my $configipsec = "${General::swroot}/vpn/config";
my $configsrv = "${General::swroot}/fwhosts/customservices";
my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
-my $fwconfigfwd = "${General::swroot}/forward/config";
-my $fwconfiginp = "${General::swroot}/forward/input";
+my $fwconfigfwd = "${General::swroot}/firewall/config";
+my $fwconfiginp = "${General::swroot}/firewall/input";
my $configovpn = "${General::swroot}/ovpn/settings";
my $tdcolor='';
my $configipsecrw = "${General::swroot}/vpn/settings";
END
## ACTION ####
-if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'})
-{
- &reread_rules;
- &showmenu;
-}
# Update
if ($fwhostsettings{'ACTION'} eq 'updatenet' )
{
}
$fwhostsettings{'updatesrv'} = '';
if($needrules eq 'on'){
- &rules;
+ &General::firewall_config_changed();
}
&addservice;
}
$fwhostsettings{'NETREMARK'}='';
#check if an edited net affected groups and need to reload rules
if ($needrules eq 'on'){
- &rules;
+ &General::firewall_config_changed();
}
&addnet;
&viewtablenet;
$fwhostsettings{'HOSTREMARK'}='';
#check if we need to update rules while host was edited
if($needrules eq 'on'){
- &rules;
+ &General::firewall_config_changed();
}
&addhost;
&viewtablehost;
#check if ruleupdate is needed
if($count > 0 )
{
- &rules;
+ &General::firewall_config_changed();
}
&addgrp;
&viewtablegrp;
}
}
if($ICMP eq ''){$ICMP=$fwhostsettings{'ICMP_TYPES'};}
+ if ($fwhostsettings{'PROT'} ne 'ICMP'){$ICMP='';}
if (!$errormessage){
my $key = &General::findhasharraykey (\%customservice);
foreach my $i (0 .. 4) { $customservice{$key}[$i] = "";}
my $prot;
my $port;
my $count=0;
+ my $tcpcounter=0;
+ my $udpcounter=0;
&General::readhasharray("$configsrvgrp", \%customservicegrp );
&General::readhasharray("$configsrv", \%customservice );
$errormessage=&checkservicegroup;
+ #Check if we have more than 13 services from one Protocol in the group
+ #iptables can only handle 13 ports/portranges via multiport
+ foreach my $key (keys %customservicegrp){
+ if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'}){
+ foreach my $key1 (keys %customservice){
+ $tcpcounter++ if $customservice{$key1}[2] eq 'TCP' && $customservicegrp{$key}[2] eq $customservice{$key1}[0];
+ $tcpcounter++ if $customservice{$key1}[2] eq 'TCP' && $customservicegrp{$key}[2] eq $customservice{$key1}[0] && $customservice{$key1}[1] =~m/:/i;
+ $udpcounter++ if $customservice{$key1}[2] eq 'UDP' && $customservicegrp{$key}[2] eq $customservice{$key1}[0];
+ $udpcounter++ if $customservice{$key1}[2] eq 'UDP' && $customservicegrp{$key}[2] eq $customservice{$key1}[0] && $customservice{$key1}[1] =~m/:/i;
+ }
+ }
+ }
+ if ($tcpcounter > 15){
+ $errormessage=$Lang::tr{'fwhost err maxservicetcp'};
+ }
+ if ($udpcounter > 15){
+ $errormessage=$Lang::tr{'fwhost err maxserviceudp'};
+ }
+ $tcpcounter=0;
+ $udpcounter=0;
#check remark
if ($fwhostsettings{'SRVGRP_REMARK'} ne '' && !&validremark($fwhostsettings{'SRVGRP_REMARK'})){
- $errormessage=$Lang::tr{'fwhost err remark'};
+ $errormessage .= $Lang::tr{'fwhost err remark'};
}
if (!$errormessage){
#on first save, we have to enter a dummy value
$fwhostsettings{'updatesrvgrp'}='on';
}
if ($count gt 0){
- &rules;
+ &General::firewall_config_changed();
}
&addservicegrp;
&viewtableservicegrp;
}
}
&General::writehasharray("$configgrp", \%customgrp);
- if ($fwhostsettings{'grpcnt'} > 0){&rules;}
+ if ($fwhostsettings{'grpcnt'} > 0){
+ &General::firewall_config_changed();
+ }
if ($fwhostsettings{'update'} eq 'on'){
$fwhostsettings{'remark'}= $grpremark;
$fwhostsettings{'grp_name'}=$grpname;
}
}
&General::writehasharray("$configsrvgrp", \%customservicegrp);
- &rules;
+ &General::firewall_config_changed();
if ($fwhostsettings{'updatesrvgrp'} eq 'on'){
$fwhostsettings{'SRVGRP_NAME'}=$grpname;
$fwhostsettings{'SRVGRP_REMARK'}=$grpremark;
&showmenu;
}
### FUNCTIONS ###
-sub showmenu
-{
- if (-f "${General::swroot}/forward/reread"){
- print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>    $Lang::tr{'fwhost reread'}</td></tr></table></form><br>";
- }
+sub showmenu {
&Header::openbox('100%', 'left',$Lang::tr{'fwhost menu'});
print "$Lang::tr{'fwhost welcome'}";
print<<END;
}
}
}
-sub rules
-{
- if (!-f "${General::swroot}/fwhosts/reread"){
- system("touch ${General::swroot}/fwhosts/reread");
- system("touch ${General::swroot}/forward/reread");
- }
-}
-sub reread_rules
-{
- system ("/usr/local/bin/forwardfwctrl");
- if ( -f "${General::swroot}/fwhosts/reread"){
- system("rm ${General::swroot}/fwhosts/reread");
- system("rm ${General::swroot}/forward/reread");
- }
-
-}
-sub decrease
-{
+
+sub decrease {
my $grp=$_[0];
&General::readhasharray("$confignet", \%customnetwork);
&General::readhasharray("$confighost", \%customhost);