my %fwfwd=();
my %fwinp=();
my %ovpnsettings=();
-my %ipsecconf=();
-my %ipsecsettings=();
+
my $errormessage;
my $hint;
my $configipsec = "${General::swroot}/vpn/config";
my $configsrv = "${General::swroot}/fwhosts/customservices";
my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
-my $fwconfigfwd = "${General::swroot}/forward/config";
-my $fwconfiginp = "${General::swroot}/forward/input";
+my $fwconfigfwd = "${General::swroot}/firewall/config";
+my $fwconfiginp = "${General::swroot}/firewall/input";
my $configovpn = "${General::swroot}/ovpn/settings";
my $tdcolor='';
-my $configipsec = "${General::swroot}/vpn/config";
my $configipsecrw = "${General::swroot}/vpn/settings";
unless (-e $confignet) { system("touch $confignet"); }
#### JAVA SCRIPT ####
print<<END;
<script>
+ var PROTOCOLS_WITH_PORTS = ["TCP", "UDP"];
+ var update_protocol = function() {
+ var protocol = \$("#protocol").val();
+
+ if (protocol === undefined)
+ return;
+
+ // Check if we are dealing with a protocol, that knows ports.
+ if (\$.inArray(protocol, PROTOCOLS_WITH_PORTS) >= 0) {
+ \$("#PORT").show();
+ \$("#PROTOKOLL").hide();
+ } else {
+ \$("#PORT").hide();
+ \$("#PROTOKOLL").show();
+ }
+ };
+
\$(document).ready(function() {
- // Automatically select radio buttons when corresponding
- // dropdown menu changes.
- \$("select").change(function() {
- var id = \$(this).attr("name");
- //When using SNAT or DNAT, check "USE NAT" Checkbox
- if ( id === 'snat' || id === 'dnat') {
- \$('#USE_NAT').prop('checked', true);
- }
- \$('#' + id).prop("checked", true);
- });
+ var protocol = \$("#protocol").val();
+ \$("#protocol").change(update_protocol);
+ update_protocol();
});
</script>
END
## ACTION ####
-if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'})
-{
- &reread_rules;
- &showmenu;
-}
# Update
if ($fwhostsettings{'ACTION'} eq 'updatenet' )
{
$fwhostsettings{'ICMP_TYPES'}='BLANK';
}
my $key1 = &General::findhasharraykey(\%customservice);
+ #find out short ICMP-TYPE
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ foreach my $key (keys %icmptypes){
+ if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwhostsettings{'ICMP_TYPES'}){
+ $fwhostsettings{'ICMP_TYPES'}=$icmptypes{$key}[0];
+ }
+ }
foreach my $i (0 .. 4) { $customservice{$key1}[$i] = "";}
$customservice{$key1}[0] = $fwhostsettings{'SRV_NAME'};
$customservice{$key1}[1] = $fwhostsettings{'SRV_PORT'};
if($count gt 0 && $fwhostsettings{'oldsrvprot'} ne $fwhostsettings{'PROT'} ){
$needrules='on';
}
+ if($count gt 0 && $fwhostsettings{'oldsrvicmp'} ne $fwhostsettings{'ICMP'} ){
+ $needrules='on';
+ }
$fwhostsettings{'SRV_NAME'} = '';
$fwhostsettings{'SRV_PORT'} = '';
$fwhostsettings{'PROT'} = '';
+ $fwhostsettings{'ICMP'} = '';
+ $fwhostsettings{'oldsrvicmp'} = '';
}else{
$fwhostsettings{'SRV_NAME'} = $fwhostsettings{'oldsrvname'};
$fwhostsettings{'SRV_PORT'} = $fwhostsettings{'oldsrvport'};
$fwhostsettings{'PROT'} = $fwhostsettings{'oldsrvprot'};
+ $fwhostsettings{'ICMP'} = $fwhostsettings{'oldsrvicmp'};
$fwhostsettings{'updatesrv'}= 'on';
}
+ $fwhostsettings{'updatesrv'} = '';
if($needrules eq 'on'){
- &rules;
+ &General::firewall_config_changed();
}
&addservice;
}
$fwhostsettings{'NETREMARK'}='';
#check if an edited net affected groups and need to reload rules
if ($needrules eq 'on'){
- &rules;
+ &General::firewall_config_changed();
}
&addnet;
&viewtablenet;
$fwhostsettings{'HOSTREMARK'}='';
#check if we need to update rules while host was edited
if($needrules eq 'on'){
- &rules;
+ &General::firewall_config_changed();
}
&addhost;
&viewtablehost;
#check if ruleupdate is needed
if($count > 0 )
{
- &rules;
+ &General::firewall_config_changed();
}
&addgrp;
&viewtablegrp;
}
}
}
- if($ICMP eq ''){$ICMP='BLANK';}
+ if($ICMP eq ''){$ICMP=$fwhostsettings{'ICMP_TYPES'};}
+ if ($fwhostsettings{'PROT'} ne 'ICMP'){$ICMP='';}
if (!$errormessage){
my $key = &General::findhasharraykey (\%customservice);
foreach my $i (0 .. 4) { $customservice{$key}[$i] = "";}
my $prot;
my $port;
my $count=0;
+ my $tcpcounter=0;
+ my $udpcounter=0;
&General::readhasharray("$configsrvgrp", \%customservicegrp );
&General::readhasharray("$configsrv", \%customservice );
$errormessage=&checkservicegroup;
+ #Check if we have more than 13 services from one Protocol in the group
+ #iptables can only handle 13 ports/portranges via multiport
+ foreach my $key (keys %customservicegrp){
+ if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'}){
+ foreach my $key1 (keys %customservice){
+ $tcpcounter++ if $customservice{$key1}[2] eq 'TCP' && $customservicegrp{$key}[2] eq $customservice{$key1}[0];
+ $tcpcounter++ if $customservice{$key1}[2] eq 'TCP' && $customservicegrp{$key}[2] eq $customservice{$key1}[0] && $customservice{$key1}[1] =~m/:/i;
+ $udpcounter++ if $customservice{$key1}[2] eq 'UDP' && $customservicegrp{$key}[2] eq $customservice{$key1}[0];
+ $udpcounter++ if $customservice{$key1}[2] eq 'UDP' && $customservicegrp{$key}[2] eq $customservice{$key1}[0] && $customservice{$key1}[1] =~m/:/i;
+ }
+ }
+ }
+ if ($tcpcounter > 15){
+ $errormessage=$Lang::tr{'fwhost err maxservicetcp'};
+ }
+ if ($udpcounter > 15){
+ $errormessage=$Lang::tr{'fwhost err maxserviceudp'};
+ }
+ $tcpcounter=0;
+ $udpcounter=0;
#check remark
if ($fwhostsettings{'SRVGRP_REMARK'} ne '' && !&validremark($fwhostsettings{'SRVGRP_REMARK'})){
- $errormessage=$Lang::tr{'fwhost err remark'};
+ $errormessage .= $Lang::tr{'fwhost err remark'};
}
if (!$errormessage){
#on first save, we have to enter a dummy value
$fwhostsettings{'updatesrvgrp'}='on';
}
if ($count gt 0){
- &rules;
+ &General::firewall_config_changed();
}
&addservicegrp;
&viewtableservicegrp;
}
}
&General::writehasharray("$configgrp", \%customgrp);
- if ($fwhostsettings{'grpcnt'} > 0){&rules;}
+ if ($fwhostsettings{'grpcnt'} > 0){
+ &General::firewall_config_changed();
+ }
if ($fwhostsettings{'update'} eq 'on'){
$fwhostsettings{'remark'}= $grpremark;
$fwhostsettings{'grp_name'}=$grpname;
}
}
&General::writehasharray("$configsrvgrp", \%customservicegrp);
- &rules;
+ &General::firewall_config_changed();
if ($fwhostsettings{'updatesrvgrp'} eq 'on'){
$fwhostsettings{'SRVGRP_NAME'}=$grpname;
$fwhostsettings{'SRVGRP_REMARK'}=$grpremark;
&showmenu;
}
### FUNCTIONS ###
-sub showmenu
-{
- if (-f "${General::swroot}/forward/reread"){
- print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>    $Lang::tr{'fwhost reread'}</td></tr></table></form><br>";
- }
+sub showmenu {
&Header::openbox('100%', 'left',$Lang::tr{'fwhost menu'});
print "$Lang::tr{'fwhost welcome'}";
print<<END;
$fwhostsettings{'oldsrvname'} = $fwhostsettings{'SRV_NAME'};
$fwhostsettings{'oldsrvport'} = $fwhostsettings{'SRV_PORT'};
$fwhostsettings{'oldsrvprot'} = $fwhostsettings{'PROT'};
+ $fwhostsettings{'oldsrvicmp'} = $fwhostsettings{'ICMP'};
}
print<<END;
<table width='100%' border='0'><form method='post'>
<tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost srv_name'}:</td><td><input type='text' name='SRV_NAME' id='textbox1' value='$fwhostsettings{'SRV_NAME'}' size='24'><script>document.getElementById('textbox1').focus()</script></td></tr>
- <tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost prot'}:</td><td><select name='PROT'>
+ <tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost prot'}:</td><td><select name='PROT' id='protocol' >
END
foreach ("TCP","UDP","ICMP")
{
}
}
print<<END;
- </select></td></tr>
- <tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td><select name='ICMP_TYPES'>
+ </select></td></tr></table>
+ <div id='PROTOKOLL' class='noscript'><table width=100%' border='0'><tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td><select name='ICMP_TYPES'>
END
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
- print"<option>All ICMP-Types</option>";
+ print"<option value='All ICMP-Types'>$Lang::tr{'fwdfw all icmp'}</option>";
foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
- print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ if ($icmptypes{$key}[0] eq $fwhostsettings{'oldsrvicmp'}){
+ print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }else{
+ print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }
}
-
print<<END;
- </select></td></tr>
- <tr><td width='10%'>$Lang::tr{'fwhost port'}:</td><td><input type='text' name='SRV_PORT' value='$fwhostsettings{'SRV_PORT'}' maxlength='11' size='24'></td></tr>
- <tr><td colspan='6'><br><hr></td></tr>
+ </select></td></tr></table></div>
+ <div id='PORT' class='noscript'><table width='100%' border='0'><tr><td width='10%'>$Lang::tr{'fwhost port'}:</td><td><input type='text' name='SRV_PORT' value='$fwhostsettings{'SRV_PORT'}' maxlength='11' size='24'></td></tr></table></div>
+ <table width='100%' border='0'><tr><td colspan='6'><br><hr></td></tr>
<tr><td colspan='6' align='right'>
END
if ($fwhostsettings{'updatesrv'} eq 'on')
<input type='hidden' name='ACTION' value='updateservice'>
<input type='hidden' name='oldsrvname' value='$fwhostsettings{'oldsrvname'}'>
<input type='hidden' name='oldsrvport' value='$fwhostsettings{'oldsrvport'}'>
- <input type='hidden' name='oldsrvprot' value='$fwhostsettings{'oldsrvprot'}'></form>
+ <input type='hidden' name='oldsrvprot' value='$fwhostsettings{'oldsrvprot'}'>
+ <input type='hidden' name='oldsrvicmp' value='$fwhostsettings{'oldsrvicmp'}'>
+ </form>
END
-
- }else{
+ }else{
print"<input type='submit' value='$Lang::tr{'save'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='saveservice'></form>";
}
print<<END;
<form style='display:inline;' method='post'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'></form></td></tr>
</table></form>
-
-
END
&Header::closebox();
&viewtableservice;
}else{
my ($colip,$colsub) = split("/",$ip);
$ip="$colip/".&General::subtocidr($colsub) if ($colsub);
- print"<td align='center'>".&Header::colorize($ip)."</td><td align='center'>$customgrp{$key}[3]</td><td width='1%'><form method='post'>";
+ print"<td align='center' ".&getcolor($colip).">".&Header::colorize($ip)."</td><td align='center'>$customgrp{$key}[3]</td><td width='1%'><form method='post'>";
}
if ($delflag > '1' && $ip ne ''){
print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
print<<END;
<td>$customservice{$key}[0]</td><td align='center'>$customservice{$key}[2]</td><td align='center'>$customservice{$key}[1]</td><td align='center'>
END
- if($customservice{$key}[3] ne 'BLANK'){print $customservice{$key}[3];}
-
+ if($customservice{$key}[3] eq 'All ICMP-Types'){print $Lang::tr{'fwdfw all icmp'};}
+ elsif($customservice{$key}[3] ne 'BLANK'){print $customservice{$key}[3];}
print<<END;
</td><td align='center'>$customservice{$key}[4]x</td>
<td width='1%'><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} /><input type='hidden' name='ACTION' value='editservice' />
<input type='hidden' name='SRV_NAME' value='$customservice{$key}[0]' />
<input type='hidden' name='SRV_PORT' value='$customservice{$key}[1]' />
- <input type='hidden' name='PROT' value='$customservice{$key}[2]' /></form></td>
+ <input type='hidden' name='PROT' value='$customservice{$key}[2]' />
+ <input type='hidden' name='ICMP' value='$customservice{$key}[3]' /></form></td>
END
if ($customservice{$key}[4] eq '0')
{
}
}
print"<td align='center'>$port</td><td align='center'>$protocol</td><td width='1%'><form method='post'>";
- if ($number gt '1'){
+ if ($delflag gt '1'){
print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
}
print"<input type='hidden' name='ACTION' value='delgrpservice'><input type='hidden' name='updatesrvgrp' value='$fwhostsettings{'updatesrvgrp'}'><input type='hidden' name='delsrvfromgrp' value='$grpname,$remark,$customservicegrp{$key}[2],$customservicegrp{$key}[3]'></form></td></tr>";
}
}
}
-sub rules
-{
- if (!-f "${General::swroot}/fwhosts/reread"){
- system("touch ${General::swroot}/fwhosts/reread");
- system("touch ${General::swroot}/forward/reread");
- }
-}
-sub reread_rules
-{
- system ("/usr/local/bin/forwardfwctrl");
- if ( -f "${General::swroot}/fwhosts/reread"){
- system("rm ${General::swroot}/fwhosts/reread");
- system("rm ${General::swroot}/forward/reread");
- }
-
-}
-sub decrease
-{
+
+sub decrease {
my $grp=$_[0];
&General::readhasharray("$confignet", \%customnetwork);
&General::readhasharray("$confighost", \%customhost);
projects / people / teissler / ipfire-2.x.git / blobdiff