$Lang::tr{'fwhost cust srvgrp'}:
+ $Lang::tr{'fwhost cust srvgrp'}:
END
&General::readhasharray("$configsrvgrp", \%customservicegrp);
my $helper;
@@ -1352,7 +1423,7 @@ END
$fwdfwsettings{'TGT_PORT'} =~ s/\|/,/g;
print<
- $Lang::tr{'fwhost icmptype'}
+ $Lang::tr{'fwhost icmptype'}
END
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
print"All ICMP-Types ";
@@ -1365,9 +1436,10 @@ END
}
print<
-
+
END
+ &Header::closebox;
#---Activate/logging/remark-------------------------------------
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'});
print<
+
END
&Header::closebox();
#---ADD TIMEFRAME-----------------------------------------------
@@ -1440,9 +1512,9 @@ END
}
print<
-
+
END
- &Header::closebox();
+
#---ACTION------------------------------------------------------
if($fwdfwsettings{'updatefwrule'} ne 'on'){
print< $fwdfwsettings{'rulepos'}){
my %tmp=();
my $val=$fwdfwsettings{'oldrulenumber'}-$fwdfwsettings{'rulepos'};
for (my $z=0;$z<$val;$z++){
@@ -1573,7 +1669,7 @@ sub saverule
}
&General::writehasharray("$config", $hash);
&rules;
- }elsif($fwdfwsettings{'rulepos'} gt $fwdfwsettings{'oldrulenumber'}){
+ }elsif($fwdfwsettings{'rulepos'} > $fwdfwsettings{'oldrulenumber'}){
my %tmp=();
my $val=$fwdfwsettings{'rulepos'}-$fwdfwsettings{'oldrulenumber'};
for (my $z=0;$z<$val;$z++){
@@ -1642,13 +1738,13 @@ sub validremark
if (length ($remark) < 1 || length ($remark) > 255) {
return 0;}
# Only valid characters are a-z, A-Z, 0-9 and -
- if ($remark !~ /^[a-zäöüA-ZÃÃÃ0-9-.:_\/\s]*$/) {
+ if ($remark !~ /^[a-zäöüA-ZÃÃÃ0-9-.:;\|_()\/\s]*$/) {
return 0;}
# First character can only be a letter or a digit
if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÃÃÃ0-9]*$/) {
return 0;}
# Last character can only be a letter or a digit
- if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÃÃÃ0-9.]*$/) {
+ if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÃÃÃ0-9.:;_)]*$/) {
return 0;}
return 1;
}
@@ -1723,11 +1819,10 @@ sub get_serviceports
}
sub viewtablerule
{
-
+ &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
&viewtablenew(\%configfwdfw,$configfwdfw,$Lang::tr{'fwdfw rules'},"Forward" );
- &viewtablenew(\%configfwdfw,$configfwdfw,'',"DMZ" );
- &viewtablenew(\%configfwdfw,$configfwdfw,'',"WLAN" );
&viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'external access'} );
+ &viewtablenew(\%configoutgoingfw,$configoutgoing,"","Outgoing" );
}
sub viewtablenew
{
@@ -1736,24 +1831,11 @@ sub viewtablenew
my $title=shift;
my $title1=shift;
my $go='';
+ &General::get_aliases(\%aliases);
+ &General::readhasharray("$confighost", \%customhost);
&General::readhasharray("$config", $hash);
- #check if there are DMZ entries
- if ($title1 eq 'DMZ'){
- foreach my $key (keys %$hash){
- if ($$hash{$key}[4] eq 'ORANGE'){$go='on';last}
- }
- }elsif($title1 eq 'WLAN'){
- foreach my $key (keys %$hash){
- if ($$hash{$key}[4] eq 'BLUE'){$go='on';last}
- }
- }elsif($title1 eq 'Forward'){
- foreach my $key (keys %$hash){
- if (($$hash{$key}[4] ne 'ORANGE' && $$hash{$key}[4] ne 'BLUE')){$go='on';last}
- }
- }elsif( ! -z $config){
- $go='on';
- }
- if($go ne ''){
+ if( ! -z $config){
+ if ($title1 eq $Lang::tr{'external access'} || $title1 eq 'Outgoing'){print" ";}
&Header::openbox('100%', 'left',$title);
my $count=0;
my ($gif,$log);
@@ -1763,13 +1845,10 @@ sub viewtablenew
my @tmpsrc=();
my $coloryellow='';
print"$title1 ";
- print"";
- print"# $Lang::tr{'fwdfw source'} Log $Lang::tr{'fwdfw target'} $Lang::tr{'protocol'} $Lang::tr{'remark'} $Lang::tr{'fwdfw action'} ";
+ print"";
+ print"# $Lang::tr{'fwdfw source'} Log $Lang::tr{'fwdfw target'} $Lang::tr{'protocol'} $Lang::tr{'fwdfw time'} $Lang::tr{'fwdfw action'} ";
foreach my $key (sort {$a <=> $b} keys %$hash){
- #check if we have a FORWARDFW OR DMZ RULE
- if ($title1 eq 'DMZ' && ($$hash{$key}[4] ne 'ORANGE')){next;}
- if ($title1 eq 'WLAN' && ($$hash{$key}[4] ne 'BLUE')){next;}
- if ($title1 eq 'Forward' && ($$hash{$key}[4] eq 'ORANGE' || $$hash{$key}[4] eq 'BLUE')){next;}
+ $tdcolor='';
@tmpsrc=();
#check if vpn hosts/nets have been deleted
if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){
@@ -1804,8 +1883,8 @@ sub viewtablenew
$$hash{$key}[2]='';
}
}
- $$hash{$key}[3]='';
- $$hash{$key}[5]='';
+ #$$hash{$key}[3]='';
+ #$$hash{$key}[5]='';
}
$$hash{'ACTIVE'}=$$hash{$key}[2];
$count++;
@@ -1814,14 +1893,15 @@ sub viewtablenew
$coloryellow='';
}elsif($coloryellow eq ''){
if ($count % 2){
- print"";
+ $color="$color{'color22'}";
}
else{
- print" ";
+ $color="$color{'color20'}";
}
}
+ print" ";
print<$key
+ $key
END
if ($$hash{$key}[0] eq 'ACCEPT'){
$ruletype='A';
@@ -1836,13 +1916,15 @@ END
$tooltip='REJECT';
$rulecolor=$color{'color16'};
}
- print"$ruletype ";
- print"";
+ print" $ruletype ";
+ &getcolor($$hash{$key}[3],$$hash{$key}[4],\%customhost);
+ print"";
if ($$hash{$key}[3] eq 'std_net_src'){
print &get_name($$hash{$key}[4]);
}else{
print $$hash{$key}[4];
}
+ $tdcolor='';
&getsrcport(\%$hash,$key);
if ($$hash{$key}[17] eq 'ON'){
$log="/images/on.gif";
@@ -1852,22 +1934,23 @@ END
print<
END
+ &getcolor($$hash{$key}[5],$$hash{$key}[6],\%customhost);
print<
+
END
if ($$hash{$key}[5] eq 'std_net_tgt'){
print &get_name($$hash{$key}[6]);
}else{
print $$hash{$key}[6];
}
+ $tdcolor='';
&gettgtport(\%$hash,$key);
- ################################################################################
print" ";
#Get Protocol
my $prot;
@@ -1883,9 +1966,22 @@ END
$prot=$Lang::tr{'all'};
}
print"$prot ";
-
- print"$$hash{$key}[16] ";
-
+ if ($$hash{$key}[18] eq 'ON'){
+ my @days=();
+ if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});}
+ if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});}
+ if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});}
+ if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});}
+ if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});}
+ if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});}
+ if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});}
+ my $weekdays=join(",",@days);
+ if (@days){
+ print"$weekdays   $$hash{$key}[26] - $$hash{$key}[27] ";
+ }
+ }else{
+ print"24/7 ";
+ }
if($$hash{$key}[2] eq 'ON'){
$gif="/images/on.gif"
@@ -1894,25 +1990,25 @@ END
}
print<
-
+
END
}else{
- print" ";
+ print" ";
}
- #if timeframe set, print new line in table
- if ($$hash{$key}[18] eq 'ON'){
- my @days=();
- if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});}
- if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});}
- if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});}
- if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});}
- if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});}
- if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});}
- if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});}
- my $weekdays=join(",",@days);
- if (@days){
- print"$Lang::tr{'fwdfw time'} ";
- print"$weekdays";
- print "  $Lang::tr{'fwdfw from'} $$hash{$key}[26]   $Lang::tr{'fwdfw till'} $$hash{$key}[27] ";
- }
+ #REMARK
+ if ($optionsfw{'SHOWREMARK'} eq 'on'){
+ print"";
+ print"$Lang::tr{'remark'}:  $$hash{$key}[16] ";
}
}
print"
";
&Header::closebox();
+ print " ";
}
}
-sub p2pblock
+sub getcolor
{
- my $gif;
- open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
- @p2ps = ;
- close FILE;
- &Header::openbox('100%', 'center', 'P2P-Block');
- print <
- $Lang::tr{'protocol'} $Lang::tr{'status'}
-END
- foreach my $p2pentry (sort @p2ps)
- {
- my @p2pline = split( /\;/, $p2pentry );
- if($p2pline[2] eq 'on'){
- $gif="/images/on.gif"
+ my $nettype=shift;
+ my $val=shift;
+ my $hash=shift;
+ if($optionsfw{'SHOWCOLORS'} eq 'on'){
+ #VPN networks
+ if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq 'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || $nettype eq 'ovpn_host_tgt'){
+ $tdcolor="style='border: 2px solid $Header::colourovpn;'";
+ return;
+ }
+ if ($nettype eq 'ipsec_net_src' || $nettype eq 'ipsec_net_tgt'){
+ $tdcolor="style='border: 2px solid $Header::colourvpn;'";
+ return;
+ }
+ #custom Hosts
+ if ($nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){
+ foreach my $key (sort keys %$hash){
+ if ($$hash{$key}[0] eq $val){
+ $val=$$hash{$key}[2];
+ }
+ }
+ }
+ #ALIASE
+ foreach my $alias (sort keys %aliases)
+ {
+ if ($val eq $alias){
+ $tdcolor="style='border: 2px solid red;'";
+ return;
+ }
+ }
+ #standard networks
+ if ($val eq 'GREEN'){
+ $tdcolor="style='border: 2px solid $Header::colourgreen;'";
+ }elsif ($val eq 'ORANGE'){
+ $tdcolor="style='border: 2px solid $Header::colourorange;'";
+ }elsif ($val eq 'BLUE'){
+ $tdcolor="style='border: 2px solid $Header::colourblue;'";
+ }elsif ($val eq 'RED'){
+ $tdcolor="style='border: 2px solid $Header::colourred;'";
+ }elsif ($val eq 'IPFire' ){
+ $tdcolor="style='border: 2px solid $Header::colourred;'";
+ }elsif($val =~ /^(.*?)\/(.*?)$/){
+ my ($sip,$scidr) = split ("/",$val);
+ if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
+ $tdcolor="style='border: 2px solid $Header::colourorange;'";
+ }
+ if ( &General::IpInSubnet($sip,$netsettings{'GREEN_ADDRESS'},$netsettings{'GREEN_NETMASK'})){
+ $tdcolor="style='border: 2px solid $Header::colourgreen;'";
+ }
+ if ( &General::IpInSubnet($sip,$netsettings{'BLUE_ADDRESS'},$netsettings{'BLUE_NETMASK'})){
+ $tdcolor="style='border: 2px solid $Header::colourblue;'";
+ }
+ }elsif ($val eq 'Default IP'){
+ $tdcolor="style='border: 2px solid red;'";
}else{
- $gif="/images/off.gif"
+ $tdcolor='';
}
- print <
-
- $p2pline[0]:
-END
}
- print"$Lang::tr{'outgoing firewall p2p allow'} ";
- print"$Lang::tr{'outgoing firewall p2p deny'}
";
- &Header::closebox();
}
sub fillselect
{
@@ -2010,6 +2126,7 @@ sub rules
{
if (!-f "${General::swroot}/forward/reread"){
system("touch ${General::swroot}/forward/reread");
+ system("touch ${General::swroot}/fwhosts/reread");
}
}
sub reread_rules
@@ -2017,6 +2134,7 @@ sub reread_rules
system("/usr/local/bin/forwardfwctrl");
if ( -f "${General::swroot}/forward/reread"){
system("rm ${General::swroot}/forward/reread");
+ system("rm ${General::swroot}/fwhosts/reread");
}
}
&Header::closebigbox();