X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fforwardfw.cgi;h=6aadb996b428ed02767d02ee16104063600f336a;hp=6ed0a9b2217a330503101d71b61be2369c353930;hb=62fc8511664c6646d706aa42927bac53ac6a5b5f;hpb=55674e0d3877ac07f71e26e0d07dacc6baf5759f diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi index 6ed0a9b22..6aadb996b 100755 --- a/html/cgi-bin/forwardfw.cgi +++ b/html/cgi-bin/forwardfw.cgi @@ -112,54 +112,50 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') $errormessage=&checksource; if(!$errormessage){&checktarget;} if(!$errormessage){&checkrule;} - + #check if we change an forward rule to an external access - if( $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'oldgrp2a'} ne 'ipfire'){ + if( $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'oldgrp2a'} ne 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){ $fwdfwsettings{'updatefwrule'}=''; $fwdfwsettings{'config'}=$configfwdfw; $fwdfwsettings{'nobase'}='on'; &deleterule; + &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); } - + #check if we change an external access rule to an forward - if( $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire'){ + if( $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){ $fwdfwsettings{'updatefwrule'}=''; $fwdfwsettings{'config'}=$configinput; $fwdfwsettings{'nobase'}='on'; &deleterule; + &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); } - #INPUT part if($fwdfwsettings{'grp2'} eq 'ipfire'){ $fwdfwsettings{'chain'} = 'INPUTFW'; #check if we have an identical rule already foreach my $key (sort keys %configinputfw){ if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" - eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[16],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){ - $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; - } + eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[16],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27]"){ + $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; + } } - - &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); - if ($fwdfwsettings{'nobase'} ne 'on'){ - &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); - } - - if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0); - }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - } - - if ($fwdfwsettings{'nobase'} eq 'on'){ - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - } - - + + &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); + if ($fwdfwsettings{'nobase'} ne 'on'){ + &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); + } + if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { + &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0); + }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ + &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + } + &saverule(\%configinputfw,$configinput); - #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}
"; #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; @@ -181,9 +177,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}
"; - - - }else{ $fwdfwsettings{'chain'} = 'FORWARDFW'; #check if we have an identical rule already @@ -196,9 +189,9 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') } #increase counters &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); - + &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); - + if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { @@ -206,14 +199,11 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); } - if ($fwdfwsettings{'nobase'} eq 'on'){ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); } - - &saverule(\%configfwdfw,$configfwdfw); - + #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}
"; #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; @@ -235,9 +225,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}
"; - - - } if ($errormessage){ &newrule; @@ -245,7 +232,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') &rules; &base; } - } if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'reset'}) { @@ -264,12 +250,10 @@ if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'reset'}) $fwdfwsettings{'POLICY'}='MODE0'; system("rm ${General::swroot}/forward/config"); system("rm ${General::swroot}/forward/input"); - %fwdfwsettings = (); - &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); } unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); } - + %fwdfwsettings = (); &reread_rules; } @@ -407,7 +391,7 @@ sub checkcounter }elsif($base1 eq 'cust_srvgrp'){ &dec_counter($configsrvgrp,\%customservicegrp,$val1); } - + if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){ &inc_counter($confignet,\%customnetwork,$val2); }elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){ @@ -426,13 +410,12 @@ sub inc_counter my %hash=%{(shift)}; my $val=shift; my $pos; - + &General::readhasharray($config, \%hash); foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ if($hash{$key}[0] eq $val){ $pos=$#{$hash{$key}}; $hash{$key}[$pos] = $hash{$key}[$pos]+1; - } } &General::writehasharray($config, \%hash); @@ -449,23 +432,21 @@ sub dec_counter if($hash{$key}[0] eq $val){ $pos=$#{$hash{$key}}; $hash{$key}[$pos] = $hash{$key}[$pos]-1; - } } &General::writehasharray($config, \%hash); } sub base { - if ($fwdfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; } if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; } if ($fwdfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; } - + &hint; if ($fwdfwsettings{'POLICY'} ne 'MODE0' && $fwdfwsettings{'POLICY'} ne '') { &addrule; } - + #print""; #foreach (0 .. 40){ #my $i="color".$_; @@ -494,7 +475,7 @@ sub addrule { &error; &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'}); - + print ""; print "
"; print ""; @@ -505,13 +486,13 @@ sub addrule &Header::closebox(); &viewtablerule; - } sub deleterule { my %delhash=(); &General::readhasharray($fwdfwsettings{'config'}, \%delhash); foreach my $key (sort keys %delhash){ + if ($key eq $fwdfwsettings{'key'}){ #check hosts/net and groups &checkcounter($delhash{$key}[3],$delhash{$key}[4],,); @@ -521,11 +502,10 @@ sub deleterule &checkcounter($delhash{$key}[14],$delhash{$key}[15],,); } } - if ($key ge $fwdfwsettings{'key'}) { my $next = $key + 1; if (exists $delhash{$next}) { - foreach my $i (0 .. $#{$configfwdfw{$next}}) { + foreach my $i (0 .. $#{$delhash{$next}}) { $delhash{$key}[$i] = $delhash{$next}[$i]; } } @@ -537,6 +517,7 @@ sub deleterule &General::writehasharray($fwdfwsettings{'config'}, \%delhash); &rules; + if($fwdfwsettings{'nobase'} ne 'on'){ &base; } @@ -552,7 +533,6 @@ sub disable_rule } &General::writehasharray("$configfwdfw", \%configfwdfw); &rules; - } sub checksource { @@ -588,7 +568,7 @@ sub checksource $errormessage.=$Lang::tr{'fwdfw err nosrcip'}; return $errormessage; } - + #check empty fields if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}."
";} #check icmp source @@ -600,6 +580,12 @@ sub checksource $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]"; } } + }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'GRE'){ + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'ICMP_TYPES'}=''; + }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ESP'){ + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'ICMP_TYPES'}=''; }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP'){ $fwdfwsettings{'ICMP_TYPES'}=''; }else{ @@ -607,7 +593,7 @@ sub checksource $fwdfwsettings{'SRC_PORT'}=''; $fwdfwsettings{'PROT'}=''; } - + if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP' && $fwdfwsettings{'SRC_PORT'} ne ''){ #change dashes with : $fwdfwsettings{'SRC_PORT'}=~ tr/-/:/; @@ -621,7 +607,7 @@ sub checksource if ($fwdfwsettings{'SRC_PORT'} =~ /^(\d+)\:(\D)$/) { $fwdfwsettings{'SRC_PORT'} = "$1:65535"; } - + $errormessage.=&General::validportrange($fwdfwsettings{'SRC_PORT'},'src'); } return $errormessage; @@ -629,8 +615,7 @@ sub checksource sub checktarget { my ($ip,$subnet); - - + if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){ #check if ip with subnet if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) { @@ -657,15 +642,15 @@ sub checktarget if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){ $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."
"; } - + }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgtip'}; return $errormessage; } - + #check empty fields if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."
";} - + #check tgt services if ($fwdfwsettings{'USESRV'} eq 'ON'){ if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ @@ -681,7 +666,7 @@ sub checktarget } } if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){ - if ($fwdfwsettings{'TGT_PROT'} ne 'ICMP'){ + if ($fwdfwsettings{'TGT_PROT'} ne 'ICMP' && $fwdfwsettings{'TGT_PROT'} ne 'GRE'){ if ($fwdfwsettings{'TGT_PORT'} ne ''){ #change dashes with : $fwdfwsettings{'TGT_PORT'}=~ tr/-/:/; @@ -696,19 +681,25 @@ sub checktarget } $errormessage .= &General::validportrange($fwdfwsettings{'TGT_PORT'}, 'destination'); } + }elsif ($fwdfwsettings{'TGT_PROT'} eq 'GRE'){ + $fwdfwsettings{'TGT_PORT'} = ''; + $fwdfwsettings{'ICMP_TGT'} = ''; + }elsif($fwdfwsettings{'TGT_PORT'} eq 'ESP'){ + $fwdfwsettings{'TGT_PORT'}=''; + $fwdfwsettings{'ICMP_TGT'}=''; }elsif ($fwdfwsettings{'TGT_PROT'} eq 'ICMP'){ + $fwdfwsettings{'TGT_PORT'} = ''; &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); foreach my $key (keys %icmptypes){ if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwdfwsettings{'ICMP_TGT'}){ - $fwdfwsettings{'ICMP_TGT'}=$icmptypes{$key}[0]; } } } } } - + #check targetport if ($fwdfwsettings{'USESRV'} ne 'ON'){ $fwdfwsettings{'grp3'}=''; @@ -716,17 +707,12 @@ sub checktarget $fwdfwsettings{'TGT_PROT'}=''; $fwdfwsettings{'ICMP_TGT'}=''; } - - #check timeframe if($fwdfwsettings{'TIME'} eq 'ON'){ if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && $fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && $fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && $fwdfwsettings{'TIME_SUN'} eq ''){ $errormessage=$Lang::tr{'fwdfw err time'}; } } - - - return $errormessage; } sub checkrule @@ -740,17 +726,14 @@ sub checkrule $errormessage.=$Lang::tr{'fwdfw err same'}; return $errormessage; } - + #get source and targetip address if possible my ($sip,$scidr,$tip,$tcidr); ($sip,$scidr)=&get_ip("src","grp1"); ($tip,$tcidr)=&get_ip("tgt","grp2"); - - - + #check same iprange in source and target if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){ - my $networkip1=&General::getnetworkip($sip,$scidr); my $networkip2=&General::getnetworkip($tip,$tcidr); if ($scidr gt $tcidr){ @@ -758,20 +741,19 @@ sub checkrule $errormessage.=$Lang::tr{'fwdfw err samesub'}; } }elsif($scidr eq $tcidr && $scidr eq '32'){ - my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(".",$networkip1); - my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(".",$networkip2); + my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(/\./,$networkip1); + my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(/\./,$networkip2); if ($sbyte1 eq $tbyte1 && $sbyte2 eq $tbyte2 && $sbyte3 eq $tbyte3){ $hint=$Lang::tr{'fwdfw hint ip1'}."
"; $hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr
"; } - }else{ if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){ $errormessage.=$Lang::tr{'fwdfw err samesub'}; } } } - + #check source and destination protocol if manual if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){ if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ @@ -790,7 +772,6 @@ sub checkrule } } } - } sub get_ip { @@ -841,7 +822,6 @@ sub get_ip } } } - return $a,$b; } sub newrule @@ -857,14 +837,11 @@ sub newrule &General::readhasharray("$configgrp", \%customgrp); &General::readhasharray("$configipsec", \%ipsecconf); &General::get_aliases(\%aliases); - - my %checked=(); my $helper; if($fwdfwsettings{'config'} eq ''){$fwdfwsettings{'config'}=$configfwdfw;} my $config=$fwdfwsettings{'config'}; my %hash=(); - $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED'; $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED'; $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED'; @@ -883,7 +860,6 @@ sub newrule $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected'; $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected'; $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected'; - #check if update and get values if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){ &General::readhasharray("$config", \%hash); @@ -916,7 +892,6 @@ sub newrule $fwdfwsettings{'TIME_SUN'} = $hash{$key}[25]; $fwdfwsettings{'TIME_FROM'} = $hash{$key}[26]; $fwdfwsettings{'TIME_TO'} = $hash{$key}[27]; - $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED'; $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED'; $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED'; @@ -948,9 +923,9 @@ sub newrule $fwdfwsettings{'ACTIVE'}='ON'; $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED'; } - + &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'}); - + print <
@@ -961,7 +936,7 @@ END if($fwdfwsettings{'POLICY'} eq 'MODE2'){ $fwdfwsettings{'RULE_ACTION'} = 'DROP'; } - + if ($_ eq $fwdfwsettings{'RULE_ACTION'}) { print""; @@ -974,19 +949,19 @@ END &Header::closebox(); &Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'}); - - + + #------SOURCE------------------------------------------------------- print< - + END - + #
$Lang::tr{'fwdfw sourceip'}
$Lang::tr{'fwhost stdnet'}
$Lang::tr{'fwhost cust grp'}
$Lang::tr{'fwhost ipsec host'}
- - - END - #
$Lang::tr{'fwdfw use srcport'} $Lang::tr{'fwdfw man port'}
$Lang::tr{'fwdfw targetip'}IPFire ($Lang::tr{'external access'})
$Lang::tr{'fwhost stdnet'}$Lang::tr{'fwhost ccdnet'}
$Lang::tr{'fwhost cust net'}
$Lang::tr{'fwhost cust grp'}
$Lang::tr{'fwhost ipsec host'}
$Lang::tr{'fwhost attention'}:
$Lang::tr{'fwhost macwarn'}

- +
$Lang::tr{'fwdfw use srv'}$Lang::tr{'fwhost cust service'}
$Lang::tr{'fwdfw man port'}


- + END #---Activate/logging/remark------------------------------------- &Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'}); print< - $Lang::tr{'remark'}: + $Lang::tr{'remark'}: $Lang::tr{'fwdfw rule activate'} $Lang::tr{'fwdfw log rule'}

@@ -1281,7 +1246,6 @@ END $Lang::tr{'time'}: $Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'} - $Lang::tr{'advproxy from'} $Lang::tr{'advproxy to'} @@ -1296,7 +1260,6 @@ END - -
-
END } @@ -1354,7 +1315,6 @@ END } sub saverule { - my $hash=shift; my $config=shift; &General::readhasharray("$config", $hash); @@ -1455,7 +1415,7 @@ sub get_name foreach my $network (sort keys %defaultNetworks) { return "$network" if ($val eq $defaultNetworks{$network}{'NAME'}); - } + } } sub validremark { @@ -1464,16 +1424,16 @@ sub validremark # Each part should be at least two characters in length # but no more than 63 characters - if (length ($remark) < 1 || length ($remark) > 63) { + if (length ($remark) < 1 || length ($remark) > 255) { return 0;} # Only valid characters are a-z, A-Z, 0-9 and - - if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-\s]*$/) { + if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-.:\/\s]*$/) { return 0;} # First character can only be a letter or a digit if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÖÄÜ0-9]*$/) { return 0;} # Last character can only be a letter or a digit - if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9]*$/) { + if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9.]*$/) { return 0;} return 1; } @@ -1493,7 +1453,7 @@ sub gettgtport my $key=shift; my $service; my $prot; - + if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){ if($hash{$key}[14] eq 'cust_srv'){ &General::readhasharray("$configsrv", \%customservice); @@ -1505,7 +1465,7 @@ sub gettgtport } } }elsif($hash{$key}[14] eq 'cust_srvgrp'){ - + $service=$hash{$key}[15]; }elsif($hash{$key}[14] eq 'TGT_PORT'){ $service=$hash{$key}[15]; @@ -1514,7 +1474,7 @@ sub gettgtport }elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){ print" : ($hash{$key}[12])
$hash{$key}[13]"; } - + if ($prot ne '' || $service ne ''){ print" :"; if ($prot ne ''){ @@ -1534,7 +1494,7 @@ sub viewtablenew my $config=shift; my $title=shift; my $title1=shift; - + if ( ! -z "$config"){ &Header::openbox('100%', 'left',$title); my $count=0; @@ -1547,8 +1507,8 @@ sub viewtablenew &General::readhasharray("$config", $hash); print"$title1
"; print""; - print""; - foreach my $key (sort keys %$hash){ + print""; + foreach my $key (sort {$a <=> $b} keys %$hash){ @tmpsrc=(); #check if vpn hosts/nets have been deleted if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){ @@ -1557,14 +1517,12 @@ sub viewtablenew if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /ovpn/i){ push (@tmpsrc,$$hash{$key}[6]); } - foreach my $host (@tmpsrc){ if($$hash{$key}[3] eq 'ipsec_net_src' || $$hash{$key}[5] eq 'ipsec_net_tgt'){ - if(&fwlib::get_ipsec_net_ip($host,11) eq ''){ + if(&fwlib::get_ipsec_net_ip($host,11) eq ''){ $coloryellow='on'; &disable_rule($key); $$hash{$key}[2]=''; - } }elsif($$hash{$key}[3] eq 'ovpn_net_src' || $$hash{$key}[5] eq 'ovpn_net_tgt'){ if(&fwlib::get_ovpn_net_ip($host,1) eq ''){ @@ -1588,10 +1546,8 @@ sub viewtablenew $$hash{$key}[3]=''; $$hash{$key}[5]=''; } - $$hash{'ACTIVE'}=$$hash{$key}[2]; $count++; - if($coloryellow eq 'on'){ print""; $coloryellow=''; @@ -1603,7 +1559,6 @@ sub viewtablenew print""; } } - print<$key END @@ -1635,9 +1590,8 @@ END } print< -
- - - - - "; } - if (exists $$hash{$key+1}){ print< @@ -1728,9 +1676,7 @@ END if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});} if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});} if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});} - my $weekdays=join(",",@days); - if (@days){ print"
#$Lang::tr{'fwdfw source'}Log$Lang::tr{'fwdfw target'}$Lang::tr{'remark'}$Lang::tr{'fwdfw action'}
#$Lang::tr{'fwdfw source'}Log$Lang::tr{'fwdfw target'}$Lang::tr{'remark'}$Lang::tr{'fwdfw action'}
+ @@ -1645,7 +1599,7 @@ END END print< + END if ($$hash{$key}[5] eq 'std_net_tgt'){ print &get_name($$hash{$key}[6]); @@ -1661,7 +1615,6 @@ END }else{ $gif="/images/off.gif" - } print< @@ -1670,22 +1623,18 @@ END
@@ -1705,7 +1654,6 @@ END }else{ print"
$Lang::tr{'fwdfw time'} "; print"$weekdays"; @@ -1741,21 +1687,19 @@ END print"
"; &Header::closebox(); } - } sub fillselect { my %hash=%{(shift)}; my $val=shift; my $key; - foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash) - { - if($hash{$key}[0] eq $val){ - print""; - }else{ - print""; - } + foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ + if($hash{$key}[0] eq $val){ + print""; + }else{ + print""; } + } } sub rules {