my %optionsfw=();
my %ifaces=();
-my $VERSION='0.9.9.6';
+my $VERSION='0.9.9.8';
my $color;
my $confignet = "${General::swroot}/fwhosts/customnetworks";
my $confighost = "${General::swroot}/fwhosts/customhosts";
if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
$fwdfwsettings{'oldrulenumber'}=$maxkey;
foreach my $key (sort keys %confignatfw){
- #print"$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'snatport'},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}<br>";
- #print"$confignatfw{$key}[0],$confignatfw{$key}[2],$confignatfw{$key}[3],$confignatfw{$key}[4],$confignatfw{$key}[5],$confignatfw{$key}[6],$confignatfw{$key}[7],$confignatfw{$key}[8],$confignatfw{$key}[9],$confignatfw{$key}[10],$confignatfw{$key}[11],$confignatfw{$key}[12],$confignatfw{$key}[13],$confignatfw{$key}[14],$confignatfw{$key}[15],$confignatfw{$key}[17],$confignatfw{$key}[19],$confignatfw{$key}[20],$confignatfw{$key}[21],$confignatfw{$key}[22],$confignatfw{$key}[23],$confignatfw{$key}[24],$confignatfw{$key}[25],$confignatfw{$key}[26],$confignatfw{$key}[27],$confignatfw{$key}[28],$confignatfw{$key}[29],$confignatfw{$key}[30],$confignatfw{$key}[31],$confignatfw{$key}[32]<br>";
if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'snatport'},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
eq "$confignatfw{$key}[0],$confignatfw{$key}[2],$confignatfw{$key}[3],$confignatfw{$key}[4],$confignatfw{$key}[5],$confignatfw{$key}[6],$confignatfw{$key}[7],$confignatfw{$key}[8],$confignatfw{$key}[9],$confignatfw{$key}[10],$confignatfw{$key}[11],$confignatfw{$key}[12],$confignatfw{$key}[13],$confignatfw{$key}[14],$confignatfw{$key}[15],$confignatfw{$key}[17],$confignatfw{$key}[19],$confignatfw{$key}[20],$confignatfw{$key}[21],$confignatfw{$key}[22],$confignatfw{$key}[23],$confignatfw{$key}[24],$confignatfw{$key}[25],$confignatfw{$key}[26],$confignatfw{$key}[27],$confignatfw{$key}[28],$confignatfw{$key}[29],$confignatfw{$key}[30],$confignatfw{$key}[31],$confignatfw{$key}[32]"){
$errormessage.=$Lang::tr{'fwdfw err ruleexists'};
if($fwdfwsettings{'nosave2'} ne 'on'){
&saverule(\%configinputfw,$configinput);
}
- #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
- #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}<br>";
- #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
- #print "Dienst: $fwdfwsettings{'USESRV'}, $fwdfwsettings{'grp3'} -> $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
- #print "BEMERKUNG: $fwdfwsettings{'ruleremark'}<br>";
- #print " Regel AKTIV: $fwdfwsettings{'ACTIVE'}<br>";
- #print " Regel LOG: $fwdfwsettings{'LOG'}<br>";
- #print " ZEITRAHMEN: $fwdfwsettings{'TIME'}<br>";
- #print " MO: $fwdfwsettings{'TIME_MON'}<br>";
- #print " DI: $fwdfwsettings{'TIME_TUE'}<br>";
- #print " MI: $fwdfwsettings{'TIME_WED'}<br>";
- #print " DO: $fwdfwsettings{'TIME_THU'}<br>";
- #print " FR: $fwdfwsettings{'TIME_FRI'}<br>";
- #print " SA: $fwdfwsettings{'TIME_SAT'}<br>";
- #print " SO: $fwdfwsettings{'TIME_SUN'}<br>";
- #print " VON: $fwdfwsettings{'TIME_FROM'} bis $fwdfwsettings{'TIME_TO'}<br>";
- #print "<br>";
- #print"ALT: $fwdfwsettings{'oldgrp1a'} $fwdfwsettings{'oldgrp1b'} NEU: $fwdfwsettings{'grp1'} $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
- #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
- #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
- #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
}elsif($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' ){
# OUTGOING PART
$fwdfwsettings{'config'}=$configoutgoing;
if ($fwdfwsettings{'nosave2'} ne 'on'){
&saverule(\%configfwdfw,$configfwdfw);
}
- #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
- #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}<br>";
- #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
- #print "Dienst: $fwdfwsettings{'USESRV'}, $fwdfwsettings{'grp3'} -> $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
- #print "BEMERKUNG: $fwdfwsettings{'ruleremark'}<br>";
- #print " Regel AKTIV: $fwdfwsettings{'ACTIVE'}<br>";
- #print " Regel LOG: $fwdfwsettings{'LOG'}<br>";
- #print " ZEITRAHMEN: $fwdfwsettings{'TIME'}<br>";
- #print " MO: $fwdfwsettings{'TIME_MON'}<br>";
- #print " DI: $fwdfwsettings{'TIME_TUE'}<br>";
- #print " MI: $fwdfwsettings{'TIME_WED'}<br>";
- #print " DO: $fwdfwsettings{'TIME_THU'}<br>";
- #print " FR: $fwdfwsettings{'TIME_FRI'}<br>";
- #print " SA: $fwdfwsettings{'TIME_SAT'}<br>";
- #print " SO: $fwdfwsettings{'TIME_SUN'}<br>";
- #print " VON: $fwdfwsettings{'TIME_FROM'} bis $fwdfwsettings{'TIME_TO'}<br>";
- #print "<br>";
- #print"ALT: $fwdfwsettings{'oldgrp1a'} $fwdfwsettings{'oldgrp1b'} NEU: $fwdfwsettings{'grp1'} $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
- #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
- #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
- #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
}
if ($errormessage){
&newrule;
&checkcounter($configfwdfw{$key}[5],$configfwdfw{$key}[6],,);
&checkcounter($configfwdfw{$key}[14],$configfwdfw{$key}[15],,);
}
- #&General::readhasharray("$configinput", \%configinputfw);
- #foreach my $key (sort keys %configinputfw){
- # &checkcounter($configinputfw{$key}[3],$configinputfw{$key}[4],,);
- # &checkcounter($configinputfw{$key}[5],$configinputfw{$key}[6],,);
- # &checkcounter($configinputfw{$key}[14],$configinputfw{$key}[15],,);
- #}
-
system("rm ${General::swroot}/forward/config");
- #system("rm ${General::swroot}/forward/input");
&General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); }
- #unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); }
my $MODE1=$fwdfwsettings{'POLICY1'};
%fwdfwsettings = ();
$fwdfwsettings{'POLICY'}='MODE2';
if ($fwdfwsettings{'ACTION'} eq 'copyrule')
{
$fwdfwsettings{'copyfwrule'}='on';
- #$fwdfwsettings{'updatefwrule'}='on';
&newrule;
}
if ($fwdfwsettings{'ACTION'} eq '')
if (-f "${General::swroot}/forward/reread"){
print "<table border='0'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: red; font-weight: bold; font-size: 14pt;'>    $Lang::tr{'fwhost reread'}</div</td></tr></table></form><hr><br>";
}
- &Header::openbox('100%', 'left', "");
+ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw menu'});
print "<form method='post'>";
print "<table border='0'>";
print "<tr><td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw newrule'}'></td>";
$errormessage=$Lang::tr{'fwhost err hostip'}."<br>";
return $errormessage;
}
- #check if the ip is part of an existing openvpn client/net or ipsec network
- #if this is the case, generate errormessage to make the user use the dropdowns instead of using manual ip's
- if (! &checkvpn($ip)){
- $errormessage=$Lang::tr{'fwdfw err srcovpn'};
- return $errormessage;
- }else{
- $fwdfwsettings{'src_addr'}="$ip/$subnet";
- }
+ $fwdfwsettings{'src_addr'}="$ip/$subnet";
if(!&General::validipandmask($fwdfwsettings{'src_addr'})){
$errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
return $errormessage;
#check and form valid IP
$ip=&General::ip2dec($ip);
$ip=&General::dec2ip($ip);
- #check if the ip is part of an existing openvpn client/net or ipsec network
- #if this is the case, generate errormessage to make the user use the dropdowns instead of using manual ip's
- if (! &checkvpn($ip)){
- $errormessage=$Lang::tr{'fwdfw err tgtovpn'};
- return $errormessage;
- }else{
- $fwdfwsettings{'tgt_addr'}="$ip/$subnet";
- }
+ $fwdfwsettings{'tgt_addr'}="$ip/$subnet";
if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
$errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
return $errormessage;
}elsif ($val eq 'BLUE'){
$tdcolor="style='border: 1px solid $Header::colourblue;'";
return;
- }elsif ($val eq 'RED'){
+ }elsif ($val eq 'RED' ||$val eq 'RED1' ){
$tdcolor="style='border: 1px solid $Header::colourred;'";
return;
}elsif ($val eq 'IPFire' ){
$tdcolor="style='border: 1px solid $Header::colourovpn;'";
return;
}
+ #Check if IP is part of OpenVPN static subnet
+ foreach my $key (sort keys %ccdnet){
+ my ($a,$b) = split("/",$ccdnet{$key}[1]);
+ $b =&General::iporsubtodec($b);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='border: 1px solid $Header::colourovpn;'";
+ return;
+ }
+ }
+ #Check if IP is part of OpenVPN N2N subnet
+ foreach my $key (sort keys %ccdhost){
+ if ($ccdhost{$key}[3] eq 'net'){
+ my ($a,$b) = split("/",$ccdhost{$key}[11]);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='border: 1px solid $Header::colourovpn;'";
+ return;
+ }
+ }
+ }
#Check if IP is part of IPsec RW network
if ($ipsecsettings{'RW_NET'} ne ''){
my ($a,$b) = split("/",$ipsecsettings{'RW_NET'});
<table width='100%' border='0'>
<tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr' checked></td><td width='57%' nowrap='nowrap'>$Lang::tr{'fwdfw targetip'}<input type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16' maxlength='17'><td width='1%'><input type='radio' name='grp2' value='ipfire' $checked{'grp2'}{'ipfire'}></td><td><b>IPFire</b></td>
END
- if (! -z "${General::swroot}/ethernet/aliases"){
- print"<td align='right'><select name='ipfire' style='width:200px;'>";
- print "<option value='Default IP' $selected{'ipfire'}{'Default IP'}>Default IP</option>";
+ print"<td align='right'><select name='ipfire' style='width:200px;'>";
+ print "<option value='ALL' $selected{'ipfire'}{'ALL'}>$Lang::tr{'all'}</option>";
+ print "<option value='GREEN' $selected{'ipfire'}{'GREEN'}>$Lang::tr{'green'} ($ifaces{'GREEN_ADDRESS'})</option>" if $ifaces{'GREEN_ADDRESS'};
+ print "<option value='ORANGE' $selected{'ipfire'}{'ORANGE'}>$Lang::tr{'orange'} ($ifaces{'ORANGE_ADDRESS'})</option>" if $ifaces{'ORANGE_ADDRESS'};
+ print "<option value='BLUE' $selected{'ipfire'}{'BLUE'}>$Lang::tr{'blue'} ($ifaces{'BLUE_ADDRESS'})</option>" if $ifaces{'BLUE_ADDRESS'};
+ print "<option value='RED1' $selected{'ipfire'}{'RED1'}>$Lang::tr{'red1'} (Default IP)</option>" if $ifaces{'RED_ADDRESS'};
+ if (! -z "${General::swroot}/ethernet/aliases"){
foreach my $alias (sort keys %aliases)
{
print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
}
-
- }else{
- print"<td style='width:200px;'><input type='hidden' name ='ipfire' value='Default IP'>";
}
print<<END;
</td></tr>
#print"6";
}
#check if we change a DMZ to a FORWARD/DMZ
- elsif($fwdfwsettings{'oldruletype'} eq 'DMZ' && $fwdfwsettings{'chain'} eq 'FORWARDFW' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE'){
+ elsif($fwdfwsettings{'oldruletype'} eq 'DMZ' && $fwdfwsettings{'chain'} eq 'FORWARDFW' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE' && $checkorange ne 'on'){
&changerule($configdmz);
#print"7";
}
#print"14";
}
#check if we change a FORWARD rule to an DMZ
- elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && $fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on'){
+ elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on')){
&changerule($configfwdfw);
#print"15";
}
&General::get_aliases(\%aliases);
&General::readhasharray("$confighost", \%customhost);
&General::readhasharray("$config", $hash);
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ &General::readhasharray("$configccdhost", \%ccdhost);
if( ! -z $config){
&Header::openbox('100%', 'left',$title);
my $count=0;
}
print"<br> DNAT->";
}
- if ($$hash{$key}[5] eq 'std_net_tgt'){
- print &get_name($$hash{$key}[6]);
+ if ($$hash{$key}[5] eq 'std_net_tgt' || $$hash{$key}[5] eq 'ipfire' && $$hash{$key}[6] eq 'RED' || $$hash{$key}[6] eq 'RED1' || $$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq 'ORANGE' || $$hash{$key}[6] eq 'BLUE' ){
+ if ($$hash{$key}[6] eq 'RED1')
+ {
+ print $Lang::tr{'red1'};
+ }else{
+ print &get_name($$hash{$key}[6]);
+ }
}else{
print $$hash{$key}[6];
}