X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Ffirewall.cgi;h=99a9e58e4c30c5e3c27b7443dad12dda1edc0952;hp=58b16a56f4c56ca8cd4ca6f2397be35ce2c19f28;hb=b062a11bbe730454c48c2c45ff0b1e0eec454471;hpb=0c733ab7502e5eb10e5ecbd4f9ad4196670fe175 diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi old mode 100755 new mode 100644 index 58b16a56f..99a9e58e4 --- a/html/cgi-bin/firewall.cgi +++ b/html/cgi-bin/firewall.cgi @@ -29,7 +29,7 @@ no warnings 'uninitialized'; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; -require "${General::swroot}/firewall/bin/firewall-lib.pl"; +require "/usr/lib/firewall/firewall-lib.pl"; unless (-d "${General::swroot}/firewall") { system("mkdir ${General::swroot}/firewall"); } unless (-e "${General::swroot}/firewall/settings") { system("touch ${General::swroot}/firewall/settings"); } @@ -136,14 +136,17 @@ print<"; } + if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){ + $errormessage=''; + } if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){ $fwdfwsettings{'nosave'} = 'on'; } - } - } + } + } } #check Rulepos on new Rule if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){ @@ -251,17 +251,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') } } if (!$errormessage){ - &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); - if ($fwdfwsettings{'nobase'} ne 'on'){ - &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); - } - if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0); - }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - } if($fwdfwsettings{'nosave2'} ne 'on'){ &saverule(\%configinputfw,$configinput); } @@ -276,11 +265,12 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}" eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29],$configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31]"){ $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; - if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on'){ - $errormessage=''; - }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ + if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ $errormessage=$Lang::tr{'fwdfw err remark'}."
"; } + if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){ + $errormessage=''; + } if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){ $fwdfwsettings{'nosave'} = 'on'; } @@ -289,7 +279,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') } #check Rulepos on new Rule if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){ - print"CHECK OUTGOING DOPPELTE REGEL
"; $fwdfwsettings{'oldrulenumber'}=$maxkey; foreach my $key (sort keys %configoutgoingfw){ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}" @@ -307,18 +296,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') } #increase counters if (!$errormessage){ - &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); - &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); - if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0); - }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - } - if ($fwdfwsettings{'nobase'} eq 'on'){ - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - } if ($fwdfwsettings{'nosave2'} ne 'on'){ &saverule(\%configoutgoingfw,$configoutgoing); } @@ -334,17 +311,18 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}" eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31]"){ $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; - if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' ){ - $errormessage=''; - }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ + if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ $errormessage=$Lang::tr{'fwdfw err remark'}."
"; } + if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){ + $errormessage=''; + } if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){ $fwdfwsettings{'nosave'} = 'on'; } - } + } } - } + } #check Rulepos on new Rule if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){ $fwdfwsettings{'oldrulenumber'}=$maxkey; @@ -352,7 +330,7 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}" eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31]"){ $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; - } + } } } #check if we just close a rule @@ -364,18 +342,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') } #increase counters if (!$errormessage){ - &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); - &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); - if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0); - }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - } - if ($fwdfwsettings{'nobase'} eq 'on'){ - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - } if ($fwdfwsettings{'nosave2'} ne 'on'){ &saverule(\%configfwdfw,$configfwdfw); } @@ -497,8 +463,6 @@ sub changerule $fwdfwsettings{'config'}=$oldchain; $fwdfwsettings{'nobase'}='on'; &deleterule; - &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); } sub checksource { @@ -544,8 +508,7 @@ sub checksource return $errormessage; } }elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){ - $errormessage.=$Lang::tr{'fwdfw err nosrcip'}; - return $errormessage; + $fwdfwsettings{$fwdfwsettings{'grp1'}} = 'ALL'; } #check empty fields @@ -645,8 +608,20 @@ sub checktarget return $errormessage; } }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){ - $errormessage.=$Lang::tr{'fwdfw err notgtip'}; - return $errormessage; + $fwdfwsettings{$fwdfwsettings{'grp2'}} = 'ALL'; + } + #check for mac in targetgroup + if ($fwdfwsettings{'grp2'} eq 'cust_grp_tgt'){ + &General::readhasharray("$configgrp", \%customgrp); + &General::readhasharray("$confighost", \%customhost); + foreach my $grpkey (sort keys %customgrp){ + foreach my $hostkey (sort keys %customhost){ + if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customhost{$hostkey}[1] eq 'mac'){ + $hint=$Lang::tr{'fwdfw hint mac'}; + return $hint; + } + } + } } #check empty fields if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."
";} @@ -701,6 +676,8 @@ sub checktarget if (&General::validport($_)){ push (@values,$_); }else{ + $errormessage=$Lang::tr{'fwdfw err tgt_port'}; + return $errormessage; } } } @@ -766,14 +743,32 @@ sub checkrule { #check valid port for NAT if($fwdfwsettings{'USE_NAT'} eq 'ON'){ - #if no port is given in nat area, take target host port + #RULE_ACTION must be ACCEPT if we use NAT + $fwdfwsettings{'RULE_ACTION'} = 'ACCEPT'; + + #if no dnat or snat selected errormessage + if ($fwdfwsettings{'nat'} eq ''){ + $errormessage=$Lang::tr{'fwdfw dnat nochoice'}; + return; + } + + #if using snat, the external port has to be empty + if ($fwdfwsettings{'nat'} eq 'snat' && $fwdfwsettings{'dnatport'} ne ''){ + $errormessage=$Lang::tr{'fwdfw dnat extport'}; + return; + } + #if no dest port is given in nat area, take target host port if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$fwdfwsettings{'TGT_PORT'};} + if($fwdfwsettings{'TGT_PORT'} eq '' && $fwdfwsettings{'dnatport'} ne '' && ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP')){ + $errormessage=$Lang::tr{'fwdfw dnat porterr2'}; + return; + } #check if port given in nat area is a single valid port or portrange if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'dnatport'})){ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; }elsif($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'grp3'} eq 'cust_srv'){ my $custsrvport; - #get servcie Protocol and Port + #get service Protocol and Port foreach my $key (sort keys %customservice){ if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]){ if ($customservice{$key}[2] ne 'TCP' && $customservice{$key}[2] ne 'UDP'){ @@ -820,6 +815,10 @@ sub checkrule } $fwdfwsettings{'dnatport'}=join("|",@values); } + #check if a rule with prot tcp or udp and ports is edited and now prot is "all", then delete all ports + if($fwdfwsettings{'PROT'} eq ''){ + $fwdfwsettings{'dnatport'}=''; + } } #check valid remark if ($fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ @@ -933,34 +932,6 @@ sub checkrule $fwdfwsettings{'ICMP_TYPES'}=''; } } -sub checkcounter -{ - my ($base1,$val1,$base2,$val2) = @_; - - if($base1 eq 'cust_net_src' || $base1 eq 'cust_net_tgt'){ - &dec_counter($confignet,\%customnetwork,$val1); - }elsif($base1 eq 'cust_host_src' || $base1 eq 'cust_host_tgt'){ - &dec_counter($confighost,\%customhost,$val1); - }elsif($base1 eq 'cust_grp_src' || $base1 eq 'cust_grp_tgt'){ - &dec_counter($configgrp,\%customgrp,$val1); - }elsif($base1 eq 'cust_srv'){ - &dec_counter($configsrv,\%customservice,$val1); - }elsif($base1 eq 'cust_srvgrp'){ - &dec_counter($configsrvgrp,\%customservicegrp,$val1); - } - - if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){ - &inc_counter($confignet,\%customnetwork,$val2); - }elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){ - &inc_counter($confighost,\%customhost,$val2); - }elsif($base2 eq 'cust_grp_src' || $base2 eq 'cust_grp_tgt'){ - &inc_counter($configgrp,\%customgrp,$val2); - }elsif($base2 eq 'cust_srv'){ - &inc_counter($configsrv,\%customservice,$val2); - }elsif($base2 eq 'cust_srvgrp'){ - &inc_counter($configsrvgrp,\%customservicegrp,$val2); - } -} sub checkvpn { my $ip=shift; @@ -992,15 +963,6 @@ sub deleterule my %delhash=(); &General::readhasharray($fwdfwsettings{'config'}, \%delhash); foreach my $key (sort {$a <=> $b} keys %delhash){ - if ($key == $fwdfwsettings{'key'}){ - #check hosts/net and groups - &checkcounter($delhash{$key}[3],$delhash{$key}[4],,); - &checkcounter($delhash{$key}[5],$delhash{$key}[6],,); - #check services and groups - if ($delhash{$key}[11] eq 'ON'){ - &checkcounter($delhash{$key}[14],$delhash{$key}[15],,); - } - } if ($key >= $fwdfwsettings{'key'}) { my $next = $key + 1; if (exists $delhash{$next}) { @@ -1033,21 +995,6 @@ sub disable_rule &General::writehasharray("$configfwdfw", \%configfwdfw); &General::firewall_config_changed(); } -sub dec_counter -{ - my $config=shift; - my %hash=%{(shift)}; - my $val=shift; - my $pos; - &General::readhasharray($config, \%hash); - foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ - if($hash{$key}[0] eq $val){ - $pos=$#{$hash{$key}}; - $hash{$key}[$pos] = $hash{$key}[$pos]-1; - } - } - &General::writehasharray($config, \%hash); -} sub error { if ($errormessage) { @@ -1055,7 +1002,6 @@ sub error print "$errormessage\n"; print " \n"; &Header::closebox(); - print"
"; } } sub fillselect @@ -1099,7 +1045,7 @@ sub gen_dd_block print< - +
"; } #End left table. start right table (vpn) - print"
$Lang::tr{'fwhost stdnet'}
$Lang::tr{'fwhost cust grp'}
"; + print"
"; # CCD networks if( ! -z $configccdnet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){ print" -
$Lang::tr{'fwhost ccdnet'}
+
+ END &gen_dd_block('src','grp1'); - print"
"; &Header::closebox(); #---SNAT / DNAT ------------------------------------------------ @@ -1676,7 +1620,7 @@ END @@ -1709,7 +1653,7 @@ END @@ -1763,10 +1707,9 @@ END } print< -
+
END &gen_dd_block('tgt','grp2'); - print"
"; &Header::closebox; #---PROTOCOL------------------------------------------------------ $fwdfwsettings{'SRC_PORT'} =~ s/\|/,/g; @@ -1900,7 +1843,7 @@ END &General::readhasharray("$configsrvgrp", \%customservicegrp); my $helper; foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){ - if ($helper ne $customservicegrp{$key}[0]){ + if ($helper ne $customservicegrp{$key}[0] && $customservicegrp{$key}[2] ne 'none'){ print""; @@ -1919,25 +1862,10 @@ END END &Header::closebox; - - $checked{"RULE_ACTION"} = (); - foreach ("ACCEPT", "DROP", "REJECT") { - $checked{"RULE_ACTION"}{$_} = ""; - } - - if($fwdfwsettings{'updatefwrule'} eq 'on') { - $checked{"RULE_ACTION"}{$fwdfwsettings{'RULE_ACTION'}} = "checked"; - } elsif ($fwdfwsettings{'POLICY'} eq 'MODE1') { - $checked{"RULE_ACTION"}{"ACCEPT"} = "checked"; - } elsif ($fwdfwsettings{'POLICY'} eq 'MODE2') { - $checked{"RULE_ACTION"}{"DROP"} = "checked"; - } - + $checked{"RULE_ACTION"}{$fwdfwsettings{'RULE_ACTION'}} = 'CHECKED'; print <
-
- +
 
  @@ -1974,7 +1902,6 @@ END
END - #---Activate/logging/remark------------------------------------- &Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'}); print<
-
+
END #---ACTION------------------------------------------------------ @@ -2212,6 +2139,7 @@ sub saverule &changerule($configfwdfw); #print"6"; } + $fwdfwsettings{'ruleremark'}=&Header::escape($fwdfwsettings{'ruleremark'}); if ($fwdfwsettings{'updatefwrule'} ne 'on'){ my $key = &General::findhasharraykey ($hash); $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'}; @@ -2347,32 +2275,21 @@ sub saverule sub validremark { # Checks a hostname against RFC1035 - my $remark = $_[0]; - - # Each part should be at least two characters in length - # but no more than 63 characters - if (length ($remark) < 1 || length ($remark) > 255) { - return 0;} - # Only valid characters are a-z, A-Z, 0-9 and - - if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-.:;\|_()\/\s]*$/) { - return 0;} - # First character can only be a letter or a digit - if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÖÄÜ0-9(]*$/) { - return 0;} - # Last character can only be a letter or a digit - if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9.:;_)]*$/) { - return 0;} - return 1; + my $remark = $_[0]; + $remark =~ s/,/;/g; + if ($remark =~ /^[[:print:]]*$/) { + return 1; + } + return 0; } - -sub viewtablerule { +sub viewtablerule +{ &General::readhash("/var/ipfire/ethernet/settings", \%netsettings); &viewtablenew(\%configfwdfw, $configfwdfw, $Lang::tr{'firewall rules'}); &viewtablenew(\%configinputfw, $configinput, $Lang::tr{'external access'}); &viewtablenew(\%configoutgoingfw, $configoutgoing, $Lang::tr{'outgoing firewall'}); } - sub viewtablenew { my $hash=shift; @@ -2388,9 +2305,11 @@ sub viewtablenew &General::readhasharray("$config", $hash); &General::readhasharray("$configccdnet", \%ccdnet); &General::readhasharray("$configccdhost", \%ccdhost); + &General::readhasharray("$configgrp", \%customgrp); + &General::readhasharray("$configsrvgrp", \%customservicegrp); &Header::openbox('100%', 'left', $title); - print ""; + print "
"; if (! -z $config) { my $count=0; @@ -2491,6 +2410,21 @@ END } } } + #check if networkgroups or servicegroups are empty + foreach my $netgroup (sort keys %customgrp){ + if(($$hash{$key}[4] eq $customgrp{$netgroup}[0] || $$hash{$key}[6] eq $customgrp{$netgroup}[0]) && $customgrp{$netgroup}[2] eq 'none'){ + $coloryellow='on'; + &disable_rule($key); + $$hash{$key}[2]=''; + } + } + foreach my $srvgroup (sort keys %customservicegrp){ + if($$hash{$key}[15] eq $customservicegrp{$srvgroup}[0] && $customservicegrp{$srvgroup}[2] eq 'none'){ + $coloryellow='on'; + &disable_rule($key); + $$hash{$key}[2]=''; + } + } $$hash{'ACTIVE'}=$$hash{$key}[2]; $count++; if($coloryellow eq 'on'){ @@ -2780,7 +2714,7 @@ END -
 
+ END @@ -2863,14 +2797,16 @@ END $Lang::tr{'orange'} ($Lang::tr{'fwdfw pol block'}) +END + } + + print < $Lang::tr{'green'} ($Lang::tr{'fwdfw pol block'}) + END - } - - print""; } print <