#!/usr/bin/perl ############################################################################### # # # IPFire.org - A linux based firewall # # Copyright (C) 2013 Alexander Marx # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation, either version 3 of the License, or # # (at your option) any later version. # # # # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # # GNU General Public License for more details. # # # # You should have received a copy of the GNU General Public License # # along with this program. If not, see . # # # ############################################################################### use strict; # enable only the following on debugging purpose use warnings; use Sort::Naturally; use CGI::Carp 'fatalsToBrowser'; no warnings 'uninitialized'; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; my %fwhostsettings=(); my %customnetwork=(); my %customhost=(); my %customgrp=(); my %customservice=(); my %customservicegrp=(); my %ccdnet=(); my %ccdhost=(); my %ipsecconf=(); my %icmptypes=(); my %color=(); my %defaultNetworks=(); my %mainsettings=(); my %ownnet=(); my %ipsecsettings=(); my %fwfwd=(); my %fwinp=(); my %ovpnsettings=(); my $errormessage; my $hint; my $update=0; my $confignet = "${General::swroot}/fwhosts/customnetworks"; my $confighost = "${General::swroot}/fwhosts/customhosts"; my $configgrp = "${General::swroot}/fwhosts/customgroups"; my $configccdnet = "${General::swroot}/ovpn/ccd.conf"; my $configccdhost = "${General::swroot}/ovpn/ovpnconfig"; my $configipsec = "${General::swroot}/vpn/config"; my $configsrv = "${General::swroot}/fwhosts/customservices"; my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp"; my $fwconfigfwd = "${General::swroot}/firewall/config"; my $fwconfiginp = "${General::swroot}/firewall/input"; my $configovpn = "${General::swroot}/ovpn/settings"; my $tdcolor=''; my $configipsecrw = "${General::swroot}/vpn/settings"; unless (-e $confignet) { system("touch $confignet"); } unless (-e $confighost) { system("touch $confighost"); } unless (-e $configgrp) { system("touch $configgrp"); } unless (-e $configsrv) { system("touch $configsrv"); } unless (-e $configsrvgrp) { system("touch $configsrvgrp"); } &General::readhash("${General::swroot}/main/settings", \%mainsettings); &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); &General::readhash("${General::swroot}/ethernet/settings", \%ownnet); &General::readhash("$configovpn", \%ovpnsettings); &General::readhasharray("$configipsec", \%ipsecconf); &General::readhash("$configipsecrw", \%ipsecsettings); &Header::getcgihash(\%fwhostsettings); &Header::showhttpheaders(); &Header::openpage($Lang::tr{'fwhost hosts'}, 1, ''); &Header::openbigbox('100%', 'center'); #### JAVA SCRIPT #### print< var PROTOCOLS_WITH_PORTS = ["TCP", "UDP"]; var update_protocol = function() { var protocol = \$("#protocol").val(); if (protocol === undefined) return; // Check if we are dealing with a protocol, that knows ports. if (\$.inArray(protocol, PROTOCOLS_WITH_PORTS) >= 0) { \$("#PORT").show(); \$("#PROTOKOLL").hide(); } else { \$("#PORT").hide(); \$("#PROTOKOLL").show(); } }; \$(document).ready(function() { var protocol = \$("#protocol").val(); \$("#protocol").change(update_protocol); update_protocol(); }); END ## ACTION #### # Update if ($fwhostsettings{'ACTION'} eq 'updatenet' ) { &General::readhasharray("$confignet", \%customnetwork); foreach my $key (keys %customnetwork) { if($customnetwork{$key}[0] eq $fwhostsettings{'orgname'}) { $fwhostsettings{'orgname'} = $customnetwork{$key}[0]; $fwhostsettings{'orgip'} = $customnetwork{$key}[1]; $fwhostsettings{'orgsub'} = $customnetwork{$key}[2]; $fwhostsettings{'netremark'} = $customnetwork{$key}[3]; $fwhostsettings{'count'} = $customnetwork{$key}[4]; delete $customnetwork{$key}; } } &General::writehasharray("$confignet", \%customnetwork); $fwhostsettings{'actualize'} = 'on'; $fwhostsettings{'ACTION'} = 'savenet'; } if ($fwhostsettings{'ACTION'} eq 'updatehost') { my ($ip,$subnet); &General::readhasharray("$confighost", \%customhost); foreach my $key (keys %customhost) { if($customhost{$key}[0] eq $fwhostsettings{'orgname'}) { if ($customhost{$key}[1] eq 'ip'){ ($ip,$subnet) = split (/\//,$customhost{$key}[2]); }else{ $ip = $customhost{$key}[2]; } $fwhostsettings{'orgip'} = $ip; $fwhostsettings{'count'} = $customhost{$key}[4]; delete $customhost{$key}; &General::writehasharray("$confighost", \%customhost); } } $fwhostsettings{'actualize'} = 'on'; if($fwhostsettings{'orgip'}){ $fwhostsettings{'ACTION'} = 'savehost'; }else{ $fwhostsettings{'ACTION'} = $Lang::tr{'fwhost newhost'}; } } if ($fwhostsettings{'ACTION'} eq 'updateservice') { my $count=0; my $needrules=0; $errormessage=&checkports(\%customservice); if (!$errormessage){ &General::readhasharray("$configsrv", \%customservice); foreach my $key (keys %customservice) { if ($customservice{$key}[0] eq $fwhostsettings{'oldsrvname'}) { $count=$customservice{$key}[4]; delete $customservice{$key}; &General::writehasharray("$configsrv", \%customservice); last; } } if ($fwhostsettings{'PROT'} ne 'ICMP'){ $fwhostsettings{'ICMP_TYPES'}='BLANK'; } my $key1 = &General::findhasharraykey(\%customservice); #find out short ICMP-TYPE &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); foreach my $key (keys %icmptypes){ if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwhostsettings{'ICMP_TYPES'}){ $fwhostsettings{'ICMP_TYPES'}=$icmptypes{$key}[0]; } } foreach my $i (0 .. 4) { $customservice{$key1}[$i] = "";} $customservice{$key1}[0] = $fwhostsettings{'SRV_NAME'}; $customservice{$key1}[1] = $fwhostsettings{'SRV_PORT'}; $customservice{$key1}[2] = $fwhostsettings{'PROT'}; $customservice{$key1}[3] = $fwhostsettings{'ICMP_TYPES'}; $customservice{$key1}[4] = $count; &General::writehasharray("$configsrv", \%customservice); #check if we need to update firewallrules if ($fwhostsettings{'SRV_NAME'} ne $fwhostsettings{'oldsrvname'}){ if ( ! -z $fwconfigfwd ){ &General::readhasharray("$fwconfigfwd", \%fwfwd); foreach my $key (sort keys %fwfwd){ if ($fwfwd{$key}[15] eq $fwhostsettings{'oldsrvname'}){ $fwfwd{$key}[15] = $fwhostsettings{'SRV_NAME'}; } } &General::writehasharray("$fwconfigfwd", \%fwfwd); } if ( ! -z $fwconfiginp ){ &General::readhasharray("$fwconfiginp", \%fwinp); foreach my $line (sort keys %fwinp){ if ($fwfwd{$line}[15] eq $fwhostsettings{'oldsrvname'}){ $fwfwd{$line}[15] = $fwhostsettings{'SRV_NAME'}; } } &General::writehasharray("$fwconfiginp", \%fwinp); } #check if we need to update groups &General::readhasharray("$configsrvgrp", \%customservicegrp); foreach my $key (sort keys %customservicegrp){ if($customservicegrp{$key}[2] eq $fwhostsettings{'oldsrvname'}){ $customservicegrp{$key}[2] = $fwhostsettings{'SRV_NAME'}; } } &General::writehasharray("$configsrvgrp", \%customservicegrp); $needrules='on'; } if($count gt 0 && $fwhostsettings{'oldsrvport'} ne $fwhostsettings{'SRV_PORT'} ){ $needrules='on'; } if($count gt 0 && $fwhostsettings{'oldsrvprot'} ne $fwhostsettings{'PROT'} ){ $needrules='on'; } if($count gt 0 && $fwhostsettings{'oldsrvicmp'} ne $fwhostsettings{'ICMP'} ){ $needrules='on'; } $fwhostsettings{'SRV_NAME'} = ''; $fwhostsettings{'SRV_PORT'} = ''; $fwhostsettings{'PROT'} = ''; $fwhostsettings{'ICMP'} = ''; $fwhostsettings{'oldsrvicmp'} = ''; }else{ $fwhostsettings{'SRV_NAME'} = $fwhostsettings{'oldsrvname'}; $fwhostsettings{'SRV_PORT'} = $fwhostsettings{'oldsrvport'}; $fwhostsettings{'PROT'} = $fwhostsettings{'oldsrvprot'}; $fwhostsettings{'ICMP'} = $fwhostsettings{'oldsrvicmp'}; $fwhostsettings{'updatesrv'}= 'on'; } $fwhostsettings{'updatesrv'} = ''; if($needrules eq 'on'){ &General::firewall_config_changed(); } &addservice; } # save if ($fwhostsettings{'ACTION'} eq 'savenet' ) { my $count=0; my $needrules=0; if ($fwhostsettings{'orgname'} eq ''){$fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};} #check if all fields are set if ($fwhostsettings{'HOSTNAME'} eq '' || $fwhostsettings{'IP'} eq '' || $fwhostsettings{'SUBNET'} eq '') { $errormessage=$errormessage.$Lang::tr{'fwhost err empty'}; &addnet; &viewtablenet; }else{ #check valid ip if (!&General::validipandmask($fwhostsettings{'IP'}."/".$fwhostsettings{'SUBNET'})) { $errormessage=$errormessage.$Lang::tr{'fwhost err addr'}; $fwhostsettings{'BLK_HOST'} ='readonly'; $fwhostsettings{'NOCHECK'} ='false'; $fwhostsettings{'error'} ='on'; } #check remark if ($fwhostsettings{'NETREMARK'} ne '' && !&validremark($fwhostsettings{'NETREMARK'})){ $errormessage=$Lang::tr{'fwhost err remark'}; $fwhostsettings{'error'} ='on'; } #check if subnet is sigle host if(&General::iporsubtocidr($fwhostsettings{'SUBNET'}) eq '32') { $errormessage=$errormessage.$Lang::tr{'fwhost err sub32'}; } if($fwhostsettings{'error'} ne 'on'){ #check if we use one of ipfire's networks (green,orange,blue) if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'GREEN_NETADDRESS'},$ownnet{'GREEN_NETMASK'})) { $errormessage=$errormessage.$Lang::tr{'ccd err green'}."
"; $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'}; if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';} } if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'ORANGE_NETADDRESS'},$ownnet{'ORANGE_NETMASK'})) { $errormessage=$errormessage.$Lang::tr{'ccd err orange'}."
"; $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'}; if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';} } if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'BLUE_NETADDRESS'},$ownnet{'BLUE_NETMASK'})) { $errormessage=$errormessage.$Lang::tr{'ccd err blue'}."
"; $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'}; if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';} } if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'RED_NETADDRESS'},$ownnet{'RED_NETMASK'})) { $errormessage=$errormessage.$Lang::tr{'ccd err red'}."
"; $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'}; if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';} } } #only check plausi when no error till now if (!$errormessage){ &plausicheck("editnet"); } #check if network ip is part of an already used one if(&checksubnet(\%customnetwork)) { $errormessage=$errormessage.$Lang::tr{'fwhost err partofnet'}; $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'}; } if($fwhostsettings{'actualize'} eq 'on' && $fwhostsettings{'newnet'} ne 'on' && $errormessage) { $fwhostsettings{'actualize'} = ''; my $key = &General::findhasharraykey (\%customnetwork); foreach my $i (0 .. 3) { $customnetwork{$key}[$i] = "";} $customnetwork{$key}[0] = $fwhostsettings{'orgname'} ; $customnetwork{$key}[1] = $fwhostsettings{'orgip'} ; $customnetwork{$key}[2] = $fwhostsettings{'orgsub'}; $customnetwork{$key}[3] = $fwhostsettings{'orgnetremark'}; $customnetwork{$key}[4] = $fwhostsettings{'count'}; &General::writehasharray("$confignet", \%customnetwork); undef %customnetwork; } if (!$errormessage){ &General::readhasharray("$confignet", \%customnetwork); if ($fwhostsettings{'ACTION'} eq 'updatenet'){ if ($fwhostsettings{'update'} == '0'){ foreach my $key (keys %customnetwork) { if($customnetwork{$key}[0] eq $fwhostsettings{'orgname'}){ $count=$customnetwork{$key}[4]; delete $customnetwork{$key}; last; } } } } #get count if actualize is 'on' if($fwhostsettings{'actualize'} eq 'on'){ $fwhostsettings{'actualize'} = ''; $count=$fwhostsettings{'count'}; #check if we need to reload rules if($fwhostsettings{'orgip'} ne $fwhostsettings{'IP'} && $count gt '0'){ $needrules='on'; } if ($fwhostsettings{'orgname'} ne $fwhostsettings{'HOSTNAME'}){ #check if we need to update groups &General::readhasharray("$configgrp", \%customgrp); foreach my $key (sort keys %customgrp){ if($customgrp{$key}[2] eq $fwhostsettings{'orgname'}){ $customgrp{$key}[2]=$fwhostsettings{'HOSTNAME'}; last; } } &General::writehasharray("$configgrp", \%customgrp); #check if we need to update firewallrules if ( ! -z $fwconfigfwd ){ &General::readhasharray("$fwconfigfwd", \%fwfwd); foreach my $line (sort keys %fwfwd){ if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){ $fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'}; } if ($fwfwd{$line}[6] eq $fwhostsettings{'orgname'}){ $fwfwd{$line}[6] = $fwhostsettings{'HOSTNAME'}; } } &General::writehasharray("$fwconfigfwd", \%fwfwd); } if ( ! -z $fwconfiginp ){ &General::readhasharray("$fwconfiginp", \%fwinp); foreach my $line (sort keys %fwinp){ if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){ $fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'}; } } &General::writehasharray("$fwconfiginp", \%fwinp); } } } my $key = &General::findhasharraykey (\%customnetwork); foreach my $i (0 .. 4) { $customnetwork{$key}[$i] = "";} $fwhostsettings{'SUBNET'} = &General::iporsubtocidr($fwhostsettings{'SUBNET'}); $customnetwork{$key}[0] = $fwhostsettings{'HOSTNAME'}; #convert ip when leading '0' in byte $fwhostsettings{'IP'} =&General::ip2dec($fwhostsettings{'IP'}); $fwhostsettings{'IP'} =&General::dec2ip($fwhostsettings{'IP'}); $customnetwork{$key}[1] = &General::getnetworkip($fwhostsettings{'IP'},$fwhostsettings{'SUBNET'}) ; $customnetwork{$key}[2] = &General::iporsubtodec($fwhostsettings{'SUBNET'}) ; if($fwhostsettings{'newnet'} eq 'on'){$count=0;} $customnetwork{$key}[3] = $fwhostsettings{'NETREMARK'}; $customnetwork{$key}[4] = $count; &General::writehasharray("$confignet", \%customnetwork); $fwhostsettings{'IP'}=$fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'}); undef %customnetwork; $fwhostsettings{'HOSTNAME'}=''; $fwhostsettings{'IP'}=''; $fwhostsettings{'SUBNET'}=''; $fwhostsettings{'NETREMARK'}=''; #check if an edited net affected groups and need to reload rules if ($needrules eq 'on'){ &General::firewall_config_changed(); } &addnet; &viewtablenet; }else { &addnet; &viewtablenet; } } } if ($fwhostsettings{'ACTION'} eq 'savehost') { my $count=0; my $needrules=0; if ($fwhostsettings{'orgname'} eq ''){$fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};} $fwhostsettings{'SUBNET'}='32'; #check if all fields are set if ($fwhostsettings{'HOSTNAME'} eq '' || $fwhostsettings{'IP'} eq '' || $fwhostsettings{'SUBNET'} eq '') { $errormessage=$errormessage.$Lang::tr{'fwhost err empty'}; $fwhostsettings{'ACTION'} = 'edithost'; }else{ if($fwhostsettings{'IP'}=~/^([0-9a-fA-F]{1,2}:){5}[0-9a-fA-F]{1,2}$/){ $fwhostsettings{'type'} = 'mac'; }elsif($fwhostsettings{'IP'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){ $fwhostsettings{'type'} = 'ip'; }else{ $fwhostsettings{'type'} = ''; $errormessage=$Lang::tr{'fwhost err ipmac'}; } #check remark if ($fwhostsettings{'HOSTREMARK'} ne '' && !&validremark($fwhostsettings{'HOSTREMARK'})){ $errormessage=$Lang::tr{'fwhost err remark'}; } #CHECK IP-PART if ($fwhostsettings{'type'} eq 'ip'){ #check for subnet if (rindex($fwhostsettings{'IP'},'/') eq '-1' ){ if($fwhostsettings{'type'} eq 'ip' && !&General::validipandmask($fwhostsettings{'IP'}."/32")) { $errormessage.=$errormessage.$Lang::tr{'fwhost err ip'}; $fwhostsettings{'error'}='on'; } }elsif(rindex($fwhostsettings{'IP'},'/') ne '-1' ){ $errormessage=$errormessage.$Lang::tr{'fwhost err ipwithsub'}; $fwhostsettings{'error'}='on'; } #check if net or broadcast my @tmp= split (/\./,$fwhostsettings{'IP'}); if (($tmp[3] eq "0") || ($tmp[3] eq "255")){ $errormessage=$Lang::tr{'fwhost err hostip'}; } } #only check plausi when no error till now if (!$errormessage){ &plausicheck("edithost"); } if($fwhostsettings{'actualize'} eq 'on' && $fwhostsettings{'newhost'} ne 'on' && $errormessage){ $fwhostsettings{'actualize'} = ''; my $key = &General::findhasharraykey (\%customhost); foreach my $i (0 .. 4) { $customhost{$key}[$i] = "";} $customhost{$key}[0] = $fwhostsettings{'orgname'} ; $customhost{$key}[1] = $fwhostsettings{'type'} ; if($customhost{$key}[1] eq 'ip'){ $customhost{$key}[2] = $fwhostsettings{'orgip'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'}); }else{ $customhost{$key}[2] = $fwhostsettings{'orgip'}; } $customhost{$key}[3] = $fwhostsettings{'orgremark'}; $customhost{$key}[4] = $fwhostsettings{'count'}; &General::writehasharray("$confighost", \%customhost); undef %customhost; } if (!$errormessage){ #get count if host was edited if($fwhostsettings{'actualize'} eq 'on'){ $count=$fwhostsettings{'count'}; if($fwhostsettings{'orgip'} ne $fwhostsettings{'IP'} && $count gt '0' ){ $needrules='on'; } if($fwhostsettings{'orgname'} ne $fwhostsettings{'HOSTNAME'}){ #check if we need to update groups &General::readhasharray("$configgrp", \%customgrp); foreach my $key (sort keys %customgrp){ if($customgrp{$key}[2] eq $fwhostsettings{'orgname'}){ $customgrp{$key}[2]=$fwhostsettings{'HOSTNAME'}; } } &General::writehasharray("$configgrp", \%customgrp); #check if we need to update firewallrules if ( ! -z $fwconfigfwd ){ &General::readhasharray("$fwconfigfwd", \%fwfwd); foreach my $line (sort keys %fwfwd){ if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){ $fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'}; } if ($fwfwd{$line}[6] eq $fwhostsettings{'orgname'}){ $fwfwd{$line}[6] = $fwhostsettings{'HOSTNAME'}; } } &General::writehasharray("$fwconfigfwd", \%fwfwd); } if ( ! -z $fwconfiginp ){ &General::readhasharray("$fwconfiginp", \%fwinp); foreach my $line (sort keys %fwinp){ if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){ $fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'}; } } &General::writehasharray("$fwconfiginp", \%fwinp); } } } my $key = &General::findhasharraykey (\%customhost); foreach my $i (0 .. 4) { $customhost{$key}[$i] = "";} $customhost{$key}[0] = $fwhostsettings{'HOSTNAME'} ; $customhost{$key}[1] = $fwhostsettings{'type'} ; if ($fwhostsettings{'type'} eq 'ip'){ #convert ip when leading '0' in byte $fwhostsettings{'IP'}=&General::ip2dec($fwhostsettings{'IP'}); $fwhostsettings{'IP'}=&General::dec2ip($fwhostsettings{'IP'}); $customhost{$key}[2] = $fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'}); }else{ $customhost{$key}[2] = $fwhostsettings{'IP'}; } if($fwhostsettings{'newhost'} eq 'on'){$count=0;} $customhost{$key}[3] = $fwhostsettings{'HOSTREMARK'}; $customhost{$key}[4] =$count; &General::writehasharray("$confighost", \%customhost); undef %customhost; $fwhostsettings{'HOSTNAME'}=''; $fwhostsettings{'IP'}=''; $fwhostsettings{'type'}=''; $fwhostsettings{'HOSTREMARK'}=''; #check if we need to update rules while host was edited if($needrules eq 'on'){ &General::firewall_config_changed(); } &addhost; &viewtablehost; }else{ &addhost; &viewtablehost; } } } if ($fwhostsettings{'ACTION'} eq 'savegrp') { my $grp=$fwhostsettings{'grp_name'};; my $rem=$fwhostsettings{'remark'}; my $count; my $type; my $updcounter='off'; my @target; my @newgrp; &General::readhasharray("$configgrp", \%customgrp); &General::readhasharray("$confignet", \%customnetwork); &General::readhasharray("$confighost", \%customhost); #check name if (!&validhostname($grp)){$errormessage.=$Lang::tr{'fwhost err name'};} #check existing name if (!checkgroup(\%customgrp,$grp) && $fwhostsettings{'update'} ne 'on'){$errormessage.=$Lang::tr{'fwhost err grpexist'};} #check remark if ($rem ne '' && !&validremark($rem) && $fwhostsettings{'update'} ne 'on'){ $errormessage.=$Lang::tr{'fwhost err remark'}; } if ($fwhostsettings{'update'} eq 'on'){ #check standard networks if ($fwhostsettings{'grp2'} eq 'std_net'){ @target=$fwhostsettings{'DEFAULT_SRC_ADR'}; $type='Standard Network'; } #check custom networks if ($fwhostsettings{'grp2'} eq 'cust_net' && $fwhostsettings{'CUST_SRC_NET'} ne ''){ @target=$fwhostsettings{'CUST_SRC_NET'}; $updcounter='net'; $type='Custom Network'; }elsif($fwhostsettings{'grp2'} eq 'cust_net' && $fwhostsettings{'CUST_SRC_NET'} eq ''){ $errormessage=$Lang::tr{'fwhost err groupempty'}."
"; $fwhostsettings{'grp_name'}=''; $fwhostsettings{'remark'}=''; } #check custom addresses if ($fwhostsettings{'grp2'} eq 'cust_host' && $fwhostsettings{'CUST_SRC_HOST'} ne ''){ @target=$fwhostsettings{'CUST_SRC_HOST'}; $updcounter='host'; $type='Custom Host'; }elsif($fwhostsettings{'grp2'} eq 'cust_host' && $fwhostsettings{'CUST_SRC_HOST'} eq ''){ $errormessage=$Lang::tr{'fwhost err groupempty'}."
"; $fwhostsettings{'grp_name'}=''; $fwhostsettings{'remark'}=''; } #get address from ovpn ccd static net if ($fwhostsettings{'grp2'} eq 'ovpn_net' && $fwhostsettings{'OVPN_CCD_NET'} ne ''){ @target=$fwhostsettings{'OVPN_CCD_NET'}; $type='OpenVPN static network'; }elsif($fwhostsettings{'grp2'} eq 'ovpn_net' && $fwhostsettings{'OVPN_CCD_NET'} eq ''){ $errormessage=$Lang::tr{'fwhost err groupempty'}; $fwhostsettings{'grp_name'}=''; $fwhostsettings{'remark'}=''; } #get address from ovpn ccd static host if ($fwhostsettings{'grp2'} eq 'ovpn_host' && $fwhostsettings{'OVPN_CCD_HOST'} ne ''){ @target=$fwhostsettings{'OVPN_CCD_HOST'}; $type='OpenVPN static host'; }elsif ($fwhostsettings{'grp2'} eq 'ovpn_host' && $fwhostsettings{'OVPN_CCD_HOST'} eq ''){ $errormessage=$Lang::tr{'fwhost err groupempty'}; } #get address from ovpn ccd Net-2-Net if ($fwhostsettings{'grp2'} eq 'ovpn_n2n' && $fwhostsettings{'OVPN_N2N'} ne ''){ @target=$fwhostsettings{'OVPN_N2N'}; $type='OpenVPN N-2-N'; }elsif ($fwhostsettings{'grp2'} eq 'ovpn_n2n' && $fwhostsettings{'OVPN_N2N'} eq ''){ $errormessage=$Lang::tr{'fwhost err groupempty'}; $fwhostsettings{'grp_name'}=''; $fwhostsettings{'remark'}=''; } #get address from IPSEC HOST if ($fwhostsettings{'grp2'} eq 'ipsec_host' && $fwhostsettings{'IPSEC_HOST'} ne ''){ @target=$fwhostsettings{'IPSEC_HOST'}; $type='IpSec Host'; }elsif ($fwhostsettings{'grp2'} eq 'ipsec_host' && $fwhostsettings{'IPSEC_HOST'} eq ''){ $errormessage=$Lang::tr{'fwhost err groupempty'}; $fwhostsettings{'grp_name'}=''; $fwhostsettings{'remark'}=''; } #get address from IPSEC NETWORK if ($fwhostsettings{'grp2'} eq 'ipsec_net' && $fwhostsettings{'IPSEC_NET'} ne ''){ @target=$fwhostsettings{'IPSEC_NET'}; $type='IpSec Network'; }elsif ($fwhostsettings{'grp2'} eq 'ipsec_net' && $fwhostsettings{'IPSEC_NET'} eq ''){ $errormessage=$Lang::tr{'fwhost err groupempty'}; $fwhostsettings{'grp_name'}=''; $fwhostsettings{'remark'}=''; } #check if host/net exists in grp my $test="$grp,$fwhostsettings{'oldremark'},@target"; foreach my $key (keys %customgrp) { my $test1="$customgrp{$key}[0],$customgrp{$key}[1],$customgrp{$key}[2]"; if ($test1 eq $test){ $errormessage=$Lang::tr{'fwhost err isingrp'}; $fwhostsettings{'update'} = 'on'; } } } if (!$errormessage){ #on first save, we have an empty @target, so fill it with nothing my $targetvalues=@target; if ($targetvalues == '0'){ @target="none"; } #on update, we have to delete the dummy entry foreach my $key (keys %customgrp){ if ($customgrp{$key}[0] eq $grp && $customgrp{$key}[2] eq "none"){ delete $customgrp{$key}; last; } } &General::writehasharray("$configgrp", \%customgrp); &General::readhasharray("$configgrp", \%customgrp); #get count used foreach my $key (keys %customgrp) { if($customgrp{$key}[0] eq $grp) { $count=$customgrp{$key}[4]; last; } } if ($count eq '' ){$count='0';} #create array with new lines foreach my $line (@target){ push (@newgrp,"$grp,$rem,$line"); } #append new entries my $key = &General::findhasharraykey (\%customgrp); foreach my $line (@newgrp){ foreach my $i (0 .. 4) { $customgrp{$key}[$i] = "";} my ($a,$b,$c,$d) = split (",",$line); $customgrp{$key}[0] = $a; $customgrp{$key}[1] = $b; $customgrp{$key}[2] = $c; $customgrp{$key}[3] = $type; $customgrp{$key}[4] = $count; } &General::writehasharray("$configgrp", \%customgrp); #update counter in Host/Net if($updcounter eq 'net'){ foreach my $key (keys %customnetwork) { if($customnetwork{$key}[0] eq $fwhostsettings{'CUST_SRC_NET'}){ $customnetwork{$key}[4] = $customnetwork{$key}[4]+1; last; } } &General::writehasharray("$confignet", \%customnetwork); }elsif($updcounter eq 'host'){ foreach my $key (keys %customhost) { if ($customhost{$key}[0] eq $fwhostsettings{'CUST_SRC_HOST'}){ $customhost{$key}[4]=$customhost{$key}[4]+1; } } &General::writehasharray("$confighost", \%customhost); } $fwhostsettings{'update'}='on'; } #check if ruleupdate is needed if($count > 0 ) { &General::firewall_config_changed(); } &addgrp; &viewtablegrp; } if ($fwhostsettings{'ACTION'} eq 'saveservice') { my $ICMP; &General::readhasharray("$configsrv", \%customservice ); $errormessage=&checkports(\%customservice); if ($fwhostsettings{'PROT'} eq 'ICMP'){ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); foreach my $key (keys %icmptypes){ if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwhostsettings{'ICMP_TYPES'}){ $ICMP=$icmptypes{$key}[0]; } } } if($ICMP eq ''){$ICMP=$fwhostsettings{'ICMP_TYPES'};} if ($fwhostsettings{'PROT'} ne 'ICMP'){$ICMP='';} if (!$errormessage){ my $key = &General::findhasharraykey (\%customservice); foreach my $i (0 .. 4) { $customservice{$key}[$i] = "";} $customservice{$key}[0] = $fwhostsettings{'SRV_NAME'}; $customservice{$key}[1] = $fwhostsettings{'SRV_PORT'}; $customservice{$key}[2] = $fwhostsettings{'PROT'}; $customservice{$key}[3] = $ICMP; $customservice{$key}[4] = 0; &General::writehasharray("$configsrv", \%customservice ); #reset fields $fwhostsettings{'SRV_NAME'}=''; $fwhostsettings{'SRV_PORT'}=''; $fwhostsettings{'PROT'}=''; $fwhostsettings{'ICMP_TYPES'}=''; } &addservice; } if ($fwhostsettings{'ACTION'} eq 'saveservicegrp') { my $prot; my $port; my $count=0; my $tcpcounter=0; my $udpcounter=0; &General::readhasharray("$configsrvgrp", \%customservicegrp ); &General::readhasharray("$configsrv", \%customservice ); $errormessage=&checkservicegroup; #Check if we have more than 13 services from one Protocol in the group #iptables can only handle 13 ports/portranges via multiport foreach my $key (keys %customservicegrp){ if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'}){ foreach my $key1 (keys %customservice){ $tcpcounter++ if $customservice{$key1}[2] eq 'TCP' && $customservicegrp{$key}[2] eq $customservice{$key1}[0]; $tcpcounter++ if $customservice{$key1}[2] eq 'TCP' && $customservicegrp{$key}[2] eq $customservice{$key1}[0] && $customservice{$key1}[1] =~m/:/i; $udpcounter++ if $customservice{$key1}[2] eq 'UDP' && $customservicegrp{$key}[2] eq $customservice{$key1}[0]; $udpcounter++ if $customservice{$key1}[2] eq 'UDP' && $customservicegrp{$key}[2] eq $customservice{$key1}[0] && $customservice{$key1}[1] =~m/:/i; } } } if ($tcpcounter > 15){ $errormessage=$Lang::tr{'fwhost err maxservicetcp'}; } if ($udpcounter > 15){ $errormessage=$Lang::tr{'fwhost err maxserviceudp'}; } $tcpcounter=0; $udpcounter=0; #check remark if ($fwhostsettings{'SRVGRP_REMARK'} ne '' && !&validremark($fwhostsettings{'SRVGRP_REMARK'})){ $errormessage .= $Lang::tr{'fwhost err remark'}; } if (!$errormessage){ #on first save, we have to enter a dummy value if ($fwhostsettings{'CUST_SRV'} eq ''){ $fwhostsettings{'CUST_SRV'}='none'; } #on update, we have to delete the dummy entry foreach my $key (keys %customservicegrp){ if ($customservicegrp{$key}[2] eq 'none'){ delete $customservicegrp{$key}; last; } } &General::writehasharray("$configsrvgrp", \%customservicegrp ); #check if remark has also changed if ($fwhostsettings{'SRVGRP_REMARK'} ne $fwhostsettings{'oldsrvgrpremark'} && $fwhostsettings{'updatesrvgrp'} eq 'on') { foreach my $key (keys %customservicegrp) { if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'} && $customservicegrp{$key}[1] eq $fwhostsettings{'oldsrvgrpremark'}) { $customservicegrp{$key}[1]=''; $customservicegrp{$key}[1]=$fwhostsettings{'SRVGRP_REMARK'}; } } } #get count used foreach my $key (keys %customservicegrp) { if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'}) { $count=$customservicegrp{$key}[3]; last; } } if ($count eq '' ){$count='0';} foreach my $key (sort keys %customservice){ if($customservice{$key}[0] eq $fwhostsettings{'CUST_SRV'}){ $port=$customservice{$key}[1]; $prot=$customservice{$key}[2]; $customservice{$key}[4]++; } } &General::writehasharray("$configsrv", \%customservice ); my $key = &General::findhasharraykey (\%customservicegrp); foreach my $i (0 .. 3) { $customservice{$key}[$i] = "";} $customservicegrp{$key}[0] = $fwhostsettings{'SRVGRP_NAME'}; $customservicegrp{$key}[1] = $fwhostsettings{'SRVGRP_REMARK'}; $customservicegrp{$key}[2] = $fwhostsettings{'CUST_SRV'}; $customservicegrp{$key}[3] = $count; &General::writehasharray("$configsrvgrp", \%customservicegrp ); $fwhostsettings{'updatesrvgrp'}='on'; } if ($count gt 0){ &General::firewall_config_changed(); } &addservicegrp; &viewtableservicegrp; } # edit if ($fwhostsettings{'ACTION'} eq 'editnet') { &addnet; &viewtablenet; } if ($fwhostsettings{'ACTION'} eq 'edithost') { &addhost; &viewtablehost; } if ($fwhostsettings{'ACTION'} eq 'editgrp') { $fwhostsettings{'update'}='on'; &addgrp; &viewtablegrp; } if ($fwhostsettings{'ACTION'} eq 'editservice') { $fwhostsettings{'updatesrv'}='on'; &addservice; } if ($fwhostsettings{'ACTION'} eq 'editservicegrp') { $fwhostsettings{'updatesrvgrp'} = 'on'; &addservicegrp; &viewtableservicegrp; } # reset if ($fwhostsettings{'ACTION'} eq 'resetnet') { $fwhostsettings{'HOSTNAME'} =""; $fwhostsettings{'IP'} =""; $fwhostsettings{'SUBNET'} =""; &showmenu; } if ($fwhostsettings{'ACTION'} eq 'resethost') { $fwhostsettings{'HOSTNAME'} =""; $fwhostsettings{'IP'} =""; $fwhostsettings{'type'} =""; &showmenu; } if ($fwhostsettings{'ACTION'} eq 'resetgrp') { $fwhostsettings{'grp_name'} =""; $fwhostsettings{'remark'} =""; &showmenu; } # delete if ($fwhostsettings{'ACTION'} eq 'delnet') { &General::readhasharray("$confignet", \%customnetwork); foreach my $key (keys %customnetwork) { if($fwhostsettings{'key'} eq $customnetwork{$key}[0]){ delete $customnetwork{$key}; &General::writehasharray("$confignet", \%customnetwork); last; } } &addnet; &viewtablenet; } if ($fwhostsettings{'ACTION'} eq 'delhost') { &General::readhasharray("$confighost", \%customhost); foreach my $key (keys %customhost) { if($fwhostsettings{'key'} eq $customhost{$key}[0]){ delete $customhost{$key}; &General::writehasharray("$confighost", \%customhost); last; } } &addhost; &viewtablehost; } if ($fwhostsettings{'ACTION'} eq 'deletegrphost') { my $grpremark; my $grpname; &General::readhasharray("$configgrp", \%customgrp); foreach my $key (keys %customgrp){ if($customgrp{$key}[0].",".$customgrp{$key}[1].",".$customgrp{$key}[2].",".$customgrp{$key}[3] eq $fwhostsettings{'delhost'}){ #decrease count from source host/net if ($customgrp{$key}[3] eq 'Custom Network'){ &General::readhasharray("$confignet", \%customnetwork); foreach my $key1 (keys %customnetwork){ if ($customnetwork{$key1}[0] eq $customgrp{$key}[2]){ $customnetwork{$key1}[4] = $customnetwork{$key1}[4]-1; last; } } &General::writehasharray("$confignet", \%customnetwork); } if ($customgrp{$key}[3] eq 'Custom Host'){ &General::readhasharray("$confighost", \%customhost); foreach my $key1 (keys %customhost){ if ($customhost{$key1}[0] eq $customgrp{$key}[2]){ $customhost{$key1}[4] = $customhost{$key1}[4]-1; last; } } &General::writehasharray("$confighost", \%customhost); } $grpname=$customgrp{$key}[0]; $grpremark=$customgrp{$key}[1]; delete $customgrp{$key}; } } &General::writehasharray("$configgrp", \%customgrp); if ($fwhostsettings{'grpcnt'} > 0){ &General::firewall_config_changed(); } if ($fwhostsettings{'update'} eq 'on'){ $fwhostsettings{'remark'}= $grpremark; $fwhostsettings{'grp_name'}=$grpname; } &addgrp; &viewtablegrp; } if ($fwhostsettings{'ACTION'} eq 'delgrp') { &General::readhasharray("$configgrp", \%customgrp); &decrease($fwhostsettings{'grp_name'}); foreach my $key (sort keys %customgrp) { if($customgrp{$key}[0] eq $fwhostsettings{'grp_name'}) { delete $customgrp{$key}; } } &General::writehasharray("$configgrp", \%customgrp); $fwhostsettings{'grp_name'}=''; &addgrp; &viewtablegrp; } if ($fwhostsettings{'ACTION'} eq 'delservice') { &General::readhasharray("$configsrv", \%customservice); foreach my $key (keys %customservice) { if($customservice{$key}[0] eq $fwhostsettings{'SRV_NAME'}){ #&deletefromgrp($customhost{$key}[0],$configgrp); delete $customservice{$key}; &General::writehasharray("$configsrv", \%customservice); last; } } $fwhostsettings{'SRV_NAME'}=''; $fwhostsettings{'SRV_PORT'}=''; $fwhostsettings{'PROT'}=''; &addservice; } if ($fwhostsettings{'ACTION'} eq 'delservicegrp') { &General::readhasharray("$configsrvgrp", \%customservicegrp); &decreaseservice($fwhostsettings{'SRVGRP_NAME'}); foreach my $key (sort keys %customservicegrp) { if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'}) { delete $customservicegrp{$key}; } } &General::writehasharray("$configsrvgrp", \%customservicegrp); $fwhostsettings{'SRVGRP_NAME'}=''; &addservicegrp; &viewtableservicegrp; } if ($fwhostsettings{'ACTION'} eq 'delgrpservice') { my $grpname; my $grpremark; &General::readhasharray("$configsrvgrp", \%customservicegrp); &General::readhasharray("$configsrv", \%customservice); foreach my $key (keys %customservicegrp){ if($customservicegrp{$key}[0].",".$customservicegrp{$key}[1].",".$customservicegrp{$key}[2].",".$customservicegrp{$key}[3] eq $fwhostsettings{'delsrvfromgrp'}) { #decrease count from source service foreach my $key1 (sort keys %customservice){ if($customservice{$key1}[0] eq $customservicegrp{$key}[2]){ $customservice{$key1}[4]--; last; } } &General::writehasharray("$configsrv", \%customservice); $grpname=$customservicegrp{$key}[0]; $grpremark=$customservicegrp{$key}[1]; delete $customservicegrp{$key}; } } &General::writehasharray("$configsrvgrp", \%customservicegrp); &General::firewall_config_changed(); if ($fwhostsettings{'updatesrvgrp'} eq 'on'){ $fwhostsettings{'SRVGRP_NAME'}=$grpname; $fwhostsettings{'SRVGRP_REMARK'}=$grpremark; } &addservicegrp; &viewtableservicegrp; } if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newnet'}) { &addnet; &viewtablenet; } if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newhost'}) { &addhost; &viewtablehost; } if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newgrp'}) { &addgrp; &viewtablegrp; } if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newservice'}) { &addservice; } if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newservicegrp'}) { &addservicegrp; &viewtableservicegrp; } if ($fwhostsettings{'ACTION'} eq 'changegrpremark') { &General::readhasharray("$configgrp", \%customgrp); if ($fwhostsettings{'oldrem'} ne $fwhostsettings{'newrem'} && (&validremark($fwhostsettings{'newrem'}) || $fwhostsettings{'newrem'} eq '')){ foreach my $key (sort keys %customgrp) { if($customgrp{$key}[0] eq $fwhostsettings{'grp'} && $customgrp{$key}[1] eq $fwhostsettings{'oldrem'}) { $customgrp{$key}[1]=''; $customgrp{$key}[1]=$fwhostsettings{'newrem'}; } } &General::writehasharray("$configgrp", \%customgrp); $fwhostsettings{'update'}='on'; $fwhostsettings{'remark'}=$fwhostsettings{'newrem'}; }else{ $errormessage=$Lang::tr{'fwhost err remark'}; $fwhostsettings{'remark'}=$fwhostsettings{'oldrem'}; $fwhostsettings{'grp_name'}=$fwhostsettings{'grp'}; $fwhostsettings{'update'} = 'on'; } $fwhostsettings{'grp_name'}=$fwhostsettings{'grp'}; &addgrp; &viewtablegrp; } if ($fwhostsettings{'ACTION'} eq 'changesrvgrpremark') { &General::readhasharray("$configsrvgrp", \%customservicegrp ); if ($fwhostsettings{'oldsrvrem'} ne $fwhostsettings{'newsrvrem'} && (&validremark($fwhostsettings{'newsrvrem'}) || $fwhostsettings{'newsrvrem'} eq '')){ foreach my $key (sort keys %customservicegrp) { if($customservicegrp{$key}[0] eq $fwhostsettings{'srvgrp'} && $customservicegrp{$key}[1] eq $fwhostsettings{'oldsrvrem'}) { $customservicegrp{$key}[1]=''; $customservicegrp{$key}[1]=$fwhostsettings{'newsrvrem'}; } } &General::writehasharray("$configsrvgrp", \%customservicegrp); $fwhostsettings{'updatesrvgrp'}='on'; $fwhostsettings{'SRVGRP_REMARK'}=$fwhostsettings{'newsrvrem'}; }else{ $errormessage=$Lang::tr{'fwhost err remark'}; $fwhostsettings{'SRVGRP_REMARK'}=$fwhostsettings{'oldsrvrem'}; $fwhostsettings{'SRVGRP_NAME'}=$fwhostsettings{'srvgrp'}; $fwhostsettings{'updatesrvgrp'} = 'on'; } $fwhostsettings{'SRVGRP_NAME'}=$fwhostsettings{'srvgrp'}; &addservicegrp; &viewtableservicegrp; } ### VIEW ### if($fwhostsettings{'ACTION'} eq '') { &showmenu; } ### FUNCTIONS ### sub showmenu { &Header::openbox('100%', 'left',$Lang::tr{'fwhost menu'}); print "$Lang::tr{'fwhost welcome'}"; print<
END &Header::closebox(); } # Add sub addnet { &error; &showmenu; &Header::openbox('100%', 'left', $Lang::tr{'fwhost addnet'}); $fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'}; $fwhostsettings{'orgnetremark'}=$fwhostsettings{'NETREMARK'}; print< $Lang::tr{'name'}:
$Lang::tr{'fwhost netaddress'}: $Lang::tr{'netmask'}: $Lang::tr{'remark'}:
END if ($fwhostsettings{'ACTION'} eq 'editnet' || $fwhostsettings{'error'} eq 'on') { print ""; }else{ print ""; } print "
"; &Header::closebox(); } sub addhost { &error; &showmenu; &Header::openbox('100%', 'left', $Lang::tr{'fwhost addhost'}); $fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'}; $fwhostsettings{'orgremark'}=$fwhostsettings{'HOSTREMARK'}; print< $Lang::tr{'name'}:
IP/MAC: $Lang::tr{'remark'}:
END if ($fwhostsettings{'ACTION'} eq 'edithost' || $fwhostsettings{'error'} eq 'on') { print "
"; }else{ print " "; } print "
"; &Header::closebox(); } sub addgrp { &hint; &error; &showmenu; &Header::openbox('100%', 'left', $Lang::tr{'fwhost addgrp'}); &General::setup_default_networks(\%defaultNetworks); &General::readhasharray("$configccdnet", \%ccdnet); &General::readhasharray("$confignet", \%customnetwork); &General::readhasharray("$configccdhost", \%ccdhost); &General::readhasharray("$confighost", \%customhost); &General::readhasharray("$configipsec", \%ipsecconf); my %checked=(); my $show=''; $checked{'check1'}{'off'} = ''; $checked{'check1'}{'on'} = ''; $checked{'grp2'}{$fwhostsettings{'grp2'}} = 'CHECKED'; $fwhostsettings{'oldremark'}=$fwhostsettings{'remark'}; my $grp=$fwhostsettings{'grp_name'}; my $rem=$fwhostsettings{'remark'}; if ($fwhostsettings{'update'} eq ''){ print< $Lang::tr{'fwhost addgrpname'}
$Lang::tr{'remark'}:
END }else{ print< $Lang::tr{'fwhost addgrpname'} $Lang::tr{'remark'}:
END } if ($fwhostsettings{'update'} eq 'on'){ print<
"; if (! -z $confignet){ print""; } if (! -z $confighost){ print""; } print"
$Lang::tr{'fwhost stdnet'}
$Lang::tr{'fwhost cust net'}
$Lang::tr{'fwhost cust addr'}
"; #Inner table right print"		"; #OVPN networks if (! -z $configccdnet){ print""; } #OVPN clients foreach my $key (sort { ncmp($ccdhost{$a}[0],$ccdhost{$b}[0]) } keys %ccdhost) { if ($ccdhost{$key}[33] ne ''){ print"";} #OVPN n2n networks foreach my $key (sort { ncmp($ccdhost{$a}[1],$ccdhost{$b}[1]) } keys %ccdhost) { if($ccdhost{$key}[3] eq 'net'){ print"";} #IPsec networks foreach my $key (sort { ncmp($ipsecconf{$a}[0],$ipsecconf{$b}[0]) } keys %ipsecconf) { if ($ipsecconf{$key}[3] eq 'net'){ print"";} print"
$Lang::tr{'fwhost ccdnet'}
$Lang::tr{'fwhost ccdhost'}
$Lang::tr{'fwhost ovpn_n2n'}
$Lang::tr{'fwhost ipsec net'}
"; print"
"; print"

"; } print""; print"
"; &Header::closebox(); } sub addservice { &error; &showmenu; &Header::openbox('100%', 'left', $Lang::tr{'fwhost addservice'}); if ($fwhostsettings{'updatesrv'} eq 'on') { $fwhostsettings{'oldsrvname'} = $fwhostsettings{'SRV_NAME'}; $fwhostsettings{'oldsrvport'} = $fwhostsettings{'SRV_PORT'}; $fwhostsettings{'oldsrvprot'} = $fwhostsettings{'PROT'}; $fwhostsettings{'oldsrvicmp'} = $fwhostsettings{'ICMP'}; } print<
$Lang::tr{'fwhost srv_name'}: $Lang::tr{'fwhost prot'}: END &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); print""; foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){ if ($icmptypes{$key}[0] eq $fwhostsettings{'oldsrvicmp'}){ print""; }else{ print""; } } print<
$Lang::tr{'fwhost port'}:

END if ($fwhostsettings{'updatesrv'} eq 'on') { print< END }else{ print""; } print<
END &Header::closebox(); &viewtableservice; } sub addservicegrp { &hint; &error; &showmenu; &Header::openbox('100%', 'left', $Lang::tr{'fwhost addservicegrp'}); $fwhostsettings{'oldsrvgrpremark'}=$fwhostsettings{'SRVGRP_REMARK'}; if ($fwhostsettings{'updatesrvgrp'} eq ''){ print<
$Lang::tr{'fwhost addgrpname'} $Lang::tr{'remark'}:
END }else{ print< $Lang::tr{'fwhost addgrpname'} $Lang::tr{'remark'}:
END } if($fwhostsettings{'updatesrvgrp'} eq 'on'){ print<
$Lang::tr{'fwhost cust service'}


END } print<
END &Header::closebox(); } # View sub viewtablenet { if(! -z $confignet){ &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust net'}); &General::readhasharray("$confignet", \%customnetwork); if (!keys %customnetwork) { print "
$Lang::tr{'fwhost empty'}"; }else{ print< $Lang::tr{'name'}$Lang::tr{'fwhost netaddress'}$Lang::tr{'remark'}$Lang::tr{'used'} END } my $count=0; foreach my $key (sort {ncmp($a,$b)} keys %customnetwork) { if ($fwhostsettings{'ACTION'} eq 'editnet' && $fwhostsettings{'HOSTNAME'} eq $customnetwork{$key}[0]) { print" "; }elsif ($count % 2) { print" "; }else { print" "; } my $colnet="$customnetwork{$key}[1]/".&General::subtocidr($customnetwork{$key}[2]); print"
$customnetwork{$key}[0]".&Header::colorize($colnet)."$customnetwork{$key}[3]$customnetwork{$key}[4]x"; print< END if($customnetwork{$key}[4] == '0') { print"
"; }else{ print""; } $count++; } print""; &Header::closebox(); } } sub getcolor { my $c=shift; #Check if IP is part of OpenVPN N2N subnet foreach my $key (sort keys %ccdhost){ if ($ccdhost{$key}[3] eq 'net'){ my ($a,$b) = split("/",$ccdhost{$key}[11]); if (&General::IpInSubnet($c,$a,$b)){ $tdcolor="style='color:$Header::colourovpn ;'"; return $tdcolor; } } } #Check if IP is part of OpenVPN dynamic subnet my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'}); if (&General::IpInSubnet($c,$a,$b)){ $tdcolor="style='color: $Header::colourovpn;'"; return $tdcolor; } #Check if IP is part of OpenVPN static subnet foreach my $key (sort keys %ccdnet){ my ($a,$b) = split("/",$ccdnet{$key}[1]); $b =&General::iporsubtodec($b); if (&General::IpInSubnet($c,$a,$b)){ $tdcolor="style='color: $Header::colourovpn;'"; return $tdcolor; } } #Check if IP is part of IPsec RW network if ($ipsecsettings{'RW_NET'} ne ''){ my ($a,$b) = split("/",$ipsecsettings{'RW_NET'}); $b=&General::iporsubtodec($b); if (&General::IpInSubnet($c,$a,$b)){ $tdcolor="style='color: $Header::colourvpn;'"; return $tdcolor; } } #Check if IP is part of a IPsec N2N network foreach my $key (sort keys %ipsecconf){ my ($a,$b) = split("/",$ipsecconf{$key}[11]); if (&General::IpInSubnet($c,$a,$b)){ $tdcolor="style='color: $Header::colourvpn;'"; return $tdcolor; } } $tdcolor=''; return $tdcolor; } sub viewtablehost { if (! -z $confighost){ &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust addr'}); &General::readhasharray("$confighost", \%customhost); &General::readhasharray("$configccdnet", \%ccdnet); &General::readhasharray("$configccdhost", \%ccdhost); if (!keys %customhost) { print "
$Lang::tr{'fwhost empty'}"; }else{ print< $Lang::tr{'name'}$Lang::tr{'fwhost ip_mac'}$Lang::tr{'remark'}$Lang::tr{'used'} END } my $count=0; foreach my $key (sort { ncmp ($customhost{$a}[0],$customhost{$b}[0])} keys %customhost) { if ( ($fwhostsettings{'ACTION'} eq 'edithost' || $fwhostsettings{'error'}) && $fwhostsettings{'HOSTNAME'} eq $customhost{$key}[0]) { print" "; }elsif ($count % 2){ print" ";} else{ print" ";} my ($ip,$sub)=split(/\//,$customhost{$key}[2]); $customhost{$key}[4]=~s/\s+//g; print"$customhost{$key}[0]".&Header::colorize($ip)."$customhost{$key}[3]$customhost{$key}[4]x"; print<
END if($customhost{$key}[4] == '0') { print"
"; }else{ print""; } $count++; } print""; &Header::closebox(); } } sub viewtablegrp { if(! -z "$configgrp"){ &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust grp'}); &General::readhasharray("$configgrp", \%customgrp); &General::readhasharray("$configipsec", \%ipsecconf); &General::readhasharray("$configccdhost", \%ccdhost); &General::readhasharray("$configccdnet", \%ccdnet); &General::readhasharray("$confighost", \%customhost); &General::readhasharray("$confignet", \%customnetwork); my @grp=(); my $helper=''; my $count=1; my $grpname; my $remark; my $number; my $delflag; if (!keys %customgrp) { print "
$Lang::tr{'fwhost err emptytable'}"; }else{ foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } sort { ncmp($customgrp{$a}[2],$customgrp{$b}[2]) } keys %customgrp){ $count++; if ($helper ne $customgrp{$key}[0]){ $delflag='0'; foreach my $key1 (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } sort { ncmp($customgrp{$a}[2],$customgrp{$b}[2]) } keys %customgrp){ if ($customgrp{$key}[0] eq $customgrp{$key1}[0]) { $delflag++; } if($delflag > 1){ last; } } $number=1; if ($customgrp{$key}[2] eq "none"){$customgrp{$key}[2]=$Lang::tr{'fwhost err emptytable'};} $grpname=$customgrp{$key}[0]; $remark="$customgrp{$key}[1]"; if($count gt 1){ print"";} print "
$grpname   "; print " $Lang::tr{'remark'}:  $remark   " if ($remark ne ''); print "$Lang::tr{'used'}: $customgrp{$key}[4]x"; if($customgrp{$key}[4] == '0') { print"
"; } print"
"; print""; } if ( ($fwhostsettings{'ACTION'} eq 'editgrp' || $fwhostsettings{'update'} ne '') && $fwhostsettings{'grp_name'} eq $customgrp{$key}[0]) { print" "; }elsif ($count %2 == 0){ print""; }else{ print""; } my $ip=&getipforgroup($customgrp{$key}[2],$customgrp{$key}[3]); if ($ip eq ''){print"";} print ""; }else{ print "$customgrp{$key}[2]"; } if ($ip eq '' && $customgrp{$key}[2] ne $Lang::tr{'fwhost err emptytable'}){ print ""; $helper=$customgrp{$key}[0]; $number++; } print"
Name$Lang::tr{'ip address'}$Lang::tr{'fwhost type'}
"; if($customgrp{$key}[3] eq 'Standard Network'){ print &get_name($customgrp{$key}[2])."$Lang::tr{'fwhost deleted'}$customgrp{$key}[3]
"; }else{ my ($colip,$colsub) = split("/",$ip); $ip="$colip/".&General::subtocidr($colsub) if ($colsub); print"
".&Header::colorize($ip)."$customgrp{$key}[3]"; } if ($delflag > '1' && $ip ne ''){ print""; } print"
"; } &Header::closebox(); } } sub viewtableservice { my $count=0; if(! -z "$configsrv") { &Header::openbox('100%', 'left', $Lang::tr{'fwhost services'}); &General::readhasharray("$configsrv", \%customservice); print< $Lang::tr{'fwhost srv_name'}$Lang::tr{'fwhost prot'}$Lang::tr{'fwhost port'}ICMP$Lang::tr{'fwhost used'} END foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0])} keys %customservice) { $count++; if ( ($fwhostsettings{'updatesrv'} eq 'on' || $fwhostsettings{'error'}) && $fwhostsettings{'SRV_NAME'} eq $customservice{$key}[0]) { print" "; }elsif ($count % 2){ print" ";}else{ print" ";} print<$customservice{$key}[0]$customservice{$key}[2]$customservice{$key}[1] END if($customservice{$key}[3] eq 'All ICMP-Types'){print $Lang::tr{'fwdfw all icmp'};} elsif($customservice{$key}[3] ne 'BLANK'){print $customservice{$key}[3];} print<$customservice{$key}[4]x
END if ($customservice{$key}[4] eq '0') { print"
"; }else{ print""; } } print""; &Header::closebox(); } } sub viewtableservicegrp { my $count=0; my $grpname; my $remark; my $helper; my $port; my $protocol; my $delflag; if (! -z $configsrvgrp){ &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust srvgrp'}); &General::readhasharray("$configsrvgrp", \%customservicegrp); &General::readhasharray("$configsrv", \%customservice); my $number= keys %customservicegrp; foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){ $count++; if ($helper ne $customservicegrp{$key}[0]){ $delflag=0; foreach my $key1 (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } sort { ncmp($customservicegrp{$a}[2],$customservicegrp{$b}[2]) } keys %customservicegrp){ if ($customservicegrp{$key}[0] eq $customservicegrp{$key1}[0]) { $delflag++; } if($delflag > 1){ last; } } $grpname=$customservicegrp{$key}[0]; if ($customservicegrp{$key}[2] eq "none"){ $customservicegrp{$key}[2]=$Lang::tr{'fwhost empty'}; $port=''; $protocol=''; } $remark="$customservicegrp{$key}[1]"; if($count >=2){print"";} print "
$grpname    "; print "$Lang::tr{'remark'}:  $remark " if ($remark ne ''); print "  $Lang::tr{'used'}: $customservicegrp{$key}[3]x"; if($customservicegrp{$key}[3] == '0') { print"
"; } print"
"; print""; } if( $fwhostsettings{'SRVGRP_NAME'} eq $customservicegrp{$key}[0]) { print" "; }elsif ($count %2 == 0){ print""; }else{ print""; } print ""; foreach my $srv (sort keys %customservice){ if ($customservicegrp{$key}[2] eq $customservice{$srv}[0]){ $protocol=$customservice{$srv}[2]; $port=$customservice{$srv}[1]; last; } } print""; $helper=$customservicegrp{$key}[0]; } print"
Name$Lang::tr{'port'}$Lang::tr{'fwhost prot'}
$customservicegrp{$key}[2]$port$protocol
"; if ($delflag gt '1'){ print""; } print"
"; &Header::closebox(); } } # Check sub checkname { my %hash=%{(shift)}; foreach my $key (keys %hash) { if($hash{$key}[0] eq $fwhostsettings{'HOSTNAME'}){ return 0; } } return 1; } sub checkgroup { my %hash=%{(shift)}; my $name=shift; foreach my $key (keys %hash) { if($hash{$key}[0] eq $name){ return 0; } } return 1; } sub checkip { my %hash=%{(shift)}; my $a=shift; foreach my $key (keys %hash) { if($hash{$key}[$a] eq $fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'})){ return 0; } } return 1; } sub checksubnet { my %hash=%{(shift)}; &General::readhasharray("$confignet", \%hash); foreach my $key (keys %hash) { if(&General::IpInSubnet($fwhostsettings{'IP'},$hash{$key}[1],$hash{$key}[2])) { return 1; } } return 0; } sub checkservicegroup { &General::readhasharray("$configsrvgrp", \%customservicegrp); #check name if ( ! &validhostname($fwhostsettings{'SRVGRP_NAME'})) { $errormessage.=$Lang::tr{'fwhost err name'}."
"; return $errormessage; } #check empty selectbox if (keys %customservice lt 1) { $errormessage.=$Lang::tr{'fwhost err groupempty'}."
"; } #check if name already exists if ($fwhostsettings{'updatesrvgrp'} ne 'on'){ foreach my $key (keys %customservicegrp) { if( $customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'} ){ $errormessage.=$Lang::tr{'fwhost err grpexist'}."
"; } } } #check if service already exists in group foreach my $key (keys %customservicegrp) { if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'} && $customservicegrp{$key}[2] eq $fwhostsettings{'CUST_SRV'} ){ $errormessage.=$Lang::tr{'fwhost err srvexist'}."
"; } } return $errormessage; } sub error { if ($errormessage) { &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); print "$errormessage\n"; print " \n"; &Header::closebox(); } } sub hint { if ($hint) { &Header::openbox('100%', 'left', $Lang::tr{'fwhost hint'}); print "$hint\n"; print " \n"; &Header::closebox(); } } sub get_name { my $val=shift; &General::setup_default_networks(\%defaultNetworks); foreach my $network (sort keys %defaultNetworks) { return "$network" if ($val eq $defaultNetworks{$network}{'NAME'}); } } sub deletefromgrp { my $target=shift; my $config=shift; my %hash=(); &General::readhasharray("$config",\%hash); foreach my $key (keys %hash) { $errormessage.="lese $hash{$key}[2] und $target
"; if($hash{$key}[2] eq $target){ delete $hash{$key}; $errormessage.="Habe $target aus Gruppe gelöscht!
"; } } &General::writehasharray("$config",\%hash); } sub plausicheck { my $edit=shift; #check hostname if (!&validhostname($fwhostsettings{'HOSTNAME'})) { $errormessage=$errormessage.$Lang::tr{'fwhost err name'}; $fwhostsettings{'BLK_IP'}='readonly'; $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'}; if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;} } #check if name collides with CCD Netname &General::readhasharray("$configccdnet", \%ccdnet); foreach my $key (keys %ccdnet) { if($ccdnet{$key}[0] eq $fwhostsettings{'HOSTNAME'}){ $errormessage=$errormessage.$Lang::tr{'fwhost err isccdnet'};; $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'}; if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;} last; } } #check if IP collides with CCD NetIP if ($fwhostsettings{'type'} ne 'mac'){ &General::readhasharray("$configccdnet", \%ccdnet); foreach my $key (keys %ccdnet) { my $test=(&General::getnetworkip($fwhostsettings{'IP'},&General::iporsubtocidr($fwhostsettings{'SUBNET'})))."/".$fwhostsettings{'SUBNET'}; if($ccdnet{$key}[1] eq $test){ $errormessage=$errormessage.$Lang::tr{'fwhost err isccdipnet'}; $fwhostsettings{'IP'} = $fwhostsettings{'orgip'}; $fwhostsettings{'SUBNET'} = $fwhostsettings{'orgsubnet'}; if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;} last; } } } #check if name collides with CCD Hostname &General::readhasharray("$configccdhost", \%ccdhost); foreach my $key (keys %ccdhost) { my ($ip,$sub)=split(/\//,$ccdhost{$key}[33]); if($ip eq $fwhostsettings{'IP'}){ $errormessage=$Lang::tr{'fwhost err isccdiphost'}; if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;} last; } } #check if IP collides with CCD HostIP (only hosts) if ($edit eq 'edithost') { foreach my $key (keys %ccdhost) { if($ccdhost{$key}[1] eq $fwhostsettings{'HOSTNAME'}){ $errormessage=$Lang::tr{'fwhost err isccdhost'}; $fwhostsettings{'IP'} = $fwhostsettings{'orgname'}; if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;} last; } } } #check if network with this name already exists &General::readhasharray("$confignet", \%customnetwork); if (!&checkname(\%customnetwork)) { $errormessage=$errormessage."
".$Lang::tr{'fwhost err netexist'}; $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'}; if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;} } #check if network ip already exists if (!&checkip(\%customnetwork,1)) { $errormessage=$errormessage."
".$Lang::tr{'fwhost err net'}; if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;} } #check if host with this name already exists &General::readhasharray("$confighost", \%customhost); if (!&checkname(\%customhost)) { $errormessage.="
".$Lang::tr{'fwhost err hostexist'}; $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'}; if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;} } #check if host with this ip already exists if (!&checkip(\%customhost,2)) { $errormessage=$errormessage."
".$Lang::tr{'fwhost err ipcheck'}; } return; } sub getipforgroup { my $name=$_[0], my $type=$_[1]; my $value; #get address from IPSEC NETWORK if ($type eq 'IpSec Network'){ foreach my $key (keys %ipsecconf) { if ($ipsecconf{$key}[1] eq $name){ return $ipsecconf{$key}[11]; } } &deletefromgrp($name,$configgrp); } #get address from IPSEC HOST if ($type eq 'IpSec Host'){ foreach my $key (keys %ipsecconf) { if ($ipsecconf{$key}[1] eq $name){ return $ipsecconf{$key}[10]; } } &deletefromgrp($name,$configgrp); } #get address from ovpn ccd Net-2-Net if ($type eq 'OpenVPN N-2-N'){ foreach my $key (keys %ccdhost) { if($ccdhost{$key}[1] eq $name){ my ($a,$b) = split ("/",$ccdhost{$key}[11]); $b=&General::iporsubtodec($b); return "$a/$b"; } } &deletefromgrp($name,$configgrp); } #get address from ovpn ccd static host if ($type eq 'OpenVPN static host'){ foreach my $key (keys %ccdhost) { if($ccdhost{$key}[1] eq $name){ my ($a,$b) = split (/\//,$ccdhost{$key}[33]); $b=&General::iporsubtodec($b); return "$a/$b"; } } &deletefromgrp($name,$configgrp); } #get address from ovpn ccd static net if ($type eq 'OpenVPN static network'){ foreach my $key (keys %ccdnet) { if ($ccdnet{$key}[0] eq $name){ my ($a,$b) = split (/\//,$ccdnet{$key}[1]); $b=&General::iporsubtodec($b); return "$a/$b"; } } } #check custom addresses if ($type eq 'Custom Host'){ foreach my $key (keys %customhost) { if ($customhost{$key}[0] eq $name){ my ($ip,$sub) = split("/",$customhost{$key}[2]); return $ip; } } } ##check custom networks if ($type eq 'Custom Network'){ foreach my $key (keys %customnetwork) { if($customnetwork{$key}[0] eq $name){ return $customnetwork{$key}[1]."/".$customnetwork{$key}[2]; } } } #check standard networks if ($type eq 'Standard Network'){ if ($name =~ /OpenVPN/i){ my %ovpn=(); &General::readhash("${General::swroot}/ovpn/settings",\%ovpn); return $ovpn{'DOVPN_SUBNET'}; } if ($name eq 'GREEN'){ my %hash=(); &General::readhash("${General::swroot}/ethernet/settings",\%hash); return $hash{'GREEN_NETADDRESS'}."/".$hash{'GREEN_NETMASK'}; } if ($name eq 'BLUE'){ my %hash=(); &General::readhash("${General::swroot}/ethernet/settings",\%hash); return $hash{'BLUE_NETADDRESS'}."/".$hash{'BLUE_NETMASK'}; } if ($name eq 'ORANGE'){ my %hash=(); &General::readhash("${General::swroot}/ethernet/settings",\%hash); return $hash{'ORANGE_NETADDRESS'}."/".$hash{'ORANGE_NETMASK'}; } if ($name eq 'ALL'){ return "0.0.0.0/0.0.0.0"; } if ($name =~ /IPsec/i){ my %hash=(); &General::readhash("${General::swroot}/vpn/settings",\%hash); return $hash{'RW_NET'}; } } } sub decrease { my $grp=$_[0]; &General::readhasharray("$confignet", \%customnetwork); &General::readhasharray("$confighost", \%customhost); foreach my $key (sort keys %customgrp ){ if ( ($customgrp{$key}[0] eq $grp) && ($customgrp{$key}[3] eq 'Custom Network')){ foreach my $key1 (sort keys %customnetwork){ if ($customnetwork{$key1}[0] eq $customgrp{$key}[2]){ $customnetwork{$key1}[4]=$customnetwork{$key1}[4]-1; last; } } } if (($customgrp{$key}[0] eq $grp) && ($customgrp{$key}[3] eq 'Custom Host')){ foreach my $key2 (sort keys %customhost){ if ($customhost{$key2}[0] eq $customgrp{$key}[2]){ $customhost{$key2}[4]=$customhost{$key2}[4]-1; last; } } } } &General::writehasharray("$confignet", \%customnetwork); &General::writehasharray("$confighost", \%customhost); } sub decreaseservice { my $grp=$_[0]; &General::readhasharray("$configsrv", \%customservice); &General::readhasharray("$configsrvgrp", \%customservicegrp); foreach my $key (sort keys %customservicegrp){ if ($customservicegrp{$key}[0] eq $grp ){ foreach my $key2 (sort keys %customservice){ if ($customservice{$key2}[0] eq $customservicegrp{$key}[2]){ $customservice{$key2}[4]--; } } } } &General::writehasharray("$configsrv", \%customservice); } sub checkports { my %hash=%{(shift)}; #check empty fields if ($fwhostsettings{'SRV_NAME'} eq '' ){ $errormessage=$Lang::tr{'fwhost err name1'}; } if ($fwhostsettings{'SRV_PORT'} eq '' && $fwhostsettings{'PROT'} ne 'ICMP'){ $errormessage=$Lang::tr{'fwhost err port'}; } #check valid name if (! &validhostname($fwhostsettings{'SRV_NAME'})){ $errormessage="
".$Lang::tr{'fwhost err name'}; } #change dashes with : $fwhostsettings{'SRV_PORT'}=~ tr/-/:/; if ($fwhostsettings{'SRV_PORT'} eq "*") { $fwhostsettings{'SRV_PORT'} = "1:65535"; } if ($fwhostsettings{'SRV_PORT'} =~ /^(\D)\:(\d+)$/) { $fwhostsettings{'SRV_PORT'} = "1:$2"; } if ($fwhostsettings{'SRV_PORT'} =~ /^(\d+)\:(\D)$/) { $fwhostsettings{'SRV_PORT'} = "$1:65535"; } if($fwhostsettings{'PROT'} ne 'ICMP'){ $errormessage = $errormessage.&General::validportrange($fwhostsettings{'SRV_PORT'}, 'src'); } # a new service has to have a different name foreach my $key (keys %hash){ if ($hash{$key}[0] eq $fwhostsettings{'SRV_NAME'}){ $errormessage = "
".$Lang::tr{'fwhost err srv exists'}; last; } } return $errormessage; } sub validhostname { # Checks a hostname against RFC1035 my $hostname = $_[0]; # Each part should be at least two characters in length # but no more than 63 characters if (length ($hostname) < 1 || length ($hostname) > 63) { return 0;} # Only valid characters are a-z, A-Z, 0-9 and - if ($hostname !~ /^[a-zA-ZäöüÖÄÜ0-9-_.;()\/\s]*$/) { return 0;} # First character can only be a letter or a digit if (substr ($hostname, 0, 1) !~ /^[a-zA-ZöäüÖÄÜ0-9]*$/) { return 0;} # Last character can only be a letter or a digit if (substr ($hostname, -1, 1) !~ /^[a-zA-ZöäüÖÄÜ0-9()]*$/) { return 0;} return 1; } sub validremark { # Checks a hostname against RFC1035 my $remark = $_[0]; # Each part should be at least two characters in length # but no more than 63 characters if (length ($remark) < 1 || length ($remark) > 255) { return 0;} # Only valid characters are a-z, A-Z, 0-9 and - if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-.:;\|_()\/\s]*$/) { return 0;} # First character can only be a letter or a digit if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÖÄÜ0-9]*$/) { return 0;} # Last character can only be a letter or a digit if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9.:;_)]*$/) { return 0;} return 1; } &Header::closebigbox(); &Header::closepage();