]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blobdiff - config/forwardfw/rules.pl
projects / people / teissler / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Forward Firewall: set standard config for Firewall
[people/teissler/ipfire-2.x.git] / config / forwardfw / rules.pl
diff --git a/config/forwardfw/rules.pl b/config/forwardfw/rules.pl
index 58bdf2a053f297d3bcd99243dd501d6684cf3f68..1ac1bb34534092867182c7b77a48fbf76991daf8 100755 (executable)
--- a/config/forwardfw/rules.pl
+++ b/config/forwardfw/rules.pl
@@ -66,7 +66,7 @@ my $CHAIN="FORWARDFW";
 ################################
 #    DEBUG/TEST                #
 ################################
-my $MODE=0;     # 0 - normal operation
+my $MODE=1;     # 0 - normal operation
                                # 1 - print configline and rules to console     
                                # 
 ################################               
@@ -97,7 +97,6 @@ if($param eq 'flush'){
                }
        }
 }
-
 sub flush
 {
        system ("iptables -F FORWARDFW");
@@ -116,12 +115,12 @@ sub buildrules
 {
        my $hash=shift;
        my $STAG;
-       foreach my $key (sort keys %$hash){
+       foreach my $key (sort {$a <=> $b} keys %$hash){
                $STAG='';
                if($$hash{$key}[2] eq 'ON'){
                        #get source ip's
                        if ($$hash{$key}[3] eq 'cust_grp_src'){
-                               foreach my $grp (sort keys %customgrp){
+                               foreach my $grp (sort {$a <=> $b} keys %customgrp){
                                                if($customgrp{$grp}[0] eq $$hash{$key}[4]){
                                                &get_address($customgrp{$grp}[3],$customgrp{$grp}[2],"src");
                                        }
@@ -131,7 +130,7 @@ sub buildrules
                        }
                        #get target ip's
                        if ($$hash{$key}[5] eq 'cust_grp_tgt'){
-                               foreach my $grp (sort keys %customgrp){
+                               foreach my $grp (sort {$a <=> $b} keys %customgrp){
                                        if($customgrp{$grp}[0] eq $$hash{$key}[6]){
                                                &get_address($customgrp{$grp}[3],$customgrp{$grp}[2],"tgt");
                                        }
@@ -188,7 +187,6 @@ sub buildrules
                                print "\n";
                                print"##################################\n";
                                #print rules to console
-
                                foreach my $DPROT (@DPROT){
                                        $DPORT = &get_port($hash,$key,$DPROT);
                                        if ($SPROT ne ''){$PROT=$SPROT;}else{$PROT=$DPROT;}
@@ -197,7 +195,7 @@ sub buildrules
                                                foreach my $b (sort keys %targethash){
                                                        if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none'){
                                                                if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){
-                                                                       if(substr($sourcehash{$a}[0], 4, 6) eq 'mac'){ $STAG="-s";}
+                                                                       if(substr($sourcehash{$a}[0], 3, 3) ne 'mac'){ $STAG="-s";}
                                                                        if ($$hash{$key}[17] eq 'ON'){
                                                                                print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
                                                                        }
@@ -217,7 +215,7 @@ sub buildrules
                                                foreach my $b (sort keys %targethash){
                                                        if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none'){
                                                                if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){
-                                                                       if(substr($sourcehash{$a}[0], 4, 6) eq 'mac'){ $STAG="-s";}
+                                                                       if(substr($sourcehash{$a}[0], 3, 3) ne 'mac'){ $STAG="-s";}
                                                                        if ($$hash{$key}[17] eq 'ON'){
                                                                                system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG");
                                                                        }
Timo's tree of IPFire 2.x