From: Christian Schmidt Date: Sat, 23 Jan 2010 16:48:01 +0000 (+0100) Subject: Fixed OutgoingFW Parser, all option removed X-Git-Tag: v2.9-beta1~499 X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=b29a66a52fd4db04fad91ca6cb34bf063b33af92 Fixed OutgoingFW Parser, all option removed To be compatible with old rules all will be translated to tcp and udp like in earlier versions of outgoingfw. So all is not doing what you expect, but if we change this all old rules using all and ports need to be translated to udp or tcp. When using GRE and ESP ports will be ignored. --- diff --git a/config/outgoingfw/outgoingfw.pl b/config/outgoingfw/outgoingfw.pl index 4b86a8a2a2..ac27a58fe5 100644 --- a/config/outgoingfw/outgoingfw.pl +++ b/config/outgoingfw/outgoingfw.pl @@ -152,19 +152,18 @@ foreach $configentry (sort @configs) @proto = ("esp"); } elsif ($configline[3] eq 'gre') { @proto = ("gre"); - } elsif ($configline[3] eq 'tcp&udp') { - @proto = ("tcp","udp"); } else { - @proto = ("all"); + @proto = ("tcp","udp"); } + foreach $PROTO (@proto) { $CMD = "/sbin/iptables -A OUTGOINGFW -s $SOURCE -d $DESTINATION -p $PROTO"; - if ($configline[8]) { + if ($configline[8] && $configline[3] ne 'esp' && $configline[3] ne 'gre') { $DPORT = "$configline[8]"; $CMD = "$CMD --dport $DPORT"; - } + } if ($DEV) { $CMD = "$CMD -i $DEV"; diff --git a/html/cgi-bin/outgoingfw.cgi b/html/cgi-bin/outgoingfw.cgi index ed87e0d8a3..f112f6efc2 100644 --- a/html/cgi-bin/outgoingfw.cgi +++ b/html/cgi-bin/outgoingfw.cgi @@ -634,7 +634,6 @@ sub addrule - $Lang::tr{'policy'}: