Alexander Marx [Tue, 2 Jul 2013 12:55:46 +0000 (14:55 +0200)]
Forward Firewall: delted subnets from hosts in firewallgroups, colorized all ip-addresses from the firewall-groups if possible. Some minor changes in forwardfw.cgi
Alexander Marx [Tue, 2 Jul 2013 06:03:25 +0000 (08:03 +0200)]
Forward Firewall: When using "Firewall" as source or target, the ruletable looks confusing. Theres "RED" in source and target. Now theres "INTERFACE RED".
Alexander Marx [Fri, 28 Jun 2013 07:36:31 +0000 (09:36 +0200)]
Forward Firewall: Design changes
1) source has a new option "firewall" with dropdown for interfaces
2) source default networks->deleted IPFire, all ip's now in brackets
3) deleted warning message in Target that a mac is not usable
4) changes for "apply" button
5) in ruletable the protocol is now right beneath the ruletype column
6) changed target dropdown "INTERNET" to "RED"
7) renamed OpenVPN N-2N to OpenVPN Net-to-Net
8) set missing default firewall options
9) little changes on the en and de lang files
Alexander Marx [Wed, 26 Jun 2013 08:29:02 +0000 (10:29 +0200)]
Forward Firewall: changed layout of "apply-button" (after rules where changed. When using single hosts in rules, the prefix is no longer shown in the ruletable. Default settings for firewall-options changed
Alexander Marx [Wed, 19 Jun 2013 11:31:40 +0000 (13:31 +0200)]
Forward Firewall: changed /etc/init.d/firewall. deleted stop routine and rearranged iptables_init and restart routine
Now it should be possible to use /etc/init.d/firewall restart without errors
Alexander Marx [Mon, 27 May 2013 08:33:50 +0000 (10:33 +0200)]
Forward Firewall: BUGFIX: When creating DMZ Rules with MANUAL IP as source and afterwards editing the rule, the rule was copied and not just edited.
BUGFIX: When using SNAT (outbound) the rule does not seem to work. The NAT_SOURCE chain was on wron position in POSTROUTING
Alexander Marx [Wed, 8 May 2013 06:19:03 +0000 (08:19 +0200)]
Forward Firewall: BUGFIX - when using source Protocol and NO target protocol only the target protocol is shown in ruletable.(But rule is applied correctly)
Alexander Marx [Tue, 30 Apr 2013 07:58:01 +0000 (09:58 +0200)]
Forward Firewall: edited rules.pl so that in the rules the ip addresses from the remote ovpn N2N subnet are used instead of the openvpn subnet(because its only used as transfer net)
Alexander Marx [Tue, 23 Apr 2013 12:14:58 +0000 (14:14 +0200)]
Forward Firewall: rewrote portcheck routine in ovpnmain so that checks for portforwardingports are made against /var/ipfire/forward/nat instead of /var/ipfire/portfw/config
Alexander Marx [Fri, 19 Apr 2013 11:12:56 +0000 (13:12 +0200)]
Forward Firewall: added some plausi checks. Now it is checked if someone enters an manual ip address that is a openvpn client.
The colors are set correctly in ruletable when someone enters a manual ip which belongs to an IPsec Network, IPsec Roadwarrior (if iprange set) or openvpn n2n
Alexander Marx [Tue, 2 Apr 2013 09:24:22 +0000 (11:24 +0200)]
Forward Firewall: some fixes:
1) Counter was not correctly decreased when deleting a network from a customgroup
2) Convert-outgoingfw improved
3) Backup didn't set filepermissions correctly
Alexander Marx [Tue, 2 Apr 2013 03:40:50 +0000 (05:40 +0200)]
Forward Firewall: added dmz-converter.
Also extended backup.pl script to support old backups. Now it is possible to restore old backups into new firewall. On restore, all config files of new firewall will be destroyed and the 4 converters will recreate them.
Alexander Marx [Thu, 14 Mar 2013 05:11:28 +0000 (06:11 +0100)]
Forward Firewall:
1) Custom Hosts: now 17 chars can be entered into IP/MAC field
2) Forwardfw: Bugfix: When no alias is set and IPFIRE is selected as target, no target address is recognised
3) Forwardfw: Now source and Target addressfield (manual) are set to 17 chars maxlegth.
4) Converter: Bugfix: When starting converter from commandline, all hosts are entered into groups again.
Alexander Marx [Wed, 13 Mar 2013 07:50:32 +0000 (08:50 +0100)]
Forward Firewall: moved ruleaction-dropdown from top to target area.
some layout changes in forwardfw.cgi (when no alias exists, the dropdown after ipfire is not shown)
Alexander Marx [Tue, 12 Mar 2013 13:46:16 +0000 (14:46 +0100)]
Forward Firewall: fixed a bug in convert-outgoingfw. THe hosts are created with wrong amount of fields in hasharray.
Also fixed a bug which sets wrong firewall mode for FORWARD when outgoing rules are used.
Alexander Marx [Fri, 8 Mar 2013 07:38:41 +0000 (08:38 +0100)]
Forward Firewall: Fix ruletimes. Now the timevalues which are entered in the gui are saved to the rulefile.
Wenn rule.pl is called, the script calculates the difference to UTC time and sets the iptables times accordingly.
With this approach there's no need to save if the times are created in summertime or wintertime.