X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fforwardfw.cgi;h=3e170a1d93249e41a70138b0f9a8b60887e77a5e;hp=6ed0a9b2217a330503101d71b61be2369c353930;hb=ba6f69f76943a83fece4a12fb632f9ad166edff3;hpb=55674e0d3877ac07f71e26e0d07dacc6baf5759f diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi index 6ed0a9b22..3e170a1d9 100755 --- a/html/cgi-bin/forwardfw.cgi +++ b/html/cgi-bin/forwardfw.cgi @@ -27,7 +27,7 @@ # Now that the ccd extension is ready i am able to develop the main request. # # Any feedback is appreciated. # # # -# # +#Copymaster # ############################################################################### use strict; @@ -45,6 +45,7 @@ unless (-d "${General::swroot}/forward") { system("mkdir ${General::swroot}/f unless (-e "${General::swroot}/forward/settings") { system("touch ${General::swroot}/forward/settings"); } unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); } unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); } +unless (-e "${General::swroot}/forward/outgoing") { system("touch ${General::swroot}/forward/outgoing"); } my %fwdfwsettings=(); my %selected=() ; @@ -60,6 +61,7 @@ my %customnetwork=(); my %ccdhost=(); my %configfwdfw=(); my %configinputfw=(); +my %configoutgoingfw=(); my %ipsecconf=(); my %color=(); my %mainsettings=(); @@ -68,6 +70,8 @@ my %icmptypes=(); my %ovpnsettings=(); my %ipsecsettings=(); my %aliases=(); +my %optionsfw=(); + my $color; my $confignet = "${General::swroot}/fwhosts/customnetworks"; my $confighost = "${General::swroot}/fwhosts/customhosts"; @@ -80,16 +84,18 @@ my $configipsec = "${General::swroot}/vpn/config"; my $configipsecrw = "${General::swroot}/vpn/settings"; my $configfwdfw = "${General::swroot}/forward/config"; my $configinput = "${General::swroot}/forward/input"; +my $configoutgoing = "${General::swroot}/forward/outgoing"; my $configovpn = "${General::swroot}/ovpn/settings"; - +my $fwoptions = "${General::swroot}/optionsfw/settings"; my $errormessage=''; my $hint=''; my $ipgrp="${General::swroot}/outgoing/groups"; - +my $tdcolor=''; &General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings); &General::readhash("${General::swroot}/main/settings", \%mainsettings); &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); +&General::readhash($fwoptions, \%optionsfw); &Header::showhttpheaders(); &Header::getcgihash(\%fwdfwsettings); @@ -100,8 +106,10 @@ my $ipgrp="${General::swroot}/outgoing/groups"; if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'save'}) { my $MODE = $fwdfwsettings{'POLICY'}; + my $MODE1 = $fwdfwsettings{'POLICY1'}; %fwdfwsettings = (); $fwdfwsettings{'POLICY'} = "$MODE"; + $fwdfwsettings{'POLICY1'} = "$MODE1"; &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); &reread_rules; } @@ -109,57 +117,67 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') { &General::readhasharray("$configfwdfw", \%configfwdfw); &General::readhasharray("$configinput", \%configinputfw); + &General::readhasharray("$configoutgoing", \%configoutgoingfw); $errormessage=&checksource; if(!$errormessage){&checktarget;} if(!$errormessage){&checkrule;} - - #check if we change an forward rule to an external access - if( $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'oldgrp2a'} ne 'ipfire'){ - $fwdfwsettings{'updatefwrule'}=''; - $fwdfwsettings{'config'}=$configfwdfw; - $fwdfwsettings{'nobase'}='on'; - &deleterule; + #check if we try to break rules + if( $fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' && $fwdfwsettings{'grp2'} eq 'ipfire'){ + $errormessage.=$Lang::tr{'fwdfw err same'}; } - - #check if we change an external access rule to an forward - if( $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire'){ - $fwdfwsettings{'updatefwrule'}=''; - $fwdfwsettings{'config'}=$configinput; - $fwdfwsettings{'nobase'}='on'; - &deleterule; - } - #INPUT part if($fwdfwsettings{'grp2'} eq 'ipfire'){ + $fwdfwsettings{'config'}=$configinput; $fwdfwsettings{'chain'} = 'INPUTFW'; + my $maxkey=&General::findhasharraykey(\%configinputfw); #check if we have an identical rule already - foreach my $key (sort keys %configinputfw){ - if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" - eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[16],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){ - $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; - } - } - - &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); - if ($fwdfwsettings{'nobase'} ne 'on'){ - &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); - } - - if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0); - }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - } - - if ($fwdfwsettings{'nobase'} eq 'on'){ - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - } - - - &saverule(\%configinputfw,$configinput); - + if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){ + foreach my $key (sort keys %configinputfw){ + if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" + eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27]"){ + $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; + if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} eq ''){ + $errormessage=''; + }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ + $errormessage=$Lang::tr{'fwdfw err remark'}."
"; + } + if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){ + $fwdfwsettings{'nosave'} = 'on'; + } + } + } + } + #check Rulepos on new Rule + if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){ + $fwdfwsettings{'oldrulenumber'}=$maxkey; + foreach my $key (sort keys %configinputfw){ + if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" + eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27]"){ + $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; + } + } + } + #check if we just close a rule + if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} ) { + if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){ + $errormessage=''; + $fwdfwsettings{'nosave2'} = 'on'; + } + } + &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); + if ($fwdfwsettings{'nobase'} ne 'on'){ + &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); + } + if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { + &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0); + }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ + &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + } + if($fwdfwsettings{'nosave2'} ne 'on'){ + &saverule(\%configinputfw,$configinput); + } #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}
"; #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; @@ -181,24 +199,103 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}
"; - - - + }elsif($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' ){ + # OUTGOING PART + $fwdfwsettings{'config'}=$configoutgoing; + $fwdfwsettings{'chain'} = 'OUTGOINGFW'; + my $maxkey=&General::findhasharraykey(\%configoutgoingfw); + if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){ + foreach my $key (sort keys %configoutgoingfw){ + if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" + eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27]"){ + $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; + if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} eq ''){ + $errormessage=''; + }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ + $errormessage=$Lang::tr{'fwdfw err remark'}."
"; + } + if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){ + $fwdfwsettings{'nosave'} = 'on'; + } + } + } + } + #check Rulepos on new Rule + if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){ + print"CHECK OUTGOING DOPPELTE REGEL
"; + $fwdfwsettings{'oldrulenumber'}=$maxkey; + foreach my $key (sort keys %configoutgoingfw){ + if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" + eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27]"){ + $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; + } + } + } + #check if we just close a rule + if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} ) { + if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){ + $fwdfwsettings{'nosave2'} = 'on'; + $errormessage=''; + } + } + #increase counters + &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); + &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); + if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { + &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0); + }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ + &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + } + if ($fwdfwsettings{'nobase'} eq 'on'){ + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + } + if ($fwdfwsettings{'nosave2'} ne 'on'){ + &saverule(\%configoutgoingfw,$configoutgoing); + } }else{ + #FORWARD PART + $fwdfwsettings{'config'}=$configfwdfw; $fwdfwsettings{'chain'} = 'FORWARDFW'; - #check if we have an identical rule already - foreach my $key (sort keys %configfwdfw){ - - if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" - eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[16],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){ - $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; - } + my $maxkey=&General::findhasharraykey(\%configfwdfw); + if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){ + #check if we have an identical rule already + foreach my $key (sort keys %configfwdfw){ + if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" + eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){ + $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; + if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} eq ''){ + $errormessage=''; + }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ + $errormessage=$Lang::tr{'fwdfw err remark'}."
"; + } + if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){ + $fwdfwsettings{'nosave'} = 'on'; + } + } + } } + #check Rulepos on new Rule + if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){ + $fwdfwsettings{'oldrulenumber'}=$maxkey; + foreach my $key (sort keys %configfwdfw){ + if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" + eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){ + $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; + } + } + } + #check if we just close a rule + if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} ) { + if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){ + $fwdfwsettings{'nosave2'} = 'on'; + $errormessage=''; + } + } #increase counters &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); - &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); - if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { @@ -206,14 +303,12 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); } - if ($fwdfwsettings{'nobase'} eq 'on'){ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); } - - - &saverule(\%configfwdfw,$configfwdfw); - + if ($fwdfwsettings{'nosave2'} ne 'on'){ + &saverule(\%configfwdfw,$configfwdfw); + } #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}
"; #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; @@ -235,43 +330,60 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}
"; - - - } if ($errormessage){ &newrule; }else{ - &rules; + if($fwdfwsettings{'nosave2'} ne 'on'){ + &rules; + } &base; } - } if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'reset'}) { - &General::readhasharray("$configfwdfw", \%configfwdfw); - foreach my $key (sort keys %configfwdfw){ - &checkcounter($configfwdfw{$key}[3],$configfwdfw{$key}[4],,); - &checkcounter($configfwdfw{$key}[5],$configfwdfw{$key}[6],,); - &checkcounter($configfwdfw{$key}[14],$configfwdfw{$key}[15],,); - } - &General::readhasharray("$configinput", \%configinputfw); - foreach my $key (sort keys %configinputfw){ - &checkcounter($configinputfw{$key}[3],$configinputfw{$key}[4],,); - &checkcounter($configinputfw{$key}[5],$configinputfw{$key}[6],,); - &checkcounter($configinputfw{$key}[14],$configinputfw{$key}[15],,); + if($fwdfwsettings{'poltype'} eq 'forward'){ + &General::readhasharray("$configfwdfw", \%configfwdfw); + foreach my $key (sort keys %configfwdfw){ + &checkcounter($configfwdfw{$key}[3],$configfwdfw{$key}[4],,); + &checkcounter($configfwdfw{$key}[5],$configfwdfw{$key}[6],,); + &checkcounter($configfwdfw{$key}[14],$configfwdfw{$key}[15],,); + } + &General::readhasharray("$configinput", \%configinputfw); + foreach my $key (sort keys %configinputfw){ + &checkcounter($configinputfw{$key}[3],$configinputfw{$key}[4],,); + &checkcounter($configinputfw{$key}[5],$configinputfw{$key}[6],,); + &checkcounter($configinputfw{$key}[14],$configinputfw{$key}[15],,); + } + + system("rm ${General::swroot}/forward/config"); + system("rm ${General::swroot}/forward/input"); + &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); + unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); } + unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); } + my $MODE1=$fwdfwsettings{'POLICY1'}; + %fwdfwsettings = (); + $fwdfwsettings{'POLICY'}='MODE2'; + $fwdfwsettings{'POLICY1'}=$MODE1; + &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); + &reread_rules; + }else{ + &General::readhasharray("$configoutgoing", \%configoutgoingfw); + foreach my $key (sort keys %configoutgoingfw){ + &checkcounter($configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],,); + &checkcounter($configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],,); + &checkcounter($configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],,); } - $fwdfwsettings{'POLICY'}='MODE0'; - system("rm ${General::swroot}/forward/config"); - system("rm ${General::swroot}/forward/input"); + system("rm ${General::swroot}/forward/outgoing"); + &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); + unless (-e "${General::swroot}/forward/outgoing") { system("touch ${General::swroot}/forward/outgoing"); } + my $MODE=$fwdfwsettings{'POLICY'}; %fwdfwsettings = (); - + $fwdfwsettings{'POLICY'}=$MODE; + $fwdfwsettings{'POLICY1'}='MODE2'; &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); - unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); } - unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); } - &reread_rules; - + } } if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw newrule'}) { @@ -338,6 +450,16 @@ if ($fwdfwsettings{'ACTION'} eq '') &base; } ### Functions #### +sub changerule +{ + my $oldchain=shift; + $fwdfwsettings{'updatefwrule'}=''; + $fwdfwsettings{'config'}=$oldchain; + $fwdfwsettings{'nobase'}='on'; + &deleterule; + &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); +} sub pos_up { my %uphash=(); @@ -407,7 +529,7 @@ sub checkcounter }elsif($base1 eq 'cust_srvgrp'){ &dec_counter($configsrvgrp,\%customservicegrp,$val1); } - + if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){ &inc_counter($confignet,\%customnetwork,$val2); }elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){ @@ -426,13 +548,12 @@ sub inc_counter my %hash=%{(shift)}; my $val=shift; my $pos; - + &General::readhasharray($config, \%hash); foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ if($hash{$key}[0] eq $val){ $pos=$#{$hash{$key}}; $hash{$key}[$pos] = $hash{$key}[$pos]+1; - } } &General::writehasharray($config, \%hash); @@ -449,70 +570,71 @@ sub dec_counter if($hash{$key}[0] eq $val){ $pos=$#{$hash{$key}}; $hash{$key}[$pos] = $hash{$key}[$pos]-1; - } } &General::writehasharray($config, \%hash); } sub base { - - if ($fwdfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; } if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; } if ($fwdfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; } - + if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){ $selected{'POLICY1'}{'MODE1'} = 'selected'; } else { $selected{'POLICY1'}{'MODE1'} = ''; } + if ($fwdfwsettings{'POLICY1'} eq 'MODE2'){ $selected{'POLICY1'}{'MODE2'} = 'selected'; } else { $selected{'POLICY1'}{'MODE2'} = ''; } &hint; - if ($fwdfwsettings{'POLICY'} ne 'MODE0' && $fwdfwsettings{'POLICY'} ne '') { - &addrule; - } - - #print""; - #foreach (0 .. 40){ - #my $i="color".$_; - #print""; - #} - #print"
$_
"; - &Header::openbox('100%', 'center', 'Policy'); + &addrule; + print "

"; + &Header::openbox('100%', 'center', $Lang::tr{'fwdfw pol title'}); print < - - - - +
$Lang::tr{'mode'} 0:$Lang::tr{'outgoing firewall mode0'}
$Lang::tr{'mode'} 1:$Lang::tr{'outgoing firewall mode1'}
$Lang::tr{'mode'} 2:$Lang::tr{'outgoing firewall mode2'}
+ + -
FORWARD
$Lang::tr{'fwdfw pol text'}
- - +
+ + END - if ($fwdfwsettings{'POLICY'} ne 'MODE0'&& $fwdfwsettings{'POLICY'} ne '' ) { - print "$Lang::tr{'outgoing firewall reset'}: "; - } -print "
"; + print "$Lang::tr{'outgoing firewall reset'}: "; + print ""; + print"

"; + print < + + + + + "; + print "
OUTGOING
$Lang::tr{'fwdfw pol text1'}
+ + +END + print "$Lang::tr{'outgoing firewall reset'}:
"; &Header::closebox(); } sub addrule { &error; + if (-f "${General::swroot}/forward/reread"){ + print "
$Lang::tr{'fwhost reread'}

"; + } &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'}); - print "
"; print ""; print ""; - if (-f "${General::swroot}/forward/reread"){ - print ""; - } - print"
"; - + print"
"; &Header::closebox(); &viewtablerule; - } sub deleterule { my %delhash=(); &General::readhasharray($fwdfwsettings{'config'}, \%delhash); - foreach my $key (sort keys %delhash){ - if ($key eq $fwdfwsettings{'key'}){ + foreach my $key (sort {$a <=> $b} keys %delhash){ + if ($key == $fwdfwsettings{'key'}){ #check hosts/net and groups &checkcounter($delhash{$key}[3],$delhash{$key}[4],,); &checkcounter($delhash{$key}[5],$delhash{$key}[6],,); @@ -521,22 +643,22 @@ sub deleterule &checkcounter($delhash{$key}[14],$delhash{$key}[15],,); } } - - if ($key ge $fwdfwsettings{'key'}) { + if ($key >= $fwdfwsettings{'key'}) { my $next = $key + 1; if (exists $delhash{$next}) { - foreach my $i (0 .. $#{$configfwdfw{$next}}) { + foreach my $i (0 .. $#{$delhash{$next}}) { $delhash{$key}[$i] = $delhash{$next}[$i]; } } } } # Remove the very last entry. - my $last_key = (sort keys %delhash)[-1]; + my $last_key = (sort {$a <=> $b} keys %delhash)[-1]; delete $delhash{$last_key}; &General::writehasharray($fwdfwsettings{'config'}, \%delhash); &rules; + if($fwdfwsettings{'nobase'} ne 'on'){ &base; } @@ -552,43 +674,53 @@ sub disable_rule } &General::writehasharray("$configfwdfw", \%configfwdfw); &rules; - } sub checksource { my ($ip,$subnet); - + #check ip-address if manual if ($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} ne ''){ #check if ip with subnet if ($fwdfwsettings{'src_addr'} =~ /^(.*?)\/(.*?)$/) { ($ip,$subnet)=split (/\//,$fwdfwsettings{'src_addr'}); $subnet = &General::iporsubtocidr($subnet); + $fwdfwsettings{'isip'}='on'; } #check if only ip if($fwdfwsettings{'src_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){ $ip=$fwdfwsettings{'src_addr'}; $subnet = '32'; + $fwdfwsettings{'isip'}='on'; } - #check and form valid IP - $ip=&General::ip2dec($ip); - $ip=&General::dec2ip($ip); - #check if net or broadcast - my @tmp= split (/\./,$ip); - if (($tmp[3] eq "0") || ($tmp[3] eq "255")) - { - $errormessage=$Lang::tr{'fwhost err hostip'}."
"; + + if ($fwdfwsettings{'isip'} ne 'on'){ + if (&General::validmac($fwdfwsettings{'src_addr'})){$fwdfwsettings{'ismac'}='on';} } - $fwdfwsettings{'src_addr'}="$ip/$subnet"; - - if(!&General::validipandmask($fwdfwsettings{'src_addr'})){ + if ($fwdfwsettings{'isip'} eq 'on'){ + #check and form valid IP + $ip=&General::ip2dec($ip); + $ip=&General::dec2ip($ip); + #check if net or broadcast + my @tmp= split (/\./,$ip); + if (($tmp[3] eq "0") || ($tmp[3] eq "255")) + { + $errormessage=$Lang::tr{'fwhost err hostip'}."
"; + } + $fwdfwsettings{'src_addr'}="$ip/$subnet"; + + if(!&General::validipandmask($fwdfwsettings{'src_addr'})){ + $errormessage.=$Lang::tr{'fwdfw err src_addr'}."
"; + } + } + if ($fwdfwsettings{'isip'} ne 'on' && $fwdfwsettings{'ismac'} ne 'on'){ $errormessage.=$Lang::tr{'fwdfw err src_addr'}."
"; } }elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrcip'}; return $errormessage; } - + #check empty fields if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}."
";} #check icmp source @@ -600,6 +732,15 @@ sub checksource $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]"; } } + }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'GRE'){ + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'ICMP_TYPES'}=''; + }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ESP'){ + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'ICMP_TYPES'}=''; + }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'AH'){ + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'ICMP_TYPES'}=''; }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP'){ $fwdfwsettings{'ICMP_TYPES'}=''; }else{ @@ -607,30 +748,48 @@ sub checksource $fwdfwsettings{'SRC_PORT'}=''; $fwdfwsettings{'PROT'}=''; } - - if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP' && $fwdfwsettings{'SRC_PORT'} ne ''){ - #change dashes with : - $fwdfwsettings{'SRC_PORT'}=~ tr/-/:/; - - if ($fwdfwsettings{'SRC_PORT'} eq "*") { - $fwdfwsettings{'SRC_PORT'} = "1:65535"; - } - if ($fwdfwsettings{'SRC_PORT'} =~ /^(\D)\:(\d+)$/) { - $fwdfwsettings{'SRC_PORT'} = "1:$2"; - } - if ($fwdfwsettings{'SRC_PORT'} =~ /^(\d+)\:(\D)$/) { - $fwdfwsettings{'SRC_PORT'} = "$1:65535"; + + if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'SRC_PORT'} ne ''){ + my @parts=split(",",$fwdfwsettings{'SRC_PORT'}); + my @values=(); + foreach (@parts){ + chomp($_); + if ($_ =~ /^(\d+)\:(\d+)$/) { + my $check; + #change dashes with : + $_=~ tr/-/:/; + if ($_ eq "*") { + push(@values,"1:65535"); + $check='on'; + } + if ($_ =~ /^(\D)\:(\d+)$/) { + push(@values,"1:$2"); + $check='on'; + } + if ($_ =~ /^(\d+)\:(\D)$/) { + push(@values,"$1:65535"); + $check='on' + } + $errormessage .= &General::validportrange($_, 'destination'); + if(!$check){ + push (@values,$_); + } + }else{ + if (&General::validport($_)){ + push (@values,$_); + }else{ + + } + } } - - $errormessage.=&General::validportrange($fwdfwsettings{'SRC_PORT'},'src'); + $fwdfwsettings{'SRC_PORT'}=join("|",@values); + return $errormessage; } - return $errormessage; } sub checktarget { my ($ip,$subnet); - - + if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){ #check if ip with subnet if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) { @@ -645,27 +804,27 @@ sub checktarget #check and form valid IP $ip=&General::ip2dec($ip); $ip=&General::dec2ip($ip); - - #check if net or broadcast - my @tmp= split (/\./,$ip); - if (($tmp[3] eq "0") || ($tmp[3] eq "255")) - { - $errormessage=$Lang::tr{'fwhost err hostip'}."
"; - } + + ##check if net or broadcast + #my @tmp= split (/\./,$ip); + #if ($tmp[3] eq "0" || ($tmp[3] eq "255")) + #{ + #$errormessage=$Lang::tr{'fwhost err hostip'}."
"; + #} $fwdfwsettings{'tgt_addr'}="$ip/$subnet"; if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){ $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."
"; } - + }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgtip'}; return $errormessage; } - + #check empty fields if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."
";} - + #check tgt services if ($fwdfwsettings{'USESRV'} eq 'ON'){ if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ @@ -681,34 +840,68 @@ sub checktarget } } if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){ - if ($fwdfwsettings{'TGT_PROT'} ne 'ICMP'){ + if ($fwdfwsettings{'TGT_PROT'} eq 'TCP' || $fwdfwsettings{'TGT_PROT'} eq 'UDP'){ if ($fwdfwsettings{'TGT_PORT'} ne ''){ - #change dashes with : - $fwdfwsettings{'TGT_PORT'}=~ tr/-/:/; - if ($fwdfwsettings{'TGT_PORT'} eq "*") { - $fwdfwsettings{'TGT_PORT'} = "1:65535"; - } - if ($fwdfwsettings{'TGT_PORT'} =~ /^(\D)\:(\d+)$/) { - $fwdfwsettings{'TGT_PORT'} = "1:$2"; - } - if ($fwdfwsettings{'TGT_PORT'} =~ /^(\d+)\:(\D)$/) { - $fwdfwsettings{'TGT_PORT'} = "$1:65535"; + my @parts=split(",",$fwdfwsettings{'TGT_PORT'}); + my @values=(); + foreach (@parts){ + chomp($_); + if ($_ =~ /^(\d+)\:(\d+)$/) { + my $check; + #change dashes with : + $_=~ tr/-/:/; + if ($_ eq "*") { + push(@values,"1:65535"); + $check='on'; + } + if ($_ =~ /^(\D)\:(\d+)$/) { + push(@values,"1:$2"); + $check='on'; + } + if ($_ =~ /^(\d+)\:(\D)$/) { + push(@values,"$1:65535"); + $check='on' + } + $errormessage .= &General::validportrange($_, 'destination'); + if(!$check){ + push (@values,$_); + } + }else{ + if (&General::validport($_)){ + push (@values,$_); + }else{ + + } + } } - $errormessage .= &General::validportrange($fwdfwsettings{'TGT_PORT'}, 'destination'); + $fwdfwsettings{'TGT_PORT'}=join("|",@values); } + }elsif ($fwdfwsettings{'TGT_PROT'} eq 'GRE'){ + $fwdfwsettings{$fwdfwsettings{'grp3'}} = ''; + $fwdfwsettings{'TGT_PORT'} = ''; + $fwdfwsettings{'ICMP_TGT'} = ''; + }elsif($fwdfwsettings{'TGT_PROT'} eq 'ESP'){ + $fwdfwsettings{$fwdfwsettings{'grp3'}} = ''; + $fwdfwsettings{'TGT_PORT'} = ''; + $fwdfwsettings{'ICMP_TGT'}=''; + }elsif($fwdfwsettings{'TGT_PROT'} eq 'AH'){ + $fwdfwsettings{$fwdfwsettings{'grp3'}} = ''; + $fwdfwsettings{'TGT_PORT'} = ''; + $fwdfwsettings{'ICMP_TGT'}=''; }elsif ($fwdfwsettings{'TGT_PROT'} eq 'ICMP'){ + $fwdfwsettings{$fwdfwsettings{'grp3'}} = ''; + $fwdfwsettings{'TGT_PORT'} = ''; &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); foreach my $key (keys %icmptypes){ if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwdfwsettings{'ICMP_TGT'}){ - $fwdfwsettings{'ICMP_TGT'}=$icmptypes{$key}[0]; } } } } } - + #check targetport if ($fwdfwsettings{'USESRV'} ne 'ON'){ $fwdfwsettings{'grp3'}=''; @@ -716,17 +909,12 @@ sub checktarget $fwdfwsettings{'TGT_PROT'}=''; $fwdfwsettings{'ICMP_TGT'}=''; } - - #check timeframe if($fwdfwsettings{'TIME'} eq 'ON'){ if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && $fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && $fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && $fwdfwsettings{'TIME_SUN'} eq ''){ $errormessage=$Lang::tr{'fwdfw err time'}; } } - - - return $errormessage; } sub checkrule @@ -736,45 +924,41 @@ sub checkrule $errormessage.=$Lang::tr{'fwdfw err remark'}."
"; } #check if source and target identical - if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}}){ + if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ALL'){ $errormessage.=$Lang::tr{'fwdfw err same'}; return $errormessage; } - + #get source and targetip address if possible my ($sip,$scidr,$tip,$tcidr); ($sip,$scidr)=&get_ip("src","grp1"); ($tip,$tcidr)=&get_ip("tgt","grp2"); - - - + #check same iprange in source and target if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){ - my $networkip1=&General::getnetworkip($sip,$scidr); my $networkip2=&General::getnetworkip($tip,$tcidr); if ($scidr gt $tcidr){ - if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr)) ){ + if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr))){ $errormessage.=$Lang::tr{'fwdfw err samesub'}; } }elsif($scidr eq $tcidr && $scidr eq '32'){ - my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(".",$networkip1); - my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(".",$networkip2); + my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(/\./,$networkip1); + my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(/\./,$networkip2); if ($sbyte1 eq $tbyte1 && $sbyte2 eq $tbyte2 && $sbyte3 eq $tbyte3){ $hint=$Lang::tr{'fwdfw hint ip1'}."
"; $hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr
"; } - }else{ if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){ $errormessage.=$Lang::tr{'fwdfw err samesub'}; } } } - + #check source and destination protocol if manual if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){ - if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ + if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ $errormessage.=$Lang::tr{'fwdfw err prot'}; } #check source and destination protocol if source manual and dest servicegrp @@ -790,7 +974,6 @@ sub checkrule } } } - } sub get_ip { @@ -841,7 +1024,6 @@ sub get_ip } } } - return $a,$b; } sub newrule @@ -857,14 +1039,12 @@ sub newrule &General::readhasharray("$configgrp", \%customgrp); &General::readhasharray("$configipsec", \%ipsecconf); &General::get_aliases(\%aliases); - - my %checked=(); my $helper; + my $sum=0; if($fwdfwsettings{'config'} eq ''){$fwdfwsettings{'config'}=$configfwdfw;} my $config=$fwdfwsettings{'config'}; my %hash=(); - $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED'; $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED'; $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED'; @@ -883,12 +1063,13 @@ sub newrule $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected'; $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected'; $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected'; - #check if update and get values if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){ &General::readhasharray("$config", \%hash); foreach my $key (sort keys %hash){ + $sum++; if ($key eq $fwdfwsettings{'key'}){ + $fwdfwsettings{'oldrulenumber'} = $fwdfwsettings{'key'}; $fwdfwsettings{'RULE_ACTION'} = $hash{$key}[0]; $fwdfwsettings{'ACTIVE'} = $hash{$key}[2]; $fwdfwsettings{'grp1'} = $hash{$key}[3]; @@ -916,7 +1097,6 @@ sub newrule $fwdfwsettings{'TIME_SUN'} = $hash{$key}[25]; $fwdfwsettings{'TIME_FROM'} = $hash{$key}[26]; $fwdfwsettings{'TIME_TO'} = $hash{$key}[27]; - $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED'; $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED'; $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED'; @@ -944,13 +1124,14 @@ sub newrule $fwdfwsettings{'oldgrp3a'}=$fwdfwsettings{'grp3'}; $fwdfwsettings{'oldgrp3b'}=$fwdfwsettings{$fwdfwsettings{'grp3'}}; $fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'}; + $fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'}; }else{ $fwdfwsettings{'ACTIVE'}='ON'; $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED'; } - + &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'}); - + print < @@ -958,35 +1139,38 @@ print <$_"; + if($fwdfwsettings{'updatefwrule'} eq 'on'){ + print""; }else{ - print""; + if($fwdfwsettings{'POLICY'} eq 'MODE2'){ + $fwdfwsettings{'RULE_ACTION'} = 'DROP'; + } + + if ($_ eq $fwdfwsettings{'RULE_ACTION'}) + { + print""; + }else{ + print""; + } } } print"
"; - &Header::closebox(); &Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'}); - - #------SOURCE------------------------------------------------------- print< $Lang::tr{'fwdfw sourceip'}
$Lang::tr{'fwhost stdnet'}$Lang::tr{'fwhost cust grp'}$Lang::tr{'fwhost ipsec host'}$Lang::tr{'fwdfw use srcport'} $Lang::tr{'fwdfw man port'} - $Lang::tr{'fwhost icmptype'} + $Lang::tr{'fwhost icmptype'}
END &Header::closebox(); @@ -1110,21 +1290,20 @@ END $Lang::tr{'fwdfw targetip'}IPFire ($Lang::tr{'external access'})$Lang::tr{'fwhost stdnet'}$Lang::tr{'fwhost ccdnet'}$Lang::tr{'fwhost cust net'}$Lang::tr{'fwhost cust grp'}$Lang::tr{'fwhost ipsec host'}$Lang::tr{'fwdfw use srv'}$Lang::tr{'fwhost cust service'}$Lang::tr{'fwhost cust srvgrp'}:$Lang::tr{'fwhost cust srvgrp'}:$Lang::tr{'fwdfw man port'} - $Lang::tr{'fwhost icmptype'} + $Lang::tr{'fwhost icmptype'} + $Lang::tr{'remark'}: +END + if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on'){ + print "$Lang::tr{'fwdfw rulepos'}:"; + }else{ + print "$Lang::tr{'fwdfw rulepos'}:"; + } + + print< -
$Lang::tr{'fwdfw rule activate'}
$Lang::tr{'fwdfw log rule'}

+
END &Header::closebox(); #---ADD TIMEFRAME----------------------------------------------- @@ -1281,7 +1474,6 @@ END $Lang::tr{'time'}: $Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'} - $Lang::tr{'advproxy from'} $Lang::tr{'advproxy to'} @@ -1294,9 +1486,8 @@ END - + - -
+ +
END }else{ @@ -1344,9 +1536,10 @@ END - + + +
-
END } @@ -1354,12 +1547,35 @@ END } sub saverule { - my $hash=shift; my $config=shift; &General::readhasharray("$config", $hash); if (!$errormessage){ - if ($fwdfwsettings{'updatefwrule'} ne 'on' ){ + #check if we change an forward rule to an external access + if( $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'oldgrp2a'} ne 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){ + &changerule($configfwdfw); + } + #check if we change an forward rule to an outgoing + if( $fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' && $fwdfwsettings{'oldgrp1b'} ne 'IPFire' && $fwdfwsettings{'updatefwrule'} eq 'on'){ + &changerule($configfwdfw); + } + #check if we change an external access rule to a forward + if( $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){ + &changerule($configinput); + } + #check if we change an external access rule to a outgoing + if( $fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' && $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){ + &changerule($configinput); + } + #check if we change an outgoing rule to a forward + if( $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'IPFire' && $fwdfwsettings{'oldgrp1b'} eq 'IPFire' && $fwdfwsettings{'grp2'} ne 'ipfire' &&$fwdfwsettings{'updatefwrule'} eq 'on'){ + &changerule($configoutgoing); + } + #check if we change an outgoing rule to a external access + if( $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'IPFire' && $fwdfwsettings{'oldgrp1b'} eq 'IPFire' && $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){ + &changerule($configoutgoing); + } + if ($fwdfwsettings{'updatefwrule'} ne 'on'){ my $key = &General::findhasharraykey ($hash); $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'}; $$hash{$key}[1] = $fwdfwsettings{'chain'}; @@ -1391,7 +1607,7 @@ sub saverule $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'}; &General::writehasharray("$config", $hash); }else{ - foreach my $key (sort keys %$hash){ + foreach my $key (sort {$a <=> $b} keys %$hash){ if($key eq $fwdfwsettings{'key'}){ $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'}; $$hash{$key}[1] = $fwdfwsettings{'chain'}; @@ -1424,7 +1640,62 @@ sub saverule last; } } + } + &General::writehasharray("$config", $hash); + if($fwdfwsettings{'oldrulenumber'} > $fwdfwsettings{'rulepos'}){ + my %tmp=(); + my $val=$fwdfwsettings{'oldrulenumber'}-$fwdfwsettings{'rulepos'}; + for (my $z=0;$z<$val;$z++){ + foreach my $key (sort {$a <=> $b} keys %$hash){ + if ($key eq $fwdfwsettings{'oldrulenumber'}) { + my $last = $key -1; + if (exists $$hash{$last}){ + #save rule last + foreach my $y (0 .. $#{$$hash{$last}}) { + $tmp{0}[$y] = $$hash{$last}[$y]; + } + #copy active rule to last + foreach my $i (0 .. $#{$$hash{$last}}) { + $$hash{$last}[$i] = $$hash{$key}[$i]; + } + #copy saved rule to actual position + foreach my $x (0 .. $#{$tmp{0}}) { + $$hash{$key}[$x] = $tmp{0}[$x]; + } + } + } + } + $fwdfwsettings{'oldrulenumber'}--; + } &General::writehasharray("$config", $hash); + &rules; + }elsif($fwdfwsettings{'rulepos'} > $fwdfwsettings{'oldrulenumber'}){ + my %tmp=(); + my $val=$fwdfwsettings{'rulepos'}-$fwdfwsettings{'oldrulenumber'}; + for (my $z=0;$z<$val;$z++){ + foreach my $key (sort {$a <=> $b} keys %$hash){ + if ($key eq $fwdfwsettings{'oldrulenumber'}) { + my $next = $key + 1; + if (exists $$hash{$next}){ + #save rule next + foreach my $y (0 .. $#{$$hash{$next}}) { + $tmp{0}[$y] = $$hash{$next}[$y]; + } + #copy active rule to next + foreach my $i (0 .. $#{$$hash{$next}}) { + $$hash{$next}[$i] = $$hash{$key}[$i]; + } + #copy saved rule to actual position + foreach my $x (0 .. $#{$tmp{0}}) { + $$hash{$key}[$x] = $tmp{0}[$x]; + } + } + } + } + $fwdfwsettings{'oldrulenumber'}++; + } + &General::writehasharray("$config", $hash); + &rules; } } } @@ -1455,7 +1726,7 @@ sub get_name foreach my $network (sort keys %defaultNetworks) { return "$network" if ($val eq $defaultNetworks{$network}{'NAME'}); - } + } } sub validremark { @@ -1464,16 +1735,16 @@ sub validremark # Each part should be at least two characters in length # but no more than 63 characters - if (length ($remark) < 1 || length ($remark) > 63) { + if (length ($remark) < 1 || length ($remark) > 255) { return 0;} # Only valid characters are a-z, A-Z, 0-9 and - - if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-\s]*$/) { + if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-.:;\|_()\/\s]*$/) { return 0;} # First character can only be a letter or a digit if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÖÄÜ0-9]*$/) { return 0;} # Last character can only be a letter or a digit - if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9]*$/) { + if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9.:;_)]*$/) { return 0;} return 1; } @@ -1481,10 +1752,11 @@ sub getsrcport { my %hash=%{(shift)}; my $key=shift; - if($hash{$key}[7] eq 'ON' && $hash{$key}[8] ne 'ICMP'){ - print" : ($hash{$key}[8]) $hash{$key}[10]"; + if($hash{$key}[7] eq 'ON' && $hash{$key}[8] ne '' && $hash{$key}[10]){ + $hash{$key}[10]=~ s/\|/,/g; + print": $hash{$key}[10]"; }elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){ - print" : ($hash{$key}[8])
$hash{$key}[9]"; + print":
$hash{$key}[9] "; } } sub gettgtport @@ -1493,40 +1765,64 @@ sub gettgtport my $key=shift; my $service; my $prot; - if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){ if($hash{$key}[14] eq 'cust_srv'){ &General::readhasharray("$configsrv", \%customservice); foreach my $i (sort keys %customservice){ - #print "HHUHU: $customservice{$i}[0] und $hash{$key}[15]
"; if($customservice{$i}[0] eq $hash{$key}[15]){ - $prot = $hash{$key}[12]; $service = $customservice{$i}[0]; } } }elsif($hash{$key}[14] eq 'cust_srvgrp'){ - $service=$hash{$key}[15]; }elsif($hash{$key}[14] eq 'TGT_PORT'){ + $hash{$key}[15]=~ s/\|/,/g; $service=$hash{$key}[15]; - $prot=$hash{$key}[12]; + } + if($service){ + print": $service"; } }elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){ - print" : ($hash{$key}[12])
$hash{$key}[13]"; + print":
$hash{$key}[13]"; } - - if ($prot ne '' || $service ne ''){ - print" :"; - if ($prot ne ''){ - print"($prot) "; +} +sub get_serviceports +{ + my $type=shift; + my $name=shift; + &General::readhasharray("$configsrv", \%customservice); + &General::readhasharray("$configsrvgrp", \%customservicegrp); + my $protocols; + my $tcp; + my $udp; + if($type eq 'service'){ + foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){ + if ($customservice{$key}[0] eq $name){ + $protocols=$customservice{$key}[2]; + } + } + }elsif($type eq 'group'){ + foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) } keys %customservicegrp){ + if ($customservicegrp{$key}[0] eq $name){ + foreach my $key1 (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){ + if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){ + if($customservice{$key1}[2] eq 'TCP'){$tcp='TCP';}else{$udp='UDP';} + } + } + } } - print" $service"; } + if($tcp && $udp){$protocols="TCP,UDP"; + }elsif($tcp){$protocols.="TCP"; + }elsif($udp){$protocols.="UDP";} + return $protocols; } sub viewtablerule { + &General::readhash("/var/ipfire/ethernet/settings", \%netsettings); &viewtablenew(\%configfwdfw,$configfwdfw,$Lang::tr{'fwdfw rules'},"Forward" ); &viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'external access'} ); + &viewtablenew(\%configoutgoingfw,$configoutgoing,"","Outgoing" ); } sub viewtablenew { @@ -1534,8 +1830,11 @@ sub viewtablenew my $config=shift; my $title=shift; my $title1=shift; - - if ( ! -z "$config"){ + my $go=''; + &General::get_aliases(\%aliases); + &General::readhasharray("$config", $hash); + if( ! -z $config){ + if ($title1 eq $Lang::tr{'external access'} || $title1 eq 'Outgoing'){print"

";} &Header::openbox('100%', 'left',$title); my $count=0; my ($gif,$log); @@ -1544,11 +1843,11 @@ sub viewtablenew my $tooltip; my @tmpsrc=(); my $coloryellow=''; - &General::readhasharray("$config", $hash); print"$title1
"; - print""; - print""; - foreach my $key (sort keys %$hash){ + print"
#$Lang::tr{'fwdfw source'}Log$Lang::tr{'fwdfw target'}$Lang::tr{'remark'}$Lang::tr{'fwdfw action'}
"; + print""; + foreach my $key (sort {$a <=> $b} keys %$hash){ + $tdcolor=''; @tmpsrc=(); #check if vpn hosts/nets have been deleted if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){ @@ -1557,14 +1856,12 @@ sub viewtablenew if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /ovpn/i){ push (@tmpsrc,$$hash{$key}[6]); } - foreach my $host (@tmpsrc){ if($$hash{$key}[3] eq 'ipsec_net_src' || $$hash{$key}[5] eq 'ipsec_net_tgt'){ - if(&fwlib::get_ipsec_net_ip($host,11) eq ''){ + if(&fwlib::get_ipsec_net_ip($host,11) eq ''){ $coloryellow='on'; &disable_rule($key); $$hash{$key}[2]=''; - } }elsif($$hash{$key}[3] eq 'ovpn_net_src' || $$hash{$key}[5] eq 'ovpn_net_tgt'){ if(&fwlib::get_ovpn_net_ip($host,1) eq ''){ @@ -1585,27 +1882,25 @@ sub viewtablenew $$hash{$key}[2]=''; } } - $$hash{$key}[3]=''; - $$hash{$key}[5]=''; + #$$hash{$key}[3]=''; + #$$hash{$key}[5]=''; } - $$hash{'ACTIVE'}=$$hash{$key}[2]; $count++; - if($coloryellow eq 'on'){ print""; $coloryellow=''; }elsif($coloryellow eq ''){ if ($count % 2){ - print""; + $color="$color{'color22'}"; } else{ - print""; + $color="$color{'color20'}"; } } - + print""; print<$key + END if ($$hash{$key}[0] eq 'ACCEPT'){ $ruletype='A'; @@ -1620,13 +1915,15 @@ END $tooltip='REJECT'; $rulecolor=$color{'color16'}; } - print""; - print""; + &getcolor($$hash{$key}[3],$$hash{$key}[4]); + print" END - + &getcolor($$hash{$key}[5],$$hash{$key}[6]); print< + "; - + print""; + #Get Protocol + my $prot; + if ($$hash{$key}[12]){ #target prot if manual + $prot=$$hash{$key}[12]; + }elsif($$hash{$key}[8]){ #source prot if manual + $prot=$$hash{$key}[8]; + }elsif($$hash{$key}[14] eq 'cust_srv'){ + $prot=&get_serviceports("service",$$hash{$key}[15]); + }elsif($$hash{$key}[14] eq 'cust_srvgrp'){ + $prot=&get_serviceports("group",$$hash{$key}[15]); + }else{ + $prot=$Lang::tr{'all'}; + } + print""; + if ($$hash{$key}[18] eq 'ON'){ + my @days=(); + if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});} + if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});} + if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});} + if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});} + if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});} + if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});} + if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});} + my $weekdays=join(",",@days); + if (@days){ + print""; + } + }else{ + print""; + } if($$hash{$key}[2] eq 'ON'){ $gif="/images/on.gif" }else{ $gif="/images/off.gif" - } print< - - - - - - - - END }else{ - print""; + print""; } - if (exists $$hash{$key+1}){ print< - END }else{ - print""; - } - #if timeframe set, print new line in table - if ($$hash{$key}[18] eq 'ON'){ - my @days=(); - if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});} - if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});} - if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});} - if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});} - if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});} - if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});} - if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});} - - my $weekdays=join(",",@days); - - if (@days){ - print""; - } + print""; } + #REMARK + print""; } print"
#$Lang::tr{'fwdfw source'}Log$Lang::tr{'fwdfw target'}$Lang::tr{'protocol'}$Lang::tr{'fwdfw time'}$Lang::tr{'fwdfw action'}
$key$ruletype"; + print"$ruletype"; if ($$hash{$key}[3] eq 'std_net_src'){ print &get_name($$hash{$key}[4]); }else{ print $$hash{$key}[4]; } + $tdcolor=''; &getsrcport(\%$hash,$key); if ($$hash{$key}[17] eq 'ON'){ $log="/images/on.gif"; @@ -1635,59 +1932,82 @@ END } print< -
-
+ END if ($$hash{$key}[5] eq 'std_net_tgt'){ print &get_name($$hash{$key}[6]); }else{ print $$hash{$key}[6]; } + $tdcolor=''; &gettgtport(\%$hash,$key); - ################################################################################ - print"$$hash{$key}[16]$prot$weekdays   $$hash{$key}[26] - $$hash{$key}[27]24/7 +
+
+
+ @@ -1696,77 +2016,111 @@ END if (exists $$hash{$key-1}){ print< - + +
$Lang::tr{'fwdfw time'} "; - print"$weekdays"; - print "  $Lang::tr{'fwdfw from'} $$hash{$key}[26]   $Lang::tr{'fwdfw till'} $$hash{$key}[27]
"; + print"$Lang::tr{'remark'}: $$hash{$key}[16]
"; &Header::closebox(); + print "
"; + } +} +sub getcolor +{ + my $nettype=shift; + my $val=shift; + if($optionsfw{'SHOWCOLORS'} eq 'on'){ + if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq 'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || $nettype eq 'ovpn_host_tgt'){ + $tdcolor="style='border: 2px solid $Header::colourovpn;'"; + return; + } + if ($nettype eq 'ipsec_net_src' || $nettype eq 'ipsec_net_tgt'){ + $tdcolor="style='border: 2px solid $Header::colourvpn;'"; + return; + } + foreach my $alias (sort keys %aliases) + { + if ($val eq $alias){ + $tdcolor="style='border: 2px solid red;'"; + return; + } + } + if ($val eq 'GREEN'){ + $tdcolor="style='border: 2px solid $Header::colourgreen;'"; + }elsif ($val eq 'ORANGE'){ + $tdcolor="style='border: 2px solid $Header::colourorange;'"; + }elsif ($val eq 'BLUE'){ + $tdcolor="style='border: 2px solid $Header::colourblue;'"; + }elsif ($val eq 'RED'){ + $tdcolor="style='border: 2px solid $Header::colourred;'"; + }elsif ($val eq 'IPFire' ){ + $tdcolor="style='border: 2px solid $Header::colourred;'"; + }elsif($val =~ /^(.*?)\/(.*?)$/){ + my ($sip,$scidr) = split ("/",$val); + if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){ + $tdcolor="style='border: 2px solid $Header::colourorange;'"; + } + if ( &General::IpInSubnet($sip,$netsettings{'GREEN_ADDRESS'},$netsettings{'GREEN_NETMASK'})){ + $tdcolor="style='border: 2px solid $Header::colourgreen;'"; + } + if ( &General::IpInSubnet($sip,$netsettings{'BLUE_ADDRESS'},$netsettings{'BLUE_NETMASK'})){ + $tdcolor="style='border: 2px solid $Header::colourblue;'"; + } + }elsif ($val eq 'Default IP'){ + $tdcolor="style='border: 2px solid red;'"; + }else{ + $tdcolor=''; + } } - } sub fillselect { my %hash=%{(shift)}; my $val=shift; my $key; - foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash) - { - if($hash{$key}[0] eq $val){ - print""; - }else{ - print""; - } + foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ + if($hash{$key}[0] eq $val){ + print""; + }else{ + print""; } + } } sub rules { if (!-f "${General::swroot}/forward/reread"){ system("touch ${General::swroot}/forward/reread"); + system("touch ${General::swroot}/fwhosts/reread"); } } sub reread_rules { system("/usr/local/bin/forwardfwctrl"); - system("rm ${General::swroot}/forward/reread"); + if ( -f "${General::swroot}/forward/reread"){ + system("rm ${General::swroot}/forward/reread"); + system("rm ${General::swroot}/fwhosts/reread"); + } } &Header::closebigbox(); &Header::closepage();