// dropdown menu changes.
\$("select").change(function() {
var id = \$(this).attr("name");
-
- // When using SNAT or DNAT, check "USE NAT" Checkbox
- if (id === 'snat' || id === 'dnat') {
- \$('#USE_NAT').prop('checked', true);
- }
\$('#' + id).prop("checked", true);
});
});
}
}
if (!$errormessage){
- &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
- if ($fwdfwsettings{'nobase'} ne 'on'){
- &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
- }
- if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
- &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
- }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }
if($fwdfwsettings{'nosave2'} ne 'on'){
&saverule(\%configinputfw,$configinput);
}
}
#increase counters
if (!$errormessage){
- &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
- &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
- if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
- &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
- }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }
- if ($fwdfwsettings{'nobase'} eq 'on'){
- &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }
if ($fwdfwsettings{'nosave2'} ne 'on'){
&saverule(\%configoutgoingfw,$configoutgoing);
}
}
#increase counters
if (!$errormessage){
- &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
- &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
- if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
- &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
- }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }
- if ($fwdfwsettings{'nobase'} eq 'on'){
- &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }
if ($fwdfwsettings{'nosave2'} ne 'on'){
&saverule(\%configfwdfw,$configfwdfw);
}
$fwdfwsettings{'config'}=$oldchain;
$fwdfwsettings{'nobase'}='on';
&deleterule;
- &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
- &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}
sub checksource
{
{
#check valid port for NAT
if($fwdfwsettings{'USE_NAT'} eq 'ON'){
- #if no port is given in nat area, take target host port
+ #if no dest port is given in nat area, take target host port
if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$fwdfwsettings{'TGT_PORT'};}
+ if($fwdfwsettings{'TGT_PORT'} eq '' && $fwdfwsettings{'dnatport'} ne '' && ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP')){
+ $errormessage=$Lang::tr{'fwdfw dnat porterr2'};
+ }
#check if port given in nat area is a single valid port or portrange
if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'dnatport'})){
$errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
}
$fwdfwsettings{'dnatport'}=join("|",@values);
}
+ #check if a rule with prot tcp or udp and ports is edited and now prot is "all", then delete all ports
+ if($fwdfwsettings{'PROT'} eq ''){
+ $fwdfwsettings{'dnatport'}='';
+ }
}
#check valid remark
if ($fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
$fwdfwsettings{'ICMP_TYPES'}='';
}
}
-sub checkcounter
-{
- my ($base1,$val1,$base2,$val2) = @_;
-
- if($base1 eq 'cust_net_src' || $base1 eq 'cust_net_tgt'){
- &dec_counter($confignet,\%customnetwork,$val1);
- }elsif($base1 eq 'cust_host_src' || $base1 eq 'cust_host_tgt'){
- &dec_counter($confighost,\%customhost,$val1);
- }elsif($base1 eq 'cust_grp_src' || $base1 eq 'cust_grp_tgt'){
- &dec_counter($configgrp,\%customgrp,$val1);
- }elsif($base1 eq 'cust_srv'){
- &dec_counter($configsrv,\%customservice,$val1);
- }elsif($base1 eq 'cust_srvgrp'){
- &dec_counter($configsrvgrp,\%customservicegrp,$val1);
- }
-
- if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){
- &inc_counter($confignet,\%customnetwork,$val2);
- }elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){
- &inc_counter($confighost,\%customhost,$val2);
- }elsif($base2 eq 'cust_grp_src' || $base2 eq 'cust_grp_tgt'){
- &inc_counter($configgrp,\%customgrp,$val2);
- }elsif($base2 eq 'cust_srv'){
- &inc_counter($configsrv,\%customservice,$val2);
- }elsif($base2 eq 'cust_srvgrp'){
- &inc_counter($configsrvgrp,\%customservicegrp,$val2);
- }
-}
sub checkvpn
{
my $ip=shift;
my %delhash=();
&General::readhasharray($fwdfwsettings{'config'}, \%delhash);
foreach my $key (sort {$a <=> $b} keys %delhash){
- if ($key == $fwdfwsettings{'key'}){
- #check hosts/net and groups
- &checkcounter($delhash{$key}[3],$delhash{$key}[4],,);
- &checkcounter($delhash{$key}[5],$delhash{$key}[6],,);
- #check services and groups
- if ($delhash{$key}[11] eq 'ON'){
- &checkcounter($delhash{$key}[14],$delhash{$key}[15],,);
- }
- }
if ($key >= $fwdfwsettings{'key'}) {
my $next = $key + 1;
if (exists $delhash{$next}) {
&General::writehasharray("$configfwdfw", \%configfwdfw);
&General::firewall_config_changed();
}
-sub dec_counter
-{
- my $config=shift;
- my %hash=%{(shift)};
- my $val=shift;
- my $pos;
- &General::readhasharray($config, \%hash);
- foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
- if($hash{$key}[0] eq $val){
- $pos=$#{$hash{$key}};
- $hash{$key}[$pos] = $hash{$key}[$pos]-1;
- }
- }
- &General::writehasharray($config, \%hash);
-}
sub error
{
if ($errormessage) {
if ($show eq '1'){$show='';print"</select></td></tr>";}
#IPsec netze
foreach my $key (sort { ncmp($ipsecconf{$a}[1],$ipsecconf{$b}[1]) } keys %ipsecconf) {
- if ($ipsecconf{$key}[3] eq 'net' || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
+ if ($ipsecconf{$key}[3] eq 'net' || ($optionsfw{'SHOWDROPDOWN'} eq 'on' && $ipsecconf{$key}[3] ne 'host')){
print"<tr><td valign='top'><input type='radio' name='$grp' value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' style='width:200px;'>" if ($show eq '');
$show='1';
print "<option ";
open (CONN1,"/var/ipfire/red/local-ipaddress");
my $redip = <CONN1>;
close(CONN1);
+ if (! $fwdfwsettings{'RULE_ACTION'} && $fwdfwsettings{'POLICY'} eq 'MODE2'){
+ $fwdfwsettings{'RULE_ACTION'}='DROP';
+ }elsif(! $fwdfwsettings{'RULE_ACTION'} && $fwdfwsettings{'POLICY'} eq 'MODE1'){
+ $fwdfwsettings{'RULE_ACTION'}='ACCEPT';
+ }
$checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
$checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
$checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
$checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
$checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
$checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED';
+ $checked{'nat'}{$fwdfwsettings{'nat'}} = 'CHECKED';
$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
}
}
}
+ # Split manual source and target address and delete the subnet
+ my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ if ($scidr eq '32'){$fwdfwsettings{$fwdfwsettings{'grp1'}}=$sip;}
+ my ($dip,$dcidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp2'}});
+ if ($scidr eq '32'){$fwdfwsettings{$fwdfwsettings{'grp2'}}=$dip;}
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'});
<td width='5%'></td>
<td width='40%'>
<label>
- <input type='radio' name='nat' id='dnat' value='dnat' checked>
+ <input type='radio' name='nat' value='dnat' $checked{'nat'}{'dnat'}>
$Lang::tr{'fwdfw dnat'}
</label>
</td>
<td width='5%'></td>
<td width='40%'>
<label>
- <input type='radio' name='nat' id='snat' value='snat' $checked{'nat'}{'snat'}>
+ <input type='radio' name='nat' value='snat' $checked{'nat'}{'snat'}>
$Lang::tr{'fwdfw snat'}
</label>
</td>
END
&Header::closebox;
-
- $checked{"RULE_ACTION"} = ();
- foreach ("ACCEPT", "DROP", "REJECT") {
- $checked{"RULE_ACTION"}{$_} = "";
- }
-
- if($fwdfwsettings{'updatefwrule'} eq 'on') {
- $checked{"RULE_ACTION"}{$fwdfwsettings{'RULE_ACTION'}} = "checked";
- } elsif ($fwdfwsettings{'POLICY'} eq 'MODE1') {
- $checked{"RULE_ACTION"}{"ACCEPT"} = "checked";
- } elsif ($fwdfwsettings{'POLICY'} eq 'MODE2') {
- $checked{"RULE_ACTION"}{"DROP"} = "checked";
- }
-
+ $checked{"RULE_ACTION"}{$fwdfwsettings{'RULE_ACTION'}} = 'CHECKED';
print <<END;
<hr><br>
-
<center>
<table width="80%" border="0">
<tr>
<input type='hidden' name='oldorange' value='$fwdfwsettings{'oldorange'}' />
<input type='hidden' name='oldnat' value='$fwdfwsettings{'oldnat'}' />
<input type='hidden' name='oldruletype' value='$fwdfwsettings{'oldruletype'}' />
+ <input type='hidden' name='nat' value='$fwdfwsettings{'nat'}' />
<input type='hidden' name='ACTION' value='saverule' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value'reset'></td></td>
</table></form>
END
return 0;}
return 1;
}
-
-sub viewtablerule {
+sub viewtablerule
+{
&General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
&viewtablenew(\%configfwdfw, $configfwdfw, $Lang::tr{'firewall rules'});
&viewtablenew(\%configinputfw, $configinput, $Lang::tr{'external access'});
&viewtablenew(\%configoutgoingfw, $configoutgoing, $Lang::tr{'outgoing firewall'});
}
-
sub viewtablenew
{
my $hash=shift;
}
}elsif ($$hash{$key}[4] eq 'RED1'){
print "$ipfireiface $Lang::tr{'fwdfw red'}";
+ }elsif ($$hash{$key}[4] eq 'ALL'){
+ print "$ipfireiface $Lang::tr{'all'}";
}else{
- print "$$hash{$key}[4]";
+ if ($$hash{$key}[4] eq 'GREEN' || $$hash{$key}[4] eq 'ORANGE' || $$hash{$key}[4] eq 'BLUE' || $$hash{$key}[4] eq 'RED'){
+ print "$ipfireiface $Lang::tr{lc($$hash{$key}[4])}";
+ }else{
+ print "$ipfireiface $$hash{$key}[4]";
+ }
}
$tdcolor='';
#SOURCEPORT
}
print"<br>->";
}
- if ($$hash{$key}[5] eq 'ipfire'){
- $ipfireiface='Interface';
- }
- if ($$hash{$key}[5] eq 'std_net_tgt' || $$hash{$key}[5] eq 'ipfire' || $$hash{$key}[6] eq 'RED1' || $$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq 'ORANGE' || $$hash{$key}[6] eq 'BLUE' ){
+ if ($$hash{$key}[5] eq 'std_net_tgt' || $$hash{$key}[5] eq 'ipfire'){
if ($$hash{$key}[6] eq 'RED1'){
- print "$ipfireiface $Lang::tr{'red1'}";
+ print "$Lang::tr{'red1'}";
}elsif ($$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq 'ORANGE' || $$hash{$key}[6] eq 'BLUE'|| $$hash{$key}[6] eq 'ALL' || $$hash{$key}[6] eq 'RED')
{
- print "$ipfireiface ".&get_name($$hash{$key}[6]);
+ print &get_name($$hash{$key}[6]);
}else{
print $$hash{$key}[6];
}
projects / people / teissler / ipfire-2.x.git / blobdiff