@@ -2139,6 +2154,8 @@ sub saverule
&changerule($configfwdfw);
#print"6";
}
+ $fwdfwsettings{'ruleremark'}=~ s/,/;/g;
+ utf8::decode($fwdfwsettings{'ruleremark'});
$fwdfwsettings{'ruleremark'}=&Header::escape($fwdfwsettings{'ruleremark'});
if ($fwdfwsettings{'updatefwrule'} ne 'on'){
my $key = &General::findhasharraykey ($hash);
@@ -2276,7 +2293,14 @@ sub validremark
{
# Checks a hostname against RFC1035
my $remark = $_[0];
- $remark =~ s/,/;/g;
+
+ # Try to decode $remark into UTF-8. If this doesn't work,
+ # we assume that the string it not sane.
+ if (!utf8::decode($remark)) {
+ return 0;
+ }
+
+ # Check if the string only contains of printable characters.
if ($remark =~ /^[[:print:]]*$/) {
return 1;
}
@@ -2360,26 +2384,18 @@ END
if($$hash{$key}[3] eq 'ipsec_net_src'){
if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[3] eq 'ovpn_net_src'){
if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[3] eq 'ovpn_n2n_src'){
if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[3] eq 'ovpn_host_src'){
if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}
}
@@ -2387,26 +2403,18 @@ END
if($$hash{$key}[5] eq 'ipsec_net_tgt'){
if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[5] eq 'ovpn_net_tgt'){
if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[5] eq 'ovpn_n2n_tgt'){
if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[5] eq 'ovpn_host_tgt'){
if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}
}
@@ -2414,15 +2422,11 @@ END
foreach my $netgroup (sort keys %customgrp){
if(($$hash{$key}[4] eq $customgrp{$netgroup}[0] || $$hash{$key}[6] eq $customgrp{$netgroup}[0]) && $customgrp{$netgroup}[2] eq 'none'){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}
foreach my $srvgroup (sort keys %customservicegrp){
if($$hash{$key}[15] eq $customservicegrp{$srvgroup}[0] && $customservicegrp{$srvgroup}[2] eq 'none'){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}
$$hash{'ACTIVE'}=$$hash{$key}[2];
@@ -2557,8 +2561,21 @@ END
END
#Is this a DNAT rule?
+ my $natstring;
if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
- print "Firewall ($$hash{$key}[29])";
+ if ($$hash{$key}[29] eq 'Default IP'){$$hash{$key}[29]=$Lang::tr{'red1'};}
+ if ($$hash{$key}[29] eq 'AUTO'){
+ my @src_addresses=&fwlib::get_addresses(\%$hash,$key,'src');
+ my @nat_ifaces;
+ foreach my $val (@src_addresses){
+ push (@nat_ifaces,&fwlib::get_nat_address($$hash{$key}[29],$val));
+ }
+ @nat_ifaces=&del_double(@nat_ifaces);
+ $natstring = join(', ', @nat_ifaces);
+ }else{
+ $natstring = $$hash{$key}[29];
+ }
+ print "$Lang::tr{'firewall'} ($natstring)";
if($$hash{$key}[30] ne ''){
$$hash{$key}[30]=~ tr/|/,/;
print": $$hash{$key}[30]";
|