X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fforwardfw.cgi;h=fde7e5e8298f58fe31332fd9420ae80ec8e8eed7;hp=405a97dbc36df247d7ff279a9ac4db7884efd667;hb=8cdfbf5aeb365378deb2ff2b5f18a83a2fcfe82c;hpb=2e053370ab64a3f516fc7f9e4897c5b48eae580d diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi index 405a97dbc..fde7e5e82 100755 --- a/html/cgi-bin/forwardfw.cgi +++ b/html/cgi-bin/forwardfw.cgi @@ -63,6 +63,8 @@ my %aliases=(); my %optionsfw=(); my %ifaces=(); +my @PROTOCOLS = ("TCP", "UDP", "ICMP", "IGMP", "AH", "ESP", "GRE"); + my $color; my $confignet = "${General::swroot}/fwhosts/customnetworks"; my $confighost = "${General::swroot}/fwhosts/customhosts"; @@ -100,21 +102,70 @@ my @protocols; #### JAVA SCRIPT #### print< + var PROTOCOLS_WITH_PORTS = ["TCP", "UDP"]; + + var update_protocol = function() { + var protocol = \$("#protocol").val(); + + if (protocol === undefined) + return; + + // Check if a template is/should be used. + if (protocol === "template") { + \$("#PROTOCOL_TEMPLATE").show(); + } else { + \$("#PROTOCOL_TEMPLATE").hide(); + } + + // Check if we are dealing with a protocol, that knows ports. + if (\$.inArray(protocol, PROTOCOLS_WITH_PORTS) >= 0) { + \$("#PROTOCOL_PORTS").show(); + } else { + \$("#PROTOCOL_PORTS").hide(); + } + + // Handle ICMP. + if (protocol === "ICMP") { + \$("#PROTOCOL_ICMP_TYPES").show(); + } else { + \$("#PROTOCOL_ICMP_TYPES").hide(); + } + }; + \$(document).ready(function() { + \$("#protocol").change(update_protocol); + update_protocol(); + + // When nat not used, hide it + if (! \$("#USE_NAT").attr("checked")) { + \$(".NAT").hide(); + } + + // Show NAT area when "use nat" checkbox is clicked + \$("#USE_NAT").change(function() { + \$(".NAT").toggle(); + }); + + // Time constraints + if(!\$("#USE_TIME_CONSTRAINTS").attr("checked")) { + \$("#TIME_CONSTRAINTS").hide(); + } + \$("#USE_TIME_CONSTRAINTS").change(function() { + \$("#TIME_CONSTRAINTS").toggle(); + }); + // Automatically select radio buttons when corresponding // dropdown menu changes. \$("select").change(function() { var id = \$(this).attr("name"); - //When using SNAT or DNAT, check "USE NAT" Checkbox - if ( id === 'snat' || id === 'dnat') { + + // When using SNAT or DNAT, check "USE NAT" Checkbox + if (id === 'snat' || id === 'dnat') { \$('#USE_NAT').prop('checked', true); } \$('#' + id).prop("checked", true); }); }); -function checkradio(a){ - \$(a).attr('checked', true); -} END @@ -125,10 +176,26 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') &General::readhasharray("$configfwdfw", \%configfwdfw); &General::readhasharray("$configinput", \%configinputfw); &General::readhasharray("$configoutgoing", \%configoutgoingfw); + #Set Variables according to the JQuery code in protocol section + if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP') + { + if ($fwdfwsettings{'SRC_PORT'} ne '') + { + $fwdfwsettings{'USE_SRC_PORT'} = 'ON'; + } + if ($fwdfwsettings{'TGT_PORT'} ne '') + { + $fwdfwsettings{'USESRV'} = 'ON'; + $fwdfwsettings{'grp3'} = 'TGT_PORT'; + } + } + if ($fwdfwsettings{'PROT'} eq 'template') + { + $fwdfwsettings{'USESRV'} = 'ON'; + } $errormessage=&checksource; if(!$errormessage){&checktarget;} if(!$errormessage){&checkrule;} - #check if manual ip (source) is orange network if ($fwdfwsettings{'grp1'} eq 'src_addr'){ my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}}); @@ -318,7 +385,7 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') &newrule; }else{ if($fwdfwsettings{'nosave2'} ne 'on'){ - &rules; + &General::firewall_config_changed(); } &base; } @@ -337,7 +404,7 @@ if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw toggle'}) } } &General::writehasharray($fwdfwsettings{'config'}, \%togglehash); - &rules; + &General::firewall_config_changed(); &base; } if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw togglelog'}) @@ -350,12 +417,12 @@ if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw togglelog'}) } } &General::writehasharray($fwdfwsettings{'config'}, \%togglehash); - &rules; + &General::firewall_config_changed(); &base; } if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'}) { - &reread_rules; + &General::firewall_reload(); &base; } if ($fwdfwsettings{'ACTION'} eq 'editrule') @@ -390,14 +457,32 @@ if ($fwdfwsettings{'ACTION'} eq '' or $fwdfwsettings{'ACTION'} eq 'reset') sub addrule { &error; - if (-f "${General::swroot}/forward/reread"){ - print "
    $Lang::tr{'fwhost reread'}

"; - } + &Header::openbox('100%', 'left', $Lang::tr{'fwdfw menu'}); - print "
"; - print ""; - print ""; - print"
"; + print < + + + + +
+ + +END + + if (&General::firewall_needs_reload()) { + print < +END + } + + print < +
+ + +
+END &Header::closebox(); &viewtablerule; } @@ -466,32 +551,6 @@ sub checksource #check empty fields if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}."
";} - #check icmp source - if ($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ICMP'){ - $fwdfwsettings{'SRC_PORT'}=''; - &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); - foreach my $key (keys %icmptypes){ - if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}[1])"){ - $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]"; - } - } - }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'GRE'){ - $fwdfwsettings{'SRC_PORT'}=''; - $fwdfwsettings{'ICMP_TYPES'}=''; - }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ESP'){ - $fwdfwsettings{'SRC_PORT'}=''; - $fwdfwsettings{'ICMP_TYPES'}=''; - }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'AH'){ - $fwdfwsettings{'SRC_PORT'}=''; - $fwdfwsettings{'ICMP_TYPES'}=''; - }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP'){ - $fwdfwsettings{'ICMP_TYPES'}=''; - }else{ - $fwdfwsettings{'ICMP_TYPES'}=''; - $fwdfwsettings{'SRC_PORT'}=''; - $fwdfwsettings{'PROT'}=''; - } - if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'SRC_PORT'} ne ''){ my @parts=split(",",$fwdfwsettings{'SRC_PORT'}); my @values=(); @@ -536,10 +595,6 @@ sub checktarget #check DNAT settings (has to be single Host and single Port or portrange) if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){ if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){ - if ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'dnatport'} eq ''){ - $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; - return $errormessage; - } #check if manual ip is a single Host (if set) if ($fwdfwsettings{'grp2'} eq 'tgt_addr'){ my @tmp= split (/\./,$fwdfwsettings{$fwdfwsettings{'grp2'}}); @@ -552,11 +607,11 @@ sub checktarget } #check if Port is a single Port or portrange if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ - if(($fwdfwsettings{'TGT_PROT'} ne 'TCP'|| $fwdfwsettings{'TGT_PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){ + if(($fwdfwsettings{'PROT'} ne 'TCP'|| $fwdfwsettings{'PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; return $errormessage; } - if (($fwdfwsettings{'TGT_PROT'} eq 'TCP'|| $fwdfwsettings{'TGT_PROT'} eq 'UDP') && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PORT'})){ + if (($fwdfwsettings{'PROT'} eq 'TCP'|| $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PORT'})){ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; return $errormessage; } @@ -601,17 +656,19 @@ sub checktarget if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ $fwdfwsettings{'TGT_PROT'}=''; $fwdfwsettings{'ICMP_TGT'}=''; + $fwdfwsettings{'TGT_PORT'}=''; } if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){ $fwdfwsettings{'TGT_PROT'}=''; $fwdfwsettings{'ICMP_TGT'}=''; + $fwdfwsettings{'TGT_PORT'}=''; #check target service if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err tgt_grp'}; } } if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){ - if ($fwdfwsettings{'TGT_PROT'} eq 'TCP' || $fwdfwsettings{'TGT_PROT'} eq 'UDP'){ + if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP'){ if ($fwdfwsettings{'TGT_PORT'} ne ''){ if ($fwdfwsettings{'TGT_PORT'} =~ "," && $fwdfwsettings{'USE_NAT'} && $fwdfwsettings{'nat'} eq 'dnat') { $errormessage=$Lang::tr{'fwdfw dnat porterr'}."
"; @@ -645,34 +702,26 @@ sub checktarget if (&General::validport($_)){ push (@values,$_); }else{ - } } } $fwdfwsettings{'TGT_PORT'}=join("|",@values); } - }elsif ($fwdfwsettings{'TGT_PROT'} eq 'GRE'){ + }elsif ($fwdfwsettings{'PROT'} eq 'GRE'){ $fwdfwsettings{$fwdfwsettings{'grp3'}} = ''; $fwdfwsettings{'TGT_PORT'} = ''; $fwdfwsettings{'ICMP_TGT'} = ''; - }elsif($fwdfwsettings{'TGT_PROT'} eq 'ESP'){ + }elsif ($fwdfwsettings{'PROT'} eq 'ESP'){ $fwdfwsettings{$fwdfwsettings{'grp3'}} = ''; $fwdfwsettings{'TGT_PORT'} = ''; $fwdfwsettings{'ICMP_TGT'}=''; - }elsif($fwdfwsettings{'TGT_PROT'} eq 'AH'){ + }elsif ($fwdfwsettings{'PROT'} eq 'AH'){ $fwdfwsettings{$fwdfwsettings{'grp3'}} = ''; $fwdfwsettings{'TGT_PORT'} = ''; $fwdfwsettings{'ICMP_TGT'}=''; - }elsif ($fwdfwsettings{'TGT_PROT'} eq 'ICMP'){ + }elsif ($fwdfwsettings{'PROT'} eq 'ICMP'){ $fwdfwsettings{$fwdfwsettings{'grp3'}} = ''; $fwdfwsettings{'TGT_PORT'} = ''; - &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); - foreach my $key (keys %icmptypes){ - - if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwdfwsettings{'ICMP_TGT'}){ - $fwdfwsettings{'ICMP_TGT'}=$icmptypes{$key}[0]; - } - } } } } @@ -807,26 +856,74 @@ sub checkrule } } } - #check source and destination protocol if manual - if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){ - if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ - $errormessage.=$Lang::tr{'fwdfw err prot'}; - } - #check source and destination protocol if source manual and dest servicegrp - if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ - foreach my $key (sort keys %customservice){ - if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){ - if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){ - $errormessage.=$Lang::tr{'fwdfw err prot'}; - last; - } + #When using source- or targetport, the protocol has to be TCP or UDP + if (($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq 'ON') && ($fwdfwsettings{'SRC_PORT'} ne '' || $fwdfwsettings{'TGT_PORT'} ne '') && ($fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP')){ + $errormessage.=$Lang::tr{'fwdfw err prot_port1'}; + return; + } + #when icmp selected, no targetport allowed + if (($fwdfwsettings{'PROT'} ne '' && $fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP' && $fwdfwsettings{'PROT'} ne 'template') && ($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq 'ON')){ + $errormessage.=$Lang::tr{'fwdfw err prot_port'}; + return; + } + #change protocol if prot not equal dest single service + if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ + foreach my $key (sort keys %customservice){ + if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){ + if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){ + $fwdfwsettings{'PROT'} = $customservice{$key}[2]; + last; } } } } - if( $fwdfwsettings{'USE_SRC_PORT'} ne 'ON' && $fwdfwsettings{'USESRV'} ne 'ON'){ - $fwdfwsettings{'PROT'}=''; - $fwdfwsettings{'TGT_PROT'}=''; + #check source and destination protocol if source manual and dest servicegroup + if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){ + $fwdfwsettings{'PROT'} = ''; + } + #ATTENTION: $fwdfwsetting{'TGT_PROT'} deprecated since 30.09.2013 + $fwdfwsettings{'TGT_PROT'}=''; #Set field empty (deprecated) + #Check ICMP Types + if ($fwdfwsettings{'PROT'} eq 'ICMP'){ + $fwdfwsettings{'USE_SRC_PORT'}=''; + $fwdfwsettings{'SRC_PORT'}=''; + #$fwdfwsettings{'USESRV'}=''; + $fwdfwsettings{'TGT_PORT'}=''; + &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); + foreach my $key (keys %icmptypes){ + if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}[1])"){ + $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]"; + } + } + }elsif($fwdfwsettings{'PROT'} eq 'GRE'){ + $fwdfwsettings{'USE_SRC_PORT'}=''; + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'ICMP_TYPES'}=''; + $fwdfwsettings{'USESRV'}=''; + $fwdfwsettings{'TGT_PORT'}=''; + }elsif($fwdfwsettings{'PROT'} eq 'ESP'){ + $fwdfwsettings{'USE_SRC_PORT'}=''; + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'ICMP_TYPES'}=''; + $fwdfwsettings{'USESRV'}=''; + $fwdfwsettings{'TGT_PORT'}=''; + }elsif($fwdfwsettings{'PROT'} eq 'AH'){ + $fwdfwsettings{'USE_SRC_PORT'}=''; + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'ICMP_TYPES'}=''; + $fwdfwsettings{'USESRV'}=''; + $fwdfwsettings{'TGT_PORT'}=''; + }elsif($fwdfwsettings{'PROT'} eq 'IGMP'){ + $fwdfwsettings{'USE_SRC_PORT'}=''; + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'ICMP_TYPES'}=''; + $fwdfwsettings{'USESRV'}=''; + $fwdfwsettings{'TGT_PORT'}=''; + }elsif($fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP' && $fwdfwsettings{'PROT'} ne 'ICMP'){ + $fwdfwsettings{'ICMP_TYPES'}=''; + $fwdfwsettings{'PROT'} = ''; + }elsif($fwdfwsettings{'PROT'} ne 'ICMP'){ + $fwdfwsettings{'ICMP_TYPES'}=''; } } sub checkcounter @@ -911,7 +1008,7 @@ sub deleterule delete $delhash{$last_key}; &General::writehasharray($fwdfwsettings{'config'}, \%delhash); - &rules; + &General::firewall_config_changed(); if($fwdfwsettings{'nobase'} ne 'on'){ &base; @@ -927,7 +1024,7 @@ sub disable_rule } } &General::writehasharray("$configfwdfw", \%configfwdfw); - &rules; + &General::firewall_config_changed(); } sub dec_counter { @@ -1158,7 +1255,7 @@ sub getsrcport { my %hash=%{(shift)}; my $key=shift; - if($hash{$key}[7] eq 'ON' && $hash{$key}[8] ne '' && $hash{$key}[10]){ + if($hash{$key}[7] eq 'ON' && $hash{$key}[10]){ $hash{$key}[10]=~ s/\|/,/g; print": $hash{$key}[10]"; }elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){ @@ -1188,8 +1285,6 @@ sub gettgtport if($service){ print": $service"; } - }elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){ - print":
$hash{$key}[13]"; } } sub get_serviceports @@ -1226,7 +1321,7 @@ sub get_serviceports } } if($tcp && $udp && $icmp){ - push (@protocols,"All"); + push (@protocols,"TCP,UDP,
ICMP"); return @protocols; } if($tcp){ @@ -1527,10 +1622,10 @@ sub newrule } } &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'}); - print "
"; &Header::closebox(); &Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'}); #------SOURCE------------------------------------------------------- + print ""; print< $Lang::tr{'fwdfw sourceip'}Firewall @@ -1541,7 +1636,6 @@ END print "" if (&Header::orange_used()); print "" if (&Header::blue_used()); print "