From b29a66a52fd4db04fad91ca6cb34bf063b33af92 Mon Sep 17 00:00:00 2001 From: Christian Schmidt Date: Sat, 23 Jan 2010 17:48:01 +0100 Subject: [PATCH] Fixed OutgoingFW Parser, all option removed To be compatible with old rules all will be translated to tcp and udp like in earlier versions of outgoingfw. So all is not doing what you expect, but if we change this all old rules using all and ports need to be translated to udp or tcp. When using GRE and ESP ports will be ignored. --- config/outgoingfw/outgoingfw.pl | 9 ++++----- html/cgi-bin/outgoingfw.cgi | 1 - 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/config/outgoingfw/outgoingfw.pl b/config/outgoingfw/outgoingfw.pl index 4b86a8a2a2..ac27a58fe5 100644 --- a/config/outgoingfw/outgoingfw.pl +++ b/config/outgoingfw/outgoingfw.pl @@ -152,19 +152,18 @@ foreach $configentry (sort @configs) @proto = ("esp"); } elsif ($configline[3] eq 'gre') { @proto = ("gre"); - } elsif ($configline[3] eq 'tcp&udp') { - @proto = ("tcp","udp"); } else { - @proto = ("all"); + @proto = ("tcp","udp"); } + foreach $PROTO (@proto) { $CMD = "/sbin/iptables -A OUTGOINGFW -s $SOURCE -d $DESTINATION -p $PROTO"; - if ($configline[8]) { + if ($configline[8] && $configline[3] ne 'esp' && $configline[3] ne 'gre') { $DPORT = "$configline[8]"; $CMD = "$CMD --dport $DPORT"; - } + } if ($DEV) { $CMD = "$CMD -i $DEV"; diff --git a/html/cgi-bin/outgoingfw.cgi b/html/cgi-bin/outgoingfw.cgi index ed87e0d8a3..f112f6efc2 100644 --- a/html/cgi-bin/outgoingfw.cgi +++ b/html/cgi-bin/outgoingfw.cgi @@ -634,7 +634,6 @@ sub addrule - $Lang::tr{'policy'}: -- 2.39.2