]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blobdiff - config/forwardfw/rules.pl
projects / people / pmueller / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Forward Firewall: enabled Portranges for DNAT
[people/pmueller/ipfire-2.x.git] / config / forwardfw / rules.pl
diff --git a/config/forwardfw/rules.pl b/config/forwardfw/rules.pl
index 9af2c7060ff3acb954d42b94b6cc04c2fe029d81..49a45b1a595a7cf1605e42cd2bb06ae3c61c6bd9 100755 (executable)
--- a/config/forwardfw/rules.pl
+++ b/config/forwardfw/rules.pl
@@ -287,10 +287,11 @@ sub buildrules
                                                                                if ($$hash{$key}[17] eq 'ON'){
                                                                                        print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
                                                                                }
-                                                                               my $fwaccessdport="--dport ".substr($DPORT,1,) if ($DPORT);
                                                                                my ($ip,$sub) =split("/",$targethash{$b}[0]);
-                                                                               print "iptables -A PORTFWACCESS $PROT -i $con -d $ip $fwaccessdport $TIME -j ACCEPT\n";
                                                                                print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $$hash{$key}[0]  --to $ip$DPORT\n";
+                                                                               $DPORT =~ s/\-/:/g;
+                                                                               my $fwaccessdport="--dport ".substr($DPORT,1,) if ($DPORT);
+                                                                               print "iptables -A PORTFWACCESS $PROT -i $con -d $ip $fwaccessdport $TIME -j ACCEPT\n";
                                                                        }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[32] eq 'snat'){
                                                                                print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]  --to $natip$fireport\n";
                                                                        }
@@ -327,10 +328,12 @@ sub buildrules
                                                                                if ($$hash{$key}[17] eq 'ON'){
                                                                                        system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
                                                                                }
-                                                                               my $fwaccessdport="--dport ".substr($DPORT,1,) if ($DPORT);
                                                                                my ($ip,$sub) =split("/",$targethash{$b}[0]);
-                                                                               system "iptables -A PORTFWACCESS $PROT -i $con -d $ip $fwaccessdport $TIME -j ACCEPT\n";
                                                                                system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $$hash{$key}[0]  --to $ip$DPORT\n";
+                                                                               $DPORT =~ s/\-/:/g;
+                                                                               my $fwaccessdport="--dport ".substr($DPORT,1,) if ($DPORT);
+                                                                               system "iptables -A PORTFWACCESS $PROT -i $con -d $ip $fwaccessdport $TIME -j ACCEPT\n";
+                                                                               
                                                                        }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat'){
                                                                                if ($$hash{$key}[17] eq 'ON'){
                                                                                        system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG --log-prefix 'SNAT '\n";
@@ -519,7 +522,6 @@ sub get_port
                        return;
                }
        }elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){
-               
                if($$hash{$key}[14] eq 'TGT_PORT'){
                        if ($$hash{$key}[15] ne ''){
                                $$hash{$key}[15] =~ s/\|/,/g;
@@ -529,6 +531,7 @@ sub get_port
                                        if($$hash{$key}[28] ne 'ON' || ($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat') ){
                                                return "--dport $$hash{$key}[15] ";
                                         }else{
+                                                $$hash{$key}[15] =~ s/\:/-/g;
                                                return ":$$hash{$key}[15]";
                                         }
                                }
Peter's tree of IPFire 2.x