X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Ffirewall.cgi;h=59c4caa7e09671f6aefda6b40b2d2ed6164fbcce;hp=3eac4f9d614db8d5684d65a4379938a7860c8a8c;hb=cc77ac2364436f6dff5fa31bbe6fb0dd1f92c4fd;hpb=abb3cfcc9ef1ffec5235ead3b9cad4014c141aa9
diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index 3eac4f9d6..59c4caa7e 100644
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -21,7 +21,11 @@
use strict;
use Sort::Naturally;
+use utf8;
+use feature 'unicode_strings';
+
no warnings 'uninitialized';
+
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
@@ -224,6 +228,9 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
$errormessage=$Lang::tr{'fwdfw err remark'}."
";
}
+ if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){
+ $errormessage='';
+ }
if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
$fwdfwsettings{'nosave'} = 'on';
}
@@ -265,6 +272,9 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
$errormessage=$Lang::tr{'fwdfw err remark'}."
";
}
+ if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){
+ $errormessage='';
+ }
if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
$fwdfwsettings{'nosave'} = 'on';
}
@@ -502,8 +512,8 @@ sub checksource
return $errormessage;
}
}elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){
- $errormessage.=$Lang::tr{'fwdfw err nosrcip'};
- return $errormessage;
+ $fwdfwsettings{'grp1'}='std_net_src';
+ $fwdfwsettings{$fwdfwsettings{'grp1'}} = 'ALL';
}
#check empty fields
@@ -603,8 +613,8 @@ sub checktarget
return $errormessage;
}
}elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){
- $errormessage.=$Lang::tr{'fwdfw err notgtip'};
- return $errormessage;
+ $fwdfwsettings{'grp2'}='std_net_tgt';
+ $fwdfwsettings{$fwdfwsettings{'grp2'}} = 'ALL';
}
#check for mac in targetgroup
if ($fwdfwsettings{'grp2'} eq 'cust_grp_tgt'){
@@ -1290,6 +1300,12 @@ sub getcolor
my $val=shift;
my $hash=shift;
if($optionsfw{'SHOWCOLORS'} eq 'on'){
+ # Don't colourise MAC addresses
+ if (&General::validmac($val)) {
+ $tdcolor = "";
+ return;
+ }
+
#custom Hosts
if ($nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){
foreach my $key (sort keys %$hash){
@@ -1616,25 +1632,28 @@ END
END
- if (%aliases) {
- print <$Lang::tr{'dnat address'}:
";
- } else {
- print <
-
- |
-END
}
+ #DNAT Dropdown
+ foreach my $network (sort keys %defaultNetworks)
+ {
+ if ($defaultNetworks{$network}{'NAME'} eq 'BLUE'||$defaultNetworks{$network}{'NAME'} eq 'GREEN' ||$defaultNetworks{$network}{'NAME'} eq 'ORANGE'){
+ print "";
+ }
+ }
+ print "";
print "";
#SNAT
@@ -1655,19 +1674,14 @@ END
foreach my $alias (sort keys %aliases) {
print "";
}
-
- # XXX this is composed in a very ugly fashion
+ # SNAT Dropdown
foreach my $network (sort keys %defaultNetworks) {
- next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
- next if($defaultNetworks{$network}{'NAME'} eq "ALL");
- next if($defaultNetworks{$network}{'NAME'} =~ /OpenVPN/i);
- next if($defaultNetworks{$network}{'NAME'} =~ /IPsec/i);
-
- print "";
+ if ($defaultNetworks{$network}{'NAME'} eq 'BLUE'||$defaultNetworks{$network}{'NAME'} eq 'GREEN' ||$defaultNetworks{$network}{'NAME'} eq 'ORANGE'){
+ print "";
+ }
}
-
print <
@@ -2129,6 +2143,8 @@ sub saverule
&changerule($configfwdfw);
#print"6";
}
+ $fwdfwsettings{'ruleremark'}=~ s/,/;/g;
+ utf8::decode($fwdfwsettings{'ruleremark'});
$fwdfwsettings{'ruleremark'}=&Header::escape($fwdfwsettings{'ruleremark'});
if ($fwdfwsettings{'updatefwrule'} ne 'on'){
my $key = &General::findhasharraykey ($hash);
@@ -2266,7 +2282,14 @@ sub validremark
{
# Checks a hostname against RFC1035
my $remark = $_[0];
- $remark =~ s/,/;/g;
+
+ # Try to decode $remark into UTF-8. If this doesn't work,
+ # we assume that the string it not sane.
+ if (!utf8::decode($remark)) {
+ return 0;
+ }
+
+ # Check if the string only contains of printable characters.
if ($remark =~ /^[[:print:]]*$/) {
return 1;
}
@@ -2350,26 +2373,18 @@ END
if($$hash{$key}[3] eq 'ipsec_net_src'){
if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[3] eq 'ovpn_net_src'){
if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[3] eq 'ovpn_n2n_src'){
if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[3] eq 'ovpn_host_src'){
if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}
}
@@ -2377,26 +2392,18 @@ END
if($$hash{$key}[5] eq 'ipsec_net_tgt'){
if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[5] eq 'ovpn_net_tgt'){
if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[5] eq 'ovpn_n2n_tgt'){
if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[5] eq 'ovpn_host_tgt'){
if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}
}
@@ -2404,15 +2411,11 @@ END
foreach my $netgroup (sort keys %customgrp){
if(($$hash{$key}[4] eq $customgrp{$netgroup}[0] || $$hash{$key}[6] eq $customgrp{$netgroup}[0]) && $customgrp{$netgroup}[2] eq 'none'){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}
foreach my $srvgroup (sort keys %customservicegrp){
if($$hash{$key}[15] eq $customservicegrp{$srvgroup}[0] && $customservicegrp{$srvgroup}[2] eq 'none'){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}
$$hash{'ACTIVE'}=$$hash{$key}[2];