###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2011 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
-# New function for forwarding firewall. To make it comfortable to create #
-# rules, we need "spelling names" for single Hosts. If you have any questions #
-# <amarx@ipfire.org> #
-###############################################################################
use strict;
# enable only the following on debugging purpose
my %ipsecsettings=();
my %fwfwd=();
my %fwinp=();
+my %ovpnsettings=();
+
my $errormessage;
my $hint;
my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
my $fwconfigfwd = "${General::swroot}/forward/config";
my $fwconfiginp = "${General::swroot}/forward/input";
+my $configovpn = "${General::swroot}/ovpn/settings";
+my $tdcolor='';
+my $configipsecrw = "${General::swroot}/vpn/settings";
unless (-e $confignet) { system("touch $confignet"); }
unless (-e $confighost) { system("touch $confighost"); }
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
&General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
+&General::readhash("$configovpn", \%ovpnsettings);
+&General::readhasharray("$configipsec", \%ipsecconf);
+&General::readhash("$configipsecrw", \%ipsecsettings);
+
&Header::getcgihash(\%fwhostsettings);
&Header::showhttpheaders();
&General::readhasharray("$confighost", \%customhost);
#check name
if (!&validhostname($grp)){$errormessage.=$Lang::tr{'fwhost err name'};}
+ #check existing name
+ if (!checkgroup(\%customgrp,$grp) && $fwhostsettings{'update'} ne 'on'){$errormessage.=$Lang::tr{'fwhost err grpexist'};}
#check remark
if ($rem ne '' && !&validremark($rem) && $fwhostsettings{'update'} ne 'on'){
$errormessage.=$Lang::tr{'fwhost err remark'};
if ($show eq '1'){$show='';print"</select></td></tr>";}
print"</table>";
print"</td></tr></table>";
- print"<br><br><b>$Lang::tr{'fwhost attention'}:</b><br> $Lang::tr{'fwhost macwarn'}<br><hr>";
+ print"<br><br><hr>";
}
print"<table border='0' width='100%'>";
print"<tr><td align='right'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' /><input type='hidden' name='oldremark' value='$fwhostsettings{'oldremark'}'><input type='hidden' name='update' value=\"$fwhostsettings{'update'}\"><input type='hidden' name='ACTION' value='savegrp' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='resetgrp'></form></td></table>";
}
}
+sub getcolor
+{
+ my $c=shift;
+ #Check if IP is part of OpenVPN N2N subnet
+ foreach my $key (sort keys %ccdhost){
+ if ($ccdhost{$key}[3] eq 'net'){
+ my ($a,$b) = split("/",$ccdhost{$key}[11]);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='color:$Header::colourovpn ;'";
+ return $tdcolor;
+ }
+ }
+ }
+ #Check if IP is part of OpenVPN dynamic subnet
+ my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'});
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='color: $Header::colourovpn;'";
+ return $tdcolor;
+ }
+ #Check if IP is part of OpenVPN static subnet
+ foreach my $key (sort keys %ccdnet){
+ my ($a,$b) = split("/",$ccdnet{$key}[1]);
+ $b =&General::iporsubtodec($b);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='color: $Header::colourovpn;'";
+ return $tdcolor;
+ }
+ }
+ #Check if IP is part of IPsec RW network
+ if ($ipsecsettings{'RW_NET'} ne ''){
+ my ($a,$b) = split("/",$ipsecsettings{'RW_NET'});
+ $b=&General::iporsubtodec($b);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='color: $Header::colourvpn;'";
+ return $tdcolor;
+ }
+ }
+ #Check if IP is part of a IPsec N2N network
+ foreach my $key (sort keys %ipsecconf){
+ my ($a,$b) = split("/",$ipsecconf{$key}[11]);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='color: $Header::colourvpn;'";
+ return $tdcolor;
+ }
+ }
+ $tdcolor='';
+ return $tdcolor;
+}
sub viewtablehost
{
if (! -z $confighost){
&Header::openbox('100%', 'left', $Lang::tr{'fwhost cust addr'});
&General::readhasharray("$confighost", \%customhost);
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ &General::readhasharray("$configccdhost", \%ccdhost);
if (!keys %customhost)
{
print "<center><b>$Lang::tr{'fwhost empty'}</b>";
else{ print" <tr bgcolor='$color{'color20'}'>";}
my ($ip,$sub)=split(/\//,$customhost{$key}[2]);
$customhost{$key}[4]=~s/\s+//g;
- print"<td width='20%'>$customhost{$key}[0]</td><td width='20%' align='center'>".&Header::colorize($ip)."</td><td width='50%' align='left'>$customhost{$key}[3]</td><td align='center'>$customhost{$key}[4]x</td>";
+ print"<td width='20%'>$customhost{$key}[0]</td><td width='20%' align='center' ".&getcolor($ip).">".&Header::colorize($ip)."</td><td width='50%' align='left'>$customhost{$key}[3]</td><td align='center'>$customhost{$key}[4]x</td>";
print<<END;
<td width='1%'><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} />
<input type='hidden' name='ACTION' value='edithost' />
my $delflag;
if (!keys %customgrp)
{
- print "<center><b>$Lang::tr{'fwhost empty'}</b>";
+ print "<center><b>$Lang::tr{'fwhost err emptytable'}</b>";
}else{
- foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } sort { ncmp ($customgrp{$a}[2],$customgrp{$b}[2]) } keys %customgrp){
+ foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } sort { ncmp($customgrp{$a}[2],$customgrp{$b}[2]) } keys %customgrp){
$count++;
if ($helper ne $customgrp{$key}[0]){
$delflag='0';
}
}
$number=1;
- if ($customgrp{$key}[2] eq "none"){$customgrp{$key}[2]=$Lang::tr{'fwhost empty'};}
+ if ($customgrp{$key}[2] eq "none"){$customgrp{$key}[2]=$Lang::tr{'fwhost err emptytable'};}
$grpname=$customgrp{$key}[0];
$remark="$customgrp{$key}[1]";
- if($count gt 2){ print"</table>";}
+ if($count gt 1){ print"</table>";}
print "<br><b><u>$grpname</u></b> ";
print " <b>$Lang::tr{'remark'}:</b>  $remark   " if ($remark ne '');
print "<b>$Lang::tr{'used'}:</b> $customgrp{$key}[4]x";
}else{
print "$customgrp{$key}[2]</td>";
}
- if ($ip eq '' && $customgrp{$key}[2] ne $Lang::tr{'fwhost empty'}){
+ if ($ip eq '' && $customgrp{$key}[2] ne $Lang::tr{'fwhost err emptytable'}){
print "<td align='center'>$Lang::tr{'fwhost deleted'}</td><td align='center'>$customgrp{$key}[3]</td><td width='1%'><form method='post'>";
}else{
my ($colip,$colsub) = split("/",$ip);
$ip="$colip/".&General::subtocidr($colsub) if ($colsub);
- print"<td align='center'>".&Header::colorize($ip)."</td><td align='center'>$customgrp{$key}[3]</td><td width='1%'><form method='post'>";
+ print"<td align='center' ".&getcolor($colip).">".&Header::colorize($ip)."</td><td align='center'>$customgrp{$key}[3]</td><td width='1%'><form method='post'>";
}
if ($delflag > '1' && $ip ne ''){
print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
$number++;
}
print"</table>";
-
}
&Header::closebox();
}
return 1;
}
+sub checkgroup
+{
+ my %hash=%{(shift)};
+ my $name=shift;
+ foreach my $key (keys %hash) {
+ if($hash{$key}[0] eq $name){
+ return 0;
+ }
+ }
+ return 1;
+}
sub checkip
{
return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
}
}
+
sub deletefromgrp
{
my $target=shift;