ if($customgrp{$grp}[0] eq $$hash{$key}[4]){
+ &get_address($customgrp{$grp}[3],$customgrp{$grp}[2],"src");
+ }
+ }
+ }else{
+ &get_address($$hash{$key}[3],$$hash{$key}[4],"src");
+ }
+ #get target ip's
+ if ($$hash{$key}[5] eq 'cust_grp_tgt'){
+ foreach my $grp (sort keys %customgrp){
+ if($customgrp{$grp}[0] eq $$hash{$key}[6]){
+ &get_address($customgrp{$grp}[3],$customgrp{$grp}[2],"tgt");
+ }
+ }
+ }elsif($$hash{$key}[5] eq 'ipfire'){
+
+ if($$hash{$key}[6] eq 'Default IP'){
+ open(FILE, "/var/ipfire/red/local-ipaddress") or die 'Unable to open config file.';
+ $targethash{$key}[0]= <FILE>;
+ close(FILE);
+ }else{
+ foreach my $alias (sort keys %aliases){
+ if ($$hash{$key}[6] eq $alias){
+ $targethash{$key}[0]=$aliases{$alias}{'IPT'};
+ }
+ }
+ }
+ }else{
+ &get_address($$hash{$key}[5],$$hash{$key}[6],"tgt");
+ }
+
+ ##get source prot and port
+ $SRC_TGT='SRC';
+ $SPROT = &get_prot($hash,$key);
+ $SPORT = &get_port($hash,$key);
+ $SRC_TGT='';
+
+ ##get target prot and port
+ $DPROT=&get_prot($hash,$key);
+
+ if ($DPROT eq ''){$DPROT=' ';}
+ @DPROT=split(",",$DPROT);
+
+
+ #get time if defined
+ if($$hash{$key}[18] eq 'ON'){
+ if($$hash{$key}[19] ne ''){push (@timeframe,"Mon");}
+ if($$hash{$key}[20] ne ''){push (@timeframe,"Tue");}
+ if($$hash{$key}[21] ne ''){push (@timeframe,"Wed");}
+ if($$hash{$key}[22] ne ''){push (@timeframe,"Thu");}
+ if($$hash{$key}[23] ne ''){push (@timeframe,"Fri");}
+ if($$hash{$key}[24] ne ''){push (@timeframe,"Sat");}
+ if($$hash{$key}[25] ne ''){push (@timeframe,"Sun");}
+ $TIME=join(",",@timeframe);
+ $TIMEFROM="--timestart $$hash{$key}[26] ";
+ $TIMETILL="--timestop $$hash{$key}[27] ";
+ $TIME="-m time --weekdays $TIME $TIMEFROM $TIMETILL";
+ }
+
+ if ($MODE eq '1'){
+ print "NR:$key ";
+ foreach my $i (0 .. $#{$$hash{$key}}){
+ print "$i: $$hash{$key}[$i] ";
+ }
+ print "\n";
+ print"##################################\n";
+ #print rules to console
+
+ foreach my $DPROT (@DPROT){
+ $DPORT = &get_port($hash,$key,$DPROT);
+ if ($SPROT ne ''){$PROT=$SPROT;}else{$PROT=$DPROT;}
+ $PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
+ foreach my $a (sort keys %sourcehash){
+ foreach my $b (sort keys %targethash){
+ if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none'){
+ if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){
+ if ($$hash{$key}[17] eq 'ON'){
+ print "iptables -A $$hash{$key}[1] $PROT -s $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
+ }
+ print "iptables -A $$hash{$key}[1] $PROT -s $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
+ }
+ }
+ }
+ }
+ print"\n";
+ }
+
+ }elsif($MODE eq '0'){
+ foreach my $DPROT (@DPROT){
+ $DPORT = &get_port($hash,$key,$DPROT);
+ if ($SPROT ne ''){$PROT=$SPROT;}else{$PROT=$DPROT;}
+ $PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
+ foreach my $a (sort keys %sourcehash){
+ foreach my $b (sort keys %targethash){
+ if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none'){
+ if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){
+ if ($$hash{$key}[17] eq 'ON'){
+ system ("iptables -A $$hash{$key}[1] $PROT -s $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG");
+ }
+ system ("iptables -A $$hash{$key}[1] $PROT -s $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]");
+ }
+ }
+ }
+ }
+ print"\n";
+ }
+ }
+ }
+ %sourcehash=();
+ %targethash=();
+ undef $TIME;
+ undef $TIMEFROM;
+ undef $TIMETILL;
+ }
+}
+sub get_address
+{
+ my $base=shift; #source of checking ($configfwdfw{$key}[x] or groupkey
+ my $base2=shift;
+ my $type=shift; #src or tgt
+ my $hash;
+ if ($type eq 'src'){
+ $hash=\%sourcehash;
+ }else{
+ $hash=\%targethash;
+ }
+ my $key = &General::findhasharraykey($hash);
+ if($base eq 'src_addr' || $base eq 'tgt_addr' ){
+ $$hash{$key}[0] = $configfwdfw{$key}[4];
+ }elsif($base eq 'std_net_src' || $base eq 'std_net_tgt' || $base eq 'Standard Network'){
+ $$hash{$key}[0]=&fwlib::get_std_net_ip($base2);
+ }elsif($base eq 'cust_net_src' || $base eq 'cust_net_tgt' || $base eq 'Custom Network'){
+ $$hash{$key}[0]=&fwlib::get_net_ip($base2);
+ }elsif($base eq 'cust_host_src' || $base eq 'cust_host_tgt' || $base eq 'Custom Host'){
+ $$hash{$key}[0]=&fwlib::get_host_ip($base2,$type);
+ }elsif($base eq 'ovpn_net_src' || $base eq 'ovpn_net_tgt' || $base eq 'OpenVPN static network'){
+ $$hash{$key}[0]=&fwlib::get_ovpn_net_ip($base2,1);
+ }elsif($base eq 'ovpn_host_src' ||$base eq 'ovpn_host_tgt' || $base eq 'OpenVPN static host'){
+ $$hash{$key}[0]=&fwlib::get_ovpn_host_ip($base2,33);
+ }elsif($base eq 'ovpn_n2n_src' ||$base eq 'ovpn_n2n_tgt' || $base eq 'OpenVPN N-2-N'){
+ $$hash{$key}[0]=&fwlib::get_ovpn_n2n_ip($base2,27);
+ }elsif($base eq 'ipsec_net_src' || $base eq 'ipsec_net_tgt' || $base eq 'IpSec Network'){
+ $$hash{$key}[0]=&fwlib::get_ipsec_net_ip($base2,11);
+ }
+}
+sub get_prot
+{
+ my $hash=shift;
+ my $key=shift;
+ if ($$hash{$key}[7] eq 'ON' && $SRC_TGT eq 'SRC'){
+ if ($$hash{$key}[10] ne ''){
+ return"$$hash{$key}[8]";
+ }elsif($$hash{$key}[9] ne ''){
+ return"$$hash{$key}[8]";
+ }else{
+ return "$$hash{$key}[8]";
+ }
+ }elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){
+ if ($$hash{$key}[14] eq 'TGT_PORT'){
+ if ($$hash{$key}[15] ne ''){
+ return "$$hash{$key}[12]";
+ }elsif($$hash{$key}[13] ne ''){
+ return "$$hash{$key}[12]";
+ }else{
+ return "$$hash{$key}[12]";
+ }
+ }elsif($$hash{$key}[14] eq 'cust_srv'){
+ return &fwlib::get_srv_prot($$hash{$key}[15]);
+
+ }elsif($$hash{$key}[14] eq 'cust_srvgrp'){
+ return &fwlib::get_srvgrp_prot($$hash{$key}[15]);
+ }
+ }
+}
+sub get_port
+{
+ my $hash=shift;
+ my $key=shift;
+ my $prot=shift;
+ if ($$hash{$key}[7] eq 'ON' && $SRC_TGT eq 'SRC'){
+ if ($$hash{$key}[10] ne ''){
+ return "--sport $$hash{$key}[10] ";
+ }elsif($$hash{$key}[9] ne ''){
+ return "--icmp-type $$hash{$key}[9] ";
+ }
+ }elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){
+
+ if($$hash{$key}[14] eq 'TGT_PORT'){
+ if ($$hash{$key}[15] ne ''){
+ return "--dport $$hash{$key}[15] ";
+ }elsif($$hash{$key}[13] ne '' && $$hash{$key}[13] ne 'All ICMP-Types'){
+ return "--icmp-type $$hash{$key}[13] ";
+ }elsif($$hash{$key}[13] ne '' && $$hash{$key}[13] eq 'All ICMP-Types'){
+ return;
+ }
+ }elsif($$hash{$key}[14] eq 'cust_srv'){
+ if ($prot ne 'ICMP'){
+ return "--dport ".&fwlib::get_srv_port($$hash{$key}[15],1,$prot);
+ }elsif($prot eq 'ICMP' && $$hash{$key}[15] ne 'All ICMP-Types'){
+ return "--icmp-type ".&fwlib::get_srv_port($$hash{$key}[15],3,$prot);
+ }elsif($prot eq 'ICMP' && $$hash{$key}[15] eq 'All ICMP-Types'){
+ return;
+ }
+ }elsif($$hash{$key}[14] eq 'cust_srvgrp'){
+ if ($prot ne 'ICMP'){
+ return &fwlib::get_srvgrp_port($$hash{$key}[15],$prot);
+ }
+ elsif($prot eq 'ICMP'){
+ return &fwlib::get_srvgrp_port($$hash{$key}[15],$prot);
+ }
+
+
+ }
+ }
+}
--- /dev/null
+0,echo-reply (pong),0
+1,destination-unreachable,3
+2,network-unreachable,3/0
+3,host-unreachable,3/1
+4,protocol-unreachable,3/2
+5,port-unreachable,3/3
+6,fragmentation-needed,3/4
+7,source-route-failed,3/5
+8,network-unknown,3/6
+9,host-unknown,3/7
+10,network-prohibited,3/9
+11,host-prohibited,3/10
+12,TOS-network-unreachable,3/11
+13,TOS-host-unreachable,3/12
+14,communication-prohibited,3/13
+15,host-precedence-violation,3/14
+16,precedence-cutoff,3/15
+17,source-quench,4
+18,redirect,5
+19,network-redirect,5/0
+20,host-redirect,5/1
+21,TOS-network-redirect,5/2
+22,TOS-host-redirect,5/3
+23,echo-request (ping),8
+24,router-advertisement,9
+25,router-solicitation,10
+26,time-exceeded (ttl-exceeded),11
+27,ttl-zero-during-transit,11/0
+28,ttl-zero-during-reassembly,11/1
+29,parameter-problem,12
+30,ip-header-bad,12/0
+31,required-option-missing,12/1
+32,timestamp-request,13
+33,timestamp-reply,14
+34,address-mask-request,17
+35,address-mask-reply,18
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2012 #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+# #
+# Hi folks! I hope this code is useful for all. I needed something to handle #
+# my VPN Connections in a comfortable way. As a prerequisite i needed #
+# something that makes sure the vpn roadwarrior are able to have a fixed #
+# ip-address. So i developed the ccd extension for the vpn server. #
+# #
+# Now that the ccd extension is ready i am able to develop the main request. #
+# Any feedback is appreciated. #
+# #
+# #
+###############################################################################
+
+use strict;
+no warnings 'uninitialized';
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+require "${General::swroot}/forward/bin/firewall-lib.pl";
+
+unless (-d "${General::swroot}/forward") { system("mkdir ${General::swroot}/forward"); }
+unless (-e "${General::swroot}/forward/settings") { system("touch ${General::swroot}/forward/settings"); }
+unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); }
+unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); }
+
+my %fwdfwsettings=();
+my %selected=() ;
+my %defaultNetworks=();
+my %netsettings=();
+my %customhost=();
+my %customgrp=();
+my %customnetworks=();
+my %customservice=();
+my %customservicegrp=();
+my %ccdnet=();
+my %customnetwork=();
+my %ccdhost=();
+my %configfwdfw=();
+my %configinputfw=();
+my %ipsecconf=();
+my %color=();
+my %mainsettings=();
+my %checked=();
+my %icmptypes=();
+my %ovpnsettings=();
+my %ipsecsettings=();
+my %aliases=();
+my $color;
+my $confignet = "${General::swroot}/fwhosts/customnetworks";
+my $confighost = "${General::swroot}/fwhosts/customhosts";
+my $configgrp = "${General::swroot}/fwhosts/customgroups";
+my $configsrv = "${General::swroot}/fwhosts/customservices";
+my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
+my $configccdnet = "${General::swroot}/ovpn/ccd.conf";
+my $configccdhost = "${General::swroot}/ovpn/ovpnconfig";
+my $configipsec = "${General::swroot}/vpn/config";
+my $configipsecrw = "${General::swroot}/vpn/settings";
+my $configfwdfw = "${General::swroot}/forward/config";
+my $configinput = "${General::swroot}/forward/input";
+my $configovpn = "${General::swroot}/ovpn/settings";
+
+my $errormessage='';
+my $hint='';
+my $ipgrp="${General::swroot}/outgoing/groups";
+
+
+&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+&Header::showhttpheaders();
+&Header::getcgihash(\%fwdfwsettings);
+&Header::openpage($Lang::tr{'fwdfw menu'}, 1, '');
+&Header::openbigbox('100%', 'center',$errormessage);
+#### ACTION #####
+
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'save'})
+{
+ my $MODE = $fwdfwsettings{'POLICY'};
+ %fwdfwsettings = ();
+ $fwdfwsettings{'POLICY'} = "$MODE";
+ &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
+ &reread_rules;
+}
+if ($fwdfwsettings{'ACTION'} eq 'saverule')
+{
+ &General::readhasharray("$configfwdfw", \%configfwdfw);
+ &General::readhasharray("$configinput", \%configinputfw);
+ $errormessage=&checksource;
+ if(!$errormessage){&checktarget;}
+ if(!$errormessage){&checkrule;}
+
+ #check if we change an forward rule to an external access
+ if( $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'oldgrp2a'} ne 'ipfire'){
+ $fwdfwsettings{'updatefwrule'}='';
+ $fwdfwsettings{'config'}=$configfwdfw;
+ $fwdfwsettings{'nobase'}='on';
+ &deleterule;
+ }
+
+ #check if we change an external access rule to an forward
+ if( $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire'){
+ $fwdfwsettings{'updatefwrule'}='';
+ $fwdfwsettings{'config'}=$configinput;
+ $fwdfwsettings{'nobase'}='on';
+ &deleterule;
+ }
+
+ #INPUT part
+ if($fwdfwsettings{'grp2'} eq 'ipfire'){
+ $fwdfwsettings{'chain'} = 'INPUTFW';
+ #check if we have an identical rule already
+ foreach my $key (sort keys %configinputfw){
+ if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
+ eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[16],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ }
+ }
+
+ &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ if ($fwdfwsettings{'nobase'} ne 'on'){
+ &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
+ }
+
+ if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
+ }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }
+
+ if ($fwdfwsettings{'nobase'} eq 'on'){
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }
+
+
+ &saverule(\%configinputfw,$configinput);
+
+ #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
+ #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}<br>";
+ #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
+ #print "Dienst: $fwdfwsettings{'USESRV'}, $fwdfwsettings{'grp3'} -> $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
+ #print "BEMERKUNG: $fwdfwsettings{'ruleremark'}<br>";
+ #print " Regel AKTIV: $fwdfwsettings{'ACTIVE'}<br>";
+ #print " Regel LOG: $fwdfwsettings{'LOG'}<br>";
+ #print " ZEITRAHMEN: $fwdfwsettings{'TIME'}<br>";
+ #print " MO: $fwdfwsettings{'TIME_MON'}<br>";
+ #print " DI: $fwdfwsettings{'TIME_TUE'}<br>";
+ #print " MI: $fwdfwsettings{'TIME_WED'}<br>";
+ #print " DO: $fwdfwsettings{'TIME_THU'}<br>";
+ #print " FR: $fwdfwsettings{'TIME_FRI'}<br>";
+ #print " SA: $fwdfwsettings{'TIME_SAT'}<br>";
+ #print " SO: $fwdfwsettings{'TIME_SUN'}<br>";
+ #print " VON: $fwdfwsettings{'TIME_FROM'} bis $fwdfwsettings{'TIME_TO'}<br>";
+ #print "<br>";
+ #print"ALT: $fwdfwsettings{'oldgrp1a'} $fwdfwsettings{'oldgrp1b'} NEU: $fwdfwsettings{'grp1'} $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
+ #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
+ #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
+ #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
+
+
+
+ }else{
+ $fwdfwsettings{'chain'} = 'FORWARDFW';
+ #check if we have an identical rule already
+ foreach my $key (sort keys %configfwdfw){
+
+ if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
+ eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[16],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ }
+ }
+ #increase counters
+ &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+
+ &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
+
+ if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
+ }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }
+
+ if ($fwdfwsettings{'nobase'} eq 'on'){
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }
+
+
+ &saverule(\%configfwdfw,$configfwdfw);
+
+ #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
+ #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}<br>";
+ #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
+ #print "Dienst: $fwdfwsettings{'USESRV'}, $fwdfwsettings{'grp3'} -> $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
+ #print "BEMERKUNG: $fwdfwsettings{'ruleremark'}<br>";
+ #print " Regel AKTIV: $fwdfwsettings{'ACTIVE'}<br>";
+ #print " Regel LOG: $fwdfwsettings{'LOG'}<br>";
+ #print " ZEITRAHMEN: $fwdfwsettings{'TIME'}<br>";
+ #print " MO: $fwdfwsettings{'TIME_MON'}<br>";
+ #print " DI: $fwdfwsettings{'TIME_TUE'}<br>";
+ #print " MI: $fwdfwsettings{'TIME_WED'}<br>";
+ #print " DO: $fwdfwsettings{'TIME_THU'}<br>";
+ #print " FR: $fwdfwsettings{'TIME_FRI'}<br>";
+ #print " SA: $fwdfwsettings{'TIME_SAT'}<br>";
+ #print " SO: $fwdfwsettings{'TIME_SUN'}<br>";
+ #print " VON: $fwdfwsettings{'TIME_FROM'} bis $fwdfwsettings{'TIME_TO'}<br>";
+ #print "<br>";
+ #print"ALT: $fwdfwsettings{'oldgrp1a'} $fwdfwsettings{'oldgrp1b'} NEU: $fwdfwsettings{'grp1'} $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
+ #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
+ #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
+ #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
+
+
+
+ }
+ if ($errormessage){
+ &newrule;
+ }else{
+ &rules;
+ &base;
+ }
+
+}
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'reset'})
+{
+ &General::readhasharray("$configfwdfw", \%configfwdfw);
+ foreach my $key (sort keys %configfwdfw){
+ &checkcounter($configfwdfw{$key}[3],$configfwdfw{$key}[4],,);
+ &checkcounter($configfwdfw{$key}[5],$configfwdfw{$key}[6],,);
+ &checkcounter($configfwdfw{$key}[14],$configfwdfw{$key}[15],,);
+ }
+ &General::readhasharray("$configinput", \%configinputfw);
+ foreach my $key (sort keys %configinputfw){
+ &checkcounter($configinputfw{$key}[3],$configinputfw{$key}[4],,);
+ &checkcounter($configinputfw{$key}[5],$configinputfw{$key}[6],,);
+ &checkcounter($configinputfw{$key}[14],$configinputfw{$key}[15],,);
+ }
+ $fwdfwsettings{'POLICY'}='MODE0';
+ system("rm ${General::swroot}/forward/config");
+ system("rm ${General::swroot}/forward/input");
+ %fwdfwsettings = ();
+
+ &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
+ unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); }
+ unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); }
+
+ &reread_rules;
+
+}
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw newrule'})
+{
+ &newrule;
+}
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw toggle'})
+{
+ my %togglehash=();
+ &General::readhasharray($fwdfwsettings{'config'}, \%togglehash);
+ foreach my $key (sort keys %togglehash){
+ if ($key eq $fwdfwsettings{'key'}){
+ if ($togglehash{$key}[2] eq 'ON'){$togglehash{$key}[2]='';}else{$togglehash{$key}[2]='ON';}
+ }
+ }
+ &General::writehasharray($fwdfwsettings{'config'}, \%togglehash);
+ &rules;
+ &base;
+}
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw togglelog'})
+{
+ my %togglehash=();
+ &General::readhasharray($fwdfwsettings{'config'}, \%togglehash);
+ foreach my $key (sort keys %togglehash){
+ if ($key eq $fwdfwsettings{'key'}){
+ if ($togglehash{$key}[17] eq 'ON'){$togglehash{$key}[17]='';}else{$togglehash{$key}[17]='ON';}
+ }
+ }
+ &General::writehasharray($fwdfwsettings{'config'}, \%togglehash);
+ &rules;
+ &base;
+}
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'})
+{
+ &reread_rules;
+ &base;
+}
+if ($fwdfwsettings{'ACTION'} eq 'editrule')
+{
+ $fwdfwsettings{'updatefwrule'}='on';
+ &newrule;
+}
+if ($fwdfwsettings{'ACTION'} eq 'deleterule')
+{
+ &deleterule;
+}
+if ($fwdfwsettings{'ACTION'} eq 'moveup')
+{
+ &pos_up;
+ &base;
+}
+if ($fwdfwsettings{'ACTION'} eq 'movedown')
+{
+ &pos_down;
+ &base;
+}
+if ($fwdfwsettings{'ACTION'} eq 'copyrule')
+{
+ $fwdfwsettings{'copyfwrule'}='on';
+ #$fwdfwsettings{'updatefwrule'}='on';
+ &newrule;
+}
+if ($fwdfwsettings{'ACTION'} eq '')
+{
+ &base;
+}
+### Functions ####
+sub pos_up
+{
+ my %uphash=();
+ my %tmp=();
+ &General::readhasharray($fwdfwsettings{'config'}, \%uphash);
+ foreach my $key (sort keys %uphash){
+ if ($key eq $fwdfwsettings{'key'}) {
+ my $last = $key -1;
+ if (exists $uphash{$last}){
+ #save rule last
+ foreach my $y (0 .. $#{$uphash{$last}}) {
+ $tmp{0}[$y] = $uphash{$last}[$y];
+ }
+ #copy active rule to last
+ foreach my $i (0 .. $#{$uphash{$last}}) {
+ $uphash{$last}[$i] = $uphash{$key}[$i];
+ }
+ #copy saved rule to actual position
+ foreach my $x (0 .. $#{$tmp{0}}) {
+ $uphash{$key}[$x] = $tmp{0}[$x];
+ }
+ }
+ }
+ }
+ &General::writehasharray($fwdfwsettings{'config'}, \%uphash);
+ &rules;
+}
+sub pos_down
+{
+ my %downhash=();
+ my %tmp=();
+ &General::readhasharray($fwdfwsettings{'config'}, \%downhash);
+ foreach my $key (sort keys %downhash){
+ if ($key eq $fwdfwsettings{'key'}) {
+ my $next = $key + 1;
+ if (exists $downhash{$next}){
+ #save rule next
+ foreach my $y (0 .. $#{$downhash{$next}}) {
+ $tmp{0}[$y] = $downhash{$next}[$y];
+ }
+ #copy active rule to next
+ foreach my $i (0 .. $#{$downhash{$next}}) {
+ $downhash{$next}[$i] = $downhash{$key}[$i];
+ }
+ #copy saved rule to actual position
+ foreach my $x (0 .. $#{$tmp{0}}) {
+ $downhash{$key}[$x] = $tmp{0}[$x];
+ }
+ }
+ }
+ }
+ &General::writehasharray($fwdfwsettings{'config'}, \%downhash);
+ &rules;
+}
+sub checkcounter
+{
+ my ($base1,$val1,$base2,$val2) = @_;
+
+ if($base1 eq 'cust_net_src' || $base1 eq 'cust_net_tgt'){
+ &dec_counter($confignet,\%customnetwork,$val1);
+ }elsif($base1 eq 'cust_host_src' || $base1 eq 'cust_host_tgt'){
+ &dec_counter($confighost,\%customhost,$val1);
+ }elsif($base1 eq 'cust_grp_src' || $base1 eq 'cust_grp_tgt'){
+ &dec_counter($configgrp,\%customgrp,$val1);
+ }elsif($base1 eq 'cust_srv'){
+ &dec_counter($configsrv,\%customservice,$val1);
+ }elsif($base1 eq 'cust_srvgrp'){
+ &dec_counter($configsrvgrp,\%customservicegrp,$val1);
+ }
+
+ if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){
+ &inc_counter($confignet,\%customnetwork,$val2);
+ }elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){
+ &inc_counter($confighost,\%customhost,$val2);
+ }elsif($base2 eq 'cust_grp_src' || $base2 eq 'cust_grp_tgt'){
+ &inc_counter($configgrp,\%customgrp,$val2);
+ }elsif($base2 eq 'cust_srv'){
+ &inc_counter($configsrv,\%customservice,$val2);
+ }elsif($base2 eq 'cust_srvgrp'){
+ &inc_counter($configsrvgrp,\%customservicegrp,$val2);
+ }
+}
+sub inc_counter
+{
+ my $config=shift;
+ my %hash=%{(shift)};
+ my $val=shift;
+ my $pos;
+
+ &General::readhasharray($config, \%hash);
+ foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
+ if($hash{$key}[0] eq $val){
+ $pos=$#{$hash{$key}};
+ $hash{$key}[$pos] = $hash{$key}[$pos]+1;
+
+ }
+ }
+ &General::writehasharray($config, \%hash);
+}
+sub dec_counter
+{
+ my $config=shift;
+ my %hash=%{(shift)};
+ my $val=shift;
+ my $pos;
+ #$errormessage.="ALT:config: $config , verringert wird $val <br>";
+ &General::readhasharray($config, \%hash);
+ foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
+ if($hash{$key}[0] eq $val){
+ $pos=$#{$hash{$key}};
+ $hash{$key}[$pos] = $hash{$key}[$pos]-1;
+
+ }
+ }
+ &General::writehasharray($config, \%hash);
+}
+sub base
+{
+
+ if ($fwdfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; }
+ if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; }
+ if ($fwdfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; }
+
+ &hint;
+ if ($fwdfwsettings{'POLICY'} ne 'MODE0' && $fwdfwsettings{'POLICY'} ne '') {
+ &addrule;
+ }
+
+ #print"<table width='100' border='1'><tr>";
+ #foreach (0 .. 40){
+ #my $i="color".$_;
+ #print"<td bgcolor='$color{$i}'>$_</td>";
+ #}
+ #print"</tr></table>";
+ &Header::openbox('100%', 'center', 'Policy');
+print <<END;
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <table width='100%'>
+ <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 0:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode0'}</td></tr>
+ <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 1:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode1'}</td></tr>
+ <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 2:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode2'}</td></tr>
+ <tr><td colspan='3'><hr /></td></tr>
+ <tr><td width='10%' align='left'> <select name='POLICY' style="width: 85px"><option value='MODE0' $selected{'POLICY'}{'MODE0'}>$Lang::tr{'mode'} 0</option><option value='MODE1' $selected{'POLICY'}{'MODE1'}>$Lang::tr{'mode'} 1</option><option value='MODE2' $selected{'POLICY'}{'MODE2'}>$Lang::tr{'mode'} 2</option></select>
+ <td width='45%' align='left'><input type='submit' name='ACTION' value=$Lang::tr{'save'} />
+ <td width='45%' align='left'>
+END
+ if ($fwdfwsettings{'POLICY'} ne 'MODE0'&& $fwdfwsettings{'POLICY'} ne '' ) {
+ print "$Lang::tr{'outgoing firewall reset'}: <input type='submit' name='ACTION' value='$Lang::tr{'reset'}' />";
+ }
+print "</table></form>";
+ &Header::closebox();
+}
+sub addrule
+{
+ &error;
+ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
+
+ print "<form method='post'>";
+ print "<table border='0'>";
+ print "<tr><td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw newrule'}'></td>";
+ if (-f "${General::swroot}/forward/reread"){
+ print "<td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}'></td>";
+ }
+ print"</tr></table></form><hr>";
+
+ &Header::closebox();
+ &viewtablerule;
+
+}
+sub deleterule
+{
+ my %delhash=();
+ &General::readhasharray($fwdfwsettings{'config'}, \%delhash);
+ foreach my $key (sort keys %delhash){
+ if ($key eq $fwdfwsettings{'key'}){
+ #check hosts/net and groups
+ &checkcounter($delhash{$key}[3],$delhash{$key}[4],,);
+ &checkcounter($delhash{$key}[5],$delhash{$key}[6],,);
+ #check services and groups
+ if ($delhash{$key}[11] eq 'ON'){
+ &checkcounter($delhash{$key}[14],$delhash{$key}[15],,);
+ }
+ }
+
+ if ($key ge $fwdfwsettings{'key'}) {
+ my $next = $key + 1;
+ if (exists $delhash{$next}) {
+ foreach my $i (0 .. $#{$configfwdfw{$next}}) {
+ $delhash{$key}[$i] = $delhash{$next}[$i];
+ }
+ }
+ }
+ }
+ # Remove the very last entry.
+ my $last_key = (sort keys %delhash)[-1];
+ delete $delhash{$last_key};
+
+ &General::writehasharray($fwdfwsettings{'config'}, \%delhash);
+ &rules;
+ if($fwdfwsettings{'nobase'} ne 'on'){
+ &base;
+ }
+}
+sub disable_rule
+{
+ my $key1=shift;
+ &General::readhasharray("$configfwdfw", \%configfwdfw);
+ foreach my $key (sort keys %configfwdfw){
+ if ($key eq $key1 ){
+ if ($configfwdfw{$key}[2] eq 'ON'){$configfwdfw{$key}[2]='';}
+ }
+ }
+ &General::writehasharray("$configfwdfw", \%configfwdfw);
+ &rules;
+
+}
+sub checksource
+{
+ my ($ip,$subnet);
+
+ #check ip-address if manual
+ if ($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} ne ''){
+ #check if ip with subnet
+ if ($fwdfwsettings{'src_addr'} =~ /^(.*?)\/(.*?)$/) {
+ ($ip,$subnet)=split (/\//,$fwdfwsettings{'src_addr'});
+ $subnet = &General::iporsubtocidr($subnet);
+ }
+ #check if only ip
+ if($fwdfwsettings{'src_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+ $ip=$fwdfwsettings{'src_addr'};
+ $subnet = '32';
+ }
+ #check and form valid IP
+ $ip=&General::ip2dec($ip);
+ $ip=&General::dec2ip($ip);
+ #check if net or broadcast
+ my @tmp= split (/\./,$ip);
+ if (($tmp[3] eq "0") || ($tmp[3] eq "255"))
+ {
+ $errormessage=$Lang::tr{'fwhost err hostip'};
+ }
+ $fwdfwsettings{'src_addr'}="$ip/$subnet";
+
+ if(!&General::validipandmask($fwdfwsettings{'src_addr'})){
+ $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
+ }
+ }elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){
+ $errormessage.=$Lang::tr{'fwdfw err nosrcip'};
+ return $errormessage;
+ }
+
+ #check empty fields
+ if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}."<br>";}
+ #check icmp source
+ if ($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ICMP'){
+ $fwdfwsettings{'SRC_PORT'}='';
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ foreach my $key (keys %icmptypes){
+ if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}[1])"){
+ $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]";
+ }
+ }
+ }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP'){
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ }else{
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'PROT'}='';
+ }
+
+ if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP' && $fwdfwsettings{'SRC_PORT'} ne ''){
+ #change dashes with :
+ $fwdfwsettings{'SRC_PORT'}=~ tr/-/:/;
+
+ if ($fwdfwsettings{'SRC_PORT'} eq "*") {
+ $fwdfwsettings{'SRC_PORT'} = "1:65535";
+ }
+ if ($fwdfwsettings{'SRC_PORT'} =~ /^(\D)\:(\d+)$/) {
+ $fwdfwsettings{'SRC_PORT'} = "1:$2";
+ }
+ if ($fwdfwsettings{'SRC_PORT'} =~ /^(\d+)\:(\D)$/) {
+ $fwdfwsettings{'SRC_PORT'} = "$1:65535";
+ }
+
+ $errormessage.=&General::validportrange($fwdfwsettings{'SRC_PORT'},'src');
+ }
+ return $errormessage;
+}
+sub checktarget
+{
+ my ($ip,$subnet);
+
+
+ if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){
+ #check if ip with subnet
+ if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) {
+ ($ip,$subnet)=split (/\//,$fwdfwsettings{'tgt_addr'});
+ $subnet = &General::iporsubtocidr($subnet);
+ }
+ #check if only ip
+ if($fwdfwsettings{'tgt_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+ $ip=$fwdfwsettings{'tgt_addr'};
+ $subnet='32';
+ }
+ #check and form valid IP
+ $ip=&General::ip2dec($ip);
+ $ip=&General::dec2ip($ip);
+
+ #check if net or broadcast
+ my @tmp= split (/\./,$ip);
+ if (($tmp[3] eq "0") || ($tmp[3] eq "255"))
+ {
+ $errormessage=$Lang::tr{'fwhost err hostip'};
+ }
+ $fwdfwsettings{'tgt_addr'}=$ip."/".$subnet;
+
+ if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
+ $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
+ }
+
+ }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){
+ $errormessage.=$Lang::tr{'fwdfw err notgtip'};
+ return $errormessage;
+ }
+
+ #check empty fields
+ if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."<br>";}
+
+ #check tgt services
+ if ($fwdfwsettings{'USESRV'} eq 'ON'){
+ if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
+ $fwdfwsettings{'TGT_PROT'}='';
+ $fwdfwsettings{'ICMP_TGT'}='';
+ }
+ if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){
+ $fwdfwsettings{'TGT_PROT'}='';
+ $fwdfwsettings{'ICMP_TGT'}='';
+ #check target service
+ if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq ''){
+ $errormessage.=$Lang::tr{'fwdfw err tgt_grp'};
+ }
+ }
+ if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){
+ if ($fwdfwsettings{'TGT_PROT'} ne 'ICMP'){
+ if ($fwdfwsettings{'TGT_PORT'} ne ''){
+ #change dashes with :
+ $fwdfwsettings{'TGT_PORT'}=~ tr/-/:/;
+ if ($fwdfwsettings{'TGT_PORT'} eq "*") {
+ $fwdfwsettings{'TGT_PORT'} = "1:65535";
+ }
+ if ($fwdfwsettings{'TGT_PORT'} =~ /^(\D)\:(\d+)$/) {
+ $fwdfwsettings{'TGT_PORT'} = "1:$2";
+ }
+ if ($fwdfwsettings{'TGT_PORT'} =~ /^(\d+)\:(\D)$/) {
+ $fwdfwsettings{'TGT_PORT'} = "$1:65535";
+ }
+ $errormessage .= &General::validportrange($fwdfwsettings{'TGT_PORT'}, 'destination');
+ }
+ }elsif ($fwdfwsettings{'TGT_PROT'} eq 'ICMP'){
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ foreach my $key (keys %icmptypes){
+
+ if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwdfwsettings{'ICMP_TGT'}){
+
+ $fwdfwsettings{'ICMP_TGT'}=$icmptypes{$key}[0];
+ }
+ }
+ }
+ }
+ }
+
+ #check targetport
+ if ($fwdfwsettings{'USESRV'} ne 'ON'){
+ $fwdfwsettings{'grp3'}='';
+ $fwdfwsettings{$fwdfwsettings{'grp3'}}='';
+ $fwdfwsettings{'TGT_PROT'}='';
+ $fwdfwsettings{'ICMP_TGT'}='';
+ }
+
+
+ #check timeframe
+ if($fwdfwsettings{'TIME'} eq 'ON'){
+ if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && $fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && $fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && $fwdfwsettings{'TIME_SUN'} eq ''){
+ $errormessage=$Lang::tr{'fwdfw err time'};
+ }
+ }
+
+
+
+ return $errormessage;
+}
+sub checkrule
+{
+ #check valid remark
+ if ($fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
+ $errormessage.=$Lang::tr{'fwdfw err remark'}."<br>";
+ }
+ #check if source and target identical
+ if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}}){
+ $errormessage.=$Lang::tr{'fwdfw err same'};
+ return $errormessage;
+ }
+
+ #get source and targetip address if possible
+ my ($sip,$scidr,$tip,$tcidr);
+ ($sip,$scidr)=&get_ip("src","grp1");
+ ($tip,$tcidr)=&get_ip("tgt","grp2");
+
+
+
+ #check same iprange in source and target
+ if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){
+
+ my $networkip1=&General::getnetworkip($sip,$scidr);
+ my $networkip2=&General::getnetworkip($tip,$tcidr);
+ if ($scidr gt $tcidr){
+ if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr)) ){
+ $errormessage.=$Lang::tr{'fwdfw err samesub'};
+ }
+ }elsif($scidr eq $tcidr && $scidr eq '32'){
+ my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(".",$networkip1);
+ my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(".",$networkip2);
+ if ($sbyte1 eq $tbyte1 && $sbyte2 eq $tbyte2 && $sbyte3 eq $tbyte3){
+ $hint=$Lang::tr{'fwdfw hint ip1'}."<br>";
+ $hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target:$networkip2/$tcidr<br>";
+ }
+
+ }else{
+ if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
+ $errormessage.=$Lang::tr{'fwdfw err samesub'};
+ }
+ }
+ }
+
+ #check source and destination protocol if manual
+ if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){
+ if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
+ $errormessage.=$Lang::tr{'fwdfw err prot'};
+ }
+ #check source and destination protocol if source manual and dest servicegrp
+ if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
+ &General::readhasharray("$configsrv", \%customservice);
+ foreach my $key (sort keys %customservice){
+ if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){
+ if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){
+ $errormessage.=$Lang::tr{'fwdfw err prot'};
+ last;
+ }
+ }
+ }
+ }
+ }
+
+}
+sub get_ip
+{
+ my $val=shift;
+ my $grp =shift;
+ my $a;
+ my $b;
+ &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
+ if ($fwdfwsettings{$grp} ne $Lang::tr{'fwhost any'}){
+ if ($fwdfwsettings{$grp} eq $val.'_addr'){
+ ($a,$b) = split (/\//, $fwdfwsettings{$fwdfwsettings{$grp}});
+ }elsif($fwdfwsettings{$grp} eq 'std_net_'.$val){
+ if ($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Gr/i){
+ $a=$netsettings{'GREEN_NETADDRESS'};
+ $b=&General::iporsubtocidr($netsettings{'GREEN_NETMASK'});
+ }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Ora/i){
+ $a=$netsettings{'ORANGE_NETADDRESS'};
+ $b=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'});
+ }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Bl/i){
+ $a=$netsettings{'BLUE_NETADDRESS'};
+ $b=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'});
+ }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /OpenVPN/i){
+ &General::readhash("$configovpn",\%ovpnsettings);
+ ($a,$b) = split (/\//, $ovpnsettings{'DOVPN_SUBNET'});
+ $b=&General::iporsubtocidr($b);
+ }
+ }elsif($fwdfwsettings{$grp} eq 'cust_net_'.$val){
+ &General::readhasharray("$confignet", \%customnetwork);
+ foreach my $key (keys %customnetwork){
+ if($customnetwork{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){
+ $a=$customnetwork{$key}[1];
+ $b=&General::iporsubtocidr($customnetwork{$key}[2]);
+ }
+ }
+ }elsif($fwdfwsettings{$grp} eq 'cust_host_'.$val){
+ &General::readhasharray("$confighost", \%customhost);
+ foreach my $key (keys %customhost){
+ if($customhost{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){
+ if ($customhost{$key}[1] eq 'ip'){
+ ($a,$b)=split (/\//,$customhost{$key}[2]);
+ $b=&General::iporsubtocidr($b);
+ }else{
+ if ($grp eq 'grp2'){
+ $errormessage=$Lang::tr{'fwdfw err tgt_mac'};
+ }
+ }
+ }
+ }
+ }
+ }
+
+ return $a,$b;
+}
+sub newrule
+{
+ &error;
+ &General::setup_default_networks(\%defaultNetworks);
+ #read all configfiles
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ &General::readhasharray("$confignet", \%customnetwork);
+ &General::readhasharray("$configccdhost", \%ccdhost);
+ &General::readhasharray("$confighost", \%customhost);
+ &General::readhasharray("$configccdhost", \%ccdhost);
+ &General::readhasharray("$configgrp", \%customgrp);
+ &General::readhasharray("$configipsec", \%ipsecconf);
+ &General::get_aliases(\%aliases);
+
+
+ my %checked=();
+ my $helper;
+ if($fwdfwsettings{'config'} eq ''){$fwdfwsettings{'config'}=$configfwdfw;}
+ my $config=$fwdfwsettings{'config'};
+ my %hash=();
+
+ $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
+ $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
+ $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
+ $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
+ $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
+ $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
+ $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
+ $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
+ $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
+ $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
+ $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED';
+ $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED';
+ $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
+ $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
+ $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
+ $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
+ $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
+ $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
+
+ #check if update and get values
+ if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){
+ &General::readhasharray("$config", \%hash);
+ foreach my $key (sort keys %hash){
+ if ($key eq $fwdfwsettings{'key'}){
+ $fwdfwsettings{'RULE_ACTION'} = $hash{$key}[0];
+ $fwdfwsettings{'ACTIVE'} = $hash{$key}[2];
+ $fwdfwsettings{'grp1'} = $hash{$key}[3];
+ $fwdfwsettings{$fwdfwsettings{'grp1'}} = $hash{$key}[4];
+ $fwdfwsettings{'grp2'} = $hash{$key}[5];
+ $fwdfwsettings{$fwdfwsettings{'grp2'}} = $hash{$key}[6];
+ $fwdfwsettings{'USE_SRC_PORT'} = $hash{$key}[7];
+ $fwdfwsettings{'PROT'} = $hash{$key}[8];
+ $fwdfwsettings{'ICMP_TYPES'} = $hash{$key}[9];
+ $fwdfwsettings{'SRC_PORT'} = $hash{$key}[10];
+ $fwdfwsettings{'USESRV'} = $hash{$key}[11];
+ $fwdfwsettings{'TGT_PROT'} = $hash{$key}[12];
+ $fwdfwsettings{'ICMP_TGT'} = $hash{$key}[13];
+ $fwdfwsettings{'grp3'} = $hash{$key}[14];
+ $fwdfwsettings{$fwdfwsettings{'grp3'}} = $hash{$key}[15];
+ $fwdfwsettings{'ruleremark'} = $hash{$key}[16];
+ $fwdfwsettings{'LOG'} = $hash{$key}[17];
+ $fwdfwsettings{'TIME'} = $hash{$key}[18];
+ $fwdfwsettings{'TIME_MON'} = $hash{$key}[19];
+ $fwdfwsettings{'TIME_TUE'} = $hash{$key}[20];
+ $fwdfwsettings{'TIME_WED'} = $hash{$key}[21];
+ $fwdfwsettings{'TIME_THU'} = $hash{$key}[22];
+ $fwdfwsettings{'TIME_FRI'} = $hash{$key}[23];
+ $fwdfwsettings{'TIME_SAT'} = $hash{$key}[24];
+ $fwdfwsettings{'TIME_SUN'} = $hash{$key}[25];
+ $fwdfwsettings{'TIME_FROM'} = $hash{$key}[26];
+ $fwdfwsettings{'TIME_TO'} = $hash{$key}[27];
+
+ $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
+ $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
+ $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
+ $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
+ $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
+ $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
+ $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
+ $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
+ $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
+ $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
+ $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED';
+ $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED';
+ $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
+ $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
+ $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
+ $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
+ $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
+ $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
+ }
+ }
+ $fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'};
+ $fwdfwsettings{'oldgrp1b'}=$fwdfwsettings{$fwdfwsettings{'grp1'}};
+ $fwdfwsettings{'oldgrp2a'}=$fwdfwsettings{'grp2'};
+ $fwdfwsettings{'oldgrp2b'}=$fwdfwsettings{$fwdfwsettings{'grp2'}};
+ $fwdfwsettings{'oldgrp3a'}=$fwdfwsettings{'grp3'};
+ $fwdfwsettings{'oldgrp3b'}=$fwdfwsettings{$fwdfwsettings{'grp3'}};
+ $fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'};
+ }else{
+ $fwdfwsettings{'ACTIVE'}='ON';
+ $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
+ }
+
+ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
+
+print <<END;
+ <form method="post">
+ <table border='0'>
+ <tr><td nowrap>$Lang::tr{'fwdfw rule action'}</td><td><select name='RULE_ACTION'>
+END
+ foreach ("ACCEPT","DROP","REJECT")
+ {
+ if($fwdfwsettings{'POLICY'} eq 'MODE2'){
+ $fwdfwsettings{'RULE_ACTION'} = 'DROP';
+ }
+
+ if ($_ eq $fwdfwsettings{'RULE_ACTION'})
+ {
+ print"<option selected>$_</option>";
+ }else{
+ print"<option>$_</option>";
+ }
+ }
+ print"</select></td></tr></table><hr>";
+
+
+ &Header::closebox();
+ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'});
+
+
+ #------SOURCE-------------------------------------------------------
+ print<<END;
+ <table width='100%' border='0'>
+ <tr><td width='1%'><input type='radio' name='grp1' value='src_addr' checked></td><td colspan='5'>$Lang::tr{'fwdfw sourceip'}<input type='TEXT' name='src_addr' value='$fwdfwsettings{'src_addr'}' ></td></tr>
+ <tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr>
+ <tr><td width='1%'><input type='radio' name='grp1' value='std_net_src' $checked{'grp1'}{'std_net_src'}></td><td nowrap='nowrap' width='12%'>$Lang::tr{'fwhost stdnet'}</td><td width='13%'><select name='std_net_src' style='min-width:185px;'>
+
+END
+ foreach my $network (sort keys %defaultNetworks)
+ {
+ next if($defaultNetworks{$network}{'LOCATION'} eq "IPCOP");
+ print "<option value='$defaultNetworks{$network}{'NAME'}'";
+ print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $defaultNetworks{$network}{'NAME'});
+ print ">$network</option>";
+ }
+ print<<END;
+ </select></td><td width='1%'><input type='radio' name='grp1' value='ovpn_net_src' $checked{'grp1'}{'ovpn_net_src'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%'><select name='ovpn_net_src' style='min-width:185px;'>
+END
+ &fillselect(\%ccdnet,$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ print<<END;
+ </select></td></tr>
+ <tr><td><input type='radio' name='grp1' value='cust_net_src' $checked{'grp1'}{'cust_net_src'}></td><td>$Lang::tr{'fwhost cust net'}</td><td><select name='cust_net_src' style='min-width:185px;'>
+END
+ &fillselect(\%customnetwork,$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ print<<END;
+ </select></td><td width='1%'><input type='radio' name='grp1' value='ovpn_host_src' $checked{'grp1'}{'ovpn_host_src'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' width='1%'><select name='ovpn_host_src' style='min-width:185px;'>
+END
+ foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost)
+ {
+ if ($ccdhost{$key}[33] ne ''){
+
+ print "<option value='$ccdhost{$key}[1]'";
+ print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $ccdhost{$key}[1]);
+ print ">$ccdhost{$key}[1]</option>";
+ }
+ }
+ print<<END;
+ </select></td></tr>
+ <tr><td valign='top'><input type='radio' name='grp1' value='cust_host_src' $checked{'grp1'}{'cust_host_src'}></td><td>$Lang::tr{'fwhost cust addr'}</td><td><select name='cust_host_src' style='min-width:185px;'>
+END
+ &fillselect(\%customhost,$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ print<<END;
+ </select></td><td width='1%'><input type='radio' name='grp1' value='ovpn_n2n_src' $checked{'grp1'}{'ovpn_n2n_src'}></td><td >$Lang::tr{'fwhost ovpn_n2n'}</td><td colspan='3'><select name='ovpn_n2n_src' style='min-width:185px;'>
+END
+ foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost) {
+ if($ccdhost{$key}[3] eq 'net'){
+ print"<option ";
+ print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $ccdhost{$key}[1]);
+ print ">$ccdhost{$key}[1]</option>";
+ }
+ }
+ print<<END;
+ </select></td></tr>
+
+ <tr><td valign='top'><input type='radio' name='grp1' value='cust_grp_src' $checked{'grp1'}{'cust_grp_src'}></td><td >$Lang::tr{'fwhost cust grp'}</td><td><select name='cust_grp_src' style='min-width:185px;'>
+END
+ foreach my $key (sort { uc($customgrp{$a}[0]) cmp uc($customgrp{$b}[0]) } keys %customgrp) {
+ if($helper ne $customgrp{$key}[0]){
+ print"<option ";
+ print "selected='selected' " if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $customgrp{$key}[0]);
+ print ">$customgrp{$key}[0]</option>";
+
+
+ }
+ $helper=$customgrp{$key}[0];
+ }
+ print<<END;
+ </select></td>
+ <td valign='top'><input type='radio' name='grp1' value='ipsec_net_src' $checked{'grp1'}{'ipsec_net_src'}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td><select name='ipsec_net_src' style='min-width:185px;'>
+END
+ foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
+ if ($ipsecconf{$key}[3] eq 'net'){
+ print "<option ";
+ print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $ipsecconf{$key}[1]);
+ print ">$ipsecconf{$key}[1]</option>";
+ }
+ }
+ #sourceport
+ print<<END;
+ </select></td></tr>
+END
+
+# <td valign='top'><input type='radio' name='grp1' value='ipsec_host_src' $checked{'grp1'}{'ipsec_host_src'}></td><td >$Lang::tr{'fwhost ipsec host'}</td><td><select name='ipsec_host_src' style='min-width:185px;'>
+#END
+# foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
+# if ($ipsecconf{$key}[3] eq 'host'){
+# print "<option ";
+# print "selected='selected'" if($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $ipsecconf{$key}[1]);
+# print ">$ipsecconf{$key}[1]</option>";
+# }
+# }
+ print<<END;
+
+ <tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr></table>
+
+
+ <table width='100%' border='0'>
+ <tr><td width='1%'><input type='checkbox' name='USE_SRC_PORT' value='ON' $checked{'USE_SRC_PORT'}{'ON'}></td><td width='51%' colspan='3'>$Lang::tr{'fwdfw use srcport'}</td>
+ <td width='15%' nowrap='nowrap'>$Lang::tr{'fwdfw man port'}</td><td><select name='PROT'>
+END
+ foreach ("TCP","UDP","GRE","ICMP")
+ {
+ if ($_ eq $fwdfwsettings{'PROT'})
+ {
+ print"<option selected>$_</option>";
+ }else{
+ print"<option>$_</option>";
+ }
+ }
+ print<<END;
+ </select></td><td align='right'><input type='text' name='SRC_PORT' value='$fwdfwsettings{'SRC_PORT'}' maxlength='11' size='9' ></td></tr>
+ <tr><td></td><td></td><td></td><td></td><td nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td colspan='2'><select name='ICMP_TYPES'>
+END
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ print"<option>All ICMP-Types</option>";
+ foreach my $key (sort { uc($icmptypes{$a}[0]) cmp uc($icmptypes{$b}[0]) } keys %icmptypes){
+ if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){
+ print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }else{
+ print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }
+ }
+ print<<END;
+ </select></td></tr></table><hr>
+END
+ &Header::closebox();
+
+ #---TARGET------------------------------------------------------
+ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'});
+ print<<END;
+ <table width='100%' border='0'>
+ <tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr' checked></td><td colspan='2'>$Lang::tr{'fwdfw targetip'}<input type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16'><td><input type='radio' name='grp2' value='ipfire' $checked{'grp2'}{'ipfire'}></td><td><b>IPFire ($Lang::tr{'external access'})</b></td><td><select name='ipfire' style='min-width:185px;'>
+END
+ print "<option value='Default IP' $selected{'ipfire'}{'Default IP'}>Default IP</option>";
+
+ foreach my $alias (sort keys %aliases)
+ {
+ print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
+ }
+
+ print<<END;
+ </td></tr>
+ <tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr>
+ <tr><td width='1%'><input type='radio' name='grp2' value='std_net_tgt' $checked{'grp2'}{'std_net_tgt'}></td><td nowrap='nowrap' width='12%'>$Lang::tr{'fwhost stdnet'}</td><td width='13%'><select name='std_net_tgt' style='min-width:185px;'>
+
+END
+
+ foreach my $network (sort keys %defaultNetworks)
+ {
+ print "<option value='$defaultNetworks{$network}{'NAME'}'";
+ print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $defaultNetworks{$network}{'NAME'});
+ print ">$network</option>";
+ }
+ print<<END;
+ </select></td><td width='1%'><input type='radio' name='grp2' value='ovpn_net_tgt' $checked{'grp2'}{'ovpn_net_tgt'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%'><select name='ovpn_net_tgt' style='min-width:185px;'>
+END
+ &fillselect(\%ccdnet,$fwdfwsettings{$fwdfwsettings{'grp2'}});
+
+ print<<END;
+ </select></td></tr>
+ <tr><td><input type='radio' name='grp2' value='cust_net_tgt' $checked{'grp2'}{'cust_net_tgt'}></td><td>$Lang::tr{'fwhost cust net'}</td><td><select name='cust_net_tgt' style='min-width:185px;'>
+END
+ &fillselect(\%customnetwork,$fwdfwsettings{$fwdfwsettings{'grp2'}});
+ print<<END;
+ </select></td><td width='1%'><input type='radio' name='grp2' value='ovpn_host_tgt' $checked{'grp2'}{'ovpn_host_tgt'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' width='1%'><select name='ovpn_host_tgt' style='min-width:185px;'>
+END
+ foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost)
+ {
+ if ($ccdhost{$key}[33] ne ''){
+ print "<option value='$ccdhost{$key}[1]' ";
+ print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $ccdhost{$key}[33]);
+ print ">$ccdhost{$key}[1]</option>";
+ }
+ }
+ print<<END;
+ </select></td></tr>
+ <tr><td valign='top'><input type='radio' name='grp2' value='cust_host_tgt' $checked{'grp2'}{'cust_host_tgt'}></td><td>$Lang::tr{'fwhost cust addr'}</td><td><select name='cust_host_tgt' style='min-width:185px;'>
+END
+ &fillselect(\%customhost,$fwdfwsettings{$fwdfwsettings{'grp2'}});
+ print<<END;
+ </select></td><td width='1%'><input type='radio' name='grp2' value='ovpn_n2n_tgt' $checked{'grp2'}{'ovpn_n2n_tgt'}></td><td >$Lang::tr{'fwhost ovpn_n2n'}</td><td colspan='3'><select name='ovpn_n2n_tgt' style='min-width:185px;'>
+END
+ foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost) {
+ if($ccdhost{$key}[3] eq 'net'){
+ print "<option ";
+ print "selected='selected'" if($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $ccdhost{$key}[1]);
+ print ">$ccdhost{$key}[1]</option>";
+ }
+ }
+ print<<END;
+ </select></td></tr>
+
+ <tr><td valign='top'><input type='radio' name='grp2' value='cust_grp_tgt' $checked{'grp2'}{'cust_grp_tgt'}></td><td >$Lang::tr{'fwhost cust grp'}</td><td><select name='cust_grp_tgt' style='min-width:185px;'>
+END
+ $helper='';
+ foreach my $key (sort { uc($customgrp{$a}[0]) cmp uc($customgrp{$b}[0]) } keys %customgrp) {
+ if($helper ne $customgrp{$key}[0]){
+ print"<option ";
+ print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $customgrp{$key}[0]);
+ print">$customgrp{$key}[0]</option>";
+ }
+ $helper=$customgrp{$key}[0];
+ }
+ print<<END;
+ </select></td>
+ <td valign='top'><input type='radio' name='grp2' value='ipsec_net_tgt' $checked{'grp2'}{'ipsec_net_tgt'}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td><select name='ipsec_net_tgt' style='min-width:185px;'>
+END
+ foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
+ if ($ipsecconf{$key}[3] eq 'net'){
+ print"<option ";
+ print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $ipsecconf{$key}[1]);
+ print">$ipsecconf{$key}[1]</option>";
+ }
+ }
+ print<<END;
+ </select></td></tr>
+END
+
+# <td valign='top'><input type='radio' name='grp2' value='ipsec_host_tgt' $checked{'grp2'}{'ipsec_host_tgt'}></td><td >$Lang::tr{'fwhost ipsec host'}</td><td><select name='ipsec_host_tgt' style='min-width:185px;'>
+#END
+# foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
+# if ($ipsecconf{$key}[3] eq 'host'){
+# print"<option ";
+# print"selected='Selected'" if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $ipsecconf{$key}[1]);
+# print">$ipsecconf{$key}[1]</option>";
+# }
+# }
+ print<<END;
+ </table>
+ <b>$Lang::tr{'fwhost attention'}:</b><br>
+ $Lang::tr{'fwhost macwarn'}<br><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; '></hr><br>
+
+ <table width='100%' border='0'>
+ <tr><td width='1%'><input type='checkbox' name='USESRV' value='ON' $checked{'USESRV'}{'ON'} ></td><td width='48%'>$Lang::tr{'fwdfw use srv'}</td><td width='1%'><input type='radio' name='grp3' value='cust_srv' checked></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td width='1%' colspan='2'><select name='cust_srv'style='min-width:230px;' >
+END
+ &General::readhasharray("$configsrv", \%customservice);
+ foreach my $key (sort keys %customservice){
+ print"<option ";
+ print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]);
+ print"value='$customservice{$key}[0]'>$customservice{$key}[0]</option>";
+ }
+ print<<END;
+ </select></td></tr>
+ <tr><td colspan='2'></td><td><input type='radio' name='grp3' value='cust_srvgrp' $checked{'grp3'}{'cust_srvgrp'}></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust srvgrp'}:</td><td colspan='2'><select name='cust_srvgrp'style='min-width:230px;' >
+END
+ &General::readhasharray("$configsrvgrp", \%customservicegrp);
+ my $helper;
+ foreach my $key (sort keys %customservicegrp){
+ if ($helper ne $customservicegrp{$key}[0]){
+ print"<option ";
+ print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservicegrp{$key}[0]);
+ print">$customservicegrp{$key}[0]</option>";
+ }
+ $helper=$customservicegrp{$key}[0];
+ }
+ print<<END;
+ </select></td></tr>
+ <tr><td colspan='2'></td><td><input type='radio' name='grp3' value='TGT_PORT' $checked{'grp3'}{'TGT_PORT'}></td><td>$Lang::tr{'fwdfw man port'}</td><td><select name='TGT_PROT'>
+END
+ foreach ("TCP","UDP","GRE","ICMP")
+ {
+ if ($_ eq $fwdfwsettings{'TGT_PROT'})
+ {
+ print"<option selected>$_</option>";
+ }else{
+ print"<option>$_</option>";
+ }
+ }
+ print<<END;
+ </select></td><td align='right'><input type='text' name='TGT_PORT' value='$fwdfwsettings{'TGT_PORT'}' maxlength='11' size='9' ></td></tr>
+ <tr><td colspan='2'></td><td></td><td>$Lang::tr{'fwhost icmptype'}</td><td colspan='2'><select name='ICMP_TGT'>
+END
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ print"<option>All ICMP-Types</option>";
+ foreach my $key (sort { uc($icmptypes{$a}[0]) cmp uc($icmptypes{$b}[0]) }keys %icmptypes){
+ if($fwdfwsettings{'ICMP_TGT'} eq "$icmptypes{$key}[0]"){
+ print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }else{
+ print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }
+ }
+ print<<END;
+ </select></td></tr>
+ </table><hr><br><br>
+
+END
+ #---Activate/logging/remark-------------------------------------
+ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'});
+ print<<END;
+ <table width='100%' border='0'>
+ <tr><td colspan='2' >$Lang::tr{'remark'}:<input type='text' name='ruleremark' size='40' value='$fwdfwsettings{'ruleremark'}'></td></tr>
+ <tr><td width='1%'><input type='checkbox' name='ACTIVE' value='ON' $checked{'ACTIVE'}{'ON'}></td><td>$Lang::tr{'fwdfw rule activate'}</td></tr>
+ <tr><td width='1%'><input type='checkbox' name='LOG' value='ON' $checked{'LOG'}{'ON'} ></td><td>$Lang::tr{'fwdfw log rule'}</td></tr>
+ </table><hr><br>
+END
+ &Header::closebox();
+ #---ADD TIMEFRAME-----------------------------------------------
+ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw timeframe'});
+ print<<END;
+ <table width='70%' border='0'>
+ <tr><td width='1%'><input type='checkbox' name='TIME' value='ON' $checked{'TIME'}{'ON'}></td><td colspan='4'>$Lang::tr{'fwdfw timeframe'}</td></tr>
+ <tr><td colspan='7'> </td></tr>
+ <tr>
+ <td align='left'>$Lang::tr{'time'}:</td>
+ <td width='30%' align='left'>$Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'}</td>
+
+ <td width='15%' align='left'>$Lang::tr{'advproxy from'}</td>
+ <td width='15%' align='left'>$Lang::tr{'advproxy to'}</td>
+ </tr>
+ <tr>
+ <td align='right'></td>
+ <td width='30%' align='left'>
+ <input type='checkbox' name='TIME_MON' value='on' $checked{'TIME_MON'}{'on'} />
+ <input type='checkbox' name='TIME_TUE' value='on' $checked{'TIME_TUE'}{'on'} />
+ <input type='checkbox' name='TIME_WED' value='on' $checked{'TIME_WED'}{'on'} />
+ <input type='checkbox' name='TIME_THU' value='on' $checked{'TIME_THU'}{'on'} />
+ <input type='checkbox' name='TIME_FRI' value='on' $checked{'TIME_FRI'}{'on'} />
+ <input type='checkbox' name='TIME_SAT' value='on' $checked{'TIME_SAT'}{'on'} />
+ <input type='checkbox' name='TIME_SUN' value='on' $checked{'TIME_SUN'}{$Lang::tr{'fwdfw wd_sun'}} />
+ </td>
+
+ <td><select name='TIME_FROM'>
+END
+ for (my $i=0;$i<=23;$i++) {
+ $i = sprintf("%02s",$i);
+ for (my $j=0;$j<=45;$j+=15) {
+ $j = sprintf("%02s",$j);
+ my $time = $i.":".$j;
+ print "\t\t\t\t\t<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n";
+ }
+ }
+ print<<END;
+ </select></td>
+ <td><select name='TIME_TO'>
+END
+ for (my $i=0;$i<=23;$i++) {
+ $i = sprintf("%02s",$i);
+ for (my $j=0;$j<=45;$j+=15) {
+ $j = sprintf("%02s",$j);
+ my $time = $i.":".$j;
+ print "\t\t\t\t\t<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
+ }
+ }
+ print<<END;
+ </select></td></tr>
+ </table><hr>
+END
+ &Header::closebox();
+ #---ACTION------------------------------------------------------
+ if($fwdfwsettings{'updatefwrule'} ne 'on'){
+ print<<END;
+ <table border='0' width='100%'>
+ <tr><td align='right'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' />
+ <input type='hidden' name='config' value='$config' >
+ <input type='hidden' name='ACTION' value='saverule' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value'reset'></td></td>
+ </table></form>
+END
+ }else{
+ print<<END;
+ <table border='0' width='100%'>
+ <tr><td align='right'><input type='submit' value='$Lang::tr{'fwdfw change'}' style='min-width:100px;' /><input type='hidden' name='updatefwrule' value='$fwdfwsettings{'updatefwrule'}'><input type='hidden' name='key' value='$fwdfwsettings{'key'}'>
+ <input type='hidden' name='oldgrp1a' value='$fwdfwsettings{'oldgrp1a'}' />
+ <input type='hidden' name='oldgrp1b' value='$fwdfwsettings{'oldgrp1b'}' />
+ <input type='hidden' name='oldgrp2a' value='$fwdfwsettings{'oldgrp2a'}' />
+ <input type='hidden' name='oldgrp2b' value='$fwdfwsettings{'oldgrp2b'}' />
+ <input type='hidden' name='oldgrp3a' value='$fwdfwsettings{'oldgrp3a'}' />
+ <input type='hidden' name='oldgrp3b' value='$fwdfwsettings{'oldgrp3b'}' />
+ <input type='hidden' name='oldusesrv' value='$fwdfwsettings{'oldusesrv'}' />
+
+ <input type='hidden' name='ACTION' value='saverule' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value'reset'></td></td>
+
+ </table></form>
+END
+ }
+ &Header::closebox();
+}
+sub saverule
+{
+
+ my $hash=shift;
+ my $config=shift;
+ &General::readhasharray("$config", $hash);
+ if (!$errormessage){
+ if ($fwdfwsettings{'updatefwrule'} ne 'on' ){
+ my $key = &General::findhasharraykey ($hash);
+ $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
+ $$hash{$key}[1] = $fwdfwsettings{'chain'};
+ $$hash{$key}[2] = $fwdfwsettings{'ACTIVE'};
+ $$hash{$key}[3] = $fwdfwsettings{'grp1'};
+ $$hash{$key}[4] = $fwdfwsettings{$fwdfwsettings{'grp1'}};
+ $$hash{$key}[5] = $fwdfwsettings{'grp2'};
+ $$hash{$key}[6] = $fwdfwsettings{$fwdfwsettings{'grp2'}};
+ $$hash{$key}[7] = $fwdfwsettings{'USE_SRC_PORT'};
+ $$hash{$key}[8] = $fwdfwsettings{'PROT'};
+ $$hash{$key}[9] = $fwdfwsettings{'ICMP_TYPES'};
+ $$hash{$key}[10] = $fwdfwsettings{'SRC_PORT'};
+ $$hash{$key}[11] = $fwdfwsettings{'USESRV'};
+ $$hash{$key}[12] = $fwdfwsettings{'TGT_PROT'};
+ $$hash{$key}[13] = $fwdfwsettings{'ICMP_TGT'};
+ $$hash{$key}[14] = $fwdfwsettings{'grp3'};
+ $$hash{$key}[15] = $fwdfwsettings{$fwdfwsettings{'grp3'}};
+ $$hash{$key}[16] = $fwdfwsettings{'ruleremark'};
+ $$hash{$key}[17] = $fwdfwsettings{'LOG'};
+ $$hash{$key}[18] = $fwdfwsettings{'TIME'};
+ $$hash{$key}[19] = $fwdfwsettings{'TIME_MON'};
+ $$hash{$key}[20] = $fwdfwsettings{'TIME_TUE'};
+ $$hash{$key}[21] = $fwdfwsettings{'TIME_WED'};
+ $$hash{$key}[22] = $fwdfwsettings{'TIME_THU'};
+ $$hash{$key}[23] = $fwdfwsettings{'TIME_FRI'};
+ $$hash{$key}[24] = $fwdfwsettings{'TIME_SAT'};
+ $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'};
+ $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'};
+ $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
+ &General::writehasharray("$config", $hash);
+ }else{
+ foreach my $key (sort keys %$hash){
+ if($key eq $fwdfwsettings{'key'}){
+ $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
+ $$hash{$key}[1] = $fwdfwsettings{'chain'};
+ $$hash{$key}[2] = $fwdfwsettings{'ACTIVE'};
+ $$hash{$key}[3] = $fwdfwsettings{'grp1'};
+ $$hash{$key}[4] = $fwdfwsettings{$fwdfwsettings{'grp1'}};
+ $$hash{$key}[5] = $fwdfwsettings{'grp2'};
+ $$hash{$key}[6] = $fwdfwsettings{$fwdfwsettings{'grp2'}};
+ $$hash{$key}[7] = $fwdfwsettings{'USE_SRC_PORT'};
+ $$hash{$key}[8] = $fwdfwsettings{'PROT'};
+ $$hash{$key}[9] = $fwdfwsettings{'ICMP_TYPES'};
+ $$hash{$key}[10] = $fwdfwsettings{'SRC_PORT'};
+ $$hash{$key}[11] = $fwdfwsettings{'USESRV'};
+ $$hash{$key}[12] = $fwdfwsettings{'TGT_PROT'};
+ $$hash{$key}[13] = $fwdfwsettings{'ICMP_TGT'};
+ $$hash{$key}[14] = $fwdfwsettings{'grp3'};
+ $$hash{$key}[15] = $fwdfwsettings{$fwdfwsettings{'grp3'}};
+ $$hash{$key}[16] = $fwdfwsettings{'ruleremark'};
+ $$hash{$key}[17] = $fwdfwsettings{'LOG'};
+ $$hash{$key}[18] = $fwdfwsettings{'TIME'};
+ $$hash{$key}[19] = $fwdfwsettings{'TIME_MON'};
+ $$hash{$key}[20] = $fwdfwsettings{'TIME_TUE'};
+ $$hash{$key}[21] = $fwdfwsettings{'TIME_WED'};
+ $$hash{$key}[22] = $fwdfwsettings{'TIME_THU'};
+ $$hash{$key}[23] = $fwdfwsettings{'TIME_FRI'};
+ $$hash{$key}[24] = $fwdfwsettings{'TIME_SAT'};
+ $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'};
+ $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'};
+ $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
+ last;
+ }
+ }
+ &General::writehasharray("$config", $hash);
+ }
+ }
+}
+sub error
+{
+ if ($errormessage) {
+ &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+ print "<class name='base'>$errormessage\n";
+ print " </class>\n";
+ &Header::closebox();
+ print"<hr>";
+ }
+}
+sub hint
+{
+ if ($hint) {
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost hint'});
+ print "<class name='base'>$hint\n";
+ print " </class>\n";
+ &Header::closebox();
+ print"<hr>";
+ }
+}
+sub get_name
+{
+ my $val=shift;
+ &General::setup_default_networks(\%defaultNetworks);
+ foreach my $network (sort keys %defaultNetworks)
+ {
+ return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
+ }
+}
+sub validremark
+{
+ # Checks a hostname against RFC1035
+ my $remark = $_[0];
+
+ # Each part should be at least two characters in length
+ # but no more than 63 characters
+ if (length ($remark) < 1 || length ($remark) > 63) {
+ return 0;}
+ # Only valid characters are a-z, A-Z, 0-9 and -
+ if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-\s]*$/) {
+ return 0;}
+ # First character can only be a letter or a digit
+ if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÖÄÜ0-9]*$/) {
+ return 0;}
+ # Last character can only be a letter or a digit
+ if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9]*$/) {
+ return 0;}
+ return 1;
+}
+sub getsrcport
+{
+ my %hash=%{(shift)};
+ my $key=shift;
+ if($hash{$key}[7] eq 'ON' && $hash{$key}[8] ne 'ICMP'){
+ print" : ($hash{$key}[8]) $hash{$key}[10]";
+ }elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){
+ print" : ($hash{$key}[8]) <br> $hash{$key}[9]";
+ }
+}
+sub gettgtport
+{
+ my %hash=%{(shift)};
+ my $key=shift;
+ my $service;
+ my $prot;
+
+ if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){
+ if($hash{$key}[14] eq 'cust_srv'){
+ &General::readhasharray("$configsrv", \%customservice);
+ foreach my $i (sort keys %customservice){
+ #print "HHUHU: $customservice{$i}[0] und $hash{$key}[15]<br>";
+ if($customservice{$i}[0] eq $hash{$key}[15]){
+ $prot = $hash{$key}[12];
+ $service = $customservice{$i}[0];
+ }
+ }
+ }elsif($hash{$key}[14] eq 'cust_srvgrp'){
+
+ $service=$hash{$key}[15];
+ }elsif($hash{$key}[14] eq 'TGT_PORT'){
+ $service=$hash{$key}[15];
+ $prot=$hash{$key}[12];
+ }
+ }elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){
+ print" : ($hash{$key}[12]) <br>$hash{$key}[13]";
+ }
+
+ if ($prot ne '' || $service ne ''){
+ print" :";
+ if ($prot ne ''){
+ print"($prot) ";
+ }
+ print" $service";
+ }
+}
+sub viewtablerule
+{
+ &viewtablenew(\%configfwdfw,$configfwdfw,$Lang::tr{'fwdfw rules'},"Forward" );
+ &viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'external access'} );
+}
+sub viewtablenew
+{
+ my $hash=shift;
+ my $config=shift;
+ my $title=shift;
+ my $title1=shift;
+
+ if ( ! -z "$config"){
+ &Header::openbox('100%', 'left',$title);
+ my $count=0;
+ my ($gif,$log);
+ my $ruletype;
+ my $rulecolor;
+ my $tooltip;
+ my @tmpsrc=();
+ my $coloryellow='';
+ &General::readhasharray("$config", $hash);
+ print"<b>$title1</b><br>";
+ print"<table width='100%' border='0' cellspacing='1' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;'>";
+ print"<tr><td align='center' width='1%'><b>#</td><td></td><td align='center'><b>$Lang::tr{'fwdfw source'}</td><td><b>Log</td><td align='center'><b>$Lang::tr{'fwdfw target'}</td><td align='center'><b>$Lang::tr{'remark'}</td><td align='center' colspan='3'><b>$Lang::tr{'fwdfw action'}</td></tr>";
+ foreach my $key (sort keys %$hash){
+ @tmpsrc=();
+ #check if vpn hosts/nets have been deleted
+ if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){
+ push (@tmpsrc,$$hash{$key}[4]);
+ }
+ if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /ovpn/i){
+ push (@tmpsrc,$$hash{$key}[6]);
+ }
+
+ foreach my $host (@tmpsrc){
+ if($$hash{$key}[3] eq 'ipsec_net_src' || $$hash{$key}[5] eq 'ipsec_net_tgt'){
+ if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
+ $coloryellow='on';
+ &disable_rule($key);
+ $$hash{$key}[2]='';
+
+ }
+ }elsif($$hash{$key}[3] eq 'ovpn_net_src' || $$hash{$key}[5] eq 'ovpn_net_tgt'){
+ if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
+ $coloryellow='on';
+ &disable_rule($key);
+ $$hash{$key}[2]='';
+ }
+ }elsif($$hash{$key}[3] eq 'ovpn_n2n_src' || $$hash{$key}[5] eq 'ovpn_n2n_tgt'){
+ if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
+ $coloryellow='on';
+ &disable_rule($key);
+ $$hash{$key}[2]='';
+ }
+ }elsif($$hash{$key}[3] eq 'ovpn_host_src' || $$hash{$key}[5] eq 'ovpn_host_tgt'){
+ if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
+ $coloryellow='on';
+ &disable_rule($key);
+ $$hash{$key}[2]='';
+ }
+ }
+ $$hash{$key}[3]='';
+ $$hash{$key}[5]='';
+ }
+
+ $$hash{'ACTIVE'}=$$hash{$key}[2];
+ $count++;
+
+ if($coloryellow eq 'on'){
+ print"<tr bgcolor='$color{'color14'}' >";
+ $coloryellow='';
+ }elsif($coloryellow eq ''){
+ if ($count % 2){
+ print"<tr bgcolor='$color{'color22'}' >";
+ }
+ else{
+ print"<tr bgcolor='$color{'color20'}' >";
+ }
+ }
+
+ print<<END;
+ <td align='right'>$key</td>
+END
+ if ($$hash{$key}[0] eq 'ACCEPT'){
+ $ruletype='A';
+ $tooltip='ACCEPT';
+ $rulecolor=$color{'color17'};
+ }elsif($$hash{$key}[0] eq 'DROP'){
+ $ruletype='D';
+ $tooltip='DROP';
+ $rulecolor=$color{'color25'};
+ }elsif($$hash{$key}[0] eq 'REJECT'){
+ $ruletype='R';
+ $tooltip='REJECT';
+ $rulecolor=$color{'color16'};
+ }
+ print"<td bgcolor='$rulecolor' width='2%' align='center'><span title='$tooltip'><b>$ruletype</b></span></td>";
+ print"<td align='center'>";
+ if ($$hash{$key}[3] eq 'std_net_src'){
+ print &get_name($$hash{$key}[4]);
+ }else{
+ print $$hash{$key}[4];
+ }
+ &getsrcport(\%$hash,$key);
+ if ($$hash{$key}[17] eq 'ON'){
+ $log="/images/on.gif";
+ }else{
+ $log="/images/off.gif";
+ }
+ print<<END;
+ </td>
+
+ <form method='post'>
+ <td width='1%'><input type='image' img src='$log' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw togglelog'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;'/>
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw togglelog'}' />
+ </td></form>
+END
+
+ print<<END;
+ <td align='center'>
+END
+ if ($$hash{$key}[5] eq 'std_net_tgt'){
+ print &get_name($$hash{$key}[6]);
+ }else{
+ print $$hash{$key}[6];
+ }
+ &gettgtport(\%$hash,$key);
+ ################################################################################
+ print"</td><td width='20%'>$$hash{$key}[16]</td>";
+
+ if($$hash{$key}[2] eq 'ON'){
+ $gif="/images/on.gif"
+
+ }else{
+ $gif="/images/off.gif"
+
+ }
+ print<<END;
+ <form method='post'>
+ <td width='1%'><input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw toggle'}' />
+ </td></form>
+
+ <form method='post'>
+ <td width='1%' ><input type='image' img src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'fwdfw edit'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='editrule' />
+ </td></form></td>
+
+ <form method='post'>
+ <td width='1%'><input type='image' img src='/images/addblue.gif' alt='$Lang::tr{'fwdfw copy'}' title='$Lang::tr{'fwdfw copy'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='copyrule' />
+ </td></form></td>
+
+
+ <form method='post'>
+ <td width='1%' ><input type='image' img src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'fwdfw delete'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='deleterule' />
+ </td></form></td>
+END
+ if (exists $$hash{$key-1}){
+ print<<END;
+ <form method='post'>
+ <td width='1%'><input type='image' img src='/images/up.gif' alt='$Lang::tr{'fwdfw moveup'}' title='$Lang::tr{'fwdfw moveup'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='moveup' />
+ </td></form></td>
+END
+ }else{
+ print"<td></td>";
+ }
+
+ if (exists $$hash{$key+1}){
+ print<<END;
+ <form method='post'>
+ <td width='1%' ><input type='image' img src='/images/down.gif' alt='$Lang::tr{'fwdfw movedown'}' title='$Lang::tr{'fwdfw movedown'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='movedown' />
+ </td></form></td></tr>
+END
+ }else{
+ print"<td></td></tr>";
+ }
+ #if timeframe set, print new line in table
+ if ($$hash{$key}[18] eq 'ON'){
+ my @days=();
+ if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});}
+ if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});}
+ if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});}
+ if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});}
+ if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});}
+ if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});}
+ if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});}
+
+ my $weekdays=join(",",@days);
+
+ if (@days){
+ print"<tr bgcolor='#FFE4B5'><td colspan='4'>$Lang::tr{'fwdfw time'} ";
+ print"$weekdays";
+ print "  $Lang::tr{'fwdfw from'} $$hash{$key}[26]   $Lang::tr{'fwdfw till'} $$hash{$key}[27]</td><td colspan='8'></d></tr>";
+ }
+ }
+ }
+ print"</table>";
+ &Header::closebox();
+ }
+
+}
+sub fillselect
+{
+ my %hash=%{(shift)};
+ my $val=shift;
+ my $key;
+ foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash)
+ {
+ if($hash{$key}[0] eq $val){
+ print"<option value='$hash{$key}[0]' selected>$hash{$key}[0]</option>";
+ }else{
+ print"<option value='$hash{$key}[0]'>$hash{$key}[0]</option>";
+ }
+ }
+}
+sub rules
+{
+ if (!-f "${General::swroot}/forward/reread"){
+ system("touch ${General::swroot}/forward/reread");
+ }
+}
+sub reread_rules
+{
+ system("/usr/local/bin/forwardfwctrl");
+ system("rm ${General::swroot}/forward/reread");
+}
+&Header::closebigbox();
+&Header::closepage();
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2011 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+# New function for forwarding firewall. To make it comfortable to create #
+# rules, we need "spelling names" for single Hosts. If you have any questions #
+# <amarx@ipfire.org> #
+###############################################################################
+use strict;
+
+# enable only the following on debugging purpose
+use warnings;
+use CGI::Carp 'fatalsToBrowser';
+no warnings 'uninitialized';
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+my %fwhostsettings=();
+my %customnetwork=();
+my %customhost=();
+my %customgrp=();
+my %customservice=();
+my %customservicegrp=();
+my %ccdnet=();
+my %ccdhost=();
+my %ipsecconf=();
+my %icmptypes=();
+my %color=();
+my %defaultNetworks=();
+my %mainsettings=();
+my %ownnet=();
+my %ipsecsettings=();
+
+my $errormessage;
+my $hint;
+my $update=0;
+my $confignet = "${General::swroot}/fwhosts/customnetworks";
+my $confighost = "${General::swroot}/fwhosts/customhosts";
+my $configgrp = "${General::swroot}/fwhosts/customgroups";
+my $configccdnet = "${General::swroot}/ovpn/ccd.conf";
+my $configccdhost = "${General::swroot}/ovpn/ovpnconfig";
+my $configipsec = "${General::swroot}/vpn/config";
+my $configsrv = "${General::swroot}/fwhosts/customservices";
+my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
+
+unless (-e $confignet) { system("touch $confignet"); }
+unless (-e $confighost) { system("touch $confighost"); }
+unless (-e $configgrp) { system("touch $configgrp"); }
+unless (-e $configsrv) { system("touch $configsrv"); }
+unless (-e $configsrvgrp) { system("touch $configsrvgrp"); }
+
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+&General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
+&Header::getcgihash(\%fwhostsettings);
+
+&Header::showhttpheaders();
+&Header::openpage($Lang::tr{'fwhost hosts'}, 1, '');
+&Header::openbigbox('100%', 'center');
+
+## ACTION ####
+# Update
+if ($fwhostsettings{'ACTION'} eq 'updatenet' )
+{
+ &General::readhasharray("$confignet", \%customnetwork);
+ foreach my $key (keys %customnetwork)
+ {
+ if($customnetwork{$key}[0] eq $fwhostsettings{'orgname'})
+ {
+ $fwhostsettings{'orgname'} = $customnetwork{$key}[0];
+ $fwhostsettings{'orgip'} = $customnetwork{$key}[1];
+ $fwhostsettings{'orgsub'} = $customnetwork{$key}[2];
+ $fwhostsettings{'count'} = $customnetwork{$key}[3];
+ delete $customnetwork{$key};
+
+ }
+ }
+ &General::writehasharray("$confignet", \%customnetwork);
+ $fwhostsettings{'actualize'} = 'on';
+ $fwhostsettings{'ACTION'} = 'savenet';
+}
+if ($fwhostsettings{'ACTION'} eq 'updatehost')
+{
+ my ($ip,$subnet);
+ &General::readhasharray("$confighost", \%customhost);
+ foreach my $key (keys %customhost)
+ {
+ if($customhost{$key}[0] eq $fwhostsettings{'orgname'})
+ {
+ $fwhostsettings{'orgname'} = $customhost{$key}[0];
+ if ($customhost{$key}[1] eq 'ip'){
+ ($ip,$subnet) = split (/\//,$customhost{$key}[2]);
+ }else{
+ $ip = $customhost{$key}[2];
+ }
+ $fwhostsettings{'orgip'} = $ip;
+ $fwhostsettings{'count'} = $customhost{$key}[3];
+ delete $customhost{$key};
+ }
+ }
+ &General::writehasharray("$confighost", \%customhost);
+ $fwhostsettings{'actualize'} = 'on';
+ $fwhostsettings{'ACTION'} = 'savehost';
+}
+if ($fwhostsettings{'ACTION'} eq 'updateservice')
+{
+ my $count=0;
+ my $needrules=0;
+ $errormessage=&checkports(\%customservice);
+
+ if (!$errormessage){
+ &General::readhasharray("$configsrv", \%customservice);
+ foreach my $key (keys %customservice)
+ {
+ if ($customservice{$key}[0] eq $fwhostsettings{'oldsrvname'})
+ {
+ $count=$customservice{$key}[4];
+ delete $customservice{$key};
+ &General::writehasharray("$configsrv", \%customservice);
+ last;
+ }
+ }
+ if ($fwhostsettings{'PROT'} ne 'ICMP'){
+ $fwhostsettings{'ICMP_TYPES'}='BLANK';
+ }
+ my $key1 = &General::findhasharraykey(\%customservice);
+ foreach my $i (0 .. 4) { $customservice{$key1}[$i] = "";}
+ $customservice{$key1}[0] = $fwhostsettings{'SRV_NAME'};
+ $customservice{$key1}[1] = $fwhostsettings{'SRV_PORT'};
+ $customservice{$key1}[2] = $fwhostsettings{'PROT'};
+ $customservice{$key1}[3] = $fwhostsettings{'ICMP_TYPES'};
+ $customservice{$key1}[4] = $count;
+ &General::writehasharray("$configsrv", \%customservice);
+ if($fwhostsettings{'updatesrv'} eq 'on'){
+ if($count gt 0 && $fwhostsettings{'oldsrvport'} ne $fwhostsettings{'SRV_PORT'} ){
+ $needrules='on';
+ }
+ if($count gt 0 && $fwhostsettings{'oldsrvprot'} ne $fwhostsettings{'PROT'} ){
+ $needrules='on';
+ }
+ }
+ $fwhostsettings{'SRV_NAME'} = '';
+ $fwhostsettings{'SRV_PORT'} = '';
+ $fwhostsettings{'PROT'} = '';
+
+ }else{
+ $fwhostsettings{'SRV_NAME'} = $fwhostsettings{'oldsrvname'};
+ $fwhostsettings{'SRV_PORT'} = $fwhostsettings{'oldsrvport'};
+ $fwhostsettings{'PROT'} = $fwhostsettings{'oldsrvprot'};
+ $fwhostsettings{'updatesrv'}= 'on';
+ }
+
+ if($needrules eq 'on'){
+ $errormessage="reread!";
+ &rules;
+ }
+
+ &addservice;
+}
+# save
+if ($fwhostsettings{'ACTION'} eq 'savenet' )
+{
+ my $count=0;
+ my $needrules=0;
+ if ($fwhostsettings{'orgname'} eq ''){$fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};}
+
+ #check if all fields are set
+ if ($fwhostsettings{'HOSTNAME'} eq '' || $fwhostsettings{'IP'} eq '' || $fwhostsettings{'SUBNET'} eq '')
+ {
+ $errormessage=$errormessage.$Lang::tr{'fwhost err empty'};
+ &addnet;
+ &viewtablenet;
+ }else{
+ #check valid ip
+ if (!&General::validipandmask($fwhostsettings{'IP'}."/".$fwhostsettings{'SUBNET'}))
+ {
+ $errormessage=$errormessage.$Lang::tr{'fwhost err addr'};
+ $fwhostsettings{'BLK_HOST'} ='readonly';
+ $fwhostsettings{'NOCHECK'} ='false';
+ $fwhostsettings{'error'} ='on';
+ }
+ #check if subnet is sigle host
+ if(&General::iporsubtocidr($fwhostsettings{'SUBNET'}) eq '32')
+ {
+ $errormessage=$errormessage.$Lang::tr{'fwhost err sub32'};
+
+ }
+ if($fwhostsettings{'error'} ne 'on'){
+ #check if we use one of ipfire's networks (green,orange,blue)
+ if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'GREEN_NETADDRESS'},$ownnet{'GREEN_NETMASK'}))
+ {
+ $errormessage=$errormessage.$Lang::tr{'ccd err green'}."<br>";
+ $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
+ }
+ if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'ORANGE_NETADDRESS'},$ownnet{'ORANGE_NETMASK'}))
+ {
+ $errormessage=$errormessage.$Lang::tr{'ccd err orange'}."<br>";
+ $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
+ }
+ if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'BLUE_NETADDRESS'},$ownnet{'BLUE_NETMASK'}))
+ {
+ $errormessage=$errormessage.$Lang::tr{'ccd err blue'}."<br>";
+ $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
+ }
+ if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'RED_NETADDRESS'},$ownnet{'RED_NETMASK'}))
+ {
+ $errormessage=$errormessage.$Lang::tr{'ccd err red'}."<br>";
+ $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
+ }
+ }
+ #only check plausi when no error till now
+ if (!$errormessage){
+ &plausicheck("editnet");
+ }
+
+ #check if network ip is part of an already used one
+ if(&checksubnet(\%customnetwork))
+ {
+ $errormessage=$errormessage.$Lang::tr{'fwhost err partofnet'};
+ $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+ }
+
+ if($fwhostsettings{'actualize'} eq 'on' && $fwhostsettings{'newnet'} ne 'on' && $errormessage)
+ {
+ $fwhostsettings{'actualize'} = '';
+ my $key = &General::findhasharraykey (\%customnetwork);
+ foreach my $i (0 .. 3) { $customnetwork{$key}[$i] = "";}
+ $customnetwork{$key}[0] = $fwhostsettings{'orgname'} ;
+ $customnetwork{$key}[1] = $fwhostsettings{'orgip'} ;
+ $customnetwork{$key}[2] = $fwhostsettings{'orgsub'};
+ $customnetwork{$key}[3] = $fwhostsettings{'count'};
+ &General::writehasharray("$confignet", \%customnetwork);
+ undef %customnetwork;
+ }
+
+ if (!$errormessage){
+ &General::readhasharray("$confignet", \%customnetwork);
+ if ($fwhostsettings{'ACTION'} eq 'updatenet'){
+ if ($fwhostsettings{'update'} == '0'){
+ foreach my $key (keys %customnetwork) {
+ if($customnetwork{$key}[0] eq $fwhostsettings{'orgname'}){
+ $count=$customnetwork{$key}[3];
+ delete $customnetwork{$key};
+ last;
+ }
+ }
+ }
+ }
+ #get count if actualize is 'on'
+ if($fwhostsettings{'actualize'} eq 'on'){
+ $fwhostsettings{'actualize'} = '';
+ $count=$fwhostsettings{'count'};
+ #check if we need to reload rules
+ if($fwhostsettings{'orgip'} ne $fwhostsettings{'IP'} && $count gt '0'){
+ $needrules='on';
+ }
+ if ($fwhostsettings{'orgname'} ne $fwhostsettings{'HOSTNAME'}){
+ #check if we need to update groups
+ &General::readhasharray("$configgrp", \%customgrp);
+ foreach my $key (sort keys %customgrp){
+ if($customgrp{$key}[2] eq $fwhostsettings{'orgname'}){
+ $customgrp{$key}[2]=$fwhostsettings{'HOSTNAME'};
+ last;
+ }
+ }
+ &General::writehasharray("$configgrp", \%customgrp);
+ }
+ }
+ my $key = &General::findhasharraykey (\%customnetwork);
+ foreach my $i (0 .. 3) { $customnetwork{$key}[$i] = "";}
+ $fwhostsettings{'SUBNET'} = &General::iporsubtocidr($fwhostsettings{'SUBNET'});
+ $customnetwork{$key}[0] = $fwhostsettings{'HOSTNAME'};
+ #convert ip when leading '0' in byte
+ $fwhostsettings{'IP'}=&General::ip2dec($fwhostsettings{'IP'});
+ $fwhostsettings{'IP'}=&General::dec2ip($fwhostsettings{'IP'});
+ $customnetwork{$key}[1] = &General::getnetworkip($fwhostsettings{'IP'},$fwhostsettings{'SUBNET'}) ;
+ $customnetwork{$key}[2] = &General::iporsubtodec($fwhostsettings{'SUBNET'}) ;
+ if($fwhostsettings{'newnet'} eq 'on'){$count=0;}
+ $customnetwork{$key}[3] = $count;
+ &General::writehasharray("$confignet", \%customnetwork);
+ $fwhostsettings{'IP'}=$fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'});
+ undef %customnetwork;
+ $fwhostsettings{'HOSTNAME'}='';
+ $fwhostsettings{'IP'}='';
+ $fwhostsettings{'SUBNET'}='';
+ #check if an edited net affected groups and need to reload rules
+ if ($needrules eq 'on'){
+ &rules;
+ }
+ &addnet;
+ &viewtablenet;
+ }else
+ {
+ &addnet;
+ &viewtablenet;
+ }
+ }
+
+}
+if ($fwhostsettings{'ACTION'} eq 'savehost')
+{
+ my $count=0;
+ my $needrules=0;
+ if ($fwhostsettings{'orgname'} eq ''){$fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};}
+
+ $fwhostsettings{'SUBNET'}='32';
+
+ #check if all fields are set
+ if ($fwhostsettings{'HOSTNAME'} eq '' || $fwhostsettings{'IP'} eq '' || $fwhostsettings{'SUBNET'} eq '')
+ {
+ $errormessage=$errormessage.$Lang::tr{'fwhost err empty'};
+ $fwhostsettings{'ACTION'} = 'edithost';
+ }else{
+
+ if($fwhostsettings{'type'} eq 'ip' && $fwhostsettings{'IP'}=~/^([0-9a-fA-F]{1,2}:){5}[0-9a-fA-F]{1,2}$/){
+ $fwhostsettings{'type'} = 'mac';
+ }elsif($fwhostsettings{'type'} eq 'mac' && $fwhostsettings{'IP'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+ $fwhostsettings{'type'} = 'ip';
+ }elsif($fwhostsettings{'type'} eq 'mac' && $fwhostsettings{'IP'}=~/^([0-9a-fA-F]{1,2}:){5}[0-9a-fA-F]{1,2}$/){
+ $fwhostsettings{'type'} = 'mac';
+ }elsif($fwhostsettings{'type'} eq 'ip' && $fwhostsettings{'IP'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+ $fwhostsettings{'type'} = 'ip';
+ }else{
+ $fwhostsettings{'type'} = '';
+ $errormessage=$Lang::tr{'fwhost err ipmac'};
+ }
+
+ if($fwhostsettings{'type'} eq 'mac' )
+ {
+ if ($fwhostsettings{'IP'}!~/^([0-9a-fA-F]{1,2}:){5}[0-9a-fA-F]{1,2}$/ )
+ {
+ $errormessage=$Lang::tr{'fwhost err mac'};
+
+ }
+ }
+ #CHECK IP-PART
+ if ($fwhostsettings{'type'} eq 'ip'){
+ #check for subnet
+ if (rindex($fwhostsettings{'IP'},'/') eq '-1' ){
+ if($fwhostsettings{'type'} eq 'ip' && !&General::validipandmask($fwhostsettings{'IP'}."/32"))
+ {
+ $errormessage.=$errormessage.$Lang::tr{'fwhost err ip'};
+ $fwhostsettings{'error'}='on';
+ }
+
+ }elsif(rindex($fwhostsettings{'IP'},'/') ne '-1' ){
+ $errormessage=$errormessage.$Lang::tr{'fwhost err ipwithsub'};
+ $fwhostsettings{'error'}='on';
+ }
+ #check if net or broadcast
+ my @tmp= split (/\./,$fwhostsettings{'IP'});
+ if (($tmp[3] eq "0") || ($tmp[3] eq "255")){
+ $errormessage=$Lang::tr{'fwhost err hostip'};
+ }
+ }
+
+
+
+ #only check plausi when no error till now
+ if (!$errormessage){
+ &plausicheck("edithost");
+ }
+
+ if($fwhostsettings{'actualize'} eq 'on' && $fwhostsettings{'newhost'} ne 'on' && $errormessage){
+ $fwhostsettings{'actualize'} = '';
+ my $key = &General::findhasharraykey (\%customhost);
+ foreach my $i (0 .. 3) { $customhost{$key}[$i] = "";}
+ $customhost{$key}[0] = $fwhostsettings{'orgname'} ;
+ $customhost{$key}[1] = $fwhostsettings{'type'} ;
+ if($customhost{$key}[1] eq 'ip'){
+ $customhost{$key}[2] = $fwhostsettings{'orgip'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'});
+ }else{
+ $customhost{$key}[2] = $fwhostsettings{'orgip'};
+ }
+ $customhost{$key}[3] = $fwhostsettings{'count'};
+ &General::writehasharray("$confighost", \%customhost);
+ undef %customhost;
+
+ }
+
+ if (!$errormessage){
+ #get count if host was edited
+ if($fwhostsettings{'actualize'} eq 'on'){
+ $count=$fwhostsettings{'count'};
+ if($fwhostsettings{'orgip'} ne $fwhostsettings{'IP'} && $count gt '0' ){
+ $needrules='on';
+ }
+ if($fwhostsettings{'orgname'} ne $fwhostsettings{'HOSTNAME'}){
+ #check if we need to update groups
+ &General::readhasharray("$configgrp", \%customgrp);
+ foreach my $key (sort keys %customgrp){
+ if($customgrp{$key}[2] eq $fwhostsettings{'orgname'}){
+ $customgrp{$key}[2]=$fwhostsettings{'HOSTNAME'};
+ last;
+ }
+ }
+ &General::writehasharray("$configgrp", \%customgrp);
+ }
+
+
+ }
+ my $key = &General::findhasharraykey (\%customhost);
+ foreach my $i (0 .. 3) { $customhost{$key}[$i] = "";}
+ $customhost{$key}[0] = $fwhostsettings{'HOSTNAME'} ;
+ $customhost{$key}[1] = $fwhostsettings{'type'} ;
+ if ($fwhostsettings{'type'} eq 'ip'){
+ #convert ip when leading '0' in byte
+ $fwhostsettings{'IP'}=&General::ip2dec($fwhostsettings{'IP'});
+ $fwhostsettings{'IP'}=&General::dec2ip($fwhostsettings{'IP'});
+ $customhost{$key}[2] = $fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'});
+ }else{
+ $customhost{$key}[2] = $fwhostsettings{'IP'};
+ }
+ if($fwhostsettings{'newhost'} eq 'on'){$count=0;}
+ $customhost{$key}[3] = $count;
+ &General::writehasharray("$confighost", \%customhost);
+
+ #$fwhostsettings{'IP'} = $fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'});
+ undef %customhost;
+ $fwhostsettings{'HOSTNAME'}='';
+ $fwhostsettings{'IP'}='';
+ $fwhostsettings{'type'}='';
+ #check if we need to update rules while host was edited
+ if($needrules eq 'on'){
+ &rules;
+ }
+ &addhost;
+ &viewtablehost;
+ }else{
+ &addhost;
+ &viewtablehost;
+ }
+
+ }
+
+}
+if ($fwhostsettings{'ACTION'} eq 'savegrp')
+{
+ my $grp;
+ my $rem=$fwhostsettings{'remark'};
+ my $count;
+ my $type;
+ my $updcounter='off';
+ my @target;
+ my @newgrp;
+ &General::readhasharray("$configgrp", \%customgrp);
+ &General::readhasharray("$confignet", \%customnetwork);
+ &General::readhasharray("$confighost", \%customhost);
+ $grp=$fwhostsettings{'grp_name'};
+
+ if (!&General::validhostname($grp)){$errormessage=$errormessage.$Lang::tr{'fwhost err name'};}
+
+ ###check standard networks
+ if ($fwhostsettings{'grp2'} eq 'std_net'){
+ @target=$fwhostsettings{'DEFAULT_SRC_ADR'};
+ $type='Standard Network';
+ }
+ ##check custom networks
+ if ($fwhostsettings{'grp2'} eq 'cust_net' && $fwhostsettings{'CUST_SRC_NET'} ne ''){
+ @target=$fwhostsettings{'CUST_SRC_NET'};
+ $updcounter='net';
+ $type='Custom Network';
+ }elsif($fwhostsettings{'grp2'} eq 'cust_net' && $fwhostsettings{'CUST_SRC_NET'} eq ''){
+ $errormessage=$Lang::tr{'fwhost err groupempty'}."<br>";
+ $fwhostsettings{'grp_name'}='';
+ $fwhostsettings{'remark'}='';
+ }
+ #check custom addresses
+ if ($fwhostsettings{'grp2'} eq 'cust_host' && $fwhostsettings{'CUST_SRC_HOST'} ne ''){
+ @target=$fwhostsettings{'CUST_SRC_HOST'};
+ $updcounter='host';
+ $type='Custom Host';
+ }elsif($fwhostsettings{'grp2'} eq 'cust_host' && $fwhostsettings{'CUST_SRC_HOST'} eq ''){
+ $errormessage=$Lang::tr{'fwhost err groupempty'}."<br>";
+ $fwhostsettings{'grp_name'}='';
+ $fwhostsettings{'remark'}='';
+ }
+ #get address from ovpn ccd static net
+ if ($fwhostsettings{'grp2'} eq 'ovpn_net' && $fwhostsettings{'OVPN_CCD_NET'} ne ''){
+ @target=$fwhostsettings{'OVPN_CCD_NET'};
+ $type='OpenVPN static network';
+ }elsif($fwhostsettings{'grp2'} eq 'ovpn_net' && $fwhostsettings{'OVPN_CCD_NET'} eq ''){
+ $errormessage=$Lang::tr{'fwhost err groupempty'};
+ $fwhostsettings{'grp_name'}='';
+ $fwhostsettings{'remark'}='';
+ }
+ #get address from ovpn ccd static host
+ if ($fwhostsettings{'grp2'} eq 'ovpn_host' && $fwhostsettings{'OVPN_CCD_HOST'} ne ''){
+ @target=$fwhostsettings{'OVPN_CCD_HOST'};
+ $type='OpenVPN static host';
+ }elsif ($fwhostsettings{'grp2'} eq 'ovpn_host' && $fwhostsettings{'OVPN_CCD_HOST'} eq ''){
+ $errormessage=$Lang::tr{'fwhost err groupempty'};
+ }
+ #get address from ovpn ccd Net-2-Net
+ if ($fwhostsettings{'grp2'} eq 'ovpn_n2n' && $fwhostsettings{'OVPN_N2N'} ne ''){
+ @target=$fwhostsettings{'OVPN_N2N'};
+ $type='OpenVPN N-2-N';
+ }elsif ($fwhostsettings{'grp2'} eq 'ovpn_n2n' && $fwhostsettings{'OVPN_N2N'} eq ''){
+ $errormessage=$Lang::tr{'fwhost err groupempty'};
+ $fwhostsettings{'grp_name'}='';
+ $fwhostsettings{'remark'}='';
+ }
+
+ #get address from IPSEC HOST
+ if ($fwhostsettings{'grp2'} eq 'ipsec_host' && $fwhostsettings{'IPSEC_HOST'} ne ''){
+ @target=$fwhostsettings{'IPSEC_HOST'};
+ $type='IpSec Host';
+ }elsif ($fwhostsettings{'grp2'} eq 'ipsec_host' && $fwhostsettings{'IPSEC_HOST'} eq ''){
+ $errormessage=$Lang::tr{'fwhost err groupempty'};
+ $fwhostsettings{'grp_name'}='';
+ $fwhostsettings{'remark'}='';
+ }
+ #get address from IPSEC NETWORK
+ if ($fwhostsettings{'grp2'} eq 'ipsec_net' && $fwhostsettings{'IPSEC_NET'} ne ''){
+ @target=$fwhostsettings{'IPSEC_NET'};
+ $type='IpSec Network';
+ }elsif ($fwhostsettings{'grp2'} eq 'ipsec_net' && $fwhostsettings{'IPSEC_NET'} eq ''){
+ $errormessage=$Lang::tr{'fwhost err groupempty'};
+ $fwhostsettings{'grp_name'}='';
+ $fwhostsettings{'remark'}='';
+ }
+
+ #check if host/net exists in grp
+ my $test="$grp,$fwhostsettings{'oldremark'},@target";
+ foreach my $key (keys %customgrp) {
+ my $test1="$customgrp{$key}[0],$customgrp{$key}[1],$customgrp{$key}[2]";
+ if ($test1 eq $test){
+ $errormessage=$Lang::tr{'fwhost err isingrp'};
+ $fwhostsettings{'update'} = 'on';
+ }
+ }
+
+ if (!$errormessage){
+ #on first save, we have an empty @target, so fill it with nothing
+ my $targetvalues=@target;
+ if ($targetvalues == '0'){
+ @target=$Lang::tr{'fwhost empty'};
+ }
+ #on update, we have to delete the dummy entry
+
+ foreach my $key (keys %customgrp){
+ if ($customgrp{$key}[0] eq $grp && $customgrp{$key}[2] eq $Lang::tr{'fwhost empty'}){
+ delete $customgrp{$key};
+ last;
+ }
+ }
+ &General::writehasharray("$configgrp", \%customgrp);
+ &General::readhasharray("$configgrp", \%customgrp);
+
+
+
+ #check if remark has also changed
+ if ($fwhostsettings{'remark'} ne $fwhostsettings{'oldremark'} && $fwhostsettings{'update'} eq 'on')
+ {
+ foreach my $key (keys %customgrp)
+ {
+ if($customgrp{$key}[0] eq $grp && $customgrp{$key}[1] eq $fwhostsettings{'oldremark'})
+ {
+ $customgrp{$key}[1]='';
+ $customgrp{$key}[1]=$rem;
+ }
+ }
+ }
+ #get count used
+ foreach my $key (keys %customgrp)
+ {
+ if($customgrp{$key}[0] eq $grp)
+ {
+ $count=$customgrp{$key}[4];
+ last;
+ }
+ }
+ if ($count eq '' ){$count='0';}
+
+ #create array with new lines
+ foreach my $line (@target){
+ push (@newgrp,"$grp,$rem,$line");
+ }
+ #append new entries
+ my $key = &General::findhasharraykey (\%customgrp);
+ foreach my $line (@newgrp){
+ foreach my $i (0 .. 4) { $customgrp{$key}[$i] = "";}
+ my ($a,$b,$c,$d) = split (",",$line);
+ $customgrp{$key}[0] = $a;
+ $customgrp{$key}[1] = $b;
+ $customgrp{$key}[2] = $c;
+ $customgrp{$key}[3] = $type;
+ $customgrp{$key}[4] = $count;
+ }
+ &General::writehasharray("$configgrp", \%customgrp);
+
+ #update counter in Host/Net
+ if($updcounter eq 'net'){
+ foreach my $key (keys %customnetwork) {
+ if($customnetwork{$key}[0] eq $fwhostsettings{'CUST_SRC_NET'}){
+ $customnetwork{$key}[3] = $customnetwork{$key}[3]+1;
+ last;
+ }
+ }
+ &General::writehasharray("$confignet", \%customnetwork);
+ }elsif($updcounter eq 'host'){
+ foreach my $key (keys %customhost) {
+ if ($customhost{$key}[0] eq $fwhostsettings{'CUST_SRC_HOST'}){
+ $customhost{$key}[3]=$customhost{$key}[3]+1;
+ }
+ }
+ &General::writehasharray("$confighost", \%customhost);
+ }
+
+ $fwhostsettings{'update'}='on';
+
+ }
+ if ($fwhostsettings{'remark'} ne $fwhostsettings{'oldremark'} && $errormessage)
+ {
+ foreach my $key (keys %customgrp)
+ {
+ if($customgrp{$key}[0] eq $grp && $customgrp{$key}[1] eq $fwhostsettings{'oldremark'})
+ {
+ $customgrp{$key}[1]='';
+ $customgrp{$key}[1]=$rem;
+ }
+ }
+ &General::writehasharray("$configsrvgrp", \%customservicegrp);
+ $errormessage='';
+ $hint=$Lang::tr{'fwhost changeremark'};
+ $fwhostsettings{'update'}='on';
+ }
+ #check if ruleupdate is needed
+ if($count > 0 )
+ {
+ &rules;
+ }
+ &addgrp;
+ &viewtablegrp;
+
+}
+if ($fwhostsettings{'ACTION'} eq 'saveservice')
+{
+ my $ICMP;
+
+ &General::readhasharray("$configsrv", \%customservice );
+ $errormessage=&checkports(\%customservice);
+
+ if ($fwhostsettings{'PROT'} eq 'ICMP'){
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ foreach my $key (keys %icmptypes){
+ if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwhostsettings{'ICMP_TYPES'}){
+ $ICMP=$icmptypes{$key}[0];
+ }
+ }
+ }
+ if($ICMP eq ''){$ICMP='BLANK';}
+ if (!$errormessage){
+
+ my $key = &General::findhasharraykey (\%customservice);
+ foreach my $i (0 .. 4) { $customservice{$key}[$i] = "";}
+ $customservice{$key}[0] = $fwhostsettings{'SRV_NAME'};
+ $customservice{$key}[1] = $fwhostsettings{'SRV_PORT'};
+ $customservice{$key}[2] = $fwhostsettings{'PROT'};
+ $customservice{$key}[3] = $ICMP;
+ $customservice{$key}[4] = 0;
+ &General::writehasharray("$configsrv", \%customservice );
+ #reset fields
+ $fwhostsettings{'SRV_NAME'}='';
+ $fwhostsettings{'SRV_PORT'}='';
+ $fwhostsettings{'PROT'}='';
+ $fwhostsettings{'ICMP_TYPES'}='';
+
+ }
+
+ &addservice;
+
+}
+if ($fwhostsettings{'ACTION'} eq 'saveservicegrp')
+{
+ my $prot;
+ my $port;
+ my $count=0;
+ &General::readhasharray("$configsrvgrp", \%customservicegrp );
+ &General::readhasharray("$configsrv", \%customservice );
+
+ $errormessage=&checkservicegroup;
+
+ if (!$errormessage){
+ #on first save, we have to enter a dummy value
+ if ($fwhostsettings{'CUST_SRV'} eq ''){$fwhostsettings{'CUST_SRV'}=$Lang::tr{'fwhost empty'};}
+
+ #on update, we have to delete the dummy entry
+ foreach my $key (keys %customservicegrp){
+ if ($customservicegrp{$key}[2] eq $Lang::tr{'fwhost empty'}){
+ delete $customservicegrp{$key};
+ last;
+ }
+ }
+ &General::writehasharray("$configsrvgrp", \%customservicegrp );
+ #check if remark has also changed
+ if ($fwhostsettings{'SRVGRP_REMARK'} ne $fwhostsettings{'oldsrvgrpremark'} && $fwhostsettings{'updatesrvgrp'} eq 'on')
+ {
+ foreach my $key (keys %customservicegrp)
+ {
+ if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'} && $customservicegrp{$key}[1] eq $fwhostsettings{'oldsrvgrpremark'})
+ {
+ $customservicegrp{$key}[1]='';
+ $customservicegrp{$key}[1]=$fwhostsettings{'SRVGRP_REMARK'};
+ }
+ }
+ }
+ #get count used
+ foreach my $key (keys %customservicegrp)
+ {
+ if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'})
+ {
+ $count=$customservicegrp{$key}[5];
+ last;
+ }
+ }
+ if ($count eq '' ){$count='0';}
+
+ foreach my $key (sort keys %customservice){
+ if($customservice{$key}[0] eq $fwhostsettings{'CUST_SRV'}){
+ $port=$customservice{$key}[1];
+ $prot=$customservice{$key}[2];
+ $customservice{$key}[4]++;
+ }
+ }
+ &General::writehasharray("$configsrv", \%customservice );
+
+ my $key = &General::findhasharraykey (\%customservicegrp);
+ foreach my $i (0 .. 3) { $customservice{$key}[$i] = "";}
+ $customservicegrp{$key}[0] = $fwhostsettings{'SRVGRP_NAME'};
+ $customservicegrp{$key}[1] = $fwhostsettings{'SRVGRP_REMARK'};
+ $customservicegrp{$key}[2] = $fwhostsettings{'CUST_SRV'};
+ $customservicegrp{$key}[3] = $port;
+ $customservicegrp{$key}[4] = $prot;
+ $customservicegrp{$key}[5] = $count;
+ &General::writehasharray("$configsrvgrp", \%customservicegrp );
+ $fwhostsettings{'updatesrvgrp'}='on';
+ }
+ if ($fwhostsettings{'SRVGRP_REMARK'} ne $fwhostsettings{'oldsrvgrpremark'} && $errormessage){
+ foreach my $key (keys %customservicegrp)
+ {
+ if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'} && $customservicegrp{$key}[1] eq $fwhostsettings{'oldsrvgrpremark'})
+ {
+ $customservicegrp{$key}[1]='';
+ $customservicegrp{$key}[1]=$fwhostsettings{'SRVGRP_REMARK'};
+ }
+ }
+ &General::writehasharray("$configsrvgrp", \%customservicegrp);
+ $errormessage='';
+ $hint=$Lang::tr{'fwhost changeremark'};
+ $fwhostsettings{'update'}='on';
+ }
+ if ($count gt 0){
+ &rules;
+ }
+ &addservicegrp;
+ &viewtableservicegrp;
+}
+# edit
+if ($fwhostsettings{'ACTION'} eq 'editnet')
+{
+ &addnet;
+ &viewtablenet;
+}
+if ($fwhostsettings{'ACTION'} eq 'edithost')
+{
+ &addhost;
+ &viewtablehost;
+}
+if ($fwhostsettings{'ACTION'} eq 'editgrp')
+{
+ $fwhostsettings{'update'}='on';
+ &addgrp;
+ &viewtablegrp;
+}
+if ($fwhostsettings{'ACTION'} eq 'editservice')
+{
+ $fwhostsettings{'updatesrv'}='on';
+ &addservice;
+}
+if ($fwhostsettings{'ACTION'} eq 'editservicegrp')
+{
+ $fwhostsettings{'updatesrvgrp'} = 'on';
+ &addservicegrp;
+ &viewtableservicegrp;
+}
+# reset
+if ($fwhostsettings{'ACTION'} eq 'resetnet')
+{
+ $fwhostsettings{'HOSTNAME'} ="";
+ $fwhostsettings{'IP'} ="";
+ $fwhostsettings{'SUBNET'} ="";
+ &showmenu;
+}
+if ($fwhostsettings{'ACTION'} eq 'resethost')
+{
+ $fwhostsettings{'HOSTNAME'} ="";
+ $fwhostsettings{'IP'} ="";
+ $fwhostsettings{'type'} ="";
+ &showmenu;
+}
+# delete
+if ($fwhostsettings{'ACTION'} eq 'delnet')
+{
+ &General::readhasharray("$confignet", \%customnetwork);
+ foreach my $key (keys %customnetwork) {
+ if($fwhostsettings{'key'} eq $customnetwork{$key}[0]){
+ delete $customnetwork{$key};
+ &General::writehasharray("$confignet", \%customnetwork);
+ last;
+ }
+ }
+ &addnet;
+ &viewtablenet;
+}
+if ($fwhostsettings{'ACTION'} eq 'delhost')
+{
+ &General::readhasharray("$confighost", \%customhost);
+ foreach my $key (keys %customhost) {
+ if($fwhostsettings{'key'} eq $customhost{$key}[0]){
+ delete $customhost{$key};
+ &General::writehasharray("$confighost", \%customhost);
+ last;
+ }
+ }
+ &addhost;
+ &viewtablehost;
+
+}
+if ($fwhostsettings{'ACTION'} eq 'deletegrphost')
+{
+ &General::readhasharray("$configgrp", \%customgrp);
+ foreach my $key (keys %customgrp){
+ if($customgrp{$key}[0].",".$customgrp{$key}[1].",".$customgrp{$key}[2].",".$customgrp{$key}[3] eq $fwhostsettings{'delhost'}){
+ #decrease count from source host/net
+ if ($customgrp{$key}[3] eq 'Custom Network'){
+ &General::readhasharray("$confignet", \%customnetwork);
+ foreach my $key1 (keys %customnetwork){
+ if ($customnetwork{$key1}[0] eq $customgrp{$key}[2]){
+ $customnetwork{$key1}[3] = $customnetwork{$key1}[3]-1;
+ last;
+ }
+ }
+ &General::writehasharray("$confignet", \%customnetwork);
+ }
+ if ($customgrp{$key}[3] eq 'Custom Host'){
+ &General::readhasharray("$confighost", \%customhost);
+ foreach my $key1 (keys %customhost){
+ if ($customhost{$key1}[0] eq $customgrp{$key}[2]){
+ $customhost{$key1}[3] = $customhost{$key1}[3]-1;
+ last;
+ }
+ }
+ &General::writehasharray("$confighost", \%customhost);
+ }
+ delete $customgrp{$key};
+ }
+ }
+ &General::writehasharray("$configgrp", \%customgrp);
+ &rules;
+ &addgrp;
+ &viewtablegrp;
+}
+if ($fwhostsettings{'ACTION'} eq 'delgrp')
+{
+ &General::readhasharray("$configgrp", \%customgrp);
+ &decrease($fwhostsettings{'grp_name'});
+ foreach my $key (sort keys %customgrp)
+ {
+ if($customgrp{$key}[0] eq $fwhostsettings{'grp_name'})
+ {
+ delete $customgrp{$key};
+ }
+ }
+ &General::writehasharray("$configgrp", \%customgrp);
+ $fwhostsettings{'grp_name'}='';
+ &addgrp;
+ &viewtablegrp;
+}
+if ($fwhostsettings{'ACTION'} eq 'delservice')
+{
+ &General::readhasharray("$configsrv", \%customservice);
+ foreach my $key (keys %customservice) {
+ if($customservice{$key}[0] eq $fwhostsettings{'SRV_NAME'}){
+ #&deletefromgrp($customhost{$key}[0],$configgrp);
+ delete $customservice{$key};
+ &General::writehasharray("$configsrv", \%customservice);
+ last;
+ }
+ }
+ $fwhostsettings{'SRV_NAME'}='';
+ $fwhostsettings{'SRV_PORT'}='';
+ $fwhostsettings{'PROT'}='';
+ &addservice;
+}
+if ($fwhostsettings{'ACTION'} eq 'delservicegrp')
+{
+ &General::readhasharray("$configsrvgrp", \%customservicegrp);
+ &decreaseservice($fwhostsettings{'SRVGRP_NAME'});
+ foreach my $key (sort keys %customservicegrp)
+ {
+ if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'})
+ {
+ delete $customservicegrp{$key};
+ }
+ }
+ &General::writehasharray("$configsrvgrp", \%customservicegrp);
+ $fwhostsettings{'SRVGRP_NAME'}='';
+ &addservicegrp;
+ &viewtableservicegrp;
+}
+if ($fwhostsettings{'ACTION'} eq 'delgrpservice')
+{
+ &General::readhasharray("$configsrvgrp", \%customservicegrp);
+ &General::readhasharray("$configsrv", \%customservice);
+ foreach my $key (keys %customservicegrp){
+ if($customservicegrp{$key}[0].",".$customservicegrp{$key}[1].",".$customservicegrp{$key}[2].",".$customservicegrp{$key}[3] eq $fwhostsettings{'delsrvfromgrp'})
+ {
+ #decrease count from source service
+ foreach my $key1 (sort keys %customservice){
+ if($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
+ $customservice{$key1}[4]--;
+ last;
+ }
+ }
+ &General::writehasharray("$configsrv", \%customservice);
+ delete $customservicegrp{$key}
+ }
+ }
+ &General::writehasharray("$configsrvgrp", \%customservicegrp);
+ &rules;
+ &addservicegrp;
+ &viewtableservicegrp;
+
+}
+if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newnet'})
+{
+ &addnet;
+ &viewtablenet;
+}
+if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newhost'})
+{
+ &addhost;
+ &viewtablehost;
+}
+if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newgrp'})
+{
+ &addgrp;
+ &viewtablegrp;
+}
+if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newservice'})
+{
+ &addservice;
+}
+if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newservicegrp'})
+{
+ &addservicegrp;
+ &viewtableservicegrp;
+}
+### VIEW ###
+if($fwhostsettings{'ACTION'} eq '')
+{
+ &showmenu;
+}
+### FUNCTIONS ###
+sub showmenu
+{
+
+ &Header::openbox('100%', 'left',$Lang::tr{'fwhost menu'});
+ print<<END;
+ <table border='0' width='100%'><form method='post'>
+ <tr><td><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newnet'}' /><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newhost'}' /><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newgrp'}' /></td>
+ <td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservice'}' /><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservicegrp'}' /></td></tr>
+ <tr><td colspan='6'><hr></hr></td></tr></table></form>
+END
+
+ &Header::closebox();
+
+}
+# Add
+sub addnet
+{
+ &error;
+ &showmenu;
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost addnet'});
+ $fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};
+ print<<END;
+ <table border='0' width='100%'><form method='post' style='display:inline' >
+ <tr><td>$Lang::tr{'name'}:</td><td><input type='TEXT' name='HOSTNAME' value='$fwhostsettings{'HOSTNAME'}' $fwhostsettings{'BLK_HOST'}></td><td>$Lang::tr{'fwhost netaddress'}</td><td><input type='TEXT' name='IP' value='$fwhostsettings{'IP'}' $fwhostsettings{'BLK_IP'} size='14'></td><td align='right'>$Lang::tr{'netmask'}:</td><td align='right'><input type='TEXT' name='SUBNET' value='$fwhostsettings{'SUBNET'}' $fwhostsettings{'BLK_IP'} size='14'></td></tr>
+ <tr><td colspan='6'><hr></hr></td></tr><tr>
+END
+ if ($fwhostsettings{'ACTION'} eq 'editnet' || $fwhostsettings{'error'} eq 'on')
+ {
+ print "<td colspan='6' align='right' ><input type='submit' value='$Lang::tr{'update'}'><input type='hidden' name='ACTION' value='updatenet'><input type='hidden' name='orgname' value='$fwhostsettings{'orgname'}' ><input type='hidden' name='update' value='on'><input type='hidden' name='newnet' value='$fwhostsettings{'newnet'}'>";
+ }else{
+ print "<td colspan='6' align='right'><input type='submit' value='$Lang::tr{'save'}' /><input type='hidden' name='ACTION' value='savenet'><input type='hidden' name='newnet' value='on'>";
+ }
+ print "</form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' ><input type='hidden' name='ACTION' value='resetnet'></td></tr></table></form>";
+ &Header::closebox();
+}
+sub addhost
+{
+ &error;
+ &showmenu;
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost addhost'});
+ $fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};
+ print<<END;
+ <table border='0' width='100%'><form method='post' style='display:inline'>
+ <tr><td>$Lang::tr{'name'}:</td><td width='35%'><input type='TEXT' name='HOSTNAME' value='$fwhostsettings{'HOSTNAME'}' $fwhostsettings{'BLK_HOST'} ></td><td><select name='type'>
+END
+ if ($fwhostsettings{'type'} eq 'ip'){print "<option value='ip' selected >IP</option>";}else{print "<option value='ip' >IP</option>";}
+ if ($fwhostsettings{'type'} eq 'mac'){print "<option value='mac' selected >MAC</option>";}else{print "<option value='mac' >MAC</option>";}
+ print<<END;
+ </option></select></td><td align='right' width='15%'>IP/MAC:</td><td align='right'><input type='TEXT' name='IP' value='$fwhostsettings{'IP'}' $fwhostsettings{'BLK_IP'} ></td></tr>
+ <tr><td colspan='7'><br><br><b>$Lang::tr{'fwhost attention'}</b><br>$Lang::tr{'fwhost macwarn'}</td></tr>
+ <tr><td colspan='7'><hr></hr></td></tr>
+END
+
+ if ($fwhostsettings{'ACTION'} eq 'edithost' || $fwhostsettings{'error'} eq 'on')
+ {
+
+ print " <td colspan='6' align='right'><input type='submit' value='$Lang::tr{'update'}' /><input type='hidden' name='ACTION' value='updatehost'><input type='hidden' name='orgname' value='$fwhostsettings{'orgname'}' ><input type='hidden' name='update' value='on'><input type='hidden' name='newhost' value='$fwhostsettings{'newhost'}'></form>";
+ }else{
+ print " <td colspan='6' align='right'><input type='submit' name='savehost' value='$Lang::tr{'save'}' /><input type='hidden' name='ACTION' value='savehost' /><input type='hidden' name='newhost' value='on'>";
+ }
+ print " </form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}'><input type='hidden' name='ACTION' value='resethost'></td></tr></table></form>";
+ &Header::closebox();
+}
+sub addgrp
+{
+ &hint;
+ &error;
+ &showmenu;
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost addgrp'});
+ &General::setup_default_networks(\%defaultNetworks);
+ my %checked=();
+ $checked{'check1'}{'off'} = '';
+ $checked{'check1'}{'on'} = '';
+ $checked{'grp2'}{$fwhostsettings{'grp2'}} = 'CHECKED';
+ $fwhostsettings{'oldremark'}=$fwhostsettings{'remark'};
+
+ if ($fwhostsettings{'update'} eq ''){
+ print<<END;
+ <table width='100%' border='0'><form method='post'>
+ <tr><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost addgrpname'}</td><td><input type='TEXT' name='grp_name' value='$fwhostsettings{'grp_name'}' size='24'></td><td align='right'>$Lang::tr{'remark'}:</td><td align='right'><input type='TEXT' name='remark' size='30' value='$fwhostsettings{'remark'}'></tr>
+ <tr><td colspan='5'><hr></td></tr></table>
+END
+ }else{
+ print<<END;
+ <table width='100%' border='0'><form method='post'>
+ <tr><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost addgrpname'}</td><td><input type='TEXT' name='grp_name' size='24' value='$fwhostsettings{'grp_name'}' readonly ></td><td>$Lang::tr{'remark'}:</td><td><input type='TEXT' name='remark' size='30' value='$fwhostsettings{'remark'}'></tr>
+ <tr><td colspan='5'><hr></td></tr></table>
+END
+
+ }
+ if ($fwhostsettings{'update'} eq 'on'){
+
+
+ print<<END;
+ <table width='100%' border='0'><tr><td width='1%'><input type='radio' name='grp2' value='std_net' checked></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost stdnet'}</td><td><select name='DEFAULT_SRC_ADR' style='min-width:185px;'>
+
+END
+ foreach my $network (sort keys %defaultNetworks)
+ {
+ next if($defaultNetworks{$network}{'LOCATION'} eq "IPCOP");
+ print "<option value='$defaultNetworks{$network}{'NAME'}'";
+ print " selected='selected'" if ($fwhostsettings{'DEFAULT_SRC_ADR'} eq $defaultNetworks{$network}{'NAME'});
+ print ">$network</option>";
+ }
+
+ print<<END;
+ </select></td><td width='1%'><input type='radio' name='grp2' value='ovpn_net' $checked{'grp2'}{'ovpn_net'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%'><select name='OVPN_CCD_NET' style='min-width:185px;'>
+END
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ foreach my $key (sort { uc($ccdnet{$a}[0]) cmp uc($ccdnet{$b}[0]) } keys %ccdnet)
+ {
+ print"<option value='$ccdnet{$key}[0]'>$ccdnet{$key}[0]</option>";
+ }
+
+ print<<END;
+ </select></td></tr>
+ <tr><td><input type='radio' name='grp2' value='cust_net' $checked{'grp2'}{'cust_net'}></td><td>$Lang::tr{'fwhost cust net'}</td><td><select name='CUST_SRC_NET' style='min-width:185px;'>
+END
+ &General::readhasharray("$confignet", \%customnetwork);
+ foreach my $key (sort { uc($customnetwork{$a}[0]) cmp uc($customnetwork{$b}[0]) } keys %customnetwork) {
+ print"<option>$customnetwork{$key}[0]</option>";
+ }
+
+ print<<END;
+ </select></td><td width='1%'><input type='radio' name='grp2' value='ovpn_host' $checked{'grp2'}{'ovpn_host'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' width='1%'><select name='OVPN_CCD_HOST' style='min-width:185px;'>
+END
+ &General::readhasharray("$configccdhost", \%ccdhost);
+ foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost)
+ {
+ if ($ccdhost{$key}[33] ne ''){
+ print"<option value='$ccdhost{$key}[1]'>$ccdhost{$key}[1]</option>";
+ }
+ }
+
+ print<<END;
+ </select></td></tr>
+ <tr><td valign='top'><input type='radio' name='grp2' value='cust_host' $checked{'grp2'}{'cust_host'}></td><td valign='top'>$Lang::tr{'fwhost cust addr'}</td><td><select name='CUST_SRC_HOST' style='min-width:185px;'>
+END
+ &General::readhasharray("$confighost", \%customhost);
+ foreach my $key (sort { uc($customhost{$a}[0]) cmp uc($customhost{$b}[0]) } keys %customhost) {
+ print"<option>$customhost{$key}[0]</option>";
+ }
+ print<<END;
+ </select></td><td width='1%'><input type='radio' name='grp2' value='ovpn_n2n' $checked{'grp2'}{'ovpn_n2n'}></td><td valign='top'>$Lang::tr{'fwhost ovpn_n2n'}</td><td colspan='3'><select name='OVPN_N2N' style='min-width:185px;'>
+END
+ &General::readhasharray("$configccdhost", \%ccdhost);
+ foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost) {
+ if($ccdhost{$key}[3] eq 'net'){
+ print"<option>$ccdhost{$key}[1]</option>";
+ }
+ }
+ print<<END;
+ </select></td></tr>
+ <tr><td colspan='3'></td><td valign='top'><input type='radio' name='grp2' value='ipsec_net' $checked{'grp2'}{'ipsec_net'}></td><td valign='top'>$Lang::tr{'fwhost ipsec net'}</td><td><select name='IPSEC_NET' style='min-width:185px;'>
+END
+ &General::readhasharray("$configipsec", \%ipsecconf);
+ foreach my $key (sort { uc($ipsecconf{$a}[0]) cmp uc($ipsecconf{$b}[0]) } keys %ipsecconf) {
+ if ($ipsecconf{$key}[3] eq 'net'){
+ print"<option value='$ipsecconf{$key}[1]'>$ipsecconf{$key}[1]</option>";
+ }
+ }
+ print<<END;
+ </select></td></tr></table>
+END
+# <td colspan='3'></td><td valign='top'><input type='radio' name='grp2' value='ipsec_host' $checked{'grp2'}{'ipsec_host'}></td><td valign='top'>$Lang::tr{'fwhost ipsec host'}</td><td><select name='IPSEC_HOST' style='min-width:185px;'>
+#END
+# &General::readhasharray("$configipsec", \%ipsecconf);
+# foreach my $key (sort { uc($ipsecconf{$a}[0]) cmp uc($ipsecconf{$b}[0]) } keys %ipsecconf) {
+# if ($ipsecconf{$key}[3] eq 'host'){
+# print"<option>$ipsecconf{$key}[1]</option>";
+# }
+# }
+# print<<END;
+# </select></td></tr>
+# <tr>
+ print<<END;
+ <br><br><br>
+ <b>$Lang::tr{'fwhost attention'}:</b><br>
+ $Lang::tr{'fwhost macwarn'}<br><hr>
+END
+ }
+ print<<END;
+ <table border='0' width='100%'>
+ <tr><td align='right'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' /><input type='hidden' name='oldremark' value='$fwhostsettings{'oldremark'}'><input type='hidden' name='ACTION' value='savegrp' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value'reset'></td></td>
+ </table></form>
+END
+
+ &Header::closebox();
+}
+sub addservice
+{
+ &error;
+ &showmenu;
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost newservice'});
+ if ($fwhostsettings{'updatesrv'} eq 'on')
+ {
+ $fwhostsettings{'oldsrvname'} = $fwhostsettings{'SRV_NAME'};
+ $fwhostsettings{'oldsrvport'} = $fwhostsettings{'SRV_PORT'};
+ $fwhostsettings{'oldsrvprot'} = $fwhostsettings{'PROT'};
+ }
+ print<<END;
+ <table width='100%' border='0'><form method='post'>
+ <tr><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost srv_name'}:</td><td width='1%' nowrap='nowrap'><input type='text' name='SRV_NAME' value='$fwhostsettings{'SRV_NAME'}'></td><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost prot'}:</td><td><select name='PROT'>
+END
+ foreach ("TCP","UDP","ICMP")
+ {
+ if ($_ eq $fwhostsettings{'PROT'})
+ {
+ print"<option selected>$_</option>";
+ }else{
+ print"<option>$_</option>";
+ }
+ }
+ print<<END;
+ </select></td><td>$Lang::tr{'fwhost port'}:</td><td><input type='text' name='SRV_PORT' value='$fwhostsettings{'SRV_PORT'}' maxlength='11' size='9'></td></tr>
+ <tr><td></td><td></td><td nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td colspan='4'><select name='ICMP_TYPES'>
+END
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ print"<option>All ICMP-Types</option>";
+ foreach my $key (sort { uc($icmptypes{$a}[0]) cmp uc($icmptypes{$b}[0]) }keys %icmptypes){
+ print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }
+
+ print<<END;
+ </select></td>
+ <tr><td colspan='6'><hr></td></tr>
+ <tr><td colspan='6' align='right'>
+END
+ if ($fwhostsettings{'updatesrv'} eq 'on')
+ {
+ print<<END;
+ <input type='submit' value='$Lang::tr{'fwhost change'}'>
+ <input type='hidden' name='ACTION' value='updateservice'>
+ <input type='hidden' name='oldsrvname' value='$fwhostsettings{'oldsrvname'}'>
+ <input type='hidden' name='oldsrvport' value='$fwhostsettings{'oldsrvport'}'>
+ <input type='hidden' name='oldsrvprot' value='$fwhostsettings{'oldsrvprot'}'></form>
+END
+
+ }else{
+ print"<input type='submit' value='$Lang::tr{'save'}'><input type='hidden' name='ACTION' value='saveservice'></form>";
+ }
+ print<<END;
+ <form style='display:inline;' method='post'><input type='submit' value='$Lang::tr{'fwhost reset'}'></form></td></tr>
+ </table></form>
+
+
+END
+ &Header::closebox();
+ &viewtableservice;
+}
+sub addservicegrp
+{
+ &hint;
+ &error;
+ &showmenu;
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost newservicegrp'});
+ $fwhostsettings{'oldsrvgrpremark'}=$fwhostsettings{'SRVGRP_REMARK'};
+
+ if ($fwhostsettings{'updatesrvgrp'} eq ''){
+ print<<END;
+ <table width='100%' border='0'><form method='post'>
+ <tr><td>$Lang::tr{'fwhost addgrpname'}</td><td><input type='text' name='SRVGRP_NAME' value='$fwhostsettings{'SRVGRP_NAME'}'></td><td>$Lang::tr{'remark'}:</td><td width='1%'><input type='text' name='SRVGRP_REMARK' size='35' value='$fwhostsettings{'SRVGRP_REMARK'}'></td></tr>
+ <tr><td colspan='4'><hr></td></td></tr>
+ </table>
+END
+ }else{
+ print<<END;
+ <table width='100%' border='0'><form method='post'>
+ <tr><td>$Lang::tr{'fwhost addgrpname'}</td><td><input type='text' name='SRVGRP_NAME' value='$fwhostsettings{'SRVGRP_NAME'}' readonly ></td><td>$Lang::tr{'remark'}:</td><td width='1%'><input type='text' name='SRVGRP_REMARK' size='35' value='$fwhostsettings{'SRVGRP_REMARK'}'></td></tr>
+ <tr><td colspan='4'><hr></td></td></tr>
+ </table>
+END
+ }
+ if($fwhostsettings{'updatesrvgrp'} eq 'on'){
+
+
+ print<<END;
+ <table width='100%' border='0'>
+ <tr><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td><select name='CUST_SRV' style='min-width:185px;'>
+END
+ &General::readhasharray("$configsrv", \%customservice);
+ foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice)
+ {
+ print "<option>$customservice{$key}[0]</option>";
+ }
+ print<<END;
+ </select></td></tr>
+ <tr><td colspan='4'><br><br><br></td></tr>
+ <tr><td colspan='4'><hr></td></tr>
+ </table>
+END
+ }
+ print<<END;
+ <table width='100%'>
+ <tr><td align='right'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' /><input type='hidden' name='updatesrvgrp' value='$fwhostsettings{'updatesrvgrp'}'><input type='hidden' name='oldsrvgrpremark' value='$fwhostsettings{'oldsrvgrpremark'}'><input type='hidden' name='ACTION' value='saveservicegrp' ></form> <form style='display:inline;' method='post'><input type='submit' value='$Lang::tr{'fwhost back'}'></td></tr>
+ </table></form>
+END
+
+ &Header::closebox();
+}
+# View
+sub viewtablenet
+{
+ if(! -z $confignet){
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust net'});
+ &General::readhasharray("$confignet", \%customnetwork);
+ if (!keys %customnetwork)
+ {
+ print "<center><b>$Lang::tr{'fwhost empty'}</b>";
+ }else{
+ print<<END;
+ <table border='0' width='100%'>
+ <tr><td align='center'><b>$Lang::tr{'name'}</td><td align='center'><b>$Lang::tr{'fwhost netaddress'}</td><td align='center'><b>$Lang::tr{'netmask'}</td><td align='center'><b>$Lang::tr{'used'}</td><td></td><td width='3%'></td></tr>
+END
+ }
+ my $count=0;
+ foreach my $key (sort { uc($customnetwork{$a}[0]) cmp uc($customnetwork{$b}[0]) } keys %customnetwork) {
+ if ($fwhostsettings{'ACTION'} eq 'editnet' && $fwhostsettings{'HOSTNAME'} eq $customnetwork{$key}[0]) {
+ print" <tr bgcolor='${Header::colouryellow}'>";
+ }elsif ($count % 2)
+ {
+ print" <tr bgcolor='$color{'color22'}'>";
+ }else
+ {
+ print" <tr bgcolor='$color{'color20'}'>";
+ }
+ print<<END;
+ <td width='40%'><form method='post'>$customnetwork{$key}[0]</td><td width=25%'>$customnetwork{$key}[1]</td><td width='25%'>$customnetwork{$key}[2]</td><td align='center'>$customnetwork{$key}[3] x</td>
+ <td width='1%'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} />
+ <input type='hidden' name='ACTION' value='editnet'>
+ <input type='hidden' name='HOSTNAME' value='$customnetwork{$key}[0]' />
+ <input type='hidden' name='IP' value='$customnetwork{$key}[1]' />
+ <input type='hidden' name='SUBNET' value='$customnetwork{$key}[2]' />
+ </td></form>
+END
+ if($customnetwork{$key}[3] == '0')
+ {
+ print"<td width='1%'><form method='post'><input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} /><input type='hidden' name='ACTION' value='delnet' /><input type='hidden' name='key' value='$customnetwork{$key}[0]' /></td></form></tr>";
+ }else{
+ print"<td></td></form></tr>";
+ }
+ $count++;
+ }
+ print"</table>";
+ &Header::closebox();
+ }
+
+}
+sub viewtablehost
+{
+ if (! -z $confighost){
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust addr'});
+ &General::readhasharray("$confighost", \%customhost);
+ if (!keys %customhost)
+ {
+ print "<center><b>$Lang::tr{'fwhost empty'}</b>";
+ }else{
+ print<<END;
+ <table border='0' width='100%'>
+ <tr><td align='center'><b>$Lang::tr{'name'}</td><td align='center'><b>$Lang::tr{'fwhost ip_mac'}</td><td align='center'><b>$Lang::tr{'used'}</td><td></td><td width='3%'></td></tr>
+END
+ }
+ my $count=0;
+ foreach my $key (sort { uc($customhost{$a}[0]) cmp uc($customhost{$b}[0]) } keys %customhost) {
+ if ( ($fwhostsettings{'ACTION'} eq 'edithost' || $fwhostsettings{'error'}) && $fwhostsettings{'HOSTNAME'} eq $customhost{$key}[0]) {
+ print" <tr bgcolor='${Header::colouryellow}'>";
+ }elsif ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}
+ else{ print" <tr bgcolor='$color{'color20'}'>";}
+ my ($ip,$sub)=split(/\//,$customhost{$key}[2]);
+ print<<END;
+ <td width='40%'><form method='post'>$customhost{$key}[0]</td><td width='50%'>$customhost{$key}[2]</td><td align='center'>$customhost{$key}[3] x</td>
+ <td width='1%'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} />
+ <input type='hidden' name='ACTION' value='edithost' />
+ <input type='hidden' name='HOSTNAME' value='$customhost{$key}[0]' />
+ <input type='hidden' name='IP' value='$ip' />
+ <input type='hidden' name='type' value='$customhost{$key}[1]' />
+ </td></form>
+END
+ if($customhost{$key}[3] == '0')
+ {
+ print"<td width='1%'><form method='post'><input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} /><input type='hidden' name='ACTION' value='delhost' /><input type='hidden' name='key' value='$customhost{$key}[0]' /></td></form></tr>";
+ }else{
+ print"<td width='1%'></td></tr>";
+ }
+ $count++;
+ }
+ print"</table>";
+ &Header::closebox();
+ }
+}
+sub viewtablegrp
+{
+ if(! -z "$configgrp"){
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust grp'});
+ &General::readhasharray("$configgrp", \%customgrp);
+ &General::readhasharray("$configipsec", \%ipsecconf);
+ &General::readhasharray("$configccdhost", \%ccdhost);
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ &General::readhasharray("$confighost", \%customhost);
+ &General::readhasharray("$confignet", \%customnetwork);
+ my @grp=();
+ my $helper='';
+ my $count=0;
+ my $grpname;
+ my $remark;
+ my $number=keys %customgrp;
+ if (!keys %customgrp)
+ {
+ print "<center><b>$Lang::tr{'fwhost empty'}</b>";
+ }else{
+ foreach my $key (sort { uc($customgrp{$a}[0]) cmp uc($customgrp{$b}[0]) } sort { uc($customgrp{$a}[2]) cmp uc($customgrp{$b}[2]) } keys %customgrp){
+
+ $count++;
+ if ($helper ne $customgrp{$key}[0]){
+ $grpname=$customgrp{$key}[0];
+ $remark=$customgrp{$key}[1];
+ if($count >=2){print"</table>";}
+ print "<br><b><u>$grpname</u></b>    ";
+ print " <b>$Lang::tr{'remark'}:</b>  $remark   " if ($remark ne '');
+ print "<b>$Lang::tr{'used'}:</b> $customgrp{$key}[4] x";
+ if($customgrp{$key}[4] == '0')
+ {
+ print"<form method='post' style='display:inline'><input type='image' src='/images/delete.gif' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} align='right' /><input type='hidden' name='grp_name' value='$grpname' ><input type='hidden' name='ACTION' value='delgrp'></form>";
+ }
+ print"<form method='post' style='display:inline'><input type='image' src='/images/edit.gif' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} align='right' /><input type='hidden' name='grp_name' value='$grpname' ><input type='hidden' name='remark' value='$remark' ><input type='hidden' name='ACTION' value='editgrp'></form>";
+ print"<table width='100%' style='border: 1px solid #000000;' rules='none' ><tr><td align='center'><b>Name</b></td><td align='center'><b>$Lang::tr{'ip address'}</b></td><td align='center' width='25%'><b>$Lang::tr{'fwhost type'}</td></tr>";
+ }
+ if ( ($fwhostsettings{'ACTION'} eq 'editgrp' || $fwhostsettings{'update'} ne '') && $fwhostsettings{'grp_name'} eq $customgrp{$key}[0]) {
+ print" <tr bgcolor='${Header::colouryellow}'>";
+ }elsif ($count %2 == 0){print"<tr bgcolor='$color{'color22'}'>";}else{print"<tr bgcolor='$color{'color20'}'>";}
+ my $ip=&getipforgroup($customgrp{$key}[2],$customgrp{$key}[3]);
+ if ($ip eq ''){print"<tr bgcolor='${Header::colouryellow}'>";}
+
+
+ print "<td width='39%'>";
+ if($customgrp{$key}[3] eq 'Standard Network'){
+ print &get_name($customgrp{$key}[2])."</td>";
+ }else{
+ print "$customgrp{$key}[2]</td>";
+ }
+ if ($ip eq '' && $customgrp{$key}[2] ne $Lang::tr{'fwhost empty'}){
+ print "<td align='center'>$Lang::tr{'fwhost deleted'}</td><td>$customgrp{$key}[3]</td><td width='1%'><form method='post'>";
+ }else{
+ print"<td>$ip</td><td>$customgrp{$key}[3]</td><td width='1%'><form method='post'>";
+ }
+ if ($number gt '1' && $ip ne ''){
+ print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
+ }
+ print"<input type='hidden' name='ACTION' value='deletegrphost'><input type='hidden' name='delhost' value='$grpname,$remark,$customgrp{$key}[2],$customgrp{$key}[3]'></form></td></tr>";
+
+ $helper=$customgrp{$key}[0];
+ }
+ print"</table>";
+
+ }
+ &Header::closebox();
+}
+
+}
+sub viewtableservice
+{
+ my $count=0;
+ if(! -z "$configsrv")
+ {
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost services'});
+ &General::readhasharray("$configsrv", \%customservice);
+ print<<END;
+ <table width='100%' border='0'>
+ <tr><td align='center'><b>$Lang::tr{'fwhost srv_name'}</td><td align='center'><b>$Lang::tr{'fwhost prot'}</td><td align='center'><b>$Lang::tr{'fwhost port'}</td><td align='center'><b>ICMP</td><td align='center'><b>$Lang::tr{'fwhost used'}</td><td></td><td width='3%'></td></tr>
+END
+ foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice)
+ {
+ $count++;
+ if ( ($fwhostsettings{'updatesrv'} eq 'on' || $fwhostsettings{'error'}) && $fwhostsettings{'SRV_NAME'} eq $customservice{$key}[0]) {
+ print" <tr bgcolor='${Header::colouryellow}'>";
+ }elsif ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}else{ print" <tr bgcolor='$color{'color20'}'>";}
+ print<<END;
+ <td>$customservice{$key}[0]</td><td align='center'>$customservice{$key}[2]</td><td align='center'>$customservice{$key}[1]</td><td align='center'>
+END
+ if($customservice{$key}[3] ne 'BLANK'){print $customservice{$key}[3];}
+
+ print<<END;
+ </td><td align='center'>$customservice{$key}[4]x</td>
+ <td width='1%'><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} /><input type='hidden' name='ACTION' value='editservice' />
+ <input type='hidden' name='SRV_NAME' value='$customservice{$key}[0]' />
+ <input type='hidden' name='SRV_PORT' value='$customservice{$key}[1]' />
+ <input type='hidden' name='PROT' value='$customservice{$key}[2]' /></form></td>
+END
+ if ($customservice{$key}[4] eq '0')
+ {
+ print"<td width='1%'><form method='post'><input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} /><input type='hidden' name='ACTION' value='delservice' /><input type='hidden' name='SRV_NAME' value='$customservice{$key}[0]'></td></tr></form>";
+ }else{
+ print"<td></td></tr>";
+ }
+ }
+ print"</table>";
+ &Header::closebox();
+ }
+}
+sub viewtableservicegrp
+{
+ my $count=0;
+ my $grpname;
+ my $remark;
+ my $helper;
+ if (! -z $configsrvgrp){
+
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust srvgrp'});
+ &General::readhasharray("$configsrvgrp", \%customservicegrp);
+ my $number= keys %customservicegrp;
+ foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) } keys %customservicegrp){
+ $count++;
+ if ($helper ne $customservicegrp{$key}[0]){
+ $grpname=$customservicegrp{$key}[0];
+ $remark=$customservicegrp{$key}[1];
+ if($count >=2){print"</table>";}
+ print "<br><b><u>$grpname</u></b>     ";
+ print "<b>$Lang::tr{'remark'}:</b>  $remark " if ($remark ne '');
+ print "  <b>$Lang::tr{'used'}:</b> $customservicegrp{$key}[5] x";
+ if($customservicegrp{$key}[5] == '0')
+ {
+ print"<form method='post' style='display:inline'><input type='image' src='/images/delete.gif' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} align='right' /><input type='hidden' name='SRVGRP_NAME' value='$grpname' ><input type='hidden' name='ACTION' value='delservicegrp'></form>";
+ }
+ print"<form method='post' style='display:inline'><input type='image' src='/images/edit.gif' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} align='right' /><input type='hidden' name='SRVGRP_NAME' value='$grpname' ><input type='hidden' name='SRVGRP_REMARK' value='$remark' ><input type='hidden' name='ACTION' value='editservicegrp'></form>";
+ print"<table width='100%' style='border: 1px solid #000000;' rules='none' ><tr><td align='center'><b>Name</b></td><td align='center'><b>$Lang::tr{'port'}</b></td><td align='center' width='25%'><b>$Lang::tr{'fwhost prot'}</td></tr>";
+ }
+ if( $fwhostsettings{'SRVGRP_NAME'} eq $customservicegrp{$key}[0]) {
+ print" <tr bgcolor='${Header::colouryellow}'>";
+ }elsif ($count %2 == 0){print"<tr bgcolor='$color{'color22'}'>";}else{print"<tr bgcolor='$color{'color20'}'>";}
+ print "<td width='39%'>$customservicegrp{$key}[2]</td>";
+ print"<td align='center'>$customservicegrp{$key}[3]</td><td align='center'>$customservicegrp{$key}[4]</td><td width='1%'><form method='post'>";
+ if ($number gt '1'){
+ print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
+ }
+ print"<input type='hidden' name='ACTION' value='delgrpservice'><input type='hidden' name='delsrvfromgrp' value='$grpname,$remark,$customservicegrp{$key}[2],$customservicegrp{$key}[3]'></form></td></tr>";
+ $helper=$customservicegrp{$key}[0];
+ }
+ print"</table>";
+ &Header::closebox();
+ }
+}
+# Check
+sub checkname
+{
+ my %hash=%{(shift)};
+ foreach my $key (keys %hash) {
+ if($hash{$key}[0] eq $fwhostsettings{'HOSTNAME'}){
+ return 0;
+ }
+ }
+ return 1;
+
+}
+sub checkip
+{
+
+ my %hash=%{(shift)};
+ my $a=shift;
+ foreach my $key (keys %hash) {
+ if($hash{$key}[$a] eq $fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'})){
+ return 0;
+ }
+ }
+ return 1;
+}
+sub checksubnet
+{
+
+ my %hash=%{(shift)};
+ &General::readhasharray("$confignet", \%hash);
+ foreach my $key (keys %hash) {
+ if(&General::IpInSubnet($fwhostsettings{'IP'},$hash{$key}[1],$hash{$key}[2]))
+ {
+ return 1;
+ }
+ }
+ return 0;
+}
+sub checkservicegroup
+{
+ &General::readhasharray("$configsrvgrp", \%customservicegrp);
+
+
+ #check name
+ if ( ! &General::validhostname($fwhostsettings{'SRVGRP_NAME'}))
+ {
+ $errormessage.=$Lang::tr{'fwhost err name'}."<br>";
+ return $errormessage;
+ }
+ #check remark
+ if ( ($fwhostsettings{'SRVGRP_REMARK'} ne '') && (! &validhostname($fwhostsettings{'SRVGRP_REMARK'})))
+ {
+ $errormessage.=$Lang::tr{'fwhost err remark'}."<br>";
+ }
+ #check empty selectbox
+ if (keys %customservice lt 1)
+ {
+ $errormessage.=$Lang::tr{'fwhost err groupempty'}."<br>";
+ }
+
+ #check if name already exists
+ if ($fwhostsettings{'updatesrvgrp'} ne 'on'){
+ foreach my $key (keys %customservicegrp) {
+ if( $customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'} ){
+ $errormessage.=$Lang::tr{'fwhost err grpexist'}."<br>";
+
+ }
+ }
+ }
+ #check if service already exists in group
+ foreach my $key (keys %customservicegrp) {
+ if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'} && $customservicegrp{$key}[2] eq $fwhostsettings{'CUST_SRV'} ){
+ $errormessage.=$Lang::tr{'fwhost err srvexist'}."<br>";
+
+ }
+ }
+
+
+
+ return $errormessage;
+}
+sub error
+{
+ if ($errormessage) {
+ &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+ print "<class name='base'>$errormessage\n";
+ print " </class>\n";
+ &Header::closebox();
+ }
+}
+sub hint
+{
+ if ($hint) {
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost hint'});
+ print "<class name='base'>$hint\n";
+ print " </class>\n";
+ &Header::closebox();
+ }
+}
+sub get_name
+{
+ my $val=shift;
+ &General::setup_default_networks(\%defaultNetworks);
+ foreach my $network (sort keys %defaultNetworks)
+ {
+ return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
+ }
+}
+sub deletefromgrp
+{
+ my $target=shift;
+ my $config=shift;
+ my %hash=();
+ &General::readhasharray("$config",\%hash);
+ foreach my $key (keys %hash) {
+ $errormessage.="lese $hash{$key}[2] und $target<br>";
+ if($hash{$key}[2] eq $target){
+
+ delete $hash{$key};
+ $errormessage.="Habe $target aus Gruppe gelöscht!<br>";
+ }
+ }
+ &General::writehasharray("$config",\%hash);
+
+}
+sub plausicheck
+{
+
+ my $edit=shift;
+ #check hostname
+ if (!&General::validhostname($fwhostsettings{'HOSTNAME'}))
+ {
+ $errormessage=$errormessage.$Lang::tr{'fwhost err name'};
+ $fwhostsettings{'BLK_IP'}='readonly';
+ $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+ }
+ #check if name collides with CCD Netname
+
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ foreach my $key (keys %ccdnet) {
+ if($ccdnet{$key}[0] eq $fwhostsettings{'HOSTNAME'}){
+ $errormessage=$errormessage.$Lang::tr{'fwhost err isccdnet'};;
+ $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+ last;
+ }
+ }
+
+ #check if IP collides with CCD NetIP
+ if ($fwhostsettings{'type'} ne 'mac'){
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ foreach my $key (keys %ccdnet) {
+ my $test=(&General::getnetworkip($fwhostsettings{'IP'},&General::iporsubtocidr($fwhostsettings{'SUBNET'})))."/".$fwhostsettings{'SUBNET'};
+ if($ccdnet{$key}[1] eq $test){
+ $errormessage=$errormessage.$Lang::tr{'fwhost err isccdipnet'};
+ $fwhostsettings{'IP'} = $fwhostsettings{'orgip'};
+ $fwhostsettings{'SUBNET'} = $fwhostsettings{'orgsubnet'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+ last;
+ }
+ }
+ }
+
+
+
+ #check if name collides with CCD Hostname
+ &General::readhasharray("$configccdhost", \%ccdhost);
+ foreach my $key (keys %ccdhost) {
+ my ($ip,$sub)=split(/\//,$ccdhost{$key}[33]);
+ if($ip eq $fwhostsettings{'IP'}){
+ $errormessage=$Lang::tr{'fwhost err isccdiphost'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+ last;
+ }
+ }
+ #check if IP collides with CCD HostIP (only hosts)
+ if ($edit eq 'edithost')
+ {
+ foreach my $key (keys %ccdhost) {
+ if($ccdhost{$key}[1] eq $fwhostsettings{'HOSTNAME'}){
+ $errormessage=$Lang::tr{'fwhost err isccdhost'};
+ $fwhostsettings{'IP'} = $fwhostsettings{'orgname'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+ last;
+ }
+ }
+ }
+ #check if network with this name already exists
+ &General::readhasharray("$confignet", \%customnetwork);
+ if (!&checkname(\%customnetwork))
+ {
+ $errormessage=$errormessage."<br>".$Lang::tr{'fwhost err netexist'};
+ $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+ }
+ #check if network ip already exists
+ if (!&checkip(\%customnetwork,1))
+ {
+ $errormessage=$errormessage."<br>".$Lang::tr{'fwhost err net'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+ }
+ #check if host with this name already exists
+ &General::readhasharray("$confighost", \%customhost);
+ if (!&checkname(\%customhost))
+ {
+ $errormessage=$errormessage."<br>".$Lang::tr{'fwhost err hostexist'};
+ $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+ }
+ #check if host with this ip already exists
+ if (!&checkip(\%customhost,2))
+ {
+ $errormessage=$errormessage."<br>".$Lang::tr{'fwhost err ipcheck'};
+
+ }
+
+
+ return;
+}
+sub getipforgroup
+{
+ my $name=$_[0],
+ my $type=$_[1];
+ my $value;
+
+ #get address from IPSEC NETWORK
+ if ($type eq 'IpSec Network'){
+ foreach my $key (keys %ipsecconf) {
+ if ($ipsecconf{$key}[1] eq $name){
+ return $ipsecconf{$key}[11];
+ }
+ }
+ &deletefromgrp($name,$configgrp);
+ }
+
+ #get address from IPSEC HOST
+ if ($type eq 'IpSec Host'){
+ foreach my $key (keys %ipsecconf) {
+ if ($ipsecconf{$key}[1] eq $name){
+ return $ipsecconf{$key}[10];
+ }
+ }
+ &deletefromgrp($name,$configgrp);
+ }
+
+ #get address from ovpn ccd Net-2-Net
+ if ($type eq 'OpenVPN N-2-N'){
+ foreach my $key (keys %ccdhost) {
+ if($ccdhost{$key}[1] eq $name){
+ my ($a,$b) = split ("/",$ccdhost{$key}[11]);
+ $b=&General::iporsubtodec($b);
+ return "$a/$b";
+ }
+ }
+ &deletefromgrp($name,$configgrp);
+ }
+
+ #get address from ovpn ccd static host
+ if ($type eq 'OpenVPN static host'){
+ foreach my $key (keys %ccdhost) {
+ if($ccdhost{$key}[1] eq $name){
+ my ($a,$b) = split (/\//,$ccdhost{$key}[33]);
+ $b=&General::iporsubtodec($b);
+ return "$a/$b";
+ }
+ }
+ &deletefromgrp($name,$configgrp);
+ }
+
+ #get address from ovpn ccd static net
+ if ($type eq 'OpenVPN static network'){
+ foreach my $key (keys %ccdnet) {
+ if ($ccdnet{$key}[0] eq $name){
+ my ($a,$b) = split (/\//,$ccdnet{$key}[1]);
+ $b=&General::iporsubtodec($b);
+ return "$a/$b";
+ }
+ }
+ }
+
+ #check custom addresses
+ if ($type eq 'Custom Host'){
+ foreach my $key (keys %customhost) {
+ if ($customhost{$key}[0] eq $name){
+ return $customhost{$key}[2];
+ }
+ }
+ }
+
+ ##check custom networks
+ if ($type eq 'Custom Network'){
+ foreach my $key (keys %customnetwork) {
+ if($customnetwork{$key}[0] eq $name){
+ return $customnetwork{$key}[1]."/".$customnetwork{$key}[2];
+ }
+ }
+ }
+
+ #check standard networks
+ if ($type eq 'Standard Network'){
+ if ($name =~ /OpenVPN/i){
+ my %ovpn=();
+ &General::readhash("${General::swroot}/ovpn/settings",\%ovpn);
+ return $ovpn{'DOVPN_SUBNET'};
+ }
+ if ($name eq 'GREEN'){
+ my %hash=();
+ &General::readhash("${General::swroot}/ethernet/settings",\%hash);
+ return $hash{'GREEN_NETADDRESS'}."/".$hash{'GREEN_NETMASK'};
+ }
+ if ($name eq 'BLUE'){
+ my %hash=();
+ &General::readhash("${General::swroot}/ethernet/settings",\%hash);
+ return $hash{'BLUE_NETADDRESS'}."/".$hash{'BLUE_NETMASK'};
+ }
+ if ($name eq 'ORANGE'){
+ my %hash=();
+ &General::readhash("${General::swroot}/ethernet/settings",\%hash);
+ return $hash{'ORANGE_NETADDRESS'}."/".$hash{'ORANGE_NETMASK'};
+ }
+ if ($name eq 'ALL'){
+ return "0.0.0.0/0.0.0.0";
+ }
+ if ($name =~ /IPsec/i){
+ my %hash=();
+ &General::readhash("${General::swroot}/vpn/settings",\%hash);
+ return $hash{'RW_NET'};
+ }
+ }
+}
+sub rules
+{
+ system ("/usr/local/bin/forwardfwctrl");
+ system("rm ${General::swroot}/forward/reread");
+}
+sub decrease
+{
+ my $grp=$_[0];
+ &General::readhasharray("$confignet", \%customnetwork);
+ &General::readhasharray("$confighost", \%customhost);
+ foreach my $key (sort keys %customgrp ){
+ if ( ($customgrp{$key}[0] eq $grp) && ($customgrp{$key}[3] eq 'Custom Network')){
+ foreach my $key1 (sort keys %customnetwork){
+ if ($customnetwork{$key1}[0] eq $customgrp{$key}[2]){
+ $customnetwork{$key1}[3]=$customnetwork{$key1}[3]-1;
+ last;
+ }
+ }
+ }
+
+ if (($customgrp{$key}[0] eq $grp) && ($customgrp{$key}[3] eq 'Custom Host')){
+ foreach my $key2 (sort keys %customhost){
+ if ($customhost{$key2}[0] eq $customgrp{$key}[2]){
+ $customhost{$key2}[3]=$customhost{$key2}[3]-1;
+ last;
+ }
+ }
+
+ }
+ }
+ &General::writehasharray("$confignet", \%customnetwork);
+ &General::writehasharray("$confighost", \%customhost);
+}
+sub decreaseservice
+{
+ my $grp=$_[0];
+ &General::readhasharray("$configsrv", \%customservice);
+ &General::readhasharray("$configsrvgrp", \%customservicegrp);
+
+ foreach my $key (sort keys %customservicegrp){
+ if ($customservicegrp{$key}[0] eq $grp ){
+ foreach my $key2 (sort keys %customservice){
+ if ($customservice{$key2}[0] eq $customservicegrp{$key}[2]){
+ $customservice{$key2}[4]--;
+ }
+ }
+ }
+ }
+ &General::writehasharray("$configsrv", \%customservice);
+
+}
+sub checkports
+{
+
+ my %hash=%{(shift)};
+ #check empty fields
+ if ($fwhostsettings{'SRV_NAME'} eq '' ){
+ $errormessage=$Lang::tr{'fwhost err name1'};
+ }
+ if ($fwhostsettings{'SRV_PORT'} eq '' && $fwhostsettings{'PROT'} ne 'ICMP'){
+ $errormessage=$Lang::tr{'fwhost err port'};
+ }
+ #check valid name
+ if (! &General::validhostname($fwhostsettings{'SRV_NAME'})){
+ $errormessage="<br>".$Lang::tr{'fwhost err name'};
+ }
+ #change dashes with :
+ $fwhostsettings{'SRV_PORT'}=~ tr/-/:/;
+
+ if ($fwhostsettings{'SRV_PORT'} eq "*") {
+ $fwhostsettings{'SRV_PORT'} = "1:65535";
+ }
+ if ($fwhostsettings{'SRV_PORT'} =~ /^(\D)\:(\d+)$/) {
+ $fwhostsettings{'SRV_PORT'} = "1:$2";
+ }
+ if ($fwhostsettings{'SRV_PORT'} =~ /^(\d+)\:(\D)$/) {
+ $fwhostsettings{'SRV_PORT'} = "$1:65535";
+ }
+ if($fwhostsettings{'PROT'} ne 'ICMP'){
+ $errormessage = $errormessage.&General::validportrange($fwhostsettings{'SRV_PORT'}, 'src');
+ }
+ # a new service has to have a different name
+ foreach my $key (keys %hash){
+ if ($hash{$key}[0] eq $fwhostsettings{'SRV_NAME'}){
+ $errormessage = "<br>".$Lang::tr{'fwhost err srv exists'};
+ last;
+ }
+ }
+ return $errormessage;
+}
+sub validhostname
+{
+ # Checks a hostname against RFC1035
+ my $hostname = $_[0];
+
+ # Each part should be at least two characters in length
+ # but no more than 63 characters
+ if (length ($hostname) < 1 || length ($hostname) > 63) {
+ return 0;}
+ # Only valid characters are a-z, A-Z, 0-9 and -
+ if ($hostname !~ /^[a-zA-ZäöüÖÄÜ0-9-\s]*$/) {
+ return 0;}
+ # First character can only be a letter or a digit
+ if (substr ($hostname, 0, 1) !~ /^[a-zA-ZöäüÖÄÜ0-9]*$/) {
+ return 0;}
+ # Last character can only be a letter or a digit
+ if (substr ($hostname, -1, 1) !~ /^[a-zA-ZöäüÖÄÜ0-9]*$/) {
+ return 0;}
+ return 1;
+}
+
+&Header::closebigbox();
+&Header::closepage();