X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fforwardfw.cgi;h=3e170a1d93249e41a70138b0f9a8b60887e77a5e;hp=6ed0a9b2217a330503101d71b61be2369c353930;hb=ba6f69f76943a83fece4a12fb632f9ad166edff3;hpb=55674e0d3877ac07f71e26e0d07dacc6baf5759f
diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi
index 6ed0a9b22..3e170a1d9 100755
--- a/html/cgi-bin/forwardfw.cgi
+++ b/html/cgi-bin/forwardfw.cgi
@@ -27,7 +27,7 @@
# Now that the ccd extension is ready i am able to develop the main request. #
# Any feedback is appreciated. #
# #
-# #
+#Copymaster #
###############################################################################
use strict;
@@ -45,6 +45,7 @@ unless (-d "${General::swroot}/forward") { system("mkdir ${General::swroot}/f
unless (-e "${General::swroot}/forward/settings") { system("touch ${General::swroot}/forward/settings"); }
unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); }
unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); }
+unless (-e "${General::swroot}/forward/outgoing") { system("touch ${General::swroot}/forward/outgoing"); }
my %fwdfwsettings=();
my %selected=() ;
@@ -60,6 +61,7 @@ my %customnetwork=();
my %ccdhost=();
my %configfwdfw=();
my %configinputfw=();
+my %configoutgoingfw=();
my %ipsecconf=();
my %color=();
my %mainsettings=();
@@ -68,6 +70,8 @@ my %icmptypes=();
my %ovpnsettings=();
my %ipsecsettings=();
my %aliases=();
+my %optionsfw=();
+
my $color;
my $confignet = "${General::swroot}/fwhosts/customnetworks";
my $confighost = "${General::swroot}/fwhosts/customhosts";
@@ -80,16 +84,18 @@ my $configipsec = "${General::swroot}/vpn/config";
my $configipsecrw = "${General::swroot}/vpn/settings";
my $configfwdfw = "${General::swroot}/forward/config";
my $configinput = "${General::swroot}/forward/input";
+my $configoutgoing = "${General::swroot}/forward/outgoing";
my $configovpn = "${General::swroot}/ovpn/settings";
-
+my $fwoptions = "${General::swroot}/optionsfw/settings";
my $errormessage='';
my $hint='';
my $ipgrp="${General::swroot}/outgoing/groups";
-
+my $tdcolor='';
&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+&General::readhash($fwoptions, \%optionsfw);
&Header::showhttpheaders();
&Header::getcgihash(\%fwdfwsettings);
@@ -100,8 +106,10 @@ my $ipgrp="${General::swroot}/outgoing/groups";
if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'save'})
{
my $MODE = $fwdfwsettings{'POLICY'};
+ my $MODE1 = $fwdfwsettings{'POLICY1'};
%fwdfwsettings = ();
$fwdfwsettings{'POLICY'} = "$MODE";
+ $fwdfwsettings{'POLICY1'} = "$MODE1";
&General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
&reread_rules;
}
@@ -109,57 +117,67 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
{
&General::readhasharray("$configfwdfw", \%configfwdfw);
&General::readhasharray("$configinput", \%configinputfw);
+ &General::readhasharray("$configoutgoing", \%configoutgoingfw);
$errormessage=&checksource;
if(!$errormessage){&checktarget;}
if(!$errormessage){&checkrule;}
-
- #check if we change an forward rule to an external access
- if( $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'oldgrp2a'} ne 'ipfire'){
- $fwdfwsettings{'updatefwrule'}='';
- $fwdfwsettings{'config'}=$configfwdfw;
- $fwdfwsettings{'nobase'}='on';
- &deleterule;
+ #check if we try to break rules
+ if( $fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' && $fwdfwsettings{'grp2'} eq 'ipfire'){
+ $errormessage.=$Lang::tr{'fwdfw err same'};
}
-
- #check if we change an external access rule to an forward
- if( $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire'){
- $fwdfwsettings{'updatefwrule'}='';
- $fwdfwsettings{'config'}=$configinput;
- $fwdfwsettings{'nobase'}='on';
- &deleterule;
- }
-
#INPUT part
if($fwdfwsettings{'grp2'} eq 'ipfire'){
+ $fwdfwsettings{'config'}=$configinput;
$fwdfwsettings{'chain'} = 'INPUTFW';
+ my $maxkey=&General::findhasharraykey(\%configinputfw);
#check if we have an identical rule already
- foreach my $key (sort keys %configinputfw){
- if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
- eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[16],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- }
- }
-
- &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
- if ($fwdfwsettings{'nobase'} ne 'on'){
- &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
- }
-
- if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
- &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
- }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }
-
- if ($fwdfwsettings{'nobase'} eq 'on'){
- &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }
-
-
- &saverule(\%configinputfw,$configinput);
-
+ if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
+ foreach my $key (sort keys %configinputfw){
+ if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
+ eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} eq ''){
+ $errormessage='';
+ }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
+ $errormessage=$Lang::tr{'fwdfw err remark'}." ";
+ }
+ if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
+ $fwdfwsettings{'nosave'} = 'on';
+ }
+ }
+ }
+ }
+ #check Rulepos on new Rule
+ if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
+ $fwdfwsettings{'oldrulenumber'}=$maxkey;
+ foreach my $key (sort keys %configinputfw){
+ if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
+ eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ }
+ }
+ }
+ #check if we just close a rule
+ if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} ) {
+ if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ $errormessage='';
+ $fwdfwsettings{'nosave2'} = 'on';
+ }
+ }
+ &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ if ($fwdfwsettings{'nobase'} ne 'on'){
+ &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
+ }
+ if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
+ }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }
+ if($fwdfwsettings{'nosave2'} ne 'on'){
+ &saverule(\%configinputfw,$configinput);
+ }
#print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}} ";
#print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'} ";
#print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}} ";
@@ -181,24 +199,103 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
#print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}} ";
#print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}} ";
#print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}} ";
-
-
-
+ }elsif($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' ){
+ # OUTGOING PART
+ $fwdfwsettings{'config'}=$configoutgoing;
+ $fwdfwsettings{'chain'} = 'OUTGOINGFW';
+ my $maxkey=&General::findhasharraykey(\%configoutgoingfw);
+ if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
+ foreach my $key (sort keys %configoutgoingfw){
+ if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
+ eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} eq ''){
+ $errormessage='';
+ }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
+ $errormessage=$Lang::tr{'fwdfw err remark'}." ";
+ }
+ if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
+ $fwdfwsettings{'nosave'} = 'on';
+ }
+ }
+ }
+ }
+ #check Rulepos on new Rule
+ if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
+ print"CHECK OUTGOING DOPPELTE REGEL ";
+ $fwdfwsettings{'oldrulenumber'}=$maxkey;
+ foreach my $key (sort keys %configoutgoingfw){
+ if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
+ eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ }
+ }
+ }
+ #check if we just close a rule
+ if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} ) {
+ if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ $fwdfwsettings{'nosave2'} = 'on';
+ $errormessage='';
+ }
+ }
+ #increase counters
+ &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
+ if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
+ }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }
+ if ($fwdfwsettings{'nobase'} eq 'on'){
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }
+ if ($fwdfwsettings{'nosave2'} ne 'on'){
+ &saverule(\%configoutgoingfw,$configoutgoing);
+ }
}else{
+ #FORWARD PART
+ $fwdfwsettings{'config'}=$configfwdfw;
$fwdfwsettings{'chain'} = 'FORWARDFW';
- #check if we have an identical rule already
- foreach my $key (sort keys %configfwdfw){
-
- if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
- eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[16],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- }
+ my $maxkey=&General::findhasharraykey(\%configfwdfw);
+ if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
+ #check if we have an identical rule already
+ foreach my $key (sort keys %configfwdfw){
+ if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
+ eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} eq ''){
+ $errormessage='';
+ }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
+ $errormessage=$Lang::tr{'fwdfw err remark'}." ";
+ }
+ if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
+ $fwdfwsettings{'nosave'} = 'on';
+ }
+ }
+ }
}
+ #check Rulepos on new Rule
+ if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
+ $fwdfwsettings{'oldrulenumber'}=$maxkey;
+ foreach my $key (sort keys %configfwdfw){
+ if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
+ eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ }
+ }
+ }
+ #check if we just close a rule
+ if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} ) {
+ if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ $fwdfwsettings{'nosave2'} = 'on';
+ $errormessage='';
+ }
+ }
#increase counters
&checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
-
&checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
-
if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
@@ -206,14 +303,12 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
}elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}
-
if ($fwdfwsettings{'nobase'} eq 'on'){
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}
-
-
- &saverule(\%configfwdfw,$configfwdfw);
-
+ if ($fwdfwsettings{'nosave2'} ne 'on'){
+ &saverule(\%configfwdfw,$configfwdfw);
+ }
#print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}} ";
#print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'} ";
#print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}} ";
@@ -235,43 +330,60 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
#print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}} ";
#print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}} ";
#print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}} ";
-
-
-
}
if ($errormessage){
&newrule;
}else{
- &rules;
+ if($fwdfwsettings{'nosave2'} ne 'on'){
+ &rules;
+ }
&base;
}
-
}
if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'reset'})
{
- &General::readhasharray("$configfwdfw", \%configfwdfw);
- foreach my $key (sort keys %configfwdfw){
- &checkcounter($configfwdfw{$key}[3],$configfwdfw{$key}[4],,);
- &checkcounter($configfwdfw{$key}[5],$configfwdfw{$key}[6],,);
- &checkcounter($configfwdfw{$key}[14],$configfwdfw{$key}[15],,);
- }
- &General::readhasharray("$configinput", \%configinputfw);
- foreach my $key (sort keys %configinputfw){
- &checkcounter($configinputfw{$key}[3],$configinputfw{$key}[4],,);
- &checkcounter($configinputfw{$key}[5],$configinputfw{$key}[6],,);
- &checkcounter($configinputfw{$key}[14],$configinputfw{$key}[15],,);
+ if($fwdfwsettings{'poltype'} eq 'forward'){
+ &General::readhasharray("$configfwdfw", \%configfwdfw);
+ foreach my $key (sort keys %configfwdfw){
+ &checkcounter($configfwdfw{$key}[3],$configfwdfw{$key}[4],,);
+ &checkcounter($configfwdfw{$key}[5],$configfwdfw{$key}[6],,);
+ &checkcounter($configfwdfw{$key}[14],$configfwdfw{$key}[15],,);
+ }
+ &General::readhasharray("$configinput", \%configinputfw);
+ foreach my $key (sort keys %configinputfw){
+ &checkcounter($configinputfw{$key}[3],$configinputfw{$key}[4],,);
+ &checkcounter($configinputfw{$key}[5],$configinputfw{$key}[6],,);
+ &checkcounter($configinputfw{$key}[14],$configinputfw{$key}[15],,);
+ }
+
+ system("rm ${General::swroot}/forward/config");
+ system("rm ${General::swroot}/forward/input");
+ &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
+ unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); }
+ unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); }
+ my $MODE1=$fwdfwsettings{'POLICY1'};
+ %fwdfwsettings = ();
+ $fwdfwsettings{'POLICY'}='MODE2';
+ $fwdfwsettings{'POLICY1'}=$MODE1;
+ &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
+ &reread_rules;
+ }else{
+ &General::readhasharray("$configoutgoing", \%configoutgoingfw);
+ foreach my $key (sort keys %configoutgoingfw){
+ &checkcounter($configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],,);
+ &checkcounter($configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],,);
+ &checkcounter($configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],,);
}
- $fwdfwsettings{'POLICY'}='MODE0';
- system("rm ${General::swroot}/forward/config");
- system("rm ${General::swroot}/forward/input");
+ system("rm ${General::swroot}/forward/outgoing");
+ &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
+ unless (-e "${General::swroot}/forward/outgoing") { system("touch ${General::swroot}/forward/outgoing"); }
+ my $MODE=$fwdfwsettings{'POLICY'};
%fwdfwsettings = ();
-
+ $fwdfwsettings{'POLICY'}=$MODE;
+ $fwdfwsettings{'POLICY1'}='MODE2';
&General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
- unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); }
- unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); }
-
&reread_rules;
-
+ }
}
if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw newrule'})
{
@@ -338,6 +450,16 @@ if ($fwdfwsettings{'ACTION'} eq '')
&base;
}
### Functions ####
+sub changerule
+{
+ my $oldchain=shift;
+ $fwdfwsettings{'updatefwrule'}='';
+ $fwdfwsettings{'config'}=$oldchain;
+ $fwdfwsettings{'nobase'}='on';
+ &deleterule;
+ &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+}
sub pos_up
{
my %uphash=();
@@ -407,7 +529,7 @@ sub checkcounter
}elsif($base1 eq 'cust_srvgrp'){
&dec_counter($configsrvgrp,\%customservicegrp,$val1);
}
-
+
if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){
&inc_counter($confignet,\%customnetwork,$val2);
}elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){
@@ -426,13 +548,12 @@ sub inc_counter
my %hash=%{(shift)};
my $val=shift;
my $pos;
-
+
&General::readhasharray($config, \%hash);
foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
if($hash{$key}[0] eq $val){
$pos=$#{$hash{$key}};
$hash{$key}[$pos] = $hash{$key}[$pos]+1;
-
}
}
&General::writehasharray($config, \%hash);
@@ -449,70 +570,71 @@ sub dec_counter
if($hash{$key}[0] eq $val){
$pos=$#{$hash{$key}};
$hash{$key}[$pos] = $hash{$key}[$pos]-1;
-
}
}
&General::writehasharray($config, \%hash);
}
sub base
{
-
- if ($fwdfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; }
if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; }
if ($fwdfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; }
-
+ if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){ $selected{'POLICY1'}{'MODE1'} = 'selected'; } else { $selected{'POLICY1'}{'MODE1'} = ''; }
+ if ($fwdfwsettings{'POLICY1'} eq 'MODE2'){ $selected{'POLICY1'}{'MODE2'} = 'selected'; } else { $selected{'POLICY1'}{'MODE2'} = ''; }
&hint;
- if ($fwdfwsettings{'POLICY'} ne 'MODE0' && $fwdfwsettings{'POLICY'} ne '') {
- &addrule;
- }
-
- #print"
";
- #foreach (0 .. 40){
- #my $i="color".$_;
- #print"$_ ";
- #}
- #print"
";
- &Header::openbox('100%', 'center', 'Policy');
+ &addrule;
+ print " ";
+ &Header::openbox('100%', 'center', $Lang::tr{'fwdfw pol title'});
print <
- ";
+ print" ";
+ print <
+ ";
&Header::closebox();
}
sub addrule
{
&error;
+ if (-f "${General::swroot}/forward/reread"){
+ print " ";
+ }
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
-
print " ";
-
+ print" ";
&Header::closebox();
&viewtablerule;
-
}
sub deleterule
{
my %delhash=();
&General::readhasharray($fwdfwsettings{'config'}, \%delhash);
- foreach my $key (sort keys %delhash){
- if ($key eq $fwdfwsettings{'key'}){
+ foreach my $key (sort {$a <=> $b} keys %delhash){
+ if ($key == $fwdfwsettings{'key'}){
#check hosts/net and groups
&checkcounter($delhash{$key}[3],$delhash{$key}[4],,);
&checkcounter($delhash{$key}[5],$delhash{$key}[6],,);
@@ -521,22 +643,22 @@ sub deleterule
&checkcounter($delhash{$key}[14],$delhash{$key}[15],,);
}
}
-
- if ($key ge $fwdfwsettings{'key'}) {
+ if ($key >= $fwdfwsettings{'key'}) {
my $next = $key + 1;
if (exists $delhash{$next}) {
- foreach my $i (0 .. $#{$configfwdfw{$next}}) {
+ foreach my $i (0 .. $#{$delhash{$next}}) {
$delhash{$key}[$i] = $delhash{$next}[$i];
}
}
}
}
# Remove the very last entry.
- my $last_key = (sort keys %delhash)[-1];
+ my $last_key = (sort {$a <=> $b} keys %delhash)[-1];
delete $delhash{$last_key};
&General::writehasharray($fwdfwsettings{'config'}, \%delhash);
&rules;
+
if($fwdfwsettings{'nobase'} ne 'on'){
&base;
}
@@ -552,43 +674,53 @@ sub disable_rule
}
&General::writehasharray("$configfwdfw", \%configfwdfw);
&rules;
-
}
sub checksource
{
my ($ip,$subnet);
-
+
#check ip-address if manual
if ($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} ne ''){
#check if ip with subnet
if ($fwdfwsettings{'src_addr'} =~ /^(.*?)\/(.*?)$/) {
($ip,$subnet)=split (/\//,$fwdfwsettings{'src_addr'});
$subnet = &General::iporsubtocidr($subnet);
+ $fwdfwsettings{'isip'}='on';
}
#check if only ip
if($fwdfwsettings{'src_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
$ip=$fwdfwsettings{'src_addr'};
$subnet = '32';
+ $fwdfwsettings{'isip'}='on';
}
- #check and form valid IP
- $ip=&General::ip2dec($ip);
- $ip=&General::dec2ip($ip);
- #check if net or broadcast
- my @tmp= split (/\./,$ip);
- if (($tmp[3] eq "0") || ($tmp[3] eq "255"))
- {
- $errormessage=$Lang::tr{'fwhost err hostip'}." ";
+
+ if ($fwdfwsettings{'isip'} ne 'on'){
+ if (&General::validmac($fwdfwsettings{'src_addr'})){$fwdfwsettings{'ismac'}='on';}
}
- $fwdfwsettings{'src_addr'}="$ip/$subnet";
-
- if(!&General::validipandmask($fwdfwsettings{'src_addr'})){
+ if ($fwdfwsettings{'isip'} eq 'on'){
+ #check and form valid IP
+ $ip=&General::ip2dec($ip);
+ $ip=&General::dec2ip($ip);
+ #check if net or broadcast
+ my @tmp= split (/\./,$ip);
+ if (($tmp[3] eq "0") || ($tmp[3] eq "255"))
+ {
+ $errormessage=$Lang::tr{'fwhost err hostip'}." ";
+ }
+ $fwdfwsettings{'src_addr'}="$ip/$subnet";
+
+ if(!&General::validipandmask($fwdfwsettings{'src_addr'})){
+ $errormessage.=$Lang::tr{'fwdfw err src_addr'}." ";
+ }
+ }
+ if ($fwdfwsettings{'isip'} ne 'on' && $fwdfwsettings{'ismac'} ne 'on'){
$errormessage.=$Lang::tr{'fwdfw err src_addr'}." ";
}
}elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){
$errormessage.=$Lang::tr{'fwdfw err nosrcip'};
return $errormessage;
}
-
+
#check empty fields
if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}." ";}
#check icmp source
@@ -600,6 +732,15 @@ sub checksource
$fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]";
}
}
+ }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'GRE'){
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ESP'){
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'AH'){
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'ICMP_TYPES'}='';
}elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP'){
$fwdfwsettings{'ICMP_TYPES'}='';
}else{
@@ -607,30 +748,48 @@ sub checksource
$fwdfwsettings{'SRC_PORT'}='';
$fwdfwsettings{'PROT'}='';
}
-
- if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP' && $fwdfwsettings{'SRC_PORT'} ne ''){
- #change dashes with :
- $fwdfwsettings{'SRC_PORT'}=~ tr/-/:/;
-
- if ($fwdfwsettings{'SRC_PORT'} eq "*") {
- $fwdfwsettings{'SRC_PORT'} = "1:65535";
- }
- if ($fwdfwsettings{'SRC_PORT'} =~ /^(\D)\:(\d+)$/) {
- $fwdfwsettings{'SRC_PORT'} = "1:$2";
- }
- if ($fwdfwsettings{'SRC_PORT'} =~ /^(\d+)\:(\D)$/) {
- $fwdfwsettings{'SRC_PORT'} = "$1:65535";
+
+ if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'SRC_PORT'} ne ''){
+ my @parts=split(",",$fwdfwsettings{'SRC_PORT'});
+ my @values=();
+ foreach (@parts){
+ chomp($_);
+ if ($_ =~ /^(\d+)\:(\d+)$/) {
+ my $check;
+ #change dashes with :
+ $_=~ tr/-/:/;
+ if ($_ eq "*") {
+ push(@values,"1:65535");
+ $check='on';
+ }
+ if ($_ =~ /^(\D)\:(\d+)$/) {
+ push(@values,"1:$2");
+ $check='on';
+ }
+ if ($_ =~ /^(\d+)\:(\D)$/) {
+ push(@values,"$1:65535");
+ $check='on'
+ }
+ $errormessage .= &General::validportrange($_, 'destination');
+ if(!$check){
+ push (@values,$_);
+ }
+ }else{
+ if (&General::validport($_)){
+ push (@values,$_);
+ }else{
+
+ }
+ }
}
-
- $errormessage.=&General::validportrange($fwdfwsettings{'SRC_PORT'},'src');
+ $fwdfwsettings{'SRC_PORT'}=join("|",@values);
+ return $errormessage;
}
- return $errormessage;
}
sub checktarget
{
my ($ip,$subnet);
-
-
+
if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){
#check if ip with subnet
if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) {
@@ -645,27 +804,27 @@ sub checktarget
#check and form valid IP
$ip=&General::ip2dec($ip);
$ip=&General::dec2ip($ip);
-
- #check if net or broadcast
- my @tmp= split (/\./,$ip);
- if (($tmp[3] eq "0") || ($tmp[3] eq "255"))
- {
- $errormessage=$Lang::tr{'fwhost err hostip'}." ";
- }
+
+ ##check if net or broadcast
+ #my @tmp= split (/\./,$ip);
+ #if ($tmp[3] eq "0" || ($tmp[3] eq "255"))
+ #{
+ #$errormessage=$Lang::tr{'fwhost err hostip'}." ";
+ #}
$fwdfwsettings{'tgt_addr'}="$ip/$subnet";
if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
$errormessage.=$Lang::tr{'fwdfw err tgt_addr'}." ";
}
-
+
}elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){
$errormessage.=$Lang::tr{'fwdfw err notgtip'};
return $errormessage;
}
-
+
#check empty fields
if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}." ";}
-
+
#check tgt services
if ($fwdfwsettings{'USESRV'} eq 'ON'){
if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
@@ -681,34 +840,68 @@ sub checktarget
}
}
if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){
- if ($fwdfwsettings{'TGT_PROT'} ne 'ICMP'){
+ if ($fwdfwsettings{'TGT_PROT'} eq 'TCP' || $fwdfwsettings{'TGT_PROT'} eq 'UDP'){
if ($fwdfwsettings{'TGT_PORT'} ne ''){
- #change dashes with :
- $fwdfwsettings{'TGT_PORT'}=~ tr/-/:/;
- if ($fwdfwsettings{'TGT_PORT'} eq "*") {
- $fwdfwsettings{'TGT_PORT'} = "1:65535";
- }
- if ($fwdfwsettings{'TGT_PORT'} =~ /^(\D)\:(\d+)$/) {
- $fwdfwsettings{'TGT_PORT'} = "1:$2";
- }
- if ($fwdfwsettings{'TGT_PORT'} =~ /^(\d+)\:(\D)$/) {
- $fwdfwsettings{'TGT_PORT'} = "$1:65535";
+ my @parts=split(",",$fwdfwsettings{'TGT_PORT'});
+ my @values=();
+ foreach (@parts){
+ chomp($_);
+ if ($_ =~ /^(\d+)\:(\d+)$/) {
+ my $check;
+ #change dashes with :
+ $_=~ tr/-/:/;
+ if ($_ eq "*") {
+ push(@values,"1:65535");
+ $check='on';
+ }
+ if ($_ =~ /^(\D)\:(\d+)$/) {
+ push(@values,"1:$2");
+ $check='on';
+ }
+ if ($_ =~ /^(\d+)\:(\D)$/) {
+ push(@values,"$1:65535");
+ $check='on'
+ }
+ $errormessage .= &General::validportrange($_, 'destination');
+ if(!$check){
+ push (@values,$_);
+ }
+ }else{
+ if (&General::validport($_)){
+ push (@values,$_);
+ }else{
+
+ }
+ }
}
- $errormessage .= &General::validportrange($fwdfwsettings{'TGT_PORT'}, 'destination');
+ $fwdfwsettings{'TGT_PORT'}=join("|",@values);
}
+ }elsif ($fwdfwsettings{'TGT_PROT'} eq 'GRE'){
+ $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
+ $fwdfwsettings{'TGT_PORT'} = '';
+ $fwdfwsettings{'ICMP_TGT'} = '';
+ }elsif($fwdfwsettings{'TGT_PROT'} eq 'ESP'){
+ $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
+ $fwdfwsettings{'TGT_PORT'} = '';
+ $fwdfwsettings{'ICMP_TGT'}='';
+ }elsif($fwdfwsettings{'TGT_PROT'} eq 'AH'){
+ $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
+ $fwdfwsettings{'TGT_PORT'} = '';
+ $fwdfwsettings{'ICMP_TGT'}='';
}elsif ($fwdfwsettings{'TGT_PROT'} eq 'ICMP'){
+ $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
+ $fwdfwsettings{'TGT_PORT'} = '';
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
foreach my $key (keys %icmptypes){
if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwdfwsettings{'ICMP_TGT'}){
-
$fwdfwsettings{'ICMP_TGT'}=$icmptypes{$key}[0];
}
}
}
}
}
-
+
#check targetport
if ($fwdfwsettings{'USESRV'} ne 'ON'){
$fwdfwsettings{'grp3'}='';
@@ -716,17 +909,12 @@ sub checktarget
$fwdfwsettings{'TGT_PROT'}='';
$fwdfwsettings{'ICMP_TGT'}='';
}
-
-
#check timeframe
if($fwdfwsettings{'TIME'} eq 'ON'){
if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && $fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && $fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && $fwdfwsettings{'TIME_SUN'} eq ''){
$errormessage=$Lang::tr{'fwdfw err time'};
}
}
-
-
-
return $errormessage;
}
sub checkrule
@@ -736,45 +924,41 @@ sub checkrule
$errormessage.=$Lang::tr{'fwdfw err remark'}." ";
}
#check if source and target identical
- if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}}){
+ if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ALL'){
$errormessage.=$Lang::tr{'fwdfw err same'};
return $errormessage;
}
-
+
#get source and targetip address if possible
my ($sip,$scidr,$tip,$tcidr);
($sip,$scidr)=&get_ip("src","grp1");
($tip,$tcidr)=&get_ip("tgt","grp2");
-
-
-
+
#check same iprange in source and target
if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){
-
my $networkip1=&General::getnetworkip($sip,$scidr);
my $networkip2=&General::getnetworkip($tip,$tcidr);
if ($scidr gt $tcidr){
- if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr)) ){
+ if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr))){
$errormessage.=$Lang::tr{'fwdfw err samesub'};
}
}elsif($scidr eq $tcidr && $scidr eq '32'){
- my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(".",$networkip1);
- my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(".",$networkip2);
+ my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(/\./,$networkip1);
+ my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(/\./,$networkip2);
if ($sbyte1 eq $tbyte1 && $sbyte2 eq $tbyte2 && $sbyte3 eq $tbyte3){
$hint=$Lang::tr{'fwdfw hint ip1'}." ";
$hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr ";
}
-
}else{
if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
$errormessage.=$Lang::tr{'fwdfw err samesub'};
}
}
}
-
+
#check source and destination protocol if manual
if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){
- if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
+ if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
$errormessage.=$Lang::tr{'fwdfw err prot'};
}
#check source and destination protocol if source manual and dest servicegrp
@@ -790,7 +974,6 @@ sub checkrule
}
}
}
-
}
sub get_ip
{
@@ -841,7 +1024,6 @@ sub get_ip
}
}
}
-
return $a,$b;
}
sub newrule
@@ -857,14 +1039,12 @@ sub newrule
&General::readhasharray("$configgrp", \%customgrp);
&General::readhasharray("$configipsec", \%ipsecconf);
&General::get_aliases(\%aliases);
-
-
my %checked=();
my $helper;
+ my $sum=0;
if($fwdfwsettings{'config'} eq ''){$fwdfwsettings{'config'}=$configfwdfw;}
my $config=$fwdfwsettings{'config'};
my %hash=();
-
$checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
$checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
$checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
@@ -883,12 +1063,13 @@ sub newrule
$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
-
#check if update and get values
if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){
&General::readhasharray("$config", \%hash);
foreach my $key (sort keys %hash){
+ $sum++;
if ($key eq $fwdfwsettings{'key'}){
+ $fwdfwsettings{'oldrulenumber'} = $fwdfwsettings{'key'};
$fwdfwsettings{'RULE_ACTION'} = $hash{$key}[0];
$fwdfwsettings{'ACTIVE'} = $hash{$key}[2];
$fwdfwsettings{'grp1'} = $hash{$key}[3];
@@ -916,7 +1097,6 @@ sub newrule
$fwdfwsettings{'TIME_SUN'} = $hash{$key}[25];
$fwdfwsettings{'TIME_FROM'} = $hash{$key}[26];
$fwdfwsettings{'TIME_TO'} = $hash{$key}[27];
-
$checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
$checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
$checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
@@ -944,13 +1124,14 @@ sub newrule
$fwdfwsettings{'oldgrp3a'}=$fwdfwsettings{'grp3'};
$fwdfwsettings{'oldgrp3b'}=$fwdfwsettings{$fwdfwsettings{'grp3'}};
$fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'};
+ $fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'};
}else{
$fwdfwsettings{'ACTIVE'}='ON';
$checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
}
-
+
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
-
+
print <
@@ -958,35 +1139,38 @@ print <$_";
+ if($fwdfwsettings{'updatefwrule'} eq 'on'){
+ print"$_ ";
}else{
- print"$_ ";
+ if($fwdfwsettings{'POLICY'} eq 'MODE2'){
+ $fwdfwsettings{'RULE_ACTION'} = 'DROP';
+ }
+
+ if ($_ eq $fwdfwsettings{'RULE_ACTION'})
+ {
+ print"$_ ";
+ }else{
+ print"$_ ";
+ }
}
}
print"
";
-
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'});
-
-
#------SOURCE-------------------------------------------------------
print<
$Lang::tr{'fwdfw sourceip'}
$Lang::tr{'fwhost stdnet'}
-
END
foreach my $network (sort keys %defaultNetworks)
{
next if($defaultNetworks{$network}{'LOCATION'} eq "IPCOP");
+ next if($defaultNetworks{$network}{'NAME'} eq "RED");
print "$network ";
@@ -1029,7 +1213,7 @@ END
}
print<
-
+
$Lang::tr{'fwhost cust grp'}
END
foreach my $key (sort { uc($customgrp{$a}[0]) cmp uc($customgrp{$b}[0]) } keys %customgrp) {
@@ -1037,8 +1221,6 @@ END
print"$customgrp{$key}[0] ";
-
-
}
$helper=$customgrp{$key}[0];
}
@@ -1057,7 +1239,7 @@ END
print<
END
-
+
# $Lang::tr{'fwhost ipsec host'}
#END
# foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
@@ -1068,15 +1250,12 @@ END
# }
# }
print<
-
-
$Lang::tr{'fwdfw use srcport'}
$Lang::tr{'fwdfw man port'}
END
- foreach ("TCP","UDP","GRE","ICMP")
+ foreach ("TCP","UDP","GRE","ESP","AH","ICMP")
{
if ($_ eq $fwdfwsettings{'PROT'})
{
@@ -1085,9 +1264,10 @@ END
print"$_ ";
}
}
+ $fwdfwsettings{'SRC_PORT'}=~ s/\|/,/g;
print<
- $Lang::tr{'fwhost icmptype'}
+
+ $Lang::tr{'fwhost icmptype'}
END
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
print"All ICMP-Types ";
@@ -1099,7 +1279,7 @@ END
}
}
print<
+
END
&Header::closebox();
@@ -1110,21 +1290,20 @@ END
$Lang::tr{'fwdfw targetip'} IPFire ($Lang::tr{'external access'})
END
print "Default IP ";
-
+
foreach my $alias (sort keys %aliases)
{
print "$alias ";
}
-
+
print<
$Lang::tr{'fwhost stdnet'}
-
END
-
foreach my $network (sort keys %defaultNetworks)
{
+ next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
print "$network ";
@@ -1133,7 +1312,6 @@ END
$Lang::tr{'fwhost ccdnet'}
END
&fillselect(\%ccdnet,$fwdfwsettings{$fwdfwsettings{'grp2'}});
-
print<
$Lang::tr{'fwhost cust net'}
@@ -1167,7 +1345,6 @@ END
}
print<
-
$Lang::tr{'fwhost cust grp'}
END
$helper='';
@@ -1193,7 +1370,6 @@ END
print<
END
-
# $Lang::tr{'fwhost ipsec host'}
#END
# foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
@@ -1207,23 +1383,23 @@ END
$Lang::tr{'fwhost attention'}:
$Lang::tr{'fwhost macwarn'}
-
+
$Lang::tr{'fwdfw use srv'} $Lang::tr{'fwhost cust service'}
END
&General::readhasharray("$configsrv", \%customservice);
- foreach my $key (sort keys %customservice){
+ foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){
print"$customservice{$key}[0] ";
}
print<
- $Lang::tr{'fwhost cust srvgrp'}:
+ $Lang::tr{'fwhost cust srvgrp'}:
END
&General::readhasharray("$configsrvgrp", \%customservicegrp);
my $helper;
- foreach my $key (sort keys %customservicegrp){
+ foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) } keys %customservicegrp){
if ($helper ne $customservicegrp{$key}[0]){
print"
$Lang::tr{'fwdfw man port'}
END
- foreach ("TCP","UDP","GRE","ICMP")
+ foreach ("TCP","UDP","GRE","ESP","AH","ICMP")
{
if ($_ eq $fwdfwsettings{'TGT_PROT'})
{
@@ -1244,9 +1420,10 @@ END
print"$_ ";
}
}
+ $fwdfwsettings{'TGT_PORT'} =~ s/\|/,/g;
print<
- $Lang::tr{'fwhost icmptype'}
+
+ $Lang::tr{'fwhost icmptype'}
END
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
print"All ICMP-Types ";
@@ -1259,17 +1436,33 @@ END
}
print<
-
-
+
+
END
+ &Header::closebox;
#---Activate/logging/remark-------------------------------------
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'});
print<
- $Lang::tr{'remark'}:
+ $Lang::tr{'remark'}:
+END
+ if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on'){
+ print "$Lang::tr{'fwdfw rulepos'}: ";
+ for (my $count =1; $count <= $sum; $count++){
+ print"$count ";
+ }
+ print" ";
+ }else{
+ print "$Lang::tr{'fwdfw rulepos'}: ";
+ }
+
+ print<
+
END
&Header::closebox();
#---ADD TIMEFRAME-----------------------------------------------
@@ -1281,7 +1474,6 @@ END
$Lang::tr{'time'}:
$Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'}
-
$Lang::tr{'advproxy from'}
$Lang::tr{'advproxy to'}
@@ -1294,9 +1486,8 @@ END
-
+
-
END
for (my $i=0;$i<=23;$i++) {
@@ -1319,18 +1510,19 @@ END
print "\t\t\t\t\t$i:$j \n";
}
}
- print<
-
+
END
- &Header::closebox();
+
#---ACTION------------------------------------------------------
if($fwdfwsettings{'updatefwrule'} ne 'on'){
print<
-
+
+
END
}else{
@@ -1344,9 +1536,10 @@ END
-
+
+
+
END
}
@@ -1354,12 +1547,35 @@ END
}
sub saverule
{
-
my $hash=shift;
my $config=shift;
&General::readhasharray("$config", $hash);
if (!$errormessage){
- if ($fwdfwsettings{'updatefwrule'} ne 'on' ){
+ #check if we change an forward rule to an external access
+ if( $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'oldgrp2a'} ne 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ &changerule($configfwdfw);
+ }
+ #check if we change an forward rule to an outgoing
+ if( $fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' && $fwdfwsettings{'oldgrp1b'} ne 'IPFire' && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ &changerule($configfwdfw);
+ }
+ #check if we change an external access rule to a forward
+ if( $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ &changerule($configinput);
+ }
+ #check if we change an external access rule to a outgoing
+ if( $fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' && $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ &changerule($configinput);
+ }
+ #check if we change an outgoing rule to a forward
+ if( $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'IPFire' && $fwdfwsettings{'oldgrp1b'} eq 'IPFire' && $fwdfwsettings{'grp2'} ne 'ipfire' &&$fwdfwsettings{'updatefwrule'} eq 'on'){
+ &changerule($configoutgoing);
+ }
+ #check if we change an outgoing rule to a external access
+ if( $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'IPFire' && $fwdfwsettings{'oldgrp1b'} eq 'IPFire' && $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ &changerule($configoutgoing);
+ }
+ if ($fwdfwsettings{'updatefwrule'} ne 'on'){
my $key = &General::findhasharraykey ($hash);
$$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
$$hash{$key}[1] = $fwdfwsettings{'chain'};
@@ -1391,7 +1607,7 @@ sub saverule
$$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
&General::writehasharray("$config", $hash);
}else{
- foreach my $key (sort keys %$hash){
+ foreach my $key (sort {$a <=> $b} keys %$hash){
if($key eq $fwdfwsettings{'key'}){
$$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
$$hash{$key}[1] = $fwdfwsettings{'chain'};
@@ -1424,7 +1640,62 @@ sub saverule
last;
}
}
+ }
+ &General::writehasharray("$config", $hash);
+ if($fwdfwsettings{'oldrulenumber'} > $fwdfwsettings{'rulepos'}){
+ my %tmp=();
+ my $val=$fwdfwsettings{'oldrulenumber'}-$fwdfwsettings{'rulepos'};
+ for (my $z=0;$z<$val;$z++){
+ foreach my $key (sort {$a <=> $b} keys %$hash){
+ if ($key eq $fwdfwsettings{'oldrulenumber'}) {
+ my $last = $key -1;
+ if (exists $$hash{$last}){
+ #save rule last
+ foreach my $y (0 .. $#{$$hash{$last}}) {
+ $tmp{0}[$y] = $$hash{$last}[$y];
+ }
+ #copy active rule to last
+ foreach my $i (0 .. $#{$$hash{$last}}) {
+ $$hash{$last}[$i] = $$hash{$key}[$i];
+ }
+ #copy saved rule to actual position
+ foreach my $x (0 .. $#{$tmp{0}}) {
+ $$hash{$key}[$x] = $tmp{0}[$x];
+ }
+ }
+ }
+ }
+ $fwdfwsettings{'oldrulenumber'}--;
+ }
&General::writehasharray("$config", $hash);
+ &rules;
+ }elsif($fwdfwsettings{'rulepos'} > $fwdfwsettings{'oldrulenumber'}){
+ my %tmp=();
+ my $val=$fwdfwsettings{'rulepos'}-$fwdfwsettings{'oldrulenumber'};
+ for (my $z=0;$z<$val;$z++){
+ foreach my $key (sort {$a <=> $b} keys %$hash){
+ if ($key eq $fwdfwsettings{'oldrulenumber'}) {
+ my $next = $key + 1;
+ if (exists $$hash{$next}){
+ #save rule next
+ foreach my $y (0 .. $#{$$hash{$next}}) {
+ $tmp{0}[$y] = $$hash{$next}[$y];
+ }
+ #copy active rule to next
+ foreach my $i (0 .. $#{$$hash{$next}}) {
+ $$hash{$next}[$i] = $$hash{$key}[$i];
+ }
+ #copy saved rule to actual position
+ foreach my $x (0 .. $#{$tmp{0}}) {
+ $$hash{$key}[$x] = $tmp{0}[$x];
+ }
+ }
+ }
+ }
+ $fwdfwsettings{'oldrulenumber'}++;
+ }
+ &General::writehasharray("$config", $hash);
+ &rules;
}
}
}
@@ -1455,7 +1726,7 @@ sub get_name
foreach my $network (sort keys %defaultNetworks)
{
return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
- }
+ }
}
sub validremark
{
@@ -1464,16 +1735,16 @@ sub validremark
# Each part should be at least two characters in length
# but no more than 63 characters
- if (length ($remark) < 1 || length ($remark) > 63) {
+ if (length ($remark) < 1 || length ($remark) > 255) {
return 0;}
# Only valid characters are a-z, A-Z, 0-9 and -
- if ($remark !~ /^[a-zäöüA-ZÃÃÃ0-9-\s]*$/) {
+ if ($remark !~ /^[a-zäöüA-ZÃÃÃ0-9-.:;\|_()\/\s]*$/) {
return 0;}
# First character can only be a letter or a digit
if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÃÃÃ0-9]*$/) {
return 0;}
# Last character can only be a letter or a digit
- if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÃÃÃ0-9]*$/) {
+ if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÃÃÃ0-9.:;_)]*$/) {
return 0;}
return 1;
}
@@ -1481,10 +1752,11 @@ sub getsrcport
{
my %hash=%{(shift)};
my $key=shift;
- if($hash{$key}[7] eq 'ON' && $hash{$key}[8] ne 'ICMP'){
- print" : ($hash{$key}[8]) $hash{$key}[10]";
+ if($hash{$key}[7] eq 'ON' && $hash{$key}[8] ne '' && $hash{$key}[10]){
+ $hash{$key}[10]=~ s/\|/,/g;
+ print": $hash{$key}[10]";
}elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){
- print" : ($hash{$key}[8]) $hash{$key}[9]";
+ print": $hash{$key}[9] ";
}
}
sub gettgtport
@@ -1493,40 +1765,64 @@ sub gettgtport
my $key=shift;
my $service;
my $prot;
-
if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){
if($hash{$key}[14] eq 'cust_srv'){
&General::readhasharray("$configsrv", \%customservice);
foreach my $i (sort keys %customservice){
- #print "HHUHU: $customservice{$i}[0] und $hash{$key}[15] ";
if($customservice{$i}[0] eq $hash{$key}[15]){
- $prot = $hash{$key}[12];
$service = $customservice{$i}[0];
}
}
}elsif($hash{$key}[14] eq 'cust_srvgrp'){
-
$service=$hash{$key}[15];
}elsif($hash{$key}[14] eq 'TGT_PORT'){
+ $hash{$key}[15]=~ s/\|/,/g;
$service=$hash{$key}[15];
- $prot=$hash{$key}[12];
+ }
+ if($service){
+ print": $service";
}
}elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){
- print" : ($hash{$key}[12]) $hash{$key}[13]";
+ print": $hash{$key}[13]";
}
-
- if ($prot ne '' || $service ne ''){
- print" :";
- if ($prot ne ''){
- print"($prot) ";
+}
+sub get_serviceports
+{
+ my $type=shift;
+ my $name=shift;
+ &General::readhasharray("$configsrv", \%customservice);
+ &General::readhasharray("$configsrvgrp", \%customservicegrp);
+ my $protocols;
+ my $tcp;
+ my $udp;
+ if($type eq 'service'){
+ foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){
+ if ($customservice{$key}[0] eq $name){
+ $protocols=$customservice{$key}[2];
+ }
+ }
+ }elsif($type eq 'group'){
+ foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) } keys %customservicegrp){
+ if ($customservicegrp{$key}[0] eq $name){
+ foreach my $key1 (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){
+ if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
+ if($customservice{$key1}[2] eq 'TCP'){$tcp='TCP';}else{$udp='UDP';}
+ }
+ }
+ }
}
- print" $service";
}
+ if($tcp && $udp){$protocols="TCP,UDP";
+ }elsif($tcp){$protocols.="TCP";
+ }elsif($udp){$protocols.="UDP";}
+ return $protocols;
}
sub viewtablerule
{
+ &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
&viewtablenew(\%configfwdfw,$configfwdfw,$Lang::tr{'fwdfw rules'},"Forward" );
&viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'external access'} );
+ &viewtablenew(\%configoutgoingfw,$configoutgoing,"","Outgoing" );
}
sub viewtablenew
{
@@ -1534,8 +1830,11 @@ sub viewtablenew
my $config=shift;
my $title=shift;
my $title1=shift;
-
- if ( ! -z "$config"){
+ my $go='';
+ &General::get_aliases(\%aliases);
+ &General::readhasharray("$config", $hash);
+ if( ! -z $config){
+ if ($title1 eq $Lang::tr{'external access'} || $title1 eq 'Outgoing'){print" ";}
&Header::openbox('100%', 'left',$title);
my $count=0;
my ($gif,$log);
@@ -1544,11 +1843,11 @@ sub viewtablenew
my $tooltip;
my @tmpsrc=();
my $coloryellow='';
- &General::readhasharray("$config", $hash);
print"$title1 ";
- print"";
- print"# $Lang::tr{'fwdfw source'} Log $Lang::tr{'fwdfw target'} $Lang::tr{'remark'} $Lang::tr{'fwdfw action'} ";
- foreach my $key (sort keys %$hash){
+ print"";
+ print"# $Lang::tr{'fwdfw source'} Log $Lang::tr{'fwdfw target'} $Lang::tr{'protocol'} $Lang::tr{'fwdfw time'} $Lang::tr{'fwdfw action'} ";
+ foreach my $key (sort {$a <=> $b} keys %$hash){
+ $tdcolor='';
@tmpsrc=();
#check if vpn hosts/nets have been deleted
if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){
@@ -1557,14 +1856,12 @@ sub viewtablenew
if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /ovpn/i){
push (@tmpsrc,$$hash{$key}[6]);
}
-
foreach my $host (@tmpsrc){
if($$hash{$key}[3] eq 'ipsec_net_src' || $$hash{$key}[5] eq 'ipsec_net_tgt'){
- if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
+ if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
$coloryellow='on';
&disable_rule($key);
$$hash{$key}[2]='';
-
}
}elsif($$hash{$key}[3] eq 'ovpn_net_src' || $$hash{$key}[5] eq 'ovpn_net_tgt'){
if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
@@ -1585,27 +1882,25 @@ sub viewtablenew
$$hash{$key}[2]='';
}
}
- $$hash{$key}[3]='';
- $$hash{$key}[5]='';
+ #$$hash{$key}[3]='';
+ #$$hash{$key}[5]='';
}
-
$$hash{'ACTIVE'}=$$hash{$key}[2];
$count++;
-
if($coloryellow eq 'on'){
print"";
$coloryellow='';
}elsif($coloryellow eq ''){
if ($count % 2){
- print" ";
+ $color="$color{'color22'}";
}
else{
- print" ";
+ $color="$color{'color20'}";
}
}
-
+ print" ";
print<$key
+ $key
END
if ($$hash{$key}[0] eq 'ACCEPT'){
$ruletype='A';
@@ -1620,13 +1915,15 @@ END
$tooltip='REJECT';
$rulecolor=$color{'color16'};
}
- print"$ruletype ";
- print"";
+ print" $ruletype ";
+ &getcolor($$hash{$key}[3],$$hash{$key}[4]);
+ print"";
if ($$hash{$key}[3] eq 'std_net_src'){
print &get_name($$hash{$key}[4]);
}else{
print $$hash{$key}[4];
}
+ $tdcolor='';
&getsrcport(\%$hash,$key);
if ($$hash{$key}[17] eq 'ON'){
$log="/images/on.gif";
@@ -1635,59 +1932,82 @@ END
}
print<
-
END
-
+ &getcolor($$hash{$key}[5],$$hash{$key}[6]);
print<
+
END
if ($$hash{$key}[5] eq 'std_net_tgt'){
print &get_name($$hash{$key}[6]);
}else{
print $$hash{$key}[6];
}
+ $tdcolor='';
&gettgtport(\%$hash,$key);
- ################################################################################
- print" $$hash{$key}[16] ";
-
+ print" ";
+ #Get Protocol
+ my $prot;
+ if ($$hash{$key}[12]){ #target prot if manual
+ $prot=$$hash{$key}[12];
+ }elsif($$hash{$key}[8]){ #source prot if manual
+ $prot=$$hash{$key}[8];
+ }elsif($$hash{$key}[14] eq 'cust_srv'){
+ $prot=&get_serviceports("service",$$hash{$key}[15]);
+ }elsif($$hash{$key}[14] eq 'cust_srvgrp'){
+ $prot=&get_serviceports("group",$$hash{$key}[15]);
+ }else{
+ $prot=$Lang::tr{'all'};
+ }
+ print"$prot ";
+ if ($$hash{$key}[18] eq 'ON'){
+ my @days=();
+ if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});}
+ if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});}
+ if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});}
+ if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});}
+ if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});}
+ if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});}
+ if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});}
+ my $weekdays=join(",",@days);
+ if (@days){
+ print"$weekdays   $$hash{$key}[26] - $$hash{$key}[27] ";
+ }
+ }else{
+ print"24/7 ";
+ }
if($$hash{$key}[2] eq 'ON'){
$gif="/images/on.gif"
}else{
$gif="/images/off.gif"
-
}
print<
-
+
-
-
-
-
END
}else{
- print" ";
- }
- #if timeframe set, print new line in table
- if ($$hash{$key}[18] eq 'ON'){
- my @days=();
- if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});}
- if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});}
- if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});}
- if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});}
- if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});}
- if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});}
- if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});}
-
- my $weekdays=join(",",@days);
-
- if (@days){
- print"$Lang::tr{'fwdfw time'} ";
- print"$weekdays";
- print "  $Lang::tr{'fwdfw from'} $$hash{$key}[26]   $Lang::tr{'fwdfw till'} $$hash{$key}[27] ";
- }
+ print" ";
}
+ #REMARK
+ print"";
+ print"$Lang::tr{'remark'}:  $$hash{$key}[16] ";
}
print"
";
&Header::closebox();
+ print " ";
+ }
+}
+sub getcolor
+{
+ my $nettype=shift;
+ my $val=shift;
+ if($optionsfw{'SHOWCOLORS'} eq 'on'){
+ if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq 'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || $nettype eq 'ovpn_host_tgt'){
+ $tdcolor="style='border: 2px solid $Header::colourovpn;'";
+ return;
+ }
+ if ($nettype eq 'ipsec_net_src' || $nettype eq 'ipsec_net_tgt'){
+ $tdcolor="style='border: 2px solid $Header::colourvpn;'";
+ return;
+ }
+ foreach my $alias (sort keys %aliases)
+ {
+ if ($val eq $alias){
+ $tdcolor="style='border: 2px solid red;'";
+ return;
+ }
+ }
+ if ($val eq 'GREEN'){
+ $tdcolor="style='border: 2px solid $Header::colourgreen;'";
+ }elsif ($val eq 'ORANGE'){
+ $tdcolor="style='border: 2px solid $Header::colourorange;'";
+ }elsif ($val eq 'BLUE'){
+ $tdcolor="style='border: 2px solid $Header::colourblue;'";
+ }elsif ($val eq 'RED'){
+ $tdcolor="style='border: 2px solid $Header::colourred;'";
+ }elsif ($val eq 'IPFire' ){
+ $tdcolor="style='border: 2px solid $Header::colourred;'";
+ }elsif($val =~ /^(.*?)\/(.*?)$/){
+ my ($sip,$scidr) = split ("/",$val);
+ if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
+ $tdcolor="style='border: 2px solid $Header::colourorange;'";
+ }
+ if ( &General::IpInSubnet($sip,$netsettings{'GREEN_ADDRESS'},$netsettings{'GREEN_NETMASK'})){
+ $tdcolor="style='border: 2px solid $Header::colourgreen;'";
+ }
+ if ( &General::IpInSubnet($sip,$netsettings{'BLUE_ADDRESS'},$netsettings{'BLUE_NETMASK'})){
+ $tdcolor="style='border: 2px solid $Header::colourblue;'";
+ }
+ }elsif ($val eq 'Default IP'){
+ $tdcolor="style='border: 2px solid red;'";
+ }else{
+ $tdcolor='';
+ }
}
-
}
sub fillselect
{
my %hash=%{(shift)};
my $val=shift;
my $key;
- foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash)
- {
- if($hash{$key}[0] eq $val){
- print"$hash{$key}[0] ";
- }else{
- print"$hash{$key}[0] ";
- }
+ foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
+ if($hash{$key}[0] eq $val){
+ print"$hash{$key}[0] ";
+ }else{
+ print"$hash{$key}[0] ";
}
+ }
}
sub rules
{
if (!-f "${General::swroot}/forward/reread"){
system("touch ${General::swroot}/forward/reread");
+ system("touch ${General::swroot}/fwhosts/reread");
}
}
sub reread_rules
{
system("/usr/local/bin/forwardfwctrl");
- system("rm ${General::swroot}/forward/reread");
+ if ( -f "${General::swroot}/forward/reread"){
+ system("rm ${General::swroot}/forward/reread");
+ system("rm ${General::swroot}/fwhosts/reread");
+ }
}
&Header::closebigbox();
&Header::closepage();