X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Ffirewall.cgi;h=e9957943afd6fe751222faab995b715208cbd4d6;hp=99a9e58e4c30c5e3c27b7443dad12dda1edc0952;hb=6effa000ecde44ebf3e70955493b699a0cd03ed1;hpb=b062a11bbe730454c48c2c45ff0b1e0eec454471

diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index 99a9e58e4..e9957943a 100644
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -21,7 +21,11 @@
 
 use strict;
 use Sort::Naturally;
+use utf8;
+use feature 'unicode_strings';
+
 no warnings 'uninitialized';
+
 # enable only the following on debugging purpose
 #use warnings;
 #use CGI::Carp 'fatalsToBrowser';
@@ -508,6 +512,7 @@ sub checksource
 			return $errormessage;
 		}
 	}elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){
+		$fwdfwsettings{'grp1'}='std_net_src';
 		$fwdfwsettings{$fwdfwsettings{'grp1'}} = 'ALL';
 	}
 
@@ -579,8 +584,10 @@ sub checktarget
 				}
 			}
 		}else{
-			$errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
-			return $errormessage;
+			if ($fwdfwsettings{'grp2'} ne 'ipfire'){
+				$errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
+				return $errormessage;
+			}
 		}
 	}
 	if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){
@@ -608,6 +615,7 @@ sub checktarget
 			return $errormessage;
 		}
 	}elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){
+		$fwdfwsettings{'grp2'}='std_net_tgt';
 		$fwdfwsettings{$fwdfwsettings{'grp2'}} = 'ALL';
 	}
 	#check for mac in targetgroup
@@ -983,6 +991,12 @@ sub deleterule
 		&base;
 	}
 }
+sub del_double
+{
+	my %all=();
+	@all{@_}=1;
+	return (keys %all);
+}
 sub disable_rule
 {
 	my $key1=shift;
@@ -1387,11 +1401,13 @@ sub getcolor
 			}
 			#Check if IP is part of a IPsec N2N network
 			foreach my $key (sort keys %ipsecconf){
-				my ($a,$b) = split("/",$ipsecconf{$key}[11]);
-				$b=&General::iporsubtodec($b);
-				if (&General::IpInSubnet($c,$a,$b)){
-					$tdcolor="style='background-color: $Header::colourvpn;color:white;'";
-					return;
+				if ($ipsecconf{$key}[11]){
+					my ($a,$b) = split("/",$ipsecconf{$key}[11]);
+					$b=&General::iporsubtodec($b);
+					if (&General::IpInSubnet($c,$a,$b)){
+						$tdcolor="style='background-color: $Header::colourvpn;color:white;'";
+						return;
+					}
 				}
 			}
 		}
@@ -1534,6 +1550,7 @@ sub newrule
 				$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}}			= 'selected';
 				$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
 				$selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
+				$selected{'dnat'}{$fwdfwsettings{'dnat'}}				='selected';
 			}
 		}
 		$fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'};
@@ -1596,7 +1613,7 @@ END
 		if (! -z "${General::swroot}/ethernet/aliases"){
 			foreach my $alias (sort keys %aliases)
 			{
-				print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
+				print "<option value='$alias' $selected{'ipfire_src'}{$alias}>$alias</option>";
 			}
 		}
 		print<<END;
@@ -1626,25 +1643,28 @@ END
 						</td>
 END
 
-		if (%aliases) {
-			print <<END;
+	print <<END;
 						<td width='25%' align='right'>$Lang::tr{'dnat address'}:</td>
 						<td width='30%'>
 							<select name='dnat' style='width: 100%;'>
-								<option value='Default IP' $selected{'dnat'}{'Default IP'}>$Lang::tr{'default ip'} ($netsettings{'RED_ADDRESS'})</option>
+								<option value='AUTO' $selected{'dnat'}{'AUTO'}>- $Lang::tr{'automatic'} -</option>
+								<option value='Default IP' $selected{'dnat'}{'Default IP'}>$Lang::tr{'red1'} ($redip)</option>
 END
+		if (%aliases) {
 			foreach my $alias (sort keys %aliases) {
 				print "<option value='$alias' $selected{'dnat'}{$alias}>$alias ($aliases{$alias}{'IPT'})</option>";
 			}
-
-			print "</select>";
-		} else {
-			print <<END;
-						<td colspan="2" width='55%'>
-							<input type='hidden' name='dnat' value='Default IP'>
-						</td>
-END
 		}
+		#DNAT Dropdown
+		foreach my $network (sort keys %defaultNetworks)
+		{
+			if ($defaultNetworks{$network}{'NAME'} eq 'BLUE'||$defaultNetworks{$network}{'NAME'} eq 'GREEN' ||$defaultNetworks{$network}{'NAME'} eq 'ORANGE'){
+				print "<option value='$defaultNetworks{$network}{'NAME'}'";
+				print " selected='selected'" if ($fwdfwsettings{'dnat'} eq $defaultNetworks{$network}{'NAME'});
+				print ">$network ($defaultNetworks{$network}{'NET'})</option>";
+			}
+		}
+		print "</select>";
 		print "</tr>";
 
 		#SNAT
@@ -1665,19 +1685,14 @@ END
 		foreach my $alias (sort keys %aliases) {
 			print "<option value='$alias' $selected{'snat'}{$alias}>$alias ($aliases{$alias}{'IPT'})</option>";
 		}
-
-		# XXX this is composed in a very ugly fashion
+		# SNAT Dropdown
 		foreach my $network (sort keys %defaultNetworks) {
-			next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
-			next if($defaultNetworks{$network}{'NAME'} eq "ALL");
-			next if($defaultNetworks{$network}{'NAME'} =~ /OpenVPN/i);
-			next if($defaultNetworks{$network}{'NAME'} =~ /IPsec/i);
-
-			print "<option value='$defaultNetworks{$network}{'NAME'}'";
-			print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'nat'}} eq $defaultNetworks{$network}{'NAME'});
-			print ">$network ($defaultNetworks{$network}{'NET'})</option>";
+			if ($defaultNetworks{$network}{'NAME'} eq 'BLUE'||$defaultNetworks{$network}{'NAME'} eq 'GREEN' ||$defaultNetworks{$network}{'NAME'} eq 'ORANGE'){
+				print "<option value='$defaultNetworks{$network}{'NAME'}'";
+				print " selected='selected'" if ($fwdfwsettings{'snat'} eq $defaultNetworks{$network}{'NAME'});
+				print ">$network ($defaultNetworks{$network}{'NET'})</option>";
+			}
 		}
-
 		print <<END;
 							</select>
 						</td>
@@ -2139,6 +2154,8 @@ sub saverule
 			&changerule($configfwdfw);
 			#print"6";
 		}
+		$fwdfwsettings{'ruleremark'}=~ s/,/;/g;
+		utf8::decode($fwdfwsettings{'ruleremark'});
 		$fwdfwsettings{'ruleremark'}=&Header::escape($fwdfwsettings{'ruleremark'});
 		if ($fwdfwsettings{'updatefwrule'} ne 'on'){
 			my $key = &General::findhasharraykey ($hash);
@@ -2276,7 +2293,14 @@ sub validremark
 {
 	# Checks a hostname against RFC1035
 	my $remark = $_[0];
-	$remark =~ s/,/;/g;
+
+	# Try to decode $remark into UTF-8. If this doesn't work,
+	# we assume that the string it not sane.
+	if (!utf8::decode($remark)) {
+		return 0;
+	}
+
+	# Check if the string only contains of printable characters.
 	if ($remark =~ /^[[:print:]]*$/) {
 		return 1;
 	}
@@ -2360,26 +2384,18 @@ END
 				if($$hash{$key}[3] eq  'ipsec_net_src'){
 					if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
 						$coloryellow='on';
-						&disable_rule($key);
-						$$hash{$key}[2]='';
 					}
 				}elsif($$hash{$key}[3] eq  'ovpn_net_src'){
 					if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
 						$coloryellow='on';
-						&disable_rule($key);
-						$$hash{$key}[2]='';
 					}
 				}elsif($$hash{$key}[3] eq  'ovpn_n2n_src'){
 					if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
 						$coloryellow='on';
-						&disable_rule($key);
-						$$hash{$key}[2]='';
 					}
 				}elsif($$hash{$key}[3] eq  'ovpn_host_src'){
 					if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
 						$coloryellow='on';
-						&disable_rule($key);
-						$$hash{$key}[2]='';
 					}
 				}
 			}
@@ -2387,26 +2403,18 @@ END
 				if($$hash{$key}[5] eq 'ipsec_net_tgt'){
 					if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
 						$coloryellow='on';
-						&disable_rule($key);
-						$$hash{$key}[2]='';
 					}
 				}elsif($$hash{$key}[5] eq 'ovpn_net_tgt'){
 					if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
 						$coloryellow='on';
-						&disable_rule($key);
-						$$hash{$key}[2]='';
 					}
 				}elsif($$hash{$key}[5] eq 'ovpn_n2n_tgt'){
 					if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
 						$coloryellow='on';
-						&disable_rule($key);
-						$$hash{$key}[2]='';
 					}
 				}elsif($$hash{$key}[5] eq 'ovpn_host_tgt'){
 					if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
 						$coloryellow='on';
-						&disable_rule($key);
-						$$hash{$key}[2]='';
 					}
 				}
 			}
@@ -2414,15 +2422,11 @@ END
 			foreach my $netgroup (sort keys %customgrp){
 				if(($$hash{$key}[4] eq $customgrp{$netgroup}[0] || $$hash{$key}[6] eq $customgrp{$netgroup}[0]) && $customgrp{$netgroup}[2] eq 'none'){
 					$coloryellow='on';
-					&disable_rule($key);
-					$$hash{$key}[2]='';
 				}
 			}
 			foreach my $srvgroup (sort keys %customservicegrp){
 				if($$hash{$key}[15] eq $customservicegrp{$srvgroup}[0] && $customservicegrp{$srvgroup}[2] eq 'none'){
 					$coloryellow='on';
-					&disable_rule($key);
-					$$hash{$key}[2]='';
 				}
 			}
 			$$hash{'ACTIVE'}=$$hash{$key}[2];
@@ -2557,8 +2561,21 @@ END
 					<td align='center' $tdcolor>
 END
 			#Is this a DNAT rule?
+			my $natstring;
 			if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
-				print "Firewall ($$hash{$key}[29])";
+				if ($$hash{$key}[29] eq 'Default IP'){$$hash{$key}[29]=$Lang::tr{'red1'};}
+				if ($$hash{$key}[29] eq 'AUTO'){
+					my @src_addresses=&fwlib::get_addresses(\%$hash,$key,'src');
+					my @nat_ifaces;
+					foreach my $val (@src_addresses){
+						push (@nat_ifaces,&fwlib::get_nat_address($$hash{$key}[29],$val));
+					}
+					@nat_ifaces=&del_double(@nat_ifaces);
+					$natstring = join(', ', @nat_ifaces);
+				}else{
+					$natstring = $$hash{$key}[29];
+				}
+				print "$Lang::tr{'firewall'} ($natstring)";
 				if($$hash{$key}[30] ne ''){
 					$$hash{$key}[30]=~ tr/|/,/;
 					print": $$hash{$key}[30]";