}
#INPUT part
if($fwdfwsettings{'grp2'} eq 'ipfire'){
+ $fwdfwsettings{'config'}=$configinput;
$fwdfwsettings{'chain'} = 'INPUTFW';
my $maxkey=&General::findhasharraykey(\%configinputfw);
#check if we have an identical rule already
#print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
}else{
#FORWARD PART
+ $fwdfwsettings{'config'}=$configfwdfw;
$fwdfwsettings{'chain'} = 'FORWARDFW';
my $maxkey=&General::findhasharraykey(\%configfwdfw);
if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
&hint;
&addrule;
&p2pblock;
- &Header::openbox('100%', 'center', 'Policy');
+ &Header::openbox('100%', 'center', $Lang::tr{'fwdfw pol title'});
print <<END;
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <table width='100%'>
- <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 1:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode1'}</td></tr>
- <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 2:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode2'}</td></tr>
+ <table width='100%' border='0'>
+ <tr><td colspan='3'>$Lang::tr{'fwdfw pol text'}</td></tr>
+
<tr><td colspan='3'><hr /></td></tr>
- <tr><td width='10%' align='left'> <select name='POLICY' style="width: 85px">$Lang::tr{'mode'} 0</option><option value='MODE1' $selected{'POLICY'}{'MODE1'}>$Lang::tr{'mode'} 1</option><option value='MODE2' $selected{'POLICY'}{'MODE2'}>$Lang::tr{'mode'} 2</option></select>
+ <tr><td width='15%' align='left'> <select name='POLICY' style="width: 100px">
+ <option value='MODE1' $selected{'POLICY'}{'MODE1'}>$Lang::tr{'fwdfw pol block'}</option>
+ <option value='MODE2' $selected{'POLICY'}{'MODE2'}>$Lang::tr{'fwdfw pol allow'}</option></select>
<td width='45%' align='left'><input type='submit' name='ACTION' value=$Lang::tr{'save'} />
<td width='45%' align='left'>
END
print "<table border='0'>";
print "<tr><td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw newrule'}'></td>";
if (-f "${General::swroot}/forward/reread"){
- print "<td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}'></td>";
+ print "<td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}'>$Lang::tr{'fwhost reread'}</td>";
}
print"</tr></table></form><hr>";
$ip=&General::ip2dec($ip);
$ip=&General::dec2ip($ip);
- #check if net or broadcast
- my @tmp= split (/\./,$ip);
- if (($tmp[3] eq "0") || ($tmp[3] eq "255"))
- {
- $errormessage=$Lang::tr{'fwhost err hostip'}."<br>";
- }
+ ##check if net or broadcast
+ #my @tmp= split (/\./,$ip);
+ #if ($tmp[3] eq "0" || ($tmp[3] eq "255"))
+ #{
+ #$errormessage=$Lang::tr{'fwhost err hostip'}."<br>";
+ #}
$fwdfwsettings{'tgt_addr'}="$ip/$subnet";
if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
my $networkip1=&General::getnetworkip($sip,$scidr);
my $networkip2=&General::getnetworkip($tip,$tcidr);
if ($scidr gt $tcidr){
- if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr)) ){
+ if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr))){
$errormessage.=$Lang::tr{'fwdfw err samesub'};
}
}elsif($scidr eq $tcidr && $scidr eq '32'){
#check source and destination protocol if manual
if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){
-
-
- if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
+ if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
$errormessage.=$Lang::tr{'fwdfw err prot'};
}
#check source and destination protocol if source manual and dest servicegrp
}
}
&General::writehasharray("$config", $hash);
- if($fwdfwsettings{'oldrulenumber'} gt $fwdfwsettings{'rulepos'}){
+ if($fwdfwsettings{'oldrulenumber'} > $fwdfwsettings{'rulepos'}){
my %tmp=();
my $val=$fwdfwsettings{'oldrulenumber'}-$fwdfwsettings{'rulepos'};
for (my $z=0;$z<$val;$z++){
}
&General::writehasharray("$config", $hash);
&rules;
- }elsif($fwdfwsettings{'rulepos'} gt $fwdfwsettings{'oldrulenumber'}){
+ }elsif($fwdfwsettings{'rulepos'} > $fwdfwsettings{'oldrulenumber'}){
my %tmp=();
my $val=$fwdfwsettings{'rulepos'}-$fwdfwsettings{'oldrulenumber'};
for (my $z=0;$z<$val;$z++){
$protocols=$customservice{$key}[2];
}
}
-
}elsif($type eq 'group'){
foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) } keys %customservicegrp){
if ($customservicegrp{$key}[0] eq $name){
- if($customservicegrp{$key}[4] eq 'TCP'){$tcp='TCP';}else{$udp='UDP';}
+ foreach my $key1 (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){
+ if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
+ if($customservice{$key1}[2] eq 'TCP'){$tcp='TCP';}else{$udp='UDP';}
+ }
+ }
}
}
}
- if($tcp){$protocols.="TCP";}
- if($udp){$protocols.=",UDP";}
+ if($tcp && $udp){$protocols="TCP,UDP";
+ }elsif($tcp){$protocols.="TCP";
+ }elsif($udp){$protocols.="UDP";}
return $protocols;
}
sub viewtablerule
&viewtablenew(\%configfwdfw,$configfwdfw,$Lang::tr{'fwdfw rules'},"Forward" );
&viewtablenew(\%configfwdfw,$configfwdfw,'',"DMZ" );
+ &viewtablenew(\%configfwdfw,$configfwdfw,'',"WLAN" );
&viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'external access'} );
}
sub viewtablenew
#check if there are DMZ entries
if ($title1 eq 'DMZ'){
foreach my $key (keys %$hash){
- if ($$hash{$key}[4] eq 'ORANGE' || $$hash{$key}[6] eq 'ORANGE'){$go='on';}
+ if ($$hash{$key}[4] eq 'ORANGE'){$go='on';last}
+ }
+ }elsif($title1 eq 'WLAN'){
+ foreach my $key (keys %$hash){
+ if ($$hash{$key}[4] eq 'BLUE'){$go='on';last}
}
- }elsif( ! -z "$config" ){
+ }elsif($title1 eq 'Forward'){
+ foreach my $key (keys %$hash){
+ if (($$hash{$key}[4] ne 'ORANGE' && $$hash{$key}[4] ne 'BLUE')){$go='on';last}
+ }
+ }elsif( ! -z $config){
$go='on';
}
if($go ne ''){
print"<tr><td align='center' width='1%'><b>#</td><td width='1%'></td><td align='center' ><b>$Lang::tr{'fwdfw source'}</td><td width='1%'><b>Log</td><td align='center' width='20%'><b>$Lang::tr{'fwdfw target'}</td><td align='center'><b>$Lang::tr{'protocol'}</b></td><td align='center' width='70%'><b>$Lang::tr{'remark'}</td><td align='center' colspan='3' width='1%'><b>$Lang::tr{'fwdfw action'}</td></tr>";
foreach my $key (sort {$a <=> $b} keys %$hash){
#check if we have a FORWARDFW OR DMZ RULE
- if ($title1 eq 'DMZ' && ($$hash{$key}[4] ne 'ORANGE' && $$hash{$key}[6] ne 'ORANGE')){next;}
- if ($title1 eq 'Forward' && ($$hash{$key}[4] eq 'ORANGE' || $$hash{$key}[6] eq 'ORANGE')){next;}
+ if ($title1 eq 'DMZ' && ($$hash{$key}[4] ne 'ORANGE')){next;}
+ if ($title1 eq 'WLAN' && ($$hash{$key}[4] ne 'BLUE')){next;}
+ if ($title1 eq 'Forward' && ($$hash{$key}[4] eq 'ORANGE' || $$hash{$key}[4] eq 'BLUE')){next;}
@tmpsrc=();
#check if vpn hosts/nets have been deleted
if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){
sub reread_rules
{
system("/usr/local/bin/forwardfwctrl");
- system("rm ${General::swroot}/forward/reread");
+ if ( -f "${General::swroot}/forward/reread"){
+ system("rm ${General::swroot}/forward/reread");
+ }
}
&Header::closebigbox();
&Header::closepage();