Firewall: New feature: Now it is possible to define a custom service with a portrange...

diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl
index f1e8403daa171b03deb17757fe358eae8402205d..8cff76bb53ac42965988b5a26b43cbc399d7d036 100755 (executable)
--- a/config/firewall/firewall-lib.pl
+++ b/config/firewall/firewall-lib.pl
@@ -108,10 +108,8 @@ sub get_srv_port
        my $field=shift;
        my $prot=shift;
        foreach my $key (sort {$a <=> $b} keys %customservice){
-               if($customservice{$key}[0] eq $val){
-                       if($customservice{$key}[2] eq $prot){
-                               return $customservice{$key}[$field];
-                       }
+               if($customservice{$key}[0] eq $val && $customservice{$key}[2] eq $prot){
+                       return $customservice{$key}[$field];
                }
        }
 }

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index c724aa840cbd7214624e99c0dd1dda0f9bbd7729..f1584f3d2d4f136bebdd97938114f5e14931928d 100755 (executable)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -86,8 +86,8 @@ close(CONN1);
 #    DEBUG/TEST #
 #################
 my $MODE=0;     # 0 - normal operation
-                               # 1 - print configline and rules to console
-                               #
+                # 1 - print configline and rules to console
+                #
 #################
 my $param=shift;
 
@@ -577,6 +577,7 @@ sub get_port
        my $hash=shift;
        my $key=shift;
        my $prot=shift;
+       #Get manual defined Ports from SOURCE
        if ($$hash{$key}[7] eq 'ON' && $SRC_TGT eq 'SRC'){
                if ($$hash{$key}[10] ne ''){
                        $$hash{$key}[10] =~ s/\|/,/g;
@@ -590,6 +591,7 @@ sub get_port
                                }
                        }
                }
+               #Get manual ports from TARGET
        }elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){
                if($$hash{$key}[14] eq 'TGT_PORT'){
                        if ($$hash{$key}[15] ne ''){
@@ -605,16 +607,20 @@ sub get_port
                                         }
                                }
                        }
+               #Get ports defined in custom Service (firewall-groups)
                }elsif($$hash{$key}[14] eq 'cust_srv'){
                        if ($prot ne 'ICMP'){
                                if($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
-                                       return ":".&fwlib::get_srv_port($$hash{$key}[15],1,$prot);
+                                       my $ports =&fwlib::get_srv_port($$hash{$key}[15],1,$prot);
+                                       $ports =~ s/\:/-/g;
+                                       return ":".$ports
                                }else{
                                        return "--dport ".&fwlib::get_srv_port($$hash{$key}[15],1,$prot);
                                }
                        }elsif($prot eq 'ICMP' && $$hash{$key}[11] eq 'ON'){        #When PROT is ICMP and "use targetport is checked, this is an icmp-service
                                return "--icmp-type ".&fwlib::get_srv_port($$hash{$key}[15],3,$prot);
                        }
+               #Get ports from services which are used in custom servicegroups (firewall-groups)
                }elsif($$hash{$key}[14] eq 'cust_srvgrp'){
                        if      ($prot ne 'ICMP'){
                                return &fwlib::get_srvgrp_port($$hash{$key}[15],$prot);