X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fforwardfw.cgi;h=c16fd0ade785a7dcc244faae05f937f20ab7a7f9;hp=584f7f093adc6702ecd95ad3fcd0c90e83165788;hb=e6e9a8117677eca8319982ce56aa72e93c9b407e;hpb=ed618226bb7f03b3a12155d8f2d1bcdb58adb566 diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi index 584f7f093..c16fd0ade 100755 --- a/html/cgi-bin/forwardfw.cgi +++ b/html/cgi-bin/forwardfw.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2012 # +# Copyright (C) 2013 Alexander Marx # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -18,19 +18,9 @@ # along with this program. If not, see . # # # ############################################################################### -# # -# Hi folks! I hope this code is useful for all. I needed something to handle # -# my VPN Connections in a comfortable way. As a prerequisite i needed # -# something that makes sure the vpn roadwarrior are able to have a fixed # -# ip-address. So i developed the ccd extension for the vpn server. # -# # -# Now that the ccd extension is ready i am able to develop the main request. # -# Any feedback is appreciated. # -# # -#Copymaster # -############################################################################### use strict; +use Sort::Naturally; no warnings 'uninitialized'; # enable only the following on debugging purpose #use warnings; @@ -46,8 +36,6 @@ unless (-e "${General::swroot}/forward/settings") { system("touch ${General::s unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); } unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); } unless (-e "${General::swroot}/forward/outgoing") { system("touch ${General::swroot}/forward/outgoing"); } -unless (-e "${General::swroot}/forward/dmz") { system("touch ${General::swroot}/forward/dmz"); } -unless (-e "${General::swroot}/forward/nat") { system("touch ${General::swroot}/forward/nat"); } my %fwdfwsettings=(); my %selected=() ; @@ -64,8 +52,6 @@ my %ccdhost=(); my %configfwdfw=(); my %configinputfw=(); my %configoutgoingfw=(); -my %configdmzfw=(); -my %confignatfw=(); my %ipsecconf=(); my %color=(); my %mainsettings=(); @@ -77,7 +63,6 @@ my %aliases=(); my %optionsfw=(); my %ifaces=(); -my $VERSION='0.9.9.3'; my $color; my $confignet = "${General::swroot}/fwhosts/customnetworks"; my $confighost = "${General::swroot}/fwhosts/customhosts"; @@ -91,8 +76,6 @@ my $configipsecrw = "${General::swroot}/vpn/settings"; my $configfwdfw = "${General::swroot}/forward/config"; my $configinput = "${General::swroot}/forward/input"; my $configoutgoing = "${General::swroot}/forward/outgoing"; -my $configdmz = "${General::swroot}/forward/dmz"; -my $confignat = "${General::swroot}/forward/nat"; my $configovpn = "${General::swroot}/ovpn/settings"; my $fwoptions = "${General::swroot}/optionsfw/settings"; my $ifacesettings = "${General::swroot}/ethernet/settings"; @@ -107,33 +90,75 @@ my @protocols; &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); &General::readhash($fwoptions, \%optionsfw); &General::readhash($ifacesettings, \%ifaces); - +&General::readhash("$configovpn", \%ovpnsettings); +&General::readhash("$configipsecrw", \%ipsecsettings); +&General::readhasharray("$configipsec", \%ipsecconf); &Header::showhttpheaders(); &Header::getcgihash(\%fwdfwsettings); &Header::openpage($Lang::tr{'fwdfw menu'}, 1, ''); &Header::openbigbox('100%', 'center',$errormessage); -#### ACTION ##### - -if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'save'}) +#### JAVA SCRIPT #### +print< + \$(document).ready(function() { + // Automatically select radio buttons when corresponding + // dropdown menu changes. + \$("select").change(function() { + var id = \$(this).attr("name"); + //When using SNAT or DNAT, check "USE NAT" Checkbox + if ( id === 'snat' || id === 'dnat') { + \$('#USE_NAT').prop('checked', true); + } + \$('#' + id).prop("checked", true); + }); + }); +function checkradio(a){ + \$(a).attr('checked', true); +} +function toggle_elements( id ) { + if(document.getElementById(id).style.display== "none") + { + document.getElementById(id).style.display='block'; + } + else{ + document.getElementById(id).style.display='none'; + } + return true; +} +function hide_elements() { - my $MODE = $fwdfwsettings{'POLICY'}; - my $MODE1 = $fwdfwsettings{'POLICY1'}; - %fwdfwsettings = (); - $fwdfwsettings{'POLICY'} = "$MODE"; - $fwdfwsettings{'POLICY1'} = "$MODE1"; - &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); - &reread_rules; + var elementNames = hide_elements.arguments; + for (var i=0; i +END + +#### ACTION ##### + if ($fwdfwsettings{'ACTION'} eq 'saverule') { &General::readhasharray("$configfwdfw", \%configfwdfw); &General::readhasharray("$configinput", \%configinputfw); &General::readhasharray("$configoutgoing", \%configoutgoingfw); - &General::readhasharray("$confignat", \%confignatfw); $errormessage=&checksource; if(!$errormessage){&checktarget;} if(!$errormessage){&checkrule;} - #check if manual ip (source) is orange network if ($fwdfwsettings{'grp1'} eq 'src_addr'){ my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}}); @@ -146,132 +171,19 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') $errormessage.=$Lang::tr{'fwdfw useless rule'}."
"; } #check if we try to break rules - if( $fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' && $fwdfwsettings{'grp2'} eq 'ipfire'){ - $errormessage.=$Lang::tr{'fwdfw err same'}; - } - #NAT-Part - if ($fwdfwsettings{'USE_NAT'} eq 'ON'){ - $fwdfwsettings{'config'}=$confignat; - if ($fwdfwsettings{'nat'} eq 'dnat'){ - $fwdfwsettings{'chain'} = 'NAT_DESTINATION'; - }else{ - $fwdfwsettings{'chain'} = 'NAT_SOURCE'; - } - my $maxkey=&General::findhasharraykey(\%confignatfw); - #check if we have an identical rule already - if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){ - foreach my $key (sort keys %confignatfw){ - if ("$confignatfw{$key}[0],$confignatfw{$key}[1],$confignatfw{$key}[2],$confignatfw{$key}[3],$confignatfw{$key}[4],$confignatfw{$key}[5],$confignatfw{$key}[6],$confignatfw{$key}[11],$confignatfw{$key}[12],$confignatfw{$key}[14],$confignatfw{$key}[15],$confignatfw{$key}[28],$confignatfw{$key}[29],$confignatfw{$key}[30],$confignatfw{$key}[31]" - eq "$fwdfwsettings{'RULE_ACTION'},NAT_DESTINATION,$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"){ - $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; - if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' ){ - $errormessage=''; - }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ - $errormessage=$Lang::tr{'fwdfw err remark'}."
"; - } - if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){ - $fwdfwsettings{'nosave'} = 'on'; - } - } - } - } - - #check Rulepos on new Rule - if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){ - $fwdfwsettings{'oldrulenumber'}=$maxkey; - foreach my $key (sort keys %confignatfw){ - #print"$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'snatport'},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}
"; - #print"$confignatfw{$key}[0],$confignatfw{$key}[2],$confignatfw{$key}[3],$confignatfw{$key}[4],$confignatfw{$key}[5],$confignatfw{$key}[6],$confignatfw{$key}[7],$confignatfw{$key}[8],$confignatfw{$key}[9],$confignatfw{$key}[10],$confignatfw{$key}[11],$confignatfw{$key}[12],$confignatfw{$key}[13],$confignatfw{$key}[14],$confignatfw{$key}[15],$confignatfw{$key}[17],$confignatfw{$key}[19],$confignatfw{$key}[20],$confignatfw{$key}[21],$confignatfw{$key}[22],$confignatfw{$key}[23],$confignatfw{$key}[24],$confignatfw{$key}[25],$confignatfw{$key}[26],$confignatfw{$key}[27],$confignatfw{$key}[28],$confignatfw{$key}[29],$confignatfw{$key}[30],$confignatfw{$key}[31],$confignatfw{$key}[32]
"; - if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'snatport'},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}" - eq "$confignatfw{$key}[0],$confignatfw{$key}[2],$confignatfw{$key}[3],$confignatfw{$key}[4],$confignatfw{$key}[5],$confignatfw{$key}[6],$confignatfw{$key}[7],$confignatfw{$key}[8],$confignatfw{$key}[9],$confignatfw{$key}[10],$confignatfw{$key}[11],$confignatfw{$key}[12],$confignatfw{$key}[13],$confignatfw{$key}[14],$confignatfw{$key}[15],$confignatfw{$key}[17],$confignatfw{$key}[19],$confignatfw{$key}[20],$confignatfw{$key}[21],$confignatfw{$key}[22],$confignatfw{$key}[23],$confignatfw{$key}[24],$confignatfw{$key}[25],$confignatfw{$key}[26],$confignatfw{$key}[27],$confignatfw{$key}[28],$confignatfw{$key}[29],$confignatfw{$key}[30],$confignatfw{$key}[31],$confignatfw{$key}[32]"){ - $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; - } - } - } - #check if we just close a rule - if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}) { - if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){ - $errormessage=''; - $fwdfwsettings{'nosave2'} = 'on'; - } - } - &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); - if ($fwdfwsettings{'nobase'} ne 'on'){ - &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); - } - if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0); - }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - } - if($fwdfwsettings{'nosave2'} ne 'on'){ - &saverule(\%confignatfw,$confignat); - } - #DMZ-Part - }elsif ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on'){ - $fwdfwsettings{'config'}=$configdmz; - $fwdfwsettings{'chain'} = 'FORWARDFW'; - my $maxkey=&General::findhasharraykey(\%configdmzfw); - #check if we have an identical rule already - if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){ - foreach my $key (sort keys %configdmzfw){ - if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" - eq "$configdmzfw{$key}[0],$configdmzfw{$key}[2],$configdmzfw{$key}[3],$configdmzfw{$key}[4],$configdmzfw{$key}[5],$configdmzfw{$key}[6],$configdmzfw{$key}[7],$configdmzfw{$key}[8],$configdmzfw{$key}[9],$configdmzfw{$key}[10],$configdmzfw{$key}[11],$configdmzfw{$key}[12],$configdmzfw{$key}[13],$configdmzfw{$key}[14],$configdmzfw{$key}[15],$configdmzfw{$key}[17],$configdmzfw{$key}[18],$configdmzfw{$key}[19],$configdmzfw{$key}[20],$configdmzfw{$key}[21],$configdmzfw{$key}[22],$configdmzfw{$key}[23],$configdmzfw{$key}[24],$configdmzfw{$key}[25],$configdmzfw{$key}[26],$configdmzfw{$key}[27]"){ - $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; - if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' ){ - $errormessage=''; - }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ - $errormessage=$Lang::tr{'fwdfw err remark'}."
"; - } - if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){ - $fwdfwsettings{'nosave'} = 'on'; - } - } - } - } - #check Rulepos on new Rule - if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){ - $fwdfwsettings{'oldrulenumber'}=$maxkey; - foreach my $key (sort keys %configdmzfw){ - if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" - eq "$configdmzfw{$key}[0],$configdmzfw{$key}[2],$configdmzfw{$key}[3],$configdmzfw{$key}[4],$configdmzfw{$key}[5],$configdmzfw{$key}[6],$configdmzfw{$key}[7],$configdmzfw{$key}[8],$configdmzfw{$key}[9],$configdmzfw{$key}[10],$configdmzfw{$key}[11],$configdmzfw{$key}[12],$configdmzfw{$key}[13],$configdmzfw{$key}[14],$configdmzfw{$key}[15],$configdmzfw{$key}[17],$configdmzfw{$key}[18],$configdmzfw{$key}[19],$configdmzfw{$key}[20],$configdmzfw{$key}[21],$configdmzfw{$key}[22],$configdmzfw{$key}[23],$configdmzfw{$key}[24],$configdmzfw{$key}[25],$configdmzfw{$key}[26],$configdmzfw{$key}[27]"){ - $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; - } - } - } - #check if we just close a rule - if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}) { - if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){ - $errormessage=''; - $fwdfwsettings{'nosave2'} = 'on'; - } - } - &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); - if ($fwdfwsettings{'nobase'} ne 'on'){ - &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); - } - if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0); - }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - } - if($fwdfwsettings{'nosave2'} ne 'on'){ - &saverule(\%configdmzfw,$configdmz); - } + if( $fwdfwsettings{'grp1'} eq 'ipfire_src' && $fwdfwsettings{'grp2'} eq 'ipfire'){ + $errormessage=$Lang::tr{'fwdfw err same'}; + } #INPUT part - }elsif($fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE'){ + if($fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE'){ $fwdfwsettings{'config'}=$configinput; $fwdfwsettings{'chain'} = 'INPUTFW'; my $maxkey=&General::findhasharraykey(\%configinputfw); #check if we have an identical rule already if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){ foreach my $key (sort keys %configinputfw){ - if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" - eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27]"){ + if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}" + eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27],$configinputfw{$key}[28],$configinputfw{$key}[29],$configinputfw{$key}[30],$configinputfw{$key}[31]"){ $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on'){ $errormessage=''; @@ -288,8 +200,8 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){ $fwdfwsettings{'oldrulenumber'}=$maxkey; foreach my $key (sort keys %configinputfw){ - if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" - eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27]"){ + if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}" + eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27],$configinputfw{$key}[28],$configinputfw{$key}[29],$configinputfw{$key}[30],$configinputfw{$key}[31]"){ $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; } } @@ -301,50 +213,31 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') $fwdfwsettings{'nosave2'} = 'on'; } } - &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); - if ($fwdfwsettings{'nobase'} ne 'on'){ - &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); - } - if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0); - }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + if (!$errormessage){ + &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); + if ($fwdfwsettings{'nobase'} ne 'on'){ + &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); + } + if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { + &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0); + }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ + &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + } + if($fwdfwsettings{'nosave2'} ne 'on'){ + &saverule(\%configinputfw,$configinput); + } } - if($fwdfwsettings{'nosave2'} ne 'on'){ - &saverule(\%configinputfw,$configinput); - } - #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; - #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}
"; - #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; - #print "Dienst: $fwdfwsettings{'USESRV'}, $fwdfwsettings{'grp3'} -> $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; - #print "BEMERKUNG: $fwdfwsettings{'ruleremark'}
"; - #print " Regel AKTIV: $fwdfwsettings{'ACTIVE'}
"; - #print " Regel LOG: $fwdfwsettings{'LOG'}
"; - #print " ZEITRAHMEN: $fwdfwsettings{'TIME'}
"; - #print " MO: $fwdfwsettings{'TIME_MON'}
"; - #print " DI: $fwdfwsettings{'TIME_TUE'}
"; - #print " MI: $fwdfwsettings{'TIME_WED'}
"; - #print " DO: $fwdfwsettings{'TIME_THU'}
"; - #print " FR: $fwdfwsettings{'TIME_FRI'}
"; - #print " SA: $fwdfwsettings{'TIME_SAT'}
"; - #print " SO: $fwdfwsettings{'TIME_SUN'}
"; - #print " VON: $fwdfwsettings{'TIME_FROM'} bis $fwdfwsettings{'TIME_TO'}
"; - #print "
"; - #print"ALT: $fwdfwsettings{'oldgrp1a'} $fwdfwsettings{'oldgrp1b'} NEU: $fwdfwsettings{'grp1'} $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; - #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; - #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; - #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}
"; - }elsif($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' ){ - # OUTGOING PART + }elsif($fwdfwsettings{'grp1'} eq 'ipfire_src' ){ + # OUTGOING PART $fwdfwsettings{'config'}=$configoutgoing; $fwdfwsettings{'chain'} = 'OUTGOINGFW'; my $maxkey=&General::findhasharraykey(\%configoutgoingfw); if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){ foreach my $key (sort keys %configoutgoingfw){ - if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" - eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27]"){ + if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}" + eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29],$configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31]"){ $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on'){ $errormessage=''; @@ -362,8 +255,8 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') print"CHECK OUTGOING DOPPELTE REGEL
"; $fwdfwsettings{'oldrulenumber'}=$maxkey; foreach my $key (sort keys %configoutgoingfw){ - if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" - eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27]"){ + if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}" + eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29],$configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31]"){ $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; } } @@ -376,20 +269,22 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') } } #increase counters - &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); - &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); - if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0); - }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - } - if ($fwdfwsettings{'nobase'} eq 'on'){ - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - } - if ($fwdfwsettings{'nosave2'} ne 'on'){ - &saverule(\%configoutgoingfw,$configoutgoing); + if (!$errormessage){ + &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); + &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); + if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { + &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0); + }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ + &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + } + if ($fwdfwsettings{'nobase'} eq 'on'){ + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + } + if ($fwdfwsettings{'nosave2'} ne 'on'){ + &saverule(\%configoutgoingfw,$configoutgoing); + } } }else{ #FORWARD PART @@ -399,8 +294,8 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){ #check if we have an identical rule already foreach my $key (sort keys %configfwdfw){ - if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" - eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[17],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){ + if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}" + eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31]"){ $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' ){ $errormessage=''; @@ -417,56 +312,37 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){ $fwdfwsettings{'oldrulenumber'}=$maxkey; foreach my $key (sort keys %configfwdfw){ - if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" - eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[17],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){ + if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}" + eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31]"){ $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; } } } #check if we just close a rule - if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'} ) { + if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}) { if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){ $fwdfwsettings{'nosave2'} = 'on'; $errormessage=''; } } #increase counters - &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); - &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); - if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0); - }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ - &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - } - if ($fwdfwsettings{'nobase'} eq 'on'){ - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - } - if ($fwdfwsettings{'nosave2'} ne 'on'){ - &saverule(\%configfwdfw,$configfwdfw); - } - #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; - #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}
"; - #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; - #print "Dienst: $fwdfwsettings{'USESRV'}, $fwdfwsettings{'grp3'} -> $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; - #print "BEMERKUNG: $fwdfwsettings{'ruleremark'}
"; - #print " Regel AKTIV: $fwdfwsettings{'ACTIVE'}
"; - #print " Regel LOG: $fwdfwsettings{'LOG'}
"; - #print " ZEITRAHMEN: $fwdfwsettings{'TIME'}
"; - #print " MO: $fwdfwsettings{'TIME_MON'}
"; - #print " DI: $fwdfwsettings{'TIME_TUE'}
"; - #print " MI: $fwdfwsettings{'TIME_WED'}
"; - #print " DO: $fwdfwsettings{'TIME_THU'}
"; - #print " FR: $fwdfwsettings{'TIME_FRI'}
"; - #print " SA: $fwdfwsettings{'TIME_SAT'}
"; - #print " SO: $fwdfwsettings{'TIME_SUN'}
"; - #print " VON: $fwdfwsettings{'TIME_FROM'} bis $fwdfwsettings{'TIME_TO'}
"; - #print "
"; - #print"ALT: $fwdfwsettings{'oldgrp1a'} $fwdfwsettings{'oldgrp1b'} NEU: $fwdfwsettings{'grp1'} $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; - #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; - #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; - #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}
"; + if (!$errormessage){ + &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); + &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); + if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { + &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0); + }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ + &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + } + if ($fwdfwsettings{'nobase'} eq 'on'){ + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + } + if ($fwdfwsettings{'nosave2'} ne 'on'){ + &saverule(\%configfwdfw,$configfwdfw); + } + } } if ($errormessage){ &newrule; @@ -477,51 +353,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') &base; } } -if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'reset'}) -{ - if($fwdfwsettings{'poltype'} eq 'forward'){ - &General::readhasharray("$configfwdfw", \%configfwdfw); - foreach my $key (sort keys %configfwdfw){ - &checkcounter($configfwdfw{$key}[3],$configfwdfw{$key}[4],,); - &checkcounter($configfwdfw{$key}[5],$configfwdfw{$key}[6],,); - &checkcounter($configfwdfw{$key}[14],$configfwdfw{$key}[15],,); - } - #&General::readhasharray("$configinput", \%configinputfw); - #foreach my $key (sort keys %configinputfw){ - # &checkcounter($configinputfw{$key}[3],$configinputfw{$key}[4],,); - # &checkcounter($configinputfw{$key}[5],$configinputfw{$key}[6],,); - # &checkcounter($configinputfw{$key}[14],$configinputfw{$key}[15],,); - #} - - system("rm ${General::swroot}/forward/config"); - #system("rm ${General::swroot}/forward/input"); - &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); - unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); } - #unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); } - my $MODE1=$fwdfwsettings{'POLICY1'}; - %fwdfwsettings = (); - $fwdfwsettings{'POLICY'}='MODE2'; - $fwdfwsettings{'POLICY1'}=$MODE1; - &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); - &reread_rules; - }else{ - &General::readhasharray("$configoutgoing", \%configoutgoingfw); - foreach my $key (sort keys %configoutgoingfw){ - &checkcounter($configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],,); - &checkcounter($configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],,); - &checkcounter($configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],,); - } - system("rm ${General::swroot}/forward/outgoing"); - &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); - unless (-e "${General::swroot}/forward/outgoing") { system("touch ${General::swroot}/forward/outgoing"); } - my $MODE=$fwdfwsettings{'POLICY'}; - %fwdfwsettings = (); - $fwdfwsettings{'POLICY'}=$MODE; - $fwdfwsettings{'POLICY1'}='MODE2'; - &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); - &reread_rules; - } -} if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw newrule'}) { &newrule; @@ -579,10 +410,9 @@ if ($fwdfwsettings{'ACTION'} eq 'movedown') if ($fwdfwsettings{'ACTION'} eq 'copyrule') { $fwdfwsettings{'copyfwrule'}='on'; - #$fwdfwsettings{'updatefwrule'}='on'; &newrule; } -if ($fwdfwsettings{'ACTION'} eq '') +if ($fwdfwsettings{'ACTION'} eq '' or $fwdfwsettings{'ACTION'} eq 'reset') { &base; } @@ -591,9 +421,9 @@ sub addrule { &error; if (-f "${General::swroot}/forward/reread"){ - print "
    $Lang::tr{'fwhost reread'}

"; + print "
    $Lang::tr{'fwhost reread'}

"; } - &Header::openbox('100%', 'left', ""); + &Header::openbox('100%', 'left', $Lang::tr{'fwdfw menu'}); print "
"; print ""; print ""; @@ -603,45 +433,8 @@ sub addrule } sub base { - if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; } - if ($fwdfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; } - if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){ $selected{'POLICY1'}{'MODE1'} = 'selected'; } else { $selected{'POLICY1'}{'MODE1'} = ''; } - if ($fwdfwsettings{'POLICY1'} eq 'MODE2'){ $selected{'POLICY1'}{'MODE2'} = 'selected'; } else { $selected{'POLICY1'}{'MODE2'} = ''; } &hint; &addrule; - print "

"; - &Header::openbox('100%', 'center', $Lang::tr{'fwdfw pol title'}); -print < -
- - - - "; - print "
FORWARD
$Lang::tr{'fwdfw pol text'}
- - -END - print "$Lang::tr{'outgoing firewall reset'}:
"; - print"

"; - print < - - - - - "; - print "
OUTGOING
$Lang::tr{'fwdfw pol text1'}
- - -END - print "$Lang::tr{'outgoing firewall reset'}:
"; - &Header::closebox(); - print "

Version: $VERSION
"; } sub changerule { @@ -656,7 +449,6 @@ sub changerule sub checksource { my ($ip,$subnet); - #check ip-address if manual if ($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} ne ''){ #check if ip with subnet @@ -673,26 +465,29 @@ sub checksource } if ($fwdfwsettings{'isip'} ne 'on'){ - if (&General::validmac($fwdfwsettings{'src_addr'})){$fwdfwsettings{'ismac'}='on';} + if (&General::validmac($fwdfwsettings{'src_addr'})){ + $fwdfwsettings{'ismac'}='on'; + } } if ($fwdfwsettings{'isip'} eq 'on'){ + ##check if ip is valid + if (! &General::validip($ip)){ + $errormessage.=$Lang::tr{'fwdfw err src_addr'}."
"; + return $errormessage; + } #check and form valid IP $ip=&General::ip2dec($ip); $ip=&General::dec2ip($ip); #check if net or broadcast - my @tmp= split (/\./,$ip); - if (($tmp[3] eq "0") || ($tmp[3] eq "255")) - { - $errormessage=$Lang::tr{'fwhost err hostip'}."
"; - } $fwdfwsettings{'src_addr'}="$ip/$subnet"; - if(!&General::validipandmask($fwdfwsettings{'src_addr'})){ $errormessage.=$Lang::tr{'fwdfw err src_addr'}."
"; + return $errormessage; } } if ($fwdfwsettings{'isip'} ne 'on' && $fwdfwsettings{'ismac'} ne 'on'){ $errormessage.=$Lang::tr{'fwdfw err src_addr'}."
"; + return $errormessage; } }elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrcip'}; @@ -701,32 +496,6 @@ sub checksource #check empty fields if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}."
";} - #check icmp source - if ($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ICMP'){ - $fwdfwsettings{'SRC_PORT'}=''; - &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); - foreach my $key (keys %icmptypes){ - if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}[1])"){ - $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]"; - } - } - }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'GRE'){ - $fwdfwsettings{'SRC_PORT'}=''; - $fwdfwsettings{'ICMP_TYPES'}=''; - }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ESP'){ - $fwdfwsettings{'SRC_PORT'}=''; - $fwdfwsettings{'ICMP_TYPES'}=''; - }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'AH'){ - $fwdfwsettings{'SRC_PORT'}=''; - $fwdfwsettings{'ICMP_TYPES'}=''; - }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP'){ - $fwdfwsettings{'ICMP_TYPES'}=''; - }else{ - $fwdfwsettings{'ICMP_TYPES'}=''; - $fwdfwsettings{'SRC_PORT'}=''; - $fwdfwsettings{'PROT'}=''; - } - if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'SRC_PORT'} ne ''){ my @parts=split(",",$fwdfwsettings{'SRC_PORT'}); my @values=(); @@ -761,8 +530,8 @@ sub checksource } } $fwdfwsettings{'SRC_PORT'}=join("|",@values); - return $errormessage; } + return $errormessage; } sub checktarget { @@ -771,8 +540,9 @@ sub checktarget #check DNAT settings (has to be single Host and single Port or portrange) if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){ if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){ - if ($fwdfwsettings{'USESRV'} eq ''){ + if ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'dnatport'} eq ''){ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + return $errormessage; } #check if manual ip is a single Host (if set) if ($fwdfwsettings{'grp2'} eq 'tgt_addr'){ @@ -781,19 +551,23 @@ sub checktarget if (($tmp1[0] eq "0") || ($tmp1[0] eq "255")) { $errormessage=$Lang::tr{'fwdfw dnat error'}."
"; + return $errormessage; } } #check if Port is a single Port or portrange if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ - if(($fwdfwsettings{'TGT_PROT'} ne 'TCP'|| $fwdfwsettings{'TGT_PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){ + if(($fwdfwsettings{'PROT'} ne 'TCP'|| $fwdfwsettings{'PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + return $errormessage; } - if (($fwdfwsettings{'TGT_PROT'} eq 'TCP'|| $fwdfwsettings{'TGT_PROT'} eq 'UDP') && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PORT'})){ + if (($fwdfwsettings{'PROT'} eq 'TCP'|| $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PORT'})){ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + return $errormessage; } } }else{ $errormessage=$Lang::tr{'fwdfw dnat error'}."
"; + return $errormessage; } } if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){ @@ -807,13 +581,18 @@ sub checktarget $ip=$fwdfwsettings{'tgt_addr'}; $subnet='32'; } + #check if ip is valid + if (! &General::validip($ip)){ + $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."
"; + return $errormessage; + } #check and form valid IP $ip=&General::ip2dec($ip); $ip=&General::dec2ip($ip); - $fwdfwsettings{'tgt_addr'}="$ip/$subnet"; if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){ $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."
"; + return $errormessage; } }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgtip'}; @@ -826,20 +605,23 @@ sub checktarget if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ $fwdfwsettings{'TGT_PROT'}=''; $fwdfwsettings{'ICMP_TGT'}=''; + $fwdfwsettings{'TGT_PORT'}=''; } if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){ $fwdfwsettings{'TGT_PROT'}=''; $fwdfwsettings{'ICMP_TGT'}=''; + $fwdfwsettings{'TGT_PORT'}=''; #check target service if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err tgt_grp'}; } } if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){ - if ($fwdfwsettings{'TGT_PROT'} eq 'TCP' || $fwdfwsettings{'TGT_PROT'} eq 'UDP'){ + if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP'){ if ($fwdfwsettings{'TGT_PORT'} ne ''){ - if ($fwdfwsettings{'TGT_PORT'} =~ "," && $fwdfwsettings{'USE_NAT'}) { + if ($fwdfwsettings{'TGT_PORT'} =~ "," && $fwdfwsettings{'USE_NAT'} && $fwdfwsettings{'nat'} eq 'dnat') { $errormessage=$Lang::tr{'fwdfw dnat porterr'}."
"; + return $errormessage; } my @parts=split(",",$fwdfwsettings{'TGT_PORT'}); my @values=(); @@ -869,49 +651,40 @@ sub checktarget if (&General::validport($_)){ push (@values,$_); }else{ - } } } $fwdfwsettings{'TGT_PORT'}=join("|",@values); } - }elsif ($fwdfwsettings{'TGT_PROT'} eq 'GRE'){ + }elsif ($fwdfwsettings{'PROT'} eq 'GRE'){ $fwdfwsettings{$fwdfwsettings{'grp3'}} = ''; $fwdfwsettings{'TGT_PORT'} = ''; $fwdfwsettings{'ICMP_TGT'} = ''; - }elsif($fwdfwsettings{'TGT_PROT'} eq 'ESP'){ + }elsif ($fwdfwsettings{'PROT'} eq 'ESP'){ $fwdfwsettings{$fwdfwsettings{'grp3'}} = ''; $fwdfwsettings{'TGT_PORT'} = ''; $fwdfwsettings{'ICMP_TGT'}=''; - }elsif($fwdfwsettings{'TGT_PROT'} eq 'AH'){ + }elsif ($fwdfwsettings{'PROT'} eq 'AH'){ $fwdfwsettings{$fwdfwsettings{'grp3'}} = ''; $fwdfwsettings{'TGT_PORT'} = ''; $fwdfwsettings{'ICMP_TGT'}=''; - }elsif ($fwdfwsettings{'TGT_PROT'} eq 'ICMP'){ + }elsif ($fwdfwsettings{'PROT'} eq 'ICMP'){ $fwdfwsettings{$fwdfwsettings{'grp3'}} = ''; $fwdfwsettings{'TGT_PORT'} = ''; - &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); - foreach my $key (keys %icmptypes){ - - if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwdfwsettings{'ICMP_TGT'}){ - $fwdfwsettings{'ICMP_TGT'}=$icmptypes{$key}[0]; - } - } } } } - #check targetport if ($fwdfwsettings{'USESRV'} ne 'ON'){ $fwdfwsettings{'grp3'}=''; $fwdfwsettings{$fwdfwsettings{'grp3'}}=''; - $fwdfwsettings{'TGT_PROT'}=''; $fwdfwsettings{'ICMP_TGT'}=''; } #check timeframe if($fwdfwsettings{'TIME'} eq 'ON'){ if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && $fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && $fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && $fwdfwsettings{'TIME_SUN'} eq ''){ $errormessage=$Lang::tr{'fwdfw err time'}; + return $errormessage; } } return $errormessage; @@ -946,10 +719,9 @@ sub checkrule #if no port is given in nat area, take target host port if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$fwdfwsettings{'TGT_PORT'};} #check if port given in nat area is a single valid port or portrange - if($fwdfwsettings{'nat'} eq 'dnat' && !&check_natport($fwdfwsettings{'dnatport'})){ + if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'dnatport'})){ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; - } - elsif($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'grp3'} eq 'cust_srv'){ + }elsif($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'grp3'} eq 'cust_srv'){ my $custsrvport; #get servcie Protocol and Port foreach my $key (sort keys %customservice){ @@ -962,6 +734,42 @@ sub checkrule } if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$custsrvport;} } + #check if DNAT port is multiple + if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} ne ''){ + my @parts=split(",",$fwdfwsettings{'dnatport'}); + my @values=(); + foreach (@parts){ + chomp($_); + if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) { + my $check; + #change dashes with : + $_=~ tr/-/:/; + if ($_ eq "*") { + push(@values,"1:65535"); + $check='on'; + } + if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) { + push(@values,"1:$2"); + $check='on'; + } + if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/) { + push(@values,"$1:65535"); + $check='on' + } + $errormessage .= &General::validportrange($_, 'destination'); + if(!$check){ + push (@values,$_); + } + }else{ + if (&General::validport($_)){ + push (@values,$_); + }else{ + + } + } + } + $fwdfwsettings{'dnatport'}=join("|",@values); + } } #check valid remark if ($fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ @@ -969,7 +777,7 @@ sub checkrule } #check if source and target identical if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ALL'){ - $errormessage.=$Lang::tr{'fwdfw err same'}; + $errormessage=$Lang::tr{'fwdfw err same'}; return $errormessage; } #get source and targetip address if possible @@ -997,23 +805,69 @@ sub checkrule } } } - #check source and destination protocol if manual - if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){ - if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ - $errormessage.=$Lang::tr{'fwdfw err prot'}; - } - #check source and destination protocol if source manual and dest servicegrp - if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ - foreach my $key (sort keys %customservice){ - if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){ - if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){ - $errormessage.=$Lang::tr{'fwdfw err prot'}; - last; - } + #When using source- or targetport, the protocol has to be TCP or UDP + if (($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq 'ON') && ($fwdfwsettings{'SRC_PORT'} ne '' || $fwdfwsettings{'TGT_PORT'} ne '') && ($fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP')){ + $errormessage.=$Lang::tr{'fwdfw err prot_port1'}; + return; + } + #when icmp selected, no targetport allowed + if (($fwdfwsettings{'PROT'} ne '' && $fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP') && ($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq 'ON')){ + $errormessage.=$Lang::tr{'fwdfw err prot_port'}; + return; + } + #change protocol if prot not equal dest single service + if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ + foreach my $key (sort keys %customservice){ + if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){ + if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){ + $fwdfwsettings{'PROT'} = $customservice{$key}[2]; + last; } } } } + #check source and destination protocol if source manual and dest servicegroup + if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){ + $fwdfwsettings{'PROT'} = ''; + } + #ATTENTION: $fwdfwsetting{'TGT_PROT'} deprecated since 30.09.2013 + $fwdfwsettings{'TGT_PROT'}=''; #Set field empty (deprecated) + #Check ICMP Types + if ($fwdfwsettings{'PROT'} eq 'ICMP'){ + $fwdfwsettings{'USE_SRC_PORT'}=''; + $fwdfwsettings{'SRC_PORT'}=''; + #$fwdfwsettings{'USESRV'}=''; + $fwdfwsettings{'TGT_PORT'}=''; + &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); + foreach my $key (keys %icmptypes){ + if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}[1])"){ + $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]"; + } + } + }elsif($fwdfwsettings{'PROT'} eq 'GRE'){ + $fwdfwsettings{'USE_SRC_PORT'}=''; + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'ICMP_TYPES'}=''; + $fwdfwsettings{'USESRV'}=''; + $fwdfwsettings{'TGT_PORT'}=''; + }elsif($fwdfwsettings{'PROT'} eq 'ESP'){ + $fwdfwsettings{'USE_SRC_PORT'}=''; + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'ICMP_TYPES'}=''; + $fwdfwsettings{'USESRV'}=''; + $fwdfwsettings{'TGT_PORT'}=''; + }elsif($fwdfwsettings{'PROT'} eq 'AH'){ + $fwdfwsettings{'USE_SRC_PORT'}=''; + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'ICMP_TYPES'}=''; + $fwdfwsettings{'USESRV'}=''; + $fwdfwsettings{'TGT_PORT'}=''; + }elsif($fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP' && $fwdfwsettings{'PROT'} ne 'ICMP'){ + $fwdfwsettings{'ICMP_TYPES'}=''; + $fwdfwsettings{'PROT'} = ''; + }elsif($fwdfwsettings{'PROT'} ne 'ICMP'){ + $fwdfwsettings{'ICMP_TYPES'}=''; + } } sub checkcounter { @@ -1042,6 +896,32 @@ sub checkcounter }elsif($base2 eq 'cust_srvgrp'){ &inc_counter($configsrvgrp,\%customservicegrp,$val2); } +} +sub checkvpn +{ + my $ip=shift; + #Test if manual IP is part of static OpenVPN networks + &General::readhasharray("$configccdnet", \%ccdnet); + foreach my $key (sort keys %ccdnet){ + my ($vpnip,$vpnsubnet) = split ("/",$ccdnet{$key}[1]); + my $sub=&General::iporsubtodec($vpnsubnet); + if (&General::IpInSubnet($ip,$vpnip,$sub)){ + return 0; + } + } + # A Test if manual ip is part of dynamic openvpn subnet is made in getcolor + # because if one creates a custom host with the ip, we need to check the color there! + # It does not make sense to check this here + + # Test if manual IP is part of an OpenVPN N2N subnet does also not make sense here + # Is also checked in getcolor + + # Test if manual ip is part of an IPsec Network is also checked in getcolor + return 1; +} +sub checkvpncolor +{ + } sub deleterule { @@ -1095,7 +975,6 @@ sub dec_counter my %hash=%{(shift)}; my $val=shift; my $pos; - #$errormessage.="ALT:config: $config , verringert wird $val
"; &General::readhasharray($config, \%hash); foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ if($hash{$key}[0] eq $val){ @@ -1120,7 +999,7 @@ sub fillselect my %hash=%{(shift)}; my $val=shift; my $key; - foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ + foreach my $key (sort { ncmp($hash{$a}[0],$hash{$b}[0]) } keys %hash){ if($hash{$key}[0] eq $val){ print""; }else{ @@ -1151,38 +1030,47 @@ sub gen_dd_block $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED'; $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected'; $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected'; + $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected'; $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected'; print< - "; #custom networks if (! -z $confignet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){ - print""; } #custom hosts if (! -z $confighost || $optionsfw{'SHOWDROPDOWN'} eq 'on'){ - print""; } #custom groups if (! -z $configgrp || $optionsfw{'SHOWDROPDOWN'} eq 'on'){ - print"
$Lang::tr{'fwhost stdnet'}
$Lang::tr{'fwhost stdnet'}
$Lang::tr{'fwhost cust net'}
$Lang::tr{'fwhost cust net'}
$Lang::tr{'fwhost cust addr'}
$Lang::tr{'fwhost cust addr'}
$Lang::tr{'fwhost cust grp'}
$Lang::tr{'fwhost cust grp'}
"; # CCD networks if( ! -z $configccdnet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){ - print""; } #OVPN CCD Hosts - foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost){ + foreach my $key (sort { ncmp($ccdhost{$a}[0],$ccdhost{$b}[0]) } keys %ccdhost){ if ($ccdhost{$key}[33] ne '' ){ - print"" ; + print"" ; } if ($show eq '1'){$show='';print"";} #OVPN N2N - foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost){ + foreach my $key (sort { ncmp($ccdhost{$a}[1],$ccdhost{$b}[1]) } keys %ccdhost){ if ($ccdhost{$key}[3] eq 'net'){ - print"" ; + print"" ; } if ($show eq '1'){$show='';print"";} #IPsec netze - foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) { + foreach my $key (sort { ncmp($ipsecconf{$a}[1],$ipsecconf{$b}[1]) } keys %ipsecconf) { if ($ipsecconf{$key}[3] eq 'net' || $optionsfw{'SHOWDROPDOWN'} eq 'on'){ print""; + print""; } if ($show eq '1'){$show='';print"";} - print"
$Lang::tr{'fwhost ccdnet'}$Lang::tr{'fwhost ccdnet'}
$Lang::tr{'fwhost ccdhost'}
$Lang::tr{'fwhost ccdhost'}$Lang::tr{'fwhost ccdhost'}
$Lang::tr{'fwhost ccdhost'}
$Lang::tr{'fwhost ovpn_n2n'}:
$Lang::tr{'fwhost ovpn_n2n'}:$Lang::tr{'fwhost ovpn_n2n'}
$Lang::tr{'fwhost ovpn_n2n'}
$Lang::tr{'fwhost ipsec net'}
$Lang::tr{'fwhost ipsec net'}
$Lang::tr{'fwhost ipsec net'}
"; + print""; print"
"; } sub get_ip @@ -1310,7 +1198,7 @@ sub getsrcport { my %hash=%{(shift)}; my $key=shift; - if($hash{$key}[7] eq 'ON' && $hash{$key}[8] ne '' && $hash{$key}[10]){ + if($hash{$key}[7] eq 'ON' && $hash{$key}[10]){ $hash{$key}[10]=~ s/\|/,/g; print": $hash{$key}[10]"; }elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){ @@ -1340,8 +1228,6 @@ sub gettgtport if($service){ print": $service"; } - }elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){ - print":
$hash{$key}[13]"; } } sub get_serviceports @@ -1355,15 +1241,15 @@ sub get_serviceports my $icmp; @protocols=(); if($type eq 'service'){ - foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){ + foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){ if ($customservice{$key}[0] eq $name){ push (@protocols,$customservice{$key}[2]); } } }elsif($type eq 'group'){ - foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) } keys %customservicegrp){ + foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){ if ($customservicegrp{$key}[0] eq $name){ - foreach my $key1 (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){ + foreach my $key1 (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){ if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){ if($customservice{$key1}[2] eq 'TCP'){ $tcp='TCP'; @@ -1378,7 +1264,7 @@ sub get_serviceports } } if($tcp && $udp && $icmp){ - push (@protocols,"All"); + push (@protocols,"TCP,UDP,
ICMP"); return @protocols; } if($tcp){ @@ -1398,15 +1284,6 @@ sub getcolor my $val=shift; my $hash=shift; if($optionsfw{'SHOWCOLORS'} eq 'on'){ - #VPN networks - if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq 'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || $nettype eq 'ovpn_host_tgt'){ - $tdcolor="style='border: 1px solid $Header::colourovpn;'"; - return; - } - if ($nettype eq 'ipsec_net_src' || $nettype eq 'ipsec_net_tgt'){ - $tdcolor="style='border: 1px solid $Header::colourvpn;'"; - return; - } #custom Hosts if ($nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){ foreach my $key (sort keys %$hash){ @@ -1415,42 +1292,106 @@ sub getcolor } } } - #ALIASE - foreach my $alias (sort keys %aliases) - { - if ($val eq $alias){ - $tdcolor="style='border: 1px solid $Header::colourred;'"; - return; - } - } #standard networks if ($val eq 'GREEN'){ - $tdcolor="style='border: 1px solid $Header::colourgreen;'"; + $tdcolor="style='background-color: $Header::colourgreen;color:white;'"; + return; }elsif ($val eq 'ORANGE'){ - $tdcolor="style='border: 1px solid $Header::colourorange;'"; + $tdcolor="style='background-color: $Header::colourorange;color:white;'"; + return; }elsif ($val eq 'BLUE'){ - $tdcolor="style='border: 1px solid $Header::colourblue;'"; - }elsif ($val eq 'RED'){ - $tdcolor="style='border: 1px solid $Header::colourred;'"; + $tdcolor="style='background-color: $Header::colourblue;color:white;'"; + return; + }elsif ($val eq 'RED' ||$val eq 'RED1' ){ + $tdcolor="style='background-color: $Header::colourred;color:white;'"; + return; }elsif ($val eq 'IPFire' ){ - $tdcolor="style='border: 1px solid $Header::colourred;'"; + $tdcolor="style='background-color: $Header::colourred;color:white;'"; + return; }elsif($val =~ /^(.*?)\/(.*?)$/){ my ($sip,$scidr) = split ("/",$val); if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){ - $tdcolor="style='border: 1px solid $Header::colourorange;'"; + $tdcolor="style='background-color: $Header::colourorange;color:white;'"; + return; } if ( &General::IpInSubnet($sip,$netsettings{'GREEN_ADDRESS'},$netsettings{'GREEN_NETMASK'})){ - $tdcolor="style='border: 1px solid $Header::colourgreen;'"; + $tdcolor="style='background-color: $Header::colourgreen;color:white;'"; + return; } if ( &General::IpInSubnet($sip,$netsettings{'BLUE_ADDRESS'},$netsettings{'BLUE_NETMASK'})){ - $tdcolor="style='border: 1px solid $Header::colourblue;'"; + $tdcolor="style='background-color: $Header::colourblue;color:white;'"; + return; } }elsif ($val eq 'Default IP'){ - $tdcolor="style='border: 1px solid $Header::colourred;'"; - }else{ - $tdcolor=''; + $tdcolor="style='background-color: $Header::colourred;color:white;'"; + return; + } + #Check if a manual IP or custom host is part of a VPN + if ($nettype eq 'src_addr' || $nettype eq 'tgt_addr' || $nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){ + #Check if IP is part of OpenVPN dynamic subnet + my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'}); + my ($c,$d) = split("/",$val); + if (&General::IpInSubnet($c,$a,$b)){ + $tdcolor="style='background-color: $Header::colourovpn;color:white;'"; + return; + } + #Check if IP is part of OpenVPN static subnet + foreach my $key (sort keys %ccdnet){ + my ($a,$b) = split("/",$ccdnet{$key}[1]); + $b =&General::iporsubtodec($b); + if (&General::IpInSubnet($c,$a,$b)){ + $tdcolor="style='background-color: $Header::colourovpn;color:white;'"; + return; + } + } + #Check if IP is part of OpenVPN N2N subnet + foreach my $key (sort keys %ccdhost){ + if ($ccdhost{$key}[3] eq 'net'){ + my ($a,$b) = split("/",$ccdhost{$key}[11]); + if (&General::IpInSubnet($c,$a,$b)){ + $tdcolor="style='background-color: $Header::colourovpn;color:white;'"; + return; + } + } + } + #Check if IP is part of IPsec RW network + if ($ipsecsettings{'RW_NET'} ne ''){ + my ($a,$b) = split("/",$ipsecsettings{'RW_NET'}); + $b=&General::iporsubtodec($b); + if (&General::IpInSubnet($c,$a,$b)){ + $tdcolor="style='background-color: $Header::colourvpn;color:white;'"; + return; + } + } + #Check if IP is part of a IPsec N2N network + foreach my $key (sort keys %ipsecconf){ + my ($a,$b) = split("/",$ipsecconf{$key}[11]); + if (&General::IpInSubnet($c,$a,$b)){ + $tdcolor="style='background-color: $Header::colourvpn;color:white;'"; + return; + } + } + } + #VPN networks + if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq 'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || $nettype eq 'ovpn_host_tgt'){ + $tdcolor="style='background-color: $Header::colourovpn;color:white;'"; + return; + } + if ($nettype eq 'ipsec_net_src' || $nettype eq 'ipsec_net_tgt'){ + $tdcolor="style='background-color: $Header::colourvpn;color:white;'"; + return; + } + #ALIASE + foreach my $alias (sort keys %aliases) + { + if ($val eq $alias){ + $tdcolor="style='background-color:$Header::colourred;color:white;'"; + return; + } } } + $tdcolor=''; + return; } sub hint { @@ -1498,6 +1439,10 @@ sub newrule if($fwdfwsettings{'config'} eq ''){$fwdfwsettings{'config'}=$configfwdfw;} my $config=$fwdfwsettings{'config'}; my %hash=(); + #Get Red IP-ADDRESS + open (CONN1,"/var/ipfire/red/local-ipaddress"); + my $redip = ; + close(CONN1); $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED'; $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED'; $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED'; @@ -1517,6 +1462,7 @@ sub newrule $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected'; $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected'; $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected'; + $selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected'; #check if update and get values if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){ &General::readhasharray("$config", \%hash); @@ -1576,6 +1522,7 @@ sub newrule $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected'; $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected'; $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected'; + $selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected'; $selected{'dnat'}{$fwdfwsettings{$fwdfwsettings{'nat'}}} ='selected'; $selected{'snat'}{$fwdfwsettings{$fwdfwsettings{'nat'}}} ='selected'; } @@ -1589,11 +1536,7 @@ sub newrule $fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'}; $fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'}; $fwdfwsettings{'oldnat'}=$fwdfwsettings{'USE_NAT'}; - if ($fwdfwsettings{'config'} eq "${General::swroot}/forward/dmz"){ - $fwdfwsettings{'oldruletype'}='DMZ'; - }else{ - $fwdfwsettings{'oldruletype'}=$fwdfwsettings{'chain'}; - } + $fwdfwsettings{'oldruletype'}=$fwdfwsettings{'chain'}; #check if manual ip (source) is orange network if ($fwdfwsettings{'grp1'} eq 'src_addr'){ my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}}); @@ -1628,17 +1571,105 @@ sub newrule #------SOURCE------------------------------------------------------- print< - $Lang::tr{'fwdfw sourceip'} -
- + $Lang::tr{'fwdfw sourceip'}Firewall END - &gen_dd_block('src','grp1'); + print"$Lang::tr{'fwdfw use srcport'} - $Lang::tr{'fwdfw man port'}$Lang::tr{'fwdfw use nat'} +
+ + +END + print""; + $fwdfwsettings{'dnatport'}=~ tr/|/,/; + print""; + print""; + #SNAT + print""; + print"
$Lang::tr{'fwdfw dnat'}Firewall:
Port:

$Lang::tr{'fwdfw snat'}Firewall:
"; + print"

"; + if ($fwdfwsettings{'USE_NAT'} ne 'ON'){ + print""; + } + &Header::closebox(); + #---TARGET------------------------------------------------------ + &Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'}); + print< + $Lang::tr{'fwdfw targetip'}Firewall +END + print" END + if ($fwdfwsettings{'PROT'} eq ''){ + print""; + }else{ + print""; + } foreach ("TCP","UDP","GRE","ESP","AH","ICMP") { if ($_ eq $fwdfwsettings{'PROT'}) @@ -1648,14 +1679,13 @@ END print""; } } - $fwdfwsettings{'SRC_PORT'}=~ s/\|/,/g; + print""; print< - $Lang::tr{'fwhost icmptype'} END &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); print""; - foreach my $key (sort { uc($icmptypes{$a}[0]) cmp uc($icmptypes{$b}[0]) } keys %icmptypes){ + foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){ if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){ print""; }else{ @@ -1663,52 +1693,49 @@ END } } print<
+ +


END - &Header::closebox(); - - #---TARGET------------------------------------------------------ - &Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'}); + if ($fwdfwsettings{'PROT'} ne 'ICMP'){ + print""; + } + #SOURCEPORT print< - $Lang::tr{'fwdfw targetip'}IPFire +
+ + +
$Lang::tr{'fwdfw use srcport'}
+
+ END - if (! -z "${General::swroot}/ethernet/aliases"){ - print" -
$Lang::tr{'fwdfw man port'}"; - } + $fwdfwsettings{'SRC_PORT'}=~ s/\|/,/g; print<
+ +

END - &gen_dd_block('tgt','grp2'); + if ($fwdfwsettings{'USE_SRC_PORT'} ne 'ON'){ + print""; + } + #TARGETPORT print<$Lang::tr{'fwhost attention'}:
- $Lang::tr{'fwhost macwarn'}

+

-
$Lang::tr{'fwdfw use srv'}$Lang::tr{'fwhost cust service'}
$Lang::tr{'fwdfw use srv'}
+
- - END - foreach ("TCP","UDP","GRE","ESP","AH","ICMP") - { - if ($_ eq $fwdfwsettings{'TGT_PROT'}) - { - print""; - }else{ - print""; - } - } $fwdfwsettings{'TGT_PORT'} =~ s/\|/,/g; print< - +
$Lang::tr{'fwhost cust service'}
$Lang::tr{'fwhost cust srvgrp'}:
$Lang::tr{'fwhost cust srvgrp'}
$Lang::tr{'fwdfw man port'}
$Lang::tr{'fwdfw man port'}
$Lang::tr{'fwhost icmptype'}

END - &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); - print""; - foreach my $key (sort { uc($icmptypes{$a}[0]) cmp uc($icmptypes{$b}[0]) }keys %icmptypes){ - if($fwdfwsettings{'ICMP_TGT'} eq "$icmptypes{$key}[0]"){ - print""; - }else{ - print""; - } + if ($fwdfwsettings{'USESRV'} ne 'ON'){ + print""; } - print< -
- -END &Header::closebox; - #---SNAT / DNAT ------------------------------------------------ - &Header::openbox('100%', 'left', 'NAT'); - print< - $Lang::tr{'fwdfw use nat'} - $Lang::tr{'fwdfw dnat'} -END - print"IPFire: "; - print"
"; - #SNAT - print"$Lang::tr{'fwdfw snat'}"; - print"IPFire: "; - print"$Lang::tr{'remark'}:"; + print"$Lang::tr{'remark'}:"; if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on'){ print "$Lang::tr{'fwdfw rulepos'}:$Lang::tr{'fwdfw timeframe'} -   + $Lang::tr{'fwdfw timeframe'} +   - $Lang::tr{'time'}: - $Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'} + $Lang::tr{'time'}:  + $Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'} $Lang::tr{'advproxy from'} $Lang::tr{'advproxy to'} - - - - - - - - - + + + + + + +
END #---ACTION------------------------------------------------------ if($fwdfwsettings{'updatefwrule'} ne 'on'){ @@ -1887,9 +1853,10 @@ END -
- -
+ +
+ +
END }else{ print< $b} keys %$hash){ @@ -2146,12 +2055,10 @@ sub saverule $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'}; $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'}; $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'}; - if($fwdfwsettings{'USE_NAT'} eq 'ON'){ - $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'}; - $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}}; - $$hash{$key}[30] = $fwdfwsettings{'dnatport'}; - $$hash{$key}[31] = $fwdfwsettings{'nat'}; - } + $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'}; + $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}}; + $$hash{$key}[30] = $fwdfwsettings{'dnatport'}; + $$hash{$key}[31] = $fwdfwsettings{'nat'}; last; } } @@ -2237,11 +2144,9 @@ sub validremark sub viewtablerule { &General::readhash("/var/ipfire/ethernet/settings", \%netsettings); - &viewtablenew(\%confignatfw,$confignat,"$Lang::tr{'fwdfw rules'}","Portforward / SNAT" ); &viewtablenew(\%configfwdfw,$configfwdfw,"","Forward" ); - &viewtablenew(\%configoutgoingfw,$configoutgoing,"","Outgoing" ); &viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'fwdfw xt access'} ); - &viewtablenew(\%configdmzfw,$configdmz,"","DMZ" ); + &viewtablenew(\%configoutgoingfw,$configoutgoing,"","Outgoing" ); } sub viewtablenew { @@ -2253,6 +2158,8 @@ sub viewtablenew &General::get_aliases(\%aliases); &General::readhasharray("$confighost", \%customhost); &General::readhasharray("$config", $hash); + &General::readhasharray("$configccdnet", \%ccdnet); + &General::readhasharray("$configccdhost", \%ccdhost); if( ! -z $config){ &Header::openbox('100%', 'left',$title); my $count=0; @@ -2263,8 +2170,8 @@ sub viewtablenew my @tmpsrc=(); my $coloryellow=''; print"$title1
"; - print""; - print""; + print"
#$Lang::tr{'fwdfw source'}Log$Lang::tr{'fwdfw target'}$Lang::tr{'protocol'}$Lang::tr{'fwdfw time'}$Lang::tr{'fwdfw action'}
"; + print""; foreach my $key (sort {$a <=> $b} keys %$hash){ $tdcolor=''; @tmpsrc=(); @@ -2316,9 +2223,11 @@ sub viewtablenew } } print""; + #KEY print<$key + END + #RULETYPE (A,R,D) if ($$hash{$key}[0] eq 'ACCEPT'){ $ruletype='A'; $tooltip='ACCEPT'; @@ -2332,19 +2241,60 @@ END $tooltip='REJECT'; $rulecolor=$color{'color16'}; } - print""; + print""; + #Get Protocol + my $prot; + if ($$hash{$key}[8]){ + push (@protocols,$$hash{$key}[8]); + }elsif($$hash{$key}[14] eq 'cust_srv'){ + &get_serviceports("service",$$hash{$key}[15]); + }elsif($$hash{$key}[14] eq 'cust_srvgrp'){ + &get_serviceports("group",$$hash{$key}[15]); + }else{ + push (@protocols,$Lang::tr{'all'}); + } + my $protz=join(",",@protocols); + if($protz eq 'ICMP' && $$hash{$key}[9] ne 'All ICMP-Types'){ + &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); + foreach my $keyicmp (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){ + if($$hash{$key}[9] eq "$icmptypes{$keyicmp}[0]"){ + print ""; + last; + } + } + }else{ + print""; + } + @protocols=(); + #SOURCE + my $ipfireiface; &getcolor($$hash{$key}[3],$$hash{$key}[4],\%customhost); print" + END + #TARGET &getcolor($$hash{$key}[5],$$hash{$key}[6],\%customhost); print< END #Is this a DNAT rule? - if ($$hash{$key}[31] eq 'dnat'){ - print "IPFire ($$hash{$key}[29])"; + if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){ + print "Firewall ($$hash{$key}[29])"; if($$hash{$key}[30] ne ''){ + $$hash{$key}[30]=~ tr/|/,/; print": $$hash{$key}[30]"; } - print"
DNAT->"; + print"
->"; + } + if ($$hash{$key}[5] eq 'ipfire'){ + $ipfireiface='Interface'; } - if ($$hash{$key}[5] eq 'std_net_tgt'){ - print &get_name($$hash{$key}[6]); + if ($$hash{$key}[5] eq 'std_net_tgt' || $$hash{$key}[5] eq 'ipfire' || $$hash{$key}[6] eq 'RED1' || $$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq 'ORANGE' || $$hash{$key}[6] eq 'BLUE' ){ + if ($$hash{$key}[6] eq 'RED1'){ + print "$ipfireiface $Lang::tr{'red1'}"; + }elsif ($$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq 'ORANGE' || $$hash{$key}[6] eq 'BLUE'|| $$hash{$key}[6] eq 'ALL') + { + print "$ipfireiface ".&get_name($$hash{$key}[6]); + }else{ + print $$hash{$key}[6]; + } + }elsif ($$hash{$key}[5] eq 'tgt_addr'){ + my ($split1,$split2) = split("/",$$hash{$key}[6]); + if ($split2 eq '32'){ + print $split1; + }else{ + print $$hash{$key}[6]; + } }else{ - print $$hash{$key}[6]; + print "$$hash{$key}[6]"; } $tdcolor=''; + #TARGETPORT &gettgtport(\%$hash,$key); print""; - #Get Protocol - my $prot; - if ($$hash{$key}[12]){ #target prot if manual - push (@protocols,$$hash{$key}[12]); - }elsif($$hash{$key}[8]){ #source prot if manual - push (@protocols,$$hash{$key}[8]); - }elsif($$hash{$key}[14] eq 'cust_srv'){ - &get_serviceports("service",$$hash{$key}[15]); - }elsif($$hash{$key}[14] eq 'cust_srvgrp'){ - &get_serviceports("group",$$hash{$key}[15]); - }else{ - push (@protocols,$Lang::tr{'all'}); - } - my $protz=join(",",@protocols); - print""; - @protocols=(); - if ($$hash{$key}[18] eq 'ON'){ - my @days=(); - if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});} - if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});} - if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});} - if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});} - if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});} - if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});} - if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});} - my $weekdays=join(",",@days); - if (@days){ - print""; - } - }else{ - print""; - } + #RULE ACTIVE if($$hash{$key}[2] eq 'ON'){ $gif="/images/on.gif" @@ -2422,74 +2361,165 @@ END $gif="/images/off.gif" } print< - - - + - - + - - + + END if (exists $$hash{$key-1}){ print< - + END }else{ print""; } if (exists $$hash{$key+1}){ print< - + END }else{ print""; } #REMARK - if ($optionsfw{'SHOWREMARK'} eq 'on'){ + if ($optionsfw{'SHOWREMARK'} eq 'on' && $$hash{$key}[16] ne ''){ print""; - print""; + print""; } - print""; + if ($$hash{$key}[18] eq 'ON'){ + #TIMEFRAME + if ($$hash{$key}[18] eq 'ON'){ + my @days=(); + if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});} + if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});} + if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});} + if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});} + if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});} + if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});} + if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});} + my $weekdays=join(",",@days); + if (@days){ + print""; + print""; + } + } + } + print""; + } + print"
#$Lang::tr{'fwdfw source'}Log$Lang::tr{'fwdfw target'}$Lang::tr{'fwdfw action'}
$key  $ruletype$ruletype$protz ($icmptypes{$keyicmp}[1])$protz"; + if ($$hash{$key}[3] eq 'ipfire_src'){ + $ipfireiface='Interface '; + } if ($$hash{$key}[3] eq 'std_net_src'){ print &get_name($$hash{$key}[4]); + }elsif ($$hash{$key}[3] eq 'src_addr'){ + my ($split1,$split2) = split("/",$$hash{$key}[4]); + if ($split2 eq '32'){ + print $split1; + }else{ + print $$hash{$key}[4]; + } + }elsif ($$hash{$key}[4] eq 'RED1'){ + print "$ipfireiface $Lang::tr{'fwdfw red'}"; }else{ - print $$hash{$key}[4]; + print "$$hash{$key}[4]"; } $tdcolor=''; + #SOURCEPORT &getsrcport(\%$hash,$key); #Is this a SNAT rule? - if ($$hash{$key}[31] eq 'snat'){ - print"
SNAT -> $$hash{$key}[29]"; + if ($$hash{$key}[31] eq 'snat' && $$hash{$key}[28] eq 'ON'){ + my $net=&get_name($$hash{$key}[29]); + if ( ! $net){ $net=$$hash{$key}[29];} + print"
->$net"; if ($$hash{$key}[30] ne ''){ print": $$hash{$key}[30]"; } @@ -2354,67 +2304,56 @@ END }else{ $log="/images/off.gif"; } + #LOGGING print< -
-
+ - $protz$weekdays   $$hash{$key}[26] - $$hash{$key}[27] 24/7 +
-
+
-
+
-
+
-
+
-
+
-
   $$hash{$key}[16]
   $$hash{$key}[16]
   $weekdays   $$hash{$key}[26] - $$hash{$key}[27]
"; + #SHOW FINAL RULE + print ""; + my $col; + if ($config eq '/var/ipfire/forward/config'){ + my $pol='fwdfw '.$fwdfwsettings{'POLICY'}; + if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ + $col="bgcolor='darkred'"; + }else{ + $col="bgcolor='green'"; + } + &show_defaultrules($col,$pol); + }elsif ($config eq '/var/ipfire/forward/outgoing'){ + if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){ + $col="bgcolor='darkred'"; + print""; + }else{ + $col="bgcolor='green'"; + print""; + } + }else{ + print""; } print"
$Lang::tr{'fwdfw final_rule'}$Lang::tr{'fwdfw pol block'}
$Lang::tr{'fwdfw final_rule'}$Lang::tr{'fwdfw pol allow'}
$Lang::tr{'fwdfw final_rule'}$Lang::tr{'fwdfw pol block'}
"; - &Header::closebox(); print "
"; print "

"; + &Header::closebox(); }else{ if ($optionsfw{'SHOWTABLES'} eq 'on'){ print "$title1
"; - print"
$Lang::tr{'fwhost empty'}


"; + print"
$Lang::tr{'fwhost empty'}
"; + my $col; + if ($config eq '/var/ipfire/forward/config'){ + my $pol='fwdfw '.$fwdfwsettings{'POLICY'}; + if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ + $col="bgcolor='darkred'"; + }else{ + $col="bgcolor='green'"; + } + &show_defaultrules($col,$pol); + }elsif ($config eq '/var/ipfire/forward/outgoing'){ + print ""; + my $pol='fwdfw '.$fwdfwsettings{'POLICY1'}; + if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){ + $col="bgcolor='darkred'"; + print""; + }else{ + $col="bgcolor='green'"; + print""; + } + }else{ + print "
$Lang::tr{'fwdfw final_rule'}$Lang::tr{'fwdfw pol block'}
$Lang::tr{'fwdfw final_rule'}$Lang::tr{'fwdfw pol allow'}
"; + print""; + } + print"
$Lang::tr{'fwdfw final_rule'}$Lang::tr{'fwdfw pol block'}


"; } } } - - &Header::closebigbox(); &Header::closepage(); + +sub show_defaultrules +{ + my $col=shift; + my $pol=shift; + #STANDARD RULES (From WIKI) + print""; + if ($col eq "bgcolor='green'"){ + print "
"; + my $blue = " $Lang::tr{'blue'} ($Lang::tr{'fwdfw pol block'})" if (&Header::blue_used()); + my $orange = " $Lang::tr{'orange'} ($Lang::tr{'fwdfw pol block'})" if (&Header::orange_used()); + my $blue1 = " $Lang::tr{'blue'} ($Lang::tr{'fwdfw pol allow'})" if (&Header::blue_used()); + my $orange1 = " $Lang::tr{'orange'} ($Lang::tr{'fwdfw pol allow'})" if (&Header::orange_used()); + print""; + print"" if (&Header::orange_used()); + print"" if (&Header::blue_used()); + print""; + if (&Header::orange_used()){ + print""; + print"" if (&Header::blue_used()); + print""; + } + if (&Header::blue_used()){ + print""; + print"" if (&Header::orange_used()); + print""; + print""; + } + print""; + }elsif($col eq "bgcolor='darkred'"){ + print "
$Lang::tr{'green'} $Lang::tr{'red'} ($Lang::tr{'fwdfw pol allow'})$orange1$blue1
$Lang::tr{'orange'} $Lang::tr{'red'} ($Lang::tr{'fwdfw pol allow'}) $Lang::tr{'green'} ($Lang::tr{'fwdfw pol block'})$blue
$Lang::tr{'blue'} $Lang::tr{'red'} ($Lang::tr{'fwdfw pol allow'})$orange $Lang::tr{'green'} ($Lang::tr{'fwdfw pol block'})
$Lang::tr{'fwdfw final_rule'} $Lang::tr{'fwdfw pol allow'}
"; + print""; + } +}
$Lang::tr{'fwdfw final_rule'}$Lang::tr{'fwdfw pol block'}