From a0fb1099efded1fe13a7e7fb51a97097776a06a8 Mon Sep 17 00:00:00 2001
From: Alexander Marx <amarx@ipfire.org>
Date: Fri, 28 Jun 2013 09:36:31 +0200
Subject: [PATCH] Forward Firewall: Design changes 1) source has a new option
 "firewall" with dropdown for interfaces 2) source default networks->deleted
 IPFire, all ip's now in brackets 3) deleted warning message in Target that a
 mac is not usable 4) changes for "apply" button 5) in ruletable the protocol
 is now right beneath the ruletype column 6) changed target dropdown
 "INTERNET" to "RED" 7) renamed OpenVPN N-2N to OpenVPN Net-to-Net 8) set
 missing default firewall options 9) little changes on the en and de lang
 files

---
 config/forwardfw/rules.pl  |  26 ++++++++-
 html/cgi-bin/forwardfw.cgi | 106 +++++++++++++++++++++++--------------
 html/cgi-bin/fwhosts.cgi   |   3 +-
 langs/de/cgi-bin/de.pl     |  15 +++---
 langs/en/cgi-bin/en.pl     |  15 +++---
 lfs/configroot             |   2 +
 6 files changed, 109 insertions(+), 58 deletions(-)

diff --git a/config/forwardfw/rules.pl b/config/forwardfw/rules.pl
index 7184c04600..f3e1217c1e 100755
--- a/config/forwardfw/rules.pl
+++ b/config/forwardfw/rules.pl
@@ -209,7 +209,7 @@ sub buildrules
 						&get_address($customgrp{$grp}[3],$customgrp{$grp}[2],"tgt");
 					}
 				}
-			}elsif($$hash{$key}[5] eq 'ipfire'){
+			}elsif($$hash{$key}[5] eq 'ipfire' ){
 				if($$hash{$key}[6] eq 'GREEN'){
 					$targethash{$key}[0]=$defaultNetworks{'GREEN_ADDRESS'};
 				}
@@ -505,6 +505,30 @@ sub get_address
 		$$hash{$key}[0]=&fwlib::get_ovpn_n2n_ip($base2,11);
 	}elsif($base eq 'ipsec_net_src' || $base eq 'ipsec_net_tgt' || $base eq 'IpSec Network'){
 		$$hash{$key}[0]=&fwlib::get_ipsec_net_ip($base2,11);
+	}elsif($base eq 'ipfire_src' ){
+		if($base2 eq 'GREEN'){
+			$$hash{$key}[0]=$defaultNetworks{'GREEN_ADDRESS'};
+		}
+		if($base2 eq 'BLUE'){
+			$$hash{$key}[0]=$defaultNetworks{'BLUE_ADDRESS'};
+		}
+		if($base2 eq 'ORANGE'){
+			$$hash{$key}[0]=$defaultNetworks{'ORANGE_ADDRESS'};
+		}
+		if($base2 eq 'ALL'){
+			$$hash{$key}[0]='0.0.0.0/0';
+		}
+		if($base2 eq 'RED' || $base2 eq 'RED1'){
+			open(FILE, "/var/ipfire/red/local-ipaddress")or die "Couldn't open local-ipaddress";
+			$$hash{$key}[0]= <FILE>;
+			close(FILE);
+		}else{
+			foreach my $alias (sort keys %aliases){
+				if ($base2 eq $alias){
+					$$hash{$key}[0]=$aliases{$alias}{'IPT'};
+				}
+			}
+		}
 	}
 }
 sub get_prot
diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi
index 0725e2542c..716f588108 100755
--- a/html/cgi-bin/forwardfw.cgi
+++ b/html/cgi-bin/forwardfw.cgi
@@ -189,8 +189,8 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
 		if($fwdfwsettings{'nosave2'} ne 'on'){
 			&saverule(\%configinputfw,$configinput);
 		}
-	}elsif($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' ){
-		# OUTGOING PART
+	}elsif($fwdfwsettings{'grp1'} eq 'ipfire_src' ){
+	# OUTGOING PART
 		$fwdfwsettings{'config'}=$configoutgoing;
 		$fwdfwsettings{'chain'} = 'OUTGOINGFW';
 		my $maxkey=&General::findhasharraykey(\%configoutgoingfw);
@@ -378,7 +378,7 @@ sub addrule
 {
 	&error;
 	if (-f "${General::swroot}/forward/reread"){
-		print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>&nbsp &nbsp $Lang::tr{'fwhost reread'}</div</td></tr></table></form><hr><br>";
+		print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>&nbsp &nbsp $Lang::tr{'fwhost reread'}</div</td></tr></table></form><br>";
 	}
 	&Header::openbox('100%', 'left',  $Lang::tr{'fwdfw menu'});
 	print "<form method='post'>";
@@ -979,6 +979,7 @@ sub gen_dd_block
 	$checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} 		= 'CHECKED';
 	$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}}		= 'selected';
 	$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}}			= 'selected';
+	$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
 	$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
 print<<END;
 		<table width='100%' border='0'>
@@ -989,13 +990,16 @@ END
 	foreach my $network (sort keys %defaultNetworks)
 		{
 			next if($defaultNetworks{$network}{'NAME'} eq "RED" && $srctgt eq 'src');
-			next if($defaultNetworks{$network}{'NAME'} eq "IPFire" && $srctgt eq 'tgt');
+			next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
 			print "<option value='$defaultNetworks{$network}{'NAME'}'";
 			print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $defaultNetworks{$network}{'NAME'});
 			my $defnet="$defaultNetworks{$network}{'NAME'}_NETADDRESS";
-			$ifaces{$defnet} = '0.0.0.0' if ($defaultNetworks{$network}{'NAME'} eq 'ALL');
-			$defnet =  "RED_ADDRESS" if ($defaultNetworks{$network}{'NAME'} eq 'IPFire');
-			print ">$network $ifaces{$defnet} </option>";
+			$ifaces{$defnet}='0.0.0.0' if ($defaultNetworks{$network}{'NAME'} eq 'RED');
+			if ($ifaces{$defnet}){
+				print ">$network ($ifaces{$defnet})</option>";
+			}else{
+				print ">$network</option>";
+			}
 		}
 	print"</select></td></tr>";
 	#custom networks
@@ -1403,6 +1407,7 @@ sub newrule
 	$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}}		= 'selected';
 	$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}}			= 'selected';
 	$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
+	$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
 	#check if update and get values
 	if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){
 		&General::readhasharray("$config", \%hash);
@@ -1462,6 +1467,7 @@ sub newrule
 				$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}}		= 'selected';
 				$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}}			= 'selected';
 				$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
+				$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
 				$selected{'dnat'}{$fwdfwsettings{$fwdfwsettings{'nat'}}} ='selected';
 				$selected{'snat'}{$fwdfwsettings{$fwdfwsettings{'nat'}}} ='selected';
 			}
@@ -1510,9 +1516,24 @@ sub newrule
 	#------SOURCE-------------------------------------------------------
 	print<<END;
 		<table width='100%' border='0'>
-		<tr><td width='1%'><input type='radio' name='grp1' value='src_addr'  checked></td><td colspan='5'>$Lang::tr{'fwdfw sourceip'}<input type='TEXT' name='src_addr' value='$fwdfwsettings{'src_addr'}' size='16' maxlength='17'></td></tr>
-		<tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr>
-		</table>
+		<tr><td width='1%'><input type='radio' name='grp1' value='src_addr'  checked></td><td width='60%'>$Lang::tr{'fwdfw sourceip'}<input type='TEXT' name='src_addr' value='$fwdfwsettings{'src_addr'}' size='16' maxlength='17'></td><td width='1%'><input type='radio' name='grp1' value='ipfire_src'  $checked{'grp1'}{'ipfire'}></td><td><b>Firewall</b></td>
+END
+		print"<td align='right'><select name='ipfire_src' style='width:200px;'>";
+		print "<option value='ALL' $selected{'ipfire'}{'ALL'}>$Lang::tr{'all'}</option>";
+		print "<option value='GREEN' $selected{'ipfire'}{'GREEN'}>$Lang::tr{'green'} ($ifaces{'GREEN_ADDRESS'})</option>" if $ifaces{'GREEN_ADDRESS'};
+		print "<option value='ORANGE' $selected{'ipfire'}{'ORANGE'}>$Lang::tr{'orange'} ($ifaces{'ORANGE_ADDRESS'})</option>" if $ifaces{'ORANGE_ADDRESS'};
+		print "<option value='BLUE' $selected{'ipfire'}{'BLUE'}>$Lang::tr{'blue'} ($ifaces{'BLUE_ADDRESS'})</option>" if $ifaces{'BLUE_ADDRESS'};
+		print "<option value='RED1' $selected{'ipfire'}{'RED1'}>$Lang::tr{'red1'} ($ifaces{'RED_ADDRESS'})</option>" if $ifaces{'RED_ADDRESS'};
+
+		if (! -z "${General::swroot}/ethernet/aliases"){
+			foreach my $alias (sort keys %aliases)
+			{
+				print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
+			}
+		}
+		print<<END;
+		</td></tr>
+		<tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr></table>
 END
 	&gen_dd_block('src','grp1');
 		print<<END;
@@ -1553,14 +1574,14 @@ END
 		&Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'});
 		print<<END;
 		<table width='100%' border='0'>	
-		<tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr'  checked></td><td width='57%' nowrap='nowrap'>$Lang::tr{'fwdfw targetip'}<input type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16' maxlength='17'><td width='1%'><input type='radio' name='grp2' value='ipfire'  $checked{'grp2'}{'ipfire'}></td><td><b>Firewall</b></td>
+		<tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr'  checked></td><td width='60%' nowrap='nowrap'>$Lang::tr{'fwdfw targetip'}<input type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16' maxlength='17'><td width='1%'><input type='radio' name='grp2' value='ipfire'  $checked{'grp2'}{'ipfire'}></td><td><b>Firewall</b></td>
 END
 		print"<td align='right'><select name='ipfire' style='width:200px;'>";
-		print "<option value='ALL' $selected{'ipfire'}{'ALL'}>$Lang::tr{'all'} 0.0.0.0</option>";
-		print "<option value='GREEN' $selected{'ipfire'}{'GREEN'}>$Lang::tr{'green'} $ifaces{'GREEN_ADDRESS'}</option>" if $ifaces{'GREEN_ADDRESS'};
-		print "<option value='ORANGE' $selected{'ipfire'}{'ORANGE'}>$Lang::tr{'orange'} $ifaces{'ORANGE_ADDRESS'}</option>" if $ifaces{'ORANGE_ADDRESS'};
-		print "<option value='BLUE' $selected{'ipfire'}{'BLUE'}>$Lang::tr{'blue'} $ifaces{'BLUE_ADDRESS'}</option>" if $ifaces{'BLUE_ADDRESS'};
-		print "<option value='RED1' $selected{'ipfire'}{'RED1'}>$Lang::tr{'red1'} $ifaces{'RED_ADDRESS'}</option>" if $ifaces{'RED_ADDRESS'};
+		print "<option value='ALL' $selected{'ipfire'}{'ALL'}>$Lang::tr{'all'}</option>";
+		print "<option value='GREEN' $selected{'ipfire'}{'GREEN'}>$Lang::tr{'green'} ($ifaces{'GREEN_ADDRESS'})</option>" if $ifaces{'GREEN_ADDRESS'};
+		print "<option value='ORANGE' $selected{'ipfire'}{'ORANGE'}>$Lang::tr{'orange'} ($ifaces{'ORANGE_ADDRESS'})</option>" if $ifaces{'ORANGE_ADDRESS'};
+		print "<option value='BLUE' $selected{'ipfire'}{'BLUE'}>$Lang::tr{'blue'} ($ifaces{'BLUE_ADDRESS'})</option>" if $ifaces{'BLUE_ADDRESS'};
+		print "<option value='RED1' $selected{'ipfire'}{'RED1'}>$Lang::tr{'red1'} ($ifaces{'RED_ADDRESS'})</option>" if $ifaces{'RED_ADDRESS'};
 
 		if (! -z "${General::swroot}/ethernet/aliases"){
 			foreach my $alias (sort keys %aliases)
@@ -1574,8 +1595,7 @@ END
 END
 		&gen_dd_block('tgt','grp2');
 		print<<END;
-		<b>$Lang::tr{'fwhost attention'}:</b><br>
-		$Lang::tr{'fwhost macwarn'}<br><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; '></hr><br>
+		<hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; '></hr><br>
 		<table width='100%' border='0'>
 		<tr><td width='1%'><input type='checkbox' name='USESRV' value='ON' $checked{'USESRV'}{'ON'} ></td><td width='48%'>$Lang::tr{'fwdfw use srv'}</td><td width='1%'><input type='radio' name='grp3' value='cust_srv' checked></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td width='1%' colspan='2'><select name='cust_srv'style='min-width:230px;' >
 END
@@ -1696,7 +1716,8 @@ END
 			}
 		}
 		print"</select></td></tr>";	
-		print"<tr><td width='12%'>$Lang::tr{'remark'}:</td><td align='left'><input type='text' name='ruleremark' size='40' maxlength='255' value='$fwdfwsettings{'ruleremark'}'></td></tr>";
+		print"<tr><td width='100%'>$Lang::tr{'remark'}:</td><td align='left'><input type='text' name='ruleremark' size='78' maxlength='255' value='$fwdfwsettings{'ruleremark'}'></td></tr>";
+		#print"<tr><td width='100%'>$Lang::tr{'remark'}:</td><td align='left'><textarea name='ruleremark' cols='70' rows='3' value='$fwdfwsettings{'ruleremark'}'></textarea></td></tr>";
 		if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on'){
 			print "<tr><td width='12%'>$Lang::tr{'fwdfw rulepos'}:</td><td><select name='rulepos' >";
 			for (my $count =1; $count <= $sum; $count++){ 
@@ -2088,7 +2109,7 @@ sub viewtablenew
 		my $coloryellow='';
 		print"<b>$title1</b><br>";
 		print"<table width='100%' cellspacing='0' cellpadding='0' border='0'>";
-		print"<tr><td align='center'><b>#</td><td ></td><td align='center'><b>$Lang::tr{'fwdfw source'}</td><td width='1%'><b>Log</td><td align='center'><b>$Lang::tr{'fwdfw target'}</td><td align='center' width='25'></td><td align='center' colspan='6' width='1%'><b>$Lang::tr{'fwdfw action'}</td></tr>";#<td align='center'><b>$Lang::tr{'fwdfw time'}</td><b>$Lang::tr{'protocol'}</b>
+		print"<tr><td align='center'><b>#</td><td></td><td align='center' width='25'></td><td align='center'><b>$Lang::tr{'fwdfw source'}</td><td width='1%'><b>Log</td><td align='center'><b>$Lang::tr{'fwdfw target'}</td><td align='center' colspan='6' width='1%'><b>$Lang::tr{'fwdfw action'}</td></tr>";
 		foreach my $key (sort  {$a <=> $b} keys %$hash){
 			$tdcolor='';
 			@tmpsrc=();
@@ -2140,9 +2161,11 @@ sub viewtablenew
 				}
 			}
 			print"<tr bgcolor='$color' >";
+			#KEY
 			print<<END;
 			<td align='right' width='18'><b>$key &nbsp</b></td>
 END
+			#RULETYPE (A,R,D)
 			if ($$hash{$key}[0] eq 'ACCEPT'){
 				$ruletype='A';
 				$tooltip='ACCEPT';
@@ -2157,6 +2180,23 @@ END
 				$rulecolor=$color{'color16'};
 			}
 			print"<td bgcolor='$rulecolor' align='center' width='10'><span title='$tooltip'><b>$ruletype</b></span></td>";
+			#Get Protocol
+			my $prot;
+			if ($$hash{$key}[8] && $$hash{$key}[7] eq 'ON'){#source prot if manual
+				push (@protocols,$$hash{$key}[8]);
+			}elsif ($$hash{$key}[12]){			#target prot if manual
+				push (@protocols,$$hash{$key}[12]);
+			}elsif($$hash{$key}[14] eq 'cust_srv'){
+				&get_serviceports("service",$$hash{$key}[15]);
+			}elsif($$hash{$key}[14] eq 'cust_srvgrp'){
+				&get_serviceports("group",$$hash{$key}[15]);
+			}else{
+				push (@protocols,$Lang::tr{'all'});
+			}
+			my $protz=join(",",@protocols);
+			print"<td align='center'>$protz</td>";
+			@protocols=();
+			#SOURCE
 			&getcolor($$hash{$key}[3],$$hash{$key}[4],\%customhost);
 			print"<td align='center' width='160' $tdcolor>";
 			if ($$hash{$key}[3] eq 'std_net_src'){
@@ -2172,10 +2212,11 @@ END
 				print $$hash{$key}[4];
 			}
 			$tdcolor='';
+			#SOURCEPORT
 			&getsrcport(\%$hash,$key);
 			#Is this a SNAT rule?
 			if ($$hash{$key}[31] eq 'snat' && $$hash{$key}[28] eq 'ON'){
-				print"<br>-> $$hash{$key}[29]";
+				print"<br>->$$hash{$key}[29]";
 				if ($$hash{$key}[30] ne ''){
 					print": $$hash{$key}[30]";
 				}
@@ -2185,6 +2226,7 @@ END
 			}else{
 				$log="/images/off.gif";
 			}
+			#LOGGING
 			print<<END;
 			</td>
 			<form method='post'>
@@ -2194,13 +2236,14 @@ END
 			<input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw togglelog'}' />
 			</td></form>
 END
+			#TARGET
 			&getcolor($$hash{$key}[5],$$hash{$key}[6],\%customhost);
 			print<<END;
 			<td align='center' width='160' $tdcolor>
 END
 			#Is this a DNAT rule?
 			if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
-				print "IPFire ($$hash{$key}[29])";
+				print "Firewall ($$hash{$key}[29])";
 				if($$hash{$key}[30] ne ''){
 					$$hash{$key}[30]=~ tr/|/,/;
 					print": $$hash{$key}[30]";
@@ -2225,25 +2268,10 @@ END
 				print $$hash{$key}[6];
 			}
 			$tdcolor='';
+			#TARGETPORT
 			&gettgtport(\%$hash,$key);
 			print"</td>";
-			#Get Protocol
-			my $prot;
-			if ($$hash{$key}[8] && $$hash{$key}[7] eq 'ON'){#source prot if manual
-				push (@protocols,$$hash{$key}[8]);
-			}elsif ($$hash{$key}[12]){			#target prot if manual
-				push (@protocols,$$hash{$key}[12]);
-			}elsif($$hash{$key}[14] eq 'cust_srv'){
-				&get_serviceports("service",$$hash{$key}[15]);
-			}elsif($$hash{$key}[14] eq 'cust_srvgrp'){
-				&get_serviceports("group",$$hash{$key}[15]);
-			}else{
-				push (@protocols,$Lang::tr{'all'});
-			}
-			my $protz=join(",",@protocols);
-			print"<td align='center'>$protz</td>";
-			@protocols=();
-
+			#RULE ACTIVE
 			if($$hash{$key}[2] eq 'ON'){
 				$gif="/images/on.gif"
 				
diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
index 4aee444b9a..ac0c044898 100755
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -1061,7 +1061,7 @@ if($fwhostsettings{'ACTION'} eq '')
 sub showmenu
 {
 	if (-f "${General::swroot}/forward/reread"){
-		print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>&nbsp &nbsp $Lang::tr{'fwhost reread'}</td></tr></table></form><hr><br>";
+		print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>&nbsp &nbsp $Lang::tr{'fwhost reread'}</td></tr></table></form><br>";
 	}
 	&Header::openbox('100%', 'left',$Lang::tr{'fwhost menu'});
 	print<<END;
@@ -1110,7 +1110,6 @@ sub addhost
 	<tr><td>$Lang::tr{'name'}:</td><td><input type='TEXT' name='HOSTNAME' id='textbox1' value='$fwhostsettings{'HOSTNAME'}' $fwhostsettings{'BLK_HOST'} size='14'><script>document.getElementById('textbox1').focus()</script></td></tr>
 	<tr><td>IP/MAC:</td><td><input type='TEXT' name='IP' value='$fwhostsettings{'IP'}' $fwhostsettings{'BLK_IP'} size='14' maxlength='17'></td></tr>
 	<tr><td width='10%'>$Lang::tr{'remark'}:</td><td><input type='TEXT' name='HOSTREMARK' value='$fwhostsettings{'HOSTREMARK'}' style='width:98%;'></td></tr>
-	<tr><td colspan='5'><br><br><b>$Lang::tr{'fwhost attention'}</b><br>$Lang::tr{'fwhost macwarn'}</td></tr>
 	<tr><td colspan='5'><hr></hr></td></tr>
 END
 
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 0445dda974..b205c85bc1 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -940,7 +940,7 @@
 'fwdfw pol title'		=> 'Standardverhalten der Firewall',
 'fwdfw pol text'		=> 'Standardverhalten für Verbindungen aus den lokalen Netzwerken. Bei "Zugelassen" werden sämtliche Verbindungen zugelassen mit Ausnahme der konfigurierten Regeln. Mit "Blockiert" werden alle Verbindungsversuche blockiert, mit Ausnahme erstellten Regeln.',
 'fwdfw pol text1'		=> 'Standardverhalten für Verbindungen von Firewall. Bei "Zugelassen" werden sämtliche Verbindungen zugelassen mit Ausnahme konfigurierten Regeln. Mit "Blockiert" werden alle Verbindungsversuche blockiert, mit Ausnahme der erstellten Regeln.Achtung! Mit diesen Einstellungen kann man sich aussperren. Normalerweise ist keine Änderung nötig.',
-'fwdfw red'				=> 'INTERNET',
+'fwdfw red'				=> 'ROT',
 'fwdfw REJECT'			=> 'Verweigern (REJECT)',
 'fwdfw reread'			=> 'Übernehmen',
 'fwdfw rules'			=> 'Regeln',
@@ -985,11 +985,11 @@
 'fwhost ccdnet'			=> 'OpenVPN Netzwerke:',
 'fwhost change'			=> 'Ändern',
 'fwhost changeremark'	=> 'Es wurde nur die Bemerkung angepasst.',
-'fwhost cust addr' 		=> 'Custom Adressen:',
-'fwhost cust grp'		=> 'Custom Gruppen:',
-'fwhost cust net' 		=> 'Custom Netzwerke:',
-'fwhost cust service'	=> 'Custom Dienste:',
-'fwhost cust srvgrp'	=> 'Custom Dienstgruppen',
+'fwhost cust addr' 		=> 'Adressen:',
+'fwhost cust grp'		=> 'Gruppen:',
+'fwhost cust net' 		=> 'Netzwerke:',
+'fwhost cust service'	=> 'Dienste:',
+'fwhost cust srvgrp'	=> 'Dienstgruppen',
 'fwhost deleted'		=> 'Gelöscht',
 'fwhost empty'			=> 'Keine Regeln definiert',
 'fwhost err addr' 		=> 'IP Adresse oder Subnetzmaske ungültig',
@@ -1034,10 +1034,9 @@
 'fwhost newgrp' 		=> 'Adressgruppierung',
 'fwhost newservice'		=> 'Diensteinstellungen',
 'fwhost newservicegrp'	=> 'Dienstgruppierung',
-'fwhost macwarn'		=> 'MAC Adressen können nicht als Ziel definiert werden. Solche Adressen werden ignoriert.',
 'fwhost menu' 			=> 'Firewallgruppen',
 'fwhost orange'			=> 'Orange',
-'fwhost ovpn_n2n'		=> 'OpenVPN N-2-N',
+'fwhost ovpn_n2n'		=> 'OpenVPN Net-to-Net',
 'fwhost port'			=> 'Port(s)',
 'fwhost prot'			=> 'Protokoll',
 'fwhost reread'			=> 'Die Firewallregeln müssen neu eingelesen werden.',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 37c3b12572..49a3c1ef89 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -965,7 +965,7 @@
 'fwdfw pol title'		=> 'Firewall default behavior',
 'fwdfw pol text'		=> 'Default behavior for connections from local networks. "Allowed" allows all connections from local networks except the defined rules. "Blocked" prohibits all connections except the defined ones. Also external access and connections to/from the demilitarized zone are configurable here.',
 'fwdfw pol text1'		=> 'Default behavior for connections from IPFire. "Allowed" allows all connections from local networks except the defined rules. "Blocked" prohibits all connections except the defined ones. Attention! You can lock yourself out with these settings. Normally there is no need to change anything here.',
-'fwdfw red'				=> 'INTERNET',
+'fwdfw red'				=> 'RED',
 'fwdfw REJECT'			=> 'REJECT',
 'fwdfw reread'			=> 'Apply',
 'fwdfw rules'			=> 'Rules',
@@ -1010,11 +1010,11 @@
 'fwhost ccdnet'			=> 'OpenVPN networks:',
 'fwhost change'			=> 'Modify',
 'fwhost changeremark'	=> 'You just modified the remark',
-'fwhost cust addr' 		=> 'Custom addresses:',
-'fwhost cust grp'		=> 'Custom groups:',
-'fwhost cust net' 		=> 'Custom networks:',
-'fwhost cust service'	=> 'Custom services:',
-'fwhost cust srvgrp'	=> 'Custom servicegroups',
+'fwhost cust addr' 		=> 'Addresses:',
+'fwhost cust grp'		=> 'Groups:',
+'fwhost cust net' 		=> 'Networks:',
+'fwhost cust service'	=> 'Services:',
+'fwhost cust srvgrp'	=> 'Servicegroups',
 'fwhost deleted'		=> 'Deleted',
 'fwhost empty'			=> 'No rules defined',
 'fwhost err addr' 		=> 'Invalid IP address or subnet',
@@ -1059,10 +1059,9 @@
 'fwhost newgrp' 		=> 'Address grouping',
 'fwhost newservice'		=> 'Service',
 'fwhost newservicegrp'	=> 'Service grouping',
-'fwhost macwarn'		=> 'MAC addresses can not be used as target. Such addresses will be ignored.',
 'fwhost menu' 			=> 'Firewall Groups',
 'fwhost orange'			=> 'Orange',
-'fwhost ovpn_n2n'		=> 'OpenVPN N-2-N',
+'fwhost ovpn_n2n'		=> 'OpenVPN Net-to-Net',
 'fwhost port'			=> 'Port(s)',
 'fwhost prot'			=> 'Protocol',
 'fwhost reread'			=> 'Firewall rules need to be updated.',
diff --git a/lfs/configroot b/lfs/configroot
index fcaa13f1da..4268f1502b 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -123,6 +123,8 @@ $(TARGET) :
 	echo  "FWPOLICY2=DROP"		>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "DROPPORTSCAN=on"		>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "DROPOUTGOING=on"		>> $(CONFIG_ROOT)/optionsfw/settings
+	echo  "DROPSAMBA=on"		>> $(CONFIG_ROOT)/optionsfw/settings
+	echo  "DROPPROXY=on"		>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "SHOWREMARK=on"		>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "SHOWCOLORS=on"		>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "SHOWTABLES=off"		>> $(CONFIG_ROOT)/optionsfw/settings
-- 
2.39.5