X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Ffirewall.cgi;h=ff950c449a56e8e0e962e260b04ee7c81ef1bda0;hp=59c4caa7e09671f6aefda6b40b2d2ed6164fbcce;hb=2ed8330ee5ea5164b580f673cc2e608abcb9384d;hpb=cc77ac2364436f6dff5fa31bbe6fb0dd1f92c4fd

diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index 59c4caa7e..ff950c449 100644
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -101,7 +101,7 @@ my @protocols;
 &General::readhasharray("$configipsec", \%ipsecconf);
 &Header::showhttpheaders();
 &Header::getcgihash(\%fwdfwsettings);
-&Header::openpage($Lang::tr{'fwdfw menu'}, 1, '');
+&Header::openpage($Lang::tr{'firewall rules'}, 1, '');
 &Header::openbigbox('100%', 'center',$errormessage);
 #### JAVA SCRIPT ####
 print<<END;
@@ -584,8 +584,10 @@ sub checktarget
 				}
 			}
 		}else{
-			$errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
-			return $errormessage;
+			if ($fwdfwsettings{'grp2'} ne 'ipfire'){
+				$errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
+				return $errormessage;
+			}
 		}
 	}
 	if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){
@@ -989,6 +991,12 @@ sub deleterule
 		&base;
 	}
 }
+sub del_double
+{
+	my %all=();
+	@all{@_}=1;
+	return (keys %all);
+}
 sub disable_rule
 {
 	my $key1=shift;
@@ -1252,10 +1260,8 @@ sub get_serviceports
 	my $name=shift;
 	&General::readhasharray("$configsrv", \%customservice);
 	&General::readhasharray("$configsrvgrp", \%customservicegrp);
-	my $tcp;
-	my $udp;
-	my $icmp;
 	@protocols=();
+	my @specprot=("IPIP","IPV6","IGMP","GRE","AH","ESP");
 	if($type eq 'service'){
 		foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
 			if ($customservice{$key}[0] eq $name){
@@ -1265,33 +1271,23 @@ sub get_serviceports
 	}elsif($type eq 'group'){
 		foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){
 			if ($customservicegrp{$key}[0] eq $name){
-				foreach my $key1 (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
-					if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
-						if($customservice{$key1}[2] eq 'TCP'){
-							$tcp='TCP';
-						}elsif($customservice{$key1}[2] eq 'ICMP'){
-							$icmp='ICMP';
-						}elsif($customservice{$key1}[2] eq 'UDP'){
-							$udp='UDP';
+				if ($customservicegrp{$key}[2] ~~ @specprot){
+					push (@protocols," ".$customservicegrp{$key}[2]);
+				}else{
+					foreach my $key1 (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
+						if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
+							if (!grep(/$customservice{$key1}[2]/, @protocols)){
+								push (@protocols,$customservice{$key1}[2]);}
 						}
 					}
 				}
 			}
 		}
 	}
-	if($tcp && $udp && $icmp){
-		push (@protocols,"TCP,UDP, <br>ICMP");
-		return @protocols;
-	}
-	if($tcp){
-		push (@protocols,"TCP");
-	}
-	if($udp){
-		push (@protocols,"UDP");
-	}
-	if($icmp){
-		push (@protocols,"ICMP");
-	}
+
+	# Sort protocols alphabetically.
+	@protocols = sort(@protocols);
+
 	return @protocols;
 }
 sub getcolor
@@ -1393,11 +1389,13 @@ sub getcolor
 			}
 			#Check if IP is part of a IPsec N2N network
 			foreach my $key (sort keys %ipsecconf){
-				my ($a,$b) = split("/",$ipsecconf{$key}[11]);
-				$b=&General::iporsubtodec($b);
-				if (&General::IpInSubnet($c,$a,$b)){
-					$tdcolor="style='background-color: $Header::colourvpn;color:white;'";
-					return;
+				if ($ipsecconf{$key}[11]){
+					my ($a,$b) = split("/",$ipsecconf{$key}[11]);
+					$b=&General::iporsubtodec($b);
+					if (&General::IpInSubnet($c,$a,$b)){
+						$tdcolor="style='background-color: $Header::colourvpn;color:white;'";
+						return;
+					}
 				}
 			}
 		}
@@ -1540,6 +1538,8 @@ sub newrule
 				$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}}			= 'selected';
 				$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
 				$selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
+				$selected{'dnat'}{$fwdfwsettings{'dnat'}}				='selected';
+				$selected{'snat'}{$fwdfwsettings{'snat'}}				='selected';
 			}
 		}
 		$fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'};
@@ -1602,7 +1602,7 @@ END
 		if (! -z "${General::swroot}/ethernet/aliases"){
 			foreach my $alias (sort keys %aliases)
 			{
-				print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
+				print "<option value='$alias' $selected{'ipfire_src'}{$alias}>$alias</option>";
 			}
 		}
 		print<<END;
@@ -1637,7 +1637,7 @@ END
 						<td width='30%'>
 							<select name='dnat' style='width: 100%;'>
 								<option value='AUTO' $selected{'dnat'}{'AUTO'}>- $Lang::tr{'automatic'} -</option>
-								<option value='Default IP' $selected{'dnat'}{'Default IP'}>$Lang::tr{'red1'} ($netsettings{'RED_ADDRESS'})</option>
+								<option value='Default IP' $selected{'dnat'}{'Default IP'}>$Lang::tr{'red1'} ($redip)</option>
 END
 		if (%aliases) {
 			foreach my $alias (sort keys %aliases) {
@@ -2300,8 +2300,8 @@ sub viewtablerule
 	&General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
 
 	&viewtablenew(\%configfwdfw, $configfwdfw, $Lang::tr{'firewall rules'});
-	&viewtablenew(\%configinputfw, $configinput, $Lang::tr{'external access'});
-	&viewtablenew(\%configoutgoingfw, $configoutgoing, $Lang::tr{'outgoing firewall'});
+	&viewtablenew(\%configinputfw, $configinput, $Lang::tr{'incoming firewall access'});
+	&viewtablenew(\%configoutgoingfw, $configoutgoing, $Lang::tr{'outgoing firewall access'});
 }
 sub viewtablenew
 {
@@ -2475,7 +2475,7 @@ END
 				push (@protocols,$Lang::tr{'all'});
 			}
 
-			my $protz=join(",",@protocols);
+			my $protz=join(", ",@protocols);
 			if($protz eq 'ICMP' && $$hash{$key}[9] ne 'All ICMP-Types' && $$hash{$key}[14] ne 'cust_srvgrp'){
 				&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
 				foreach my $keyicmp (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
@@ -2484,6 +2484,8 @@ END
 						last;
 					}
 				}
+			}elsif($#protocols gt '3'){
+				print"<td align='center'><span title='$protz'>$Lang::tr{'fwdfw many'}</span></td>";
 			}else{
 				print"<td align='center'>$protz</td>";
 			}
@@ -2550,8 +2552,21 @@ END
 					<td align='center' $tdcolor>
 END
 			#Is this a DNAT rule?
+			my $natstring;
 			if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
-				print "Firewall ($$hash{$key}[29])";
+				if ($$hash{$key}[29] eq 'Default IP'){$$hash{$key}[29]=$Lang::tr{'red1'};}
+				if ($$hash{$key}[29] eq 'AUTO'){
+					my @src_addresses=&fwlib::get_addresses(\%$hash,$key,'src');
+					my @nat_ifaces;
+					foreach my $val (@src_addresses){
+						push (@nat_ifaces,&fwlib::get_nat_address($$hash{$key}[29],$val));
+					}
+					@nat_ifaces=&del_double(@nat_ifaces);
+					$natstring = join(', ', @nat_ifaces);
+				}else{
+					$natstring = $$hash{$key}[29];
+				}
+				print "$Lang::tr{'firewall'} ($natstring)";
 				if($$hash{$key}[30] ne ''){
 					$$hash{$key}[30]=~ tr/|/,/;
 					print": $$hash{$key}[30]";