]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blob - html/cgi-bin/forwardfw.cgi
projects / people / teissler / ipfire-2.x.git / blob
? search:


6d662224e183745280fb87101efa3ccdd41e5d2d
[people/teissler/ipfire-2.x.git] / html / cgi-bin / forwardfw.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2012 #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21 # #
22 # Hi folks! I hope this code is useful for all. I needed something to handle #
23 # my VPN Connections in a comfortable way. As a prerequisite i needed #
24 # something that makes sure the vpn roadwarrior are able to have a fixed #
25 # ip-address. So i developed the ccd extension for the vpn server. #
26 # #
27 # Now that the ccd extension is ready i am able to develop the main request. #
28 # Any feedback is appreciated. #
29 # #
30 #Copymaster #
31 ###############################################################################
32
33 use strict;
34 no warnings 'uninitialized';
35 # enable only the following on debugging purpose
36 #use warnings;
37 #use CGI::Carp 'fatalsToBrowser';
38
39 require '/var/ipfire/general-functions.pl';
40 require "${General::swroot}/lang.pl";
41 require "${General::swroot}/header.pl";
42 require "${General::swroot}/forward/bin/firewall-lib.pl";
43
44 unless (-d "${General::swroot}/forward") { system("mkdir ${General::swroot}/forward"); }
45 unless (-e "${General::swroot}/forward/settings") { system("touch ${General::swroot}/forward/settings"); }
46 unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); }
47 unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); }
48 unless (-e "${General::swroot}/forward/outgoing") { system("touch ${General::swroot}/forward/outgoing"); }
49
50 my %fwdfwsettings=();
51 my %selected=() ;
52 my %defaultNetworks=();
53 my %netsettings=();
54 my %customhost=();
55 my %customgrp=();
56 my %customnetworks=();
57 my %customservice=();
58 my %customservicegrp=();
59 my %ccdnet=();
60 my %customnetwork=();
61 my %ccdhost=();
62 my %configfwdfw=();
63 my %configinputfw=();
64 my %configoutgoingfw=();
65 my %ipsecconf=();
66 my %color=();
67 my %mainsettings=();
68 my %checked=();
69 my %icmptypes=();
70 my %ovpnsettings=();
71 my %ipsecsettings=();
72 my %aliases=();
73 my @p2ps = ();
74
75 my $color;
76 my $confignet = "${General::swroot}/fwhosts/customnetworks";
77 my $confighost = "${General::swroot}/fwhosts/customhosts";
78 my $configgrp = "${General::swroot}/fwhosts/customgroups";
79 my $configsrv = "${General::swroot}/fwhosts/customservices";
80 my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
81 my $configccdnet = "${General::swroot}/ovpn/ccd.conf";
82 my $configccdhost = "${General::swroot}/ovpn/ovpnconfig";
83 my $configipsec = "${General::swroot}/vpn/config";
84 my $configipsecrw = "${General::swroot}/vpn/settings";
85 my $configfwdfw = "${General::swroot}/forward/config";
86 my $configinput = "${General::swroot}/forward/input";
87 my $configoutgoing = "${General::swroot}/forward/outgoing";
88 my $configovpn = "${General::swroot}/ovpn/settings";
89 my $p2pfile = "${General::swroot}/forward/p2protocols";
90 my $errormessage='';
91 my $hint='';
92 my $ipgrp="${General::swroot}/outgoing/groups";
93
94
95 &General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
96 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
97 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
98
99 &Header::showhttpheaders();
100 &Header::getcgihash(\%fwdfwsettings);
101 &Header::openpage($Lang::tr{'fwdfw menu'}, 1, '');
102 &Header::openbigbox('100%', 'center',$errormessage);
103 #### ACTION #####
104
105 if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'save'})
106 {
107 my $MODE = $fwdfwsettings{'POLICY'};
108 my $MODE1 = $fwdfwsettings{'POLICY1'};
109 %fwdfwsettings = ();
110 $fwdfwsettings{'POLICY'} = "$MODE";
111 $fwdfwsettings{'POLICY1'} = "$MODE1";
112 &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
113 &reread_rules;
114 }
115 if ($fwdfwsettings{'ACTION'} eq 'saverule')
116 {
117 &General::readhasharray("$configfwdfw", \%configfwdfw);
118 &General::readhasharray("$configinput", \%configinputfw);
119 &General::readhasharray("$configoutgoing", \%configoutgoingfw);
120 $errormessage=&checksource;
121 if(!$errormessage){&checktarget;}
122 if(!$errormessage){&checkrule;}
123 #check if we try to break rules
124 if( $fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' && $fwdfwsettings{'grp2'} eq 'ipfire'){
125 $errormessage.=$Lang::tr{'fwdfw err same'};
126 }
127 #INPUT part
128 if($fwdfwsettings{'grp2'} eq 'ipfire'){
129 $fwdfwsettings{'config'}=$configinput;
130 $fwdfwsettings{'chain'} = 'INPUTFW';
131 my $maxkey=&General::findhasharraykey(\%configinputfw);
132 #check if we have an identical rule already
133 if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
134 foreach my $key (sort keys %configinputfw){
135 if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
136 eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27]"){
137 $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
138 if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && &validremark($fwdfwsettings{'ruleremark'})){
139 $errormessage='';
140 }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && !&validremark($fwdfwsettings{'ruleremark'})){
141 $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
142 }
143 if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
144 $fwdfwsettings{'nosave'} = 'on';
145 }
146 }
147 }
148 }
149 #check Rulepos on new Rule
150 if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
151 $fwdfwsettings{'oldrulenumber'}=$maxkey;
152 foreach my $key (sort keys %configinputfw){
153 if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
154 eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27]"){
155 $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
156 }
157 }
158 }
159 #check if we just close a rule
160 if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} ) {
161 if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
162 $errormessage='';
163 $fwdfwsettings{'nosave2'} = 'on';
164 }
165 }
166 &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
167 if ($fwdfwsettings{'nobase'} ne 'on'){
168 &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
169 }
170 if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
171 &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
172 }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
173 &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
174 }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
175 &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
176 }
177 if($fwdfwsettings{'nosave2'} ne 'on'){
178 &saverule(\%configinputfw,$configinput);
179 }
180 #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
181 #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}<br>";
182 #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
183 #print "Dienst: $fwdfwsettings{'USESRV'}, $fwdfwsettings{'grp3'} -> $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
184 #print "BEMERKUNG: $fwdfwsettings{'ruleremark'}<br>";
185 #print " Regel AKTIV: $fwdfwsettings{'ACTIVE'}<br>";
186 #print " Regel LOG: $fwdfwsettings{'LOG'}<br>";
187 #print " ZEITRAHMEN: $fwdfwsettings{'TIME'}<br>";
188 #print " MO: $fwdfwsettings{'TIME_MON'}<br>";
189 #print " DI: $fwdfwsettings{'TIME_TUE'}<br>";
190 #print " MI: $fwdfwsettings{'TIME_WED'}<br>";
191 #print " DO: $fwdfwsettings{'TIME_THU'}<br>";
192 #print " FR: $fwdfwsettings{'TIME_FRI'}<br>";
193 #print " SA: $fwdfwsettings{'TIME_SAT'}<br>";
194 #print " SO: $fwdfwsettings{'TIME_SUN'}<br>";
195 #print " VON: $fwdfwsettings{'TIME_FROM'} bis $fwdfwsettings{'TIME_TO'}<br>";
196 #print "<br>";
197 #print"ALT: $fwdfwsettings{'oldgrp1a'} $fwdfwsettings{'oldgrp1b'} NEU: $fwdfwsettings{'grp1'} $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
198 #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
199 #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
200 #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
201 }elsif($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' ){
202 # OUTGOING PART
203 $fwdfwsettings{'config'}=$configoutgoing;
204 $fwdfwsettings{'chain'} = 'OUTGOINGFW';
205 my $maxkey=&General::findhasharraykey(\%configoutgoingfw);
206 if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
207 foreach my $key (sort keys %configoutgoingfw){
208 if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
209 eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27]"){
210 $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
211 if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && &validremark($fwdfwsettings{'ruleremark'})){
212 $errormessage='';
213 }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && !&validremark($fwdfwsettings{'ruleremark'})){
214 $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
215 }
216 if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
217 $fwdfwsettings{'nosave'} = 'on';
218 }
219 }
220 }
221 }
222 #check Rulepos on new Rule
223 if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
224 print"CHECK OUTGOING DOPPELTE REGEL<br>";
225 $fwdfwsettings{'oldrulenumber'}=$maxkey;
226 foreach my $key (sort keys %configoutgoingfw){
227 if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
228 eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27]"){
229 $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
230 }
231 }
232 }
233 #check if we just close a rule
234 if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} ) {
235 if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
236 $fwdfwsettings{'nosave2'} = 'on';
237 $errormessage='';
238 }
239 }
240 #increase counters
241 &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
242 &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
243 if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
244 &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
245 }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
246 &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
247 }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
248 &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
249 }
250 if ($fwdfwsettings{'nobase'} eq 'on'){
251 &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
252 }
253 if ($fwdfwsettings{'nosave2'} ne 'on'){
254 &saverule(\%configoutgoingfw,$configoutgoing);
255 }
256 }else{
257 #FORWARD PART
258 $fwdfwsettings{'config'}=$configfwdfw;
259 $fwdfwsettings{'chain'} = 'FORWARDFW';
260 my $maxkey=&General::findhasharraykey(\%configfwdfw);
261 if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
262 #check if we have an identical rule already
263 foreach my $key (sort keys %configfwdfw){
264 if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
265 eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){
266 $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
267 if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && &validremark($fwdfwsettings{'ruleremark'})){
268 $errormessage='';
269 }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && !&validremark($fwdfwsettings{'ruleremark'})){
270 $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
271 }
272 if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
273 $fwdfwsettings{'nosave'} = 'on';
274 }
275 }
276 }
277 }
278 #check Rulepos on new Rule
279 if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
280 $fwdfwsettings{'oldrulenumber'}=$maxkey;
281 foreach my $key (sort keys %configfwdfw){
282 if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
283 eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){
284 $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
285 }
286 }
287 }
288 #check if we just close a rule
289 if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} ) {
290 if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
291 $fwdfwsettings{'nosave2'} = 'on';
292 $errormessage='';
293 }
294 }
295 #increase counters
296 &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
297 &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
298 if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
299 &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
300 }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
301 &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
302 }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
303 &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
304 }
305 if ($fwdfwsettings{'nobase'} eq 'on'){
306 &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
307 }
308 if ($fwdfwsettings{'nosave2'} ne 'on'){
309 &saverule(\%configfwdfw,$configfwdfw);
310 }
311 #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
312 #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}<br>";
313 #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
314 #print "Dienst: $fwdfwsettings{'USESRV'}, $fwdfwsettings{'grp3'} -> $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
315 #print "BEMERKUNG: $fwdfwsettings{'ruleremark'}<br>";
316 #print " Regel AKTIV: $fwdfwsettings{'ACTIVE'}<br>";
317 #print " Regel LOG: $fwdfwsettings{'LOG'}<br>";
318 #print " ZEITRAHMEN: $fwdfwsettings{'TIME'}<br>";
319 #print " MO: $fwdfwsettings{'TIME_MON'}<br>";
320 #print " DI: $fwdfwsettings{'TIME_TUE'}<br>";
321 #print " MI: $fwdfwsettings{'TIME_WED'}<br>";
322 #print " DO: $fwdfwsettings{'TIME_THU'}<br>";
323 #print " FR: $fwdfwsettings{'TIME_FRI'}<br>";
324 #print " SA: $fwdfwsettings{'TIME_SAT'}<br>";
325 #print " SO: $fwdfwsettings{'TIME_SUN'}<br>";
326 #print " VON: $fwdfwsettings{'TIME_FROM'} bis $fwdfwsettings{'TIME_TO'}<br>";
327 #print "<br>";
328 #print"ALT: $fwdfwsettings{'oldgrp1a'} $fwdfwsettings{'oldgrp1b'} NEU: $fwdfwsettings{'grp1'} $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
329 #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
330 #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
331 #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
332 }
333 if ($errormessage){
334 &newrule;
335 }else{
336 if($fwdfwsettings{'nosave2'} ne 'on'){
337 &rules;
338 }
339 &base;
340 }
341 }
342 if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'reset'})
343 {
344 &General::readhasharray("$configfwdfw", \%configfwdfw);
345 foreach my $key (sort keys %configfwdfw){
346 &checkcounter($configfwdfw{$key}[3],$configfwdfw{$key}[4],,);
347 &checkcounter($configfwdfw{$key}[5],$configfwdfw{$key}[6],,);
348 &checkcounter($configfwdfw{$key}[14],$configfwdfw{$key}[15],,);
349 }
350 &General::readhasharray("$configinput", \%configinputfw);
351 foreach my $key (sort keys %configinputfw){
352 &checkcounter($configinputfw{$key}[3],$configinputfw{$key}[4],,);
353 &checkcounter($configinputfw{$key}[5],$configinputfw{$key}[6],,);
354 &checkcounter($configinputfw{$key}[14],$configinputfw{$key}[15],,);
355 }
356
357 system("rm ${General::swroot}/forward/config");
358 system("rm ${General::swroot}/forward/input");
359 &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
360 unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); }
361 unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); }
362 my $MODE1=$fwdfwsettings{'POLICY1'};
363 %fwdfwsettings = ();
364 $fwdfwsettings{'POLICY'}='MODE2';
365 $fwdfwsettings{'POLICY1'}=$MODE1;
366 &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
367 &reread_rules;
368
369 }
370 if ($fwdfwsettings{'ACTION'} eq 'resetoutgoing')
371 {
372 &General::readhasharray("$configoutgoing", \%configoutgoingfw);
373 foreach my $key (sort keys %configoutgoingfw){
374 &checkcounter($configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],,);
375 &checkcounter($configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],,);
376 &checkcounter($configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],,);
377 }
378 system("rm ${General::swroot}/forward/outgoing");
379 &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
380 unless (-e "${General::swroot}/forward/outgoing") { system("touch ${General::swroot}/forward/outgoing"); }
381 my $MODE=$fwdfwsettings{'POLICY'};
382 %fwdfwsettings = ();
383 $fwdfwsettings{'POLICY'}=$MODE;
384 $fwdfwsettings{'POLICY1'}='MODE2';
385 &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
386 &reread_rules;
387
388 }
389 if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw newrule'})
390 {
391 &newrule;
392 }
393 if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw toggle'})
394 {
395 my %togglehash=();
396 &General::readhasharray($fwdfwsettings{'config'}, \%togglehash);
397 foreach my $key (sort keys %togglehash){
398 if ($key eq $fwdfwsettings{'key'}){
399 if ($togglehash{$key}[2] eq 'ON'){$togglehash{$key}[2]='';}else{$togglehash{$key}[2]='ON';}
400 }
401 }
402 &General::writehasharray($fwdfwsettings{'config'}, \%togglehash);
403 &rules;
404 &base;
405 }
406 if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw togglelog'})
407 {
408 my %togglehash=();
409 &General::readhasharray($fwdfwsettings{'config'}, \%togglehash);
410 foreach my $key (sort keys %togglehash){
411 if ($key eq $fwdfwsettings{'key'}){
412 if ($togglehash{$key}[17] eq 'ON'){$togglehash{$key}[17]='';}else{$togglehash{$key}[17]='ON';}
413 }
414 }
415 &General::writehasharray($fwdfwsettings{'config'}, \%togglehash);
416 &rules;
417 &base;
418 }
419 if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'})
420 {
421 &reread_rules;
422 &base;
423 }
424 if ($fwdfwsettings{'ACTION'} eq 'editrule')
425 {
426 $fwdfwsettings{'updatefwrule'}='on';
427 &newrule;
428 }
429 if ($fwdfwsettings{'ACTION'} eq 'deleterule')
430 {
431 &deleterule;
432 }
433 if ($fwdfwsettings{'ACTION'} eq 'moveup')
434 {
435 &pos_up;
436 &base;
437 }
438 if ($fwdfwsettings{'ACTION'} eq 'movedown')
439 {
440 &pos_down;
441 &base;
442 }
443 if ($fwdfwsettings{'ACTION'} eq 'copyrule')
444 {
445 $fwdfwsettings{'copyfwrule'}='on';
446 #$fwdfwsettings{'updatefwrule'}='on';
447 &newrule;
448 }
449 if ($fwdfwsettings{'ACTION'} eq 'togglep2p')
450 {
451 #$errormessage="Toggle $fwdfwsettings{'P2PROT'}<br>";
452 open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
453 @p2ps = <FILE>;
454 close FILE;
455 open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile";
456 foreach my $p2pentry (sort @p2ps)
457 {
458 my @p2pline = split( /\;/, $p2pentry );
459 if ($p2pline[1] eq $fwdfwsettings{'P2PROT'}) {
460 if($p2pline[2] eq 'on'){
461 $p2pline[2]='off';
462 }else{
463 $p2pline[2]='on';
464 }
465 }
466 print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
467 }
468 close FILE;
469 &rules;
470 &base;
471 }
472 if ($fwdfwsettings{'ACTION'} eq '')
473 {
474 &base;
475 }
476 ### Functions ####
477 sub changerule
478 {
479 my $oldchain=shift;
480 $fwdfwsettings{'updatefwrule'}='';
481 $fwdfwsettings{'config'}=$oldchain;
482 $fwdfwsettings{'nobase'}='on';
483 &deleterule;
484 &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
485 &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
486 }
487 sub pos_up
488 {
489 my %uphash=();
490 my %tmp=();
491 &General::readhasharray($fwdfwsettings{'config'}, \%uphash);
492 foreach my $key (sort keys %uphash){
493 if ($key eq $fwdfwsettings{'key'}) {
494 my $last = $key -1;
495 if (exists $uphash{$last}){
496 #save rule last
497 foreach my $y (0 .. $#{$uphash{$last}}) {
498 $tmp{0}[$y] = $uphash{$last}[$y];
499 }
500 #copy active rule to last
501 foreach my $i (0 .. $#{$uphash{$last}}) {
502 $uphash{$last}[$i] = $uphash{$key}[$i];
503 }
504 #copy saved rule to actual position
505 foreach my $x (0 .. $#{$tmp{0}}) {
506 $uphash{$key}[$x] = $tmp{0}[$x];
507 }
508 }
509 }
510 }
511 &General::writehasharray($fwdfwsettings{'config'}, \%uphash);
512 &rules;
513 }
514 sub pos_down
515 {
516 my %downhash=();
517 my %tmp=();
518 &General::readhasharray($fwdfwsettings{'config'}, \%downhash);
519 foreach my $key (sort keys %downhash){
520 if ($key eq $fwdfwsettings{'key'}) {
521 my $next = $key + 1;
522 if (exists $downhash{$next}){
523 #save rule next
524 foreach my $y (0 .. $#{$downhash{$next}}) {
525 $tmp{0}[$y] = $downhash{$next}[$y];
526 }
527 #copy active rule to next
528 foreach my $i (0 .. $#{$downhash{$next}}) {
529 $downhash{$next}[$i] = $downhash{$key}[$i];
530 }
531 #copy saved rule to actual position
532 foreach my $x (0 .. $#{$tmp{0}}) {
533 $downhash{$key}[$x] = $tmp{0}[$x];
534 }
535 }
536 }
537 }
538 &General::writehasharray($fwdfwsettings{'config'}, \%downhash);
539 &rules;
540 }
541 sub checkcounter
542 {
543 my ($base1,$val1,$base2,$val2) = @_;
544
545 if($base1 eq 'cust_net_src' || $base1 eq 'cust_net_tgt'){
546 &dec_counter($confignet,\%customnetwork,$val1);
547 }elsif($base1 eq 'cust_host_src' || $base1 eq 'cust_host_tgt'){
548 &dec_counter($confighost,\%customhost,$val1);
549 }elsif($base1 eq 'cust_grp_src' || $base1 eq 'cust_grp_tgt'){
550 &dec_counter($configgrp,\%customgrp,$val1);
551 }elsif($base1 eq 'cust_srv'){
552 &dec_counter($configsrv,\%customservice,$val1);
553 }elsif($base1 eq 'cust_srvgrp'){
554 &dec_counter($configsrvgrp,\%customservicegrp,$val1);
555 }
556
557 if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){
558 &inc_counter($confignet,\%customnetwork,$val2);
559 }elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){
560 &inc_counter($confighost,\%customhost,$val2);
561 }elsif($base2 eq 'cust_grp_src' || $base2 eq 'cust_grp_tgt'){
562 &inc_counter($configgrp,\%customgrp,$val2);
563 }elsif($base2 eq 'cust_srv'){
564 &inc_counter($configsrv,\%customservice,$val2);
565 }elsif($base2 eq 'cust_srvgrp'){
566 &inc_counter($configsrvgrp,\%customservicegrp,$val2);
567 }
568 }
569 sub inc_counter
570 {
571 my $config=shift;
572 my %hash=%{(shift)};
573 my $val=shift;
574 my $pos;
575
576 &General::readhasharray($config, \%hash);
577 foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
578 if($hash{$key}[0] eq $val){
579 $pos=$#{$hash{$key}};
580 $hash{$key}[$pos] = $hash{$key}[$pos]+1;
581 }
582 }
583 &General::writehasharray($config, \%hash);
584 }
585 sub dec_counter
586 {
587 my $config=shift;
588 my %hash=%{(shift)};
589 my $val=shift;
590 my $pos;
591 #$errormessage.="ALT:config: $config , verringert wird $val <br>";
592 &General::readhasharray($config, \%hash);
593 foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
594 if($hash{$key}[0] eq $val){
595 $pos=$#{$hash{$key}};
596 $hash{$key}[$pos] = $hash{$key}[$pos]-1;
597 }
598 }
599 &General::writehasharray($config, \%hash);
600 }
601 sub base
602 {
603 if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; }
604 if ($fwdfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; }
605 if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){ $selected{'POLICY1'}{'MODE1'} = 'selected'; } else { $selected{'POLICY1'}{'MODE1'} = ''; }
606 if ($fwdfwsettings{'POLICY1'} eq 'MODE2'){ $selected{'POLICY1'}{'MODE2'} = 'selected'; } else { $selected{'POLICY1'}{'MODE2'} = ''; }
607 &hint;
608 &addrule;
609 &p2pblock;
610 &Header::openbox('100%', 'center', $Lang::tr{'fwdfw pol title'});
611 print <<END;
612 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
613 <table width='100%' border='0'>
614 <tr><td colspan='3' style='font-weight:bold;color:red;'>FORWARD </td></tr>
615 <tr><td colspan='3'>$Lang::tr{'fwdfw pol text'}</td></tr>
616 <tr><td colspan='3'><hr /></td></tr>
617 <tr><td width='15%' align='left'> <select name='POLICY' style="width: 100px">
618 <option value='MODE1' $selected{'POLICY'}{'MODE1'}>$Lang::tr{'fwdfw pol block'}</option>
619 <option value='MODE2' $selected{'POLICY'}{'MODE2'}>$Lang::tr{'fwdfw pol allow'}</option></select>
620 <td width='45%' align='left'><input type='submit' name='ACTION' value=$Lang::tr{'save'} />
621 <td width='45%' align='left'>
622 END
623 print "$Lang::tr{'outgoing firewall reset'}: <input type='submit' name='ACTION' value='$Lang::tr{'reset'}' />";
624 print "</table></form>";
625 print"<br><br>";
626 print <<END;
627 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
628 <table width='100%' border='0'>
629 <tr><td colspan='3' style='font-weight:bold;color:red;'>OUTGOING </td></tr>
630 <tr><td colspan='3'>$Lang::tr{'fwdfw pol text1'}</td></tr>
631 <tr><td colspan='3'><hr /></td></tr>
632 <tr><td width='15%' align='left'> <select name='POLICY1' style="width: 100px">
633 <option value='MODE1' $selected{'POLICY1'}{'MODE1'}>$Lang::tr{'fwdfw pol block'}</option>
634 <option value='MODE2' $selected{'POLICY1'}{'MODE2'}>$Lang::tr{'fwdfw pol allow'}</option></select>
635 <td width='45%' align='left'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></form>
636 <td width='45%' align='left'>
637 END
638 print "$Lang::tr{'outgoing firewall reset'}: <form method='post' action='$ENV{'SCRIPT_NAME'}' style='display:inline'><input type='submit' value='$Lang::tr{'reset'}' /><input type='hidden' name='ACTION' value='resetoutgoing' />";
639 print "</table></form>";
640 &Header::closebox();
641 }
642 sub addrule
643 {
644 &error;
645 &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
646
647 print "<form method='post'>";
648 print "<table border='0'>";
649 print "<tr><td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw newrule'}'></td>";
650 if (-f "${General::swroot}/forward/reread"){
651 print "<td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: red; font-weight: bold;'>$Lang::tr{'fwhost reread'}</td>";
652 }
653 print"</tr></table></form><hr>";
654
655 &Header::closebox();
656 &viewtablerule;
657 }
658 sub deleterule
659 {
660 my %delhash=();
661 &General::readhasharray($fwdfwsettings{'config'}, \%delhash);
662 foreach my $key (sort {$a <=> $b} keys %delhash){
663 if ($key == $fwdfwsettings{'key'}){
664 #check hosts/net and groups
665 &checkcounter($delhash{$key}[3],$delhash{$key}[4],,);
666 &checkcounter($delhash{$key}[5],$delhash{$key}[6],,);
667 #check services and groups
668 if ($delhash{$key}[11] eq 'ON'){
669 &checkcounter($delhash{$key}[14],$delhash{$key}[15],,);
670 }
671 }
672 if ($key >= $fwdfwsettings{'key'}) {
673 my $next = $key + 1;
674 if (exists $delhash{$next}) {
675 foreach my $i (0 .. $#{$delhash{$next}}) {
676 $delhash{$key}[$i] = $delhash{$next}[$i];
677 }
678 }
679 }
680 }
681 # Remove the very last entry.
682 my $last_key = (sort {$a <=> $b} keys %delhash)[-1];
683 delete $delhash{$last_key};
684
685 &General::writehasharray($fwdfwsettings{'config'}, \%delhash);
686 &rules;
687
688 if($fwdfwsettings{'nobase'} ne 'on'){
689 &base;
690 }
691 }
692 sub disable_rule
693 {
694 my $key1=shift;
695 &General::readhasharray("$configfwdfw", \%configfwdfw);
696 foreach my $key (sort keys %configfwdfw){
697 if ($key eq $key1 ){
698 if ($configfwdfw{$key}[2] eq 'ON'){$configfwdfw{$key}[2]='';}
699 }
700 }
701 &General::writehasharray("$configfwdfw", \%configfwdfw);
702 &rules;
703 }
704 sub checksource
705 {
706 my ($ip,$subnet);
707
708 #check ip-address if manual
709 if ($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} ne ''){
710 #check if ip with subnet
711 if ($fwdfwsettings{'src_addr'} =~ /^(.*?)\/(.*?)$/) {
712 ($ip,$subnet)=split (/\//,$fwdfwsettings{'src_addr'});
713 $subnet = &General::iporsubtocidr($subnet);
714 $fwdfwsettings{'isip'}='on';
715 }
716 #check if only ip
717 if($fwdfwsettings{'src_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
718 $ip=$fwdfwsettings{'src_addr'};
719 $subnet = '32';
720 $fwdfwsettings{'isip'}='on';
721 }
722
723 if ($fwdfwsettings{'isip'} ne 'on'){
724 if (&General::validmac($fwdfwsettings{'src_addr'})){$fwdfwsettings{'ismac'}='on';}
725 }
726 if ($fwdfwsettings{'isip'} eq 'on'){
727 #check and form valid IP
728 $ip=&General::ip2dec($ip);
729 $ip=&General::dec2ip($ip);
730 #check if net or broadcast
731 my @tmp= split (/\./,$ip);
732 if (($tmp[3] eq "0") || ($tmp[3] eq "255"))
733 {
734 $errormessage=$Lang::tr{'fwhost err hostip'}."<br>";
735 }
736 $fwdfwsettings{'src_addr'}="$ip/$subnet";
737
738 if(!&General::validipandmask($fwdfwsettings{'src_addr'})){
739 $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
740 }
741 }
742 if ($fwdfwsettings{'isip'} ne 'on' && $fwdfwsettings{'ismac'} ne 'on'){
743 $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
744 }
745 }elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){
746 $errormessage.=$Lang::tr{'fwdfw err nosrcip'};
747 return $errormessage;
748 }
749
750 #check empty fields
751 if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}."<br>";}
752 #check icmp source
753 if ($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ICMP'){
754 $fwdfwsettings{'SRC_PORT'}='';
755 &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
756 foreach my $key (keys %icmptypes){
757 if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}[1])"){
758 $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]";
759 }
760 }
761 }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'GRE'){
762 $fwdfwsettings{'SRC_PORT'}='';
763 $fwdfwsettings{'ICMP_TYPES'}='';
764 }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ESP'){
765 $fwdfwsettings{'SRC_PORT'}='';
766 $fwdfwsettings{'ICMP_TYPES'}='';
767 }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'AH'){
768 $fwdfwsettings{'SRC_PORT'}='';
769 $fwdfwsettings{'ICMP_TYPES'}='';
770 }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP'){
771 $fwdfwsettings{'ICMP_TYPES'}='';
772 }else{
773 $fwdfwsettings{'ICMP_TYPES'}='';
774 $fwdfwsettings{'SRC_PORT'}='';
775 $fwdfwsettings{'PROT'}='';
776 }
777
778 if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'SRC_PORT'} ne ''){
779 my @parts=split(",",$fwdfwsettings{'SRC_PORT'});
780 my @values=();
781 foreach (@parts){
782 chomp($_);
783 if ($_ =~ /^(\d+)\:(\d+)$/) {
784 my $check;
785 #change dashes with :
786 $_=~ tr/-/:/;
787 if ($_ eq "*") {
788 push(@values,"1:65535");
789 $check='on';
790 }
791 if ($_ =~ /^(\D)\:(\d+)$/) {
792 push(@values,"1:$2");
793 $check='on';
794 }
795 if ($_ =~ /^(\d+)\:(\D)$/) {
796 push(@values,"$1:65535");
797 $check='on'
798 }
799 $errormessage .= &General::validportrange($_, 'destination');
800 if(!$check){
801 push (@values,$_);
802 }
803 }else{
804 if (&General::validport($_)){
805 push (@values,$_);
806 }else{
807
808 }
809 }
810 }
811 $fwdfwsettings{'SRC_PORT'}=join("|",@values);
812 return $errormessage;
813 }
814 }
815 sub checktarget
816 {
817 my ($ip,$subnet);
818
819 if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){
820 #check if ip with subnet
821 if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) {
822 ($ip,$subnet)=split (/\//,$fwdfwsettings{'tgt_addr'});
823 $subnet = &General::iporsubtocidr($subnet);
824 }
825 #check if only ip
826 if($fwdfwsettings{'tgt_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
827 $ip=$fwdfwsettings{'tgt_addr'};
828 $subnet='32';
829 }
830 #check and form valid IP
831 $ip=&General::ip2dec($ip);
832 $ip=&General::dec2ip($ip);
833
834 ##check if net or broadcast
835 #my @tmp= split (/\./,$ip);
836 #if ($tmp[3] eq "0" || ($tmp[3] eq "255"))
837 #{
838 #$errormessage=$Lang::tr{'fwhost err hostip'}."<br>";
839 #}
840 $fwdfwsettings{'tgt_addr'}="$ip/$subnet";
841
842 if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
843 $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
844 }
845
846 }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){
847 $errormessage.=$Lang::tr{'fwdfw err notgtip'};
848 return $errormessage;
849 }
850
851 #check empty fields
852 if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."<br>";}
853
854 #check tgt services
855 if ($fwdfwsettings{'USESRV'} eq 'ON'){
856 if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
857 $fwdfwsettings{'TGT_PROT'}='';
858 $fwdfwsettings{'ICMP_TGT'}='';
859 }
860 if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){
861 $fwdfwsettings{'TGT_PROT'}='';
862 $fwdfwsettings{'ICMP_TGT'}='';
863 #check target service
864 if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq ''){
865 $errormessage.=$Lang::tr{'fwdfw err tgt_grp'};
866 }
867 }
868 if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){
869 if ($fwdfwsettings{'TGT_PROT'} eq 'TCP' || $fwdfwsettings{'TGT_PROT'} eq 'UDP'){
870 if ($fwdfwsettings{'TGT_PORT'} ne ''){
871 my @parts=split(",",$fwdfwsettings{'TGT_PORT'});
872 my @values=();
873 foreach (@parts){
874 chomp($_);
875 if ($_ =~ /^(\d+)\:(\d+)$/) {
876 my $check;
877 #change dashes with :
878 $_=~ tr/-/:/;
879 if ($_ eq "*") {
880 push(@values,"1:65535");
881 $check='on';
882 }
883 if ($_ =~ /^(\D)\:(\d+)$/) {
884 push(@values,"1:$2");
885 $check='on';
886 }
887 if ($_ =~ /^(\d+)\:(\D)$/) {
888 push(@values,"$1:65535");
889 $check='on'
890 }
891 $errormessage .= &General::validportrange($_, 'destination');
892 if(!$check){
893 push (@values,$_);
894 }
895 }else{
896 if (&General::validport($_)){
897 push (@values,$_);
898 }else{
899
900 }
901 }
902 }
903 $fwdfwsettings{'TGT_PORT'}=join("|",@values);
904 }
905 }elsif ($fwdfwsettings{'TGT_PROT'} eq 'GRE'){
906 $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
907 $fwdfwsettings{'TGT_PORT'} = '';
908 $fwdfwsettings{'ICMP_TGT'} = '';
909 }elsif($fwdfwsettings{'TGT_PROT'} eq 'ESP'){
910 $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
911 $fwdfwsettings{'TGT_PORT'} = '';
912 $fwdfwsettings{'ICMP_TGT'}='';
913 }elsif($fwdfwsettings{'TGT_PROT'} eq 'AH'){
914 $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
915 $fwdfwsettings{'TGT_PORT'} = '';
916 $fwdfwsettings{'ICMP_TGT'}='';
917 }elsif ($fwdfwsettings{'TGT_PROT'} eq 'ICMP'){
918 $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
919 $fwdfwsettings{'TGT_PORT'} = '';
920 &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
921 foreach my $key (keys %icmptypes){
922
923 if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwdfwsettings{'ICMP_TGT'}){
924 $fwdfwsettings{'ICMP_TGT'}=$icmptypes{$key}[0];
925 }
926 }
927 }
928 }
929 }
930
931 #check targetport
932 if ($fwdfwsettings{'USESRV'} ne 'ON'){
933 $fwdfwsettings{'grp3'}='';
934 $fwdfwsettings{$fwdfwsettings{'grp3'}}='';
935 $fwdfwsettings{'TGT_PROT'}='';
936 $fwdfwsettings{'ICMP_TGT'}='';
937 }
938 #check timeframe
939 if($fwdfwsettings{'TIME'} eq 'ON'){
940 if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && $fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && $fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && $fwdfwsettings{'TIME_SUN'} eq ''){
941 $errormessage=$Lang::tr{'fwdfw err time'};
942 }
943 }
944 return $errormessage;
945 }
946 sub checkrule
947 {
948 #check valid remark
949 if ($fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
950 $errormessage.=$Lang::tr{'fwdfw err remark'}."<br>";
951 }
952 #check if source and target identical
953 if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ALL'){
954 $errormessage.=$Lang::tr{'fwdfw err same'};
955 return $errormessage;
956 }
957
958 #get source and targetip address if possible
959 my ($sip,$scidr,$tip,$tcidr);
960 ($sip,$scidr)=&get_ip("src","grp1");
961 ($tip,$tcidr)=&get_ip("tgt","grp2");
962
963 #check same iprange in source and target
964 if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){
965 my $networkip1=&General::getnetworkip($sip,$scidr);
966 my $networkip2=&General::getnetworkip($tip,$tcidr);
967 if ($scidr gt $tcidr){
968 if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr))){
969 $errormessage.=$Lang::tr{'fwdfw err samesub'};
970 }
971 }elsif($scidr eq $tcidr && $scidr eq '32'){
972 my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(/\./,$networkip1);
973 my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(/\./,$networkip2);
974 if ($sbyte1 eq $tbyte1 && $sbyte2 eq $tbyte2 && $sbyte3 eq $tbyte3){
975 $hint=$Lang::tr{'fwdfw hint ip1'}."<br>";
976 $hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr<br>";
977 }
978 }else{
979 if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
980 $errormessage.=$Lang::tr{'fwdfw err samesub'};
981 }
982 }
983 }
984
985 #check source and destination protocol if manual
986 if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){
987 if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
988 $errormessage.=$Lang::tr{'fwdfw err prot'};
989 }
990 #check source and destination protocol if source manual and dest servicegrp
991 if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
992 &General::readhasharray("$configsrv", \%customservice);
993 foreach my $key (sort keys %customservice){
994 if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){
995 if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){
996 $errormessage.=$Lang::tr{'fwdfw err prot'};
997 last;
998 }
999 }
1000 }
1001 }
1002 }
1003 }
1004 sub get_ip
1005 {
1006 my $val=shift;
1007 my $grp =shift;
1008 my $a;
1009 my $b;
1010 &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
1011 if ($fwdfwsettings{$grp} ne $Lang::tr{'fwhost any'}){
1012 if ($fwdfwsettings{$grp} eq $val.'_addr'){
1013 ($a,$b) = split (/\//, $fwdfwsettings{$fwdfwsettings{$grp}});
1014 }elsif($fwdfwsettings{$grp} eq 'std_net_'.$val){
1015 if ($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Gr/i){
1016 $a=$netsettings{'GREEN_NETADDRESS'};
1017 $b=&General::iporsubtocidr($netsettings{'GREEN_NETMASK'});
1018 }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Ora/i){
1019 $a=$netsettings{'ORANGE_NETADDRESS'};
1020 $b=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'});
1021 }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Bl/i){
1022 $a=$netsettings{'BLUE_NETADDRESS'};
1023 $b=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'});
1024 }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /OpenVPN/i){
1025 &General::readhash("$configovpn",\%ovpnsettings);
1026 ($a,$b) = split (/\//, $ovpnsettings{'DOVPN_SUBNET'});
1027 $b=&General::iporsubtocidr($b);
1028 }
1029 }elsif($fwdfwsettings{$grp} eq 'cust_net_'.$val){
1030 &General::readhasharray("$confignet", \%customnetwork);
1031 foreach my $key (keys %customnetwork){
1032 if($customnetwork{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){
1033 $a=$customnetwork{$key}[1];
1034 $b=&General::iporsubtocidr($customnetwork{$key}[2]);
1035 }
1036 }
1037 }elsif($fwdfwsettings{$grp} eq 'cust_host_'.$val){
1038 &General::readhasharray("$confighost", \%customhost);
1039 foreach my $key (keys %customhost){
1040 if($customhost{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){
1041 if ($customhost{$key}[1] eq 'ip'){
1042 ($a,$b)=split (/\//,$customhost{$key}[2]);
1043 $b=&General::iporsubtocidr($b);
1044 }else{
1045 if ($grp eq 'grp2'){
1046 $errormessage=$Lang::tr{'fwdfw err tgt_mac'};
1047 }
1048 }
1049 }
1050 }
1051 }
1052 }
1053 return $a,$b;
1054 }
1055 sub newrule
1056 {
1057 &error;
1058 &General::setup_default_networks(\%defaultNetworks);
1059 #read all configfiles
1060 &General::readhasharray("$configccdnet", \%ccdnet);
1061 &General::readhasharray("$confignet", \%customnetwork);
1062 &General::readhasharray("$configccdhost", \%ccdhost);
1063 &General::readhasharray("$confighost", \%customhost);
1064 &General::readhasharray("$configccdhost", \%ccdhost);
1065 &General::readhasharray("$configgrp", \%customgrp);
1066 &General::readhasharray("$configipsec", \%ipsecconf);
1067 &General::get_aliases(\%aliases);
1068 my %checked=();
1069 my $helper;
1070 my $sum=0;
1071 if($fwdfwsettings{'config'} eq ''){$fwdfwsettings{'config'}=$configfwdfw;}
1072 my $config=$fwdfwsettings{'config'};
1073 my %hash=();
1074 $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
1075 $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
1076 $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
1077 $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
1078 $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
1079 $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
1080 $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
1081 $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
1082 $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
1083 $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
1084 $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED';
1085 $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED';
1086 $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
1087 $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
1088 $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
1089 $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
1090 $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
1091 $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
1092 #check if update and get values
1093 if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){
1094 &General::readhasharray("$config", \%hash);
1095 foreach my $key (sort keys %hash){
1096 $sum++;
1097 if ($key eq $fwdfwsettings{'key'}){
1098 $fwdfwsettings{'oldrulenumber'} = $fwdfwsettings{'key'};
1099 $fwdfwsettings{'RULE_ACTION'} = $hash{$key}[0];
1100 $fwdfwsettings{'ACTIVE'} = $hash{$key}[2];
1101 $fwdfwsettings{'grp1'} = $hash{$key}[3];
1102 $fwdfwsettings{$fwdfwsettings{'grp1'}} = $hash{$key}[4];
1103 $fwdfwsettings{'grp2'} = $hash{$key}[5];
1104 $fwdfwsettings{$fwdfwsettings{'grp2'}} = $hash{$key}[6];
1105 $fwdfwsettings{'USE_SRC_PORT'} = $hash{$key}[7];
1106 $fwdfwsettings{'PROT'} = $hash{$key}[8];
1107 $fwdfwsettings{'ICMP_TYPES'} = $hash{$key}[9];
1108 $fwdfwsettings{'SRC_PORT'} = $hash{$key}[10];
1109 $fwdfwsettings{'USESRV'} = $hash{$key}[11];
1110 $fwdfwsettings{'TGT_PROT'} = $hash{$key}[12];
1111 $fwdfwsettings{'ICMP_TGT'} = $hash{$key}[13];
1112 $fwdfwsettings{'grp3'} = $hash{$key}[14];
1113 $fwdfwsettings{$fwdfwsettings{'grp3'}} = $hash{$key}[15];
1114 $fwdfwsettings{'ruleremark'} = $hash{$key}[16];
1115 $fwdfwsettings{'LOG'} = $hash{$key}[17];
1116 $fwdfwsettings{'TIME'} = $hash{$key}[18];
1117 $fwdfwsettings{'TIME_MON'} = $hash{$key}[19];
1118 $fwdfwsettings{'TIME_TUE'} = $hash{$key}[20];
1119 $fwdfwsettings{'TIME_WED'} = $hash{$key}[21];
1120 $fwdfwsettings{'TIME_THU'} = $hash{$key}[22];
1121 $fwdfwsettings{'TIME_FRI'} = $hash{$key}[23];
1122 $fwdfwsettings{'TIME_SAT'} = $hash{$key}[24];
1123 $fwdfwsettings{'TIME_SUN'} = $hash{$key}[25];
1124 $fwdfwsettings{'TIME_FROM'} = $hash{$key}[26];
1125 $fwdfwsettings{'TIME_TO'} = $hash{$key}[27];
1126 $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
1127 $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
1128 $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
1129 $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
1130 $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
1131 $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
1132 $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
1133 $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
1134 $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
1135 $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
1136 $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED';
1137 $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED';
1138 $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
1139 $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
1140 $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
1141 $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
1142 $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
1143 $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
1144 }
1145 }
1146 $fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'};
1147 $fwdfwsettings{'oldgrp1b'}=$fwdfwsettings{$fwdfwsettings{'grp1'}};
1148 $fwdfwsettings{'oldgrp2a'}=$fwdfwsettings{'grp2'};
1149 $fwdfwsettings{'oldgrp2b'}=$fwdfwsettings{$fwdfwsettings{'grp2'}};
1150 $fwdfwsettings{'oldgrp3a'}=$fwdfwsettings{'grp3'};
1151 $fwdfwsettings{'oldgrp3b'}=$fwdfwsettings{$fwdfwsettings{'grp3'}};
1152 $fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'};
1153 $fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'};
1154 }else{
1155 $fwdfwsettings{'ACTIVE'}='ON';
1156 $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
1157 }
1158
1159 &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
1160
1161 print <<END;
1162 <form method="post">
1163 <table border='0'>
1164 <tr><td nowrap>$Lang::tr{'fwdfw rule action'}</td><td><select name='RULE_ACTION'>
1165 END
1166 foreach ("ACCEPT","DROP","REJECT")
1167 {
1168 if($fwdfwsettings{'updatefwrule'} eq 'on'){
1169 print"<option ";
1170 print "selected='selected'" if ($fwdfwsettings{'RULE_ACTION'} eq $_);
1171 print">$_</option>";
1172 }else{
1173 if($fwdfwsettings{'POLICY'} eq 'MODE2'){
1174 $fwdfwsettings{'RULE_ACTION'} = 'DROP';
1175 }
1176
1177 if ($_ eq $fwdfwsettings{'RULE_ACTION'})
1178 {
1179 print"<option selected>$_</option>";
1180 }else{
1181 print"<option>$_</option>";
1182 }
1183 }
1184 }
1185 print"</select></td></tr></table><hr>";
1186
1187 &Header::closebox();
1188 &Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'});
1189 #------SOURCE-------------------------------------------------------
1190 print<<END;
1191 <table width='100%' border='0'>
1192 <tr><td width='1%'><input type='radio' name='grp1' value='src_addr' checked></td><td colspan='5'>$Lang::tr{'fwdfw sourceip'}<input type='TEXT' name='src_addr' value='$fwdfwsettings{'src_addr'}' ></td></tr>
1193 <tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr>
1194 <tr><td width='1%'><input type='radio' name='grp1' value='std_net_src' $checked{'grp1'}{'std_net_src'}></td><td nowrap='nowrap' width='12%'>$Lang::tr{'fwhost stdnet'}</td><td width='13%'><select name='std_net_src' style='min-width:185px;'>
1195 END
1196 foreach my $network (sort keys %defaultNetworks)
1197 {
1198 next if($defaultNetworks{$network}{'LOCATION'} eq "IPCOP");
1199 next if($defaultNetworks{$network}{'NAME'} eq "RED");
1200 print "<option value='$defaultNetworks{$network}{'NAME'}'";
1201 print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $defaultNetworks{$network}{'NAME'});
1202 print ">$network</option>";
1203 }
1204 print<<END;
1205 </select></td><td width='1%'><input type='radio' name='grp1' value='ovpn_net_src' $checked{'grp1'}{'ovpn_net_src'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%'><select name='ovpn_net_src' style='min-width:185px;'>
1206 END
1207 &fillselect(\%ccdnet,$fwdfwsettings{$fwdfwsettings{'grp1'}});
1208 print<<END;
1209 </select></td></tr>
1210 <tr><td><input type='radio' name='grp1' value='cust_net_src' $checked{'grp1'}{'cust_net_src'}></td><td>$Lang::tr{'fwhost cust net'}</td><td><select name='cust_net_src' style='min-width:185px;'>
1211 END
1212 &fillselect(\%customnetwork,$fwdfwsettings{$fwdfwsettings{'grp1'}});
1213 print<<END;
1214 </select></td><td width='1%'><input type='radio' name='grp1' value='ovpn_host_src' $checked{'grp1'}{'ovpn_host_src'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' width='1%'><select name='ovpn_host_src' style='min-width:185px;'>
1215 END
1216 foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost)
1217 {
1218 if ($ccdhost{$key}[33] ne ''){
1219
1220 print "<option value='$ccdhost{$key}[1]'";
1221 print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $ccdhost{$key}[1]);
1222 print ">$ccdhost{$key}[1]</option>";
1223 }
1224 }
1225 print<<END;
1226 </select></td></tr>
1227 <tr><td valign='top'><input type='radio' name='grp1' value='cust_host_src' $checked{'grp1'}{'cust_host_src'}></td><td>$Lang::tr{'fwhost cust addr'}</td><td><select name='cust_host_src' style='min-width:185px;'>
1228 END
1229 &fillselect(\%customhost,$fwdfwsettings{$fwdfwsettings{'grp1'}});
1230 print<<END;
1231 </select></td><td width='1%'><input type='radio' name='grp1' value='ovpn_n2n_src' $checked{'grp1'}{'ovpn_n2n_src'}></td><td >$Lang::tr{'fwhost ovpn_n2n'}</td><td colspan='3'><select name='ovpn_n2n_src' style='min-width:185px;'>
1232 END
1233 foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost) {
1234 if($ccdhost{$key}[3] eq 'net'){
1235 print"<option ";
1236 print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $ccdhost{$key}[1]);
1237 print ">$ccdhost{$key}[1]</option>";
1238 }
1239 }
1240 print<<END;
1241 </select></td></tr>
1242
1243 <tr><td valign='top'><input type='radio' name='grp1' value='cust_grp_src' $checked{'grp1'}{'cust_grp_src'}></td><td >$Lang::tr{'fwhost cust grp'}</td><td><select name='cust_grp_src' style='min-width:185px;'>
1244 END
1245 foreach my $key (sort { uc($customgrp{$a}[0]) cmp uc($customgrp{$b}[0]) } keys %customgrp) {
1246 if($helper ne $customgrp{$key}[0]){
1247 print"<option ";
1248 print "selected='selected' " if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $customgrp{$key}[0]);
1249 print ">$customgrp{$key}[0]</option>";
1250 }
1251 $helper=$customgrp{$key}[0];
1252 }
1253 print<<END;
1254 </select></td>
1255 <td valign='top'><input type='radio' name='grp1' value='ipsec_net_src' $checked{'grp1'}{'ipsec_net_src'}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td><select name='ipsec_net_src' style='min-width:185px;'>
1256 END
1257 foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
1258 if ($ipsecconf{$key}[3] eq 'net'){
1259 print "<option ";
1260 print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $ipsecconf{$key}[1]);
1261 print ">$ipsecconf{$key}[1]</option>";
1262 }
1263 }
1264 #sourceport
1265 print<<END;
1266 </select></td></tr>
1267 END
1268
1269 # <td valign='top'><input type='radio' name='grp1' value='ipsec_host_src' $checked{'grp1'}{'ipsec_host_src'}></td><td >$Lang::tr{'fwhost ipsec host'}</td><td><select name='ipsec_host_src' style='min-width:185px;'>
1270 #END
1271 # foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
1272 # if ($ipsecconf{$key}[3] eq 'host'){
1273 # print "<option ";
1274 # print "selected='selected'" if($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $ipsecconf{$key}[1]);
1275 # print ">$ipsecconf{$key}[1]</option>";
1276 # }
1277 # }
1278 print<<END;
1279 <tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr></table>
1280 <table width='100%' border='0'>
1281 <tr><td width='1%'><input type='checkbox' name='USE_SRC_PORT' value='ON' $checked{'USE_SRC_PORT'}{'ON'}></td><td width='51%' colspan='3'>$Lang::tr{'fwdfw use srcport'}</td>
1282 <td width='15%' nowrap='nowrap'>$Lang::tr{'fwdfw man port'}</td><td><select name='PROT'>
1283 END
1284 foreach ("TCP","UDP","GRE","ESP","AH","ICMP")
1285 {
1286 if ($_ eq $fwdfwsettings{'PROT'})
1287 {
1288 print"<option selected>$_</option>";
1289 }else{
1290 print"<option>$_</option>";
1291 }
1292 }
1293 $fwdfwsettings{'SRC_PORT'}=~ s/\|/,/g;
1294 print<<END;
1295 </select></td><td align='right'><input type='text' name='SRC_PORT' value='$fwdfwsettings{'SRC_PORT'}' maxlength='20' size='18' ></td></tr>
1296 <tr><td></td><td></td><td></td><td></td><td nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td colspan='2'><select name='ICMP_TYPES'>
1297 END
1298 &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
1299 print"<option>All ICMP-Types</option>";
1300 foreach my $key (sort { uc($icmptypes{$a}[0]) cmp uc($icmptypes{$b}[0]) } keys %icmptypes){
1301 if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){
1302 print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
1303 }else{
1304 print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
1305 }
1306 }
1307 print<<END;
1308 </select></td></tr></table><hr>
1309 END
1310 &Header::closebox();
1311
1312 #---TARGET------------------------------------------------------
1313 &Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'});
1314 print<<END;
1315 <table width='100%' border='0'>
1316 <tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr' checked></td><td colspan='2'>$Lang::tr{'fwdfw targetip'}<input type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16'><td><input type='radio' name='grp2' value='ipfire' $checked{'grp2'}{'ipfire'}></td><td><b>IPFire ($Lang::tr{'external access'})</b></td><td><select name='ipfire' style='min-width:185px;'>
1317 END
1318 print "<option value='Default IP' $selected{'ipfire'}{'Default IP'}>Default IP</option>";
1319
1320 foreach my $alias (sort keys %aliases)
1321 {
1322 print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
1323 }
1324
1325 print<<END;
1326 </td></tr>
1327 <tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr>
1328 <tr><td width='1%'><input type='radio' name='grp2' value='std_net_tgt' $checked{'grp2'}{'std_net_tgt'}></td><td nowrap='nowrap' width='12%'>$Lang::tr{'fwhost stdnet'}</td><td width='13%'><select name='std_net_tgt' style='min-width:185px;'>
1329 END
1330 foreach my $network (sort keys %defaultNetworks)
1331 {
1332 next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
1333 print "<option value='$defaultNetworks{$network}{'NAME'}'";
1334 print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $defaultNetworks{$network}{'NAME'});
1335 print ">$network</option>";
1336 }
1337 print<<END;
1338 </select></td><td width='1%'><input type='radio' name='grp2' value='ovpn_net_tgt' $checked{'grp2'}{'ovpn_net_tgt'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%'><select name='ovpn_net_tgt' style='min-width:185px;'>
1339 END
1340 &fillselect(\%ccdnet,$fwdfwsettings{$fwdfwsettings{'grp2'}});
1341 print<<END;
1342 </select></td></tr>
1343 <tr><td><input type='radio' name='grp2' value='cust_net_tgt' $checked{'grp2'}{'cust_net_tgt'}></td><td>$Lang::tr{'fwhost cust net'}</td><td><select name='cust_net_tgt' style='min-width:185px;'>
1344 END
1345 &fillselect(\%customnetwork,$fwdfwsettings{$fwdfwsettings{'grp2'}});
1346 print<<END;
1347 </select></td><td width='1%'><input type='radio' name='grp2' value='ovpn_host_tgt' $checked{'grp2'}{'ovpn_host_tgt'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' width='1%'><select name='ovpn_host_tgt' style='min-width:185px;'>
1348 END
1349 foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost)
1350 {
1351 if ($ccdhost{$key}[33] ne ''){
1352 print "<option value='$ccdhost{$key}[1]' ";
1353 print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $ccdhost{$key}[33]);
1354 print ">$ccdhost{$key}[1]</option>";
1355 }
1356 }
1357 print<<END;
1358 </select></td></tr>
1359 <tr><td valign='top'><input type='radio' name='grp2' value='cust_host_tgt' $checked{'grp2'}{'cust_host_tgt'}></td><td>$Lang::tr{'fwhost cust addr'}</td><td><select name='cust_host_tgt' style='min-width:185px;'>
1360 END
1361 &fillselect(\%customhost,$fwdfwsettings{$fwdfwsettings{'grp2'}});
1362 print<<END;
1363 </select></td><td width='1%'><input type='radio' name='grp2' value='ovpn_n2n_tgt' $checked{'grp2'}{'ovpn_n2n_tgt'}></td><td >$Lang::tr{'fwhost ovpn_n2n'}</td><td colspan='3'><select name='ovpn_n2n_tgt' style='min-width:185px;'>
1364 END
1365 foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost) {
1366 if($ccdhost{$key}[3] eq 'net'){
1367 print "<option ";
1368 print "selected='selected'" if($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $ccdhost{$key}[1]);
1369 print ">$ccdhost{$key}[1]</option>";
1370 }
1371 }
1372 print<<END;
1373 </select></td></tr>
1374 <tr><td valign='top'><input type='radio' name='grp2' value='cust_grp_tgt' $checked{'grp2'}{'cust_grp_tgt'}></td><td >$Lang::tr{'fwhost cust grp'}</td><td><select name='cust_grp_tgt' style='min-width:185px;'>
1375 END
1376 $helper='';
1377 foreach my $key (sort { uc($customgrp{$a}[0]) cmp uc($customgrp{$b}[0]) } keys %customgrp) {
1378 if($helper ne $customgrp{$key}[0]){
1379 print"<option ";
1380 print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $customgrp{$key}[0]);
1381 print">$customgrp{$key}[0]</option>";
1382 }
1383 $helper=$customgrp{$key}[0];
1384 }
1385 print<<END;
1386 </select></td>
1387 <td valign='top'><input type='radio' name='grp2' value='ipsec_net_tgt' $checked{'grp2'}{'ipsec_net_tgt'}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td><select name='ipsec_net_tgt' style='min-width:185px;'>
1388 END
1389 foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
1390 if ($ipsecconf{$key}[3] eq 'net'){
1391 print"<option ";
1392 print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $ipsecconf{$key}[1]);
1393 print">$ipsecconf{$key}[1]</option>";
1394 }
1395 }
1396 print<<END;
1397 </select></td></tr>
1398 END
1399 # <td valign='top'><input type='radio' name='grp2' value='ipsec_host_tgt' $checked{'grp2'}{'ipsec_host_tgt'}></td><td >$Lang::tr{'fwhost ipsec host'}</td><td><select name='ipsec_host_tgt' style='min-width:185px;'>
1400 #END
1401 # foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
1402 # if ($ipsecconf{$key}[3] eq 'host'){
1403 # print"<option ";
1404 # print"selected='Selected'" if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $ipsecconf{$key}[1]);
1405 # print">$ipsecconf{$key}[1]</option>";
1406 # }
1407 # }
1408 print<<END;
1409 </table>
1410 <b>$Lang::tr{'fwhost attention'}:</b><br>
1411 $Lang::tr{'fwhost macwarn'}<br><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; '></hr><br>
1412
1413 <table width='100%' border='0'>
1414 <tr><td width='1%'><input type='checkbox' name='USESRV' value='ON' $checked{'USESRV'}{'ON'} ></td><td width='48%'>$Lang::tr{'fwdfw use srv'}</td><td width='1%'><input type='radio' name='grp3' value='cust_srv' checked></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td width='1%' colspan='2'><select name='cust_srv'style='min-width:230px;' >
1415 END
1416 &General::readhasharray("$configsrv", \%customservice);
1417 foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){
1418 print"<option ";
1419 print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]);
1420 print"value='$customservice{$key}[0]'>$customservice{$key}[0]</option>";
1421 }
1422 print<<END;
1423 </select></td></tr>
1424 <tr><td colspan='2'></td><td><input type='radio' name='grp3' value='cust_srvgrp' $checked{'grp3'}{'cust_srvgrp'}></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust srvgrp'}:</td><td colspan='2'><select name='cust_srvgrp'style='min-width:230px;' >
1425 END
1426 &General::readhasharray("$configsrvgrp", \%customservicegrp);
1427 my $helper;
1428 foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) } keys %customservicegrp){
1429 if ($helper ne $customservicegrp{$key}[0]){
1430 print"<option ";
1431 print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservicegrp{$key}[0]);
1432 print">$customservicegrp{$key}[0]</option>";
1433 }
1434 $helper=$customservicegrp{$key}[0];
1435 }
1436 print<<END;
1437 </select></td></tr>
1438 <tr><td colspan='2'></td><td><input type='radio' name='grp3' value='TGT_PORT' $checked{'grp3'}{'TGT_PORT'}></td><td>$Lang::tr{'fwdfw man port'}</td><td><select name='TGT_PROT'>
1439 END
1440 foreach ("TCP","UDP","GRE","ESP","AH","ICMP")
1441 {
1442 if ($_ eq $fwdfwsettings{'TGT_PROT'})
1443 {
1444 print"<option selected>$_</option>";
1445 }else{
1446 print"<option>$_</option>";
1447 }
1448 }
1449 $fwdfwsettings{'TGT_PORT'} =~ s/\|/,/g;
1450 print<<END;
1451 </select></td><td align='right'><input type='text' name='TGT_PORT' value='$fwdfwsettings{'TGT_PORT'}' maxlength='20' size='18' ></td></tr>
1452 <tr><td colspan='2'></td><td></td><td>$Lang::tr{'fwhost icmptype'}</td><td colspan='2'><select name='ICMP_TGT'>
1453 END
1454 &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
1455 print"<option>All ICMP-Types</option>";
1456 foreach my $key (sort { uc($icmptypes{$a}[0]) cmp uc($icmptypes{$b}[0]) }keys %icmptypes){
1457 if($fwdfwsettings{'ICMP_TGT'} eq "$icmptypes{$key}[0]"){
1458 print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
1459 }else{
1460 print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
1461 }
1462 }
1463 print<<END;
1464 </select></td></tr>
1465 </table><hr><br><br>
1466
1467 END
1468 #---Activate/logging/remark-------------------------------------
1469 &Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'});
1470 print<<END;
1471 <table width='100%' border='0'>
1472 <tr><td width='12%'>$Lang::tr{'remark'}:</td><td align='left'><input type='text' name='ruleremark' size='40' maxlength='255' value='$fwdfwsettings{'ruleremark'}'></td></tr>
1473 END
1474 if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on'){
1475 print "<tr><td width='12%'>$Lang::tr{'fwdfw rulepos'}:</td><td><select name='rulepos' >";
1476 for (my $count =1; $count <= $sum; $count++){
1477 print"<option value='$count' ";
1478 print"selected='selected'" if($fwdfwsettings{'oldrulenumber'} eq $count);
1479 print">$count</option>";
1480 }
1481 print"</select></td></tr>";
1482 }else{
1483 print "<tr><td width='12%'>$Lang::tr{'fwdfw rulepos'}:</td><td><input type='text' name='rulepos' size='2'></td></tr>";
1484 }
1485
1486 print<<END;
1487 </table><table width='100%'>
1488 <tr><td width='1%'><input type='checkbox' name='ACTIVE' value='ON' $checked{'ACTIVE'}{'ON'}></td><td>$Lang::tr{'fwdfw rule activate'}</td></tr>
1489 <tr><td width='1%'><input type='checkbox' name='LOG' value='ON' $checked{'LOG'}{'ON'} ></td><td>$Lang::tr{'fwdfw log rule'}</td></tr>
1490 </table><hr><br>
1491 END
1492 &Header::closebox();
1493 #---ADD TIMEFRAME-----------------------------------------------
1494 &Header::openbox('100%', 'left', $Lang::tr{'fwdfw timeframe'});
1495 print<<END;
1496 <table width='70%' border='0'>
1497 <tr><td width='1%'><input type='checkbox' name='TIME' value='ON' $checked{'TIME'}{'ON'}></td><td colspan='4'>$Lang::tr{'fwdfw timeframe'}</td></tr>
1498 <tr><td colspan='7'>&nbsp</td></tr>
1499 <tr>
1500 <td align='left'>$Lang::tr{'time'}:</td>
1501 <td width='30%' align='left'>$Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'}</td>
1502 <td width='15%' align='left'>$Lang::tr{'advproxy from'}</td>
1503 <td width='15%' align='left'>$Lang::tr{'advproxy to'}</td>
1504 </tr>
1505 <tr>
1506 <td align='right'></td>
1507 <td width='30%' align='left'>
1508 <input type='checkbox' name='TIME_MON' value='on' $checked{'TIME_MON'}{'on'} />
1509 <input type='checkbox' name='TIME_TUE' value='on' $checked{'TIME_TUE'}{'on'} />
1510 <input type='checkbox' name='TIME_WED' value='on' $checked{'TIME_WED'}{'on'} />
1511 <input type='checkbox' name='TIME_THU' value='on' $checked{'TIME_THU'}{'on'} />
1512 <input type='checkbox' name='TIME_FRI' value='on' $checked{'TIME_FRI'}{'on'} />
1513 <input type='checkbox' name='TIME_SAT' value='on' $checked{'TIME_SAT'}{'on'} />
1514 <input type='checkbox' name='TIME_SUN' value='on' $checked{'TIME_SUN'}{'on'} />
1515 </td>
1516 <td><select name='TIME_FROM'>
1517 END
1518 for (my $i=0;$i<=23;$i++) {
1519 $i = sprintf("%02s",$i);
1520 for (my $j=0;$j<=45;$j+=15) {
1521 $j = sprintf("%02s",$j);
1522 my $time = $i.":".$j;
1523 print "\t\t\t\t\t<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n";
1524 }
1525 }
1526 print<<END;
1527 </select></td>
1528 <td><select name='TIME_TO'>
1529 END
1530 for (my $i=0;$i<=23;$i++) {
1531 $i = sprintf("%02s",$i);
1532 for (my $j=0;$j<=45;$j+=15) {
1533 $j = sprintf("%02s",$j);
1534 my $time = $i.":".$j;
1535 print "\t\t\t\t\t<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
1536 }
1537 }
1538 print<<END;
1539 </select></td></tr>
1540 </table><hr>
1541 END
1542 &Header::closebox();
1543 #---ACTION------------------------------------------------------
1544 if($fwdfwsettings{'updatefwrule'} ne 'on'){
1545 print<<END;
1546 <table border='0' width='100%'>
1547 <tr><td align='right'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' />
1548 <input type='hidden' name='config' value='$config' >
1549 <input type='hidden' name='ACTION' value='saverule' >
1550 </form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value'reset'></td></td>
1551 </table></form>
1552 END
1553 }else{
1554 print<<END;
1555 <table border='0' width='100%'>
1556 <tr><td align='right'><input type='submit' value='$Lang::tr{'fwdfw change'}' style='min-width:100px;' /><input type='hidden' name='updatefwrule' value='$fwdfwsettings{'updatefwrule'}'><input type='hidden' name='key' value='$fwdfwsettings{'key'}'>
1557 <input type='hidden' name='oldgrp1a' value='$fwdfwsettings{'oldgrp1a'}' />
1558 <input type='hidden' name='oldgrp1b' value='$fwdfwsettings{'oldgrp1b'}' />
1559 <input type='hidden' name='oldgrp2a' value='$fwdfwsettings{'oldgrp2a'}' />
1560 <input type='hidden' name='oldgrp2b' value='$fwdfwsettings{'oldgrp2b'}' />
1561 <input type='hidden' name='oldgrp3a' value='$fwdfwsettings{'oldgrp3a'}' />
1562 <input type='hidden' name='oldgrp3b' value='$fwdfwsettings{'oldgrp3b'}' />
1563 <input type='hidden' name='oldusesrv' value='$fwdfwsettings{'oldusesrv'}' />
1564 <input type='hidden' name='oldrulenumber' value='$fwdfwsettings{'oldrulenumber'}' />
1565 <input type='hidden' name='rulenumber' value='$fwdfwsettings{'rulepos'}' />
1566 <input type='hidden' name='oldruleremark' value='$fwdfwsettings{'oldruleremark'}' />
1567 <input type='hidden' name='ACTION' value='saverule' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value'reset'></td></td>
1568 </table></form>
1569 END
1570 }
1571 &Header::closebox();
1572 }
1573 sub saverule
1574 {
1575 my $hash=shift;
1576 my $config=shift;
1577 &General::readhasharray("$config", $hash);
1578 if (!$errormessage){
1579 #check if we change an forward rule to an external access
1580 if( $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'oldgrp2a'} ne 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){
1581 &changerule($configfwdfw);
1582 }
1583 #check if we change an forward rule to an outgoing
1584 if( $fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' && $fwdfwsettings{'oldgrp1b'} ne 'IPFire' && $fwdfwsettings{'updatefwrule'} eq 'on'){
1585 &changerule($configfwdfw);
1586 }
1587 #check if we change an external access rule to a forward
1588 if( $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){
1589 &changerule($configinput);
1590 }
1591 #check if we change an external access rule to a outgoing
1592 if( $fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' && $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){
1593 &changerule($configinput);
1594 }
1595 #check if we change an outgoing rule to a forward
1596 if( $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'IPFire' && $fwdfwsettings{'oldgrp1b'} eq 'IPFire' && $fwdfwsettings{'grp2'} ne 'ipfire' &&$fwdfwsettings{'updatefwrule'} eq 'on'){
1597 &changerule($configoutgoing);
1598 }
1599 #check if we change an outgoing rule to a external access
1600 if( $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'IPFire' && $fwdfwsettings{'oldgrp1b'} eq 'IPFire' && $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){
1601 &changerule($configoutgoing);
1602 }
1603 if ($fwdfwsettings{'updatefwrule'} ne 'on'){
1604 my $key = &General::findhasharraykey ($hash);
1605 $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
1606 $$hash{$key}[1] = $fwdfwsettings{'chain'};
1607 $$hash{$key}[2] = $fwdfwsettings{'ACTIVE'};
1608 $$hash{$key}[3] = $fwdfwsettings{'grp1'};
1609 $$hash{$key}[4] = $fwdfwsettings{$fwdfwsettings{'grp1'}};
1610 $$hash{$key}[5] = $fwdfwsettings{'grp2'};
1611 $$hash{$key}[6] = $fwdfwsettings{$fwdfwsettings{'grp2'}};
1612 $$hash{$key}[7] = $fwdfwsettings{'USE_SRC_PORT'};
1613 $$hash{$key}[8] = $fwdfwsettings{'PROT'};
1614 $$hash{$key}[9] = $fwdfwsettings{'ICMP_TYPES'};
1615 $$hash{$key}[10] = $fwdfwsettings{'SRC_PORT'};
1616 $$hash{$key}[11] = $fwdfwsettings{'USESRV'};
1617 $$hash{$key}[12] = $fwdfwsettings{'TGT_PROT'};
1618 $$hash{$key}[13] = $fwdfwsettings{'ICMP_TGT'};
1619 $$hash{$key}[14] = $fwdfwsettings{'grp3'};
1620 $$hash{$key}[15] = $fwdfwsettings{$fwdfwsettings{'grp3'}};
1621 $$hash{$key}[16] = $fwdfwsettings{'ruleremark'};
1622 $$hash{$key}[17] = $fwdfwsettings{'LOG'};
1623 $$hash{$key}[18] = $fwdfwsettings{'TIME'};
1624 $$hash{$key}[19] = $fwdfwsettings{'TIME_MON'};
1625 $$hash{$key}[20] = $fwdfwsettings{'TIME_TUE'};
1626 $$hash{$key}[21] = $fwdfwsettings{'TIME_WED'};
1627 $$hash{$key}[22] = $fwdfwsettings{'TIME_THU'};
1628 $$hash{$key}[23] = $fwdfwsettings{'TIME_FRI'};
1629 $$hash{$key}[24] = $fwdfwsettings{'TIME_SAT'};
1630 $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'};
1631 $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'};
1632 $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
1633 &General::writehasharray("$config", $hash);
1634 }else{
1635 foreach my $key (sort {$a <=> $b} keys %$hash){
1636 if($key eq $fwdfwsettings{'key'}){
1637 $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
1638 $$hash{$key}[1] = $fwdfwsettings{'chain'};
1639 $$hash{$key}[2] = $fwdfwsettings{'ACTIVE'};
1640 $$hash{$key}[3] = $fwdfwsettings{'grp1'};
1641 $$hash{$key}[4] = $fwdfwsettings{$fwdfwsettings{'grp1'}};
1642 $$hash{$key}[5] = $fwdfwsettings{'grp2'};
1643 $$hash{$key}[6] = $fwdfwsettings{$fwdfwsettings{'grp2'}};
1644 $$hash{$key}[7] = $fwdfwsettings{'USE_SRC_PORT'};
1645 $$hash{$key}[8] = $fwdfwsettings{'PROT'};
1646 $$hash{$key}[9] = $fwdfwsettings{'ICMP_TYPES'};
1647 $$hash{$key}[10] = $fwdfwsettings{'SRC_PORT'};
1648 $$hash{$key}[11] = $fwdfwsettings{'USESRV'};
1649 $$hash{$key}[12] = $fwdfwsettings{'TGT_PROT'};
1650 $$hash{$key}[13] = $fwdfwsettings{'ICMP_TGT'};
1651 $$hash{$key}[14] = $fwdfwsettings{'grp3'};
1652 $$hash{$key}[15] = $fwdfwsettings{$fwdfwsettings{'grp3'}};
1653 $$hash{$key}[16] = $fwdfwsettings{'ruleremark'};
1654 $$hash{$key}[17] = $fwdfwsettings{'LOG'};
1655 $$hash{$key}[18] = $fwdfwsettings{'TIME'};
1656 $$hash{$key}[19] = $fwdfwsettings{'TIME_MON'};
1657 $$hash{$key}[20] = $fwdfwsettings{'TIME_TUE'};
1658 $$hash{$key}[21] = $fwdfwsettings{'TIME_WED'};
1659 $$hash{$key}[22] = $fwdfwsettings{'TIME_THU'};
1660 $$hash{$key}[23] = $fwdfwsettings{'TIME_FRI'};
1661 $$hash{$key}[24] = $fwdfwsettings{'TIME_SAT'};
1662 $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'};
1663 $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'};
1664 $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
1665 last;
1666 }
1667 }
1668 }
1669 &General::writehasharray("$config", $hash);
1670 if($fwdfwsettings{'oldrulenumber'} > $fwdfwsettings{'rulepos'}){
1671 my %tmp=();
1672 my $val=$fwdfwsettings{'oldrulenumber'}-$fwdfwsettings{'rulepos'};
1673 for (my $z=0;$z<$val;$z++){
1674 foreach my $key (sort {$a <=> $b} keys %$hash){
1675 if ($key eq $fwdfwsettings{'oldrulenumber'}) {
1676 my $last = $key -1;
1677 if (exists $$hash{$last}){
1678 #save rule last
1679 foreach my $y (0 .. $#{$$hash{$last}}) {
1680 $tmp{0}[$y] = $$hash{$last}[$y];
1681 }
1682 #copy active rule to last
1683 foreach my $i (0 .. $#{$$hash{$last}}) {
1684 $$hash{$last}[$i] = $$hash{$key}[$i];
1685 }
1686 #copy saved rule to actual position
1687 foreach my $x (0 .. $#{$tmp{0}}) {
1688 $$hash{$key}[$x] = $tmp{0}[$x];
1689 }
1690 }
1691 }
1692 }
1693 $fwdfwsettings{'oldrulenumber'}--;
1694 }
1695 &General::writehasharray("$config", $hash);
1696 &rules;
1697 }elsif($fwdfwsettings{'rulepos'} > $fwdfwsettings{'oldrulenumber'}){
1698 my %tmp=();
1699 my $val=$fwdfwsettings{'rulepos'}-$fwdfwsettings{'oldrulenumber'};
1700 for (my $z=0;$z<$val;$z++){
1701 foreach my $key (sort {$a <=> $b} keys %$hash){
1702 if ($key eq $fwdfwsettings{'oldrulenumber'}) {
1703 my $next = $key + 1;
1704 if (exists $$hash{$next}){
1705 #save rule next
1706 foreach my $y (0 .. $#{$$hash{$next}}) {
1707 $tmp{0}[$y] = $$hash{$next}[$y];
1708 }
1709 #copy active rule to next
1710 foreach my $i (0 .. $#{$$hash{$next}}) {
1711 $$hash{$next}[$i] = $$hash{$key}[$i];
1712 }
1713 #copy saved rule to actual position
1714 foreach my $x (0 .. $#{$tmp{0}}) {
1715 $$hash{$key}[$x] = $tmp{0}[$x];
1716 }
1717 }
1718 }
1719 }
1720 $fwdfwsettings{'oldrulenumber'}++;
1721 }
1722 &General::writehasharray("$config", $hash);
1723 &rules;
1724 }
1725 }
1726 }
1727 sub error
1728 {
1729 if ($errormessage) {
1730 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
1731 print "<class name='base'>$errormessage\n";
1732 print "&nbsp;</class>\n";
1733 &Header::closebox();
1734 print"<hr>";
1735 }
1736 }
1737 sub hint
1738 {
1739 if ($hint) {
1740 &Header::openbox('100%', 'left', $Lang::tr{'fwhost hint'});
1741 print "<class name='base'>$hint\n";
1742 print "&nbsp;</class>\n";
1743 &Header::closebox();
1744 print"<hr>";
1745 }
1746 }
1747 sub get_name
1748 {
1749 my $val=shift;
1750 &General::setup_default_networks(\%defaultNetworks);
1751 foreach my $network (sort keys %defaultNetworks)
1752 {
1753 return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
1754 }
1755 }
1756 sub validremark
1757 {
1758 # Checks a hostname against RFC1035
1759 my $remark = $_[0];
1760
1761 # Each part should be at least two characters in length
1762 # but no more than 63 characters
1763 if (length ($remark) < 1 || length ($remark) > 255) {
1764 return 0;}
1765 # Only valid characters are a-z, A-Z, 0-9 and -
1766 if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-.:;_\/\s]*$/) {
1767 return 0;}
1768 # First character can only be a letter or a digit
1769 if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÖÄÜ0-9]*$/) {
1770 return 0;}
1771 # Last character can only be a letter or a digit
1772 if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9.]*$/) {
1773 return 0;}
1774 return 1;
1775 }
1776 sub getsrcport
1777 {
1778 my %hash=%{(shift)};
1779 my $key=shift;
1780 if($hash{$key}[7] eq 'ON' && $hash{$key}[8] ne '' && $hash{$key}[10]){
1781 $hash{$key}[10]=~ s/\|/,/g;
1782 print": $hash{$key}[10]";
1783 }elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){
1784 print": <br>$hash{$key}[9] ";
1785 }
1786 }
1787 sub gettgtport
1788 {
1789 my %hash=%{(shift)};
1790 my $key=shift;
1791 my $service;
1792 my $prot;
1793 if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){
1794 if($hash{$key}[14] eq 'cust_srv'){
1795 &General::readhasharray("$configsrv", \%customservice);
1796 foreach my $i (sort keys %customservice){
1797 if($customservice{$i}[0] eq $hash{$key}[15]){
1798 $service = $customservice{$i}[0];
1799 }
1800 }
1801 }elsif($hash{$key}[14] eq 'cust_srvgrp'){
1802 $service=$hash{$key}[15];
1803 }elsif($hash{$key}[14] eq 'TGT_PORT'){
1804 $hash{$key}[15]=~ s/\|/,/g;
1805 $service=$hash{$key}[15];
1806 }
1807 if($service){
1808 print": $service";
1809 }
1810 }elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){
1811 print":<br>$hash{$key}[13]";
1812 }
1813 }
1814 sub get_serviceports
1815 {
1816 my $type=shift;
1817 my $name=shift;
1818 &General::readhasharray("$configsrv", \%customservice);
1819 &General::readhasharray("$configsrvgrp", \%customservicegrp);
1820 my $protocols;
1821 my $tcp;
1822 my $udp;
1823 if($type eq 'service'){
1824 foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){
1825 if ($customservice{$key}[0] eq $name){
1826 $protocols=$customservice{$key}[2];
1827 }
1828 }
1829 }elsif($type eq 'group'){
1830 foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) } keys %customservicegrp){
1831 if ($customservicegrp{$key}[0] eq $name){
1832 foreach my $key1 (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){
1833 if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
1834 if($customservice{$key1}[2] eq 'TCP'){$tcp='TCP';}else{$udp='UDP';}
1835 }
1836 }
1837 }
1838 }
1839 }
1840 if($tcp && $udp){$protocols="TCP,UDP";
1841 }elsif($tcp){$protocols.="TCP";
1842 }elsif($udp){$protocols.="UDP";}
1843 return $protocols;
1844 }
1845 sub viewtablerule
1846 {
1847
1848 &viewtablenew(\%configfwdfw,$configfwdfw,$Lang::tr{'fwdfw rules'},"Forward" );
1849 &viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'external access'} );
1850 &viewtablenew(\%configoutgoingfw,$configoutgoing,"","Outgoing" );
1851 }
1852 sub viewtablenew
1853 {
1854 my $hash=shift;
1855 my $config=shift;
1856 my $title=shift;
1857 my $title1=shift;
1858 my $go='';
1859 &General::readhasharray("$config", $hash);
1860 if( ! -z $config){
1861 &Header::openbox('100%', 'left',$title);
1862 my $count=0;
1863 my ($gif,$log);
1864 my $ruletype;
1865 my $rulecolor;
1866 my $tooltip;
1867 my @tmpsrc=();
1868 my $coloryellow='';
1869 print"<b>$title1</b><br>";
1870 print"<table width='100%' style='border: 1px solid #000000;' rules='none'; padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;'>";
1871 print"<tr><td align='center' width='1%'><b>#</td><td width='1%'></td><td align='center' ><b>$Lang::tr{'fwdfw source'}</td><td width='1%'><b>Log</td><td align='center' width='20%'><b>$Lang::tr{'fwdfw target'}</td><td align='center'><b>$Lang::tr{'protocol'}</b></td><td align='center' width='70%'><b>$Lang::tr{'remark'}</td><td align='center' colspan='3' width='1%'><b>$Lang::tr{'fwdfw action'}</td></tr>";
1872 foreach my $key (sort {$a <=> $b} keys %$hash){
1873 @tmpsrc=();
1874 #check if vpn hosts/nets have been deleted
1875 if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){
1876 push (@tmpsrc,$$hash{$key}[4]);
1877 }
1878 if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /ovpn/i){
1879 push (@tmpsrc,$$hash{$key}[6]);
1880 }
1881 foreach my $host (@tmpsrc){
1882 if($$hash{$key}[3] eq 'ipsec_net_src' || $$hash{$key}[5] eq 'ipsec_net_tgt'){
1883 if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
1884 $coloryellow='on';
1885 &disable_rule($key);
1886 $$hash{$key}[2]='';
1887 }
1888 }elsif($$hash{$key}[3] eq 'ovpn_net_src' || $$hash{$key}[5] eq 'ovpn_net_tgt'){
1889 if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
1890 $coloryellow='on';
1891 &disable_rule($key);
1892 $$hash{$key}[2]='';
1893 }
1894 }elsif($$hash{$key}[3] eq 'ovpn_n2n_src' || $$hash{$key}[5] eq 'ovpn_n2n_tgt'){
1895 if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
1896 $coloryellow='on';
1897 &disable_rule($key);
1898 $$hash{$key}[2]='';
1899 }
1900 }elsif($$hash{$key}[3] eq 'ovpn_host_src' || $$hash{$key}[5] eq 'ovpn_host_tgt'){
1901 if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
1902 $coloryellow='on';
1903 &disable_rule($key);
1904 $$hash{$key}[2]='';
1905 }
1906 }
1907 $$hash{$key}[3]='';
1908 $$hash{$key}[5]='';
1909 }
1910 $$hash{'ACTIVE'}=$$hash{$key}[2];
1911 $count++;
1912 if($coloryellow eq 'on'){
1913 print"<tr bgcolor='$color{'color14'}' >";
1914 $coloryellow='';
1915 }elsif($coloryellow eq ''){
1916 if ($count % 2){
1917 print"<tr bgcolor='$color{'color22'}' >";
1918 }
1919 else{
1920 print"<tr bgcolor='$color{'color20'}' >";
1921 }
1922 }
1923 print<<END;
1924 <td align='right'>$key</td>
1925 END
1926 if ($$hash{$key}[0] eq 'ACCEPT'){
1927 $ruletype='A';
1928 $tooltip='ACCEPT';
1929 $rulecolor=$color{'color17'};
1930 }elsif($$hash{$key}[0] eq 'DROP'){
1931 $ruletype='D';
1932 $tooltip='DROP';
1933 $rulecolor=$color{'color25'};
1934 }elsif($$hash{$key}[0] eq 'REJECT'){
1935 $ruletype='R';
1936 $tooltip='REJECT';
1937 $rulecolor=$color{'color16'};
1938 }
1939 print"<td bgcolor='$rulecolor' width='2%' align='center'><span title='$tooltip'><b>$ruletype</b></span></td>";
1940 print"<td align='center' nowrap='nowrap'>";
1941 if ($$hash{$key}[3] eq 'std_net_src'){
1942 print &get_name($$hash{$key}[4]);
1943 }else{
1944 print $$hash{$key}[4];
1945 }
1946 &getsrcport(\%$hash,$key);
1947 if ($$hash{$key}[17] eq 'ON'){
1948 $log="/images/on.gif";
1949 }else{
1950 $log="/images/off.gif";
1951 }
1952 print<<END;
1953 </td>
1954 <form method='post'>
1955 <td width='1%' align='left'><input type='image' img src='$log' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw togglelog'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;'/>
1956 <input type='hidden' name='key' value='$key' />
1957 <input type='hidden' name='config' value='$config' />
1958 <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw togglelog'}' />
1959 </td></form>
1960 END
1961 print<<END;
1962 <td align='center' nowrap='nowrap'>
1963 END
1964 if ($$hash{$key}[5] eq 'std_net_tgt'){
1965 print &get_name($$hash{$key}[6]);
1966 }else{
1967 print $$hash{$key}[6];
1968 }
1969 &gettgtport(\%$hash,$key);
1970 ################################################################################
1971 print"</td>";
1972 #Get Protocol
1973 my $prot;
1974 if ($$hash{$key}[12]){ #target prot if manual
1975 $prot=$$hash{$key}[12];
1976 }elsif($$hash{$key}[8]){ #source prot if manual
1977 $prot=$$hash{$key}[8];
1978 }elsif($$hash{$key}[14] eq 'cust_srv'){
1979 $prot=&get_serviceports("service",$$hash{$key}[15]);
1980 }elsif($$hash{$key}[14] eq 'cust_srvgrp'){
1981 $prot=&get_serviceports("group",$$hash{$key}[15]);
1982 }else{
1983 $prot=$Lang::tr{'all'};
1984 }
1985 print"<td align='center'>$prot</td>";
1986
1987 print"<td width='20%'>$$hash{$key}[16]</td>";
1988
1989 if($$hash{$key}[2] eq 'ON'){
1990 $gif="/images/on.gif"
1991
1992 }else{
1993 $gif="/images/off.gif"
1994 }
1995 print<<END;
1996 <form method='post'>
1997 <td width='1%'><input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
1998 <input type='hidden' name='key' value='$key' />
1999 <input type='hidden' name='config' value='$config' />
2000 <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw toggle'}' />
2001 </td></form>
2002 <form method='post'>
2003 <td width='1%' ><input type='image' img src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'fwdfw edit'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
2004 <input type='hidden' name='key' value='$key' />
2005 <input type='hidden' name='config' value='$config' />
2006 <input type='hidden' name='ACTION' value='editrule' />
2007 </td></form></td>
2008 <form method='post'>
2009 <td width='1%'><input type='image' img src='/images/addblue.gif' alt='$Lang::tr{'fwdfw copy'}' title='$Lang::tr{'fwdfw copy'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
2010 <input type='hidden' name='key' value='$key' />
2011 <input type='hidden' name='config' value='$config' />
2012 <input type='hidden' name='ACTION' value='copyrule' />
2013 </td></form></td>
2014 <form method='post'>
2015 <td width='1%' ><input type='image' img src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'fwdfw delete'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
2016 <input type='hidden' name='key' value='$key' />
2017 <input type='hidden' name='config' value='$config' />
2018 <input type='hidden' name='ACTION' value='deleterule' />
2019 </td></form></td>
2020 END
2021 if (exists $$hash{$key-1}){
2022 print<<END;
2023 <form method='post'>
2024 <td width='1%'><input type='image' img src='/images/up.gif' alt='$Lang::tr{'fwdfw moveup'}' title='$Lang::tr{'fwdfw moveup'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
2025 <input type='hidden' name='key' value='$key' />
2026 <input type='hidden' name='config' value='$config' />
2027 <input type='hidden' name='ACTION' value='moveup' />
2028 </td></form></td>
2029 END
2030 }else{
2031 print"<td></td>";
2032 }
2033 if (exists $$hash{$key+1}){
2034 print<<END;
2035 <form method='post'>
2036 <td width='1%' ><input type='image' img src='/images/down.gif' alt='$Lang::tr{'fwdfw movedown'}' title='$Lang::tr{'fwdfw movedown'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
2037 <input type='hidden' name='key' value='$key' />
2038 <input type='hidden' name='config' value='$config' />
2039 <input type='hidden' name='ACTION' value='movedown' />
2040 </td></form></td></tr>
2041 END
2042 }else{
2043 print"<td></td></tr>";
2044 }
2045 #if timeframe set, print new line in table
2046 if ($$hash{$key}[18] eq 'ON'){
2047 my @days=();
2048 if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});}
2049 if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});}
2050 if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});}
2051 if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});}
2052 if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});}
2053 if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});}
2054 if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});}
2055 my $weekdays=join(",",@days);
2056 if (@days){
2057 print"<tr bgcolor='#FFE4B5'><td colspan='6'>$Lang::tr{'fwdfw time'} ";
2058 print"$weekdays";
2059 print "&nbsp $Lang::tr{'fwdfw from'} $$hash{$key}[26] &nbsp $Lang::tr{'fwdfw till'} $$hash{$key}[27]</td><td colspan='8'></d></tr>";
2060 }
2061 }
2062 }
2063 print"</table>";
2064 &Header::closebox();
2065 }
2066 }
2067 sub p2pblock
2068 {
2069 my $gif;
2070 open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
2071 @p2ps = <FILE>;
2072 close FILE;
2073 &Header::openbox('100%', 'center', 'P2P-Block');
2074 print <<END;
2075 <table width='35%' border='0'>
2076 <tr bgcolor='$color{'color22'}'><td align=center colspan='2' ><b>$Lang::tr{'protocol'}</b></td><td align='center'><b>$Lang::tr{'status'}</b></td></tr>
2077 END
2078 foreach my $p2pentry (sort @p2ps)
2079 {
2080 my @p2pline = split( /\;/, $p2pentry );
2081 if($p2pline[2] eq 'on'){
2082 $gif="/images/on.gif"
2083 }else{
2084 $gif="/images/off.gif"
2085 }
2086 print <<END;
2087 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
2088 <tr bgcolor='$color{'color20'}'>
2089 <td align='center' colspan='2' >$p2pline[0]:</td><td align='center'><input type='hidden' name='P2PROT' value='$p2pline[1]' /><input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' ><input type='hidden' name='ACTION' value='togglep2p'></td></tr></form>
2090 END
2091 }
2092 print"<tr><td><img src='/images/on.gif'></td><td align='left'>$Lang::tr{'outgoing firewall p2p allow'}</td></tr>";
2093 print"<tr><td><img src='/images/off.gif'></td><td align='left'>$Lang::tr{'outgoing firewall p2p deny'}</td></tr></table>";
2094 &Header::closebox();
2095 }
2096 sub fillselect
2097 {
2098 my %hash=%{(shift)};
2099 my $val=shift;
2100 my $key;
2101 foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
2102 if($hash{$key}[0] eq $val){
2103 print"<option value='$hash{$key}[0]' selected>$hash{$key}[0]</option>";
2104 }else{
2105 print"<option value='$hash{$key}[0]'>$hash{$key}[0]</option>";
2106 }
2107 }
2108 }
2109 sub rules
2110 {
2111 if (!-f "${General::swroot}/forward/reread"){
2112 system("touch ${General::swroot}/forward/reread");
2113 system("touch ${General::swroot}/fwhosts/reread");
2114 }
2115 }
2116 sub reread_rules
2117 {
2118 system("/usr/local/bin/forwardfwctrl");
2119 if ( -f "${General::swroot}/forward/reread"){
2120 system("rm ${General::swroot}/forward/reread");
2121 system("rm ${General::swroot}/fwhosts/reread");
2122 }
2123 }
2124 &Header::closebigbox();
2125 &Header::closepage();
Timo's tree of IPFire 2.x