}
}
}else{
- $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
- return $errormessage;
+ if ($fwdfwsettings{'grp2'} ne 'ipfire'){
+ $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
+ return $errormessage;
+ }
}
}
if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){
&base;
}
}
+sub del_double
+{
+ my %all=();
+ @all{@_}=1;
+ return (keys %all);
+}
sub disable_rule
{
my $key1=shift;
}
#Check if IP is part of a IPsec N2N network
foreach my $key (sort keys %ipsecconf){
- my ($a,$b) = split("/",$ipsecconf{$key}[11]);
- $b=&General::iporsubtodec($b);
- if (&General::IpInSubnet($c,$a,$b)){
- $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
- return;
+ if ($ipsecconf{$key}[11]){
+ my ($a,$b) = split("/",$ipsecconf{$key}[11]);
+ $b=&General::iporsubtodec($b);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
+ return;
+ }
}
}
}
$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
$selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
+ $selected{'dnat'}{$fwdfwsettings{'dnat'}} ='selected';
}
}
$fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'};
if (! -z "${General::swroot}/ethernet/aliases"){
foreach my $alias (sort keys %aliases)
{
- print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
+ print "<option value='$alias' $selected{'ipfire_src'}{$alias}>$alias</option>";
}
}
print<<END;
</td>
END
- if (%aliases) {
- print <<END;
+ print <<END;
<td width='25%' align='right'>$Lang::tr{'dnat address'}:</td>
<td width='30%'>
<select name='dnat' style='width: 100%;'>
- <option value='Default IP' $selected{'dnat'}{'Default IP'}>$Lang::tr{'default ip'} ($netsettings{'RED_ADDRESS'})</option>
+ <option value='AUTO' $selected{'dnat'}{'AUTO'}>- $Lang::tr{'automatic'} -</option>
+ <option value='Default IP' $selected{'dnat'}{'Default IP'}>$Lang::tr{'red1'} ($redip)</option>
END
+ if (%aliases) {
foreach my $alias (sort keys %aliases) {
print "<option value='$alias' $selected{'dnat'}{$alias}>$alias ($aliases{$alias}{'IPT'})</option>";
}
-
- print "</select>";
- } else {
- print <<END;
- <td colspan="2" width='55%'>
- <input type='hidden' name='dnat' value='Default IP'>
- </td>
-END
}
+ #DNAT Dropdown
+ foreach my $network (sort keys %defaultNetworks)
+ {
+ if ($defaultNetworks{$network}{'NAME'} eq 'BLUE'||$defaultNetworks{$network}{'NAME'} eq 'GREEN' ||$defaultNetworks{$network}{'NAME'} eq 'ORANGE'){
+ print "<option value='$defaultNetworks{$network}{'NAME'}'";
+ print " selected='selected'" if ($fwdfwsettings{'dnat'} eq $defaultNetworks{$network}{'NAME'});
+ print ">$network ($defaultNetworks{$network}{'NET'})</option>";
+ }
+ }
+ print "</select>";
print "</tr>";
#SNAT
foreach my $alias (sort keys %aliases) {
print "<option value='$alias' $selected{'snat'}{$alias}>$alias ($aliases{$alias}{'IPT'})</option>";
}
-
- # XXX this is composed in a very ugly fashion
+ # SNAT Dropdown
foreach my $network (sort keys %defaultNetworks) {
- next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
- next if($defaultNetworks{$network}{'NAME'} eq "ALL");
- next if($defaultNetworks{$network}{'NAME'} =~ /OpenVPN/i);
- next if($defaultNetworks{$network}{'NAME'} =~ /IPsec/i);
-
- print "<option value='$defaultNetworks{$network}{'NAME'}'";
- print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'nat'}} eq $defaultNetworks{$network}{'NAME'});
- print ">$network ($defaultNetworks{$network}{'NET'})</option>";
+ if ($defaultNetworks{$network}{'NAME'} eq 'BLUE'||$defaultNetworks{$network}{'NAME'} eq 'GREEN' ||$defaultNetworks{$network}{'NAME'} eq 'ORANGE'){
+ print "<option value='$defaultNetworks{$network}{'NAME'}'";
+ print " selected='selected'" if ($fwdfwsettings{'snat'} eq $defaultNetworks{$network}{'NAME'});
+ print ">$network ($defaultNetworks{$network}{'NET'})</option>";
+ }
}
-
print <<END;
</select>
</td>
if($$hash{$key}[3] eq 'ipsec_net_src'){
if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[3] eq 'ovpn_net_src'){
if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[3] eq 'ovpn_n2n_src'){
if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[3] eq 'ovpn_host_src'){
if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}
}
if($$hash{$key}[5] eq 'ipsec_net_tgt'){
if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[5] eq 'ovpn_net_tgt'){
if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[5] eq 'ovpn_n2n_tgt'){
if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[5] eq 'ovpn_host_tgt'){
if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}
}
foreach my $netgroup (sort keys %customgrp){
if(($$hash{$key}[4] eq $customgrp{$netgroup}[0] || $$hash{$key}[6] eq $customgrp{$netgroup}[0]) && $customgrp{$netgroup}[2] eq 'none'){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}
foreach my $srvgroup (sort keys %customservicegrp){
if($$hash{$key}[15] eq $customservicegrp{$srvgroup}[0] && $customservicegrp{$srvgroup}[2] eq 'none'){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}
$$hash{'ACTIVE'}=$$hash{$key}[2];
<td align='center' $tdcolor>
END
#Is this a DNAT rule?
+ my $natstring;
if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
- print "Firewall ($$hash{$key}[29])";
+ if ($$hash{$key}[29] eq 'Default IP'){$$hash{$key}[29]=$Lang::tr{'red1'};}
+ if ($$hash{$key}[29] eq 'AUTO'){
+ my @src_addresses=&fwlib::get_addresses(\%$hash,$key,'src');
+ my @nat_ifaces;
+ foreach my $val (@src_addresses){
+ push (@nat_ifaces,&fwlib::get_nat_address($$hash{$key}[29],$val));
+ }
+ @nat_ifaces=&del_double(@nat_ifaces);
+ $natstring = join(', ', @nat_ifaces);
+ }else{
+ $natstring = $$hash{$key}[29];
+ }
+ print "$Lang::tr{'firewall'} ($natstring)";
if($$hash{$key}[30] ne ''){
$$hash{$key}[30]=~ tr/|/,/;
print": $$hash{$key}[30]";