###############################################################################
use strict;
+use Sort::Naturally;
no warnings 'uninitialized';
# enable only the following on debugging purpose
#use warnings;
my %optionsfw=();
my %ifaces=();
-my $VERSION='0.9.8.7';
+my $VERSION='0.9.9.8';
my $color;
my $confignet = "${General::swroot}/fwhosts/customnetworks";
my $confighost = "${General::swroot}/fwhosts/customhosts";
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
&General::readhash($fwoptions, \%optionsfw);
&General::readhash($ifacesettings, \%ifaces);
-
+&General::readhash("$configovpn", \%ovpnsettings);
+&General::readhash("$configipsecrw", \%ipsecsettings);
+&General::readhasharray("$configipsec", \%ipsecconf);
&Header::showhttpheaders();
&Header::getcgihash(\%fwdfwsettings);
&Header::openpage($Lang::tr{'fwdfw menu'}, 1, '');
$errormessage=&checksource;
if(!$errormessage){&checktarget;}
if(!$errormessage){&checkrule;}
+
#check if manual ip (source) is orange network
if ($fwdfwsettings{'grp1'} eq 'src_addr'){
my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
#check if we have an identical rule already
if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
foreach my $key (sort keys %confignatfw){
- if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'snatport'},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
- eq "$confignatfw{$key}[0],$confignatfw{$key}[2],$confignatfw{$key}[3],$confignatfw{$key}[4],$confignatfw{$key}[5],$confignatfw{$key}[6],$confignatfw{$key}[7],$confignatfw{$key}[8],$confignatfw{$key}[9],$confignatfw{$key}[10],$confignatfw{$key}[11],$confignatfw{$key}[12],$confignatfw{$key}[13],$confignatfw{$key}[14],$confignatfw{$key}[15],$confignatfw{$key}[17],$confignatfw{$key}[19],$confignatfw{$key}[20],$confignatfw{$key}[21],$confignatfw{$key}[22],$confignatfw{$key}[23],$confignatfw{$key}[24],$confignatfw{$key}[25],$confignatfw{$key}[26],$confignatfw{$key}[27],$confignatfw{$key}[28],$confignatfw{$key}[29],$confignatfw{$key}[30],$confignatfw{$key}[31],$confignatfw{$key}[32]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' ){
- $errormessage='';
- }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
- $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
- }
- if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
- $fwdfwsettings{'nosave'} = 'on';
- }
+ if ("$confignatfw{$key}[0],$confignatfw{$key}[1],$confignatfw{$key}[2],$confignatfw{$key}[3],$confignatfw{$key}[4],$confignatfw{$key}[5],$confignatfw{$key}[6],$confignatfw{$key}[11],$confignatfw{$key}[12],$confignatfw{$key}[14],$confignatfw{$key}[15],$confignatfw{$key}[28],$confignatfw{$key}[29],$confignatfw{$key}[30],$confignatfw{$key}[31]"
+ eq "$fwdfwsettings{'RULE_ACTION'},NAT_DESTINATION,$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' ){
+ $errormessage='';
+ }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
+ $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
+ }
+ if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
+ $fwdfwsettings{'nosave'} = 'on';
+ }
}
}
}
+
#check Rulepos on new Rule
if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
$fwdfwsettings{'oldrulenumber'}=$maxkey;
foreach my $key (sort keys %confignatfw){
- print"$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'snatport'},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}<br>";
- print"$confignatfw{$key}[0],$confignatfw{$key}[2],$confignatfw{$key}[3],$confignatfw{$key}[4],$confignatfw{$key}[5],$confignatfw{$key}[6],$confignatfw{$key}[7],$confignatfw{$key}[8],$confignatfw{$key}[9],$confignatfw{$key}[10],$confignatfw{$key}[11],$confignatfw{$key}[12],$confignatfw{$key}[13],$confignatfw{$key}[14],$confignatfw{$key}[15],$confignatfw{$key}[17],$confignatfw{$key}[19],$confignatfw{$key}[20],$confignatfw{$key}[21],$confignatfw{$key}[22],$confignatfw{$key}[23],$confignatfw{$key}[24],$confignatfw{$key}[25],$confignatfw{$key}[26],$confignatfw{$key}[27],$confignatfw{$key}[28],$confignatfw{$key}[29],$confignatfw{$key}[30],$confignatfw{$key}[31],$confignatfw{$key}[32]<br>";
if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'snatport'},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
eq "$confignatfw{$key}[0],$confignatfw{$key}[2],$confignatfw{$key}[3],$confignatfw{$key}[4],$confignatfw{$key}[5],$confignatfw{$key}[6],$confignatfw{$key}[7],$confignatfw{$key}[8],$confignatfw{$key}[9],$confignatfw{$key}[10],$confignatfw{$key}[11],$confignatfw{$key}[12],$confignatfw{$key}[13],$confignatfw{$key}[14],$confignatfw{$key}[15],$confignatfw{$key}[17],$confignatfw{$key}[19],$confignatfw{$key}[20],$confignatfw{$key}[21],$confignatfw{$key}[22],$confignatfw{$key}[23],$confignatfw{$key}[24],$confignatfw{$key}[25],$confignatfw{$key}[26],$confignatfw{$key}[27],$confignatfw{$key}[28],$confignatfw{$key}[29],$confignatfw{$key}[30],$confignatfw{$key}[31],$confignatfw{$key}[32]"){
$errormessage.=$Lang::tr{'fwdfw err ruleexists'};
if($fwdfwsettings{'nosave2'} ne 'on'){
&saverule(\%configinputfw,$configinput);
}
- #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
- #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}<br>";
- #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
- #print "Dienst: $fwdfwsettings{'USESRV'}, $fwdfwsettings{'grp3'} -> $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
- #print "BEMERKUNG: $fwdfwsettings{'ruleremark'}<br>";
- #print " Regel AKTIV: $fwdfwsettings{'ACTIVE'}<br>";
- #print " Regel LOG: $fwdfwsettings{'LOG'}<br>";
- #print " ZEITRAHMEN: $fwdfwsettings{'TIME'}<br>";
- #print " MO: $fwdfwsettings{'TIME_MON'}<br>";
- #print " DI: $fwdfwsettings{'TIME_TUE'}<br>";
- #print " MI: $fwdfwsettings{'TIME_WED'}<br>";
- #print " DO: $fwdfwsettings{'TIME_THU'}<br>";
- #print " FR: $fwdfwsettings{'TIME_FRI'}<br>";
- #print " SA: $fwdfwsettings{'TIME_SAT'}<br>";
- #print " SO: $fwdfwsettings{'TIME_SUN'}<br>";
- #print " VON: $fwdfwsettings{'TIME_FROM'} bis $fwdfwsettings{'TIME_TO'}<br>";
- #print "<br>";
- #print"ALT: $fwdfwsettings{'oldgrp1a'} $fwdfwsettings{'oldgrp1b'} NEU: $fwdfwsettings{'grp1'} $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
- #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
- #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
- #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
}elsif($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' ){
# OUTGOING PART
$fwdfwsettings{'config'}=$configoutgoing;
if ($fwdfwsettings{'nosave2'} ne 'on'){
&saverule(\%configfwdfw,$configfwdfw);
}
- #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
- #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}<br>";
- #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
- #print "Dienst: $fwdfwsettings{'USESRV'}, $fwdfwsettings{'grp3'} -> $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
- #print "BEMERKUNG: $fwdfwsettings{'ruleremark'}<br>";
- #print " Regel AKTIV: $fwdfwsettings{'ACTIVE'}<br>";
- #print " Regel LOG: $fwdfwsettings{'LOG'}<br>";
- #print " ZEITRAHMEN: $fwdfwsettings{'TIME'}<br>";
- #print " MO: $fwdfwsettings{'TIME_MON'}<br>";
- #print " DI: $fwdfwsettings{'TIME_TUE'}<br>";
- #print " MI: $fwdfwsettings{'TIME_WED'}<br>";
- #print " DO: $fwdfwsettings{'TIME_THU'}<br>";
- #print " FR: $fwdfwsettings{'TIME_FRI'}<br>";
- #print " SA: $fwdfwsettings{'TIME_SAT'}<br>";
- #print " SO: $fwdfwsettings{'TIME_SUN'}<br>";
- #print " VON: $fwdfwsettings{'TIME_FROM'} bis $fwdfwsettings{'TIME_TO'}<br>";
- #print "<br>";
- #print"ALT: $fwdfwsettings{'oldgrp1a'} $fwdfwsettings{'oldgrp1b'} NEU: $fwdfwsettings{'grp1'} $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
- #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
- #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
- #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
}
if ($errormessage){
&newrule;
&checkcounter($configfwdfw{$key}[5],$configfwdfw{$key}[6],,);
&checkcounter($configfwdfw{$key}[14],$configfwdfw{$key}[15],,);
}
- #&General::readhasharray("$configinput", \%configinputfw);
- #foreach my $key (sort keys %configinputfw){
- # &checkcounter($configinputfw{$key}[3],$configinputfw{$key}[4],,);
- # &checkcounter($configinputfw{$key}[5],$configinputfw{$key}[6],,);
- # &checkcounter($configinputfw{$key}[14],$configinputfw{$key}[15],,);
- #}
-
system("rm ${General::swroot}/forward/config");
- #system("rm ${General::swroot}/forward/input");
&General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); }
- #unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); }
my $MODE1=$fwdfwsettings{'POLICY1'};
%fwdfwsettings = ();
$fwdfwsettings{'POLICY'}='MODE2';
if ($fwdfwsettings{'ACTION'} eq 'copyrule')
{
$fwdfwsettings{'copyfwrule'}='on';
- #$fwdfwsettings{'updatefwrule'}='on';
&newrule;
}
if ($fwdfwsettings{'ACTION'} eq '')
{
&error;
if (-f "${General::swroot}/forward/reread"){
- print "<table border='0'><form method='post'><td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: red; font-weight: bold;'>$Lang::tr{'fwhost reread'}</td></tr></table></form><hr><br>";
+ print "<table border='0'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: red; font-weight: bold; font-size: 14pt;'>    $Lang::tr{'fwhost reread'}</div</td></tr></table></form><hr><br>";
}
- &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
+ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw menu'});
print "<form method='post'>";
print "<table border='0'>";
print "<tr><td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw newrule'}'></td>";
sub checksource
{
my ($ip,$subnet);
-
#check ip-address if manual
if ($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} ne ''){
#check if ip with subnet
if (&General::validmac($fwdfwsettings{'src_addr'})){$fwdfwsettings{'ismac'}='on';}
}
if ($fwdfwsettings{'isip'} eq 'on'){
+ ##check if ip is valid
+ if (! &General::validip($ip)){
+ $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
+ return $errormessage;
+ }
#check and form valid IP
$ip=&General::ip2dec($ip);
$ip=&General::dec2ip($ip);
if (($tmp[3] eq "0") || ($tmp[3] eq "255"))
{
$errormessage=$Lang::tr{'fwhost err hostip'}."<br>";
+ return $errormessage;
}
$fwdfwsettings{'src_addr'}="$ip/$subnet";
-
if(!&General::validipandmask($fwdfwsettings{'src_addr'})){
$errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
+ return $errormessage;
}
}
if ($fwdfwsettings{'isip'} ne 'on' && $fwdfwsettings{'ismac'} ne 'on'){
$errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
+ return $errormessage;
}
}elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){
$errormessage.=$Lang::tr{'fwdfw err nosrcip'};
my @values=();
foreach (@parts){
chomp($_);
- if ($_ =~ /^(\d+)\:(\d+)$/) {
+ if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
my $check;
#change dashes with :
$_=~ tr/-/:/;
push(@values,"1:65535");
$check='on';
}
- if ($_ =~ /^(\D)\:(\d+)$/) {
+ if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
push(@values,"1:$2");
$check='on';
}
- if ($_ =~ /^(\d+)\:(\D)$/) {
+ if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/ ) {
push(@values,"$1:65535");
$check='on'
}
}
}
$fwdfwsettings{'SRC_PORT'}=join("|",@values);
- return $errormessage;
}
+ return $errormessage;
}
sub checktarget
{
my ($ip,$subnet);
&General::readhasharray("$configsrv", \%customservice);
- #check DNAT settings (has to be single Host and single Port)
+ #check DNAT settings (has to be single Host and single Port or portrange)
if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){
if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){
- if ($fwdfwsettings{'USESRV'} eq ''){
+ if ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'dnatport'} eq ''){
$errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
+ return $errormessage;
}
#check if manual ip is a single Host (if set)
if ($fwdfwsettings{'grp2'} eq 'tgt_addr'){
if (($tmp1[0] eq "0") || ($tmp1[0] eq "255"))
{
$errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
+ return $errormessage;
}
}
- #check if Port is a single Port
+ #check if Port is a single Port or portrange
if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
if(($fwdfwsettings{'TGT_PROT'} ne 'TCP'|| $fwdfwsettings{'TGT_PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){
$errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
+ return $errormessage;
}
if (($fwdfwsettings{'TGT_PROT'} eq 'TCP'|| $fwdfwsettings{'TGT_PROT'} eq 'UDP') && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PORT'})){
$errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
+ return $errormessage;
}
}
}else{
$errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
+ return $errormessage;
}
}
if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){
$ip=$fwdfwsettings{'tgt_addr'};
$subnet='32';
}
+ #check if ip is valid
+ if (! &General::validip($ip)){
+ $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
+ return $errormessage;
+ }
#check and form valid IP
$ip=&General::ip2dec($ip);
$ip=&General::dec2ip($ip);
-
$fwdfwsettings{'tgt_addr'}="$ip/$subnet";
if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
$errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
+ return $errormessage;
}
}elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){
$errormessage.=$Lang::tr{'fwdfw err notgtip'};
if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){
if ($fwdfwsettings{'TGT_PROT'} eq 'TCP' || $fwdfwsettings{'TGT_PROT'} eq 'UDP'){
if ($fwdfwsettings{'TGT_PORT'} ne ''){
+ if ($fwdfwsettings{'TGT_PORT'} =~ "," && $fwdfwsettings{'USE_NAT'} && $fwdfwsettings{'nat'} eq 'dnat') {
+ $errormessage=$Lang::tr{'fwdfw dnat porterr'}."<br>";
+ return $errormessage;
+ }
my @parts=split(",",$fwdfwsettings{'TGT_PORT'});
my @values=();
foreach (@parts){
chomp($_);
- if ($_ =~ /^(\d+)\:(\d+)$/) {
+ if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
my $check;
#change dashes with :
$_=~ tr/-/:/;
push(@values,"1:65535");
$check='on';
}
- if ($_ =~ /^(\D)\:(\d+)$/) {
+ if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
push(@values,"1:$2");
$check='on';
}
- if ($_ =~ /^(\d+)\:(\D)$/) {
+ if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/) {
push(@values,"$1:65535");
$check='on'
}
}
}
}
-
#check targetport
if ($fwdfwsettings{'USESRV'} ne 'ON'){
$fwdfwsettings{'grp3'}='';
$fwdfwsettings{$fwdfwsettings{'grp3'}}='';
- $fwdfwsettings{'TGT_PROT'}='';
$fwdfwsettings{'ICMP_TGT'}='';
}
#check timeframe
if($fwdfwsettings{'TIME'} eq 'ON'){
if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && $fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && $fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && $fwdfwsettings{'TIME_SUN'} eq ''){
$errormessage=$Lang::tr{'fwdfw err time'};
+ return $errormessage;
}
}
return $errormessage;
sub check_natport
{
my $val=shift;
- if ($val =~ "," || $val =~ ":" || $val>65536 || $val<0){
+ if($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} ne ''){
+ if ($fwdfwsettings{'dnatport'} =~ /^(\d+)\-(\d+)$/) {
+ $fwdfwsettings{'dnatport'} =~ tr/-/:/;
+ if ($fwdfwsettings{'dnatport'} eq "*") {
+ $fwdfwsettings{'dnatport'}="1:65535";
+ }
+ if ($fwdfwsettings{'dnatport'} =~ /^(\D)\:(\d+)$/) {
+ $fwdfwsettings{'dnatport'} = "1:$2";
+ }
+ if ($fwdfwsettings{'dnatport'} =~ /^(\d+)\:(\D)$/) {
+ $fwdfwsettings{'dnatport'} ="$1:65535";
+ }
+ }
+ return 1;
+ }
+ if ($val =~ "," || $val>65536 || $val<0){
return 0;
}
return 1;
{
#check valid port for NAT
if($fwdfwsettings{'USE_NAT'} eq 'ON'){
+ #if no port is given in nat area, take target host port
if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$fwdfwsettings{'TGT_PORT'};}
- if($fwdfwsettings{'nat'} eq 'dnat' && !&check_natport($fwdfwsettings{'dnatport'})){
+ #check if port given in nat area is a single valid port or portrange
+ if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'dnatport'})){
$errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
- }
- elsif($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'grp3'} eq 'cust_srv'){
+ }elsif($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'grp3'} eq 'cust_srv'){
my $custsrvport;
#get servcie Protocol and Port
foreach my $key (sort keys %customservice){
}
if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$custsrvport;}
}
+ #check if DNAT port is multiple
+ if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} ne ''){
+ my @parts=split(",",$fwdfwsettings{'dnatport'});
+ my @values=();
+ foreach (@parts){
+ chomp($_);
+ if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
+ my $check;
+ #change dashes with :
+ $_=~ tr/-/:/;
+ if ($_ eq "*") {
+ push(@values,"1:65535");
+ $check='on';
+ }
+ if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
+ push(@values,"1:$2");
+ $check='on';
+ }
+ if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/) {
+ push(@values,"$1:65535");
+ $check='on'
+ }
+ $errormessage .= &General::validportrange($_, 'destination');
+ if(!$check){
+ push (@values,$_);
+ }
+ }else{
+ if (&General::validport($_)){
+ push (@values,$_);
+ }else{
+
+ }
+ }
+ }
+ $fwdfwsettings{'dnatport'}=join("|",@values);
+ }
}
#check valid remark
if ($fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
}elsif($base2 eq 'cust_srvgrp'){
&inc_counter($configsrvgrp,\%customservicegrp,$val2);
}
+}
+sub checkvpn
+{
+ my $ip=shift;
+ #Test if manual IP is part of static OpenVPN networks
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ foreach my $key (sort keys %ccdnet){
+ my ($vpnip,$vpnsubnet) = split ("/",$ccdnet{$key}[1]);
+ my $sub=&General::iporsubtodec($vpnsubnet);
+ if (&General::IpInSubnet($ip,$vpnip,$sub)){
+ return 0;
+ }
+ }
+ # A Test if manual ip is part of dynamic openvpn subnet is made in getcolor
+ # because if one creates a custom host with the ip, we need to check the color there!
+ # It does not make sense to check this here
+
+ # Test if manual IP is part of an OpenVPN N2N subnet does also not make sense here
+ # Is also checked in getcolor
+
+ # Test if manual ip is part of an IPsec Network is also checked in getcolor
+ return 1;
+}
+sub checkvpncolor
+{
+
}
sub deleterule
{
my %hash=%{(shift)};
my $val=shift;
my $pos;
- #$errormessage.="ALT:config: $config , verringert wird $val <br>";
&General::readhasharray($config, \%hash);
foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
if($hash{$key}[0] eq $val){
my %hash=%{(shift)};
my $val=shift;
my $key;
- foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
+ foreach my $key (sort { ncmp($hash{$a}[0],$hash{$b}[0]) } keys %hash){
if($hash{$key}[0] eq $val){
print"<option value='$hash{$key}[0]' selected>$hash{$key}[0]</option>";
}else{
#custom groups
if (! -z $configgrp || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
print"<tr><td valign='top'><input type='radio' name='$grp' value='cust_grp_$srctgt' $checked{$grp}{'cust_grp_'.$srctgt}></td><td >$Lang::tr{'fwhost cust grp'}</td><td align='right'><select name='cust_grp_$srctgt' style='width:200px;'>";
- foreach my $key (sort { uc($customgrp{$a}[0]) cmp uc($customgrp{$b}[0]) } keys %customgrp) {
+ foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } keys %customgrp) {
if($helper ne $customgrp{$key}[0]){
print"<option ";
print "selected='selected' " if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $customgrp{$key}[0]);
print"</select></td></tr>";
}
#OVPN CCD Hosts
- foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost){
+ foreach my $key (sort { ncmp($ccdhost{$a}[0],$ccdhost{$b}[0]) } keys %ccdhost){
if ($ccdhost{$key}[33] ne '' ){
print"<tr><td width='1%'><input type='radio' name='$grp' value='ovpn_host_$srctgt' $checked{$grp}{'ovpn_host_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_host_$srctgt' style='width:200px;'>" if ($show eq '');
$show='1';
}
if ($show eq '1'){$show='';print"</select></td></tr>";}
#OVPN N2N
- foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost){
+ foreach my $key (sort { ncmp($ccdhost{$a}[1],$ccdhost{$b}[1]) } keys %ccdhost){
if ($ccdhost{$key}[3] eq 'net'){
print"<tr><td width='1%'><input type='radio' name='$grp' value='ovpn_n2n_$srctgt' $checked{$grp}{'ovpn_n2n_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ovpn_n2n'}:</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_n2n_$srctgt' style='width:200px;'>" if ($show eq '');
$show='1';
}
if ($show eq '1'){$show='';print"</select></td></tr>";}
#IPsec netze
- foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
+ foreach my $key (sort { ncmp($ipsecconf{$a}[1],$ipsecconf{$b}[1]) } keys %ipsecconf) {
if ($ipsecconf{$key}[3] eq 'net' || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
print"<tr><td valign='top'><input type='radio' name='$grp' value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' style='width:200px;'>" if ($show eq '');
$show='1';
my $icmp;
@protocols=();
if($type eq 'service'){
- foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){
+ foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
if ($customservice{$key}[0] eq $name){
push (@protocols,$customservice{$key}[2]);
}
}
}elsif($type eq 'group'){
- foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) } keys %customservicegrp){
+ foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){
if ($customservicegrp{$key}[0] eq $name){
- foreach my $key1 (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){
+ foreach my $key1 (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
if($customservice{$key1}[2] eq 'TCP'){
$tcp='TCP';
my $val=shift;
my $hash=shift;
if($optionsfw{'SHOWCOLORS'} eq 'on'){
+ #standard networks
+ if ($val eq 'GREEN'){
+ $tdcolor="style='border: 1px solid $Header::colourgreen;'";
+ return;
+ }elsif ($val eq 'ORANGE'){
+ $tdcolor="style='border: 1px solid $Header::colourorange;'";
+ return;
+ }elsif ($val eq 'BLUE'){
+ $tdcolor="style='border: 1px solid $Header::colourblue;'";
+ return;
+ }elsif ($val eq 'RED' ||$val eq 'RED1' ){
+ $tdcolor="style='border: 1px solid $Header::colourred;'";
+ return;
+ }elsif ($val eq 'IPFire' ){
+ $tdcolor="style='border: 1px solid $Header::colourred;'";
+ return;
+ }elsif($val =~ /^(.*?)\/(.*?)$/){
+ my ($sip,$scidr) = split ("/",$val);
+ if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
+ $tdcolor="style='border: 1px solid $Header::colourorange;'";
+ return;
+ }
+ if ( &General::IpInSubnet($sip,$netsettings{'GREEN_ADDRESS'},$netsettings{'GREEN_NETMASK'})){
+ $tdcolor="style='border: 1px solid $Header::colourgreen;'";
+ return;
+ }
+ if ( &General::IpInSubnet($sip,$netsettings{'BLUE_ADDRESS'},$netsettings{'BLUE_NETMASK'})){
+ $tdcolor="style='border: 1px solid $Header::colourblue;'";
+ return;
+ }
+ }elsif ($val eq 'Default IP'){
+ $tdcolor="style='border: 1px solid $Header::colourred;'";
+ return;
+ }
+ #Check if a manual IP is part of a VPN
+ if ($nettype eq 'src_addr' || $nettype eq 'tgt_addr'){
+ #Check if IP is part of OpenVPN dynamic subnet
+ my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'});
+ my ($c,$d) = split("/",$val);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='border: 1px solid $Header::colourovpn;'";
+ return;
+ }
+ #Check if IP is part of OpenVPN static subnet
+ foreach my $key (sort keys %ccdnet){
+ my ($a,$b) = split("/",$ccdnet{$key}[1]);
+ $b =&General::iporsubtodec($b);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='border: 1px solid $Header::colourovpn;'";
+ return;
+ }
+ }
+ #Check if IP is part of OpenVPN N2N subnet
+ foreach my $key (sort keys %ccdhost){
+ if ($ccdhost{$key}[3] eq 'net'){
+ my ($a,$b) = split("/",$ccdhost{$key}[11]);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='border: 1px solid $Header::colourovpn;'";
+ return;
+ }
+ }
+ }
+ #Check if IP is part of IPsec RW network
+ if ($ipsecsettings{'RW_NET'} ne ''){
+ my ($a,$b) = split("/",$ipsecsettings{'RW_NET'});
+ $b=&General::iporsubtodec($b);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='border: 1px solid $Header::colourvpn;'";
+ return;
+ }
+ }
+ #Check if IP is part of a IPsec N2N network
+ foreach my $key (sort keys %ipsecconf){
+ my ($a,$b) = split("/",$ipsecconf{$key}[11]);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='border: 1px solid $Header::colourvpn;'";
+ return;
+ }
+ }
+ }
#VPN networks
if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq 'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || $nettype eq 'ovpn_host_tgt'){
$tdcolor="style='border: 1px solid $Header::colourovpn;'";
return;
}
}
- #standard networks
- if ($val eq 'GREEN'){
- $tdcolor="style='border: 1px solid $Header::colourgreen;'";
- }elsif ($val eq 'ORANGE'){
- $tdcolor="style='border: 1px solid $Header::colourorange;'";
- }elsif ($val eq 'BLUE'){
- $tdcolor="style='border: 1px solid $Header::colourblue;'";
- }elsif ($val eq 'RED'){
- $tdcolor="style='border: 1px solid $Header::colourred;'";
- }elsif ($val eq 'IPFire' ){
- $tdcolor="style='border: 1px solid $Header::colourred;'";
- }elsif($val =~ /^(.*?)\/(.*?)$/){
- my ($sip,$scidr) = split ("/",$val);
- if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
- $tdcolor="style='border: 1px solid $Header::colourorange;'";
- }
- if ( &General::IpInSubnet($sip,$netsettings{'GREEN_ADDRESS'},$netsettings{'GREEN_NETMASK'})){
- $tdcolor="style='border: 1px solid $Header::colourgreen;'";
- }
- if ( &General::IpInSubnet($sip,$netsettings{'BLUE_ADDRESS'},$netsettings{'BLUE_NETMASK'})){
- $tdcolor="style='border: 1px solid $Header::colourblue;'";
- }
- }elsif ($val eq 'Default IP'){
- $tdcolor="style='border: 1px solid $Header::colourred;'";
- }else{
- $tdcolor='';
- }
}
+ $tdcolor='';
+ return;
}
sub hint
{
}
}
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
- if ($fwdfwsettings{'TIME'} eq 'ON'){
- $fwdfwsettings{'TIME_FROM'} = &timeconvert($fwdfwsettings{'TIME_FROM'},'');
- $fwdfwsettings{'TIME_TO'} = &timeconvert($fwdfwsettings{'TIME_TO'},'');
- }
-print "<form method='post'>";
+ print "<form method='post'>";
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'});
#------SOURCE-------------------------------------------------------
END
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
print"<option>All ICMP-Types</option>";
- foreach my $key (sort { uc($icmptypes{$a}[0]) cmp uc($icmptypes{$b}[0]) } keys %icmptypes){
+ foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) } keys %icmptypes){
if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){
print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
}else{
<table width='100%' border='0'>
<tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr' checked></td><td width='57%' nowrap='nowrap'>$Lang::tr{'fwdfw targetip'}<input type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16' maxlength='17'><td width='1%'><input type='radio' name='grp2' value='ipfire' $checked{'grp2'}{'ipfire'}></td><td><b>IPFire</b></td>
END
- if (! -z "${General::swroot}/ethernet/aliases"){
- print"<td align='right'><select name='ipfire' style='width:200px;'>";
- print "<option value='Default IP' $selected{'ipfire'}{'Default IP'}>Default IP</option>";
+ print"<td align='right'><select name='ipfire' style='width:200px;'>";
+ print "<option value='ALL' $selected{'ipfire'}{'ALL'}>$Lang::tr{'all'}</option>";
+ print "<option value='GREEN' $selected{'ipfire'}{'GREEN'}>$Lang::tr{'green'} ($ifaces{'GREEN_ADDRESS'})</option>" if $ifaces{'GREEN_ADDRESS'};
+ print "<option value='ORANGE' $selected{'ipfire'}{'ORANGE'}>$Lang::tr{'orange'} ($ifaces{'ORANGE_ADDRESS'})</option>" if $ifaces{'ORANGE_ADDRESS'};
+ print "<option value='BLUE' $selected{'ipfire'}{'BLUE'}>$Lang::tr{'blue'} ($ifaces{'BLUE_ADDRESS'})</option>" if $ifaces{'BLUE_ADDRESS'};
+ print "<option value='RED1' $selected{'ipfire'}{'RED1'}>$Lang::tr{'red1'} (Default IP)</option>" if $ifaces{'RED_ADDRESS'};
+ if (! -z "${General::swroot}/ethernet/aliases"){
foreach my $alias (sort keys %aliases)
{
print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
}
-
- }else{
- print"<td style='width:200px;'><input type='hidden' name ='ipfire' value='Default IP'>";
}
print<<END;
</td></tr>
<tr><td width='1%'><input type='checkbox' name='USESRV' value='ON' $checked{'USESRV'}{'ON'} ></td><td width='48%'>$Lang::tr{'fwdfw use srv'}</td><td width='1%'><input type='radio' name='grp3' value='cust_srv' checked></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td width='1%' colspan='2'><select name='cust_srv'style='min-width:230px;' >
END
&General::readhasharray("$configsrv", \%customservice);
- foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){
+ foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
print"<option ";
print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]);
print"value='$customservice{$key}[0]'>$customservice{$key}[0]</option>";
END
&General::readhasharray("$configsrvgrp", \%customservicegrp);
my $helper;
- foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) } keys %customservicegrp){
+ foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){
if ($helper ne $customservicegrp{$key}[0]){
print"<option ";
print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservicegrp{$key}[0]);
END
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
print"<option>All ICMP-Types</option>";
- foreach my $key (sort { uc($icmptypes{$a}[0]) cmp uc($icmptypes{$b}[0]) }keys %icmptypes){
+ foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
if($fwdfwsettings{'ICMP_TGT'} eq "$icmptypes{$key}[0]"){
print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
}else{
<tr><td width='1%'><input type='checkbox' name='USE_NAT' value='ON' $checked{'USE_NAT'}{'ON'}></td><td width='15%'>$Lang::tr{'fwdfw use nat'}</td><td colspan='5'></td></tr>
<tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' value='dnat' checked ></td><td width='50%'>$Lang::tr{'fwdfw dnat'}</td>
END
- if (! -z "${General::swroot}/ethernet/aliases"){
- print"<td width='8%'>IPFire: </td><td width='20%' align='right'><select name='dnat' style='width:140px;'>";
- print "<option value='ALL' $selected{'dnat'}{$Lang::tr{'all'}}>$Lang::tr{'all'}</option>";
- print "<option value='Default IP' $selected{'dnat'}{'Default IP'}>Default IP</option>";
-
- foreach my $alias (sort keys %aliases)
- {
- print "<option value='$alias' $selected{'dnat'}{$alias}>$alias</option>";
- }
- }else{
- print"<td></td><td style='width:200px;'><input type='hidden' name ='ipfire' value='Default IP'>";
+ print"<td width='8%'>IPFire: </td><td width='20%' align='right'><select name='dnat' style='width:140px;'>";
+ print "<option value='ALL' $selected{'dnat'}{$Lang::tr{'all'}}>$Lang::tr{'all'}</option>";
+ print "<option value='Default IP' $selected{'dnat'}{'Default IP'}>Default IP</option>";
+ foreach my $alias (sort keys %aliases)
+ {
+ print "<option value='$alias' $selected{'dnat'}{$alias}>$alias</option>";
}
print"</td></tr>";
+ $fwdfwsettings{'dnatport'}=~ tr/|/,/;
print"<tr><td colspan='4'></td><td>Port: </td><td align='right'><input type='text' name='dnatport' style='width:130px;' value=$fwdfwsettings{'dnatport'}> </td></tr>";
print"<tr><td colspan='8'><br></td></tr>";
#SNAT
#print"6";
}
#check if we change a DMZ to a FORWARD/DMZ
- elsif($fwdfwsettings{'oldruletype'} eq 'DMZ' && $fwdfwsettings{'chain'} eq 'FORWARDFW' ){
+ elsif($fwdfwsettings{'oldruletype'} eq 'DMZ' && $fwdfwsettings{'chain'} eq 'FORWARDFW' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE' && $checkorange ne 'on'){
&changerule($configdmz);
#print"7";
}
#print"14";
}
#check if we change a FORWARD rule to an DMZ
- elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && $fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on'){
+ elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on')){
&changerule($configfwdfw);
#print"15";
}
&changerule($configfwdfw);
#print"17";
}
- #Cleanup some values for NAT if they are not used
- if($fwdfwsettings{'nat'} eq 'dnat'){
- $fwdfwsettings{'snatport'}='';
- }else{
- $fwdfwsettings{'dnatport'}='';
- }
if ($fwdfwsettings{'updatefwrule'} ne 'on'){
my $key = &General::findhasharraykey ($hash);
$$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
sub viewtablerule
{
&General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
- &viewtablenew(\%configdmzfw,$configdmz,$Lang::tr{'fwdfw rules'},"DMZ" );
+ &viewtablenew(\%confignatfw,$confignat,"$Lang::tr{'fwdfw rules'}","Portforward / SNAT" );
&viewtablenew(\%configfwdfw,$configfwdfw,"","Forward" );
- &viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'external access'} );
&viewtablenew(\%configoutgoingfw,$configoutgoing,"","Outgoing" );
- &viewtablenew(\%confignatfw,$confignat,"","NAT" );
+ &viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'fwdfw xt access'} );
+ &viewtablenew(\%configdmzfw,$configdmz,"","DMZ" );
}
sub viewtablenew
{
&General::get_aliases(\%aliases);
&General::readhasharray("$confighost", \%customhost);
&General::readhasharray("$config", $hash);
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ &General::readhasharray("$configccdhost", \%ccdhost);
if( ! -z $config){
&Header::openbox('100%', 'left',$title);
my $count=0;
$tooltip='REJECT';
$rulecolor=$color{'color16'};
}
- if($$hash{$key}[28] eq 'ON'){
- print"<td bgcolor='$color' align='center' width='20'></td>";
- $rulecolor=$color;
- }else{
- print"<td bgcolor='$rulecolor' align='center' width='20'><span title='$tooltip'><b>$ruletype</b></span></td>";
- }
+ print"<td bgcolor='$rulecolor' align='center' width='20'><span title='$tooltip'><b>$ruletype</b></span></td>";
&getcolor($$hash{$key}[3],$$hash{$key}[4],\%customhost);
print"<td align='center' width='160' $tdcolor>";
if ($$hash{$key}[3] eq 'std_net_src'){
if ($$hash{$key}[31] eq 'dnat'){
print "IPFire ($$hash{$key}[29])";
if($$hash{$key}[30] ne ''){
+ $$hash{$key}[30]=~ tr/|/,/;
print": $$hash{$key}[30]";
}
print"<br> DNAT->";
}
- if ($$hash{$key}[5] eq 'std_net_tgt'){
- print &get_name($$hash{$key}[6]);
+ if ($$hash{$key}[5] eq 'std_net_tgt' || $$hash{$key}[5] eq 'ipfire' && $$hash{$key}[6] eq 'RED' || $$hash{$key}[6] eq 'RED1' || $$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq 'ORANGE' || $$hash{$key}[6] eq 'BLUE' ){
+ if ($$hash{$key}[6] eq 'RED1')
+ {
+ print $Lang::tr{'red1'};
+ }else{
+ print &get_name($$hash{$key}[6]);
+ }
}else{
print $$hash{$key}[6];
}
print"</td>";
#Get Protocol
my $prot;
- if ($$hash{$key}[12]){ #target prot if manual
- push (@protocols,$$hash{$key}[12]);
- }elsif($$hash{$key}[8]){ #source prot if manual
+ if ($$hash{$key}[8] && $$hash{$key}[7] eq 'ON'){#source prot if manual
push (@protocols,$$hash{$key}[8]);
+ }elsif ($$hash{$key}[12]){ #target prot if manual
+ push (@protocols,$$hash{$key}[12]);
}elsif($$hash{$key}[14] eq 'cust_srv'){
&get_serviceports("service",$$hash{$key}[15]);
}elsif($$hash{$key}[14] eq 'cust_srvgrp'){
projects / people / teissler / ipfire-2.x.git / blobdiff