From ddcec9d339162ee49d7973f815e03d8da5e973cd Mon Sep 17 00:00:00 2001 From: Alexander Marx Date: Thu, 14 Mar 2013 16:24:52 +0100 Subject: [PATCH] Forward Firewall: Firewall sets Internetdevice correctly now (was always red0) --- config/forwardfw/firewall-lib.pl | 3 ++- config/forwardfw/rules.pl | 13 +++++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/config/forwardfw/firewall-lib.pl b/config/forwardfw/firewall-lib.pl index 9f806850ef..a1f96ba40f 100755 --- a/config/forwardfw/firewall-lib.pl +++ b/config/forwardfw/firewall-lib.pl @@ -207,6 +207,7 @@ sub get_grp_ip sub get_std_net_ip { my $val=shift; + my $con=shift; if ($val eq 'ALL'){ return "0.0.0.0/0.0.0.0"; }elsif($val eq 'GREEN'){ @@ -216,7 +217,7 @@ sub get_std_net_ip }elsif($val eq 'BLUE'){ return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"; }elsif($val eq 'RED'){ - return "0.0.0.0/0 -o red0"; + return "0.0.0.0/0 -o $con"; }elsif($val =~ /OpenVPN/i){ return "$ovpnsettings{'DOVPN_SUBNET'}"; }elsif($val =~ /IPsec/i){ diff --git a/config/forwardfw/rules.pl b/config/forwardfw/rules.pl index 9332c9bec3..2547e474f7 100755 --- a/config/forwardfw/rules.pl +++ b/config/forwardfw/rules.pl @@ -65,7 +65,7 @@ my $green; my $blue; my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT); my $CHAIN="FORWARDFW"; - +my $conexists='off'; &General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings); &General::readhash("$netsettings", \%defaultNetworks); @@ -76,6 +76,14 @@ my $CHAIN="FORWARDFW"; &General::readhasharray($configgrp, \%customgrp); &General::get_aliases(\%aliases); +#check if we have an internetconnection +open (CONN,"/var/ipfire/red/iface"); +my $con = ; +close(CONN); +if (-f "/var/ipfire/red/active"){ + $conexists='on'; +} + ################################ # DEBUG/TEST # ################################ @@ -153,6 +161,7 @@ sub buildrules my $hash=shift; my $STAG; foreach my $key (sort {$a <=> $b} keys %$hash){ + next if ($$hash{$key}[6] eq 'RED' && $conexists eq 'off' ); $STAG=''; if($$hash{$key}[2] eq 'ON'){ #get source ip's @@ -375,7 +384,7 @@ sub get_address $$hash{$key}[0] = $base2; } }elsif($base eq 'std_net_src' || $base eq 'std_net_tgt' || $base eq 'Standard Network'){ - $$hash{$key}[0]=&fwlib::get_std_net_ip($base2); + $$hash{$key}[0]=&fwlib::get_std_net_ip($base2,$con); }elsif($base eq 'cust_net_src' || $base eq 'cust_net_tgt' || $base eq 'Custom Network'){ $$hash{$key}[0]=&fwlib::get_net_ip($base2); }elsif($base eq 'cust_host_src' || $base eq 'cust_host_tgt' || $base eq 'Custom Host'){ -- 2.39.2