From bd4ea3c25bfa9a9a8b11c613e293070f57e6ecfd Mon Sep 17 00:00:00 2001 From: Christian Schmidt Date: Fri, 3 Sep 2010 12:25:41 +0200 Subject: [PATCH] Some bugfixes for the outgoing fw and grouping feature. --- config/outgoingfw/outgoingfw.pl | 5 +++-- html/cgi-bin/ids.cgi | 4 ++-- html/cgi-bin/outgoingfw.cgi | 16 ++++++++-------- html/cgi-bin/outgoinggrp.cgi | 8 ++++++++ langs/de/cgi-bin/de.pl | 3 ++- langs/en/cgi-bin/en.pl | 3 ++- langs/es/cgi-bin/es.pl | 3 ++- langs/fr/cgi-bin/fr.pl | 3 ++- 8 files changed, 29 insertions(+), 16 deletions(-) diff --git a/config/outgoingfw/outgoingfw.pl b/config/outgoingfw/outgoingfw.pl index b323c38047..e2f9093f0d 100644 --- a/config/outgoingfw/outgoingfw.pl +++ b/config/outgoingfw/outgoingfw.pl @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2005-2010 IPTifre Team # +# Copyright (C) 2005-2010 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -164,6 +164,7 @@ foreach $configentry (sort @configs) @SOURCE = `cat /var/ipfire/outgoing/groups/ipgroups/$configline[2]`; } elsif ( -e "/var/ipfire/outgoing/groups/macgroups/$configline[2]" ) { @SOURCE = `cat /var/ipfire/outgoing/groups/macgroups/$configline[2]`; + $configline[2] = "mac"; } $DEV = ""; } @@ -188,7 +189,7 @@ foreach $configentry (sort @configs) if ( $SOURCE eq "" ){next;} - if ( $configline[6] ne "" ){ + if ( $configline[6] ne "" || $configline[2] eq 'mac' ){ $SOURCE =~ s/[^a-zA-Z0-9]/:/gi; $CMD = "/sbin/iptables -A OUTGOINGFWMAC -m mac --mac-source $SOURCE -d $DESTINATION -p $PROTO"; } else { diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 4d66d22d76..1b70ca693b 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -264,11 +264,11 @@ if (-e "/etc/snort/snort.conf") { if ($snortsettings{'RULES'} eq 'subscripted') { #$url="http://dl.snort.org/sub-rules/snortrules-snapshot-2.8_s.tar.gz?oink_code=$snortsettings{'OINKCODE'}"; - $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2860_s.tar.gz/$snortsettings{'OINKCODE'}"; + $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2861_s.tar.gz/$snortsettings{'OINKCODE'}"; #$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-2.8_s.tar.gz"; } elsif ($snortsettings{'RULES'} eq 'registered') { #$url="http://dl.snort.org/reg-rules/snortrules-snapshot-2.8.tar.gz?oink_code=$snortsettings{'OINKCODE'}"; - $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2860.tar.gz/$snortsettings{'OINKCODE'}"; + $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2861.tar.gz/$snortsettings{'OINKCODE'}"; #$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-2.8.tar.gz"; } else { $url="http://www.emergingthreats.net/rules/emerging.rules.tar.gz"; diff --git a/html/cgi-bin/outgoingfw.cgi b/html/cgi-bin/outgoingfw.cgi index 3482f35f0f..07fcb39cbb 100644 --- a/html/cgi-bin/outgoingfw.cgi +++ b/html/cgi-bin/outgoingfw.cgi @@ -567,13 +567,13 @@ END if ($p2pline[2] eq 'on') { print < - + END ; } else { print < - + END ; } @@ -584,7 +584,7 @@ END } print < -
$Lang::tr{'outgoingfw p2p description 1'} $Lang::tr{ $Lang::tr{'outgoingfw p2p description 2'} $Lang::tr{ $Lang::tr{'outgoingfw p2p description 3'} +
$Lang::tr{'outgoing firewall p2p description 1'} $Lang::tr{ $Lang::tr{'outgoing firewall p2p description 2'} $Lang::tr{ $Lang::tr{'outgoing firewall p2p description 3'} END ; &Header::closebox(); @@ -594,9 +594,9 @@ END print < - - - + + + - + diff --git a/html/cgi-bin/outgoinggrp.cgi b/html/cgi-bin/outgoinggrp.cgi index 28e5261182..f99468e4fc 100644 --- a/html/cgi-bin/outgoinggrp.cgi +++ b/html/cgi-bin/outgoinggrp.cgi @@ -84,6 +84,10 @@ if ($outgrpsettings{'ACTION'} eq 'newipgroup') if ( -e "$configpath/macgroups/$outgrpsettings{'ipgroup'}" ){ $errormessage = "$Lang::tr{'outgoing firewall group error'}"; + } elsif ( $outgrpsettings{'ipgroup'} eq "all" || $outgrpsettings{'ipgroup'} eq "red" || $outgrpsettings{'ipgroup'} eq "blue" || + $outgrpsettings{'ipgroup'} eq "green" || $outgrpsettings{'ipgroup'} eq "orange" || $outgrpsettings{'ipgroup'} eq "ip" || + $outgrpsettings{'ipgroup'} eq "mac" || $outgrpsettings{'ipgroup'} eq "ovpn" || $outgrpsettings{'ipgroup'} eq "ipsec" ) { + $errormessage = "$Lang::tr{'outgoing firewall reserved groupname'}"; } else { open (FILE, ">$configpath/ipgroups/$outgrpsettings{'ipgroup'}") or die "Can't save $outgrpsettings{'ipgroup'} settings $!"; flock (FILE, 2); @@ -101,6 +105,10 @@ if ($outgrpsettings{'ACTION'} eq 'newmacgroup') if ( -e "$configpath/ipgroups/$outgrpsettings{'macgroup'}" ){ $errormessage = "$Lang::tr{'outgoing firewall group error'}"; + } elsif ( $outgrpsettings{'macgroup'} eq "all" || $outgrpsettings{'macgroup'} eq "red" || $outgrpsettings{'macgroup'} eq "blue" || + $outgrpsettings{'macgroup'} eq "green" || $outgrpsettings{'macgroup'} eq "orange" || $outgrpsettings{'macgroup'} eq "ip" || + $outgrpsettings{'macgroup'} eq "mac" || $outgrpsettings{'macgroup'} eq "ovpn" || $outgrpsettings{'macgroup'} eq "ipsec" ) { + $errormessage = "$Lang::tr{'outgoing firewall reserved groupname'}"; } else { open (FILE, ">$configpath/macgroups/$outgrpsettings{'macgroup'}") or die "Can't save $outgrpsettings{'macgroup'} settings $!"; flock (FILE, 2); diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index aa09abe3ad..6b01831d5a 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -22,7 +22,8 @@ 'ConnSched scheduled actions' => 'Geplante Aktionen', 'ConnSched scheduler' => 'Scheduler', 'ConnSched select profile' => 'Wähle Profil', -'outgoingfw warning' => 'Nur die Auswahl Quell IP / MAC aktiviert diese', +'outgoing firewall warning' => 'Nur die Auswahl Quell IP / MAC aktiviert diese', +'outgoing firewall outgoing firewall reserved groupname' => 'Bitte einen anderen Gruppennamen verwenden, dieser ist ein reserviertes Wort.', 'ConnSched time' => 'Zeit:', 'ConnSched up' => 'Hoch', 'ConnSched weekdays' => 'Wochentage:', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 2c053daf90..907de5d800 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -19,7 +19,8 @@ 'ConnSched ipsecstop' => 'IPSec stop', 'ConnSched reconnect' => 'Reconnect', 'ConnSched scheduled actions' => 'Scheduled actions', -'outgoingfw warning' => 'Not selecting source ip or mac ignores them', +'outgoing firewall warning' => 'Not selecting source ip or mac ignores them', +'outgoing firewall outgoing firewall reserved groupname' => 'Please use another group name, this name is reserved.', 'ConnSched scheduler' => 'Scheduler', 'ConnSched select profile' => 'Select profile', 'modify' => 'Modify', diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl index 8b7d2937ac..8074cd29dc 100644 --- a/langs/es/cgi-bin/es.pl +++ b/langs/es/cgi-bin/es.pl @@ -18,7 +18,8 @@ 'ConnSched ipsecstop' => 'Detener IPSec', 'ConnSched reconnect' => 'Reconectar', 'ConnSched scheduled actions' => 'Acciones planificadas', -'outgoingfw warning' => 'No seleccionar ip origen o mac las ignora', +'outgoing firewall warning' => 'No seleccionar ip origen o mac las ignora', +'outgoing firewall outgoing firewall reserved groupname' => 'Por favor, utilice otro nombre de grupo, este nombre está reservado', 'ConnSched scheduler' => 'Planificador', 'ConnSched select profile' => 'Elegir Perfil', 'modify' => 'Modificar', diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index 7d76c78d0c..7904bb631d 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -18,7 +18,8 @@ 'ConnSched ipsecstart' => 'IPSec (re)démarrage', 'ConnSched ipsecstop' => 'IPSec arrêt', 'ConnSched reconnect' => 'Reconnecter', -'outgoingfw warning' => 'Ne pas choisir IP source ou Mac ignore les', +'outgoing firewall warning' => 'Ne pas choisir IP source ou Mac ignore les', +'outgoing firewall outgoing firewall reserved groupname' => 'S il vous plaît utilisez un autre nom de groupe, ce nom est réservé.', 'ConnSched scheduled actions' => 'Actions planifiées', 'ConnSched scheduler' => 'Planificateur', 'ConnSched select profile' => 'Sélectionner profil', -- 2.39.2
$Lang::tr{'mode'} 0:$Lang::tr{'outgoingfw mode0'}
$Lang::tr{'mode'} 1:$Lang::tr{'outgoingfw mode1'}
$Lang::tr{'mode'} 2:$Lang::tr{'outgoingfw mode2'}
$Lang::tr{'mode'} 0:$Lang::tr{'outgoing firewall mode0'}
$Lang::tr{'mode'} 1:$Lang::tr{'outgoing firewall mode1'}
$Lang::tr{'mode'} 2:$Lang::tr{'outgoing firewall mode2'}
@@ -605,7 +605,7 @@ END ; if ($outfwsettings{'POLICY'} ne 'MODE0') { print < + $Lang::tr{'outgoing firewall reset'}: END ; } @@ -705,7 +705,7 @@ END $Lang::tr{'outgoingfw warning'}$Lang::tr{'outgoing firewall warning'}
$Lang::tr{'source ip or net'}