Did some final steps for the outgoing fw, this should be working now.
authorChristian Schmidt <maniacikarus@ipfire.org>
Fri, 16 Apr 2010 06:40:01 +0000 (08:40 +0200)
committerChristian Schmidt <maniacikarus@ipfire.org>
Fri, 16 Apr 2010 06:40:01 +0000 (08:40 +0200)
This fixes bug #0000577

config/menu/50-firewall.menu
config/outgoingfw/outgoingfw.pl
config/rootfiles/common/apache2
config/rootfiles/common/configroot
html/cgi-bin/outgoingfw.cgi
html/cgi-bin/outgoinggrp.cgi [new file with mode: 0644]
langs/de/cgi-bin/de.pl
langs/en/cgi-bin/en.pl
langs/fr/cgi-bin/fr.pl
lfs/configroot

index d8a4908..de28f8e 100644 (file)
                                'title' => "$Lang::tr{'outgoing firewall'}",
                                'enabled' => 1,
                                };
+    $subfirewall->{'51.outgoinggrp'} = {
+                               'caption' => $Lang::tr{'outgoing firewall groups'},
+                               'uri' => '/cgi-bin/outgoinggrp.cgi',
+                               'title' => "$Lang::tr{'outgoing firewall groups'}",
+                               'enabled' => 1,
+                               };
     $subfirewall->{'60.upnp'} = {
                                'caption' => 'UPnP',
                                'uri' => '/cgi-bin/upnp.cgi',
index ac27a58..dd42415 100644 (file)
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2009  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2005-2010  IPTifre Team                                       #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -37,7 +37,6 @@ my @configline = ();
 my $p2pentry = "";
 my @p2ps = ();
 my @p2pline = ();
-my @proto = ();
 my $CMD = "";
 my $P2PSTRING = "";
 
@@ -65,8 +64,10 @@ $outfwsettings{'DISPLAY_SMAC'} = '';
 $outfwsettings{'DISPLAY_SIP'} = '';
 $outfwsettings{'POLICY'} = 'MODE0';
 
+my @SOURCE = "";
 my $SOURCE = "";
 my $DESTINATION = "";
+my @PROTO = "";
 my $PROTO = "";
 my $DPORT = "";
 my $DEV = "";
@@ -114,93 +115,112 @@ if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
 
 foreach $configentry (sort @configs)
 {
-       $SOURCE = "";
+       @SOURCE = "";
        $DESTINATION = "";
        $PROTO = "";
        $DPORT = "";
        $DEV = "";
        $MAC = "";
        @configline = split( /\;/, $configentry );
+
        if ($outfwsettings{'STATE'} eq $configline[0]) {
                if ($configline[2] eq 'green') {
-                       $SOURCE = "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
+                       @SOURCE = ("$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}");
                        $DEV = $netsettings{'GREEN_DEV'};
                } elsif ($configline[2] eq 'red') {
-                       $SOURCE = "$netsettings{'RED_IP'}";
+                       @SOURCE = ("$netsettings{'RED_IP'}");
                        $DEV = "";
                } elsif ($configline[2] eq 'blue') {
-                       $SOURCE = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
+                       @SOURCE = ("$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}");
                        $DEV = $netsettings{'BLUE_DEV'};
                } elsif ($configline[2] eq 'orange') {
-                       $SOURCE = "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}";
+                       @SOURCE = ("$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}");
                        $DEV = $netsettings{'ORANGE_DEV'};
+               } elsif ($configline[2] eq 'ipsec') {
+                       @SOURCE = "";
+                       $DEV = "ipsec+";
+               } elsif ($configline[2] eq 'ovpn') {
+                       @SOURCE = "";
+                       $DEV = "tun+";
                } elsif ($configline[2] eq 'ip') {
-                       $SOURCE = "$configline[5]";
+                       @SOURCE = ("$configline[5]");
+                       $DEV = "";
+               } 
+               } elsif ($configline[2] eq 'all') {
+                       @SOURCE = ("0/0");
                        $DEV = "";
-               } else  {
-                       $SOURCE = "0/0";
+               } else {
+                       if ( -e "/var/ipfire/outgoing/groups/ipgroups/$configline[2]" )
+                       {
+                               @SOURCE = `cat /var/ipfire/outgoing/groups/ipgroups/$configline[2]`;
+                       }
                        $DEV = "";
                }
 
                if ($configline[7]) { $DESTINATION = "$configline[7]"; } else { $DESTINATION = "0/0"; }
                
                if ($configline[3] eq 'tcp') {
-                       @proto = ("tcp");
+                       @PROTO = ("tcp");
                } elsif ($configline[3] eq 'udp') {
-                       @proto = ("udp");
+                       @PROTO  = ("udp");
                } elsif ($configline[3] eq 'esp') {
-                       @proto = ("esp");
+                       @PROTO = ("esp");
                } elsif ($configline[3] eq 'gre') {
-                       @proto = ("gre");
+                       @PROTO = ("gre");
                } else {
-                       @proto = ("tcp","udp");
+                       @PROTO = ("tcp","udp");
                }
-                 
-               
-               foreach $PROTO (@proto) {
-                       $CMD = "/sbin/iptables -A OUTGOINGFW -s $SOURCE -d $DESTINATION -p $PROTO";
-       
-                        if ($configline[8] && $configline[3] ne 'esp' && $configline[3] ne 'gre') {
-                               $DPORT = "$configline[8]";
-                               $CMD = "$CMD --dport $DPORT";
-                        }
-                       
-                       if ($DEV) {
-                               $CMD = "$CMD -i $DEV";
-                       }
-       
-                       if ($configline[6]) {
-                               $MAC = "$configline[6]";
-                               $CMD = "$CMD -m mac --mac-source $MAC";
-                       }
-                       
-                       if ($configline[17] && $configline[18]) {
-                               if ($configline[10]){$DAY = "Mon,"}
-                               if ($configline[11]){$DAY .= "Tue,"}
-                               if ($configline[12]){$DAY .= "Wed,"}
-                               if ($configline[13]){$DAY .= "Thu,"}
-                               if ($configline[14]){$DAY .= "Fri,"}
-                               if ($configline[15]){$DAY .= "Sat,"}
-                               if ($configline[16]){$DAY .= "Sun"}
-                               $CMD = "$CMD -m time --timestart $configline[17] --timestop $configline[18] --weekdays $DAY";
-                       }
-                       
-                       $CMD = "$CMD -o $netsettings{'RED_DEV'}";
 
-                       if ($configline[9] eq "aktiv") {
+               foreach $PROTO (@PROTO){
+                       foreach $SOURCE (@SOURCE) {
+                               $SOURCE =~ s/\s//gi;
+
+                                if ( $SOURCE eq "" ){next;}
+
+                               $CMD = "/sbin/iptables -A OUTGOINGFW -s $SOURCE -d $DESTINATION -p $PROTO";
+
+                                if ($configline[8] && ( $configline[3] ne 'esp' || $configline[3] ne 'gre') ) {
+                                       $DPORT = "$configline[8]";
+                                       $CMD = "$CMD -m multiport --destination-port $DPORT";
+                                }
+
+                                if ($DEV) {
+                                       $CMD = "$CMD -i $DEV";
+                               }
+
+                               if ($configline[6]) {
+                                       $MAC = "$configline[6]";
+                                       $CMD = "$CMD -m mac --mac-source $MAC";
+                               }
+
+                               if ($configline[17] && $configline[18]) {
+                                       if ($configline[10]){$DAY = "Mon,"}
+                                       if ($configline[11]){$DAY .= "Tue,"}
+                                       if ($configline[12]){$DAY .= "Wed,"}
+                                       if ($configline[13]){$DAY .= "Thu,"}
+                                       if ($configline[14]){$DAY .= "Fri,"}
+                                       if ($configline[15]){$DAY .= "Sat,"}
+                                       if ($configline[16]){$DAY .= "Sun"}
+                                       $CMD = "$CMD -m time --timestart $configline[17] --timestop $configline[18] --weekdays $DAY";
+                               }
+
+                               $CMD = "$CMD -o $netsettings{'RED_DEV'}";
+
+                               if ($configline[9] eq "aktiv") {
+                                       if ($DEBUG) {
+                                               print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW'\n";
+                                       } else {
+                                               system("$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW'");
+                                       }
+                               }
+
                                if ($DEBUG) {
-                                       print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW'\n";
+                                       print "$CMD -j $DO\n";
                                } else {
-                                       system("$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW'");
+                                       system("$CMD -j $DO");
                                }
                        }
-                       
-                       if ($DEBUG) {
-                               print "$CMD -j $DO\n";
-                       } else {
-                               system("$CMD -j $DO");
-                       }
-    }
+               }
        }
 }
 
index e6abdc2..a67a44f 100644 (file)
@@ -1339,6 +1339,7 @@ srv/web/ipfire/cgi-bin/netexternal.cgi
 srv/web/ipfire/cgi-bin/netinternal.cgi
 srv/web/ipfire/cgi-bin/netother.cgi
 srv/web/ipfire/cgi-bin/outgoingfw.cgi
+srv/web/ipfire/cgi-bin/outgoinggrp.cgi
 srv/web/ipfire/cgi-bin/optionsfw.cgi
 srv/web/ipfire/cgi-bin/ovpnmain.cgi
 srv/web/ipfire/cgi-bin/pakfire.cgi
index efbc5fe..38b8dff 100644 (file)
@@ -96,6 +96,8 @@ var/ipfire/outgoing
 #var/ipfire/outgoing/bin
 #var/ipfire/outgoing/bin/outgoingfw.pl
 var/ipfire/outgoing/defaultservices
+#var/ipfire/outgoing/groups
+#var/ipfire/outgoing/ipgroups
 #var/ipfire/outgoing/p2protocols
 #var/ipfire/outgoing/rules
 #var/ipfire/outgoing/settings
index c5db16b..e2bfcfd 100644 (file)
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2005-2010  IPTifre Team                                       #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -41,6 +41,7 @@ my @p2ps = ();
 my @p2pline = ();
 
 my $configfile = "/var/ipfire/outgoing/rules";
+my $configpath = "/var/ipfire/outgoing/groups/";
 my $p2pfile = "/var/ipfire/outgoing/p2protocols";
 my $servicefile = "/var/ipfire/outgoing/defaultservices";
 
@@ -145,7 +146,7 @@ if ( $outfwsettings{'TIME_MON'} eq "" &&
                $outfwsettings{'TIME_SUN'} = "on";
         }
 
-&Header::openpage('Ausgehende Firewall', 1, '');
+&Header::openpage($Lang::tr{'outgoing firewall'}, 1, '');
 &Header::openbigbox('100%', 'left', '', $errormessage);
 
 ############################################################################################################################
@@ -607,88 +608,124 @@ END
 ;
 &Header::closebox();
 
-&Header::closebigbox();
-&Header::closepage();
-
 ############################################################################################################################
 ############################################################################################################################
 
 sub addrule
 {
-       &Header::openbox('100%', 'center', 'Rules hinzufuegen');
+       &Header::openbox('100%', 'center', $Lang::tr{'Add Rule'});
        if ($outfwsettings{'EDIT'} eq 'no') { $selected{'ENABLED'} = 'checked'; }
        $selected{'TIME_FROM'}{$outfwsettings{'TIME_FROM'}} = "selected='selected'";
        $selected{'TIME_TO'}{$outfwsettings{'TIME_TO'}} = "selected='selected'";
-       print <<END
+print <<END
        <form method='post' action='$ENV{'SCRIPT_NAME'}'>
        <table width='80%'>
-               <tr><td width='20%' align='right'>$Lang::tr{'description'}: <img src='/blob.gif' />
-                   <td width='30%' align='left'><input type='text' name='NAME' maxlength='30' value='$outfwsettings{'NAME'}' />
-                   <td width='20%' align='right' colspan='2'>$Lang::tr{'active'}:
-                   <td width='30%' align='left' colspan='2'><input type='checkbox' name='ENABLED' $selected{'ENABLED'} />
-               <tr><td width='20%' align='right'>$Lang::tr{'protocol'}:
-                   <td width='30%' align='left'>
-                       <select name='PROT'>
-                               <option value='all' $selected{'PROT'}{'all'}>All</option>
-                               <option value='tcp' $selected{'PROT'}{'tcp'}>TCP</option>
-                               <option value='udp' $selected{'PROT'}{'udp'}>UDP</option>
-                               <option value='gre' $selected{'PROT'}{'gre'}>GRE</option>
-                               <option value='esp' $selected{'PROT'}{'esp'}>ESP</option>
-                       </select>
-                   <td width='20%' align='right' colspan='2'>$Lang::tr{'policy'}:
-                   <td width='30%' align='left' colspan='2'>
+               <tr>
+                       <td width='20%' align='right'>$Lang::tr{'description'}: <img src='/blob.gif' /></td>
+                       <td width='30%' align='left'><input type='text' name='NAME' maxlength='30' value='$outfwsettings{'NAME'}' /></td>
+                       <td width='20%' align='right' colspan='2'>$Lang::tr{'active'}:</td>
+                       <td width='30%' align='left' colspan='2'><input type='checkbox' name='ENABLED' $selected{'ENABLED'} /></td>
+               </tr>
+               <tr>
+                       <td width='20%' align='right'>$Lang::tr{'protocol'}:</td>
+                       <td width='30%' align='left'>
+                               <select name='PROT'>
+                                       <option value='all' $selected{'PROT'}{'all'}>All</option>
+                                       <option value='tcp' $selected{'PROT'}{'tcp'}>TCP</option>
+                                       <option value='udp' $selected{'PROT'}{'udp'}>UDP</option>
+                                       <option value='gre' $selected{'PROT'}{'gre'}>GRE</option>
+                                       <option value='esp' $selected{'PROT'}{'esp'}>ESP</option>
+                               </select>
+                       </td>
+                       <td width='20%' align='right' colspan='2'>$Lang::tr{'policy'}:</td>
+                       <td width='30%' align='left' colspan='2'>
 END
 ;
        if ($outfwsettings{'POLICY'} eq 'MODE1'){
-               print "\t\t\tALLOW<input type='hidden' name='STATE' value='ALLOW' />\n";
+               print "\t\t\t\tALLOW<input type='hidden' name='STATE' value='ALLOW' />\n";
        } elsif ($outfwsettings{'POLICY'} eq 'MODE2'){
-               print "\t\t\tDENY<input type='hidden' name='STATE' value='DENY' />\n";
+               print "\t\t\t\tDENY<input type='hidden' name='STATE' value='DENY' />\n";
        }
        print <<END
-               <tr><td width='20%' align='right'>$Lang::tr{'source net'}:
-                   <td width='30%' align='left'><select name='SNET'>
-                       <option value='all' $selected{'SNET'}{'ALL'}>$Lang::tr{'all'}</option>
-                       <option value='ip' $selected{'SNET'}{'ip'}>$Lang::tr{'source ip'}</option>
-                       <option value='red' $selected{'SNET'}{'red'}>$Lang::tr{'red'} IP</option>
-                       <option value='green' $selected{'SNET'}{'green'}>$Lang::tr{'green'}</option>
+                       </td>
+               </tr>
+               <tr>
+                       <td width='20%' align='right'>$Lang::tr{'source'}:</td>
+                       <td width='30%' align='left'>
+                               <select name='SNET'>
+                                       <optgroup label='---'>
+                                               <option value='all' $selected{'SNET'}{'ALL'}>$Lang::tr{'all'}</option>
+                                       <optgroup label='$Lang::tr{'ip address'}'>
+                                               <option value='ip' $selected{'SNET'}{'ip'}>IPSEC $Lang::tr{'interface'}</option>
+                                               <option value='red' $selected{'SNET'}{'red'}>OpenVPN $Lang::tr{'interface'}</option>
+                                       </optgroup>
+                                       </optgroup>
+                                               <option value='ipsec' $selected{'SNET'}{'ipsec'}>$Lang::tr{'source ip'}</option>
+                                               <option value='ovpn' $selected{'SNET'}{'ovpn'}>$Lang::tr{'red'} IP</option>
+                                       <optgroup label='$Lang::tr{'network'}'>
+                                       <optgroup label='$Lang::tr{'network'}'>
+                                               <option value='green' $selected{'SNET'}{'green'}>$Lang::tr{'green'}</option>
 END
 ;
        if (&Header::blue_used()){
-               print "\t\t\t<option value='blue' $selected{'SNET'}{'blue'}>$Lang::tr{'wireless'}</option>\n";
+               print "\t\t\t\t\t<option value='blue' $selected{'SNET'}{'blue'}>$Lang::tr{'wireless'}</option>\n";
        }
        if (&Header::orange_used()){
-               print "\t\t\t<option value='orange' $selected{'SNET'}{'orange'}>$Lang::tr{'dmz'}</option>\n";
+               print "\t\t\t\t\t<option value='orange' $selected{'SNET'}{'orange'}>$Lang::tr{'dmz'}</option>\n";
+       }
+       print <<END
+                                       </optgroup>
+                                       <optgroup label='$Lang::tr{'advproxy NCSA group'}'>
+END
+;
+       my @ipgroups = qx(ls $configpath/ipgroups/);
+       foreach (sort @ipgroups){
+               print "\t\t\t\t\t<option value='$_' $selected{'SNET'}{'$_'}>$_</option>\n";
        }
        print <<END
-                       </select>
-                   <td width='20%' align='right' colspan='2'>$Lang::tr{'source ip'}: <img src='/blob.gif' />
-                   <td width='30%' align='left' colspan='2'><input type='text' name='SIP' maxlength='15' value='$outfwsettings{'SIP'}' />
-               <tr><td width='20%' align='right'>$Lang::tr{'logging'}:
-                       <td width='30%' align='left'><select name='LOG'>
-                                                                               <option value='$Lang::tr{'active'}' $selected{'LOG'}{$Lang::tr{'active'}}>$Lang::tr{'active'}</option>
-                                                                               <option value='$Lang::tr{'inactive'}' $selected{'LOG'}{$Lang::tr{'inactive'}}>$Lang::tr{'inactive'}</option>
-                                                                               </select></td>
-                   <td width='20%' align='right' colspan='2' />
-                   <td width='30%' align='left' colspan='2' />
-               <tr><td width='20%' align='right'>$Lang::tr{'destination ip'}: <img src='/blob.gif' />
-                   <td width='30%' align='left'><input type='text' name='DIP' maxlength='15' value='$outfwsettings{'DIP'}' />
-                   <td width='20%' align='right' colspan='2'>$Lang::tr{'destination port'}: <img src='/blob.gif' />
-                   <td width='30%' align='left' colspan='2'><input type='text' name='DPORT' maxlength='11' value='$outfwsettings{'DPORT'}' />
-               <tr><td width='20%' align='right'>$Lang::tr{'time'}:</td>
+                                       </optgroup>
+                               </select>
+                       </td>
+                       <td width='20%' align='right' colspan='2'>$Lang::tr{'source ip'}: <img src='/blob.gif' /></td>
+                       <td width='30%' align='left' colspan='2'><input type='text' name='SIP' maxlength='15' value='$outfwsettings{'SIP'}' /></td>
+               </tr>
+               <tr>
+                       <td width='20%' align='right'>$Lang::tr{'logging'}:</td>
+                       <td width='30%' align='left'>
+                               <select name='LOG'>
+                                       <option value='$Lang::tr{'active'}' $selected{'LOG'}{$Lang::tr{'active'}}>$Lang::tr{'active'}</option>
+                                       <option value='$Lang::tr{'inactive'}' $selected{'LOG'}{$Lang::tr{'inactive'}}>$Lang::tr{'inactive'}</option>
+                               </select>
+                       </td>
+                       <td width='20%' align='right' colspan='2' />
+                       <td width='30%' align='left' colspan='2' />
+               <tr>
+                       <td width='20%' align='right'>$Lang::tr{'destination ip'}: <img src='/blob.gif' /></td>
+                       <td width='30%' align='left'><input type='text' name='DIP' maxlength='15' value='$outfwsettings{'DIP'}' /></td>
+                       <td width='20%' align='right' colspan='2'>$Lang::tr{'destination port'}: <img src='/blob.gif' /></td>
+                       <td width='30%' align='left' colspan='2'><input type='text' name='DPORT' maxlength='11' value='$outfwsettings{'DPORT'}' /></td>
+               </tr>
+               <tr>
+                       <td width='20%' align='right'>$Lang::tr{'time'}:</td>
                        <td width='30%' align='left'>$Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'}</td>
                        <td width='20%' align='right' colspan='2' />
                        <td width='15%' align='left'>$Lang::tr{'advproxy from'}</td>
-                       <td width='15%' align='left'>$Lang::tr{'advproxy to'}</td></tr>
-               <tr><td width='20%' align='right'></td>
-                       <td width='30%' align='left'><input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} />
-                                                                                <input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} />
-                                                                                <input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} />
-                                                                                <input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} />
-                                                                                <input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} />
-                                                                                <input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} />
-                                                                                <input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} /></td>
+                       <td width='15%' align='left'>$Lang::tr{'advproxy to'}</td>
+               </tr>
+               <tr>
+                       <td width='20%' align='right'></td>
+                       <td width='30%' align='left'>
+                               <input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} />
+                               <input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} />
+                               <input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} />
+                               <input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} />
+                               <input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} />
+                               <input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} />
+                               <input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} />
+                       </td>
                        <td width='20%' align='right' colspan='2' />
-                       <td width='15%' align='left'><select name='TIME_FROM'>
+                       <td width='15%' align='left'>
+                               <select name='TIME_FROM'>
 END
 ;
 for (my $i=0;$i<=23;$i++) {
@@ -696,11 +733,12 @@ for (my $i=0;$i<=23;$i++) {
        for (my $j=0;$j<=45;$j+=15) {
                $j = sprintf("%02s",$j);
                my $time = $i.":".$j;
-               print "<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n";
+               print "\t\t\t\t\t<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n";
        }
 }
 print <<END    
-                       </select></td>
+                               </select>
+                       </td>
                        <td width='15%' align='left'><select name='TIME_TO'>
 END
 ;
@@ -709,14 +747,19 @@ for (my $i=0;$i<=23;$i++) {
        for (my $j=0;$j<=45;$j+=15) {
                $j = sprintf("%02s",$j);
                my $time = $i.":".$j;
-               print "<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
+               print "\t\t\t\t\t<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
        }
 }
 print <<END    
-                       </select></td></tr>
-               <tr><td colspan='6'>
-               <tr><td width='40%' align='right' colspan='2'><img src='/blob.gif' />$Lang::tr{'this field may be blank'}
-                   <td width='60%' align='left' colspan='4'><input type='submit' name='ACTION' value=$Lang::tr{'add'} />
+                               </select>
+                       </td>
+               </tr>
+               <tr>
+                       <td colspan='6' />
+               <tr>
+               <tr>
+                       <td width='40%' align='right' colspan='2'><img src='/blob.gif' />$Lang::tr{'this field may be blank'}</td>
+                       <td width='60%' align='left' colspan='4'><input type='submit' name='ACTION' value=$Lang::tr{'add'} /></td>
        </table></form>
 END
 ;
@@ -763,4 +806,7 @@ END
        print "</table>";
        &Header::closebox();
   }
-}
\ No newline at end of file
+}
+
+&Header::closebigbox();
+&Header::closepage();
\ No newline at end of file
diff --git a/html/cgi-bin/outgoinggrp.cgi b/html/cgi-bin/outgoinggrp.cgi
new file mode 100644 (file)
index 0000000..b277339
--- /dev/null
@@ -0,0 +1,213 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2005-2010  IPTifre Team                                       #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+my %outgrpsettings = ();
+my %netsettings = ();
+my %selected= () ;
+my $errormessage = "";
+
+my $configpath = "/var/ipfire/outgoing/groups/";
+my $servicefile = "/var/ipfire/outgoing/defaultservices";
+
+my %color = ();
+my %mainsettings = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
+
+&Header::showhttpheaders();
+
+### Values that have to be initialized
+$outgrpsettings{'ACTION'} = '';
+$outgrpsettings{'ipgroup'} = 'none';
+$outgrpsettings{'portgroup'} = 'none';
+
+&Header::getcgihash(\%outgrpsettings);
+delete $outgrpsettings{'__CGI__'};delete $outgrpsettings{'x'};delete $outgrpsettings{'y'};
+
+$selected{'ipgroup'}{$outgrpsettings{'ipgroup'}} = "selected='selected'";
+$selected{'portgroup'}{$outgrpsettings{'portgroup'}} = "selected='selected'";
+
+&Header::openpage($Lang::tr{'outgoing firewall groups'}, 1, '');
+&Header::openbigbox('100%', 'left', '', $errormessage);
+
+###############
+# DEBUG DEBUG
+# &Header::openbox('100%', 'left', 'DEBUG');
+# my $debugCount = 0;
+# foreach my $line (sort keys %outgrpsettings) {
+# print "$line = $outgrpsettings{$line}<br />\n";
+ # $debugCount++;
+# }
+# print "&nbsp;Count: $debugCount\n";
+# &Header::closebox();
+# DEBUG DEBUG
+###############
+
+############################################################################################################################
+############################################################################################################################
+
+if ($errormessage)
+{
+       &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+       print "<class name='base'>$errormessage\n";
+       print "&nbsp;</class>\n";
+       &Header::closebox();
+}
+
+if ($outgrpsettings{'ACTION'} eq 'newipgroup')
+{
+       &newipgroup();
+} elsif ($outgrpsettings{'ACTION'} eq 'deleteipgroup' ) {
+       unlink("$configpath/ipgroups/$outgrpsettings{'ipgroup'}");
+} elsif ($outgrpsettings{'ACTION'} eq 'addipgroup') {
+       open (FILE, ">$configpath/ipgroups/$outgrpsettings{'ipgroup'}") or die "Can't save $outgrpsettings{'ipgroup'} settings $!";
+       flock (FILE, 2);
+       print FILE $outgrpsettings{'ipgroupcontent'}."\n";
+       close FILE;
+}
+
+############################################################################################################################
+############################################################################################################################
+
+my @ipgroups = qx(ls $configpath/ipgroups/);
+if ($outgrpsettings{'ipgroup'} eq "none" and $#ipgroups >= 0 ){ $outgrpsettings{'ipgroup'} = $ipgroups[0];}
+
+my $ipgroupcontent = `cat $configpath/ipgroups/$outgrpsettings{'ipgroup'} 2>/dev/null`;
+$ipgroupcontent =~ s/\n/<br \/>/g;
+
+&Header::openbox('100%', 'center', $Lang::tr{'outgoing firewall ip groups'});
+
+print <<END
+<a name="outgoing showipgroup"</a>
+<br />
+<form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showipgroup'>
+<table width='95%' cellspacing='0'>
+       <tr>
+               <td bgcolor='$color{'color20'}' colspan='3' align='left'><b>$Lang::tr{'outgoing firewall ip groups'}</b></td>
+       </tr>
+       <tr>
+               <td colspan='3'  align='left'><br /></td>
+       </tr>
+       <tr>
+               <td  align='left' colspan='2'><select name='ipgroup' style="width: 200px">
+END
+;
+foreach my $member (@ipgroups) {chomp $member;print"                   <option value='$member' $selected{'ipgroup'}{$member}>$member</option>\n";}
+print <<END
+               </select></td>
+               <td  align='left'>
+                               <input type='hidden' name='ACTION' value='showipgroup' />
+                               <input type='image' alt='$Lang::tr{'outgoing firewall view group'}' title='$Lang::tr{'outgoing firewall view group'}' src='/images/format-justify-fill.png' />
+               </td>
+       </tr>
+       <tr>
+               <td colspan='3' align='left'><br /></td>
+       </tr>
+       <tr>
+               <td colspan='3' align='left'><font size=1>$ipgroupcontent</font></td>
+       </tr>
+       <tr>
+               <td colspan='3' align='left'><br /></td>
+       </tr>
+       <tr>
+               <td colspan='3' align='center'><font size=1>$Lang::tr{'outgoing firewall ip groups'} - $outgrpsettings{'ipgroup'}</font></td>
+       </tr>
+</table>
+</form>
+<table width='10%' cellspacing='0'>
+<tr>
+       <td align='center'>
+               <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showipgroup'>
+                       <input type='hidden' name='ACTION' value='newipgroup' />
+                       <input type='image' alt='$Lang::tr{'new'}' title='$Lang::tr{'new'}' src='/images/list-add.png' />
+               </form>
+       </td>
+       <td align='center'>
+               <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showipgroup'>
+                       <input type='hidden' name='ACTION' value='saveipgroup' />
+                       <input type='hidden' name='ipgroup' value='$outgrpsettings{'ipgroup'}' />
+                       <input type='image' alt='$Lang::tr{'save'}' title='$Lang::tr{'save'}' src='/images/media-floppy.png' />
+               </form>
+       </td>
+       <td align='center'>
+               <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showipgroup'>
+                       <input type='hidden' name='ACTION' value='deleteipgroup' />
+                       <input type='hidden' name='ipgroup' value='$outgrpsettings{'ipgroup'}' />
+                       <input type='image' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' src='/images/user-trash.png' />
+               </form>
+       </td>
+</tr>
+</table>
+
+END
+;
+&Header::closebox();
+
+&Header::closebigbox();
+&Header::closepage();
+
+sub newipgroup
+{
+       &Header::openbox('100%', 'center', $Lang::tr{'outgoing firewall add ip group'});
+
+print <<END
+       <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showipgroup'>
+       <table width='95%' cellspacing='0'>
+               <tr>
+                       <td bgcolor='$color{'color20'}' colspan='3' align='left'><b>$Lang::tr{'outgoing firewall add ip group'}</b></td>
+               </tr>
+               <tr>
+                       <td colspan='3'  align='left'><br /></td>
+               </tr>
+               <tr>
+                       <td  align='left' colspan='2'>
+                               <input type='text' name='ipgroup' value='newgroup' size="30" />
+                       </td>
+                       <td  align='left'>
+                               <input type='hidden' name='ACTION' value='addipgroup' />
+                               <input type='image' alt='$Lang::tr{'save'}' title='$Lang::tr{'save'}' src='/images/media-floppy.png' />
+                       </td>
+               </tr>
+               <tr>
+                       <td  align='left' colspan='3'>
+                               <textarea name="ipgroupcontent" cols="20" rows="5" Wrap="off">192.168.1.0/14\n192.168.0.1\n192.168.0.2\n</textarea>
+                       </td>
+               </tr>
+       </table>
+       </form>
+END
+;
+       &Header::closebox();
+       &Header::closebigbox();
+       &Header::closepage();
+       exit 0;
+}
\ No newline at end of file
index 4e59541..9a6a613 100644 (file)
 'out' => 'Aus',
 'outgoing' => 'ausgehend',
 'outgoing firewall' => 'Ausgehende Firewall',
+'outgoing firewall groups' => 'Ausgehende Firewall Gruppen',
+'outgoing firewall add ip group' => 'IP Adressgruppen hinzufügen',
+'outgoing firewall ip groups' => 'Ausgehende Firewall IP Adressgruppen',
+'outgoing firewall view group' => 'Gruppe anzeigen',
 'outgoing traffic in bytes per second' => 'Abgehender Verkehr',
 'outgoingfw mode0' => 'In diesem Modus ist es allen Rechnern im Netzwerk uneingeschränkt möglich Verbindungen ins Internet aufzubauen.',
 'outgoingfw mode1' => 'In diesem Modus werden nur Verbindungen nach den oben definierten Regeln zugelassen.',
index 1336a4f..8906f21 100644 (file)
 'invalid vpi vpci' => 'Invalid VPI/VPCI settings',
 'invalid wins address' => 'Invalid WINS server address.',
 'invert' => 'Invert',
-'ip address' => 'IP address:',
+'ip address' => 'IP address',
 'ip address in use' => 'IP address already in use',
 'ip address outside subnets' => 'IP Address outside subnets',
 'ip alias added' => 'External IP alias added',
 'out' => 'Out',
 'outgoing' => 'outgoing',
 'outgoing firewall' => 'Outgoing Firewall',
+'outgoing firewall groups' => 'Outgoing Firewall Groups',
+'outgoing firewall add ip group' => 'Add IP Address Group',
+'outgoing firewall ip groups' => 'Outgoing Firewall IP Adress Groups',
+'outgoing firewall view group' => 'View group',
 'outgoing traffic in bytes per second' => 'Outgoing Traffic',
 'outgoingfw mode0' => 'Using this mode, all clients are able to access the internet without any restrictions.',
 'outgoingfw mode1' => 'Using this mode, only connections based on the defined rules are allowed.',
index e9fe7e5..0addee7 100644 (file)
 'invalid vpi vpci' => 'Invalid VPI/VPCI settings',
 'invalid wins address' => 'Invalid WINS server address.',
 'invert' => 'Invert',
-'ip address' => 'IP address:',
+'ip address' => 'IP address',
 'ip address in use' => 'IP address already in use',
 'ip address outside subnets' => 'IP Address outside subnets',
 'ip alias added' => 'External IP alias added',
 'otherip' => 'other IP',
 'otherport' => 'other Port',
 'out' => 'Out',
-'outgoing' => 'outgoing',
-'outgoing firewall' => 'Outgoing Firewall',
+'outgoing' => 'sortant',
+'outgoing firewall' => 'Sortant Firewall',
+'outgoing firewall groups' => 'Sortant Firewall Groupe',
+'outgoing firewall add ip group' => 'Ajouter IP Address Group',
+'outgoing firewall ip groups' => 'Sortant Firewall IP Groupe',
+'outgoing firewall view group' => 'Montrer groupe',
 'outgoing traffic in bytes per second' => 'Outgoing Traffic',
 'outgoingfw mode0' => 'Using this mode, all clients are able to access the internet without any restrictions.',
 'outgoingfw mode1' => 'Using this mode, only connections based on the defined rules are allowed.',
index 8345e16..6b6b798 100644 (file)
@@ -52,9 +52,10 @@ $(TARGET) :
        # Create all directories
        for i in addon-lang auth backup ca certs connscheduler crls ddns dhcp dhcpc dmzholes dns \
            ethernet extrahd/bin fwlogs isdn key langs logging mac main  menu.d modem net-traffic \
-                       net-traffic/templates nfs optionsfw outgoing/bin patches pakfire portfw \
-           ppp private proxy/advanced/cre proxy/calamaris/bin qos/bin red remote sensors snort time tripwire/report \
-                       updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin upnp vpn \
+                       net-traffic/templates nfs optionsfw outgoing/bin outgoing/groups outgoing/groups/ipgroups \
+                       patches pakfire portfw ppp private proxy/advanced/cre proxy/calamaris/bin qos/bin red \
+                       remote sensors snort time tripwire/report updatexlrator/bin updatexlrator/autocheck \
+                       urlfilter/autoupdate urlfilter/bin upnp vpn \
            wakeonlan wireless xtaccess ; do \
                mkdir -p $(CONFIG_ROOT)/$$i; \
        done