From b119578f023df75a015505239751246c23f9a523 Mon Sep 17 00:00:00 2001 From: Alexander Marx Date: Wed, 14 Aug 2013 12:51:21 +0200 Subject: [PATCH] Forward Firewall: Now all customhosts are colored correctly in ruletable. Also the ip addresses in firewall-groups (hosts) are colored correctly if they are part of green,orange,blue,openvpn or ipsec --- html/cgi-bin/forwardfw.cgi | 20 ++++++------ html/cgi-bin/fwhosts.cgi | 64 +++++++++++++++++++++++++++++++++++++- 2 files changed, 73 insertions(+), 11 deletions(-) diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi index 0907fba9bd..c18f4f41c3 100755 --- a/html/cgi-bin/forwardfw.cgi +++ b/html/cgi-bin/forwardfw.cgi @@ -1243,6 +1243,14 @@ sub getcolor my $val=shift; my $hash=shift; if($optionsfw{'SHOWCOLORS'} eq 'on'){ + #custom Hosts + if ($nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){ + foreach my $key (sort keys %$hash){ + if ($$hash{$key}[0] eq $val){ + $val=$$hash{$key}[2]; + } + } + } #standard networks if ($val eq 'GREEN'){ $tdcolor="style='background-color: $Header::colourgreen;color:white;'"; @@ -1277,8 +1285,8 @@ sub getcolor $tdcolor="style='background-color: $Header::colourred;color:white;'"; return; } - #Check if a manual IP is part of a VPN - if ($nettype eq 'src_addr' || $nettype eq 'tgt_addr'){ + #Check if a manual IP or custom host is part of a VPN + if ($nettype eq 'src_addr' || $nettype eq 'tgt_addr' || $nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){ #Check if IP is part of OpenVPN dynamic subnet my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'}); my ($c,$d) = split("/",$val); @@ -1332,14 +1340,6 @@ sub getcolor $tdcolor="style='background-color: $Header::colourvpn;color:white;'"; return; } - #custom Hosts - if ($nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){ - foreach my $key (sort keys %$hash){ - if ($$hash{$key}[0] eq $val){ - $val=$$hash{$key}[2]; - } - } - } #ALIASE foreach my $alias (sort keys %aliases) { diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi index 482ccabf5b..b72cb1064b 100755 --- a/html/cgi-bin/fwhosts.cgi +++ b/html/cgi-bin/fwhosts.cgi @@ -46,6 +46,9 @@ my %ownnet=(); my %ipsecsettings=(); my %fwfwd=(); my %fwinp=(); +my %ovpnsettings=(); +my %ipsecconf=(); +my %ipsecsettings=(); my $errormessage; my $hint; @@ -60,6 +63,10 @@ my $configsrv = "${General::swroot}/fwhosts/customservices"; my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp"; my $fwconfigfwd = "${General::swroot}/forward/config"; my $fwconfiginp = "${General::swroot}/forward/input"; +my $configovpn = "${General::swroot}/ovpn/settings"; +my $tdcolor=''; +my $configipsec = "${General::swroot}/vpn/config"; +my $configipsecrw = "${General::swroot}/vpn/settings"; unless (-e $confignet) { system("touch $confignet"); } unless (-e $confighost) { system("touch $confighost"); } @@ -70,6 +77,10 @@ unless (-e $configsrvgrp) { system("touch $configsrvgrp"); } &General::readhash("${General::swroot}/main/settings", \%mainsettings); &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); &General::readhash("${General::swroot}/ethernet/settings", \%ownnet); +&General::readhash("$configovpn", \%ovpnsettings); +&General::readhasharray("$configipsec", \%ipsecconf); +&General::readhash("$configipsecrw", \%ipsecsettings); + &Header::getcgihash(\%fwhostsettings); &Header::showhttpheaders(); @@ -1429,11 +1440,61 @@ END } } +sub getcolor +{ + my $c=shift; + #Check if IP is part of OpenVPN N2N subnet + foreach my $key (sort keys %ccdhost){ + if ($ccdhost{$key}[3] eq 'net'){ + my ($a,$b) = split("/",$ccdhost{$key}[11]); + if (&General::IpInSubnet($c,$a,$b)){ + $tdcolor="style='color:$Header::colourovpn ;'"; + return $tdcolor; + } + } + } + #Check if IP is part of OpenVPN dynamic subnet + my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'}); + if (&General::IpInSubnet($c,$a,$b)){ + $tdcolor="style='color: $Header::colourovpn;'"; + return $tdcolor; + } + #Check if IP is part of OpenVPN static subnet + foreach my $key (sort keys %ccdnet){ + my ($a,$b) = split("/",$ccdnet{$key}[1]); + $b =&General::iporsubtodec($b); + if (&General::IpInSubnet($c,$a,$b)){ + $tdcolor="style='color: $Header::colourovpn;'"; + return $tdcolor; + } + } + #Check if IP is part of IPsec RW network + if ($ipsecsettings{'RW_NET'} ne ''){ + my ($a,$b) = split("/",$ipsecsettings{'RW_NET'}); + $b=&General::iporsubtodec($b); + if (&General::IpInSubnet($c,$a,$b)){ + $tdcolor="style='color: $Header::colourvpn;'"; + return $tdcolor; + } + } + #Check if IP is part of a IPsec N2N network + foreach my $key (sort keys %ipsecconf){ + my ($a,$b) = split("/",$ipsecconf{$key}[11]); + if (&General::IpInSubnet($c,$a,$b)){ + $tdcolor="style='color: $Header::colourvpn;'"; + return $tdcolor; + } + } + $tdcolor=''; + return $tdcolor; +} sub viewtablehost { if (! -z $confighost){ &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust addr'}); &General::readhasharray("$confighost", \%customhost); + &General::readhasharray("$configccdnet", \%ccdnet); + &General::readhasharray("$configccdhost", \%ccdhost); if (!keys %customhost) { print "
$Lang::tr{'fwhost empty'}"; @@ -1451,7 +1512,7 @@ END else{ print" ";} my ($ip,$sub)=split(/\//,$customhost{$key}[2]); $customhost{$key}[4]=~s/\s+//g; - print"$customhost{$key}[0]".&Header::colorize($ip)."$customhost{$key}[3]$customhost{$key}[4]x"; + print"$customhost{$key}[0]".&Header::colorize($ip)."$customhost{$key}[3]$customhost{$key}[4]x"; print<
@@ -1777,6 +1838,7 @@ sub get_name return "$network" if ($val eq $defaultNetworks{$network}{'NAME'}); } } + sub deletefromgrp { my $target=shift; -- 2.39.2