]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blame - html/cgi-bin/firewall.cgi
projects / people / pmueller / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge remote-tracking branch 'mfischer/python' into next
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / firewall.cgi
CommitLineData
2a81ab0d
AM		 1#!/usr/bin/perl
2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
5bee9a9d 5# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
2a81ab0d
AM		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
2a81ab0d
AM		 21
22use strict;
eff2dbf8 23use Sort::Naturally;
323923d9
MT		 24use utf8;
25use feature 'unicode_strings';
26
2a81ab0d 27no warnings 'uninitialized';
323923d9 28
2a81ab0d
AM		 29# enable only the following on debugging purpose
30#use warnings;
31#use CGI::Carp 'fatalsToBrowser';
32
33require '/var/ipfire/general-functions.pl';
34require "${General::swroot}/lang.pl";
35require "${General::swroot}/header.pl";
c0a97a0f 36require "${General::swroot}/geoip-functions.pl";
fe307136 37require "/usr/lib/firewall/firewall-lib.pl";
2a81ab0d 38
6d8eb5de
AM		 39unless (-d "${General::swroot}/firewall") { system("mkdir ${General::swroot}/firewall"); }
40unless (-e "${General::swroot}/firewall/settings") { system("touch ${General::swroot}/firewall/settings"); }
41unless (-e "${General::swroot}/firewall/config") { system("touch ${General::swroot}/firewall/config"); }
42unless (-e "${General::swroot}/firewall/input") { system("touch ${General::swroot}/firewall/input"); }
43unless (-e "${General::swroot}/firewall/outgoing") { system("touch ${General::swroot}/firewall/outgoing"); }
2a81ab0d
AM		 44
45my %fwdfwsettings=();
46my %selected=() ;
47my %defaultNetworks=();
48my %netsettings=();
49my %customhost=();
50my %customgrp=();
c0a97a0f 51my %customgeoipgrp=();
2a81ab0d
AM		 52my %customnetworks=();
53my %customservice=();
54my %customservicegrp=();
55my %ccdnet=();
56my %customnetwork=();
57my %ccdhost=();
58my %configfwdfw=();
59my %configinputfw=();
c7043621 60my %configoutgoingfw=();
2a81ab0d
AM		 61my %ipsecconf=();
62my %color=();
63my %mainsettings=();
64my %checked=();
65my %icmptypes=();
66my %ovpnsettings=();
67my %ipsecsettings=();
68my %aliases=();
15add1c8 69my %optionsfw=();
2669161d 70my %ifaces=();
84a05311 71my %rulehash=();
c7043621 72
11760a70 73my @PROTOCOLS = ("TCP", "UDP", "ICMP", "IGMP", "AH", "ESP", "GRE","IPv6","IPIP");
a1e89f48 74
2a81ab0d
AM		 75my $color;
76my $confignet = "${General::swroot}/fwhosts/customnetworks";
77my $confighost = "${General::swroot}/fwhosts/customhosts";
78my $configgrp = "${General::swroot}/fwhosts/customgroups";
c0a97a0f 79my $configgeoipgrp = "${General::swroot}/fwhosts/customgeoipgrp";
2a81ab0d
AM		 80my $configsrv = "${General::swroot}/fwhosts/customservices";
81my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
82my $configccdnet = "${General::swroot}/ovpn/ccd.conf";
83my $configccdhost = "${General::swroot}/ovpn/ovpnconfig";
84my $configipsec = "${General::swroot}/vpn/config";
85my $configipsecrw = "${General::swroot}/vpn/settings";
6d8eb5de
AM		 86my $configfwdfw = "${General::swroot}/firewall/config";
87my $configinput = "${General::swroot}/firewall/input";
88my $configoutgoing = "${General::swroot}/firewall/outgoing";
2a81ab0d 89my $configovpn = "${General::swroot}/ovpn/settings";
15add1c8 90my $fwoptions = "${General::swroot}/optionsfw/settings";
2669161d 91my $ifacesettings = "${General::swroot}/ethernet/settings";
2a81ab0d
AM		 92my $errormessage='';
93my $hint='';
94my $ipgrp="${General::swroot}/outgoing/groups";
15add1c8 95my $tdcolor='';
515863e2 96my $checkorange='';
b3f4a4ef 97my @protocols;
6d8eb5de 98&General::readhash("${General::swroot}/firewall/settings", \%fwdfwsettings);
2a81ab0d
AM		 99&General::readhash("${General::swroot}/main/settings", \%mainsettings);
100&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
15add1c8 101&General::readhash($fwoptions, \%optionsfw);
2669161d 102&General::readhash($ifacesettings, \%ifaces);
931e1fed
AM		 103&General::readhash("$configovpn", \%ovpnsettings);
104&General::readhash("$configipsecrw", \%ipsecsettings);
105&General::readhasharray("$configipsec", \%ipsecconf);
2a81ab0d
AM		 106&Header::showhttpheaders();
107&Header::getcgihash(\%fwdfwsettings);
cc81c430 108&Header::openpage($Lang::tr{'firewall rules'}, 1, '');
2a81ab0d 109&Header::openbigbox('100%', 'center',$errormessage);
b88c8829
AM		 110#### JAVA SCRIPT ####
111print<<END;
112<script>
a1e89f48
MT		 113 var PROTOCOLS_WITH_PORTS = ["TCP", "UDP"];
114
115 var update_protocol = function() {
116 var protocol = \$("#protocol").val();
117
118 if (protocol === undefined)
119 return;
120
121 // Check if a template is/should be used.
122 if (protocol === "template") {
123 \$("#PROTOCOL_TEMPLATE").show();
124 } else {
125 \$("#PROTOCOL_TEMPLATE").hide();
a5cb9aca 126 }
a1e89f48
MT		 127
128 // Check if we are dealing with a protocol, that knows ports.
129 if (\$.inArray(protocol, PROTOCOLS_WITH_PORTS) >= 0) {
130 \$("#PROTOCOL_PORTS").show();
131 } else {
132 \$("#PROTOCOL_PORTS").hide();
a5cb9aca 133 }
a1e89f48
MT		 134
135 // Handle ICMP.
136 if (protocol === "ICMP") {
137 \$("#PROTOCOL_ICMP_TYPES").show();
138 } else {
139 \$("#PROTOCOL_ICMP_TYPES").hide();
a5cb9aca 140 }
a1e89f48
MT		 141 };
142
143 \$(document).ready(function() {
144 \$("#protocol").change(update_protocol);
145 update_protocol();
146
bfaa6956
SS		 147 // Show/Hide elements when NAT checkbox is checked.
148 if (\$("#USE_NAT").attr("checked")) {
149 \$("#actions").hide();
150 } else {
6bcb5ffe 151 \$(".NAT").hide();
ec6fd189
AM		 152 }
153
154 // Show NAT area when "use nat" checkbox is clicked
93e0855b 155 \$("#USE_NAT").change(function() {
6bcb5ffe 156 \$(".NAT").toggle();
bfaa6956 157 \$("#actions").toggle();
a5cb9aca 158 });
a1e89f48 159
c98b743c
SS		 160 // Hide SNAT items when DNAT is selected and vice versa.
161 if (\$('input[name=nat]:checked').val() == 'dnat') {
162 \$('.snat').hide();
163 } else {
164 \$('.dnat').hide();
165 }
166
167 // Show/Hide elements when SNAT/DNAT get changed.
168 \$('input[name=nat]').change(function() {
169 \$('.snat').toggle();
170 \$('.dnat').toggle();
171 });
172
f18c3831
MT		 173 // Time constraints
174 if(!\$("#USE_TIME_CONSTRAINTS").attr("checked")) {
175 \$("#TIME_CONSTRAINTS").hide();
176 }
177 \$("#USE_TIME_CONSTRAINTS").change(function() {
178 \$("#TIME_CONSTRAINTS").toggle();
179 });
180
79ad6f7e
AM		 181 // Limit concurrent connections per ip
182 if(!\$("#USE_LIMIT_CONCURRENT_CONNECTIONS_PER_IP").attr("checked")) {
183 \$("#LIMIT_CON").hide();
184 }
185 \$("#USE_LIMIT_CONCURRENT_CONNECTIONS_PER_IP").change(function() {
186 \$("#LIMIT_CON").toggle();
187 });
188
d8deec0b
AM		 189 // Rate-limit new connections
190 if(!\$("#USE_RATELIMIT").attr("checked")) {
191 \$("#RATELIMIT").hide();
192 }
193 \$("#USE_RATELIMIT").change(function() {
194 \$("#RATELIMIT").toggle();
195 });
196
b88c8829
AM		 197 // Automatically select radio buttons when corresponding
198 // dropdown menu changes.
199 \$("select").change(function() {
200 var id = \$(this).attr("name");
b88c8829
AM		 201 \$('#' + id).prop("checked", true);
202 });
203 });
b88c8829
AM		 204</script>
205END
206
2a81ab0d
AM		 207#### ACTION #####
208
2a81ab0d
AM		 209if ($fwdfwsettings{'ACTION'} eq 'saverule')
210{
211 &General::readhasharray("$configfwdfw", \%configfwdfw);
212 &General::readhasharray("$configinput", \%configinputfw);
5d7faa45 213 &General::readhasharray("$configoutgoing", \%configoutgoingfw);
84a05311 214 my $maxkey;
79bb8c75
AM		 215 #Set Variables according to the JQuery code in protocol section
216 if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP')
217 {
218 if ($fwdfwsettings{'SRC_PORT'} ne '')
219 {
220 $fwdfwsettings{'USE_SRC_PORT'} = 'ON';
221 }
222 if ($fwdfwsettings{'TGT_PORT'} ne '')
223 {
224 $fwdfwsettings{'USESRV'} = 'ON';
225 $fwdfwsettings{'grp3'} = 'TGT_PORT';
226 }
227 }
228 if ($fwdfwsettings{'PROT'} eq 'template')
229 {
230 $fwdfwsettings{'USESRV'} = 'ON';
231 }
2a81ab0d
AM		 232 $errormessage=&checksource;
233 if(!$errormessage){&checktarget;}
234 if(!$errormessage){&checkrule;}
abb3cfcc 235
515863e2
AM		 236 #check if manual ip (source) is orange network
237 if ($fwdfwsettings{'grp1'} eq 'src_addr'){
238 my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
239 if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
240 $checkorange='on';
241 }
242 }
243 #check useless rules
244 if( ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on') && $fwdfwsettings{'grp2'} eq 'ipfire'){
245 $errormessage.=$Lang::tr{'fwdfw useless rule'}."<br>";
246 }
c7043621 247 #check if we try to break rules
d4cb89d2 248 if( $fwdfwsettings{'grp1'} eq 'ipfire_src' && $fwdfwsettings{'grp2'} eq 'ipfire'){
cb4439f3 249 $errormessage=$Lang::tr{'fwdfw err same'};
c7043621 250 }
84a05311
AM		 251 # INPUT part
252 if ($fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE'){
5de39dea 253 $fwdfwsettings{'config'}=$configinput;
2a81ab0d 254 $fwdfwsettings{'chain'} = 'INPUTFW';
84a05311
AM		 255 $maxkey=&General::findhasharraykey(\%configinputfw);
256 %rulehash=%configinputfw;
257 }elsif ($fwdfwsettings{'grp1'} eq 'ipfire_src' ){
a0fb1099 258 # OUTGOING PART
c7043621
AM		 259 $fwdfwsettings{'config'}=$configoutgoing;
260 $fwdfwsettings{'chain'} = 'OUTGOINGFW';
84a05311
AM		 261 $maxkey=&General::findhasharraykey(\%configoutgoingfw);
262 %rulehash=%configoutgoingfw;
263 }else {
264 # FORWARD PART
5de39dea 265 $fwdfwsettings{'config'}=$configfwdfw;
2a81ab0d 266 $fwdfwsettings{'chain'} = 'FORWARDFW';
84a05311
AM		 267 $maxkey=&General::findhasharraykey(\%configfwdfw);
268 %rulehash=%configfwdfw;
269 }
270 #check if we have an identical rule already
271 if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
272 foreach my $key (sort keys %rulehash){
5ca4ae11
AM		 273 if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
274 eq "$rulehash{$key}[0],$rulehash{$key}[2],$rulehash{$key}[3],$rulehash{$key}[4],$rulehash{$key}[5],$rulehash{$key}[6],$rulehash{$key}[7],$rulehash{$key}[8],$rulehash{$key}[9],$rulehash{$key}[10],$rulehash{$key}[11],$rulehash{$key}[12],$rulehash{$key}[13],$rulehash{$key}[14],$rulehash{$key}[15],$rulehash{$key}[16],$rulehash{$key}[17],$rulehash{$key}[18],$rulehash{$key}[19],$rulehash{$key}[20],$rulehash{$key}[21],$rulehash{$key}[22],$rulehash{$key}[23],$rulehash{$key}[24],$rulehash{$key}[25],$rulehash{$key}[26],$rulehash{$key}[27],$rulehash{$key}[28],$rulehash{$key}[29],$rulehash{$key}[30],$rulehash{$key}[31],$rulehash{$key}[32],$rulehash{$key}[33],$rulehash{$key}[34],$rulehash{$key}[35],$rulehash{$key}[36]"){
84a05311
AM		 275 $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
276 if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
277 $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
278 }
279 if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){
280 $errormessage='';
281 }
282 if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
283 $fwdfwsettings{'nosave'} = 'on';
284 }
2da264ec 285 }
46a6d6c7 286 }
84a05311
AM		 287 }
288 #check Rulepos on new Rule
289 if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
290 $fwdfwsettings{'oldrulenumber'}=$maxkey;
291 foreach my $key (sort keys %rulehash){
292 if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
293 eq "$rulehash{$key}[0],$rulehash{$key}[2],$rulehash{$key}[3],$rulehash{$key}[4],$rulehash{$key}[5],$rulehash{$key}[6],$rulehash{$key}[7],$rulehash{$key}[8],$rulehash{$key}[9],$rulehash{$key}[10],$rulehash{$key}[11],$rulehash{$key}[12],$rulehash{$key}[13],$rulehash{$key}[14],$rulehash{$key}[15],$rulehash{$key}[18],$rulehash{$key}[19],$rulehash{$key}[20],$rulehash{$key}[21],$rulehash{$key}[22],$rulehash{$key}[23],$rulehash{$key}[24],$rulehash{$key}[25],$rulehash{$key}[26],$rulehash{$key}[27],$rulehash{$key}[28],$rulehash{$key}[29],$rulehash{$key}[30],$rulehash{$key}[31],$rulehash{$key}[32],$rulehash{$key}[33],$rulehash{$key}[34],$rulehash{$key}[35],$rulehash{$key}[36]"){
294 $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
70d38e50
AM		 295 }
296 }
84a05311
AM		 297 }
298 #check if we just close a rule
299 if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}){
300 if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
301 $fwdfwsettings{'nosave2'} = 'on';
302 $errormessage='';
992394d5 303 }
84a05311
AM		 304 }
305 #check max concurrent connections per ip address
306 if ($fwdfwsettings{'LIMIT_CON_CON'} eq 'ON'){
307 if (!($fwdfwsettings{'concon'} =~ /^(\d+)$/)) {
308 $errormessage.=$Lang::tr{'fwdfw err concon'};
79ad6f7e 309 }
84a05311
AM		 310 }else{
311 $fwdfwsettings{'concon'}='';
312 }
313 #check ratelimit value
314 if ($fwdfwsettings{'RATE_LIMIT'} eq 'ON'){
315 if (!($fwdfwsettings{'ratecon'} =~ /^(\d+)$/)) {
316 $errormessage.=$Lang::tr{'fwdfw err ratecon'};
d8deec0b 317 }
84a05311
AM		 318 }else{
319 $fwdfwsettings{'ratecon'}='';
320 }
321 #increase counters
322 if (!$errormessage){
323 if ($fwdfwsettings{'nosave2'} ne 'on'){
324 &saverule(\%rulehash,$fwdfwsettings{'config'});
2a81ab0d 325 }
2a81ab0d
AM		 326 }
327 if ($errormessage){
328 &newrule;
329 }else{
992394d5 330 if($fwdfwsettings{'nosave2'} ne 'on'){
0e430797 331 &General::firewall_config_changed();
992394d5 332 }
2a81ab0d
AM		 333 &base;
334 }
2a81ab0d 335}
2a81ab0d
AM		 336if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw newrule'})
337{
338 &newrule;
339}
340if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw toggle'})
341{
342 my %togglehash=();
343 &General::readhasharray($fwdfwsettings{'config'}, \%togglehash);
344 foreach my $key (sort keys %togglehash){
345 if ($key eq $fwdfwsettings{'key'}){
346 if ($togglehash{$key}[2] eq 'ON'){$togglehash{$key}[2]='';}else{$togglehash{$key}[2]='ON';}
347 }
348 }
349 &General::writehasharray($fwdfwsettings{'config'}, \%togglehash);
0e430797 350 &General::firewall_config_changed();
2a81ab0d
AM		 351 &base;
352}
353if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw togglelog'})
354{
355 my %togglehash=();
356 &General::readhasharray($fwdfwsettings{'config'}, \%togglehash);
357 foreach my $key (sort keys %togglehash){
358 if ($key eq $fwdfwsettings{'key'}){
359 if ($togglehash{$key}[17] eq 'ON'){$togglehash{$key}[17]='';}else{$togglehash{$key}[17]='ON';}
360 }
361 }
362 &General::writehasharray($fwdfwsettings{'config'}, \%togglehash);
0e430797 363 &General::firewall_config_changed();
2a81ab0d
AM		 364 &base;
365}
366if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'})
367{
0e430797 368 &General::firewall_reload();
2a81ab0d
AM		 369 &base;
370}
371if ($fwdfwsettings{'ACTION'} eq 'editrule')
372{
373 $fwdfwsettings{'updatefwrule'}='on';
374 &newrule;
375}
376if ($fwdfwsettings{'ACTION'} eq 'deleterule')
377{
378 &deleterule;
379}
380if ($fwdfwsettings{'ACTION'} eq 'moveup')
381{
382 &pos_up;
383 &base;
384}
385if ($fwdfwsettings{'ACTION'} eq 'movedown')
386{
387 &pos_down;
388 &base;
389}
390if ($fwdfwsettings{'ACTION'} eq 'copyrule')
391{
392 $fwdfwsettings{'copyfwrule'}='on';
2a81ab0d
AM		 393 &newrule;
394}
653a71b9 395if ($fwdfwsettings{'ACTION'} eq '' or $fwdfwsettings{'ACTION'} eq 'reset')
2a81ab0d
AM		 396{
397 &base;
398}
399### Functions ####
8013bd0a 400sub addrule
2a81ab0d 401{
8013bd0a 402 &error;
85d6e8a9 403
c03d4a5e 404 &Header::openbox('100%', 'left', "");
85d6e8a9
MT		 405 print <<END;
406 <form method="POST" action="">
407 <table border='0' width="100%">
408 <tr>
c03d4a5e 409 <td align='center'>
85d6e8a9 410 <input type='submit' name='ACTION' value='$Lang::tr{'fwdfw newrule'}'>
85d6e8a9
MT		 411END
412
0e430797 413 if (&General::firewall_needs_reload()) {
85d6e8a9
MT		 414 print <<END;
415 <input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-weight: bold; color: green;'>
416END
417 }
418
419 print <<END;
420 </td>
421 </tr>
422 </table>
423 </form>
424
c03d4a5e 425 <br>
85d6e8a9 426END
c03d4a5e 427
8013bd0a
AM		 428 &Header::closebox();
429 &viewtablerule;
2a81ab0d
AM		 430}
431sub base
432{
2a81ab0d 433 &hint;
7bd9d462 434 &addrule;
2a81ab0d 435}
8013bd0a 436sub changerule
2a81ab0d 437{
8013bd0a
AM		 438 my $oldchain=shift;
439 $fwdfwsettings{'updatefwrule'}='';
440 $fwdfwsettings{'config'}=$oldchain;
441 $fwdfwsettings{'nobase'}='on';
442 &deleterule;
2a81ab0d
AM		 443}
444sub checksource
445{
446 my ($ip,$subnet);
2a81ab0d
AM		 447 #check ip-address if manual
448 if ($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} ne ''){
449 #check if ip with subnet
450 if ($fwdfwsettings{'src_addr'} =~ /^(.*?)\/(.*?)$/) {
451 ($ip,$subnet)=split (/\//,$fwdfwsettings{'src_addr'});
452 $subnet = &General::iporsubtocidr($subnet);
b5269091 453 $fwdfwsettings{'isip'}='on';
2a81ab0d
AM		 454 }
455 #check if only ip
456 if($fwdfwsettings{'src_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
457 $ip=$fwdfwsettings{'src_addr'};
458 $subnet = '32';
b5269091 459 $fwdfwsettings{'isip'}='on';
2a81ab0d 460 }
36196d0d 461
b5269091 462 if ($fwdfwsettings{'isip'} ne 'on'){
ab4fe66f
AM		 463 if (&General::validmac($fwdfwsettings{'src_addr'})){
464 $fwdfwsettings{'ismac'}='on';
465 }
b5269091
AM		 466 }
467 if ($fwdfwsettings{'isip'} eq 'on'){
931e1fed
AM		 468 ##check if ip is valid
469 if (! &General::validip($ip)){
470 $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
471 return $errormessage;
472 }
b5269091
AM		 473 #check and form valid IP
474 $ip=&General::ip2dec($ip);
475 $ip=&General::dec2ip($ip);
476 #check if net or broadcast
d9b691e1 477 $fwdfwsettings{'src_addr'}="$ip/$subnet";
b5269091
AM		 478 if(!&General::validipandmask($fwdfwsettings{'src_addr'})){
479 $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
931e1fed 480 return $errormessage;
b5269091
AM		 481 }
482 }
483 if ($fwdfwsettings{'isip'} ne 'on' && $fwdfwsettings{'ismac'} ne 'on'){
2a81ab0d 484 $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
931e1fed 485 return $errormessage;
2a81ab0d
AM		 486 }
487 }elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){
2610f393 488 $fwdfwsettings{'grp1'}='std_net_src';
9556a0fb 489 $fwdfwsettings{$fwdfwsettings{'grp1'}} = 'ALL';
2a81ab0d 490 }
62fc8511 491
2a81ab0d
AM		 492 #check empty fields
493 if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}."<br>";}
8f0b047b
AM		 494 if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'SRC_PORT'} ne ''){
495 my @parts=split(",",$fwdfwsettings{'SRC_PORT'});
496 my @values=();
497 foreach (@parts){
498 chomp($_);
829697d0 499 if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
8f0b047b
AM		 500 my $check;
501 #change dashes with :
502 $_=~ tr/-/:/;
503 if ($_ eq "*") {
504 push(@values,"1:65535");
505 $check='on';
506 }
829697d0 507 if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
8f0b047b
AM		 508 push(@values,"1:$2");
509 $check='on';
510 }
829697d0 511 if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/ ) {
8f0b047b
AM		 512 push(@values,"$1:65535");
513 $check='on'
514 }
515 $errormessage .= &General::validportrange($_, 'destination');
516 if(!$check){
517 push (@values,$_);
518 }
519 }else{
520 if (&General::validport($_)){
521 push (@values,$_);
522 }else{
523
524 }
525 }
2a81ab0d 526 }
8f0b047b 527 $fwdfwsettings{'SRC_PORT'}=join("|",@values);
2a81ab0d 528 }
931e1fed 529 return $errormessage;
2a81ab0d
AM		 530}
531sub checktarget
532{
533 my ($ip,$subnet);
a6edca5a 534 &General::readhasharray("$configsrv", \%customservice);
bc912c6e 535 #check DNAT settings (has to be single Host and single Port or portrange)
a6edca5a
AM		 536 if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){
537 if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){
a6edca5a
AM		 538 #check if manual ip is a single Host (if set)
539 if ($fwdfwsettings{'grp2'} eq 'tgt_addr'){
540 my @tmp= split (/\./,$fwdfwsettings{$fwdfwsettings{'grp2'}});
541 my @tmp1= split ("/",$tmp[3]);
542 if (($tmp1[0] eq "0") || ($tmp1[0] eq "255"))
543 {
544 $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
931e1fed 545 return $errormessage;
a6edca5a
AM		 546 }
547 }
bc912c6e 548 #check if Port is a single Port or portrange
a6edca5a 549 if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
a4c7bf6b 550 if(($fwdfwsettings{'PROT'} ne 'TCP'|| $fwdfwsettings{'PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){
a6edca5a 551 $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
931e1fed 552 return $errormessage;
a6edca5a 553 }
a4c7bf6b 554 if (($fwdfwsettings{'PROT'} eq 'TCP'|| $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PORT'})){
a6edca5a 555 $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
931e1fed 556 return $errormessage;
a6edca5a
AM		 557 }
558 }
559 }else{
896eb2d6
AM		 560 if ($fwdfwsettings{'grp2'} ne 'ipfire'){
561 $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
562 return $errormessage;
563 }
a6edca5a
AM		 564 }
565 }
2a81ab0d
AM		 566 if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){
567 #check if ip with subnet
568 if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) {
569 ($ip,$subnet)=split (/\//,$fwdfwsettings{'tgt_addr'});
570 $subnet = &General::iporsubtocidr($subnet);
571 }
572 #check if only ip
573 if($fwdfwsettings{'tgt_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
574 $ip=$fwdfwsettings{'tgt_addr'};
575 $subnet='32';
576 }
931e1fed
AM		 577 #check if ip is valid
578 if (! &General::validip($ip)){
579 $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
580 return $errormessage;
581 }
2a81ab0d
AM		 582 #check and form valid IP
583 $ip=&General::ip2dec($ip);
584 $ip=&General::dec2ip($ip);
d9b691e1 585 $fwdfwsettings{'tgt_addr'}="$ip/$subnet";
2a81ab0d
AM		 586 if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
587 $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
931e1fed 588 return $errormessage;
2a81ab0d 589 }
2a81ab0d 590 }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){
2610f393 591 $fwdfwsettings{'grp2'}='std_net_tgt';
9556a0fb 592 $fwdfwsettings{$fwdfwsettings{'grp2'}} = 'ALL';
2a81ab0d 593 }
d334d7cb
AM		 594 #check for mac in targetgroup
595 if ($fwdfwsettings{'grp2'} eq 'cust_grp_tgt'){
596 &General::readhasharray("$configgrp", \%customgrp);
597 &General::readhasharray("$confighost", \%customhost);
598 foreach my $grpkey (sort keys %customgrp){
599 foreach my $hostkey (sort keys %customhost){
600 if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customhost{$hostkey}[1] eq 'mac'){
601 $hint=$Lang::tr{'fwdfw hint mac'};
602 return $hint;
603 }
604 }
605 }
606 }
2a81ab0d
AM		 607 #check empty fields
608 if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."<br>";}
2a81ab0d
AM		 609 #check tgt services
610 if ($fwdfwsettings{'USESRV'} eq 'ON'){
611 if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
612 $fwdfwsettings{'TGT_PROT'}='';
613 $fwdfwsettings{'ICMP_TGT'}='';
a4c7bf6b 614 $fwdfwsettings{'TGT_PORT'}='';
2a81ab0d
AM		 615 }
616 if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){
617 $fwdfwsettings{'TGT_PROT'}='';
618 $fwdfwsettings{'ICMP_TGT'}='';
a4c7bf6b 619 $fwdfwsettings{'TGT_PORT'}='';
2a81ab0d
AM		 620 #check target service
621 if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq ''){
622 $errormessage.=$Lang::tr{'fwdfw err tgt_grp'};
623 }
624 }
625 if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){
a4c7bf6b 626 if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP'){
2a81ab0d 627 if ($fwdfwsettings{'TGT_PORT'} ne ''){
08e1c65d 628 if ($fwdfwsettings{'TGT_PORT'} =~ "," && $fwdfwsettings{'USE_NAT'} && $fwdfwsettings{'nat'} eq 'dnat') {
829697d0 629 $errormessage=$Lang::tr{'fwdfw dnat porterr'}."<br>";
931e1fed 630 return $errormessage;
829697d0 631 }
8f0b047b
AM		 632 my @parts=split(",",$fwdfwsettings{'TGT_PORT'});
633 my @values=();
634 foreach (@parts){
635 chomp($_);
829697d0 636 if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
8f0b047b
AM		 637 my $check;
638 #change dashes with :
639 $_=~ tr/-/:/;
640 if ($_ eq "*") {
641 push(@values,"1:65535");
642 $check='on';
643 }
829697d0 644 if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
8f0b047b
AM		 645 push(@values,"1:$2");
646 $check='on';
647 }
829697d0 648 if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/) {
8f0b047b
AM		 649 push(@values,"$1:65535");
650 $check='on'
651 }
652 $errormessage .= &General::validportrange($_, 'destination');
653 if(!$check){
654 push (@values,$_);
655 }
656 }else{
657 if (&General::validport($_)){
658 push (@values,$_);
659 }else{
d0f8bbc1
AM		 660 $errormessage=$Lang::tr{'fwdfw err tgt_port'};
661 return $errormessage;
8f0b047b
AM		 662 }
663 }
2a81ab0d 664 }
8f0b047b 665 $fwdfwsettings{'TGT_PORT'}=join("|",@values);
2a81ab0d 666 }
a4c7bf6b 667 }elsif ($fwdfwsettings{'PROT'} eq 'GRE'){
d1f01304 668 $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
bcbf1b8e 669 $fwdfwsettings{'TGT_PORT'} = '';
62fc8511 670 $fwdfwsettings{'ICMP_TGT'} = '';
a4c7bf6b 671 }elsif ($fwdfwsettings{'PROT'} eq 'ESP'){
d1f01304 672 $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
bcbf1b8e 673 $fwdfwsettings{'TGT_PORT'} = '';
d1f01304 674 $fwdfwsettings{'ICMP_TGT'}='';
a4c7bf6b 675 }elsif ($fwdfwsettings{'PROT'} eq 'AH'){
d1f01304 676 $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
bcbf1b8e 677 $fwdfwsettings{'TGT_PORT'} = '';
62fc8511 678 $fwdfwsettings{'ICMP_TGT'}='';
a4c7bf6b 679 }elsif ($fwdfwsettings{'PROT'} eq 'ICMP'){
d1f01304 680 $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
bcbf1b8e 681 $fwdfwsettings{'TGT_PORT'} = '';
2a81ab0d
AM		 682 }
683 }
684 }
2a81ab0d
AM		 685 #check targetport
686 if ($fwdfwsettings{'USESRV'} ne 'ON'){
687 $fwdfwsettings{'grp3'}='';
688 $fwdfwsettings{$fwdfwsettings{'grp3'}}='';
2a81ab0d
AM		 689 $fwdfwsettings{'ICMP_TGT'}='';
690 }
2a81ab0d
AM		 691 #check timeframe
692 if($fwdfwsettings{'TIME'} eq 'ON'){
693 if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && $fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && $fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && $fwdfwsettings{'TIME_SUN'} eq ''){
694 $errormessage=$Lang::tr{'fwdfw err time'};
931e1fed 695 return $errormessage;
2a81ab0d
AM		 696 }
697 }
2a81ab0d
AM		 698 return $errormessage;
699}
a6edca5a
AM		 700sub check_natport
701{
702 my $val=shift;
829697d0
AM		 703 if($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} ne ''){
704 if ($fwdfwsettings{'dnatport'} =~ /^(\d+)\-(\d+)$/) {
705 $fwdfwsettings{'dnatport'} =~ tr/-/:/;
706 if ($fwdfwsettings{'dnatport'} eq "*") {
707 $fwdfwsettings{'dnatport'}="1:65535";
708 }
709 if ($fwdfwsettings{'dnatport'} =~ /^(\D)\:(\d+)$/) {
710 $fwdfwsettings{'dnatport'} = "1:$2";
711 }
712 if ($fwdfwsettings{'dnatport'} =~ /^(\d+)\:(\D)$/) {
713 $fwdfwsettings{'dnatport'} ="$1:65535";
714 }
715 }
716 return 1;
717 }
718 if ($val =~ "," || $val>65536 || $val<0){
a6edca5a
AM		 719 return 0;
720 }
721 return 1;
722}
2a81ab0d
AM		 723sub checkrule
724{
a6edca5a
AM		 725 #check valid port for NAT
726 if($fwdfwsettings{'USE_NAT'} eq 'ON'){
f5f71c79 727 #RULE_ACTION must be ACCEPT if we use NAT
8e713726
AM		 728 $fwdfwsettings{'RULE_ACTION'} = 'ACCEPT';
729
f5f71c79
AM		 730 #if no dnat or snat selected errormessage
731 if ($fwdfwsettings{'nat'} eq ''){
732 $errormessage=$Lang::tr{'fwdfw dnat nochoice'};
733 return;
734 }
735
736 #if using snat, the external port has to be empty
737 if ($fwdfwsettings{'nat'} eq 'snat' && $fwdfwsettings{'dnatport'} ne ''){
738 $errormessage=$Lang::tr{'fwdfw dnat extport'};
739 return;
740 }
3c037075 741 #if no dest port is given in nat area, take target host port
a6edca5a 742 if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$fwdfwsettings{'TGT_PORT'};}
0051027b 743 if($fwdfwsettings{'TGT_PORT'} eq '' && $fwdfwsettings{'dnatport'} ne '' && ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP')){
3c037075 744 $errormessage=$Lang::tr{'fwdfw dnat porterr2'};
f5f71c79 745 return;
3c037075 746 }
bc912c6e 747 #check if port given in nat area is a single valid port or portrange
98cee89f 748 if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'dnatport'})){
a6edca5a 749 $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
98cee89f 750 }elsif($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'grp3'} eq 'cust_srv'){
a6edca5a 751 my $custsrvport;
f5f71c79 752 #get service Protocol and Port
a6edca5a
AM		 753 foreach my $key (sort keys %customservice){
754 if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]){
755 if ($customservice{$key}[2] ne 'TCP' && $customservice{$key}[2] ne 'UDP'){
756 $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
757 }
758 $custsrvport= $customservice{$key}[1];
759 }
760 }
761 if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$custsrvport;}
762 }
98cee89f
AM		 763 #check if DNAT port is multiple
764 if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} ne ''){
765 my @parts=split(",",$fwdfwsettings{'dnatport'});
766 my @values=();
767 foreach (@parts){
768 chomp($_);
769 if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
770 my $check;
771 #change dashes with :
772 $_=~ tr/-/:/;
773 if ($_ eq "*") {
774 push(@values,"1:65535");
775 $check='on';
776 }
777 if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
778 push(@values,"1:$2");
779 $check='on';
780 }
781 if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/) {
782 push(@values,"$1:65535");
783 $check='on'
784 }
785 $errormessage .= &General::validportrange($_, 'destination');
786 if(!$check){
787 push (@values,$_);
788 }
789 }else{
790 if (&General::validport($_)){
791 push (@values,$_);
792 }else{
793
794 }
795 }
796 }
797 $fwdfwsettings{'dnatport'}=join("|",@values);
798 }
ce2dbe92
AM		 799 #check if a rule with prot tcp or udp and ports is edited and now prot is "all", then delete all ports
800 if($fwdfwsettings{'PROT'} eq ''){
801 $fwdfwsettings{'dnatport'}='';
802 }
a6edca5a 803 }
2a81ab0d
AM		 804 #check valid remark
805 if ($fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
806 $errormessage.=$Lang::tr{'fwdfw err remark'}."<br>";
807 }
808 #check if source and target identical
59c2888b 809 if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ALL' && $fwdfwsettings{'grp2'} ne 'ipfire'){
cb4439f3 810 $errormessage=$Lang::tr{'fwdfw err same'};
2a81ab0d
AM		 811 return $errormessage;
812 }
2a81ab0d
AM		 813 #get source and targetip address if possible
814 my ($sip,$scidr,$tip,$tcidr);
815 ($sip,$scidr)=&get_ip("src","grp1");
816 ($tip,$tcidr)=&get_ip("tgt","grp2");
2a81ab0d
AM		 817 #check same iprange in source and target
818 if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){
2a81ab0d
AM		 819 my $networkip1=&General::getnetworkip($sip,$scidr);
820 my $networkip2=&General::getnetworkip($tip,$tcidr);
821 if ($scidr gt $tcidr){
210ee67b 822 if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr))){
2a81ab0d
AM		 823 $errormessage.=$Lang::tr{'fwdfw err samesub'};
824 }
8013bd0a
AM		 825 }elsif($scidr eq $tcidr && $scidr eq '32'){
826 my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(/\./,$networkip1);
827 my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(/\./,$networkip2);
828 if ($sbyte1 eq $tbyte1 && $sbyte2 eq $tbyte2 && $sbyte3 eq $tbyte3){
829 $hint=$Lang::tr{'fwdfw hint ip1'}."<br>";
830 $hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr<br>";
831 }
832 }else{
833 if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
834 $errormessage.=$Lang::tr{'fwdfw err samesub'};
835 }
836 }
837 }
35ca8e02 838 #when icmp selected, no source and targetport allowed
79bb8c75 839 if (($fwdfwsettings{'PROT'} ne '' && $fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP' && $fwdfwsettings{'PROT'} ne 'template') && ($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq 'ON')){
e6e9a811
AM		 840 $errormessage.=$Lang::tr{'fwdfw err prot_port'};
841 return;
842 }
843 #change protocol if prot not equal dest single service
a4c7bf6b
AM		 844 if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
845 foreach my $key (sort keys %customservice){
846 if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){
847 if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){
848 $fwdfwsettings{'PROT'} = $customservice{$key}[2];
849 last;
8013bd0a
AM		 850 }
851 }
852 }
853 }
a4c7bf6b
AM		 854 #check source and destination protocol if source manual and dest servicegroup
855 if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){
856 $fwdfwsettings{'PROT'} = '';
72586f0f 857 }
a4c7bf6b 858 #ATTENTION: $fwdfwsetting{'TGT_PROT'} deprecated since 30.09.2013
fadcfb73 859 $fwdfwsettings{'TGT_PROT'}=''; #Set field empty (deprecated)
a4c7bf6b
AM		 860 #Check ICMP Types
861 if ($fwdfwsettings{'PROT'} eq 'ICMP'){
862 $fwdfwsettings{'USE_SRC_PORT'}='';
863 $fwdfwsettings{'SRC_PORT'}='';
e6e9a811 864 #$fwdfwsettings{'USESRV'}='';
a4c7bf6b
AM		 865 $fwdfwsettings{'TGT_PORT'}='';
866 &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
867 foreach my $key (keys %icmptypes){
868 if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}[1])"){
869 $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]";
870 }
871 }
872 }elsif($fwdfwsettings{'PROT'} eq 'GRE'){
873 $fwdfwsettings{'USE_SRC_PORT'}='';
874 $fwdfwsettings{'SRC_PORT'}='';
875 $fwdfwsettings{'ICMP_TYPES'}='';
876 $fwdfwsettings{'USESRV'}='';
877 $fwdfwsettings{'TGT_PORT'}='';
878 }elsif($fwdfwsettings{'PROT'} eq 'ESP'){
879 $fwdfwsettings{'USE_SRC_PORT'}='';
880 $fwdfwsettings{'SRC_PORT'}='';
881 $fwdfwsettings{'ICMP_TYPES'}='';
882 $fwdfwsettings{'USESRV'}='';
883 $fwdfwsettings{'TGT_PORT'}='';
884 }elsif($fwdfwsettings{'PROT'} eq 'AH'){
885 $fwdfwsettings{'USE_SRC_PORT'}='';
886 $fwdfwsettings{'SRC_PORT'}='';
887 $fwdfwsettings{'ICMP_TYPES'}='';
888 $fwdfwsettings{'USESRV'}='';
889 $fwdfwsettings{'TGT_PORT'}='';
79bb8c75
AM		 890 }elsif($fwdfwsettings{'PROT'} eq 'IGMP'){
891 $fwdfwsettings{'USE_SRC_PORT'}='';
892 $fwdfwsettings{'SRC_PORT'}='';
893 $fwdfwsettings{'ICMP_TYPES'}='';
894 $fwdfwsettings{'USESRV'}='';
895 $fwdfwsettings{'TGT_PORT'}='';
11760a70
AM		 896 }elsif($fwdfwsettings{'PROT'} eq 'IPv6'){
897 $fwdfwsettings{'USE_SRC_PORT'}='';
898 $fwdfwsettings{'SRC_PORT'}='';
899 $fwdfwsettings{'ICMP_TYPES'}='';
900 $fwdfwsettings{'USESRV'}='';
901 $fwdfwsettings{'TGT_PORT'}='';
902 }elsif($fwdfwsettings{'PROT'} eq 'IPIP'){
903 $fwdfwsettings{'USE_SRC_PORT'}='';
904 $fwdfwsettings{'SRC_PORT'}='';
905 $fwdfwsettings{'ICMP_TYPES'}='';
906 $fwdfwsettings{'USESRV'}='';
907 $fwdfwsettings{'TGT_PORT'}='';
35ca8e02 908 }elsif($fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP'){
a4c7bf6b 909 $fwdfwsettings{'ICMP_TYPES'}='';
35ca8e02
AM		 910 $fwdfwsettings{'SRC_PORT'}='';
911 $fwdfwsettings{'TGT_PORT'}='';
a4c7bf6b
AM		 912 }elsif($fwdfwsettings{'PROT'} ne 'ICMP'){
913 $fwdfwsettings{'ICMP_TYPES'}='';
914 }
8013bd0a 915}
931e1fed
AM		 916sub checkvpn
917{
918 my $ip=shift;
919 #Test if manual IP is part of static OpenVPN networks
920 &General::readhasharray("$configccdnet", \%ccdnet);
921 foreach my $key (sort keys %ccdnet){
922 my ($vpnip,$vpnsubnet) = split ("/",$ccdnet{$key}[1]);
923 my $sub=&General::iporsubtodec($vpnsubnet);
924 if (&General::IpInSubnet($ip,$vpnip,$sub)){
925 return 0;
926 }
927 }
928 # A Test if manual ip is part of dynamic openvpn subnet is made in getcolor
929 # because if one creates a custom host with the ip, we need to check the color there!
930 # It does not make sense to check this here
931
932 # Test if manual IP is part of an OpenVPN N2N subnet does also not make sense here
933 # Is also checked in getcolor
934
935 # Test if manual ip is part of an IPsec Network is also checked in getcolor
936 return 1;
937}
938sub checkvpncolor
939{
940
8013bd0a
AM		 941}
942sub deleterule
943{
944 my %delhash=();
945 &General::readhasharray($fwdfwsettings{'config'}, \%delhash);
946 foreach my $key (sort {$a <=> $b} keys %delhash){
8013bd0a
AM		 947 if ($key >= $fwdfwsettings{'key'}) {
948 my $next = $key + 1;
949 if (exists $delhash{$next}) {
950 foreach my $i (0 .. $#{$delhash{$next}}) {
951 $delhash{$key}[$i] = $delhash{$next}[$i];
952 }
953 }
954 }
955 }
956 # Remove the very last entry.
957 my $last_key = (sort {$a <=> $b} keys %delhash)[-1];
958 delete $delhash{$last_key};
959
960 &General::writehasharray($fwdfwsettings{'config'}, \%delhash);
0e430797 961 &General::firewall_config_changed();
8013bd0a
AM		 962
963 if($fwdfwsettings{'nobase'} ne 'on'){
964 &base;
965 }
966}
fd169d0a
AM		 967sub del_double
968{
969 my %all=();
970 @all{@_}=1;
971 return (keys %all);
972}
8013bd0a
AM		 973sub disable_rule
974{
975 my $key1=shift;
976 &General::readhasharray("$configfwdfw", \%configfwdfw);
977 foreach my $key (sort keys %configfwdfw){
978 if ($key eq $key1 ){
979 if ($configfwdfw{$key}[2] eq 'ON'){$configfwdfw{$key}[2]='';}
980 }
981 }
982 &General::writehasharray("$configfwdfw", \%configfwdfw);
0e430797 983 &General::firewall_config_changed();
8013bd0a 984}
8013bd0a
AM		 985sub error
986{
987 if ($errormessage) {
988 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
989 print "<class name='base'>$errormessage\n";
990 print "&nbsp;</class>\n";
991 &Header::closebox();
8013bd0a
AM		 992 }
993}
994sub fillselect
995{
996 my %hash=%{(shift)};
997 my $val=shift;
998 my $key;
eff2dbf8 999 foreach my $key (sort { ncmp($hash{$a}[0],$hash{$b}[0]) } keys %hash){
8013bd0a
AM		 1000 if($hash{$key}[0] eq $val){
1001 print"<option value='$hash{$key}[0]' selected>$hash{$key}[0]</option>";
1002 }else{
1003 print"<option value='$hash{$key}[0]'>$hash{$key}[0]</option>";
1004 }
1005 }
1006}
1007sub gen_dd_block
1008{
1009 my $srctgt = shift;
1010 my $grp=shift;
1011 my $helper='';
1012 my $show='';
1013 $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
1014 $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
1015 $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
1016 $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
1017 $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
1018 $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
1019 $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
1020 $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
1021 $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
1022 $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
1023 $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED';
1024 $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED';
1025 $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
1026 $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
1027 $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
1028 $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
1029 $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
a0fb1099 1030 $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
8013bd0a
AM		 1031 $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
1032print<<END;
1033 <table width='100%' border='0'>
1034 <tr><td width='50%' valign='top'>
f5f71c79 1035 <table width='95%' border='0'>
b88c8829 1036 <tr><td width='1%'><input type='radio' name='$grp' id='std_net_$srctgt' value='std_net_$srctgt' $checked{$grp}{'std_net_'.$srctgt}></td><td>$Lang::tr{'fwhost stdnet'}</td><td align='right'><select name='std_net_$srctgt' style='width:200px;'>
8013bd0a
AM		 1037END
1038 foreach my $network (sort keys %defaultNetworks)
1039 {
a0fb1099 1040 next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
8013bd0a
AM		 1041 print "<option value='$defaultNetworks{$network}{'NAME'}'";
1042 print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $defaultNetworks{$network}{'NAME'});
3b2ad4a1 1043 my $defnet="$defaultNetworks{$network}{'NAME'}_NETADDRESS";
1a8fde0e
AM		 1044 my $defsub="$defaultNetworks{$network}{'NAME'}_NETMASK";
1045 my $defsub1=&General::subtocidr($ifaces{$defsub});
7326051e 1046 $ifaces{$defnet}='' if ($defaultNetworks{$network}{'NAME'} eq 'RED');
a0fb1099 1047 if ($ifaces{$defnet}){
1a8fde0e 1048 print ">$network ($ifaces{$defnet}/$defsub1)</option>";
a0fb1099
AM		 1049 }else{
1050 print ">$network</option>";
1051 }
8013bd0a
AM		 1052 }
1053 print"</select></td></tr>";
1054 #custom networks
d9987841 1055 if (! -z $confignet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
b88c8829 1056 print"<tr><td><input type='radio' name='$grp' id='cust_net_$srctgt' value='cust_net_$srctgt' $checked{$grp}{'cust_net_'.$srctgt}></td><td>$Lang::tr{'fwhost cust net'}</td><td align='right'><select name='cust_net_$srctgt' style='width:200px;'>";
8013bd0a
AM		 1057 &fillselect(\%customnetwork,$fwdfwsettings{$fwdfwsettings{$grp}});
1058 print"</select></td>";
1059 }
1060 #custom hosts
d9987841 1061 if (! -z $confighost || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
b88c8829 1062 print"<tr><td><input type='radio' name='$grp' id='cust_host_$srctgt' value='cust_host_$srctgt' $checked{$grp}{'cust_host_'.$srctgt}></td><td>$Lang::tr{'fwhost cust addr'}</td><td align='right'><select name='cust_host_$srctgt' style='width:200px;'>";
8013bd0a
AM		 1063 &fillselect(\%customhost,$fwdfwsettings{$fwdfwsettings{$grp}});
1064 print"</select></td>";
1065 }
1066 #custom groups
d9987841 1067 if (! -z $configgrp || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
b88c8829 1068 print"<tr><td valign='top'><input type='radio' name='$grp' id='cust_grp_$srctgt' value='cust_grp_$srctgt' $checked{$grp}{'cust_grp_'.$srctgt}></td><td >$Lang::tr{'fwhost cust grp'}</td><td align='right'><select name='cust_grp_$srctgt' style='width:200px;'>";
eff2dbf8 1069 foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } keys %customgrp) {
aeefcc9c 1070 if($helper ne $customgrp{$key}[0] && $customgrp{$key}[2] ne 'none'){
8013bd0a
AM		 1071 print"<option ";
1072 print "selected='selected' " if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $customgrp{$key}[0]);
1073 print ">$customgrp{$key}[0]</option>";
1074 }
1075 $helper=$customgrp{$key}[0];
1076 }
1077 print"</select></td>";
1078 }
c0a97a0f
SS		 1079 # geoip locations / groups.
1080 my @geoip_locations = &fwlib::get_geoip_locations();
1081
1082 print "<tr>\n";
1083 print "<td valign='top'><input type='radio' name='$grp' id='cust_geoip_$srctgt' value='cust_geoip_$srctgt' $checked{$grp}{'cust_geoip_'.$srctgt}></td>\n";
1084 print "<td>$Lang::tr{'geoip'}</td>\n";
1085 print "<td align='right'><select name='cust_geoip_$srctgt' style='width:200px;'>\n";
1086
1087 # Add GeoIP groups to dropdown.
1088 if (!-z $configgeoipgrp) {
1089 print "<optgroup label='$Lang::tr{'fwhost cust geoipgroup'}'>\n";
1090 foreach my $key (sort { ncmp($customgeoipgrp{$a}[0],$customgeoipgrp{$b}[0]) } keys %customgeoipgrp) {
1091 my $selected;
1092
1093 # Generate stored value for select detection.
1094 my $stored = join(':', "group",$customgeoipgrp{$key}[0]);
1095
1096 # Only show a group once and group with elements.
1097 if($helper ne $customgeoipgrp{$key}[0] && $customgeoipgrp{$key}[2] ne 'none') {
1098 # Mark current entry as selected.
1099 if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $stored) {
1100 $selected = "selected='selected'";
1101 }
1102 print"<option $selected value='group:$customgeoipgrp{$key}[0]'>$customgeoipgrp{$key}[0]</option>\n";
1103 }
1104 $helper=$customgeoipgrp{$key}[0];
1105 }
1106 print "</optgroup>\n";
1107 }
1108
1109 # Add locations.
1110 print "<optgroup label='$Lang::tr{'fwhost cust geoiplocation'}'>\n";
1111 foreach my $location (@geoip_locations) {
1112 # Get country name.
1113 my $country_name = &GeoIP::get_full_country_name($location);
1114
1115 # Mark current entry as selected.
1116 my $selected;
1117 if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $location) {
1118 $selected = "selected='selected'";
1119 }
1120 print "<option $selected value='$location'>$location - $country_name</option>\n";
1121 }
1122 print "</optgroup>\n";
1123
1124 # Close GeoIP dropdown.
1125 print "</select></td>\n";
1126
8013bd0a 1127 #End left table. start right table (vpn)
f5f71c79 1128 print"</tr></table></td><td valign='top'><table width='95%' border='0' align='right'><tr>";
8013bd0a 1129 # CCD networks
d9987841 1130 if( ! -z $configccdnet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
b88c8829 1131 print"<td width='1%'><input type='radio' name='$grp' id='ovpn_net_$srctgt' value='ovpn_net_$srctgt' $checked{$grp}{'ovpn_net_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_net_$srctgt' style='width:200px;'>";
8013bd0a
AM		 1132 &fillselect(\%ccdnet,$fwdfwsettings{$fwdfwsettings{$grp}});
1133 print"</select></td></tr>";
1134 }
1135 #OVPN CCD Hosts
eff2dbf8 1136 foreach my $key (sort { ncmp($ccdhost{$a}[0],$ccdhost{$b}[0]) } keys %ccdhost){
d9987841 1137 if ($ccdhost{$key}[33] ne '' ){
b88c8829 1138 print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_host_$srctgt' value='ovpn_host_$srctgt' $checked{$grp}{'ovpn_host_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_host_$srctgt' style='width:200px;'>" if ($show eq '');
8013bd0a
AM		 1139 $show='1';
1140 print "<option value='$ccdhost{$key}[1]'";
1141 print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $ccdhost{$key}[1]);
1142 print ">$ccdhost{$key}[1]</option>";
1143 }
1144 }
d9987841 1145 if($optionsfw{'SHOWDROPDOWN'} eq 'on' && $show eq ''){
b88c8829 1146 print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_host_$srctgt' value='ovpn_host_$srctgt' $checked{$grp}{'ovpn_host_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_host_$srctgt' style='width:200px;'></select></td></tr>" ;
d9987841 1147 }
8013bd0a
AM		 1148 if ($show eq '1'){$show='';print"</select></td></tr>";}
1149 #OVPN N2N
eff2dbf8 1150 foreach my $key (sort { ncmp($ccdhost{$a}[1],$ccdhost{$b}[1]) } keys %ccdhost){
8013bd0a 1151 if ($ccdhost{$key}[3] eq 'net'){
b88c8829 1152 print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_n2n_$srctgt' value='ovpn_n2n_$srctgt' $checked{$grp}{'ovpn_n2n_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ovpn_n2n'}:</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_n2n_$srctgt' style='width:200px;'>" if ($show eq '');
d9987841 1153 $show='1';
8013bd0a
AM		 1154 print "<option value='$ccdhost{$key}[1]'";
1155 print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $ccdhost{$key}[1]);
1156 print ">$ccdhost{$key}[1]</option>";
1157 }
1158 }
d9987841 1159 if($optionsfw{'SHOWDROPDOWN'} eq 'on' && $show eq ''){
b88c8829 1160 print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_n2n_$srctgt' value='ovpn_n2n_$srctgt' $checked{$grp}{'ovpn_n2n_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ovpn_n2n'}</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_n2n_$srctgt' style='width:200px;'></select></td></tr>" ;
d9987841 1161 }
8013bd0a
AM		 1162 if ($show eq '1'){$show='';print"</select></td></tr>";}
1163 #IPsec netze
eff2dbf8 1164 foreach my $key (sort { ncmp($ipsecconf{$a}[1],$ipsecconf{$b}[1]) } keys %ipsecconf) {
5558ca2a 1165 if ($ipsecconf{$key}[3] eq 'net' || ($optionsfw{'SHOWDROPDOWN'} eq 'on' && $ipsecconf{$key}[3] ne 'host')){
97e2e7b4 1166 print"<tr><td valign='top'><input type='radio' name='$grp' value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' style='width:200px;'>" if ($show eq '');
8013bd0a
AM		 1167 $show='1';
1168 print "<option ";
1169 print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $ipsecconf{$key}[1]);
1170 print ">$ipsecconf{$key}[1]</option>";
1171 }
1172 }
d9987841 1173 if($optionsfw{'SHOWDROPDOWN'} eq 'on' && $show eq ''){
b88c8829 1174 print"<tr><td valign='top'><input type='radio' name='$grp' id='ipsec_net_$srctgt' value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' style='width:200px;'><select></td></tr>";
d9987841 1175 }
8013bd0a
AM		 1176 if ($show eq '1'){$show='';print"</select></td></tr>";}
1177
b88c8829 1178 print"</table>";
8013bd0a
AM		 1179 print"</td></tr></table><br>";
1180}
1181sub get_ip
1182{
1183 my $val=shift;
1184 my $grp =shift;
1185 my $a;
1186 my $b;
1187 &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
1188 if ($fwdfwsettings{$grp} ne $Lang::tr{'fwhost any'}){
1189 if ($fwdfwsettings{$grp} eq $val.'_addr'){
1190 ($a,$b) = split (/\//, $fwdfwsettings{$fwdfwsettings{$grp}});
1191 }elsif($fwdfwsettings{$grp} eq 'std_net_'.$val){
1192 if ($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Gr/i){
1193 $a=$netsettings{'GREEN_NETADDRESS'};
1194 $b=&General::iporsubtocidr($netsettings{'GREEN_NETMASK'});
1195 }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Ora/i){
1196 $a=$netsettings{'ORANGE_NETADDRESS'};
1197 $b=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'});
1198 }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Bl/i){
1199 $a=$netsettings{'BLUE_NETADDRESS'};
1200 $b=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'});
1201 }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /OpenVPN/i){
1202 &General::readhash("$configovpn",\%ovpnsettings);
1203 ($a,$b) = split (/\//, $ovpnsettings{'DOVPN_SUBNET'});
1204 $b=&General::iporsubtocidr($b);
1205 }
1206 }elsif($fwdfwsettings{$grp} eq 'cust_net_'.$val){
1207 &General::readhasharray("$confignet", \%customnetwork);
1208 foreach my $key (keys %customnetwork){
1209 if($customnetwork{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){
1210 $a=$customnetwork{$key}[1];
1211 $b=&General::iporsubtocidr($customnetwork{$key}[2]);
1212 }
1213 }
1214 }elsif($fwdfwsettings{$grp} eq 'cust_host_'.$val){
1215 &General::readhasharray("$confighost", \%customhost);
1216 foreach my $key (keys %customhost){
1217 if($customhost{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){
1218 if ($customhost{$key}[1] eq 'ip'){
1219 ($a,$b)=split (/\//,$customhost{$key}[2]);
1220 $b=&General::iporsubtocidr($b);
1221 }else{
1222 if ($grp eq 'grp2'){
1223 $errormessage=$Lang::tr{'fwdfw err tgt_mac'};
1224 }
1225 }
1226 }
1227 }
1228 }
1229 }
1230 return $a,$b;
1231}
1232sub get_name
1233{
1234 my $val=shift;
1235 &General::setup_default_networks(\%defaultNetworks);
1236 foreach my $network (sort keys %defaultNetworks)
1237 {
1238 return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
1239 }
1240}
1241sub getsrcport
1242{
1243 my %hash=%{(shift)};
1244 my $key=shift;
a4c7bf6b 1245 if($hash{$key}[7] eq 'ON' && $hash{$key}[10]){
8013bd0a
AM		 1246 $hash{$key}[10]=~ s/\|/,/g;
1247 print": $hash{$key}[10]";
1248 }elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){
1249 print": <br>$hash{$key}[9] ";
1250 }
1251}
1252sub gettgtport
1253{
1254 my %hash=%{(shift)};
1255 my $key=shift;
1256 my $service;
1257 my $prot;
1258 if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){
1259 if($hash{$key}[14] eq 'cust_srv'){
1260 &General::readhasharray("$configsrv", \%customservice);
1261 foreach my $i (sort keys %customservice){
1262 if($customservice{$i}[0] eq $hash{$key}[15]){
1263 $service = $customservice{$i}[0];
1264 }
1265 }
1266 }elsif($hash{$key}[14] eq 'cust_srvgrp'){
1267 $service=$hash{$key}[15];
1268 }elsif($hash{$key}[14] eq 'TGT_PORT'){
1269 $hash{$key}[15]=~ s/\|/,/g;
1270 $service=$hash{$key}[15];
1271 }
1272 if($service){
1273 print": $service";
1274 }
8013bd0a
AM		 1275 }
1276}
1277sub get_serviceports
1278{
1279 my $type=shift;
1280 my $name=shift;
1281 &General::readhasharray("$configsrv", \%customservice);
1282 &General::readhasharray("$configsrvgrp", \%customservicegrp);
b3f4a4ef 1283 @protocols=();
712500d0 1284 my @specprot=("IPIP","IPV6","IGMP","GRE","AH","ESP");
8013bd0a 1285 if($type eq 'service'){
eff2dbf8 1286 foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
8013bd0a 1287 if ($customservice{$key}[0] eq $name){
0626fac1 1288 push (@protocols,$customservice{$key}[2]);
8013bd0a
AM		 1289 }
1290 }
1291 }elsif($type eq 'group'){
eff2dbf8 1292 foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){
8013bd0a 1293 if ($customservicegrp{$key}[0] eq $name){
712500d0
AM		 1294 if ($customservicegrp{$key}[2] ~~ @specprot){
1295 push (@protocols," ".$customservicegrp{$key}[2]);
1296 }else{
1297 foreach my $key1 (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
1298 if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
1299 if (!grep(/$customservice{$key1}[2]/, @protocols)){
0626fac1 1300 push (@protocols,$customservice{$key1}[2]);}
b3f4a4ef 1301 }
8013bd0a
AM		 1302 }
1303 }
1304 }
1305 }
1306 }
28e003e4
MT		 1307
1308 # Sort protocols alphabetically.
1309 @protocols = sort(@protocols);
1310
b3f4a4ef 1311 return @protocols;
8013bd0a
AM		 1312}
1313sub getcolor
1314{
1315 my $nettype=shift;
1316 my $val=shift;
1317 my $hash=shift;
1318 if($optionsfw{'SHOWCOLORS'} eq 'on'){
b062a11b
MT		 1319 # Don't colourise MAC addresses
1320 if (&General::validmac($val)) {
1321 $tdcolor = "";
1322 return;
1323 }
1324
b119578f
AM		 1325 #custom Hosts
1326 if ($nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){
1327 foreach my $key (sort keys %$hash){
1328 if ($$hash{$key}[0] eq $val){
1329 $val=$$hash{$key}[2];
1330 }
1331 }
1332 }
e3c58927
AM		 1333 #standard networks
1334 if ($val eq 'GREEN'){
43215686 1335 $tdcolor="style='background-color: $Header::colourgreen;color:white;'";
e3c58927
AM		 1336 return;
1337 }elsif ($val eq 'ORANGE'){
43215686 1338 $tdcolor="style='background-color: $Header::colourorange;color:white;'";
e3c58927
AM		 1339 return;
1340 }elsif ($val eq 'BLUE'){
43215686 1341 $tdcolor="style='background-color: $Header::colourblue;color:white;'";
e3c58927 1342 return;
05d4f131 1343 }elsif ($val eq 'RED' ||$val eq 'RED1' ){
43215686 1344 $tdcolor="style='background-color: $Header::colourred;color:white;'";
e3c58927
AM		 1345 return;
1346 }elsif ($val eq 'IPFire' ){
43215686 1347 $tdcolor="style='background-color: $Header::colourred;color:white;'";
e3c58927 1348 return;
d8afe3e2
AM		 1349 }elsif ($val eq 'OpenVPN-Dyn' ){
1350 $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
1351 return;
1352 }elsif ($val eq 'IPsec RW' ){
1353 $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
1354 return;
e3c58927
AM		 1355 }elsif($val =~ /^(.*?)\/(.*?)$/){
1356 my ($sip,$scidr) = split ("/",$val);
1be052f9 1357 if ( &Header::orange_used() && &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
43215686 1358 $tdcolor="style='background-color: $Header::colourorange;color:white;'";
e3c58927
AM		 1359 return;
1360 }
1361 if ( &General::IpInSubnet($sip,$netsettings{'GREEN_ADDRESS'},$netsettings{'GREEN_NETMASK'})){
43215686 1362 $tdcolor="style='background-color: $Header::colourgreen;color:white;'";
e3c58927
AM		 1363 return;
1364 }
1be052f9 1365 if ( &Header::blue_used() && &General::IpInSubnet($sip,$netsettings{'BLUE_ADDRESS'},$netsettings{'BLUE_NETMASK'})){
43215686 1366 $tdcolor="style='background-color: $Header::colourblue;color:white;'";
e3c58927
AM		 1367 return;
1368 }
1369 }elsif ($val eq 'Default IP'){
43215686 1370 $tdcolor="style='background-color: $Header::colourred;color:white;'";
e3c58927
AM		 1371 return;
1372 }
b119578f
AM		 1373 #Check if a manual IP or custom host is part of a VPN
1374 if ($nettype eq 'src_addr' || $nettype eq 'tgt_addr' || $nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){
931e1fed
AM		 1375 #Check if IP is part of OpenVPN dynamic subnet
1376 my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'});
1377 my ($c,$d) = split("/",$val);
1378 if (&General::IpInSubnet($c,$a,$b)){
43215686 1379 $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
931e1fed
AM		 1380 return;
1381 }
d9b691e1
AM		 1382 #Check if IP is part of OpenVPN static subnet
1383 foreach my $key (sort keys %ccdnet){
1384 my ($a,$b) = split("/",$ccdnet{$key}[1]);
1385 $b =&General::iporsubtodec($b);
1386 if (&General::IpInSubnet($c,$a,$b)){
43215686 1387 $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
d9b691e1
AM		 1388 return;
1389 }
1390 }
1391 #Check if IP is part of OpenVPN N2N subnet
1392 foreach my $key (sort keys %ccdhost){
1393 if ($ccdhost{$key}[3] eq 'net'){
1394 my ($a,$b) = split("/",$ccdhost{$key}[11]);
1395 if (&General::IpInSubnet($c,$a,$b)){
43215686 1396 $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
d9b691e1
AM		 1397 return;
1398 }
1399 }
1400 }
931e1fed
AM		 1401 #Check if IP is part of IPsec RW network
1402 if ($ipsecsettings{'RW_NET'} ne ''){
1403 my ($a,$b) = split("/",$ipsecsettings{'RW_NET'});
1404 $b=&General::iporsubtodec($b);
1405 if (&General::IpInSubnet($c,$a,$b)){
43215686 1406 $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
931e1fed
AM		 1407 return;
1408 }
1409 }
1410 #Check if IP is part of a IPsec N2N network
1411 foreach my $key (sort keys %ipsecconf){
476b122f
AM		 1412 if ($ipsecconf{$key}[11]){
1413 my ($a,$b) = split("/",$ipsecconf{$key}[11]);
1414 $b=&General::iporsubtodec($b);
1415 if (&General::IpInSubnet($c,$a,$b)){
1416 $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
1417 return;
1418 }
931e1fed
AM		 1419 }
1420 }
1421 }
8013bd0a
AM		 1422 #VPN networks
1423 if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq 'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || $nettype eq 'ovpn_host_tgt'){
43215686 1424 $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
8013bd0a
AM		 1425 return;
1426 }
1427 if ($nettype eq 'ipsec_net_src' || $nettype eq 'ipsec_net_tgt'){
43215686 1428 $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
8013bd0a
AM		 1429 return;
1430 }
8013bd0a
AM		 1431 #ALIASE
1432 foreach my $alias (sort keys %aliases)
1433 {
1434 if ($val eq $alias){
43215686 1435 $tdcolor="style='background-color:$Header::colourred;color:white;'";
8013bd0a
AM		 1436 return;
1437 }
1438 }
2a81ab0d 1439 }
e3c58927
AM		 1440 $tdcolor='';
1441 return;
8013bd0a
AM		 1442}
1443sub hint
1444{
1445 if ($hint) {
1446 &Header::openbox('100%', 'left', $Lang::tr{'fwhost hint'});
1447 print "<class name='base'>$hint\n";
1448 print "&nbsp;</class>\n";
1449 &Header::closebox();
2a81ab0d 1450 }
2a81ab0d
AM		 1451}
1452sub newrule
1453{
1454 &error;
1455 &General::setup_default_networks(\%defaultNetworks);
515863e2 1456 &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
2a81ab0d
AM		 1457 #read all configfiles
1458 &General::readhasharray("$configccdnet", \%ccdnet);
1459 &General::readhasharray("$confignet", \%customnetwork);
1460 &General::readhasharray("$configccdhost", \%ccdhost);
1461 &General::readhasharray("$confighost", \%customhost);
1462 &General::readhasharray("$configccdhost", \%ccdhost);
1463 &General::readhasharray("$configgrp", \%customgrp);
c0a97a0f 1464 &General::readhasharray("$configgeoipgrp", \%customgeoipgrp);
2a81ab0d
AM		 1465 &General::readhasharray("$configipsec", \%ipsecconf);
1466 &General::get_aliases(\%aliases);
2a81ab0d
AM		 1467 my %checked=();
1468 my $helper;
2da264ec 1469 my $sum=0;
2a81ab0d
AM		 1470 if($fwdfwsettings{'config'} eq ''){$fwdfwsettings{'config'}=$configfwdfw;}
1471 my $config=$fwdfwsettings{'config'};
1472 my %hash=();
43d8be09 1473 #Get Red IP-ADDRESS
1474 open (CONN1,"/var/ipfire/red/local-ipaddress");
1475 my $redip = <CONN1>;
1476 close(CONN1);
f0dc00d8 1477 if (! $fwdfwsettings{'RULE_ACTION'} && $fwdfwsettings{'POLICY'} eq 'MODE2'){
9566c8f5 1478 $fwdfwsettings{'RULE_ACTION'}='DROP';
f0dc00d8 1479 }elsif(! $fwdfwsettings{'RULE_ACTION'} && $fwdfwsettings{'POLICY'} eq 'MODE1'){
9566c8f5
AM		 1480 $fwdfwsettings{'RULE_ACTION'}='ACCEPT';
1481 }
2a81ab0d
AM		 1482 $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
1483 $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
1484 $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
1485 $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
1486 $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
1487 $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
1488 $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
1489 $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
1490 $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
1491 $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
1492 $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED';
1493 $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED';
1494 $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
1495 $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
1496 $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
a6edca5a 1497 $checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED';
2a81ab0d
AM		 1498 $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
1499 $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
1500 $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
43d8be09 1501 $selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
2a81ab0d
AM		 1502 #check if update and get values
1503 if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){
1504 &General::readhasharray("$config", \%hash);
1505 foreach my $key (sort keys %hash){
2da264ec 1506 $sum++;
2a81ab0d 1507 if ($key eq $fwdfwsettings{'key'}){
70d38e50 1508 $fwdfwsettings{'oldrulenumber'} = $fwdfwsettings{'key'};
2a81ab0d 1509 $fwdfwsettings{'RULE_ACTION'} = $hash{$key}[0];
2669161d 1510 $fwdfwsettings{'chain'} = $hash{$key}[1];
2a81ab0d
AM		 1511 $fwdfwsettings{'ACTIVE'} = $hash{$key}[2];
1512 $fwdfwsettings{'grp1'} = $hash{$key}[3];
1513 $fwdfwsettings{$fwdfwsettings{'grp1'}} = $hash{$key}[4];
1514 $fwdfwsettings{'grp2'} = $hash{$key}[5];
1515 $fwdfwsettings{$fwdfwsettings{'grp2'}} = $hash{$key}[6];
1516 $fwdfwsettings{'USE_SRC_PORT'} = $hash{$key}[7];
1517 $fwdfwsettings{'PROT'} = $hash{$key}[8];
1518 $fwdfwsettings{'ICMP_TYPES'} = $hash{$key}[9];
1519 $fwdfwsettings{'SRC_PORT'} = $hash{$key}[10];
1520 $fwdfwsettings{'USESRV'} = $hash{$key}[11];
1521 $fwdfwsettings{'TGT_PROT'} = $hash{$key}[12];
1522 $fwdfwsettings{'ICMP_TGT'} = $hash{$key}[13];
1523 $fwdfwsettings{'grp3'} = $hash{$key}[14];
1524 $fwdfwsettings{$fwdfwsettings{'grp3'}} = $hash{$key}[15];
1525 $fwdfwsettings{'ruleremark'} = $hash{$key}[16];
1526 $fwdfwsettings{'LOG'} = $hash{$key}[17];
1527 $fwdfwsettings{'TIME'} = $hash{$key}[18];
1528 $fwdfwsettings{'TIME_MON'} = $hash{$key}[19];
1529 $fwdfwsettings{'TIME_TUE'} = $hash{$key}[20];
1530 $fwdfwsettings{'TIME_WED'} = $hash{$key}[21];
1531 $fwdfwsettings{'TIME_THU'} = $hash{$key}[22];
1532 $fwdfwsettings{'TIME_FRI'} = $hash{$key}[23];
1533 $fwdfwsettings{'TIME_SAT'} = $hash{$key}[24];
1534 $fwdfwsettings{'TIME_SUN'} = $hash{$key}[25];
1535 $fwdfwsettings{'TIME_FROM'} = $hash{$key}[26];
1536 $fwdfwsettings{'TIME_TO'} = $hash{$key}[27];
2669161d 1537 $fwdfwsettings{'USE_NAT'} = $hash{$key}[28];
a6edca5a 1538 $fwdfwsettings{'nat'} = $hash{$key}[31]; #changed order
2669161d 1539 $fwdfwsettings{$fwdfwsettings{'nat'}} = $hash{$key}[29];
a6edca5a 1540 $fwdfwsettings{'dnatport'} = $hash{$key}[30];
79ad6f7e
AM		 1541 $fwdfwsettings{'LIMIT_CON_CON'} = $hash{$key}[32];
1542 $fwdfwsettings{'concon'} = $hash{$key}[33];
d8deec0b
AM		 1543 $fwdfwsettings{'RATE_LIMIT'} = $hash{$key}[34];
1544 $fwdfwsettings{'ratecon'} = $hash{$key}[35];
1545 $fwdfwsettings{'RATETIME'} = $hash{$key}[36];
2a81ab0d
AM		 1546 $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
1547 $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
1548 $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
1549 $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
1550 $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
1551 $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
1552 $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
1553 $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
1554 $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
1555 $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
1556 $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED';
1557 $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED';
1558 $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
1559 $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
1560 $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
2669161d 1561 $checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED';
f5f71c79 1562 $checked{'nat'}{$fwdfwsettings{'nat'}} = 'CHECKED';
79ad6f7e 1563 $checked{'LIMIT_CON_CON'}{$fwdfwsettings{'LIMIT_CON_CON'}} = 'CHECKED';
d8deec0b 1564 $checked{'RATE_LIMIT'}{$fwdfwsettings{'RATE_LIMIT'}} = 'CHECKED';
2a81ab0d
AM		 1565 $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
1566 $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
1567 $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
b044bb05 1568 $selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
95cda259 1569 $selected{'dnat'}{$fwdfwsettings{'dnat'}} ='selected';
2ed8330e 1570 $selected{'snat'}{$fwdfwsettings{'snat'}} ='selected';
d8deec0b 1571 $selected{'RATETIME'}{$fwdfwsettings{'RATETIME'}} ='selected';
2a81ab0d
AM		 1572 }
1573 }
1574 $fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'};
1575 $fwdfwsettings{'oldgrp1b'}=$fwdfwsettings{$fwdfwsettings{'grp1'}};
1576 $fwdfwsettings{'oldgrp2a'}=$fwdfwsettings{'grp2'};
1577 $fwdfwsettings{'oldgrp2b'}=$fwdfwsettings{$fwdfwsettings{'grp2'}};
1578 $fwdfwsettings{'oldgrp3a'}=$fwdfwsettings{'grp3'};
1579 $fwdfwsettings{'oldgrp3b'}=$fwdfwsettings{$fwdfwsettings{'grp3'}};
1580 $fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'};
02da9f7b 1581 $fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'};
2669161d 1582 $fwdfwsettings{'oldnat'}=$fwdfwsettings{'USE_NAT'};
8442c937 1583 $fwdfwsettings{'oldruletype'}=$fwdfwsettings{'chain'};
79ad6f7e 1584 $fwdfwsettings{'oldconcon'}=$fwdfwsettings{'LIMIT_CON_CON'};
d8deec0b 1585 $fwdfwsettings{'olduseratelimit'}=$fwdfwsettings{'RATE_LIMIT'};
57518765 1586 $fwdfwsettings{'olduseratelimitamount'}=$fwdfwsettings{'ratecon'};
d8deec0b
AM		 1587 $fwdfwsettings{'oldratelimittime'}=$fwdfwsettings{'RATETIME'};
1588
515863e2
AM		 1589 #check if manual ip (source) is orange network
1590 if ($fwdfwsettings{'grp1'} eq 'src_addr'){
1591 my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
1592 if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
1593 $fwdfwsettings{'oldorange'} ='on';
1594 }
1595 }
2a81ab0d
AM		 1596 }else{
1597 $fwdfwsettings{'ACTIVE'}='ON';
f5f71c79 1598 $fwdfwsettings{'nat'} = 'dnat';
2a81ab0d 1599 $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
f5f71c79 1600 $checked{'nat'}{$fwdfwsettings{'nat'}} = 'CHECKED';
515863e2
AM		 1601 $fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'};
1602 $fwdfwsettings{'oldgrp1b'}=$fwdfwsettings{$fwdfwsettings{'grp1'}};
1603 $fwdfwsettings{'oldgrp2a'}=$fwdfwsettings{'grp2'};
1604 $fwdfwsettings{'oldgrp2b'}=$fwdfwsettings{$fwdfwsettings{'grp2'}};
1605 $fwdfwsettings{'oldgrp3a'}=$fwdfwsettings{'grp3'};
1606 $fwdfwsettings{'oldgrp3b'}=$fwdfwsettings{$fwdfwsettings{'grp3'}};
1607 $fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'};
1608 $fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'};
2669161d 1609 $fwdfwsettings{'oldnat'}=$fwdfwsettings{'USE_NAT'};
79ad6f7e 1610 $fwdfwsettings{'oldconcon'}=$fwdfwsettings{'LIMIT_CON_CON'};
515863e2
AM		 1611 #check if manual ip (source) is orange network
1612 if ($fwdfwsettings{'grp1'} eq 'src_addr'){
1613 my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
1614 if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
1615 $fwdfwsettings{'oldorange'} ='on';
1616 }
1617 }
2a81ab0d 1618 }
f4d5310d
AM		 1619 # Split manual source and target address and delete the subnet
1620 my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
1621 if ($scidr eq '32'){$fwdfwsettings{$fwdfwsettings{'grp1'}}=$sip;}
1622 my ($dip,$dcidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp2'}});
90c2ce0c 1623 if ($dcidr eq '32'){$fwdfwsettings{$fwdfwsettings{'grp2'}}=$dip;}
2a81ab0d 1624 &Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'});
2a81ab0d 1625 #------SOURCE-------------------------------------------------------
ec6fd189 1626 print "<form method='post'>";
2a81ab0d
AM		 1627 print<<END;
1628 <table width='100%' border='0'>
ab4fe66f 1629 <tr><td width='1%'><input type='radio' name='grp1' value='src_addr' checked></td><td width='60%'>$Lang::tr{'fwdfw sourceip'}<input type='TEXT' name='src_addr' value='$fwdfwsettings{'src_addr'}' size='16' maxlength='18' ></td><td width='1%'><input type='radio' name='grp1' id='ipfire_src' value='ipfire_src' $checked{'grp1'}{'ipfire_src'}></td><td><b>Firewall</b></td>
a0fb1099
AM		 1630END
1631 print"<td align='right'><select name='ipfire_src' style='width:200px;'>";
b044bb05
AM		 1632 print "<option value='ALL' $selected{'ipfire_src'}{'ALL'}>$Lang::tr{'all'}</option>";
1633 print "<option value='GREEN' $selected{'ipfire_src'}{'GREEN'}>$Lang::tr{'green'} ($ifaces{'GREEN_ADDRESS'})</option>" if $ifaces{'GREEN_ADDRESS'};
595a90f0
AM		 1634 print "<option value='ORANGE' $selected{'ipfire_src'}{'ORANGE'}>$Lang::tr{'orange'} ($ifaces{'ORANGE_ADDRESS'})</option>" if (&Header::orange_used());
1635 print "<option value='BLUE' $selected{'ipfire_src'}{'BLUE'}>$Lang::tr{'blue'} ($ifaces{'BLUE_ADDRESS'})</option>" if (&Header::blue_used());
b044bb05 1636 print "<option value='RED1' $selected{'ipfire_src'}{'RED1'}>$Lang::tr{'red1'} ($redip)" if ($redip);
a0fb1099
AM		 1637 if (! -z "${General::swroot}/ethernet/aliases"){
1638 foreach my $alias (sort keys %aliases)
1639 {
f1dd1972 1640 print "<option value='$alias' $selected{'ipfire_src'}{$alias}>$alias ($aliases{$alias}{'IPT'})</option>";
a0fb1099
AM		 1641 }
1642 }
1643 print<<END;
b88c8829 1644 </select></td></tr>
62f34bba
AM		 1645 <tr><td><br></td></tr>
1646 </table>
2a81ab0d 1647END
a4c7bf6b 1648 &gen_dd_block('src','grp1');
2a81ab0d 1649 &Header::closebox();
bee56a2d 1650
fadcfb73
AM		 1651 #---SNAT / DNAT ------------------------------------------------
1652 &Header::openbox('100%', 'left', 'NAT');
1653 print<<END;
93e0855b 1654 <label>
0eadfdad 1655 <input type='checkbox' name='USE_NAT' id='USE_NAT' value="ON" $checked{'USE_NAT'}{'ON'}>
93e0855b
MT		 1656 $Lang::tr{'fwdfw use nat'}
1657 </label>
6bcb5ffe 1658 <div class="NAT">
c98b743c 1659 <table class='fw-nat' width='100%' border='0'>
93e0855b 1660 <tr>
bee56a2d
MT		 1661 <td width='5%'></td>
1662 <td width='40%'>
1663 <label>
4234ca5d 1664 <input type='radio' name='nat' value='dnat' $checked{'nat'}{'dnat'}>
bee56a2d
MT		 1665 $Lang::tr{'fwdfw dnat'}
1666 </label>
1667 </td>
1668END
1669
1aa5439c 1670 print <<END;
c98b743c 1671 <td width='25%' align='right'><span class='dnat'>$Lang::tr{'dnat address'}:</span></td>
bee56a2d 1672 <td width='30%'>
c98b743c 1673 <select name='dnat' class='dnat' style='width: 100%;'>
1aa5439c 1674 <option value='AUTO' $selected{'dnat'}{'AUTO'}>- $Lang::tr{'automatic'} -</option>
95cda259 1675 <option value='Default IP' $selected{'dnat'}{'Default IP'}>$Lang::tr{'red1'} ($redip)</option>
bee56a2d 1676END
1aa5439c 1677 if (%aliases) {
bee56a2d 1678 foreach my $alias (sort keys %aliases) {
11ab2c7d 1679 print "<option value='$alias' $selected{'dnat'}{$alias}>$alias ($aliases{$alias}{'IPT'})</option>";
bee56a2d 1680 }
fadcfb73 1681 }
1aa5439c
AM		 1682 #DNAT Dropdown
1683 foreach my $network (sort keys %defaultNetworks)
1684 {
1685 if ($defaultNetworks{$network}{'NAME'} eq 'BLUE'||$defaultNetworks{$network}{'NAME'} eq 'GREEN' ||$defaultNetworks{$network}{'NAME'} eq 'ORANGE'){
1686 print "<option value='$defaultNetworks{$network}{'NAME'}'";
cc77ac23 1687 print " selected='selected'" if ($fwdfwsettings{'dnat'} eq $defaultNetworks{$network}{'NAME'});
1aa5439c
AM		 1688 print ">$network ($defaultNetworks{$network}{'NET'})</option>";
1689 }
1690 }
1691 print "</select>";
bee56a2d
MT		 1692 print "</tr>";
1693
fadcfb73 1694 #SNAT
bee56a2d
MT		 1695 print <<END;
1696 <tr>
1697 <td width='5%'></td>
1698 <td width='40%'>
1699 <label>
4234ca5d 1700 <input type='radio' name='nat' value='snat' $checked{'nat'}{'snat'}>
bee56a2d
MT		 1701 $Lang::tr{'fwdfw snat'}
1702 </label>
1703 </td>
c98b743c 1704 <td width='25%' align='right'><span class='snat'>$Lang::tr{'snat new source ip address'}:</span></td>
bee56a2d 1705 <td width='30%'>
c98b743c 1706 <select name='snat' class='snat' style='width: 100%;'>
bee56a2d
MT		 1707END
1708
1709 foreach my $alias (sort keys %aliases) {
11ab2c7d 1710 print "<option value='$alias' $selected{'snat'}{$alias}>$alias ($aliases{$alias}{'IPT'})</option>";
bee56a2d 1711 }
1aa5439c 1712 # SNAT Dropdown
bee56a2d 1713 foreach my $network (sort keys %defaultNetworks) {
1aa5439c
AM		 1714 if ($defaultNetworks{$network}{'NAME'} eq 'BLUE'||$defaultNetworks{$network}{'NAME'} eq 'GREEN' ||$defaultNetworks{$network}{'NAME'} eq 'ORANGE'){
1715 print "<option value='$defaultNetworks{$network}{'NAME'}'";
cc77ac23 1716 print " selected='selected'" if ($fwdfwsettings{'snat'} eq $defaultNetworks{$network}{'NAME'});
1aa5439c
AM		 1717 print ">$network ($defaultNetworks{$network}{'NET'})</option>";
1718 }
fadcfb73 1719 }
bee56a2d
MT		 1720 print <<END;
1721 </select>
1722 </td>
1723 </tr>
1724 </table>
1725 </div>
1726END
fadcfb73 1727 &Header::closebox();
bee56a2d 1728
2a81ab0d
AM		 1729 #---TARGET------------------------------------------------------
1730 &Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'});
1731 print<<END;
1732 <table width='100%' border='0'>
ab4fe66f 1733 <tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr' checked></td><td width='60%' nowrap='nowrap'>$Lang::tr{'fwdfw targetip'}<input type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16' maxlength='18'><td width='1%'><input type='radio' name='grp2' id='ipfire' value='ipfire' $checked{'grp2'}{'ipfire'}></td><td><b>Firewall</b></td>
2a81ab0d 1734END
05d4f131 1735 print"<td align='right'><select name='ipfire' style='width:200px;'>";
a0fb1099
AM		 1736 print "<option value='ALL' $selected{'ipfire'}{'ALL'}>$Lang::tr{'all'}</option>";
1737 print "<option value='GREEN' $selected{'ipfire'}{'GREEN'}>$Lang::tr{'green'} ($ifaces{'GREEN_ADDRESS'})</option>" if $ifaces{'GREEN_ADDRESS'};
595a90f0
AM		 1738 print "<option value='ORANGE' $selected{'ipfire'}{'ORANGE'}>$Lang::tr{'orange'} ($ifaces{'ORANGE_ADDRESS'})</option>" if (&Header::orange_used());
1739 print "<option value='BLUE' $selected{'ipfire'}{'BLUE'}>$Lang::tr{'blue'} ($ifaces{'BLUE_ADDRESS'})</option>"if (&Header::blue_used());
fc83b09d 1740 print "<option value='RED1' $selected{'ipfire'}{'RED1'}>$Lang::tr{'red1'} ($redip)" if ($redip);
05d4f131 1741 if (! -z "${General::swroot}/ethernet/aliases"){
bedb72f3
AM		 1742 foreach my $alias (sort keys %aliases)
1743 {
f1dd1972 1744 print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias ($aliases{$alias}{'IPT'})</option>";
bedb72f3 1745 }
2a81ab0d 1746 }
2a81ab0d 1747 print<<END;
b88c8829 1748 </select></td></tr>
62f34bba 1749 <tr><td><br></td></tr></table>
2a81ab0d 1750END
8013bd0a 1751 &gen_dd_block('tgt','grp2');
a4c7bf6b
AM		 1752 &Header::closebox;
1753 #---PROTOCOL------------------------------------------------------
901aa8b9
MT		 1754 $fwdfwsettings{'SRC_PORT'} =~ s/\|/,/g;
1755 $fwdfwsettings{'TGT_PORT'} =~ s/\|/,/g;
1756 $fwdfwsettings{'dnatport'} =~ tr/|/,/;
1757
1758 # The dnatport may be empty, if it matches TGT_PORT
1759 if ($fwdfwsettings{'dnatport'} eq $fwdfwsettings{'TGT_PORT'}) {
1760 $fwdfwsettings{'dnatport'} = "";
1761 }
1762
a4c7bf6b 1763 &Header::openbox('100%', 'left', $Lang::tr{'fwhost prot'});
79bb8c75
AM		 1764 #Fix Protocol for JQuery
1765 if ($fwdfwsettings{'grp3'} eq 'cust_srv' || $fwdfwsettings{'grp3'} eq 'cust_srvgrp'){
1766 $fwdfwsettings{'PROT'} = 'template';
1767 }
a4c7bf6b 1768 print<<END;
901aa8b9 1769 <table width='100%' border='0'>
a1e89f48 1770 <tr>
901aa8b9
MT		 1771 <td width="25%">
1772 <select name='PROT' id='protocol' style="width: 95px;">
a4c7bf6b 1773END
a1e89f48
MT		 1774 print "<option value=\"\"";
1775 if ($fwdfwsettings{'PROT'} eq '') {
1776 print " selected=\"selected\"";
a4c7bf6b 1777 }
a1e89f48
MT		 1778 print ">$Lang::tr{'all'}</option>";
1779
1780 print "<option value=\"template\"";
79bb8c75 1781 print " selected=\"selected\"" if ($fwdfwsettings{'grp3'} eq 'cust_srv' || $fwdfwsettings{'grp3'} eq 'cust_srvgrp');
a1e89f48
MT		 1782 print ">- $Lang::tr{'template'} -</option>";
1783
1784 foreach (@PROTOCOLS) {
1785 print"<option value=\"$_\"";
1786 if ($_ eq $fwdfwsettings{'PROT'}) {
1787 print " selected=\"selected\"";
a4c7bf6b 1788 }
9c89c64d
AM		 1789 if($_ eq "IPv6"){
1790 print ">$Lang::tr{'fwdfw prot41'}</option>";
1791 }else{
1792 print ">$_</option>";
1793 }
a4c7bf6b 1794 }
901aa8b9 1795
a4c7bf6b 1796 print<<END;
a1e89f48
MT		 1797 </select>
1798 </td>
901aa8b9
MT		 1799 <td width="75%">
1800 <table width='100%' border='0' id="PROTOCOL_ICMP_TYPES">
1801 <tr>
1802 <td width='20%'>$Lang::tr{'fwhost icmptype'}</td>
1803 <td colspan='2'>
1804 <select name='ICMP_TYPES' style='min-width:230px;'>
a4c7bf6b
AM		 1805END
1806 &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
86a921ee 1807 print"<option value='All ICMP-Types'>$Lang::tr{'fwdfw all icmp'}</option>";
a4c7bf6b
AM		 1808 foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
1809 if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){
1810 print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
1811 }else{
1812 print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
1813 }
1814 }
a1e89f48
MT		 1815
1816 print <<END;
901aa8b9
MT		 1817 </select>
1818 </td>
1819 </tr>
1820 </table>
a1e89f48 1821
901aa8b9
MT		 1822 <table width="100%" border="0" id="PROTOCOL_PORTS">
1823 <tr>
1824 <!-- #SOURCEPORT -->
1825 <td>
1826 $Lang::tr{'fwdfw use srcport'}
1827 </td>
1828 <td>
1829 <input type='text' name='SRC_PORT' value='$fwdfwsettings{'SRC_PORT'}' maxlength='20' size='18'>
1830 </td>
1831 <td width='10%'>
1832 </td>
6bcb5ffe 1833
901aa8b9
MT		 1834 <!-- #TARGETPORT -->
1835 <td>
1836 $Lang::tr{'fwdfw use srv'}
1837 </td>
a1e89f48 1838
901aa8b9
MT		 1839 <td>
1840 <input type='text' name='TGT_PORT' value='$fwdfwsettings{'TGT_PORT'}' maxlength='20' size='18'>
1841 </td>
1842 </tr>
1843 <tr class="NAT">
1844 <td colspan='3'></td>
1845 <td>$Lang::tr{'fwdfw external port nat'}:</td>
1846 <td>
1847 <input type='text' name='dnatport' value=\"$fwdfwsettings{'dnatport'}\" maxlength='20' size='18'>
1848 </td>
1849 </tr>
1850 </table>
a1e89f48 1851
901aa8b9
MT		 1852 <table width="100%" border="0" id="PROTOCOL_TEMPLATE">
1853 <tr>
1854 <td>
1855 <input type='radio' name='grp3' id='cust_srv' value='cust_srv' checked>
1856 $Lang::tr{'fwhost cust service'}
1857 </td>
1858 <td>
1859 <select name='cust_srv' style='min-width: 230px;'>
2a81ab0d 1860END
901aa8b9 1861
2a81ab0d 1862 &General::readhasharray("$configsrv", \%customservice);
eff2dbf8 1863 foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
2a81ab0d
AM		 1864 print"<option ";
1865 print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]);
1866 print"value='$customservice{$key}[0]'>$customservice{$key}[0]</option>";
a1e89f48
MT		 1867 }
1868
901aa8b9
MT		 1869 print <<END;
1870 </select>
1871 </td>
1872 </tr>
1873 <tr>
1874 <td>
1875 <input type='radio' name='grp3' id='cust_srvgrp' value='cust_srvgrp' $checked{'grp3'}{'cust_srvgrp'}>
1876 $Lang::tr{'fwhost cust srvgrp'}
1877 </td>
1878 <td>
1879 <select name='cust_srvgrp' style='min-width:230px;'>
2a81ab0d 1880END
a1e89f48 1881
2a81ab0d
AM		 1882 &General::readhasharray("$configsrvgrp", \%customservicegrp);
1883 my $helper;
eff2dbf8 1884 foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){
aeefcc9c 1885 if ($helper ne $customservicegrp{$key}[0] && $customservicegrp{$key}[2] ne 'none'){
2a81ab0d
AM		 1886 print"<option ";
1887 print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservicegrp{$key}[0]);
1888 print">$customservicegrp{$key}[0]</option>";
1889 }
1890 $helper=$customservicegrp{$key}[0];
901aa8b9
MT		 1891 }
1892
2a81ab0d 1893 print<<END;
901aa8b9
MT		 1894 </select>
1895 </td>
1896 </tr>
1897 </table>
a1e89f48
MT		 1898 </td>
1899 </tr>
1900 </table>
2a81ab0d 1901END
a1e89f48 1902
fadcfb73 1903 &Header::closebox;
f0dc00d8 1904 $checked{"RULE_ACTION"}{$fwdfwsettings{'RULE_ACTION'}} = 'CHECKED';
0c7d0c08 1905 print <<END;
0c7d0c08 1906 <center>
8e713726 1907 <table width="80%" class='tbl' id='actions'>
0c7d0c08
MT		 1908 <tr>
1909 <td width="33%" align="center" bgcolor="$color{'color17'}">
1910 &nbsp;<br>&nbsp;
1911 </td>
1912 <td width="33%" align="center" bgcolor="$color{'color25'}">
1913 &nbsp;<br>&nbsp;
1914 </td>
1915 <td width="33%" align="center" bgcolor="$color{'color16'}">
1916 &nbsp;<br>&nbsp;
1917 </td>
1918 </tr>
1919 <tr>
1920 <td width="33%" align="center">
1921 <label>
1922 <input type="radio" name="RULE_ACTION" value="ACCEPT" $checked{"RULE_ACTION"}{"ACCEPT"}>
1923 <strong>$Lang::tr{'fwdfw ACCEPT'}</strong>
1924 </label>
1925 </td>
1926 <td width="33%" align="center">
1927 <label>
1928 <input type="radio" name="RULE_ACTION" value="DROP" $checked{"RULE_ACTION"}{"DROP"}>
1929 <strong>$Lang::tr{'fwdfw DROP'}</strong>
1930 </label>
1931 </td>
1932 <td width="33%" align="center">
1933 <label>
1934 <input type="radio" name="RULE_ACTION" value="REJECT" $checked{"RULE_ACTION"}{"REJECT"}>
1935 <strong>$Lang::tr{'fwdfw REJECT'}</strong>
1936 </label>
1937 </td>
1938 </tr>
1939 </table>
1940 </center>
1941
1942 <br>
1943END
2a81ab0d
AM		 1944 #---Activate/logging/remark-------------------------------------
1945 &Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'});
1946 print<<END;
43d8be09 1947 <table width='100%' border='0'>
2da264ec 1948END
b88c8829 1949 print"<tr><td width='12%'>$Lang::tr{'remark'}:</td><td width='88%' align='left'><input type='text' name='ruleremark' maxlength='255' value='$fwdfwsettings{'ruleremark'}' style='width:99%;'></td></tr>";
2da264ec
AM		 1950 if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on'){
1951 print "<tr><td width='12%'>$Lang::tr{'fwdfw rulepos'}:</td><td><select name='rulepos' >";
1952 for (my $count =1; $count <= $sum; $count++){
1953 print"<option value='$count' ";
1954 print"selected='selected'" if($fwdfwsettings{'oldrulenumber'} eq $count);
1955 print">$count</option>";
1956 }
1957 print"</select></td></tr>";
70d38e50
AM		 1958 }else{
1959 print "<tr><td width='12%'>$Lang::tr{'fwdfw rulepos'}:</td><td><input type='text' name='rulepos' size='2'></td></tr>";
2da264ec
AM		 1960 }
1961
1962 print<<END;
d8d7dd3b
MT		 1963 </table>
1964 <table width='100%'>
1965 <tr>
1966END
1967
1968 if ($fwdfwsettings{'updatefwrule'} eq 'on') {
1969 print <<END;
1970 <td>
0eadfdad 1971 <input type='checkbox' name='ACTIVE' value="ON" $checked{'ACTIVE'}{'ON'}>
d8d7dd3b
MT		 1972 </td>
1973 <td>$Lang::tr{'fwdfw rule activate'}</td>
1974END
1975 } else {
1976 print <<END;
1977 <td colspan="2">
1978 <input type="hidden" name="ACTIVE" value="ON">
1979 </td>
1980END
1981 }
1982
1983 print <<END;
1984 </tr>
1985 <tr>
1986 <td>
1987 <input type='checkbox' name='LOG' value='ON' $checked{'LOG'}{'ON'}>
1988 </td>
1989 <td>$Lang::tr{'fwdfw log rule'}</td>
1990 </tr>
f18c3831
MT		 1991 <tr>
1992 <td width='1%'>
1993 <input type='checkbox' name='TIME' id="USE_TIME_CONSTRAINTS" value='ON' $checked{'TIME'}{'ON'}>
1994 </td>
1995 <td>$Lang::tr{'fwdfw timeframe'}</td>
1996 </tr>
1997 <tr id="TIME_CONSTRAINTS">
1998 <td colspan="2">
1999 <table width="66%" border="0">
2000 <tr>
2001 <td width="8em">&nbsp;</td>
2002 <td align="center">$Lang::tr{'advproxy monday'}</td>
2003 <td align="center">$Lang::tr{'advproxy tuesday'}</td>
2004 <td align="center">$Lang::tr{'advproxy wednesday'}</td>
2005 <td align="center">$Lang::tr{'advproxy thursday'}</td>
2006 <td align="center">$Lang::tr{'advproxy friday'}</td>
2007 <td align="center">$Lang::tr{'advproxy saturday'}</td>
2008 <td align="center">$Lang::tr{'advproxy sunday'}</td>
2009 <td>&nbsp;</td>
2010 </tr>
2011 <tr>
2012 <td width="8em">&nbsp;</td>
2013 <td align="center"><input type='checkbox' name='TIME_MON' value='on' $checked{'TIME_MON'}{'on'} ></td>
2014 <td align="center"><input type='checkbox' name='TIME_TUE' value='on' $checked{'TIME_TUE'}{'on'} ></td>
2015 <td align="center"><input type='checkbox' name='TIME_WED' value='on' $checked{'TIME_WED'}{'on'} ></td>
2016 <td align="center"><input type='checkbox' name='TIME_THU' value='on' $checked{'TIME_THU'}{'on'} ></td>
2017 <td align="center"><input type='checkbox' name='TIME_FRI' value='on' $checked{'TIME_FRI'}{'on'} ></td>
2018 <td align="center"><input type='checkbox' name='TIME_SAT' value='on' $checked{'TIME_SAT'}{'on'} ></td>
2019 <td align="center"><input type='checkbox' name='TIME_SUN' value='on' $checked{'TIME_SUN'}{'on'} ></td>
2020 <td>
2021 <select name='TIME_FROM'>
2a81ab0d
AM		 2022END
2023 for (my $i=0;$i<=23;$i++) {
2024 $i = sprintf("%02s",$i);
2025 for (my $j=0;$j<=45;$j+=15) {
2026 $j = sprintf("%02s",$j);
2027 my $time = $i.":".$j;
f18c3831 2028 print "<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n";
2a81ab0d
AM		 2029 }
2030 }
2031 print<<END;
f18c3831
MT		 2032 </select> &dash;
2033 <select name='TIME_TO'>
2a81ab0d
AM		 2034END
2035 for (my $i=0;$i<=23;$i++) {
2036 $i = sprintf("%02s",$i);
2037 for (my $j=0;$j<=45;$j+=15) {
2038 $j = sprintf("%02s",$j);
2039 my $time = $i.":".$j;
f18c3831 2040 print "<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
2a81ab0d
AM		 2041 }
2042 }
8013bd0a 2043 print<<END;
f18c3831
MT		 2044 </select>
2045 </td>
2046 </tr>
2047 </table>
2048 </td>
2049 </tr>
79ad6f7e
AM		 2050 <tr>
2051 <td width='1%'>
2052 <input type='checkbox' name='LIMIT_CON_CON' id="USE_LIMIT_CONCURRENT_CONNECTIONS_PER_IP" value='ON' $checked{'LIMIT_CON_CON'}{'ON'}>
2053 </td>
2054 <td>$Lang::tr{'fwdfw limitconcon'}</td>
2055 </tr>
2056 <tr id="LIMIT_CON">
2057 <td colspan='2'>
2058 <table width='66%' border='0'>
2059 <tr>
2060 <td width="20em">&nbsp;</td>
2061 <td>$Lang::tr{'fwdfw maxconcon'}: <input type='text' name='concon' size='2' value="$fwdfwsettings{'concon'}"></td>
2062 </tr>
2063 </table>
2064 </td>
2065 </tr>
d8deec0b
AM		 2066 <tr>
2067 <td width='1%'>
2068 <input type='checkbox' name='RATE_LIMIT' id="USE_RATELIMIT" value='ON' $checked{'RATE_LIMIT'}{'ON'}>
2069 </td>
2070 <td>$Lang::tr{'fwdfw ratelimit'}</td>
2071 </tr>
2072 <tr id="RATELIMIT">
2073 <td colspan='2'>
2074 <table width='66%' border='0'>
2075 <tr>
2076 <td width="20em">&nbsp;</td>
2077 <td>$Lang::tr{'fwdfw numcon'}: <input type='text' name='ratecon' size='2' value="$fwdfwsettings{'ratecon'}"> /
2078 <select name='RATETIME' style='width:100px;'>
2079 <option value='second' $selected{'RATETIME'}{'second'}>$Lang::tr{'age second'}</option>
2080 <option value='minute' $selected{'RATETIME'}{'minute'}>$Lang::tr{'minute'}</option>
2081 <option value='hour' $selected{'RATETIME'}{'hour'}>$Lang::tr{'hour'}</option>
2082 </select>
2083 </td>
2084 </tr>
2085 </table>
2086 </td>
2087 </tr>
f18c3831 2088 </table>
62f34bba 2089 <br>
8013bd0a 2090END
f18c3831 2091
8013bd0a
AM		 2092 #---ACTION------------------------------------------------------
2093 if($fwdfwsettings{'updatefwrule'} ne 'on'){
2094 print<<END;
2095 <table border='0' width='100%'>
2096 <tr><td align='right'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' />
2097 <input type='hidden' name='config' value='$config' >
b88c8829
AM		 2098 <input type='hidden' name='ACTION' value='saverule' ></form>
2099 <form method='post' style='display:inline;'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='reset'></form></td></tr>
2100 </table>
2101 <br>
8013bd0a
AM		 2102END
2103 }else{
2104 print<<END;
2105 <table border='0' width='100%'>
2106 <tr><td align='right'><input type='submit' value='$Lang::tr{'fwdfw change'}' style='min-width:100px;' /><input type='hidden' name='updatefwrule' value='$fwdfwsettings{'updatefwrule'}'><input type='hidden' name='key' value='$fwdfwsettings{'key'}'>
2107 <input type='hidden' name='oldgrp1a' value='$fwdfwsettings{'oldgrp1a'}' />
2108 <input type='hidden' name='oldgrp1b' value='$fwdfwsettings{'oldgrp1b'}' />
2109 <input type='hidden' name='oldgrp2a' value='$fwdfwsettings{'oldgrp2a'}' />
2110 <input type='hidden' name='oldgrp2b' value='$fwdfwsettings{'oldgrp2b'}' />
2111 <input type='hidden' name='oldgrp3a' value='$fwdfwsettings{'oldgrp3a'}' />
2112 <input type='hidden' name='oldgrp3b' value='$fwdfwsettings{'oldgrp3b'}' />
2113 <input type='hidden' name='oldusesrv' value='$fwdfwsettings{'oldusesrv'}' />
2114 <input type='hidden' name='oldrulenumber' value='$fwdfwsettings{'oldrulenumber'}' />
2115 <input type='hidden' name='rulenumber' value='$fwdfwsettings{'rulepos'}' />
2116 <input type='hidden' name='oldruleremark' value='$fwdfwsettings{'oldruleremark'}' />
2117 <input type='hidden' name='oldorange' value='$fwdfwsettings{'oldorange'}' />
2669161d
AM		 2118 <input type='hidden' name='oldnat' value='$fwdfwsettings{'oldnat'}' />
2119 <input type='hidden' name='oldruletype' value='$fwdfwsettings{'oldruletype'}' />
79ad6f7e 2120 <input type='hidden' name='oldconcon' value='$fwdfwsettings{'oldconcon'}' />
8013bd0a
AM		 2121 <input type='hidden' name='ACTION' value='saverule' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value'reset'></td></td>
2122 </table></form>
2123END
2124 }
2125 &Header::closebox();
2126}
2127sub pos_up
2128{
2129 my %uphash=();
2130 my %tmp=();
2131 &General::readhasharray($fwdfwsettings{'config'}, \%uphash);
2132 foreach my $key (sort keys %uphash){
2133 if ($key eq $fwdfwsettings{'key'}) {
2134 my $last = $key -1;
2135 if (exists $uphash{$last}){
2136 #save rule last
2137 foreach my $y (0 .. $#{$uphash{$last}}) {
2138 $tmp{0}[$y] = $uphash{$last}[$y];
2139 }
2140 #copy active rule to last
2141 foreach my $i (0 .. $#{$uphash{$last}}) {
2142 $uphash{$last}[$i] = $uphash{$key}[$i];
2143 }
2144 #copy saved rule to actual position
2145 foreach my $x (0 .. $#{$tmp{0}}) {
2146 $uphash{$key}[$x] = $tmp{0}[$x];
2147 }
2148 }
2149 }
2150 }
2151 &General::writehasharray($fwdfwsettings{'config'}, \%uphash);
0e430797 2152 &General::firewall_config_changed();
8013bd0a
AM		 2153}
2154sub pos_down
2155{
2156 my %downhash=();
2157 my %tmp=();
2158 &General::readhasharray($fwdfwsettings{'config'}, \%downhash);
2159 foreach my $key (sort keys %downhash){
2160 if ($key eq $fwdfwsettings{'key'}) {
2161 my $next = $key + 1;
2162 if (exists $downhash{$next}){
2163 #save rule next
2164 foreach my $y (0 .. $#{$downhash{$next}}) {
2165 $tmp{0}[$y] = $downhash{$next}[$y];
2166 }
2167 #copy active rule to next
2168 foreach my $i (0 .. $#{$downhash{$next}}) {
2169 $downhash{$next}[$i] = $downhash{$key}[$i];
2170 }
2171 #copy saved rule to actual position
2172 foreach my $x (0 .. $#{$tmp{0}}) {
2173 $downhash{$key}[$x] = $tmp{0}[$x];
2174 }
2175 }
2176 }
2177 }
2178 &General::writehasharray($fwdfwsettings{'config'}, \%downhash);
0e430797 2179 &General::firewall_config_changed();
2a81ab0d
AM		 2180}
2181sub saverule
2182{
2a81ab0d
AM		 2183 my $hash=shift;
2184 my $config=shift;
2185 &General::readhasharray("$config", $hash);
2186 if (!$errormessage){
2669161d 2187 ################################################################
2669161d 2188 #check if we change an INPUT rule to a OUTGOING
c12392c0 2189 if($fwdfwsettings{'oldruletype'} eq 'INPUTFW' && $fwdfwsettings{'chain'} eq 'OUTGOINGFW' ){
2669161d 2190 &changerule($configinput);
c12392c0 2191 #print"1";
d7127db8 2192 }
8442c937 2193 #check if we change an INPUT rule to a FORWARD
2669161d
AM		 2194 elsif($fwdfwsettings{'oldruletype'} eq 'INPUTFW' && $fwdfwsettings{'chain'} eq 'FORWARDFW' ){
2195 &changerule($configinput);
c12392c0 2196 #print"2";
d7127db8 2197 }
2669161d
AM		 2198 ################################################################
2199 #check if we change an OUTGOING rule to an INPUT
2200 elsif($fwdfwsettings{'oldruletype'} eq 'OUTGOINGFW' && $fwdfwsettings{'chain'} eq 'INPUTFW' ){
2201 &changerule($configoutgoing);
c12392c0 2202 #print"3";
d7127db8 2203 }
8442c937 2204 #check if we change an OUTGOING rule to a FORWARD
2669161d 2205 elsif($fwdfwsettings{'oldruletype'} eq 'OUTGOINGFW' && $fwdfwsettings{'chain'} eq 'FORWARDFW' ){
d7127db8 2206 &changerule($configoutgoing);
c12392c0 2207 #print"4";
2669161d
AM		 2208 }
2209 ################################################################
2210 #check if we change a FORWARD rule to an INPUT
2211 elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && $fwdfwsettings{'chain'} eq 'INPUTFW'){
2212 &changerule($configfwdfw);
c12392c0 2213 #print"5";
2669161d
AM		 2214 }
2215 #check if we change a FORWARD rule to an OUTGOING
2216 elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && $fwdfwsettings{'chain'} eq 'OUTGOINGFW'){
2217 &changerule($configfwdfw);
c12392c0 2218 #print"6";
2669161d 2219 }
65c9b3a5 2220 $fwdfwsettings{'ruleremark'}=~ s/,/;/g;
323923d9 2221 utf8::decode($fwdfwsettings{'ruleremark'});
abb3cfcc 2222 $fwdfwsettings{'ruleremark'}=&Header::escape($fwdfwsettings{'ruleremark'});
2da264ec 2223 if ($fwdfwsettings{'updatefwrule'} ne 'on'){
2a81ab0d
AM		 2224 my $key = &General::findhasharraykey ($hash);
2225 $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
2226 $$hash{$key}[1] = $fwdfwsettings{'chain'};
2227 $$hash{$key}[2] = $fwdfwsettings{'ACTIVE'};
2228 $$hash{$key}[3] = $fwdfwsettings{'grp1'};
2229 $$hash{$key}[4] = $fwdfwsettings{$fwdfwsettings{'grp1'}};
2230 $$hash{$key}[5] = $fwdfwsettings{'grp2'};
2231 $$hash{$key}[6] = $fwdfwsettings{$fwdfwsettings{'grp2'}};
2232 $$hash{$key}[7] = $fwdfwsettings{'USE_SRC_PORT'};
2233 $$hash{$key}[8] = $fwdfwsettings{'PROT'};
2234 $$hash{$key}[9] = $fwdfwsettings{'ICMP_TYPES'};
2235 $$hash{$key}[10] = $fwdfwsettings{'SRC_PORT'};
2236 $$hash{$key}[11] = $fwdfwsettings{'USESRV'};
2237 $$hash{$key}[12] = $fwdfwsettings{'TGT_PROT'};
2238 $$hash{$key}[13] = $fwdfwsettings{'ICMP_TGT'};
2239 $$hash{$key}[14] = $fwdfwsettings{'grp3'};
2240 $$hash{$key}[15] = $fwdfwsettings{$fwdfwsettings{'grp3'}};
2241 $$hash{$key}[16] = $fwdfwsettings{'ruleremark'};
2242 $$hash{$key}[17] = $fwdfwsettings{'LOG'};
2243 $$hash{$key}[18] = $fwdfwsettings{'TIME'};
2244 $$hash{$key}[19] = $fwdfwsettings{'TIME_MON'};
2245 $$hash{$key}[20] = $fwdfwsettings{'TIME_TUE'};
2246 $$hash{$key}[21] = $fwdfwsettings{'TIME_WED'};
2247 $$hash{$key}[22] = $fwdfwsettings{'TIME_THU'};
2248 $$hash{$key}[23] = $fwdfwsettings{'TIME_FRI'};
2249 $$hash{$key}[24] = $fwdfwsettings{'TIME_SAT'};
2250 $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'};
2251 $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'};
2252 $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
c12392c0
AM		 2253 $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'};
2254 $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
2255 $$hash{$key}[30] = $fwdfwsettings{'dnatport'};
2256 $$hash{$key}[31] = $fwdfwsettings{'nat'};
79ad6f7e
AM		 2257 $$hash{$key}[32] = $fwdfwsettings{'LIMIT_CON_CON'};
2258 $$hash{$key}[33] = $fwdfwsettings{'concon'};
d8deec0b
AM		 2259 $$hash{$key}[34] = $fwdfwsettings{'RATE_LIMIT'};
2260 $$hash{$key}[35] = $fwdfwsettings{'ratecon'};
2261 $$hash{$key}[36] = $fwdfwsettings{'RATETIME'};
2a81ab0d
AM		 2262 &General::writehasharray("$config", $hash);
2263 }else{
e44fa079
AM		 2264 foreach my $key (sort {$a <=> $b} keys %$hash){
2265 if($key eq $fwdfwsettings{'key'}){
2266 $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
2267 $$hash{$key}[1] = $fwdfwsettings{'chain'};
2268 $$hash{$key}[2] = $fwdfwsettings{'ACTIVE'};
2269 $$hash{$key}[3] = $fwdfwsettings{'grp1'};
2270 $$hash{$key}[4] = $fwdfwsettings{$fwdfwsettings{'grp1'}};
2271 $$hash{$key}[5] = $fwdfwsettings{'grp2'};
2272 $$hash{$key}[6] = $fwdfwsettings{$fwdfwsettings{'grp2'}};
2273 $$hash{$key}[7] = $fwdfwsettings{'USE_SRC_PORT'};
2274 $$hash{$key}[8] = $fwdfwsettings{'PROT'};
2275 $$hash{$key}[9] = $fwdfwsettings{'ICMP_TYPES'};
2276 $$hash{$key}[10] = $fwdfwsettings{'SRC_PORT'};
2277 $$hash{$key}[11] = $fwdfwsettings{'USESRV'};
2278 $$hash{$key}[12] = $fwdfwsettings{'TGT_PROT'};
2279 $$hash{$key}[13] = $fwdfwsettings{'ICMP_TGT'};
2280 $$hash{$key}[14] = $fwdfwsettings{'grp3'};
2281 $$hash{$key}[15] = $fwdfwsettings{$fwdfwsettings{'grp3'}};
2282 $$hash{$key}[16] = $fwdfwsettings{'ruleremark'};
2283 $$hash{$key}[17] = $fwdfwsettings{'LOG'};
2284 $$hash{$key}[18] = $fwdfwsettings{'TIME'};
2285 $$hash{$key}[19] = $fwdfwsettings{'TIME_MON'};
2286 $$hash{$key}[20] = $fwdfwsettings{'TIME_TUE'};
2287 $$hash{$key}[21] = $fwdfwsettings{'TIME_WED'};
2288 $$hash{$key}[22] = $fwdfwsettings{'TIME_THU'};
2289 $$hash{$key}[23] = $fwdfwsettings{'TIME_FRI'};
2290 $$hash{$key}[24] = $fwdfwsettings{'TIME_SAT'};
2291 $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'};
2292 $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'};
2293 $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
c12392c0
AM		 2294 $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'};
2295 $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
2296 $$hash{$key}[30] = $fwdfwsettings{'dnatport'};
2297 $$hash{$key}[31] = $fwdfwsettings{'nat'};
79ad6f7e
AM		 2298 $$hash{$key}[32] = $fwdfwsettings{'LIMIT_CON_CON'};
2299 $$hash{$key}[33] = $fwdfwsettings{'concon'};
d8deec0b
AM		 2300 $$hash{$key}[34] = $fwdfwsettings{'RATE_LIMIT'};
2301 $$hash{$key}[35] = $fwdfwsettings{'ratecon'};
2302 $$hash{$key}[36] = $fwdfwsettings{'RATETIME'};
e44fa079
AM		 2303 last;
2304 }
2305 }
2306 }
2307 &General::writehasharray("$config", $hash);
0918e516 2308 if($fwdfwsettings{'oldrulenumber'} > $fwdfwsettings{'rulepos'}){
e44fa079
AM		 2309 my %tmp=();
2310 my $val=$fwdfwsettings{'oldrulenumber'}-$fwdfwsettings{'rulepos'};
2311 for (my $z=0;$z<$val;$z++){
2312 foreach my $key (sort {$a <=> $b} keys %$hash){
2313 if ($key eq $fwdfwsettings{'oldrulenumber'}) {
2314 my $last = $key -1;
2315 if (exists $$hash{$last}){
2316 #save rule last
2317 foreach my $y (0 .. $#{$$hash{$last}}) {
2318 $tmp{0}[$y] = $$hash{$last}[$y];
2319 }
2320 #copy active rule to last
2321 foreach my $i (0 .. $#{$$hash{$last}}) {
2322 $$hash{$last}[$i] = $$hash{$key}[$i];
2323 }
2324 #copy saved rule to actual position
2325 foreach my $x (0 .. $#{$tmp{0}}) {
2326 $$hash{$key}[$x] = $tmp{0}[$x];
2da264ec
AM		 2327 }
2328 }
2329 }
2330 }
e44fa079
AM		 2331 $fwdfwsettings{'oldrulenumber'}--;
2332 }
2333 &General::writehasharray("$config", $hash);
0e430797 2334 &General::firewall_config_changed();
0918e516 2335 }elsif($fwdfwsettings{'rulepos'} > $fwdfwsettings{'oldrulenumber'}){
e44fa079
AM		 2336 my %tmp=();
2337 my $val=$fwdfwsettings{'rulepos'}-$fwdfwsettings{'oldrulenumber'};
2338 for (my $z=0;$z<$val;$z++){
2339 foreach my $key (sort {$a <=> $b} keys %$hash){
2340 if ($key eq $fwdfwsettings{'oldrulenumber'}) {
2341 my $next = $key + 1;
2342 if (exists $$hash{$next}){
2343 #save rule next
2344 foreach my $y (0 .. $#{$$hash{$next}}) {
2345 $tmp{0}[$y] = $$hash{$next}[$y];
2346 }
2347 #copy active rule to next
2348 foreach my $i (0 .. $#{$$hash{$next}}) {
2349 $$hash{$next}[$i] = $$hash{$key}[$i];
2350 }
2351 #copy saved rule to actual position
2352 foreach my $x (0 .. $#{$tmp{0}}) {
2353 $$hash{$key}[$x] = $tmp{0}[$x];
2da264ec
AM		 2354 }
2355 }
2356 }
2a81ab0d 2357 }
e44fa079 2358 $fwdfwsettings{'oldrulenumber'}++;
2a81ab0d
AM		 2359 }
2360 &General::writehasharray("$config", $hash);
0e430797 2361 &General::firewall_config_changed();
2a81ab0d
AM		 2362 }
2363 }
2364}
2a81ab0d
AM		 2365sub validremark
2366{
2367 # Checks a hostname against RFC1035
abb3cfcc 2368 my $remark = $_[0];
323923d9
MT		 2369
2370 # Try to decode $remark into UTF-8. If this doesn't work,
2371 # we assume that the string it not sane.
2372 if (!utf8::decode($remark)) {
2373 return 0;
2374 }
2375
2376 # Check if the string only contains of printable characters.
abb3cfcc
AM		 2377 if ($remark =~ /^[[:print:]]*$/) {
2378 return 1;
2379 }
2380 return 0;
2a81ab0d 2381}
3a162dc1
AM		 2382sub viewtablerule
2383{
15add1c8 2384 &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
c03d4a5e
MT		 2385
2386 &viewtablenew(\%configfwdfw, $configfwdfw, $Lang::tr{'firewall rules'});
2dd3aa93
MT		 2387 &viewtablenew(\%configinputfw, $configinput, $Lang::tr{'incoming firewall access'});
2388 &viewtablenew(\%configoutgoingfw, $configoutgoing, $Lang::tr{'outgoing firewall access'});
2a81ab0d
AM		 2389}
2390sub viewtablenew
2391{
2392 my $hash=shift;
2393 my $config=shift;
2394 my $title=shift;
7bd9d462 2395 my $go='';
c03d4a5e
MT		 2396
2397 my $show_box = (! -z $config) || ($optionsfw{'SHOWTABLES'} eq 'on');
2398 return if (!$show_box);
2399
15add1c8 2400 &General::get_aliases(\%aliases);
af768a7e 2401 &General::readhasharray("$confighost", \%customhost);
7bd9d462 2402 &General::readhasharray("$config", $hash);
d9b691e1
AM		 2403 &General::readhasharray("$configccdnet", \%ccdnet);
2404 &General::readhasharray("$configccdhost", \%ccdhost);
aeefcc9c
AM		 2405 &General::readhasharray("$configgrp", \%customgrp);
2406 &General::readhasharray("$configsrvgrp", \%customservicegrp);
c03d4a5e
MT		 2407
2408 &Header::openbox('100%', 'left', $title);
8d28e3d0 2409 print "<table width='100%' cellspacing='0' class='tbl'>";
c03d4a5e
MT		 2410
2411 if (! -z $config) {
2a81ab0d
AM		 2412 my $count=0;
2413 my ($gif,$log);
2414 my $ruletype;
2415 my $rulecolor;
2416 my $tooltip;
2417 my @tmpsrc=();
a15f7d0d 2418 my @tmptgt=();
2a81ab0d 2419 my $coloryellow='';
989d0fd7 2420
c03d4a5e 2421 print <<END;
989d0fd7
MT		 2422 <tr>
2423 <th align='right' width='3%'>
2424 #
2425 </th>
2426 <th width='2%'></th>
2427 <th align='center'>
2428 <b>$Lang::tr{'protocol'}</b>
2429 </th>
2430 <th align='center' width='30%'>
2431 <b>$Lang::tr{'fwdfw source'}</b>
2432 </th>
2433 <th align='center'>
daf400fa 2434 <b>$Lang::tr{'fwdfw log'}</b>
989d0fd7
MT		 2435 </th>
2436 <th align='center' width='30%'>
2437 <b>$Lang::tr{'fwdfw target'}</b>
2438 </th>
2439 <th align='center' colspan='6' width='18%'>
2440 <b>$Lang::tr{'fwdfw action'}</b>
2441 </th>
2442 </tr>
2443END
2444
62fc8511 2445 foreach my $key (sort {$a <=> $b} keys %$hash){
12a43202 2446 $tdcolor='';
2a81ab0d 2447 @tmpsrc=();
a15f7d0d 2448 @tmptgt=();
2a81ab0d
AM		 2449 #check if vpn hosts/nets have been deleted
2450 if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){
2451 push (@tmpsrc,$$hash{$key}[4]);
2452 }
2453 if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /ovpn/i){
a15f7d0d 2454 push (@tmptgt,$$hash{$key}[6]);
2a81ab0d 2455 }
2a81ab0d 2456 foreach my $host (@tmpsrc){
a15f7d0d 2457 if($$hash{$key}[3] eq 'ipsec_net_src'){
62fc8511 2458 if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
2a81ab0d 2459 $coloryellow='on';
2a81ab0d 2460 }
a15f7d0d 2461 }elsif($$hash{$key}[3] eq 'ovpn_net_src'){
2a81ab0d
AM		 2462 if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
2463 $coloryellow='on';
2a81ab0d 2464 }
a15f7d0d 2465 }elsif($$hash{$key}[3] eq 'ovpn_n2n_src'){
2a81ab0d
AM		 2466 if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
2467 $coloryellow='on';
2a81ab0d 2468 }
a15f7d0d
AM		 2469 }elsif($$hash{$key}[3] eq 'ovpn_host_src'){
2470 if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
2471 $coloryellow='on';
a15f7d0d
AM		 2472 }
2473 }
2474 }
2475 foreach my $host (@tmptgt){
2476 if($$hash{$key}[5] eq 'ipsec_net_tgt'){
2477 if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
2478 $coloryellow='on';
a15f7d0d
AM		 2479 }
2480 }elsif($$hash{$key}[5] eq 'ovpn_net_tgt'){
2481 if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
2482 $coloryellow='on';
a15f7d0d
AM		 2483 }
2484 }elsif($$hash{$key}[5] eq 'ovpn_n2n_tgt'){
2485 if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
2486 $coloryellow='on';
a15f7d0d
AM		 2487 }
2488 }elsif($$hash{$key}[5] eq 'ovpn_host_tgt'){
2a81ab0d
AM		 2489 if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
2490 $coloryellow='on';
2a81ab0d
AM		 2491 }
2492 }
2a81ab0d 2493 }
aeefcc9c
AM		 2494 #check if networkgroups or servicegroups are empty
2495 foreach my $netgroup (sort keys %customgrp){
2496 if(($$hash{$key}[4] eq $customgrp{$netgroup}[0] || $$hash{$key}[6] eq $customgrp{$netgroup}[0]) && $customgrp{$netgroup}[2] eq 'none'){
2497 $coloryellow='on';
aeefcc9c
AM		 2498 }
2499 }
2500 foreach my $srvgroup (sort keys %customservicegrp){
2501 if($$hash{$key}[15] eq $customservicegrp{$srvgroup}[0] && $customservicegrp{$srvgroup}[2] eq 'none'){
2502 $coloryellow='on';
aeefcc9c
AM		 2503 }
2504 }
2a81ab0d
AM		 2505 $$hash{'ACTIVE'}=$$hash{$key}[2];
2506 $count++;
2a81ab0d 2507 if($coloryellow eq 'on'){
a15f7d0d 2508 $color="$color{'color14'}";
2a81ab0d
AM		 2509 $coloryellow='';
2510 }elsif($coloryellow eq ''){
2511 if ($count % 2){
15add1c8 2512 $color="$color{'color22'}";
2a81ab0d
AM		 2513 }
2514 else{
15add1c8 2515 $color="$color{'color20'}";
2a81ab0d
AM		 2516 }
2517 }
2a81ab0d 2518 print<<END;
989d0fd7
MT		 2519 <tr bgcolor='$color'>
2520 <td align='right' width='3%'>
2521 <b>$key&nbsp;</b>
2522 </td>
2a81ab0d 2523END
989d0fd7 2524
a0fb1099 2525 #RULETYPE (A,R,D)
2a81ab0d
AM		 2526 if ($$hash{$key}[0] eq 'ACCEPT'){
2527 $ruletype='A';
2528 $tooltip='ACCEPT';
2529 $rulecolor=$color{'color17'};
2530 }elsif($$hash{$key}[0] eq 'DROP'){
2531 $ruletype='D';
2532 $tooltip='DROP';
2533 $rulecolor=$color{'color25'};
2534 }elsif($$hash{$key}[0] eq 'REJECT'){
2535 $ruletype='R';
2536 $tooltip='REJECT';
2537 $rulecolor=$color{'color16'};
2538 }
989d0fd7
MT		 2539
2540 print <<END;
2541 <td bgcolor='$rulecolor' align='center' width='2%'>
2542 <span title='$tooltip'>&nbsp;&nbsp;</span>
2543 </td>
2544END
2545
a0fb1099
AM		 2546 #Get Protocol
2547 my $prot;
fadcfb73 2548 if ($$hash{$key}[8]){
9c89c64d 2549 if ($$hash{$key}[8] eq "IPv6"){
39e360b2 2550 push (@protocols,$Lang::tr{'fwdfw prot41 short'})
9c89c64d
AM		 2551 }else{
2552 push (@protocols,$$hash{$key}[8]);
2553 }
a0fb1099
AM		 2554 }elsif($$hash{$key}[14] eq 'cust_srv'){
2555 &get_serviceports("service",$$hash{$key}[15]);
2556 }elsif($$hash{$key}[14] eq 'cust_srvgrp'){
2557 &get_serviceports("group",$$hash{$key}[15]);
2558 }else{
2559 push (@protocols,$Lang::tr{'all'});
2560 }
989d0fd7 2561
0626fac1 2562 my $protz=join(", ",@protocols);
90f8339a 2563 if($protz eq 'ICMP' && $$hash{$key}[9] ne 'All ICMP-Types' && $$hash{$key}[14] ne 'cust_srvgrp'){
a4c7bf6b
AM		 2564 &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
2565 foreach my $keyicmp (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
2566 if($$hash{$key}[9] eq "$icmptypes{$keyicmp}[0]"){
2567 print "<td align='center'><span title='$icmptypes{$keyicmp}[0]'><b>$protz ($icmptypes{$keyicmp}[1])</b></span></td>";
2568 last;
2569 }
2570 }
0626fac1
AM		 2571 }elsif($#protocols gt '3'){
2572 print"<td align='center'><span title='$protz'>$Lang::tr{'fwdfw many'}</span></td>";
a4c7bf6b
AM		 2573 }else{
2574 print"<td align='center'>$protz</td>";
2575 }
a0fb1099
AM		 2576 @protocols=();
2577 #SOURCE
d4cb89d2 2578 my $ipfireiface;
af768a7e 2579 &getcolor($$hash{$key}[3],$$hash{$key}[4],\%customhost);
85860aff 2580 print"<td align='center' width='30%' $tdcolor>";
d4cb89d2 2581 if ($$hash{$key}[3] eq 'ipfire_src'){
daf400fa 2582 $ipfireiface=$Lang::tr{'fwdfw iface'};
d4cb89d2 2583 }
2a81ab0d
AM		 2584 if ($$hash{$key}[3] eq 'std_net_src'){
2585 print &get_name($$hash{$key}[4]);
4f3bd0ca
AM		 2586 }elsif ($$hash{$key}[3] eq 'src_addr'){
2587 my ($split1,$split2) = split("/",$$hash{$key}[4]);
2588 if ($split2 eq '32'){
2589 print $split1;
2590 }else{
2591 print $$hash{$key}[4];
2592 }
c0a97a0f
SS		 2593 }elsif ($$hash{$key}[3] eq 'cust_geoip_src') {
2594 my ($split1,$split2) = split(":", $$hash{$key}[4]);
2595 if ($split2) {
2596 print "$split2\n";
2597 }else{
2598 print "$Lang::tr{'geoip'}: $$hash{$key}[4]\n";
2599 }
43d8be09 2600 }elsif ($$hash{$key}[4] eq 'RED1'){
d4cb89d2 2601 print "$ipfireiface $Lang::tr{'fwdfw red'}";
2be048ce
AM		 2602 }elsif ($$hash{$key}[4] eq 'ALL'){
2603 print "$ipfireiface $Lang::tr{'all'}";
2a81ab0d 2604 }else{
2be048ce
AM		 2605 if ($$hash{$key}[4] eq 'GREEN' || $$hash{$key}[4] eq 'ORANGE' || $$hash{$key}[4] eq 'BLUE' || $$hash{$key}[4] eq 'RED'){
2606 print "$ipfireiface $Lang::tr{lc($$hash{$key}[4])}";
2607 }else{
2608 print "$ipfireiface $$hash{$key}[4]";
2609 }
2a81ab0d 2610 }
15add1c8 2611 $tdcolor='';
a0fb1099 2612 #SOURCEPORT
2a81ab0d 2613 &getsrcport(\%$hash,$key);
2669161d 2614 #Is this a SNAT rule?
ac9e77e3 2615 if ($$hash{$key}[31] eq 'snat' && $$hash{$key}[28] eq 'ON'){
f1934a05
AM		 2616 my $net=&get_name($$hash{$key}[29]);
2617 if ( ! $net){ $net=$$hash{$key}[29];}
2618 print"<br>->$net";
2669161d
AM		 2619 if ($$hash{$key}[30] ne ''){
2620 print": $$hash{$key}[30]";
2621 }
2622 }
2a81ab0d
AM		 2623 if ($$hash{$key}[17] eq 'ON'){
2624 $log="/images/on.gif";
2625 }else{
2626 $log="/images/off.gif";
2627 }
a0fb1099 2628 #LOGGING
2a81ab0d 2629 print<<END;
989d0fd7
MT		 2630 </td>
2631 <td align='center'>
2632 <form method='POST' action=''>
2633 <input type='image' img src='$log' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw togglelog'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;'/>
2634 <input type='hidden' name='key' value='$key' />
2635 <input type='hidden' name='config' value='$config' />
2636 <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw togglelog'}' />
2637 </form>
2638 </td>
2a81ab0d 2639END
a0fb1099 2640 #TARGET
af768a7e 2641 &getcolor($$hash{$key}[5],$$hash{$key}[6],\%customhost);
2a81ab0d 2642 print<<END;
989d0fd7 2643 <td align='center' $tdcolor>
2a81ab0d 2644END
2669161d 2645 #Is this a DNAT rule?
fd169d0a 2646 my $natstring;
ac9e77e3 2647 if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
95cda259 2648 if ($$hash{$key}[29] eq 'Default IP'){$$hash{$key}[29]=$Lang::tr{'red1'};}
fd169d0a
AM		 2649 if ($$hash{$key}[29] eq 'AUTO'){
2650 my @src_addresses=&fwlib::get_addresses(\%$hash,$key,'src');
2651 my @nat_ifaces;
2652 foreach my $val (@src_addresses){
896eb2d6 2653 push (@nat_ifaces,&fwlib::get_nat_address($$hash{$key}[29],$val));
fd169d0a
AM		 2654 }
2655 @nat_ifaces=&del_double(@nat_ifaces);
107060da 2656 $natstring = "";
fd169d0a 2657 }else{
107060da 2658 $natstring = "($$hash{$key}[29])";
fd169d0a 2659 }
107060da 2660 print "$Lang::tr{'firewall'} $natstring";
a6edca5a 2661 if($$hash{$key}[30] ne ''){
98cee89f 2662 $$hash{$key}[30]=~ tr/|/,/;
a6edca5a 2663 print": $$hash{$key}[30]";
2669161d 2664 }
989d0fd7 2665 print"<br>-&gt;";
2669161d 2666 }
0c733ab7 2667 if ($$hash{$key}[5] eq 'std_net_tgt' || $$hash{$key}[5] eq 'ipfire'){
cb4439f3 2668 if ($$hash{$key}[6] eq 'RED1'){
0c733ab7 2669 print "$Lang::tr{'red1'}";
d8afe3e2 2670 }elsif ($$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq 'ORANGE' || $$hash{$key}[6] eq 'BLUE'|| $$hash{$key}[6] eq 'ALL' || $$hash{$key}[6] eq 'RED')
cb4439f3 2671 {
0c733ab7 2672 print &get_name($$hash{$key}[6]);
05d4f131 2673 }else{
b044bb05 2674 print $$hash{$key}[6];
05d4f131 2675 }
c0a97a0f
SS		 2676 }elsif ($$hash{$key}[5] eq 'cust_geoip_tgt') {
2677 my ($split1,$split2) = split(":", $$hash{$key}[6]);
2678 if ($split2) {
2679 print "$split2\n";
2680 }else{
2681 print "$Lang::tr{'geoip'}: $$hash{$key}[6]\n";
2682 }
4f3bd0ca
AM		 2683 }elsif ($$hash{$key}[5] eq 'tgt_addr'){
2684 my ($split1,$split2) = split("/",$$hash{$key}[6]);
2685 if ($split2 eq '32'){
2686 print $split1;
2687 }else{
2688 print $$hash{$key}[6];
2689 }
2a81ab0d 2690 }else{
cb4439f3 2691 print "$$hash{$key}[6]";
2a81ab0d 2692 }
12a43202 2693 $tdcolor='';
a0fb1099 2694 #TARGETPORT
2a81ab0d 2695 &gettgtport(\%$hash,$key);
93a5f4a5 2696 print"</td>";
a0fb1099 2697 #RULE ACTIVE
2a81ab0d
AM		 2698 if($$hash{$key}[2] eq 'ON'){
2699 $gif="/images/on.gif"
2a81ab0d
AM		 2700 }else{
2701 $gif="/images/off.gif"
2a81ab0d
AM		 2702 }
2703 print<<END;
989d0fd7
MT		 2704 <td width='3%' align='center'>
2705 <form method='POST' action=''>
2706 <input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
2707 <input type='hidden' name='key' value='$key' />
2708 <input type='hidden' name='config' value='$config' />
2709 <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw toggle'}' />
2710 </form>
2711 </td>
2712 <td width='3%' align='center'>
2713 <form method='POST' action=''>
2714 <input type='image' img src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'fwdfw edit'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
2715 <input type='hidden' name='key' value='$key' />
2716 <input type='hidden' name='config' value='$config' />
2717 <input type='hidden' name='ACTION' value='editrule' />
2718 </form>
2719 </td>
2720 <td width='3%' align='center'>
2721 <form method='POST' action=''>
2722 <input type='image' img src='/images/addblue.gif' alt='$Lang::tr{'fwdfw copy'}' title='$Lang::tr{'fwdfw copy'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
2723 <input type='hidden' name='key' value='$key' />
2724 <input type='hidden' name='config' value='$config' />
2725 <input type='hidden' name='ACTION' value='copyrule' />
2726 </form>
2727 </td>
2728 <td width='3%' align='center'>
2729 <form method='POST' action=''>
2730 <input type='image' img src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'fwdfw delete'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
2731 <input type='hidden' name='key' value='$key' />
2732 <input type='hidden' name='config' value='$config' />
2733 <input type='hidden' name='ACTION' value='deleterule' />
2734 </form>
2735 </td>
2a81ab0d
AM		 2736END
2737 if (exists $$hash{$key-1}){
2738 print<<END;
989d0fd7
MT		 2739 <td width='3%' align='center'>
2740 <form method='POST' action=''>
2741 <input type='image' img src='/images/up.gif' alt='$Lang::tr{'fwdfw moveup'}' title='$Lang::tr{'fwdfw moveup'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
2742 <input type='hidden' name='key' value='$key' />
2743 <input type='hidden' name='config' value='$config' />
2744 <input type='hidden' name='ACTION' value='moveup' />
2745 </form>
2746 </td>
2a81ab0d
AM		 2747END
2748 }else{
989d0fd7 2749 print"<td width='3%'></td>";
2a81ab0d 2750 }
989d0fd7 2751
2a81ab0d
AM		 2752 if (exists $$hash{$key+1}){
2753 print<<END;
989d0fd7
MT		 2754 <td width='3%' align='center'>
2755 <form method='POST' action=''>
2756 <input type='image' img src='/images/down.gif' alt='$Lang::tr{'fwdfw movedown'}' title='$Lang::tr{'fwdfw movedown'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
2757 <input type='hidden' name='key' value='$key' />
2758 <input type='hidden' name='config' value='$config' />
2759 <input type='hidden' name='ACTION' value='movedown' />
2760 </form>
2761 </td>
2762 </tr>
2a81ab0d
AM		 2763END
2764 }else{
989d0fd7 2765 print"<td width='3%'></td></tr>";
2a81ab0d 2766 }
15add1c8 2767 #REMARK
3b2ad4a1 2768 if ($optionsfw{'SHOWREMARK'} eq 'on' && $$hash{$key}[16] ne ''){
989d0fd7
MT		 2769 print <<END;
2770 <tr bgcolor='$color'>
2771 <td>&nbsp;</td>
2772 <td bgcolor='$rulecolor'></td>
2773 <td colspan='10'>
2774 &nbsp; <em>$$hash{$key}[16]</em>
2775 </td>
2776 </tr>
2777END
3b2ad4a1 2778 }
989d0fd7 2779
3b2ad4a1 2780 if ($$hash{$key}[18] eq 'ON'){
533a2da3
AM		 2781 #TIMEFRAME
2782 if ($$hash{$key}[18] eq 'ON'){
2783 my @days=();
2784 if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});}
2785 if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});}
2786 if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});}
2787 if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});}
2788 if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});}
2789 if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});}
2790 if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});}
2791 my $weekdays=join(",",@days);
2792 if (@days){
3b2ad4a1 2793 print"<tr bgcolor='$color'>";
989d0fd7 2794 print"<td>&nbsp;</td><td bgcolor='$rulecolor'></td><td align='left' colspan='10'>&nbsp; $weekdays &nbsp; $$hash{$key}[26] - $$hash{$key}[27]</td></tr>";
533a2da3 2795 }
3b2ad4a1 2796 }
96502a5a 2797 }
533a2da3 2798 print"<tr bgcolor='FFFFFF'><td colspan='13' height='1'></td></tr>";
2a81ab0d 2799 }
c03d4a5e
MT		 2800 } elsif ($optionsfw{'SHOWTABLES'} eq 'on') {
2801 print <<END;
2802 <tr>
2803 <td colspan='7' height='30' bgcolor=$color{'color22'} align='center'>$Lang::tr{'fwhost empty'}</td>
2804 </tr>
2805END
2806 }
2807
2808 #SHOW FINAL RULE
2809 my $policy = 'fwdfw ' . $fwdfwsettings{'POLICY'};
2810 my $colour = "bgcolor='green'";
2811 if ($fwdfwsettings{'POLICY'} eq 'MODE1') {
2812 $colour = "bgcolor='darkred'";
2813 }
2814
2815 my $message;
2816 if (($config eq '/var/ipfire/firewall/config') && ($fwdfwsettings{'POLICY'} ne 'MODE1')) {
2817 print <<END;
2818 <tr>
2819 <td colspan='13'>&nbsp;</td>
2820 </tr>
2821 <tr>
ec56a539 2822 <td colspan='13' style="padding-left:0px;padding-right:0px">
c03d4a5e
MT		 2823 <table width="100%" border='1' rules="cols" cellspacing='0'>
2824END
2825
2826 # GREEN
2827 print <<END;
2828 <tr>
2829 <td align='center'>
2830 <font color="$Header::colourgreen">$Lang::tr{'green'}</font>
2831 </td>
2832 <td align='center'>
2833 <font color="$Header::colourred">$Lang::tr{'red'}</font>
2834 ($Lang::tr{'fwdfw pol allow'})
2835 </td>
2836END
2837
2838 if (&Header::orange_used()) {
2839 print <<END;
2840 <td align='center'>
2841 <font color="$Header::colourorange">$Lang::tr{'orange'}</font>
2842 ($Lang::tr{'fwdfw pol allow'})
2843 </td>
2844END
2af92cf5 2845 }
c03d4a5e
MT		 2846
2847 if (&Header::blue_used()) {
2848 print <<END;
2849 <td align='center'>
2850 <font color="$Header::colourblue">$Lang::tr{'blue'}</font>
2851 ($Lang::tr{'fwdfw pol allow'})
2852 </td>
2853END
515863e2 2854 }
a6485463 2855
cb051c57 2856 print"</tr>";
c03d4a5e
MT		 2857
2858 # ORANGE
2859 if (&Header::orange_used()) {
2860 print <<END;
2861 <tr>
2862 <td align='center' width='20%'>
2863 <font color="$Header::colourorange">$Lang::tr{'orange'}</font>
2864 </td>
2865 <td align='center'>
2866 <font color="$Header::colourred">$Lang::tr{'red'}</font>
2867 ($Lang::tr{'fwdfw pol allow'})
2868 </td>
2869 <td align='center'>
2870 <font color="$Header::colourgreen">$Lang::tr{'green'}</font>
2871 ($Lang::tr{'fwdfw pol block'})
2872 </td>
2873END
2874
2875 if (&Header::blue_used()) {
2876 print <<END;
2877 <td align='center'>
2878 <font color="$Header::colourblue">$Lang::tr{'blue'}</font>
2879 ($Lang::tr{'fwdfw pol block'})
2880 </td>
2881END
2882 }
2883
cb051c57
AM		 2884 print"</tr>";
2885 }
c03d4a5e
MT		 2886
2887 if (&Header::blue_used()) {
2888 print <<END;
2889 <tr>
2890 <td align='center'>
12b901f8 2891 <font color="$Header::colourblue">$Lang::tr{'blue'}</font>
c03d4a5e
MT		 2892 </td>
2893 <td align='center'>
2894 <font color="$Header::colourred">$Lang::tr{'red'}</font>
2895 ($Lang::tr{'fwdfw pol allow'})
2896 </td>
2897END
2898
2899 if (&Header::orange_used()) {
2900 print <<END;
2901 <td align='center'>
2902 <font color="$Header::colourorange">$Lang::tr{'orange'}</font>
2903 ($Lang::tr{'fwdfw pol block'})
2904 </td>
3e5e8a4a
MT		 2905END
2906 }
2907
2908 print <<END;
c03d4a5e
MT		 2909 <td align='center'>
2910 <font color="$Header::colourgreen">$Lang::tr{'green'}</font>
2911 ($Lang::tr{'fwdfw pol block'})
2912 </td>
3e5e8a4a 2913 </tr>
c03d4a5e 2914END
cb051c57 2915 }
c03d4a5e
MT		 2916
2917 print <<END;
2918 </table>
2919 </td>
2920 </tr>
2921END
2922
2923 $message = $Lang::tr{'fwdfw pol allow'};
2924
35ca8e02 2925 } elsif ($config eq '/var/ipfire/firewall/outgoing' && ($fwdfwsettings{'POLICY1'} ne 'MODE1')) {
c03d4a5e 2926 $message = $Lang::tr{'fwdfw pol allow'};
35ca8e02 2927 $colour = "bgcolor='green'";
c03d4a5e
MT		 2928 } else {
2929 $message = $Lang::tr{'fwdfw pol block'};
2930 $colour = "bgcolor='darkred'";
2931 }
2932
2933 if ($message) {
2934 print <<END;
2935 <tr>
2936 <td $colour align='center' colspan='13'>
2937 <font color='#FFFFFF'>$Lang::tr{'policy'}: $message</font>
2938 </td>
2939 </tr>
2940END
cb051c57 2941 }
c03d4a5e
MT		 2942
2943 print "</table>";
2944 print "<br>";
2945
2946 &Header::closebox();
a6485463 2947}
c03d4a5e
MT		 2948
2949&Header::closebigbox();
2950&Header::closepage();
Peter's tree of IPFire 2.x