if($fwdfwsettings{'nosave2'} ne 'on'){
&saverule(\%configinputfw,$configinput);
}
- }elsif($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' ){
- # OUTGOING PART
+ }elsif($fwdfwsettings{'grp1'} eq 'ipfire_src' ){
+ # OUTGOING PART
$fwdfwsettings{'config'}=$configoutgoing;
$fwdfwsettings{'chain'} = 'OUTGOINGFW';
my $maxkey=&General::findhasharraykey(\%configoutgoingfw);
{
&error;
if (-f "${General::swroot}/forward/reread"){
- print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>    $Lang::tr{'fwhost reread'}</div</td></tr></table></form><hr><br>";
+ print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>    $Lang::tr{'fwhost reread'}</div</td></tr></table></form><br>";
}
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw menu'});
print "<form method='post'>";
$checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
+ $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
print<<END;
<table width='100%' border='0'>
foreach my $network (sort keys %defaultNetworks)
{
next if($defaultNetworks{$network}{'NAME'} eq "RED" && $srctgt eq 'src');
- next if($defaultNetworks{$network}{'NAME'} eq "IPFire" && $srctgt eq 'tgt');
+ next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
print "<option value='$defaultNetworks{$network}{'NAME'}'";
print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $defaultNetworks{$network}{'NAME'});
my $defnet="$defaultNetworks{$network}{'NAME'}_NETADDRESS";
- $ifaces{$defnet} = '0.0.0.0' if ($defaultNetworks{$network}{'NAME'} eq 'ALL');
- $defnet = "RED_ADDRESS" if ($defaultNetworks{$network}{'NAME'} eq 'IPFire');
- print ">$network $ifaces{$defnet} </option>";
+ $ifaces{$defnet}='0.0.0.0' if ($defaultNetworks{$network}{'NAME'} eq 'RED');
+ if ($ifaces{$defnet}){
+ print ">$network ($ifaces{$defnet})</option>";
+ }else{
+ print ">$network</option>";
+ }
}
print"</select></td></tr>";
#custom networks
$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
+ $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
#check if update and get values
if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){
&General::readhasharray("$config", \%hash);
$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
+ $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
$selected{'dnat'}{$fwdfwsettings{$fwdfwsettings{'nat'}}} ='selected';
$selected{'snat'}{$fwdfwsettings{$fwdfwsettings{'nat'}}} ='selected';
}
#------SOURCE-------------------------------------------------------
print<<END;
<table width='100%' border='0'>
- <tr><td width='1%'><input type='radio' name='grp1' value='src_addr' checked></td><td colspan='5'>$Lang::tr{'fwdfw sourceip'}<input type='TEXT' name='src_addr' value='$fwdfwsettings{'src_addr'}' size='16' maxlength='17'></td></tr>
- <tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr>
- </table>
+ <tr><td width='1%'><input type='radio' name='grp1' value='src_addr' checked></td><td width='60%'>$Lang::tr{'fwdfw sourceip'}<input type='TEXT' name='src_addr' value='$fwdfwsettings{'src_addr'}' size='16' maxlength='17'></td><td width='1%'><input type='radio' name='grp1' value='ipfire_src' $checked{'grp1'}{'ipfire'}></td><td><b>Firewall</b></td>
+END
+ print"<td align='right'><select name='ipfire_src' style='width:200px;'>";
+ print "<option value='ALL' $selected{'ipfire'}{'ALL'}>$Lang::tr{'all'}</option>";
+ print "<option value='GREEN' $selected{'ipfire'}{'GREEN'}>$Lang::tr{'green'} ($ifaces{'GREEN_ADDRESS'})</option>" if $ifaces{'GREEN_ADDRESS'};
+ print "<option value='ORANGE' $selected{'ipfire'}{'ORANGE'}>$Lang::tr{'orange'} ($ifaces{'ORANGE_ADDRESS'})</option>" if $ifaces{'ORANGE_ADDRESS'};
+ print "<option value='BLUE' $selected{'ipfire'}{'BLUE'}>$Lang::tr{'blue'} ($ifaces{'BLUE_ADDRESS'})</option>" if $ifaces{'BLUE_ADDRESS'};
+ print "<option value='RED1' $selected{'ipfire'}{'RED1'}>$Lang::tr{'red1'} ($ifaces{'RED_ADDRESS'})</option>" if $ifaces{'RED_ADDRESS'};
+
+ if (! -z "${General::swroot}/ethernet/aliases"){
+ foreach my $alias (sort keys %aliases)
+ {
+ print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
+ }
+ }
+ print<<END;
+ </td></tr>
+ <tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr></table>
END
&gen_dd_block('src','grp1');
print<<END;
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'});
print<<END;
<table width='100%' border='0'>
- <tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr' checked></td><td width='57%' nowrap='nowrap'>$Lang::tr{'fwdfw targetip'}<input type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16' maxlength='17'><td width='1%'><input type='radio' name='grp2' value='ipfire' $checked{'grp2'}{'ipfire'}></td><td><b>Firewall</b></td>
+ <tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr' checked></td><td width='60%' nowrap='nowrap'>$Lang::tr{'fwdfw targetip'}<input type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16' maxlength='17'><td width='1%'><input type='radio' name='grp2' value='ipfire' $checked{'grp2'}{'ipfire'}></td><td><b>Firewall</b></td>
END
print"<td align='right'><select name='ipfire' style='width:200px;'>";
- print "<option value='ALL' $selected{'ipfire'}{'ALL'}>$Lang::tr{'all'} 0.0.0.0</option>";
- print "<option value='GREEN' $selected{'ipfire'}{'GREEN'}>$Lang::tr{'green'} $ifaces{'GREEN_ADDRESS'}</option>" if $ifaces{'GREEN_ADDRESS'};
- print "<option value='ORANGE' $selected{'ipfire'}{'ORANGE'}>$Lang::tr{'orange'} $ifaces{'ORANGE_ADDRESS'}</option>" if $ifaces{'ORANGE_ADDRESS'};
- print "<option value='BLUE' $selected{'ipfire'}{'BLUE'}>$Lang::tr{'blue'} $ifaces{'BLUE_ADDRESS'}</option>" if $ifaces{'BLUE_ADDRESS'};
- print "<option value='RED1' $selected{'ipfire'}{'RED1'}>$Lang::tr{'red1'} $ifaces{'RED_ADDRESS'}</option>" if $ifaces{'RED_ADDRESS'};
+ print "<option value='ALL' $selected{'ipfire'}{'ALL'}>$Lang::tr{'all'}</option>";
+ print "<option value='GREEN' $selected{'ipfire'}{'GREEN'}>$Lang::tr{'green'} ($ifaces{'GREEN_ADDRESS'})</option>" if $ifaces{'GREEN_ADDRESS'};
+ print "<option value='ORANGE' $selected{'ipfire'}{'ORANGE'}>$Lang::tr{'orange'} ($ifaces{'ORANGE_ADDRESS'})</option>" if $ifaces{'ORANGE_ADDRESS'};
+ print "<option value='BLUE' $selected{'ipfire'}{'BLUE'}>$Lang::tr{'blue'} ($ifaces{'BLUE_ADDRESS'})</option>" if $ifaces{'BLUE_ADDRESS'};
+ print "<option value='RED1' $selected{'ipfire'}{'RED1'}>$Lang::tr{'red1'} ($ifaces{'RED_ADDRESS'})</option>" if $ifaces{'RED_ADDRESS'};
if (! -z "${General::swroot}/ethernet/aliases"){
foreach my $alias (sort keys %aliases)
END
&gen_dd_block('tgt','grp2');
print<<END;
- <b>$Lang::tr{'fwhost attention'}:</b><br>
- $Lang::tr{'fwhost macwarn'}<br><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; '></hr><br>
+ <hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; '></hr><br>
<table width='100%' border='0'>
<tr><td width='1%'><input type='checkbox' name='USESRV' value='ON' $checked{'USESRV'}{'ON'} ></td><td width='48%'>$Lang::tr{'fwdfw use srv'}</td><td width='1%'><input type='radio' name='grp3' value='cust_srv' checked></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td width='1%' colspan='2'><select name='cust_srv'style='min-width:230px;' >
END
}
}
print"</select></td></tr>";
- print"<tr><td width='12%'>$Lang::tr{'remark'}:</td><td align='left'><input type='text' name='ruleremark' size='40' maxlength='255' value='$fwdfwsettings{'ruleremark'}'></td></tr>";
+ print"<tr><td width='100%'>$Lang::tr{'remark'}:</td><td align='left'><input type='text' name='ruleremark' size='78' maxlength='255' value='$fwdfwsettings{'ruleremark'}'></td></tr>";
+ #print"<tr><td width='100%'>$Lang::tr{'remark'}:</td><td align='left'><textarea name='ruleremark' cols='70' rows='3' value='$fwdfwsettings{'ruleremark'}'></textarea></td></tr>";
if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on'){
print "<tr><td width='12%'>$Lang::tr{'fwdfw rulepos'}:</td><td><select name='rulepos' >";
for (my $count =1; $count <= $sum; $count++){
my $coloryellow='';
print"<b>$title1</b><br>";
print"<table width='100%' cellspacing='0' cellpadding='0' border='0'>";
- print"<tr><td align='center'><b>#</td><td ></td><td align='center'><b>$Lang::tr{'fwdfw source'}</td><td width='1%'><b>Log</td><td align='center'><b>$Lang::tr{'fwdfw target'}</td><td align='center' width='25'></td><td align='center' colspan='6' width='1%'><b>$Lang::tr{'fwdfw action'}</td></tr>";#<td align='center'><b>$Lang::tr{'fwdfw time'}</td><b>$Lang::tr{'protocol'}</b>
+ print"<tr><td align='center'><b>#</td><td></td><td align='center' width='25'></td><td align='center'><b>$Lang::tr{'fwdfw source'}</td><td width='1%'><b>Log</td><td align='center'><b>$Lang::tr{'fwdfw target'}</td><td align='center' colspan='6' width='1%'><b>$Lang::tr{'fwdfw action'}</td></tr>";
foreach my $key (sort {$a <=> $b} keys %$hash){
$tdcolor='';
@tmpsrc=();
}
}
print"<tr bgcolor='$color' >";
+ #KEY
print<<END;
<td align='right' width='18'><b>$key  </b></td>
END
+ #RULETYPE (A,R,D)
if ($$hash{$key}[0] eq 'ACCEPT'){
$ruletype='A';
$tooltip='ACCEPT';
$rulecolor=$color{'color16'};
}
print"<td bgcolor='$rulecolor' align='center' width='10'><span title='$tooltip'><b>$ruletype</b></span></td>";
+ #Get Protocol
+ my $prot;
+ if ($$hash{$key}[8] && $$hash{$key}[7] eq 'ON'){#source prot if manual
+ push (@protocols,$$hash{$key}[8]);
+ }elsif ($$hash{$key}[12]){ #target prot if manual
+ push (@protocols,$$hash{$key}[12]);
+ }elsif($$hash{$key}[14] eq 'cust_srv'){
+ &get_serviceports("service",$$hash{$key}[15]);
+ }elsif($$hash{$key}[14] eq 'cust_srvgrp'){
+ &get_serviceports("group",$$hash{$key}[15]);
+ }else{
+ push (@protocols,$Lang::tr{'all'});
+ }
+ my $protz=join(",",@protocols);
+ print"<td align='center'>$protz</td>";
+ @protocols=();
+ #SOURCE
&getcolor($$hash{$key}[3],$$hash{$key}[4],\%customhost);
print"<td align='center' width='160' $tdcolor>";
if ($$hash{$key}[3] eq 'std_net_src'){
print $$hash{$key}[4];
}
$tdcolor='';
+ #SOURCEPORT
&getsrcport(\%$hash,$key);
#Is this a SNAT rule?
if ($$hash{$key}[31] eq 'snat' && $$hash{$key}[28] eq 'ON'){
- print"<br>-> $$hash{$key}[29]";
+ print"<br>->$$hash{$key}[29]";
if ($$hash{$key}[30] ne ''){
print": $$hash{$key}[30]";
}
}else{
$log="/images/off.gif";
}
+ #LOGGING
print<<END;
</td>
<form method='post'>
<input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw togglelog'}' />
</td></form>
END
+ #TARGET
&getcolor($$hash{$key}[5],$$hash{$key}[6],\%customhost);
print<<END;
<td align='center' width='160' $tdcolor>
END
#Is this a DNAT rule?
if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
- print "IPFire ($$hash{$key}[29])";
+ print "Firewall ($$hash{$key}[29])";
if($$hash{$key}[30] ne ''){
$$hash{$key}[30]=~ tr/|/,/;
print": $$hash{$key}[30]";
print $$hash{$key}[6];
}
$tdcolor='';
+ #TARGETPORT
&gettgtport(\%$hash,$key);
print"</td>";
- #Get Protocol
- my $prot;
- if ($$hash{$key}[8] && $$hash{$key}[7] eq 'ON'){#source prot if manual
- push (@protocols,$$hash{$key}[8]);
- }elsif ($$hash{$key}[12]){ #target prot if manual
- push (@protocols,$$hash{$key}[12]);
- }elsif($$hash{$key}[14] eq 'cust_srv'){
- &get_serviceports("service",$$hash{$key}[15]);
- }elsif($$hash{$key}[14] eq 'cust_srvgrp'){
- &get_serviceports("group",$$hash{$key}[15]);
- }else{
- push (@protocols,$Lang::tr{'all'});
- }
- my $protz=join(",",@protocols);
- print"<td align='center'>$protz</td>";
- @protocols=();
-
+ #RULE ACTIVE
if($$hash{$key}[2] eq 'ON'){
$gif="/images/on.gif"
'fwdfw pol title' => 'Standardverhalten der Firewall',
'fwdfw pol text' => 'Standardverhalten für Verbindungen aus den lokalen Netzwerken. Bei "Zugelassen" werden sämtliche Verbindungen zugelassen mit Ausnahme der konfigurierten Regeln. Mit "Blockiert" werden alle Verbindungsversuche blockiert, mit Ausnahme erstellten Regeln.',
'fwdfw pol text1' => 'Standardverhalten für Verbindungen von Firewall. Bei "Zugelassen" werden sämtliche Verbindungen zugelassen mit Ausnahme konfigurierten Regeln. Mit "Blockiert" werden alle Verbindungsversuche blockiert, mit Ausnahme der erstellten Regeln.Achtung! Mit diesen Einstellungen kann man sich aussperren. Normalerweise ist keine Änderung nötig.',
-'fwdfw red' => 'INTERNET',
+'fwdfw red' => 'ROT',
'fwdfw REJECT' => 'Verweigern (REJECT)',
'fwdfw reread' => 'Übernehmen',
'fwdfw rules' => 'Regeln',
'fwhost ccdnet' => 'OpenVPN Netzwerke:',
'fwhost change' => 'Ändern',
'fwhost changeremark' => 'Es wurde nur die Bemerkung angepasst.',
-'fwhost cust addr' => 'Custom Adressen:',
-'fwhost cust grp' => 'Custom Gruppen:',
-'fwhost cust net' => 'Custom Netzwerke:',
-'fwhost cust service' => 'Custom Dienste:',
-'fwhost cust srvgrp' => 'Custom Dienstgruppen',
+'fwhost cust addr' => 'Adressen:',
+'fwhost cust grp' => 'Gruppen:',
+'fwhost cust net' => 'Netzwerke:',
+'fwhost cust service' => 'Dienste:',
+'fwhost cust srvgrp' => 'Dienstgruppen',
'fwhost deleted' => 'Gelöscht',
'fwhost empty' => 'Keine Regeln definiert',
'fwhost err addr' => 'IP Adresse oder Subnetzmaske ungültig',
'fwhost newgrp' => 'Adressgruppierung',
'fwhost newservice' => 'Diensteinstellungen',
'fwhost newservicegrp' => 'Dienstgruppierung',
-'fwhost macwarn' => 'MAC Adressen können nicht als Ziel definiert werden. Solche Adressen werden ignoriert.',
'fwhost menu' => 'Firewallgruppen',
'fwhost orange' => 'Orange',
-'fwhost ovpn_n2n' => 'OpenVPN N-2-N',
+'fwhost ovpn_n2n' => 'OpenVPN Net-to-Net',
'fwhost port' => 'Port(s)',
'fwhost prot' => 'Protokoll',
'fwhost reread' => 'Die Firewallregeln müssen neu eingelesen werden.',
'fwdfw pol title' => 'Firewall default behavior',
'fwdfw pol text' => 'Default behavior for connections from local networks. "Allowed" allows all connections from local networks except the defined rules. "Blocked" prohibits all connections except the defined ones. Also external access and connections to/from the demilitarized zone are configurable here.',
'fwdfw pol text1' => 'Default behavior for connections from IPFire. "Allowed" allows all connections from local networks except the defined rules. "Blocked" prohibits all connections except the defined ones. Attention! You can lock yourself out with these settings. Normally there is no need to change anything here.',
-'fwdfw red' => 'INTERNET',
+'fwdfw red' => 'RED',
'fwdfw REJECT' => 'REJECT',
'fwdfw reread' => 'Apply',
'fwdfw rules' => 'Rules',
'fwhost ccdnet' => 'OpenVPN networks:',
'fwhost change' => 'Modify',
'fwhost changeremark' => 'You just modified the remark',
-'fwhost cust addr' => 'Custom addresses:',
-'fwhost cust grp' => 'Custom groups:',
-'fwhost cust net' => 'Custom networks:',
-'fwhost cust service' => 'Custom services:',
-'fwhost cust srvgrp' => 'Custom servicegroups',
+'fwhost cust addr' => 'Addresses:',
+'fwhost cust grp' => 'Groups:',
+'fwhost cust net' => 'Networks:',
+'fwhost cust service' => 'Services:',
+'fwhost cust srvgrp' => 'Servicegroups',
'fwhost deleted' => 'Deleted',
'fwhost empty' => 'No rules defined',
'fwhost err addr' => 'Invalid IP address or subnet',
'fwhost newgrp' => 'Address grouping',
'fwhost newservice' => 'Service',
'fwhost newservicegrp' => 'Service grouping',
-'fwhost macwarn' => 'MAC addresses can not be used as target. Such addresses will be ignored.',
'fwhost menu' => 'Firewall Groups',
'fwhost orange' => 'Orange',
-'fwhost ovpn_n2n' => 'OpenVPN N-2-N',
+'fwhost ovpn_n2n' => 'OpenVPN Net-to-Net',
'fwhost port' => 'Port(s)',
'fwhost prot' => 'Protocol',
'fwhost reread' => 'Firewall rules need to be updated.',