my $p2pfile = "${General::swroot}/forward/p2protocols";
my $configgrp = "${General::swroot}/fwhosts/customgroups";
my $netsettings = "${General::swroot}/ethernet/settings";
-my $errormessage='';
-my $orange;
-my $green;
-my $blue;
+my $errormessage = '';
+my $orange = '';
+my $green = '';
+my $blue = '';
my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT);
-my $CHAIN="FORWARDFW";
-my $conexists='off';
-my $command = 'iptables -A';
-my $dnat='';
-my $snat='';
+my $CHAIN = "FORWARDFW";
+my $conexists = 'off';
+my $command = 'iptables -A';
+my $dnat ='';
+my $snat ='';
+
&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
&General::readhash("$netsettings", \%defaultNetworks);
&General::readhasharray($configfwdfw, \%configfwdfw);
open (CONN1,"/var/ipfire/red/local-ipaddress");
my $redip = <CONN1>;
close(CONN1);
-################################
-# DEBUG/TEST #
-################################
+#################
+# DEBUG/TEST #
+#################
my $MODE=0; # 0 - normal operation
- # 1 - print configline and rules to console
- #
-################################
+ # 1 - print configline and rules to console
+ #
+#################
my $param=shift;
if($param eq 'flush'){
if($MODE eq '0'){
if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
&p2pblock;
- system ("/usr/sbin/firewall-policy");
+ system ("/usr/sbin/firewall-policy");
}elsif($fwdfwsettings{'POLICY'} eq 'MODE2'){
&p2pblock;
system ("iptables -A $CHAIN -m conntrack --ctstate NEW -j ACCEPT");
system ("iptables -F OUTGOINGFW");
system ("iptables -t nat -F NAT_DESTINATION");
system ("iptables -t nat -F NAT_SOURCE");
-}
+}
sub preparerules
{
if (! -z "${General::swroot}/forward/config"){
if($$hash{$key}[24] ne ''){push (@timeframe,"Sat");}
if($$hash{$key}[25] ne ''){push (@timeframe,"Sun");}
$TIME=join(",",@timeframe);
-
+
$TIMEFROM="--timestart $time1 ";
$TIMETILL="--timestop $time2 ";
$TIME="-m time --weekdays $TIME $TIMEFROM $TIMETILL";
}
- if ($MODE eq '1'){
+ if ($MODE eq '1'){
print "NR:$key ";
foreach my $i (0 .. $#{$$hash{$key}}){
print "$i: $$hash{$key}[$i] ";
if ($PROT ne '-p ICMP'){
print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
}
- }
+ if ($PROT eq '-p ICMP' && $$hash{$key}[9] eq 'All ICMP-Types'){
+ print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
+ }
+ }
}
}
}
if ($PROT ne '-p ICMP'){
system "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
}
- }
+ #PROCESS Prot ICMP and type = All ICMP-Types
+ if ($PROT eq '-p ICMP' && $$hash{$key}[9] eq 'All ICMP-Types'){
+ system "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
+ }
+ }
}
}
}
my $type=shift; #src or tgt
my $hash;
if ($type eq 'src'){
- $hash=\%sourcehash;
+ $hash=\%sourcehash;
}else{
$hash=\%targethash;
}
<select name='ICMP_TYPES' style='min-width:230px;'>
END
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
- print"<option>All ICMP-Types</option>";
+ print"<option value='All ICMP-Types'>$Lang::tr{'fwdfw all icmp'}</option>";
foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){
print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
}
}
}
- if($ICMP eq ''){$ICMP='BLANK';}
+ if($ICMP eq ''){$ICMP=$fwhostsettings{'ICMP_TYPES'};}
if (!$errormessage){
my $key = &General::findhasharraykey (\%customservice);
foreach my $i (0 .. 4) { $customservice{$key}[$i] = "";}
<div id='PROTOKOLL' class='noscript'><table width=100%' border='0'><tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td><select name='ICMP_TYPES'>
END
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
- print"<option>All ICMP-Types</option>";
+ print"<option value='All ICMP-Types'>$Lang::tr{'fwdfw all icmp'}</option>";
foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
if ($icmptypes{$key}[0] eq $fwhostsettings{'oldsrvicmp'}){
print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
print<<END;
<td>$customservice{$key}[0]</td><td align='center'>$customservice{$key}[2]</td><td align='center'>$customservice{$key}[1]</td><td align='center'>
END
- if($customservice{$key}[3] ne 'BLANK'){print $customservice{$key}[3];}
-
+ if($customservice{$key}[3] eq 'All ICMP-Types'){print $Lang::tr{'fwdfw all icmp'};}
+ elsif($customservice{$key}[3] ne 'BLANK'){print $customservice{$key}[3];}
print<<END;
</td><td align='center'>$customservice{$key}[4]x</td>
<td width='1%'><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} /><input type='hidden' name='ACTION' value='editservice' />
'fw settings dropdown' => 'Alle Netzwerke auf Regelerstellungsseite anzeigen',
'fw settings remark' => 'Anmerkungen in Regeltabelle anzeigen',
'fw settings ruletable' => 'Leere Regeltabellen anzeigen',
+'fwdfw all icmp' => 'Alle ICMP-Typen',
'fwdfw ACCEPT' => 'Akzeptieren (ACCEPT)',
'fwdfw DROP' => 'Verwerfen (DROP)',
'fwdfw MODE1' => 'Alle Pakete verwerfen',
'fwdfw toggle' => 'Aktivieren oder deaktivieren',
'fwdfw togglelog' => 'Log aktivieren oder deaktivieren',
'fwdfw use nat' => 'NAT benutzen',
-'fwdfw use srcport' => 'Quellport(s) benutzen:',
-'fwdfw use srv' => 'Zielport(s) benutzen:',
+'fwdfw use srcport' => 'Quellport:',
+'fwdfw use srv' => 'Zielport:',
'fwdfw useless rule' => 'Diese Regel ist nicht sinnvoll.',
'fwdfw wd_fri' => 'Fr',
'fwdfw wd_mon' => 'Mo',
'fw settings dropdown' => 'Show all networks on rulecreation site',
'fw settings remark' => 'Show remarks in ruletable',
'fw settings ruletable' => 'Show empty ruletables',
+'fwdfw all icmp' => 'All ICMP-Types',
'fwdfw ACCEPT' => 'ACCEPT',
'fwdfw DROP' => 'DROP',
'fwdfw MODE1' => 'Drop all packets',
'fwdfw toggle' => 'Activate or deactivate',
'fwdfw togglelog' => 'Activate or deactivate logging',
'fwdfw use nat' => 'Use NAT',
-'fwdfw use srcport' => 'Use source port(s):',
-'fwdfw use srv' => 'Use destination port(s):',
+'fwdfw use srcport' => 'Source port:',
+'fwdfw use srv' => 'Destination port:',
'fwdfw useless rule' => 'This rule is useless.',
'fwdfw wd_fri' => 'Fri',
'fwdfw wd_mon' => 'Mon',