From: Christian Schmidt Date: Sat, 23 Jan 2010 16:48:01 +0000 (+0100) Subject: Fixed OutgoingFW Parser, all option removed X-Git-Tag: v2.9-beta1~499 X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=b29a66a52fd4db04fad91ca6cb34bf063b33af92;hp=c19bb5d9f62417d884e8af4181158cdafb8ff620 Fixed OutgoingFW Parser, all option removed To be compatible with old rules all will be translated to tcp and udp like in earlier versions of outgoingfw. So all is not doing what you expect, but if we change this all old rules using all and ports need to be translated to udp or tcp. When using GRE and ESP ports will be ignored. --- diff --git a/config/outgoingfw/outgoingfw.pl b/config/outgoingfw/outgoingfw.pl index 4b86a8a2a2..ac27a58fe5 100644 --- a/config/outgoingfw/outgoingfw.pl +++ b/config/outgoingfw/outgoingfw.pl @@ -152,19 +152,18 @@ foreach $configentry (sort @configs) @proto = ("esp"); } elsif ($configline[3] eq 'gre') { @proto = ("gre"); - } elsif ($configline[3] eq 'tcp&udp') { - @proto = ("tcp","udp"); } else { - @proto = ("all"); + @proto = ("tcp","udp"); } + foreach $PROTO (@proto) { $CMD = "/sbin/iptables -A OUTGOINGFW -s $SOURCE -d $DESTINATION -p $PROTO"; - if ($configline[8]) { + if ($configline[8] && $configline[3] ne 'esp' && $configline[3] ne 'gre') { $DPORT = "$configline[8]"; $CMD = "$CMD --dport $DPORT"; - } + } if ($DEV) { $CMD = "$CMD -i $DEV"; diff --git a/html/cgi-bin/outgoingfw.cgi b/html/cgi-bin/outgoingfw.cgi index ed87e0d8a3..f112f6efc2 100644 --- a/html/cgi-bin/outgoingfw.cgi +++ b/html/cgi-bin/outgoingfw.cgi @@ -634,7 +634,6 @@ sub addrule - $Lang::tr{'policy'}: