X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fforwardfw.cgi;h=fb577439c5ffd5f29a40e217dc22f0c3f372b4fc;hp=9b4ca0d2acafe6253293825f13d104c18b0a319d;hb=d4cb89d2d111e219520f4e1294e2e0985f918dac;hpb=93a5f4a5821f92be219be12696de86ff8641395c diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi index 9b4ca0d2a..fb577439c 100755 --- a/html/cgi-bin/forwardfw.cgi +++ b/html/cgi-bin/forwardfw.cgi @@ -27,10 +27,11 @@ # Now that the ccd extension is ready i am able to develop the main request. # # Any feedback is appreciated. # # # -# # +#Copymaster # ############################################################################### use strict; +use Sort::Naturally; no warnings 'uninitialized'; # enable only the following on debugging purpose #use warnings; @@ -45,6 +46,8 @@ unless (-d "${General::swroot}/forward") { system("mkdir ${General::swroot}/f unless (-e "${General::swroot}/forward/settings") { system("touch ${General::swroot}/forward/settings"); } unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); } unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); } +unless (-e "${General::swroot}/forward/outgoing") { system("touch ${General::swroot}/forward/outgoing"); } +unless (-e "${General::swroot}/forward/nat") { system("touch ${General::swroot}/forward/nat"); } my %fwdfwsettings=(); my %selected=() ; @@ -60,6 +63,7 @@ my %customnetwork=(); my %ccdhost=(); my %configfwdfw=(); my %configinputfw=(); +my %configoutgoingfw=(); my %ipsecconf=(); my %color=(); my %mainsettings=(); @@ -68,7 +72,10 @@ my %icmptypes=(); my %ovpnsettings=(); my %ipsecsettings=(); my %aliases=(); -my @p2ps = (); +my %optionsfw=(); +my %ifaces=(); + +my $VERSION='0.9.9.9a'; my $color; my $confignet = "${General::swroot}/fwhosts/customnetworks"; my $confighost = "${General::swroot}/fwhosts/customhosts"; @@ -81,67 +88,69 @@ my $configipsec = "${General::swroot}/vpn/config"; my $configipsecrw = "${General::swroot}/vpn/settings"; my $configfwdfw = "${General::swroot}/forward/config"; my $configinput = "${General::swroot}/forward/input"; +my $configoutgoing = "${General::swroot}/forward/outgoing"; my $configovpn = "${General::swroot}/ovpn/settings"; -my $p2pfile = "${General::swroot}/forward/p2protocols"; +my $fwoptions = "${General::swroot}/optionsfw/settings"; +my $ifacesettings = "${General::swroot}/ethernet/settings"; my $errormessage=''; my $hint=''; my $ipgrp="${General::swroot}/outgoing/groups"; - - +my $tdcolor=''; +my $checkorange=''; +my @protocols; &General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings); &General::readhash("${General::swroot}/main/settings", \%mainsettings); &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - +&General::readhash($fwoptions, \%optionsfw); +&General::readhash($ifacesettings, \%ifaces); +&General::readhash("$configovpn", \%ovpnsettings); +&General::readhash("$configipsecrw", \%ipsecsettings); +&General::readhasharray("$configipsec", \%ipsecconf); &Header::showhttpheaders(); &Header::getcgihash(\%fwdfwsettings); &Header::openpage($Lang::tr{'fwdfw menu'}, 1, ''); &Header::openbigbox('100%', 'center',$errormessage); #### ACTION ##### -if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'save'}) -{ - my $MODE = $fwdfwsettings{'POLICY'}; - %fwdfwsettings = (); - $fwdfwsettings{'POLICY'} = "$MODE"; - &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); - &reread_rules; -} if ($fwdfwsettings{'ACTION'} eq 'saverule') { &General::readhasharray("$configfwdfw", \%configfwdfw); &General::readhasharray("$configinput", \%configinputfw); + &General::readhasharray("$configoutgoing", \%configoutgoingfw); $errormessage=&checksource; if(!$errormessage){&checktarget;} if(!$errormessage){&checkrule;} - #check if we change an forward rule to an external access - if( $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'oldgrp2a'} ne 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){ - $fwdfwsettings{'updatefwrule'}=''; - $fwdfwsettings{'config'}=$configfwdfw; - $fwdfwsettings{'nobase'}='on'; - &deleterule; - &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + + #check if manual ip (source) is orange network + if ($fwdfwsettings{'grp1'} eq 'src_addr'){ + my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}}); + if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){ + $checkorange='on'; + } + } + #check useless rules + if( ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on') && $fwdfwsettings{'grp2'} eq 'ipfire'){ + $errormessage.=$Lang::tr{'fwdfw useless rule'}."
"; + } + #check if we try to break rules + if( $fwdfwsettings{'grp1'} eq 'ipfire_src' && $fwdfwsettings{'grp2'} eq 'ipfire'){ + $errormessage.=$Lang::tr{'fwdfw err same'}; } - #check if we change an external access rule to an forward - if( $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){ - $fwdfwsettings{'updatefwrule'}=''; - $fwdfwsettings{'config'}=$configinput; - $fwdfwsettings{'nobase'}='on'; - &deleterule; - &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); - } #INPUT part - if($fwdfwsettings{'grp2'} eq 'ipfire'){ + if($fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE'){ + $fwdfwsettings{'config'}=$configinput; $fwdfwsettings{'chain'} = 'INPUTFW'; + my $maxkey=&General::findhasharraykey(\%configinputfw); #check if we have an identical rule already - if($fwdfwsettings{'oldrulenumer'} eq $fwdfwsettings{'rulepos'}){ + if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){ foreach my $key (sort keys %configinputfw){ - if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" - eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27]"){ + if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'}, $fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'}, $fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'}, $fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'}, $fwdfwsettings{'TIME'}, $fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}" + eq "$configinputfw{$key}[0], $configinputfw{$key}[2], $configinputfw{$key}[3],$configinputfw{$key}[4], $configinputfw{$key}[5],$configinputfw{$key}[6], $configinputfw{$key}[7], $configinputfw{$key}[8],$configinputfw{$key}[9], $configinputfw{$key}[10], $configinputfw{$key}[11],$configinputfw{$key}[12], $configinputfw{$key}[13], $configinputfw{$key}[14],$configinputfw{$key}[15], $configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19], $configinputfw{$key}[20], $configinputfw{$key}[21], $configinputfw{$key}[22], $configinputfw{$key}[23], $configinputfw{$key}[24], $configinputfw{$key}[25], $configinputfw{$key}[26], $configinputfw{$key}[27], $configinputfw{$key}[28], $configinputfw{$key}[29], $configinputfw{$key}[30], $configinputfw{$key}[31]"){ $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on'){ $errormessage=''; + }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ + $errormessage=$Lang::tr{'fwdfw err remark'}."
"; } if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){ $fwdfwsettings{'nosave'} = 'on'; @@ -149,8 +158,18 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') } } } + #check Rulepos on new Rule + if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){ + $fwdfwsettings{'oldrulenumber'}=$maxkey; + foreach my $key (sort keys %configinputfw){ + if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'}, $fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'}, $fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'}, $fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'}, $fwdfwsettings{'TIME'}, $fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}" + eq "$configinputfw{$key}[0], $configinputfw{$key}[2], $configinputfw{$key}[3],$configinputfw{$key}[4], $configinputfw{$key}[5],$configinputfw{$key}[6], $configinputfw{$key}[7], $configinputfw{$key}[8],$configinputfw{$key}[9], $configinputfw{$key}[10], $configinputfw{$key}[11],$configinputfw{$key}[12], $configinputfw{$key}[13], $configinputfw{$key}[14],$configinputfw{$key}[15], $configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19], $configinputfw{$key}[20], $configinputfw{$key}[21], $configinputfw{$key}[22], $configinputfw{$key}[23], $configinputfw{$key}[24], $configinputfw{$key}[25], $configinputfw{$key}[26], $configinputfw{$key}[27], $configinputfw{$key}[28], $configinputfw{$key}[29], $configinputfw{$key}[30], $configinputfw{$key}[31]"){ + $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; + } + } + } #check if we just close a rule - if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} ) { + if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}) { if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){ $errormessage=''; $fwdfwsettings{'nosave2'} = 'on'; @@ -170,53 +189,101 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') if($fwdfwsettings{'nosave2'} ne 'on'){ &saverule(\%configinputfw,$configinput); } - #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; - #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}
"; - #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; - #print "Dienst: $fwdfwsettings{'USESRV'}, $fwdfwsettings{'grp3'} -> $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; - #print "BEMERKUNG: $fwdfwsettings{'ruleremark'}
"; - #print " Regel AKTIV: $fwdfwsettings{'ACTIVE'}
"; - #print " Regel LOG: $fwdfwsettings{'LOG'}
"; - #print " ZEITRAHMEN: $fwdfwsettings{'TIME'}
"; - #print " MO: $fwdfwsettings{'TIME_MON'}
"; - #print " DI: $fwdfwsettings{'TIME_TUE'}
"; - #print " MI: $fwdfwsettings{'TIME_WED'}
"; - #print " DO: $fwdfwsettings{'TIME_THU'}
"; - #print " FR: $fwdfwsettings{'TIME_FRI'}
"; - #print " SA: $fwdfwsettings{'TIME_SAT'}
"; - #print " SO: $fwdfwsettings{'TIME_SUN'}
"; - #print " VON: $fwdfwsettings{'TIME_FROM'} bis $fwdfwsettings{'TIME_TO'}
"; - #print "
"; - #print"ALT: $fwdfwsettings{'oldgrp1a'} $fwdfwsettings{'oldgrp1b'} NEU: $fwdfwsettings{'grp1'} $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; - #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; - #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; - #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}
"; + }elsif($fwdfwsettings{'grp1'} eq 'ipfire_src' ){ + # OUTGOING PART + $fwdfwsettings{'config'}=$configoutgoing; + $fwdfwsettings{'chain'} = 'OUTGOINGFW'; + my $maxkey=&General::findhasharraykey(\%configoutgoingfw); + if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){ + foreach my $key (sort keys %configoutgoingfw){ + if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'}, $fwdfwsettings{'grp1'}, $fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'}, $fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'}, $fwdfwsettings{'USESRV'}, $fwdfwsettings{'TGT_PROT'}, $fwdfwsettings{'ICMP_TGT'}, $fwdfwsettings{'grp3'}, $fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'}, $fwdfwsettings{'TIME'}, $fwdfwsettings{'TIME_MON'}, $fwdfwsettings{'TIME_TUE'}, $fwdfwsettings{'TIME_WED'}, $fwdfwsettings{'TIME_THU'}, $fwdfwsettings{'TIME_FRI'}, $fwdfwsettings{'TIME_SAT'}, $fwdfwsettings{'TIME_SUN'}, $fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}, $fwdfwsettings{'USE_NAT'}, $fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'}, $fwdfwsettings{'nat'}" + eq "$configoutgoingfw{$key}[0], $configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4], $configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6], $configoutgoingfw{$key}[7], $configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9], $configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15], $configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29], $configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31]"){ + $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; + if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on'){ + $errormessage=''; + }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ + $errormessage=$Lang::tr{'fwdfw err remark'}."
"; + } + if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){ + $fwdfwsettings{'nosave'} = 'on'; + } + } + } + } + #check Rulepos on new Rule + if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){ + print"CHECK OUTGOING DOPPELTE REGEL
"; + $fwdfwsettings{'oldrulenumber'}=$maxkey; + foreach my $key (sort keys %configoutgoingfw){ + if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'}, $fwdfwsettings{'grp1'}, $fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'}, $fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'}, $fwdfwsettings{'USESRV'}, $fwdfwsettings{'TGT_PROT'}, $fwdfwsettings{'ICMP_TGT'}, $fwdfwsettings{'grp3'}, $fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'}, $fwdfwsettings{'TIME'}, $fwdfwsettings{'TIME_MON'}, $fwdfwsettings{'TIME_TUE'}, $fwdfwsettings{'TIME_WED'}, $fwdfwsettings{'TIME_THU'}, $fwdfwsettings{'TIME_FRI'}, $fwdfwsettings{'TIME_SAT'}, $fwdfwsettings{'TIME_SUN'}, $fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}, $fwdfwsettings{'USE_NAT'}, $fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'}, $fwdfwsettings{'nat'}" + eq "$configoutgoingfw{$key}[0], $configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4], $configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6], $configoutgoingfw{$key}[7], $configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9], $configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15], $configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29], $configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31]"){ + $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; + } + } + } + #check if we just close a rule + if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}) { + if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){ + $fwdfwsettings{'nosave2'} = 'on'; + $errormessage=''; + } + } + #increase counters + &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); + &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); + if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { + &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0); + }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ + &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + } + if ($fwdfwsettings{'nobase'} eq 'on'){ + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + } + if ($fwdfwsettings{'nosave2'} ne 'on'){ + &saverule(\%configoutgoingfw,$configoutgoing); + } }else{ #FORWARD PART + $fwdfwsettings{'config'}=$configfwdfw; $fwdfwsettings{'chain'} = 'FORWARDFW'; + my $maxkey=&General::findhasharraykey(\%configfwdfw); if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){ #check if we have an identical rule already foreach my $key (sort keys %configfwdfw){ - if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" - eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){ + if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}" + eq "$configfwdfw{$key}[0], $configfwdfw{$key}[2], $configfwdfw{$key}[3], $configfwdfw{$key}[4], $configfwdfw{$key}[5], $configfwdfw{$key}[6], $configfwdfw{$key}[7], $configfwdfw{$key}[8], $configfwdfw{$key}[9], $configfwdfw{$key}[10], $configfwdfw{$key}[11], $configfwdfw{$key}[12], $configfwdfw{$key}[13], $configfwdfw{$key}[14],$configfwdfw{$key}[15], $configfwdfw{$key}[18],$configfwdfw{$key}[19], $configfwdfw{$key}[20], $configfwdfw{$key}[21], $configfwdfw{$key}[22], $configfwdfw{$key}[23], $configfwdfw{$key}[24], $configfwdfw{$key}[25], $configfwdfw{$key}[26], $configfwdfw{$key}[27], $configfwdfw{$key}[28], $configfwdfw{$key}[29], $configfwdfw{$key}[30], $configfwdfw{$key}[31]"){ $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; - if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on'){ + if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' ){ $errormessage=''; + }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ + $errormessage=$Lang::tr{'fwdfw err remark'}."
"; } if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){ $fwdfwsettings{'nosave'} = 'on'; + print "uzlputz neu time:$fwdfwsettings{'TIME'} alt:$configfwdfw{$key}[18]"; } } } } + #check Rulepos on new Rule + if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){ + $fwdfwsettings{'oldrulenumber'}=$maxkey; + foreach my $key (sort keys %configfwdfw){ + if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}" + eq "$configfwdfw{$key}[0], $configfwdfw{$key}[2], $configfwdfw{$key}[3], $configfwdfw{$key}[4], $configfwdfw{$key}[5], $configfwdfw{$key}[6], $configfwdfw{$key}[7], $configfwdfw{$key}[8], $configfwdfw{$key}[9], $configfwdfw{$key}[10], $configfwdfw{$key}[11], $configfwdfw{$key}[12], $configfwdfw{$key}[13], $configfwdfw{$key}[14],$configfwdfw{$key}[15], $configfwdfw{$key}[18],$configfwdfw{$key}[19], $configfwdfw{$key}[20], $configfwdfw{$key}[21], $configfwdfw{$key}[22], $configfwdfw{$key}[23], $configfwdfw{$key}[24], $configfwdfw{$key}[25], $configfwdfw{$key}[26], $configfwdfw{$key}[27], $configfwdfw{$key}[28], $configfwdfw{$key}[29], $configfwdfw{$key}[30], $configfwdfw{$key}[31]"){ + $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; + } + } + } #check if we just close a rule - if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} ) { + if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}) { if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){ $fwdfwsettings{'nosave2'} = 'on'; $errormessage=''; } } - #increase counters &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); @@ -233,27 +300,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') if ($fwdfwsettings{'nosave2'} ne 'on'){ &saverule(\%configfwdfw,$configfwdfw); } - #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; - #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}
"; - #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; - #print "Dienst: $fwdfwsettings{'USESRV'}, $fwdfwsettings{'grp3'} -> $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; - #print "BEMERKUNG: $fwdfwsettings{'ruleremark'}
"; - #print " Regel AKTIV: $fwdfwsettings{'ACTIVE'}
"; - #print " Regel LOG: $fwdfwsettings{'LOG'}
"; - #print " ZEITRAHMEN: $fwdfwsettings{'TIME'}
"; - #print " MO: $fwdfwsettings{'TIME_MON'}
"; - #print " DI: $fwdfwsettings{'TIME_TUE'}
"; - #print " MI: $fwdfwsettings{'TIME_WED'}
"; - #print " DO: $fwdfwsettings{'TIME_THU'}
"; - #print " FR: $fwdfwsettings{'TIME_FRI'}
"; - #print " SA: $fwdfwsettings{'TIME_SAT'}
"; - #print " SO: $fwdfwsettings{'TIME_SUN'}
"; - #print " VON: $fwdfwsettings{'TIME_FROM'} bis $fwdfwsettings{'TIME_TO'}
"; - #print "
"; - #print"ALT: $fwdfwsettings{'oldgrp1a'} $fwdfwsettings{'oldgrp1b'} NEU: $fwdfwsettings{'grp1'} $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; - #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; - #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; - #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}
"; } if ($errormessage){ &newrule; @@ -264,30 +310,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') &base; } } -if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'reset'}) -{ - &General::readhasharray("$configfwdfw", \%configfwdfw); - foreach my $key (sort keys %configfwdfw){ - &checkcounter($configfwdfw{$key}[3],$configfwdfw{$key}[4],,); - &checkcounter($configfwdfw{$key}[5],$configfwdfw{$key}[6],,); - &checkcounter($configfwdfw{$key}[14],$configfwdfw{$key}[15],,); - } - &General::readhasharray("$configinput", \%configinputfw); - foreach my $key (sort keys %configinputfw){ - &checkcounter($configinputfw{$key}[3],$configinputfw{$key}[4],,); - &checkcounter($configinputfw{$key}[5],$configinputfw{$key}[6],,); - &checkcounter($configinputfw{$key}[14],$configinputfw{$key}[15],,); - } - $fwdfwsettings{'POLICY'}='MODE0'; - system("rm ${General::swroot}/forward/config"); - system("rm ${General::swroot}/forward/input"); - &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); - unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); } - unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); } - %fwdfwsettings = (); - &reread_rules; - -} if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw newrule'}) { &newrule; @@ -345,366 +367,198 @@ if ($fwdfwsettings{'ACTION'} eq 'movedown') if ($fwdfwsettings{'ACTION'} eq 'copyrule') { $fwdfwsettings{'copyfwrule'}='on'; - #$fwdfwsettings{'updatefwrule'}='on'; &newrule; } -if ($fwdfwsettings{'ACTION'} eq 'togglep2p') -{ - #$errormessage="Toggle $fwdfwsettings{'P2PROT'}
"; - open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile"; - @p2ps = ; - close FILE; - open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile"; - foreach my $p2pentry (sort @p2ps) - { - my @p2pline = split( /\;/, $p2pentry ); - if ($p2pline[1] eq $fwdfwsettings{'P2PROT'}) { - if($p2pline[2] eq 'on'){ - $p2pline[2]='off'; - }else{ - $p2pline[2]='on'; - } - } - print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n"; - } - close FILE; - &rules; - &base; -} if ($fwdfwsettings{'ACTION'} eq '') { &base; } ### Functions #### -sub pos_up +sub addrule { - my %uphash=(); - my %tmp=(); - &General::readhasharray($fwdfwsettings{'config'}, \%uphash); - foreach my $key (sort keys %uphash){ - if ($key eq $fwdfwsettings{'key'}) { - my $last = $key -1; - if (exists $uphash{$last}){ - #save rule last - foreach my $y (0 .. $#{$uphash{$last}}) { - $tmp{0}[$y] = $uphash{$last}[$y]; + &error; + if (-f "${General::swroot}/forward/reread"){ + print "
    $Lang::tr{'fwhost reread'}

"; + } + &Header::openbox('100%', 'left', $Lang::tr{'fwdfw menu'}); + print "
"; + print ""; + print ""; + print"
"; + &Header::closebox(); + &viewtablerule; +} +sub base +{ + &hint; + &addrule; + print "

"; + print "

Version: $VERSION
"; +} +sub changerule +{ + my $oldchain=shift; + $fwdfwsettings{'updatefwrule'}=''; + $fwdfwsettings{'config'}=$oldchain; + $fwdfwsettings{'nobase'}='on'; + &deleterule; + &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); +} +sub checksource +{ + my ($ip,$subnet); + #check ip-address if manual + if ($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} ne ''){ + #check if ip with subnet + if ($fwdfwsettings{'src_addr'} =~ /^(.*?)\/(.*?)$/) { + ($ip,$subnet)=split (/\//,$fwdfwsettings{'src_addr'}); + $subnet = &General::iporsubtocidr($subnet); + $fwdfwsettings{'isip'}='on'; + } + #check if only ip + if($fwdfwsettings{'src_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){ + $ip=$fwdfwsettings{'src_addr'}; + $subnet = '32'; + $fwdfwsettings{'isip'}='on'; + } + + if ($fwdfwsettings{'isip'} ne 'on'){ + if (&General::validmac($fwdfwsettings{'src_addr'})){$fwdfwsettings{'ismac'}='on';} + } + if ($fwdfwsettings{'isip'} eq 'on'){ + ##check if ip is valid + if (! &General::validip($ip)){ + $errormessage.=$Lang::tr{'fwdfw err src_addr'}."
"; + return $errormessage; + } + #check and form valid IP + $ip=&General::ip2dec($ip); + $ip=&General::dec2ip($ip); + #check if net or broadcast + my @tmp= split (/\./,$ip); + if (($tmp[3] eq "0") || ($tmp[3] eq "255")) + { + $errormessage=$Lang::tr{'fwhost err hostip'}."
"; + return $errormessage; + } + $fwdfwsettings{'src_addr'}="$ip/$subnet"; + if(!&General::validipandmask($fwdfwsettings{'src_addr'})){ + $errormessage.=$Lang::tr{'fwdfw err src_addr'}."
"; + return $errormessage; + } + } + if ($fwdfwsettings{'isip'} ne 'on' && $fwdfwsettings{'ismac'} ne 'on'){ + $errormessage.=$Lang::tr{'fwdfw err src_addr'}."
"; + return $errormessage; + } + }elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){ + $errormessage.=$Lang::tr{'fwdfw err nosrcip'}; + return $errormessage; + } + + #check empty fields + if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}."
";} + #check icmp source + if ($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ICMP'){ + $fwdfwsettings{'SRC_PORT'}=''; + &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); + foreach my $key (keys %icmptypes){ + if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}[1])"){ + $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]"; } - #copy active rule to last - foreach my $i (0 .. $#{$uphash{$last}}) { - $uphash{$last}[$i] = $uphash{$key}[$i]; + } + }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'GRE'){ + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'ICMP_TYPES'}=''; + }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ESP'){ + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'ICMP_TYPES'}=''; + }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'AH'){ + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'ICMP_TYPES'}=''; + }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP'){ + $fwdfwsettings{'ICMP_TYPES'}=''; + }else{ + $fwdfwsettings{'ICMP_TYPES'}=''; + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'PROT'}=''; + } + + if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'SRC_PORT'} ne ''){ + my @parts=split(",",$fwdfwsettings{'SRC_PORT'}); + my @values=(); + foreach (@parts){ + chomp($_); + if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) { + my $check; + #change dashes with : + $_=~ tr/-/:/; + if ($_ eq "*") { + push(@values,"1:65535"); + $check='on'; } - #copy saved rule to actual position - foreach my $x (0 .. $#{$tmp{0}}) { - $uphash{$key}[$x] = $tmp{0}[$x]; + if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) { + push(@values,"1:$2"); + $check='on'; + } + if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/ ) { + push(@values,"$1:65535"); + $check='on' + } + $errormessage .= &General::validportrange($_, 'destination'); + if(!$check){ + push (@values,$_); + } + }else{ + if (&General::validport($_)){ + push (@values,$_); + }else{ + } } } + $fwdfwsettings{'SRC_PORT'}=join("|",@values); } - &General::writehasharray($fwdfwsettings{'config'}, \%uphash); - &rules; + return $errormessage; } -sub pos_down +sub checktarget { - my %downhash=(); - my %tmp=(); - &General::readhasharray($fwdfwsettings{'config'}, \%downhash); - foreach my $key (sort keys %downhash){ - if ($key eq $fwdfwsettings{'key'}) { - my $next = $key + 1; - if (exists $downhash{$next}){ - #save rule next - foreach my $y (0 .. $#{$downhash{$next}}) { - $tmp{0}[$y] = $downhash{$next}[$y]; + my ($ip,$subnet); + &General::readhasharray("$configsrv", \%customservice); + #check DNAT settings (has to be single Host and single Port or portrange) + if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){ + if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){ + if ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'dnatport'} eq ''){ + $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + return $errormessage; + } + #check if manual ip is a single Host (if set) + if ($fwdfwsettings{'grp2'} eq 'tgt_addr'){ + my @tmp= split (/\./,$fwdfwsettings{$fwdfwsettings{'grp2'}}); + my @tmp1= split ("/",$tmp[3]); + if (($tmp1[0] eq "0") || ($tmp1[0] eq "255")) + { + $errormessage=$Lang::tr{'fwdfw dnat error'}."
"; + return $errormessage; } - #copy active rule to next - foreach my $i (0 .. $#{$downhash{$next}}) { - $downhash{$next}[$i] = $downhash{$key}[$i]; + } + #check if Port is a single Port or portrange + if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ + if(($fwdfwsettings{'TGT_PROT'} ne 'TCP'|| $fwdfwsettings{'TGT_PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){ + $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + return $errormessage; } - #copy saved rule to actual position - foreach my $x (0 .. $#{$tmp{0}}) { - $downhash{$key}[$x] = $tmp{0}[$x]; + if (($fwdfwsettings{'TGT_PROT'} eq 'TCP'|| $fwdfwsettings{'TGT_PROT'} eq 'UDP') && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PORT'})){ + $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + return $errormessage; } } + }else{ + $errormessage=$Lang::tr{'fwdfw dnat error'}."
"; + return $errormessage; } } - &General::writehasharray($fwdfwsettings{'config'}, \%downhash); - &rules; -} -sub checkcounter -{ - my ($base1,$val1,$base2,$val2) = @_; - - if($base1 eq 'cust_net_src' || $base1 eq 'cust_net_tgt'){ - &dec_counter($confignet,\%customnetwork,$val1); - }elsif($base1 eq 'cust_host_src' || $base1 eq 'cust_host_tgt'){ - &dec_counter($confighost,\%customhost,$val1); - }elsif($base1 eq 'cust_grp_src' || $base1 eq 'cust_grp_tgt'){ - &dec_counter($configgrp,\%customgrp,$val1); - }elsif($base1 eq 'cust_srv'){ - &dec_counter($configsrv,\%customservice,$val1); - }elsif($base1 eq 'cust_srvgrp'){ - &dec_counter($configsrvgrp,\%customservicegrp,$val1); - } - - if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){ - &inc_counter($confignet,\%customnetwork,$val2); - }elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){ - &inc_counter($confighost,\%customhost,$val2); - }elsif($base2 eq 'cust_grp_src' || $base2 eq 'cust_grp_tgt'){ - &inc_counter($configgrp,\%customgrp,$val2); - }elsif($base2 eq 'cust_srv'){ - &inc_counter($configsrv,\%customservice,$val2); - }elsif($base2 eq 'cust_srvgrp'){ - &inc_counter($configsrvgrp,\%customservicegrp,$val2); - } -} -sub inc_counter -{ - my $config=shift; - my %hash=%{(shift)}; - my $val=shift; - my $pos; - - &General::readhasharray($config, \%hash); - foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ - if($hash{$key}[0] eq $val){ - $pos=$#{$hash{$key}}; - $hash{$key}[$pos] = $hash{$key}[$pos]+1; - } - } - &General::writehasharray($config, \%hash); -} -sub dec_counter -{ - my $config=shift; - my %hash=%{(shift)}; - my $val=shift; - my $pos; - #$errormessage.="ALT:config: $config , verringert wird $val
"; - &General::readhasharray($config, \%hash); - foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ - if($hash{$key}[0] eq $val){ - $pos=$#{$hash{$key}}; - $hash{$key}[$pos] = $hash{$key}[$pos]-1; - } - } - &General::writehasharray($config, \%hash); -} -sub base -{ - if ($fwdfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; } - if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; } - if ($fwdfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; } - - &hint; - if ($fwdfwsettings{'POLICY'} ne 'MODE0' && $fwdfwsettings{'POLICY'} ne '') { - &addrule; - } - - #print""; - #foreach (0 .. 40){ - #my $i="color".$_; - #print""; - #} - #print"
$_
"; - if ($fwdfwsettings{'POLICY'} eq 'MODE1' || $fwdfwsettings{'POLICY'} eq 'MODE2' ) { - &p2pblock; - } - &Header::openbox('100%', 'center', 'Policy'); -print < - - - - - -
$Lang::tr{'mode'} 0:$Lang::tr{'outgoing firewall mode0'}
$Lang::tr{'mode'} 1:$Lang::tr{'outgoing firewall mode1'}
$Lang::tr{'mode'} 2:$Lang::tr{'outgoing firewall mode2'}
- - -END - if ($fwdfwsettings{'POLICY'} ne 'MODE0'&& $fwdfwsettings{'POLICY'} ne '' ) { - print "$Lang::tr{'outgoing firewall reset'}: "; - } - print "
"; - &Header::closebox(); -} -sub addrule -{ - &error; - &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'}); - - print "
"; - print ""; - print ""; - if (-f "${General::swroot}/forward/reread"){ - print ""; - } - print"
"; - - &Header::closebox(); - &viewtablerule; -} -sub deleterule -{ - my %delhash=(); - &General::readhasharray($fwdfwsettings{'config'}, \%delhash); - foreach my $key (sort {$a <=> $b} keys %delhash){ - if ($key == $fwdfwsettings{'key'}){ - #check hosts/net and groups - &checkcounter($delhash{$key}[3],$delhash{$key}[4],,); - &checkcounter($delhash{$key}[5],$delhash{$key}[6],,); - #check services and groups - if ($delhash{$key}[11] eq 'ON'){ - &checkcounter($delhash{$key}[14],$delhash{$key}[15],,); - } - } - if ($key >= $fwdfwsettings{'key'}) { - my $next = $key + 1; - if (exists $delhash{$next}) { - foreach my $i (0 .. $#{$delhash{$next}}) { - $delhash{$key}[$i] = $delhash{$next}[$i]; - } - } - } - } - # Remove the very last entry. - my $last_key = (sort {$a <=> $b} keys %delhash)[-1]; - delete $delhash{$last_key}; - - &General::writehasharray($fwdfwsettings{'config'}, \%delhash); - &rules; - - if($fwdfwsettings{'nobase'} ne 'on'){ - &base; - } -} -sub disable_rule -{ - my $key1=shift; - &General::readhasharray("$configfwdfw", \%configfwdfw); - foreach my $key (sort keys %configfwdfw){ - if ($key eq $key1 ){ - if ($configfwdfw{$key}[2] eq 'ON'){$configfwdfw{$key}[2]='';} - } - } - &General::writehasharray("$configfwdfw", \%configfwdfw); - &rules; -} -sub checksource -{ - my ($ip,$subnet); - - #check ip-address if manual - if ($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} ne ''){ - #check if ip with subnet - if ($fwdfwsettings{'src_addr'} =~ /^(.*?)\/(.*?)$/) { - ($ip,$subnet)=split (/\//,$fwdfwsettings{'src_addr'}); - $subnet = &General::iporsubtocidr($subnet); - $fwdfwsettings{'isip'}='on'; - } - #check if only ip - if($fwdfwsettings{'src_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){ - $ip=$fwdfwsettings{'src_addr'}; - $subnet = '32'; - $fwdfwsettings{'isip'}='on'; - } - - if ($fwdfwsettings{'isip'} ne 'on'){ - if (&General::validmac($fwdfwsettings{'src_addr'})){$fwdfwsettings{'ismac'}='on';} - } - if ($fwdfwsettings{'isip'} eq 'on'){ - #check and form valid IP - $ip=&General::ip2dec($ip); - $ip=&General::dec2ip($ip); - #check if net or broadcast - my @tmp= split (/\./,$ip); - if (($tmp[3] eq "0") || ($tmp[3] eq "255")) - { - $errormessage=$Lang::tr{'fwhost err hostip'}."
"; - } - $fwdfwsettings{'src_addr'}="$ip/$subnet"; - - if(!&General::validipandmask($fwdfwsettings{'src_addr'})){ - $errormessage.=$Lang::tr{'fwdfw err src_addr'}."
"; - } - } - if ($fwdfwsettings{'isip'} ne 'on' && $fwdfwsettings{'ismac'} ne 'on'){ - $errormessage.=$Lang::tr{'fwdfw err src_addr'}."
"; - } - }elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){ - $errormessage.=$Lang::tr{'fwdfw err nosrcip'}; - return $errormessage; - } - - #check empty fields - if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}."
";} - #check icmp source - if ($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ICMP'){ - $fwdfwsettings{'SRC_PORT'}=''; - &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); - foreach my $key (keys %icmptypes){ - if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}[1])"){ - $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]"; - } - } - }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'GRE'){ - $fwdfwsettings{'SRC_PORT'}=''; - $fwdfwsettings{'ICMP_TYPES'}=''; - }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ESP'){ - $fwdfwsettings{'SRC_PORT'}=''; - $fwdfwsettings{'ICMP_TYPES'}=''; - }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'AH'){ - $fwdfwsettings{'SRC_PORT'}=''; - $fwdfwsettings{'ICMP_TYPES'}=''; - }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP'){ - $fwdfwsettings{'ICMP_TYPES'}=''; - }else{ - $fwdfwsettings{'ICMP_TYPES'}=''; - $fwdfwsettings{'SRC_PORT'}=''; - $fwdfwsettings{'PROT'}=''; - } - - if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'SRC_PORT'} ne ''){ - my @parts=split(",",$fwdfwsettings{'SRC_PORT'}); - my @values=(); - foreach (@parts){ - chomp($_); - if ($_ =~ /^(\d+)\:(\d+)$/) { - my $check; - #change dashes with : - $_=~ tr/-/:/; - if ($_ eq "*") { - push(@values,"1:65535"); - $check='on'; - } - if ($_ =~ /^(\D)\:(\d+)$/) { - push(@values,"1:$2"); - $check='on'; - } - if ($_ =~ /^(\d+)\:(\D)$/) { - push(@values,"$1:65535"); - $check='on' - } - $errormessage .= &General::validportrange($_, 'destination'); - if(!$check){ - push (@values,$_); - } - }else{ - if (&General::validport($_)){ - push (@values,$_); - }else{ - - } - } - } - $fwdfwsettings{'SRC_PORT'}=join("|",@values); - return $errormessage; - } -} -sub checktarget -{ - my ($ip,$subnet); - if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){ #check if ip with subnet if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) { @@ -716,30 +570,25 @@ sub checktarget $ip=$fwdfwsettings{'tgt_addr'}; $subnet='32'; } + #check if ip is valid + if (! &General::validip($ip)){ + $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."
"; + return $errormessage; + } #check and form valid IP $ip=&General::ip2dec($ip); $ip=&General::dec2ip($ip); - - #check if net or broadcast - my @tmp= split (/\./,$ip); - if (($tmp[3] eq "0") || ($tmp[3] eq "255")) - { - $errormessage=$Lang::tr{'fwhost err hostip'}."
"; - } $fwdfwsettings{'tgt_addr'}="$ip/$subnet"; - if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){ $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."
"; + return $errormessage; } - }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgtip'}; return $errormessage; } - #check empty fields if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."
";} - #check tgt services if ($fwdfwsettings{'USESRV'} eq 'ON'){ if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ @@ -757,11 +606,15 @@ sub checktarget if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){ if ($fwdfwsettings{'TGT_PROT'} eq 'TCP' || $fwdfwsettings{'TGT_PROT'} eq 'UDP'){ if ($fwdfwsettings{'TGT_PORT'} ne ''){ + if ($fwdfwsettings{'TGT_PORT'} =~ "," && $fwdfwsettings{'USE_NAT'} && $fwdfwsettings{'nat'} eq 'dnat') { + $errormessage=$Lang::tr{'fwdfw dnat porterr'}."
"; + return $errormessage; + } my @parts=split(",",$fwdfwsettings{'TGT_PORT'}); my @values=(); foreach (@parts){ chomp($_); - if ($_ =~ /^(\d+)\:(\d+)$/) { + if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) { my $check; #change dashes with : $_=~ tr/-/:/; @@ -769,11 +622,11 @@ sub checktarget push(@values,"1:65535"); $check='on'; } - if ($_ =~ /^(\D)\:(\d+)$/) { + if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) { push(@values,"1:$2"); $check='on'; } - if ($_ =~ /^(\d+)\:(\D)$/) { + if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/) { push(@values,"$1:65535"); $check='on' } @@ -816,24 +669,103 @@ sub checktarget } } } - #check targetport if ($fwdfwsettings{'USESRV'} ne 'ON'){ $fwdfwsettings{'grp3'}=''; $fwdfwsettings{$fwdfwsettings{'grp3'}}=''; - $fwdfwsettings{'TGT_PROT'}=''; $fwdfwsettings{'ICMP_TGT'}=''; } #check timeframe if($fwdfwsettings{'TIME'} eq 'ON'){ if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && $fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && $fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && $fwdfwsettings{'TIME_SUN'} eq ''){ $errormessage=$Lang::tr{'fwdfw err time'}; + return $errormessage; } } return $errormessage; } +sub check_natport +{ + my $val=shift; + if($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} ne ''){ + if ($fwdfwsettings{'dnatport'} =~ /^(\d+)\-(\d+)$/) { + $fwdfwsettings{'dnatport'} =~ tr/-/:/; + if ($fwdfwsettings{'dnatport'} eq "*") { + $fwdfwsettings{'dnatport'}="1:65535"; + } + if ($fwdfwsettings{'dnatport'} =~ /^(\D)\:(\d+)$/) { + $fwdfwsettings{'dnatport'} = "1:$2"; + } + if ($fwdfwsettings{'dnatport'} =~ /^(\d+)\:(\D)$/) { + $fwdfwsettings{'dnatport'} ="$1:65535"; + } + } + return 1; + } + if ($val =~ "," || $val>65536 || $val<0){ + return 0; + } + return 1; +} sub checkrule { + #check valid port for NAT + if($fwdfwsettings{'USE_NAT'} eq 'ON'){ + #if no port is given in nat area, take target host port + if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$fwdfwsettings{'TGT_PORT'};} + #check if port given in nat area is a single valid port or portrange + if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'dnatport'})){ + $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + }elsif($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'grp3'} eq 'cust_srv'){ + my $custsrvport; + #get servcie Protocol and Port + foreach my $key (sort keys %customservice){ + if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]){ + if ($customservice{$key}[2] ne 'TCP' && $customservice{$key}[2] ne 'UDP'){ + $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + } + $custsrvport= $customservice{$key}[1]; + } + } + if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$custsrvport;} + } + #check if DNAT port is multiple + if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} ne ''){ + my @parts=split(",",$fwdfwsettings{'dnatport'}); + my @values=(); + foreach (@parts){ + chomp($_); + if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) { + my $check; + #change dashes with : + $_=~ tr/-/:/; + if ($_ eq "*") { + push(@values,"1:65535"); + $check='on'; + } + if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) { + push(@values,"1:$2"); + $check='on'; + } + if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/) { + push(@values,"$1:65535"); + $check='on' + } + $errormessage .= &General::validportrange($_, 'destination'); + if(!$check){ + push (@values,$_); + } + }else{ + if (&General::validport($_)){ + push (@values,$_); + }else{ + + } + } + } + $fwdfwsettings{'dnatport'}=join("|",@values); + } + } #check valid remark if ($fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ $errormessage.=$Lang::tr{'fwdfw err remark'}."
"; @@ -843,18 +775,16 @@ sub checkrule $errormessage.=$Lang::tr{'fwdfw err same'}; return $errormessage; } - #get source and targetip address if possible my ($sip,$scidr,$tip,$tcidr); ($sip,$scidr)=&get_ip("src","grp1"); ($tip,$tcidr)=&get_ip("tgt","grp2"); - #check same iprange in source and target if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){ my $networkip1=&General::getnetworkip($sip,$scidr); my $networkip2=&General::getnetworkip($tip,$tcidr); if ($scidr gt $tcidr){ - if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr)) ){ + if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr))){ $errormessage.=$Lang::tr{'fwdfw err samesub'}; } }elsif($scidr eq $tcidr && $scidr eq '32'){ @@ -870,17 +800,13 @@ sub checkrule } } } - #check source and destination protocol if manual if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){ - - - if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ + if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ $errormessage.=$Lang::tr{'fwdfw err prot'}; } #check source and destination protocol if source manual and dest servicegrp if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ - &General::readhasharray("$configsrv", \%customservice); foreach my $key (sort keys %customservice){ if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){ if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){ @@ -892,6 +818,272 @@ sub checkrule } } } +sub checkcounter +{ + my ($base1,$val1,$base2,$val2) = @_; + + if($base1 eq 'cust_net_src' || $base1 eq 'cust_net_tgt'){ + &dec_counter($confignet,\%customnetwork,$val1); + }elsif($base1 eq 'cust_host_src' || $base1 eq 'cust_host_tgt'){ + &dec_counter($confighost,\%customhost,$val1); + }elsif($base1 eq 'cust_grp_src' || $base1 eq 'cust_grp_tgt'){ + &dec_counter($configgrp,\%customgrp,$val1); + }elsif($base1 eq 'cust_srv'){ + &dec_counter($configsrv,\%customservice,$val1); + }elsif($base1 eq 'cust_srvgrp'){ + &dec_counter($configsrvgrp,\%customservicegrp,$val1); + } + + if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){ + &inc_counter($confignet,\%customnetwork,$val2); + }elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){ + &inc_counter($confighost,\%customhost,$val2); + }elsif($base2 eq 'cust_grp_src' || $base2 eq 'cust_grp_tgt'){ + &inc_counter($configgrp,\%customgrp,$val2); + }elsif($base2 eq 'cust_srv'){ + &inc_counter($configsrv,\%customservice,$val2); + }elsif($base2 eq 'cust_srvgrp'){ + &inc_counter($configsrvgrp,\%customservicegrp,$val2); + } +} +sub checkvpn +{ + my $ip=shift; + #Test if manual IP is part of static OpenVPN networks + &General::readhasharray("$configccdnet", \%ccdnet); + foreach my $key (sort keys %ccdnet){ + my ($vpnip,$vpnsubnet) = split ("/",$ccdnet{$key}[1]); + my $sub=&General::iporsubtodec($vpnsubnet); + if (&General::IpInSubnet($ip,$vpnip,$sub)){ + return 0; + } + } + # A Test if manual ip is part of dynamic openvpn subnet is made in getcolor + # because if one creates a custom host with the ip, we need to check the color there! + # It does not make sense to check this here + + # Test if manual IP is part of an OpenVPN N2N subnet does also not make sense here + # Is also checked in getcolor + + # Test if manual ip is part of an IPsec Network is also checked in getcolor + return 1; +} +sub checkvpncolor +{ + +} +sub deleterule +{ + my %delhash=(); + &General::readhasharray($fwdfwsettings{'config'}, \%delhash); + foreach my $key (sort {$a <=> $b} keys %delhash){ + if ($key == $fwdfwsettings{'key'}){ + #check hosts/net and groups + &checkcounter($delhash{$key}[3],$delhash{$key}[4],,); + &checkcounter($delhash{$key}[5],$delhash{$key}[6],,); + #check services and groups + if ($delhash{$key}[11] eq 'ON'){ + &checkcounter($delhash{$key}[14],$delhash{$key}[15],,); + } + } + if ($key >= $fwdfwsettings{'key'}) { + my $next = $key + 1; + if (exists $delhash{$next}) { + foreach my $i (0 .. $#{$delhash{$next}}) { + $delhash{$key}[$i] = $delhash{$next}[$i]; + } + } + } + } + # Remove the very last entry. + my $last_key = (sort {$a <=> $b} keys %delhash)[-1]; + delete $delhash{$last_key}; + + &General::writehasharray($fwdfwsettings{'config'}, \%delhash); + &rules; + + if($fwdfwsettings{'nobase'} ne 'on'){ + &base; + } +} +sub disable_rule +{ + my $key1=shift; + &General::readhasharray("$configfwdfw", \%configfwdfw); + foreach my $key (sort keys %configfwdfw){ + if ($key eq $key1 ){ + if ($configfwdfw{$key}[2] eq 'ON'){$configfwdfw{$key}[2]='';} + } + } + &General::writehasharray("$configfwdfw", \%configfwdfw); + &rules; +} +sub dec_counter +{ + my $config=shift; + my %hash=%{(shift)}; + my $val=shift; + my $pos; + &General::readhasharray($config, \%hash); + foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ + if($hash{$key}[0] eq $val){ + $pos=$#{$hash{$key}}; + $hash{$key}[$pos] = $hash{$key}[$pos]-1; + } + } + &General::writehasharray($config, \%hash); +} +sub error +{ + if ($errormessage) { + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "$errormessage\n"; + print " \n"; + &Header::closebox(); + print"
"; + } +} +sub fillselect +{ + my %hash=%{(shift)}; + my $val=shift; + my $key; + foreach my $key (sort { ncmp($hash{$a}[0],$hash{$b}[0]) } keys %hash){ + if($hash{$key}[0] eq $val){ + print""; + }else{ + print""; + } + } +} +sub gen_dd_block +{ + my $srctgt = shift; + my $grp=shift; + my $helper=''; + my $show=''; + $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED'; + $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED'; + $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED'; + $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED'; + $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED'; + $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED'; + $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED'; + $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED'; + $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED'; + $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED'; + $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED'; + $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED'; + $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED'; + $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED'; + $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED'; + $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected'; + $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected'; + $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected'; + $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected'; +print< + + + "; + #custom networks + if (! -z $confignet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){ + print""; + } + #custom hosts + if (! -z $confighost || $optionsfw{'SHOWDROPDOWN'} eq 'on'){ + print""; + } + #custom groups + if (! -z $configgrp || $optionsfw{'SHOWDROPDOWN'} eq 'on'){ + print""; + } + #End left table. start right table (vpn) + print"
$Lang::tr{'fwhost stdnet'}
$Lang::tr{'fwhost cust net'}
$Lang::tr{'fwhost cust addr'}
$Lang::tr{'fwhost cust grp'}
"; + # CCD networks + if( ! -z $configccdnet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){ + print""; + } + #OVPN CCD Hosts + foreach my $key (sort { ncmp($ccdhost{$a}[0],$ccdhost{$b}[0]) } keys %ccdhost){ + if ($ccdhost{$key}[33] ne '' ){ + print"" ; + } + if ($show eq '1'){$show='';print"";} + #OVPN N2N + foreach my $key (sort { ncmp($ccdhost{$a}[1],$ccdhost{$b}[1]) } keys %ccdhost){ + if ($ccdhost{$key}[3] eq 'net'){ + print"" ; + } + if ($show eq '1'){$show='';print"";} + #IPsec netze + foreach my $key (sort { ncmp($ipsecconf{$a}[1],$ipsecconf{$b}[1]) } keys %ipsecconf) { + if ($ipsecconf{$key}[3] eq 'net' || $optionsfw{'SHOWDROPDOWN'} eq 'on'){ + print""; + } + if ($show eq '1'){$show='';print"";} + + print"
$Lang::tr{'fwhost ccdnet'}
$Lang::tr{'fwhost ccdhost'}
$Lang::tr{'fwhost ccdhost'}
$Lang::tr{'fwhost ovpn_n2n'}:
$Lang::tr{'fwhost ovpn_n2n'}
$Lang::tr{'fwhost ipsec net'}
$Lang::tr{'fwhost ipsec net'}
"; + print"
"; +} sub get_ip { my $val=shift; @@ -943,10 +1135,247 @@ sub get_ip } return $a,$b; } +sub get_name +{ + my $val=shift; + &General::setup_default_networks(\%defaultNetworks); + foreach my $network (sort keys %defaultNetworks) + { + return "$network" if ($val eq $defaultNetworks{$network}{'NAME'}); + } +} +sub getsrcport +{ + my %hash=%{(shift)}; + my $key=shift; + if($hash{$key}[7] eq 'ON' && $hash{$key}[8] ne '' && $hash{$key}[10]){ + $hash{$key}[10]=~ s/\|/,/g; + print": $hash{$key}[10]"; + }elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){ + print":
$hash{$key}[9] "; + } +} +sub gettgtport +{ + my %hash=%{(shift)}; + my $key=shift; + my $service; + my $prot; + if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){ + if($hash{$key}[14] eq 'cust_srv'){ + &General::readhasharray("$configsrv", \%customservice); + foreach my $i (sort keys %customservice){ + if($customservice{$i}[0] eq $hash{$key}[15]){ + $service = $customservice{$i}[0]; + } + } + }elsif($hash{$key}[14] eq 'cust_srvgrp'){ + $service=$hash{$key}[15]; + }elsif($hash{$key}[14] eq 'TGT_PORT'){ + $hash{$key}[15]=~ s/\|/,/g; + $service=$hash{$key}[15]; + } + if($service){ + print": $service"; + } + }elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){ + print":
$hash{$key}[13]"; + } +} +sub get_serviceports +{ + my $type=shift; + my $name=shift; + &General::readhasharray("$configsrv", \%customservice); + &General::readhasharray("$configsrvgrp", \%customservicegrp); + my $tcp; + my $udp; + my $icmp; + @protocols=(); + if($type eq 'service'){ + foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){ + if ($customservice{$key}[0] eq $name){ + push (@protocols,$customservice{$key}[2]); + } + } + }elsif($type eq 'group'){ + foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){ + if ($customservicegrp{$key}[0] eq $name){ + foreach my $key1 (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){ + if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){ + if($customservice{$key1}[2] eq 'TCP'){ + $tcp='TCP'; + }elsif($customservice{$key1}[2] eq 'ICMP'){ + $icmp='ICMP'; + }elsif($customservice{$key1}[2] eq 'UDP'){ + $udp='UDP'; + } + } + } + } + } + } + if($tcp && $udp && $icmp){ + push (@protocols,"All"); + return @protocols; + } + if($tcp){ + push (@protocols,"TCP"); + } + if($udp){ + push (@protocols,"UDP"); + } + if($icmp){ + push (@protocols,"ICMP"); + } + return @protocols; +} +sub getcolor +{ + my $nettype=shift; + my $val=shift; + my $hash=shift; + if($optionsfw{'SHOWCOLORS'} eq 'on'){ + #standard networks + if ($val eq 'GREEN'){ + $tdcolor="style='border: 1px solid $Header::colourgreen;'"; + return; + }elsif ($val eq 'ORANGE'){ + $tdcolor="style='border: 1px solid $Header::colourorange;'"; + return; + }elsif ($val eq 'BLUE'){ + $tdcolor="style='border: 1px solid $Header::colourblue;'"; + return; + }elsif ($val eq 'RED' ||$val eq 'RED1' ){ + $tdcolor="style='border: 1px solid $Header::colourred;'"; + return; + }elsif ($val eq 'IPFire' ){ + $tdcolor="style='border: 1px solid $Header::colourred;'"; + return; + }elsif($val =~ /^(.*?)\/(.*?)$/){ + my ($sip,$scidr) = split ("/",$val); + if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){ + $tdcolor="style='border: 1px solid $Header::colourorange;'"; + return; + } + if ( &General::IpInSubnet($sip,$netsettings{'GREEN_ADDRESS'},$netsettings{'GREEN_NETMASK'})){ + $tdcolor="style='border: 1px solid $Header::colourgreen;'"; + return; + } + if ( &General::IpInSubnet($sip,$netsettings{'BLUE_ADDRESS'},$netsettings{'BLUE_NETMASK'})){ + $tdcolor="style='border: 1px solid $Header::colourblue;'"; + return; + } + }elsif ($val eq 'Default IP'){ + $tdcolor="style='border: 1px solid $Header::colourred;'"; + return; + } + #Check if a manual IP is part of a VPN + if ($nettype eq 'src_addr' || $nettype eq 'tgt_addr'){ + #Check if IP is part of OpenVPN dynamic subnet + my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'}); + my ($c,$d) = split("/",$val); + if (&General::IpInSubnet($c,$a,$b)){ + $tdcolor="style='border: 1px solid $Header::colourovpn;'"; + return; + } + #Check if IP is part of OpenVPN static subnet + foreach my $key (sort keys %ccdnet){ + my ($a,$b) = split("/",$ccdnet{$key}[1]); + $b =&General::iporsubtodec($b); + if (&General::IpInSubnet($c,$a,$b)){ + $tdcolor="style='border: 1px solid $Header::colourovpn;'"; + return; + } + } + #Check if IP is part of OpenVPN N2N subnet + foreach my $key (sort keys %ccdhost){ + if ($ccdhost{$key}[3] eq 'net'){ + my ($a,$b) = split("/",$ccdhost{$key}[11]); + if (&General::IpInSubnet($c,$a,$b)){ + $tdcolor="style='border: 1px solid $Header::colourovpn;'"; + return; + } + } + } + #Check if IP is part of IPsec RW network + if ($ipsecsettings{'RW_NET'} ne ''){ + my ($a,$b) = split("/",$ipsecsettings{'RW_NET'}); + $b=&General::iporsubtodec($b); + if (&General::IpInSubnet($c,$a,$b)){ + $tdcolor="style='border: 1px solid $Header::colourvpn;'"; + return; + } + } + #Check if IP is part of a IPsec N2N network + foreach my $key (sort keys %ipsecconf){ + my ($a,$b) = split("/",$ipsecconf{$key}[11]); + if (&General::IpInSubnet($c,$a,$b)){ + $tdcolor="style='border: 1px solid $Header::colourvpn;'"; + return; + } + } + } + #VPN networks + if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq 'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || $nettype eq 'ovpn_host_tgt'){ + $tdcolor="style='border: 1px solid $Header::colourovpn;'"; + return; + } + if ($nettype eq 'ipsec_net_src' || $nettype eq 'ipsec_net_tgt'){ + $tdcolor="style='border: 1px solid $Header::colourvpn;'"; + return; + } + #custom Hosts + if ($nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){ + foreach my $key (sort keys %$hash){ + if ($$hash{$key}[0] eq $val){ + $val=$$hash{$key}[2]; + } + } + } + #ALIASE + foreach my $alias (sort keys %aliases) + { + if ($val eq $alias){ + $tdcolor="style='border: 1px solid $Header::colourred;'"; + return; + } + } + } + $tdcolor=''; + return; +} +sub hint +{ + if ($hint) { + &Header::openbox('100%', 'left', $Lang::tr{'fwhost hint'}); + print "$hint\n"; + print " \n"; + &Header::closebox(); + print"
"; + } +} +sub inc_counter +{ + my $config=shift; + my %hash=%{(shift)}; + my $val=shift; + my $pos; + + &General::readhasharray($config, \%hash); + foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ + if($hash{$key}[0] eq $val){ + $pos=$#{$hash{$key}}; + $hash{$key}[$pos] = $hash{$key}[$pos]+1; + } + } + &General::writehasharray($config, \%hash); +} sub newrule { &error; &General::setup_default_networks(\%defaultNetworks); + &General::readhash("/var/ipfire/ethernet/settings", \%netsettings); #read all configfiles &General::readhasharray("$configccdnet", \%ccdnet); &General::readhasharray("$confignet", \%customnetwork); @@ -962,6 +1391,10 @@ sub newrule if($fwdfwsettings{'config'} eq ''){$fwdfwsettings{'config'}=$configfwdfw;} my $config=$fwdfwsettings{'config'}; my %hash=(); + #Get Red IP-ADDRESS + open (CONN1,"/var/ipfire/red/local-ipaddress"); + my $redip = ; + close(CONN1); $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED'; $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED'; $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED'; @@ -977,17 +1410,20 @@ sub newrule $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED'; $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED'; $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED'; + $checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED'; $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected'; $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected'; $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected'; + $selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected'; #check if update and get values if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){ &General::readhasharray("$config", \%hash); foreach my $key (sort keys %hash){ $sum++; if ($key eq $fwdfwsettings{'key'}){ - $fwdfwsettings{'oldrulenumber'} = $key; + $fwdfwsettings{'oldrulenumber'} = $fwdfwsettings{'key'}; $fwdfwsettings{'RULE_ACTION'} = $hash{$key}[0]; + $fwdfwsettings{'chain'} = $hash{$key}[1]; $fwdfwsettings{'ACTIVE'} = $hash{$key}[2]; $fwdfwsettings{'grp1'} = $hash{$key}[3]; $fwdfwsettings{$fwdfwsettings{'grp1'}} = $hash{$key}[4]; @@ -1014,6 +1450,10 @@ sub newrule $fwdfwsettings{'TIME_SUN'} = $hash{$key}[25]; $fwdfwsettings{'TIME_FROM'} = $hash{$key}[26]; $fwdfwsettings{'TIME_TO'} = $hash{$key}[27]; + $fwdfwsettings{'USE_NAT'} = $hash{$key}[28]; + $fwdfwsettings{'nat'} = $hash{$key}[31]; #changed order + $fwdfwsettings{$fwdfwsettings{'nat'}} = $hash{$key}[29]; + $fwdfwsettings{'dnatport'} = $hash{$key}[30]; $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED'; $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED'; $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED'; @@ -1029,9 +1469,14 @@ sub newrule $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED'; $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED'; $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED'; + $checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED'; + $checked{'nat'}{$fwdfwsettings{'nat'}} = 'CHECKED'; $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected'; $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected'; $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected'; + $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected'; + $selected{'dnat'}{$fwdfwsettings{$fwdfwsettings{'nat'}}} ='selected'; + $selected{'snat'}{$fwdfwsettings{$fwdfwsettings{'nat'}}} ='selected'; } } $fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'}; @@ -1042,131 +1487,62 @@ sub newrule $fwdfwsettings{'oldgrp3b'}=$fwdfwsettings{$fwdfwsettings{'grp3'}}; $fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'}; $fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'}; + $fwdfwsettings{'oldnat'}=$fwdfwsettings{'USE_NAT'}; + $fwdfwsettings{'oldruletype'}=$fwdfwsettings{'chain'}; + #check if manual ip (source) is orange network + if ($fwdfwsettings{'grp1'} eq 'src_addr'){ + my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}}); + if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){ + $fwdfwsettings{'oldorange'} ='on'; + } + } }else{ $fwdfwsettings{'ACTIVE'}='ON'; $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED'; - } - - &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'}); - -print < - -
$Lang::tr{'fwdfw rule action'}
"; - + &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'}); + print "
"; &Header::closebox(); &Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'}); - #------SOURCE------------------------------------------------------- print< - $Lang::tr{'fwdfw sourceip'} -
- $Lang::tr{'fwhost stdnet'}$Lang::tr{'fwhost ccdnet'}$Lang::tr{'fwhost cust net'}$Lang::tr{'fwhost ccdhost'}$Lang::tr{'fwhost cust addr'}$Lang::tr{'fwhost ovpn_n2n'}$Lang::tr{'fwdfw sourceip'}Firewall END - foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost) { - if($ccdhost{$key}[3] eq 'net'){ - print""; - } - } - print< + print"$Lang::tr{'fwhost cust grp'}$Lang::tr{'fwhost ipsec net'}$Lang::tr{'fwhost ipsec host'} - $Lang::tr{'fwhost icmptype'} END &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); print""; - foreach my $key (sort { uc($icmptypes{$a}[0]) cmp uc($icmptypes{$b}[0]) } keys %icmptypes){ + foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) } keys %icmptypes){ if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){ print""; }else{ @@ -1197,7 +1573,7 @@ END } } print<
+
END &Header::closebox(); @@ -1205,118 +1581,44 @@ END &Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'}); print< - $Lang::tr{'fwdfw targetip'}IPFire ($Lang::tr{'external access'})$Lang::tr{'fwdfw targetip'}Firewall END - print ""; - - foreach my $alias (sort keys %aliases) - { - print ""; - } + print"$Lang::tr{'fwhost stdnet'}$Lang::tr{'fwhost ccdnet'}$Lang::tr{'fwhost cust net'}$Lang::tr{'fwhost ccdhost'}$Lang::tr{'fwhost cust addr'}$Lang::tr{'fwhost ovpn_n2n'}$Lang::tr{'fwhost cust grp'}$Lang::tr{'fwhost ipsec net'}$Lang::tr{'fwhost ipsec host'}$Lang::tr{'fwdfw use srv'}$Lang::tr{'fwhost cust service'}$Lang::tr{'fwhost cust srvgrp'}:$Lang::tr{'fwhost cust srvgrp'}: - $Lang::tr{'fwhost icmptype'} END &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); print""; - foreach my $key (sort { uc($icmptypes{$a}[0]) cmp uc($icmptypes{$b}[0]) }keys %icmptypes){ + foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){ if($fwdfwsettings{'ICMP_TGT'} eq "$icmptypes{$key}[0]"){ print""; }else{ @@ -1353,15 +1655,76 @@ END } print< -


+
END + &Header::closebox; + #---SNAT / DNAT ------------------------------------------------ + &Header::openbox('100%', 'left', 'NAT'); + print< + $Lang::tr{'fwdfw use nat'} + $Lang::tr{'fwdfw dnat'} +END + print"IPFire: "; + print"
"; + #SNAT + print"$Lang::tr{'fwdfw snat'}"; + print"IPFire: + $Lang::tr{'fwdfw rule action'}"; + print"$Lang::tr{'remark'}:"; + #print"$Lang::tr{'remark'}:"; if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on'){ print "$Lang::tr{'fwdfw rulepos'}:"; + }else{ + print "$Lang::tr{'fwdfw rulepos'}:"; } print< -
$Lang::tr{'fwdfw rule activate'}
$Lang::tr{'fwdfw log rule'}

+
END &Header::closebox(); #---ADD TIMEFRAME----------------------------------------------- @@ -1426,16 +1791,16 @@ END } print< -
+
END - &Header::closebox(); #---ACTION------------------------------------------------------ if($fwdfwsettings{'updatefwrule'} ne 'on'){ print< -
+ +
END }else{ @@ -1452,18 +1817,123 @@ END + + +
END } &Header::closebox(); } +sub pos_up +{ + my %uphash=(); + my %tmp=(); + &General::readhasharray($fwdfwsettings{'config'}, \%uphash); + foreach my $key (sort keys %uphash){ + if ($key eq $fwdfwsettings{'key'}) { + my $last = $key -1; + if (exists $uphash{$last}){ + #save rule last + foreach my $y (0 .. $#{$uphash{$last}}) { + $tmp{0}[$y] = $uphash{$last}[$y]; + } + #copy active rule to last + foreach my $i (0 .. $#{$uphash{$last}}) { + $uphash{$last}[$i] = $uphash{$key}[$i]; + } + #copy saved rule to actual position + foreach my $x (0 .. $#{$tmp{0}}) { + $uphash{$key}[$x] = $tmp{0}[$x]; + } + } + } + } + &General::writehasharray($fwdfwsettings{'config'}, \%uphash); + &rules; +} +sub pos_down +{ + my %downhash=(); + my %tmp=(); + &General::readhasharray($fwdfwsettings{'config'}, \%downhash); + foreach my $key (sort keys %downhash){ + if ($key eq $fwdfwsettings{'key'}) { + my $next = $key + 1; + if (exists $downhash{$next}){ + #save rule next + foreach my $y (0 .. $#{$downhash{$next}}) { + $tmp{0}[$y] = $downhash{$next}[$y]; + } + #copy active rule to next + foreach my $i (0 .. $#{$downhash{$next}}) { + $downhash{$next}[$i] = $downhash{$key}[$i]; + } + #copy saved rule to actual position + foreach my $x (0 .. $#{$tmp{0}}) { + $downhash{$key}[$x] = $tmp{0}[$x]; + } + } + } + } + &General::writehasharray($fwdfwsettings{'config'}, \%downhash); + &rules; +} +sub rules +{ + if (!-f "${General::swroot}/forward/reread"){ + system("touch ${General::swroot}/forward/reread"); + system("touch ${General::swroot}/fwhosts/reread"); + } +} +sub reread_rules +{ + system("/usr/local/bin/forwardfwctrl"); + if ( -f "${General::swroot}/forward/reread"){ + system("rm ${General::swroot}/forward/reread"); + system("rm ${General::swroot}/fwhosts/reread"); + } +} sub saverule { my $hash=shift; my $config=shift; &General::readhasharray("$config", $hash); if (!$errormessage){ + ################################################################ + #check if we change an INPUT rule to a OUTGOING + if($fwdfwsettings{'oldruletype'} eq 'INPUTFW' && $fwdfwsettings{'chain'} eq 'OUTGOINGFW' ){ + &changerule($configinput); + #print"1"; + } + #check if we change an INPUT rule to a FORWARD + elsif($fwdfwsettings{'oldruletype'} eq 'INPUTFW' && $fwdfwsettings{'chain'} eq 'FORWARDFW' ){ + &changerule($configinput); + #print"2"; + } + ################################################################ + #check if we change an OUTGOING rule to an INPUT + elsif($fwdfwsettings{'oldruletype'} eq 'OUTGOINGFW' && $fwdfwsettings{'chain'} eq 'INPUTFW' ){ + &changerule($configoutgoing); + #print"3"; + } + #check if we change an OUTGOING rule to a FORWARD + elsif($fwdfwsettings{'oldruletype'} eq 'OUTGOINGFW' && $fwdfwsettings{'chain'} eq 'FORWARDFW' ){ + &changerule($configoutgoing); + #print"4"; + } + ################################################################ + #check if we change a FORWARD rule to an INPUT + elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && $fwdfwsettings{'chain'} eq 'INPUTFW'){ + &changerule($configfwdfw); + #print"5"; + } + #check if we change a FORWARD rule to an OUTGOING + elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && $fwdfwsettings{'chain'} eq 'OUTGOINGFW'){ + &changerule($configfwdfw); + #print"6"; + } if ($fwdfwsettings{'updatefwrule'} ne 'on'){ my $key = &General::findhasharraykey ($hash); $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'}; @@ -1494,6 +1964,10 @@ sub saverule $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'}; $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'}; $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'}; + $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'}; + $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}}; + $$hash{$key}[30] = $fwdfwsettings{'dnatport'}; + $$hash{$key}[31] = $fwdfwsettings{'nat'}; &General::writehasharray("$config", $hash); }else{ foreach my $key (sort {$a <=> $b} keys %$hash){ @@ -1526,12 +2000,16 @@ sub saverule $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'}; $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'}; $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'}; + $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'}; + $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}}; + $$hash{$key}[30] = $fwdfwsettings{'dnatport'}; + $$hash{$key}[31] = $fwdfwsettings{'nat'}; last; } } } &General::writehasharray("$config", $hash); - if($fwdfwsettings{'oldrulenumber'} gt $fwdfwsettings{'rulepos'}){ + if($fwdfwsettings{'oldrulenumber'} > $fwdfwsettings{'rulepos'}){ my %tmp=(); my $val=$fwdfwsettings{'oldrulenumber'}-$fwdfwsettings{'rulepos'}; for (my $z=0;$z<$val;$z++){ @@ -1558,7 +2036,7 @@ sub saverule } &General::writehasharray("$config", $hash); &rules; - }elsif($fwdfwsettings{'rulepos'} gt $fwdfwsettings{'oldrulenumber'}){ + }elsif($fwdfwsettings{'rulepos'} > $fwdfwsettings{'oldrulenumber'}){ my %tmp=(); my $val=$fwdfwsettings{'rulepos'}-$fwdfwsettings{'oldrulenumber'}; for (my $z=0;$z<$val;$z++){ @@ -1588,35 +2066,6 @@ sub saverule } } } -sub error -{ - if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage\n"; - print " \n"; - &Header::closebox(); - print"
"; - } -} -sub hint -{ - if ($hint) { - &Header::openbox('100%', 'left', $Lang::tr{'fwhost hint'}); - print "$hint\n"; - print " \n"; - &Header::closebox(); - print"
"; - } -} -sub get_name -{ - my $val=shift; - &General::setup_default_networks(\%defaultNetworks); - foreach my $network (sort keys %defaultNetworks) - { - return "$network" if ($val eq $defaultNetworks{$network}{'NAME'}); - } -} sub validremark { # Checks a hostname against RFC1035 @@ -1627,85 +2076,22 @@ sub validremark if (length ($remark) < 1 || length ($remark) > 255) { return 0;} # Only valid characters are a-z, A-Z, 0-9 and - - if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-.:_\/\s]*$/) { + if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-.:;\|_()\/\s]*$/) { return 0;} # First character can only be a letter or a digit if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÖÄÜ0-9]*$/) { return 0;} # Last character can only be a letter or a digit - if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9.]*$/) { + if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9.:;_)]*$/) { return 0;} return 1; } -sub getsrcport -{ - my %hash=%{(shift)}; - my $key=shift; - if($hash{$key}[7] eq 'ON' && $hash{$key}[8] ne '' && $hash{$key}[10]){ - $hash{$key}[10]=~ s/\|/,/g; - print": $hash{$key}[10]"; - }elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){ - print":
$hash{$key}[9] "; - } -} -sub gettgtport -{ - my %hash=%{(shift)}; - my $key=shift; - my $service; - my $prot; - - if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){ - if($hash{$key}[14] eq 'cust_srv'){ - &General::readhasharray("$configsrv", \%customservice); - foreach my $i (sort keys %customservice){ - if($customservice{$i}[0] eq $hash{$key}[15]){ - $service = $customservice{$i}[0]; - } - } - }elsif($hash{$key}[14] eq 'cust_srvgrp'){ - $service=$hash{$key}[15]; - }elsif($hash{$key}[14] eq 'TGT_PORT'){ - $hash{$key}[15]=~ s/\|/,/g; - $service=$hash{$key}[15]; - } - - print": $service"; - }elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){ - print":
$hash{$key}[13]"; - } -} -sub get_serviceports -{ - my $type=shift; - my $name=shift; - &General::readhasharray("$configsrv", \%customservice); - &General::readhasharray("$configsrvgrp", \%customservicegrp); - my $protocols; - my $tcp; - my $udp; - if($type eq 'service'){ - foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){ - if ($customservice{$key}[0] eq $name){ - $protocols=$customservice{$key}[2]; - } - } - - }elsif($type eq 'group'){ - foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) } keys %customservicegrp){ - if ($customservicegrp{$key}[0] eq $name){ - if($customservicegrp{$key}[4] eq 'TCP'){$tcp='TCP';}else{$udp='UDP';} - } - } - } - if($tcp){$protocols.="TCP";} - if($udp){$protocols.=",UDP";} - return $protocols; -} sub viewtablerule { - &viewtablenew(\%configfwdfw,$configfwdfw,$Lang::tr{'fwdfw rules'},"Forward" ); - &viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'external access'} ); + &General::readhash("/var/ipfire/ethernet/settings", \%netsettings); + &viewtablenew(\%configfwdfw,$configfwdfw,"","Forward" ); + &viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'fwdfw xt access'} ); + &viewtablenew(\%configoutgoingfw,$configoutgoing,"","Outgoing" ); } sub viewtablenew { @@ -1713,8 +2099,13 @@ sub viewtablenew my $config=shift; my $title=shift; my $title1=shift; - - if ( ! -z "$config"){ + my $go=''; + &General::get_aliases(\%aliases); + &General::readhasharray("$confighost", \%customhost); + &General::readhasharray("$config", $hash); + &General::readhasharray("$configccdnet", \%ccdnet); + &General::readhasharray("$configccdhost", \%ccdhost); + if( ! -z $config){ &Header::openbox('100%', 'left',$title); my $count=0; my ($gif,$log); @@ -1723,11 +2114,11 @@ sub viewtablenew my $tooltip; my @tmpsrc=(); my $coloryellow=''; - &General::readhasharray("$config", $hash); print"$title1
"; - print""; - print""; + print"
#$Lang::tr{'fwdfw source'}Log$Lang::tr{'fwdfw target'}$Lang::tr{'protocol'}$Lang::tr{'remark'}$Lang::tr{'fwdfw action'}
"; + print""; foreach my $key (sort {$a <=> $b} keys %$hash){ + $tdcolor=''; @tmpsrc=(); #check if vpn hosts/nets have been deleted if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){ @@ -1762,8 +2153,6 @@ sub viewtablenew $$hash{$key}[2]=''; } } - $$hash{$key}[3]=''; - $$hash{$key}[5]=''; } $$hash{'ACTIVE'}=$$hash{$key}[2]; $count++; @@ -1772,15 +2161,18 @@ sub viewtablenew $coloryellow=''; }elsif($coloryellow eq ''){ if ($count % 2){ - print""; + $color="$color{'color22'}"; } else{ - print""; + $color="$color{'color20'}"; } } + print""; + #KEY print<$key + END + #RULETYPE (A,R,D) if ($$hash{$key}[0] eq 'ACCEPT'){ $ruletype='A'; $tooltip='ACCEPT'; @@ -1794,57 +2186,108 @@ END $tooltip='REJECT'; $rulecolor=$color{'color16'}; } - print""; - print""; + #Get Protocol + my $prot; + if ($$hash{$key}[8] && $$hash{$key}[7] eq 'ON'){#source prot if manual + push (@protocols,$$hash{$key}[8]); + }elsif ($$hash{$key}[12]){ #target prot if manual + push (@protocols,$$hash{$key}[12]); + }elsif($$hash{$key}[14] eq 'cust_srv'){ + &get_serviceports("service",$$hash{$key}[15]); + }elsif($$hash{$key}[14] eq 'cust_srvgrp'){ + &get_serviceports("group",$$hash{$key}[15]); + }else{ + push (@protocols,$Lang::tr{'all'}); + } + my $protz=join(",",@protocols); + print""; + @protocols=(); + #SOURCE + my $ipfireiface; + &getcolor($$hash{$key}[3],$$hash{$key}[4],\%customhost); + print" END - + #TARGET + &getcolor($$hash{$key}[5],$$hash{$key}[6],\%customhost); print< + "; - #Get Protocol - my $prot; - if ($$hash{$key}[12]){ #target prot if manual - $prot=$$hash{$key}[12]; - }elsif($$hash{$key}[8]){ #source prot if manual - $prot=$$hash{$key}[8]; - }elsif($$hash{$key}[14] eq 'cust_srv'){ - $prot=&get_serviceports("service",$$hash{$key}[15]); - }elsif($$hash{$key}[14] eq 'cust_srvgrp'){ - $prot=&get_serviceports("group",$$hash{$key}[15]); - }else{ - $prot=$Lang::tr{'all'}; - } - print""; - - print""; - + #RULE ACTIVE if($$hash{$key}[2] eq 'ON'){ $gif="/images/on.gif" @@ -1853,25 +2296,25 @@ END } print< - - - - END }else{ - print""; + print""; } if (exists $$hash{$key+1}){ print< - END }else{ - print""; + print""; + } + #REMARK + if ($optionsfw{'SHOWREMARK'} eq 'on' && $$hash{$key}[16] ne ''){ + print""; + print""; } - #if timeframe set, print new line in table if ($$hash{$key}[18] eq 'ON'){ - my @days=(); - if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});} - if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});} - if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});} - if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});} - if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});} - if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});} - if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});} - my $weekdays=join(",",@days); - if (@days){ - print""; + #TIMEFRAME + if ($$hash{$key}[18] eq 'ON'){ + my @days=(); + if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});} + if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});} + if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});} + if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});} + if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});} + if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});} + if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});} + my $weekdays=join(",",@days); + if (@days){ + print""; + print""; + } } } + print""; } - print"
#$Lang::tr{'fwdfw source'}Log$Lang::tr{'fwdfw target'}$Lang::tr{'fwdfw action'}
$key  $ruletype"; + print"$ruletype$protz"; + if ($$hash{$key}[3] eq 'ipfire_src'){ + $ipfireiface='Interface '; + } if ($$hash{$key}[3] eq 'std_net_src'){ print &get_name($$hash{$key}[4]); + }elsif ($$hash{$key}[3] eq 'src_addr'){ + my ($split1,$split2) = split("/",$$hash{$key}[4]); + if ($split2 eq '32'){ + print $split1; + }else{ + print $$hash{$key}[4]; + } + }elsif ($$hash{$key}[4] eq 'RED1'){ + print "$ipfireiface $Lang::tr{'fwdfw red'}"; }else{ - print $$hash{$key}[4]; + print "ipfireiface $$hash{$key}[4]"; } + $tdcolor=''; + #SOURCEPORT &getsrcport(\%$hash,$key); + #Is this a SNAT rule? + if ($$hash{$key}[31] eq 'snat' && $$hash{$key}[28] eq 'ON'){ + print"
->$$hash{$key}[29]"; + if ($$hash{$key}[30] ne ''){ + print": $$hash{$key}[30]"; + } + } if ($$hash{$key}[17] eq 'ON'){ $log="/images/on.gif"; }else{ $log="/images/off.gif"; } + #LOGGING print<
-
+ END - if ($$hash{$key}[5] eq 'std_net_tgt'){ - print &get_name($$hash{$key}[6]); + #Is this a DNAT rule? + if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){ + print "Firewall ($$hash{$key}[29])"; + if($$hash{$key}[30] ne ''){ + $$hash{$key}[30]=~ tr/|/,/; + print": $$hash{$key}[30]"; + } + print"
->"; + } + if ($$hash{$key}[5] eq 'ipfire'){ + $ipfireiface='Interface'; + } + if ($$hash{$key}[5] eq 'std_net_tgt' || $$hash{$key}[5] eq 'ipfire' && $$hash{$key}[6] eq 'RED' || $$hash{$key}[6] eq 'RED1' || $$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq 'ORANGE' || $$hash{$key}[6] eq 'BLUE' ){ + if ($$hash{$key}[6] eq 'RED1') + { + print "$ipfireiface $Lang::tr{'red1'}"; + }else{ + print &get_name($$hash{$key}[6]); + } + }elsif ($$hash{$key}[5] eq 'tgt_addr'){ + my ($split1,$split2) = split("/",$$hash{$key}[6]); + if ($split2 eq '32'){ + print $split1; + }else{ + print $$hash{$key}[6]; + } }else{ - print $$hash{$key}[6]; + print "$ipfireiface $$hash{$key}[6]"; } + $tdcolor=''; + #TARGETPORT &gettgtport(\%$hash,$key); - ################################################################################ print"		$prot$$hash{$key}[16] +
+
+
+ @@ -1880,101 +2323,103 @@ END if (exists $$hash{$key-1}){ print< - + +
   $$hash{$key}[16]
$Lang::tr{'fwdfw time'} "; - print"$weekdays"; - print "  $Lang::tr{'fwdfw from'} $$hash{$key}[26]   $Lang::tr{'fwdfw till'} $$hash{$key}[27]
   $weekdays   $$hash{$key}[26] - $$hash{$key}[27]
"; - &Header::closebox(); - } -} -sub p2pblock -{ - my $gif; - open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile"; - @p2ps = ; - close FILE; - &Header::openbox('100%', 'center', 'P2P-Block'); - print < - $Lang::tr{'protocol'}$Lang::tr{'status'} -END - foreach my $p2pentry (sort @p2ps) - { - my @p2pline = split( /\;/, $p2pentry ); - if($p2pline[2] eq 'on'){ - $gif="/images/on.gif" + my $col; + if ($config eq '/var/ipfire/forward/config'){ + my $pol='fwdfw '.$fwdfwsettings{'POLICY'}; + if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ + $col="bgcolor='darkred'"; + }else{ + $col="bgcolor='green'"; + } + print"$Lang::tr{'fwdfw final_rule'} $Lang::tr{$pol}"; + }elsif ($config eq '/var/ipfire/forward/outgoing'){ + my $pol='fwdfw '.$fwdfwsettings{'POLICY1'}; + if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){ + $col="bgcolor='darkred'"; + }else{ + $col="bgcolor='green'"; + } + print"$Lang::tr{'fwdfw final_rule'} $Lang::tr{$pol}"; }else{ - $gif="/images/off.gif" + print"$Lang::tr{'fwdfw final_rule'} $Lang::tr{'fwdfw MODE1'}"; } - print < - - $p2pline[0]: -END - } - print"$Lang::tr{'outgoing firewall p2p deny'}"; - print"$Lang::tr{'outgoing firewall p2p allow'}"; - &Header::closebox(); -} -sub fillselect -{ - my %hash=%{(shift)}; - my $val=shift; - my $key; - foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ - if($hash{$key}[0] eq $val){ - print""; - }else{ - print""; + print""; + print "
"; + print "

"; + &Header::closebox(); + }else{ + if ($optionsfw{'SHOWTABLES'} eq 'on'){ + print "$title1
"; + print""; + my $col; + if ($config eq '/var/ipfire/forward/config'){ + my $pol='fwdfw '.$fwdfwsettings{'POLICY'}; + if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ + $col="bgcolor='darkred'"; + }else{ + $col="bgcolor='green'"; + } + print""; + }elsif ($config eq '/var/ipfire/forward/outgoing'){ + my $pol='fwdfw '.$fwdfwsettings{'POLICY1'}; + if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){ + $col="bgcolor='darkred'"; + }else{ + $col="bgcolor='green'"; + } + print""; + }else{ + print""; + } + print"
$Lang::tr{'fwhost empty'}
$Lang::tr{'fwdfw final_rule'} $Lang::tr{$pol}
$Lang::tr{'fwdfw final_rule'} $Lang::tr{$pol}
$Lang::tr{'fwdfw final_rule'} $Lang::tr{'fwdfw MODE1'}


"; } } } -sub rules -{ - if (!-f "${General::swroot}/forward/reread"){ - system("touch ${General::swroot}/forward/reread"); - } -} -sub reread_rules -{ - system("/usr/local/bin/forwardfwctrl"); - system("rm ${General::swroot}/forward/reread"); -} &Header::closebigbox(); &Header::closepage();