Firewall: Some changes in Strings and languagefiles

diff --git a/config/forwardfw/rules.pl b/config/forwardfw/rules.pl
index fcaade2d6632f3416ff742b161642e8c72c73ba7..f23430f72c8d67378513b47a45b195323905364c 100755 (executable)
--- a/config/forwardfw/rules.pl
+++ b/config/forwardfw/rules.pl
@@ -53,16 +53,17 @@ my $configoutgoing  = "${General::swroot}/forward/outgoing";
 my $p2pfile                    = "${General::swroot}/forward/p2protocols";
 my $configgrp          = "${General::swroot}/fwhosts/customgroups";
 my $netsettings                = "${General::swroot}/ethernet/settings";
 my $p2pfile                    = "${General::swroot}/forward/p2protocols";
 my $configgrp          = "${General::swroot}/fwhosts/customgroups";
 my $netsettings                = "${General::swroot}/ethernet/settings";

-my $errormessage='';
-my $orange;
-my $green;
-my $blue;
+my $errormessage       = '';
+my $orange                     = '';
+my $green                      = '';
+my $blue                       = '';

 my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT);
 my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT);

-my $CHAIN="FORWARDFW";
-my $conexists='off';
-my $command = 'iptables -A';
-my $dnat='';
-my $snat='';
+my $CHAIN                      = "FORWARDFW";
+my $conexists          = 'off';
+my $command                    = 'iptables -A';
+my $dnat                       ='';
+my $snat                       ='';
+

 &General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
 &General::readhash("$netsettings", \%defaultNetworks);
 &General::readhasharray($configfwdfw, \%configfwdfw);
 &General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
 &General::readhash("$netsettings", \%defaultNetworks);
 &General::readhasharray($configfwdfw, \%configfwdfw);


@@ -81,13 +82,13 @@ if (-f "/var/ipfire/red/active"){
 open (CONN1,"/var/ipfire/red/local-ipaddress");
 my $redip = <CONN1>;
 close(CONN1);
 open (CONN1,"/var/ipfire/red/local-ipaddress");
 my $redip = <CONN1>;
 close(CONN1);

-################################
-#    DEBUG/TEST                #
-################################
+#################
+#    DEBUG/TEST #
+#################

 my $MODE=0;     # 0 - normal operation
 my $MODE=0;     # 0 - normal operation

-                               # 1 - print configline and rules to console     
-                               # 
-################################               
+                               # 1 - print configline and rules to console
+                               #
+#################

 my $param=shift;
 
 if($param eq 'flush'){
 my $param=shift;
 
 if($param eq 'flush'){


@@ -107,7 +108,7 @@ if($param eq 'flush'){
        if($MODE eq '0'){
                if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
                        &p2pblock;
        if($MODE eq '0'){
                if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
                        &p2pblock;

-                       system ("/usr/sbin/firewall-policy"); 
+                       system ("/usr/sbin/firewall-policy");

                }elsif($fwdfwsettings{'POLICY'} eq 'MODE2'){
                        &p2pblock;
                        system ("iptables -A $CHAIN -m conntrack --ctstate NEW -j ACCEPT");
                }elsif($fwdfwsettings{'POLICY'} eq 'MODE2'){
                        &p2pblock;
                        system ("iptables -A $CHAIN -m conntrack --ctstate NEW -j ACCEPT");


@@ -123,7 +124,7 @@ sub flush
        system ("iptables -F OUTGOINGFW");
        system ("iptables -t nat -F NAT_DESTINATION");
        system ("iptables -t nat -F NAT_SOURCE");
        system ("iptables -F OUTGOINGFW");
        system ("iptables -t nat -F NAT_DESTINATION");
        system ("iptables -t nat -F NAT_SOURCE");

-}                      
+}

 sub preparerules
 {
        if (! -z  "${General::swroot}/forward/config"){
 sub preparerules
 {
        if (! -z  "${General::swroot}/forward/config"){


@@ -236,12 +237,12 @@ sub buildrules
                                if($$hash{$key}[24] ne ''){push (@timeframe,"Sat");}
                                if($$hash{$key}[25] ne ''){push (@timeframe,"Sun");}
                                $TIME=join(",",@timeframe);
                                if($$hash{$key}[24] ne ''){push (@timeframe,"Sat");}
                                if($$hash{$key}[25] ne ''){push (@timeframe,"Sun");}
                                $TIME=join(",",@timeframe);

-                               
+

                                $TIMEFROM="--timestart $time1 ";
                                $TIMETILL="--timestop $time2 ";
                                $TIME="-m time --weekdays $TIME $TIMEFROM $TIMETILL";
                        }
                                $TIMEFROM="--timestart $time1 ";
                                $TIMETILL="--timestop $time2 ";
                                $TIME="-m time --weekdays $TIME $TIMEFROM $TIMETILL";
                        }

-                       if ($MODE eq '1'){      
+                       if ($MODE eq '1'){

                                print "NR:$key ";
                                foreach my $i (0 .. $#{$$hash{$key}}){
                                        print "$i: $$hash{$key}[$i]  ";
                                print "NR:$key ";
                                foreach my $i (0 .. $#{$$hash{$key}}){
                                        print "$i: $$hash{$key}[$i]  ";


@@ -301,7 +302,10 @@ sub buildrules
                                                                        if ($PROT ne '-p ICMP'){
                                                                                print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
                                                                        }
                                                                        if ($PROT ne '-p ICMP'){
                                                                                print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
                                                                        }

-                                                               }                               
+                                                                       if ($PROT eq '-p ICMP' && $$hash{$key}[9] eq 'All ICMP-Types'){
+                                                                               print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
+                                                                       }
+                                                               }

                                                        }
                                                }
                                        }
                                                        }
                                                }
                                        }


@@ -364,7 +368,11 @@ sub buildrules
                                                                        if ($PROT ne '-p ICMP'){
                                                                                system "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
                                                                        }
                                                                        if ($PROT ne '-p ICMP'){
                                                                                system "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
                                                                        }

-                                                               }                               
+                                                                       #PROCESS Prot ICMP and type = All ICMP-Types
+                                                                       if ($PROT eq '-p ICMP' && $$hash{$key}[9] eq 'All ICMP-Types'){
+                                                                               system "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
+                                                                       }
+                                                               }

                                                        }
                                                }
                                        }
                                                        }
                                                }
                                        }


@@ -472,7 +480,7 @@ sub get_address
        my $type=shift; #src or tgt
        my $hash;
        if ($type eq 'src'){
        my $type=shift; #src or tgt
        my $hash;
        if ($type eq 'src'){

-               $hash=\%sourcehash;     
+               $hash=\%sourcehash;

        }else{
                $hash=\%targethash;
        }
        }else{
                $hash=\%targethash;
        }

diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi
index afd5ece35aa01ee6ba01caac30effa71e7a24bed..3e7b9a8f460adf3039903e7a0a7187673af41c0c 100755 (executable)
--- a/html/cgi-bin/forwardfw.cgi
+++ b/html/cgi-bin/forwardfw.cgi
@@ -1736,7 +1736,7 @@ END
                                                <select name='ICMP_TYPES' style='min-width:230px;'>
 END
                &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
                                                <select name='ICMP_TYPES' style='min-width:230px;'>
 END
                &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);

-               print"<option>All ICMP-Types</option>";
+               print"<option value='All ICMP-Types'>$Lang::tr{'fwdfw all icmp'}</option>";

                foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
                        if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){
                                print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
                foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
                        if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){
                                print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";

diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
index 4f909cdf6db5bf80801260ee82b7091983c75ffc..8803ab859c8832afc48ebd21c97d46f74aee618d 100755 (executable)
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -759,7 +759,7 @@ if ($fwhostsettings{'ACTION'} eq 'saveservice')
                        }
                }
        }
                        }
                }
        }

-       if($ICMP eq ''){$ICMP='BLANK';}
+       if($ICMP eq ''){$ICMP=$fwhostsettings{'ICMP_TYPES'};}

        if (!$errormessage){
                my $key = &General::findhasharraykey (\%customservice);
                foreach my $i (0 .. 4) { $customservice{$key}[$i] = "";}
        if (!$errormessage){
                my $key = &General::findhasharraykey (\%customservice);
                foreach my $i (0 .. 4) { $customservice{$key}[$i] = "";}


@@ -1346,7 +1346,7 @@ END
        <div id='PROTOKOLL' class='noscript'><table width=100%' border='0'><tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td><select name='ICMP_TYPES'>
 END
        &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
        <div id='PROTOKOLL' class='noscript'><table width=100%' border='0'><tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td><select name='ICMP_TYPES'>
 END
        &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);

-       print"<option>All ICMP-Types</option>";
+       print"<option value='All ICMP-Types'>$Lang::tr{'fwdfw all icmp'}</option>";

        foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
                if ($icmptypes{$key}[0] eq $fwhostsettings{'oldsrvicmp'}){
                        print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
        foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
                if ($icmptypes{$key}[0] eq $fwhostsettings{'oldsrvicmp'}){
                        print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";


@@ -1679,8 +1679,8 @@ END
                        print<<END;
                        <td>$customservice{$key}[0]</td><td align='center'>$customservice{$key}[2]</td><td align='center'>$customservice{$key}[1]</td><td align='center'>
 END
                        print<<END;
                        <td>$customservice{$key}[0]</td><td align='center'>$customservice{$key}[2]</td><td align='center'>$customservice{$key}[1]</td><td align='center'>
 END

-                       if($customservice{$key}[3] ne 'BLANK'){print $customservice{$key}[3];}
-               
+                       if($customservice{$key}[3] eq 'All ICMP-Types'){print $Lang::tr{'fwdfw all icmp'};}
+                       elsif($customservice{$key}[3] ne 'BLANK'){print $customservice{$key}[3];}

                        print<<END;
                        </td><td align='center'>$customservice{$key}[4]x</td>
                        <td width='1%'><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} /><input type='hidden' name='ACTION' value='editservice' />
                        print<<END;
                        </td><td align='center'>$customservice{$key}[4]x</td>
                        <td width='1%'><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} /><input type='hidden' name='ACTION' value='editservice' />

diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index b0875068cdcc2cfc7a84be423b94bf0c2c0e6780..f6b22ec0fa2d617b36aaec4f78027723f90e3686 100644 (file)
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -912,6 +912,7 @@
 'fw settings dropdown' => 'Alle Netzwerke auf Regelerstellungsseite anzeigen',
 'fw settings remark' => 'Anmerkungen in Regeltabelle anzeigen',
 'fw settings ruletable' => 'Leere Regeltabellen anzeigen',
 'fw settings dropdown' => 'Alle Netzwerke auf Regelerstellungsseite anzeigen',
 'fw settings remark' => 'Anmerkungen in Regeltabelle anzeigen',
 'fw settings ruletable' => 'Leere Regeltabellen anzeigen',

+'fwdfw all icmp' => 'Alle ICMP-Typen',

 'fwdfw ACCEPT' => 'Akzeptieren (ACCEPT)',
 'fwdfw DROP' => 'Verwerfen (DROP)',
 'fwdfw MODE1' => 'Alle Pakete verwerfen',
 'fwdfw ACCEPT' => 'Akzeptieren (ACCEPT)',
 'fwdfw DROP' => 'Verwerfen (DROP)',
 'fwdfw MODE1' => 'Alle Pakete verwerfen',


@@ -987,8 +988,8 @@
 'fwdfw toggle' => 'Aktivieren oder deaktivieren',
 'fwdfw togglelog' => 'Log aktivieren oder deaktivieren',
 'fwdfw use nat' => 'NAT benutzen',
 'fwdfw toggle' => 'Aktivieren oder deaktivieren',
 'fwdfw togglelog' => 'Log aktivieren oder deaktivieren',
 'fwdfw use nat' => 'NAT benutzen',

-'fwdfw use srcport' => 'Quellport(s) benutzen:',
-'fwdfw use srv' => 'Zielport(s) benutzen:',
+'fwdfw use srcport' => 'Quellport:',
+'fwdfw use srv' => 'Zielport:',

 'fwdfw useless rule' => 'Diese Regel ist nicht sinnvoll.',
 'fwdfw wd_fri' => 'Fr',
 'fwdfw wd_mon' => 'Mo',
 'fwdfw useless rule' => 'Diese Regel ist nicht sinnvoll.',
 'fwdfw wd_fri' => 'Fr',
 'fwdfw wd_mon' => 'Mo',

diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 4b4b153c82ab69d977b4bdb094ee3eb42d13e1fe..4c1c4650829d4481c6f4a9321d5d9a25bec9f7df 100644 (file)
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -937,6 +937,7 @@
 'fw settings dropdown' => 'Show all networks on rulecreation site',
 'fw settings remark' => 'Show remarks in ruletable',
 'fw settings ruletable' => 'Show empty ruletables',
 'fw settings dropdown' => 'Show all networks on rulecreation site',
 'fw settings remark' => 'Show remarks in ruletable',
 'fw settings ruletable' => 'Show empty ruletables',

+'fwdfw all icmp' => 'All ICMP-Types',

 'fwdfw ACCEPT' => 'ACCEPT',
 'fwdfw DROP' => 'DROP',
 'fwdfw MODE1' => 'Drop all packets',
 'fwdfw ACCEPT' => 'ACCEPT',
 'fwdfw DROP' => 'DROP',
 'fwdfw MODE1' => 'Drop all packets',


@@ -1012,8 +1013,8 @@
 'fwdfw toggle' => 'Activate or deactivate',
 'fwdfw togglelog' => 'Activate or deactivate logging',
 'fwdfw use nat' => 'Use NAT',
 'fwdfw toggle' => 'Activate or deactivate',
 'fwdfw togglelog' => 'Activate or deactivate logging',
 'fwdfw use nat' => 'Use NAT',

-'fwdfw use srcport' => 'Use source port(s):',
-'fwdfw use srv' => 'Use destination port(s):',
+'fwdfw use srcport' => 'Source port:',
+'fwdfw use srv' => 'Destination port:',

 'fwdfw useless rule' => 'This rule is useless.',
 'fwdfw wd_fri' => 'Fri',
 'fwdfw wd_mon' => 'Mon',
 'fwdfw useless rule' => 'This rule is useless.',
 'fwdfw wd_fri' => 'Fri',
 'fwdfw wd_mon' => 'Mon',