From 49da7d797547095ee8a13b079c63661e8e4aa1ad Mon Sep 17 00:00:00 2001 From: Alexander Marx Date: Mon, 6 Jan 2014 13:18:05 +0100 Subject: [PATCH] Firewall: added check if firewallrules need to be updated when editing services or servicegroups --- html/cgi-bin/fwhosts.cgi | 47 +++++++++++++++++++++++++--------------- 1 file changed, 30 insertions(+), 17 deletions(-) diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi index 3e59a9d9db..ae135ab33c 100755 --- a/html/cgi-bin/fwhosts.cgi +++ b/html/cgi-bin/fwhosts.cgi @@ -239,20 +239,12 @@ if ($fwhostsettings{'ACTION'} eq 'updateservice') foreach my $key (sort keys %customservicegrp){ if($customservicegrp{$key}[2] eq $fwhostsettings{'oldsrvname'}){ $customservicegrp{$key}[2] = $fwhostsettings{'SRV_NAME'}; + &checkrulereload($customservicegrp{$key}[0]); } } &General::writehasharray("$configsrvgrp", \%customservicegrp); - $needrules='on'; - } - if($count gt 0 && $fwhostsettings{'oldsrvport'} ne $fwhostsettings{'SRV_PORT'} ){ - $needrules='on'; - } - if($count gt 0 && $fwhostsettings{'oldsrvprot'} ne $fwhostsettings{'PROT'} ){ - $needrules='on'; - } - if($count gt 0 && $fwhostsettings{'oldsrvicmp'} ne $fwhostsettings{'ICMP'} ){ - $needrules='on'; } + &checkrulereload($fwhostsettings{'SRV_NAME'}); $fwhostsettings{'SRV_NAME'} = ''; $fwhostsettings{'SRV_PORT'} = ''; $fwhostsettings{'PROT'} = ''; @@ -266,9 +258,6 @@ if ($fwhostsettings{'ACTION'} eq 'updateservice') $fwhostsettings{'ICMP'} = $fwhostsettings{'oldsrvicmp'}; $fwhostsettings{'updatesrv'}= 'on'; } - if($needrules eq 'on'){ - &General::firewall_config_changed(); - } &addservice; } # save @@ -751,7 +740,6 @@ if ($fwhostsettings{'ACTION'} eq 'saveservicegrp') { my $prot; my $port; - my $count=0; my $tcpcounter=0; my $udpcounter=0; &General::readhasharray("$configsrvgrp", \%customservicegrp ); @@ -818,9 +806,7 @@ if ($fwhostsettings{'ACTION'} eq 'saveservicegrp') &General::writehasharray("$configsrvgrp", \%customservicegrp ); $fwhostsettings{'updatesrvgrp'}='on'; } - if ($count gt 0){ - &General::firewall_config_changed(); - } + &checkrulereload($fwhostsettings{'SRVGRP_NAME'}); &addservicegrp; &viewtableservicegrp; } @@ -1938,6 +1924,33 @@ sub checkservicegroup } return $errormessage; } +sub checkrulereload +{ + my $search=shift; + &General::readhasharray("$fwconfigfwd", \%fwfwd); + &General::readhasharray("$fwconfiginp", \%fwinp); + &General::readhasharray("$fwconfigout", \%fwout); + + #check if service or servicegroup is used in rules + foreach my $key (keys %fwfwd){ + if($search eq $fwfwd{$key}[15]){ + &General::firewall_config_changed(); + return; + } + } + foreach my $key (keys %fwinp){ + if($search eq $fwinp{$key}[15]){ + &General::firewall_config_changed(); + return; + } + } + foreach my $key (keys %fwout){ + if($search eq $fwout{$key}[15]){ + &General::firewall_config_changed(); + return; + } + } +} sub error { if ($errormessage) { -- 2.39.5