X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fforwardfw.cgi;h=9f89fe7feac9dc3e91e92bcb5466b2ec77a9e326;hp=8f6ca585e8f3419742eb1901963b833c7e5995f8;hb=cd9d9d8a13405e380ad0422d2b47f48d9ef1f8a4;hpb=7bd9d462de4035d508b108ab0bedc3fda87e1326 diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi index 8f6ca585e..9f89fe7fe 100755 --- a/html/cgi-bin/forwardfw.cgi +++ b/html/cgi-bin/forwardfw.cgi @@ -133,6 +133,7 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') } #INPUT part if($fwdfwsettings{'grp2'} eq 'ipfire'){ + $fwdfwsettings{'config'}=$configinput; $fwdfwsettings{'chain'} = 'INPUTFW'; my $maxkey=&General::findhasharraykey(\%configinputfw); #check if we have an identical rule already @@ -206,6 +207,7 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}
"; }else{ #FORWARD PART + $fwdfwsettings{'config'}=$configfwdfw; $fwdfwsettings{'chain'} = 'FORWARDFW'; my $maxkey=&General::findhasharraykey(\%configfwdfw); if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){ @@ -524,14 +526,16 @@ sub base &hint; &addrule; &p2pblock; - &Header::openbox('100%', 'center', 'Policy'); + &Header::openbox('100%', 'center', $Lang::tr{'fwdfw pol title'}); print < - - - +
$Lang::tr{'mode'} 1:$Lang::tr{'outgoing firewall mode1'}
$Lang::tr{'mode'} 2:$Lang::tr{'outgoing firewall mode2'}
+ + - "; foreach my $key (sort {$a <=> $b} keys %$hash){ #check if we have a FORWARDFW OR DMZ RULE - if ($title1 eq 'DMZ' && ($$hash{$key}[4] ne 'ORANGE' && $$hash{$key}[6] ne 'ORANGE')){next;} - if ($title1 eq 'Forward' && ($$hash{$key}[4] eq 'ORANGE' || $$hash{$key}[6] eq 'ORANGE')){next;} + if ($title1 eq 'DMZ' && ($$hash{$key}[4] ne 'ORANGE')){next;} + if ($title1 eq 'WLAN' && ($$hash{$key}[4] ne 'BLUE')){next;} + if ($title1 eq 'Forward' && ($$hash{$key}[4] eq 'ORANGE' || $$hash{$key}[4] eq 'BLUE')){next;} @tmpsrc=(); #check if vpn hosts/nets have been deleted if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){ @@ -1999,7 +2015,9 @@ sub rules sub reread_rules { system("/usr/local/bin/forwardfwctrl"); - system("rm ${General::swroot}/forward/reread"); + if ( -f "${General::swroot}/forward/reread"){ + system("rm ${General::swroot}/forward/reread"); + } } &Header::closebigbox(); &Header::closepage();
$Lang::tr{'fwdfw pol text'}
+
END @@ -548,7 +552,7 @@ sub addrule print ""; print ""; if (-f "${General::swroot}/forward/reread"){ - print ""; + print ""; } print"
$Lang::tr{'fwhost reread'}
"; @@ -731,12 +735,12 @@ sub checktarget $ip=&General::ip2dec($ip); $ip=&General::dec2ip($ip); - #check if net or broadcast - my @tmp= split (/\./,$ip); - if (($tmp[3] eq "0") || ($tmp[3] eq "255")) - { - $errormessage=$Lang::tr{'fwhost err hostip'}."
"; - } + ##check if net or broadcast + #my @tmp= split (/\./,$ip); + #if ($tmp[3] eq "0" || ($tmp[3] eq "255")) + #{ + #$errormessage=$Lang::tr{'fwhost err hostip'}."
"; + #} $fwdfwsettings{'tgt_addr'}="$ip/$subnet"; if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){ @@ -865,7 +869,7 @@ sub checkrule my $networkip1=&General::getnetworkip($sip,$scidr); my $networkip2=&General::getnetworkip($tip,$tcidr); if ($scidr gt $tcidr){ - if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr)) ){ + if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr))){ $errormessage.=$Lang::tr{'fwdfw err samesub'}; } }elsif($scidr eq $tcidr && $scidr eq '32'){ @@ -884,9 +888,7 @@ sub checkrule #check source and destination protocol if manual if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){ - - - if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ + if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ $errormessage.=$Lang::tr{'fwdfw err prot'}; } #check source and destination protocol if source manual and dest servicegrp @@ -1544,7 +1546,7 @@ sub saverule } } &General::writehasharray("$config", $hash); - if($fwdfwsettings{'oldrulenumber'} gt $fwdfwsettings{'rulepos'}){ + if($fwdfwsettings{'oldrulenumber'} > $fwdfwsettings{'rulepos'}){ my %tmp=(); my $val=$fwdfwsettings{'oldrulenumber'}-$fwdfwsettings{'rulepos'}; for (my $z=0;$z<$val;$z++){ @@ -1571,7 +1573,7 @@ sub saverule } &General::writehasharray("$config", $hash); &rules; - }elsif($fwdfwsettings{'rulepos'} gt $fwdfwsettings{'oldrulenumber'}){ + }elsif($fwdfwsettings{'rulepos'} > $fwdfwsettings{'oldrulenumber'}){ my %tmp=(); my $val=$fwdfwsettings{'rulepos'}-$fwdfwsettings{'oldrulenumber'}; for (my $z=0;$z<$val;$z++){ @@ -1703,16 +1705,20 @@ sub get_serviceports $protocols=$customservice{$key}[2]; } } - }elsif($type eq 'group'){ foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) } keys %customservicegrp){ if ($customservicegrp{$key}[0] eq $name){ - if($customservicegrp{$key}[4] eq 'TCP'){$tcp='TCP';}else{$udp='UDP';} + foreach my $key1 (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){ + if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){ + if($customservice{$key1}[2] eq 'TCP'){$tcp='TCP';}else{$udp='UDP';} + } + } } } } - if($tcp){$protocols.="TCP";} - if($udp){$protocols.=",UDP";} + if($tcp && $udp){$protocols="TCP,UDP"; + }elsif($tcp){$protocols.="TCP"; + }elsif($udp){$protocols.="UDP";} return $protocols; } sub viewtablerule @@ -1720,6 +1726,7 @@ sub viewtablerule &viewtablenew(\%configfwdfw,$configfwdfw,$Lang::tr{'fwdfw rules'},"Forward" ); &viewtablenew(\%configfwdfw,$configfwdfw,'',"DMZ" ); + &viewtablenew(\%configfwdfw,$configfwdfw,'',"WLAN" ); &viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'external access'} ); } sub viewtablenew @@ -1733,9 +1740,17 @@ sub viewtablenew #check if there are DMZ entries if ($title1 eq 'DMZ'){ foreach my $key (keys %$hash){ - if ($$hash{$key}[4] eq 'ORANGE' || $$hash{$key}[6] eq 'ORANGE'){$go='on';} + if ($$hash{$key}[4] eq 'ORANGE'){$go='on';last} + } + }elsif($title1 eq 'WLAN'){ + foreach my $key (keys %$hash){ + if ($$hash{$key}[4] eq 'BLUE'){$go='on';last} } - }elsif( ! -z "$config" ){ + }elsif($title1 eq 'Forward'){ + foreach my $key (keys %$hash){ + if (($$hash{$key}[4] ne 'ORANGE' && $$hash{$key}[4] ne 'BLUE')){$go='on';last} + } + }elsif( ! -z $config){ $go='on'; } if($go ne ''){ @@ -1752,8 +1767,9 @@ sub viewtablenew print"
#$Lang::tr{'fwdfw source'}Log$Lang::tr{'fwdfw target'}$Lang::tr{'protocol'}$Lang::tr{'remark'}$Lang::tr{'fwdfw action'}