]> git.ipfire.org Git - ipfire-2.x.git/commitdiff
projects / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 93a017c)
BUG11559: firewall-lib
authorAlexander Marx <alexander.marx@ipfire.org>
Wed, 2 May 2018 11:27:06 +0000 (13:27 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Wed, 9 May 2018 13:48:42 +0000 (14:48 +0100)
When creating firewallrules or using firewall groups,
it should be possible to select a single IpSec subnet if there is more than one.

This patch has neccessary changes for the firewall-lib. While the network name of the IpSec changes
on save (subnet is added to name) we need to split the name or normalise the field before using it.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Tested-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
config/firewall/firewall-lib.pl patch | blob | blame | history

diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl
index eabd9a42f22d7bab5fd93cf17855120fa6ce1f46..9b7f55c9d66e0ceb930a5778efa320da3e3f8609 100644 (file)
--- a/config/firewall/firewall-lib.pl
+++ b/config/firewall/firewall-lib.pl
@@ -150,6 +150,9 @@ sub get_ipsec_net_ip
        my $val=shift;
        my $field=shift;
        foreach my $key (sort {$a <=> $b} keys %ipsecconf){
+               #adapt $val to reflect real name without subnet (if rule with only one ipsec subnet is created)
+               my @tmpval = split (/\|/, $val);
+               $val = $tmpval[0];
                if($ipsecconf{$key}[1] eq $val){
                        return $ipsecconf{$key}[$field];
                }
@@ -390,10 +393,16 @@ sub get_address
 
        # IPsec networks.
        } elsif ($key ~~ ["ipsec_net_src", "ipsec_net_tgt", "IpSec Network"]) {
-               my $network_address = &get_ipsec_net_ip($value, 11);
-               my @nets = split(/\|/, $network_address);
-               foreach my $net (@nets) {
-                       push(@ret, [$net, ""]);
+               #Check if we have multiple subnets and only want one of them
+               if ( $value =~ /\|/ ){
+                       my @parts = split(/\|/, $value);
+                       push(@ret, [$parts[1], ""]);
+               }else{
+                       my $network_address = &get_ipsec_net_ip($value, 11);
+                       my @nets = split(/\|/, $network_address);
+                       foreach my $net (@nets) {
+                               push(@ret, [$net, ""]);
+                       }
                }
 
        # The firewall's own IP addresses.
IPFire 2.x development tree