unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); }
unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); }
unless (-e "${General::swroot}/forward/outgoing") { system("touch ${General::swroot}/forward/outgoing"); }
-unless (-e "${General::swroot}/forward/dmz") { system("touch ${General::swroot}/forward/dmz"); }
unless (-e "${General::swroot}/forward/nat") { system("touch ${General::swroot}/forward/nat"); }
my %fwdfwsettings=();
my %configfwdfw=();
my %configinputfw=();
my %configoutgoingfw=();
-my %configdmzfw=();
my %confignatfw=();
my %ipsecconf=();
my %color=();
my $configfwdfw = "${General::swroot}/forward/config";
my $configinput = "${General::swroot}/forward/input";
my $configoutgoing = "${General::swroot}/forward/outgoing";
-my $configdmz = "${General::swroot}/forward/dmz";
my $confignat = "${General::swroot}/forward/nat";
my $configovpn = "${General::swroot}/ovpn/settings";
my $fwoptions = "${General::swroot}/optionsfw/settings";
if($fwdfwsettings{'nosave2'} ne 'on'){
&saverule(\%confignatfw,$confignat);
}
- #DMZ-Part
- }elsif ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on'){
- $fwdfwsettings{'config'}=$configdmz;
- $fwdfwsettings{'chain'} = 'FORWARDFW';
- my $maxkey=&General::findhasharraykey(\%configdmzfw);
- #check if we have an identical rule already
- if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
- foreach my $key (sort keys %configdmzfw){
- if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
- eq "$configdmzfw{$key}[0],$configdmzfw{$key}[2],$configdmzfw{$key}[3],$configdmzfw{$key}[4],$configdmzfw{$key}[5],$configdmzfw{$key}[6],$configdmzfw{$key}[7],$configdmzfw{$key}[8],$configdmzfw{$key}[9],$configdmzfw{$key}[10],$configdmzfw{$key}[11],$configdmzfw{$key}[12],$configdmzfw{$key}[13],$configdmzfw{$key}[14],$configdmzfw{$key}[15],$configdmzfw{$key}[17],$configdmzfw{$key}[18],$configdmzfw{$key}[19],$configdmzfw{$key}[20],$configdmzfw{$key}[21],$configdmzfw{$key}[22],$configdmzfw{$key}[23],$configdmzfw{$key}[24],$configdmzfw{$key}[25],$configdmzfw{$key}[26],$configdmzfw{$key}[27]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' ){
- $errormessage='';
- }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
- $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
- }
- if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
- $fwdfwsettings{'nosave'} = 'on';
- }
- }
- }
- }
- #check Rulepos on new Rule
- if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
- $fwdfwsettings{'oldrulenumber'}=$maxkey;
- foreach my $key (sort keys %configdmzfw){
- if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
- eq "$configdmzfw{$key}[0],$configdmzfw{$key}[2],$configdmzfw{$key}[3],$configdmzfw{$key}[4],$configdmzfw{$key}[5],$configdmzfw{$key}[6],$configdmzfw{$key}[7],$configdmzfw{$key}[8],$configdmzfw{$key}[9],$configdmzfw{$key}[10],$configdmzfw{$key}[11],$configdmzfw{$key}[12],$configdmzfw{$key}[13],$configdmzfw{$key}[14],$configdmzfw{$key}[15],$configdmzfw{$key}[17],$configdmzfw{$key}[18],$configdmzfw{$key}[19],$configdmzfw{$key}[20],$configdmzfw{$key}[21],$configdmzfw{$key}[22],$configdmzfw{$key}[23],$configdmzfw{$key}[24],$configdmzfw{$key}[25],$configdmzfw{$key}[26],$configdmzfw{$key}[27]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- }
- }
- }
- #check if we just close a rule
- if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}) {
- if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
- $errormessage='';
- $fwdfwsettings{'nosave2'} = 'on';
- }
- }
- &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
- if ($fwdfwsettings{'nobase'} ne 'on'){
- &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
- }
- if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
- &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
- }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }
- if($fwdfwsettings{'nosave2'} ne 'on'){
- &saverule(\%configdmzfw,$configdmz);
- }
#INPUT part
}elsif($fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE'){
$fwdfwsettings{'config'}=$configinput;
$fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'};
$fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'};
$fwdfwsettings{'oldnat'}=$fwdfwsettings{'USE_NAT'};
- if ($fwdfwsettings{'config'} eq "${General::swroot}/forward/dmz"){
- $fwdfwsettings{'oldruletype'}='DMZ';
- }else{
- $fwdfwsettings{'oldruletype'}=$fwdfwsettings{'chain'};
- }
+ $fwdfwsettings{'oldruletype'}=$fwdfwsettings{'chain'};
#check if manual ip (source) is orange network
if ($fwdfwsettings{'grp1'} eq 'src_addr'){
my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
my $config=shift;
&General::readhasharray("$config", $hash);
if (!$errormessage){
- #check if we change a NAT to a FORWARD/DMZ
+ #check if we change a NAT to a FORWARD
if(($fwdfwsettings{'oldruletype'} eq 'NAT_SOURCE' || $fwdfwsettings{'oldruletype'} eq 'NAT_DESTINATION') && $fwdfwsettings{'chain'} eq 'FORWARDFW'){
&changerule($confignat);
#print"1";
#print"3";
}
################################################################
- #check if we change a DMZ to a NAT
- elsif($fwdfwsettings{'oldruletype'} eq 'DMZ' && ($fwdfwsettings{'chain'} eq 'NAT_SOURCE' || $fwdfwsettings{'chain'} eq 'NAT_DESTINATION')){
- &changerule($configdmz);
- #print"4";
- }
- #check if we change a DMZ to an OUTGOING
- elsif($fwdfwsettings{'oldruletype'} eq 'DMZ' && $fwdfwsettings{'chain'} eq 'OUTGOINGFW' ){
- &changerule($configdmz);
- #print"5";
- }
- #check if we change a DMZ to an INPUT
- elsif($fwdfwsettings{'oldruletype'} eq 'DMZ' && $fwdfwsettings{'chain'} eq 'INPUTFW' ){
- &changerule($configdmz);
- #print"6";
- }
- #check if we change a DMZ to a FORWARD/DMZ
- elsif($fwdfwsettings{'oldruletype'} eq 'DMZ' && $fwdfwsettings{'chain'} eq 'FORWARDFW' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE' && $checkorange ne 'on'){
- &changerule($configdmz);
- #print"7";
- }
- ################################################################
#check if we change an INPUT rule to a NAT
elsif($fwdfwsettings{'oldruletype'} eq 'INPUTFW' && ($fwdfwsettings{'chain'} eq 'NAT_SOURCE' || $fwdfwsettings{'chain'} eq 'NAT_DESTINATION')){
&changerule($configinput);
- #print"8";
+ #print"4";
}
#check if we change an INPUT rule to a OUTGOING
elsif($fwdfwsettings{'oldruletype'} eq 'INPUTFW' && $fwdfwsettings{'chain'} eq 'OUTGOINGFW' ){
&changerule($configinput);
- #print"9";
+ #print"5";
}
- #check if we change an INPUT rule to a FORWARD/DMZ
+ #check if we change an INPUT rule to a FORWARD
elsif($fwdfwsettings{'oldruletype'} eq 'INPUTFW' && $fwdfwsettings{'chain'} eq 'FORWARDFW' ){
&changerule($configinput);
- #print"10";
+ #print"6";
}
################################################################
#check if we change an OUTGOING rule to an INPUT
elsif($fwdfwsettings{'oldruletype'} eq 'OUTGOINGFW' && $fwdfwsettings{'chain'} eq 'INPUTFW' ){
&changerule($configoutgoing);
- #print"11";
+ #print"7";
}
- #check if we change an OUTGOING rule to a FORWARD/DMZ
+ #check if we change an OUTGOING rule to a FORWARD
elsif($fwdfwsettings{'oldruletype'} eq 'OUTGOINGFW' && $fwdfwsettings{'chain'} eq 'FORWARDFW' ){
&changerule($configoutgoing);
- #print"12";
+ #print"8";
}
#check if we change an OUTGOING rule to a NAT
elsif($fwdfwsettings{'oldruletype'} eq 'OUTGOINGFW' && ($fwdfwsettings{'chain'} eq 'NAT_SOURCE' || $fwdfwsettings{'chain'} eq 'NAT_DESTINATION')){
&changerule($configoutgoing);
- #print"13";
+ #print"9";
}
################################################################
#check if we change a FORWARD rule to an INPUT
elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && $fwdfwsettings{'chain'} eq 'INPUTFW'){
&changerule($configfwdfw);
- #print"14";
- }
- #check if we change a FORWARD rule to an DMZ
- elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on')){
- &changerule($configfwdfw);
- #print"15";
+ #print"10";
}
#check if we change a FORWARD rule to an OUTGOING
elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && $fwdfwsettings{'chain'} eq 'OUTGOINGFW'){
&changerule($configfwdfw);
- #print"16";
+ #print"11";
}
#check if we change a FORWARD rule to an NAT
elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && ($fwdfwsettings{'chain'} eq 'NAT_SOURCE' || $fwdfwsettings{'chain'} eq 'NAT_DESTINATION')){
&changerule($configfwdfw);
- #print"17";
+ #print"12";
}
if ($fwdfwsettings{'updatefwrule'} ne 'on'){
my $key = &General::findhasharraykey ($hash);
&viewtablenew(\%configfwdfw,$configfwdfw,"","Forward" );
&viewtablenew(\%configoutgoingfw,$configoutgoing,"","Outgoing" );
&viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'fwdfw xt access'} );
- &viewtablenew(\%configdmzfw,$configdmz,"","DMZ" );
}
sub viewtablenew
{
projects / people / teissler / ipfire-2.x.git / blobdiff