- print "\n";
- print"##################################\n";
- #print rules to console
- foreach my $DPROT (@DPROT){
- $DPORT = &get_port($hash,$key,$DPROT);
- $PROT=$DPROT;
- $PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
- foreach my $a (sort keys %sourcehash){
- foreach my $b (sort keys %targethash){
- if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
- if($DPROT ne ''){
- if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";}
- if(substr($DPORT, 2, 4) eq 'icmp'){
- my @icmprule= split(",",substr($DPORT, 12,));
- foreach (@icmprule){
- $icmptype="--icmp-type ";
- if ($_ eq "BLANK") {
- $icmptype="";
- $_="";
- }
- if ($$hash{$key}[17] eq 'ON'){
- print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $icmptype $_ $TIME -j LOG\n";
- }
- print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $icmptype $_ $TIME -j $$hash{$key}[0]\n";
+ foreach my $a (sort keys %sourcehash){
+ foreach my $b (sort keys %targethash){
+ if(! $sourcehash{$a}[0] || ! $targethash{$b}[0] || ($natip eq '-d ' && $$hash{$key}[28] eq 'ON') || (!$natip && $$hash{$key}[28] eq 'ON')){
+ #Skip rules when no RED IP is set (DHCP,DSL)
+ next;
+ }
+ next if ($targethash{$b}[0] eq 'none');
+ $STAG='';
+ if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
+ if($DPROT ne ''){
+ if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";}
+ #Process ICMP RULE
+ if(substr($DPORT, 2, 4) eq 'icmp'){
+ my @icmprule= split(",",substr($DPORT, 12,));
+ foreach (@icmprule){
+ $icmptype="--icmp-type ";
+ if ($_ eq "BLANK") {
+ $icmptype="";
+ $_="";